From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Aug 24 2008 - 18:28:16 ART
Thanks brent...
So the mls qos trust device has no effect WITHOUT the MLS qos cos trust
command?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
brett spunt
Sent: Sunday, August 24, 2008 5:22 PM
To: GS CCIE-Lab; Hobbs
Subject: Re: mls qos trust device cisco-phone -vs- mls qos trust cos
Hobbs,
There is a difference. Trust cos does just that...trust's cos of incoming
packets to that port.
"mls qos trust device cisco-phone" enables a "trusted boundary feature",
similiar to the command "switchport priority extend cos #", except it only
trusts the cos values if the first connected device is an IP Phone. (if
trust cos is enabled ALSO)
You need both to accomplish both (trusted boundary and trust cos values) but
you only need mls qos trust cos to trust the cos value of the phone. that
would accomplish the criteria...
see this link
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
2.2_25_sed/configuration/guide/swqos.html#wp1229179
plus I pasted info directly into this email from this link...
Configuring a Trusted Boundary to Ensure Port Security :
"mls qos trust device cisco-phone"
In a typical network, you connect a Cisco IP Phone to a switch port, as
shown in Figure 32-12, and cascade devices that generate data packets from
the back of the telephone. The Cisco IP Phone guarantees the voice quality
through a shared data link by marking the CoS level of the voice packets as
high priority (CoS = 5) and by marking the data packets as low priority (CoS
= 0). Traffic sent from the telephone to the switch is typically marked with
a tag that uses the 802.1Q header. The header contains the VLAN information
and the class of service (CoS) 3-bit field, which is the priority of the
packet.
For most Cisco IP Phone configurations, the traffic sent from the telephone
to the switch should be trusted to ensure that voice traffic is properly
prioritized over other types of traffic in the network. By using the mls qos
trust cos interface configuration command, you configure the switch port to
which the telephone is connected to trust the CoS labels of all traffic
received on that port. Use the mls qos trust dscp interface configuration
command to configure a routed port to which the telephone is connected to
trust the DSCP labels of all traffic received on that port.
With the trusted setting, you also can use the trusted boundary feature to
prevent misuse of a high-priority queue if a user bypasses the telephone and
connects the PC directly to the switch. Without trusted boundary, the CoS
labels generated by the PC are trusted by the switch (because of the trusted
CoS setting). By contrast, trusted boundary uses CDP to detect the presence
of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960)
on a switch port. If the telephone is not detected, the trusted boundary
feature disables the trusted setting on the switch port and prevents misuse
of a high-priority queue. Note that the trusted boundary feature is not
effective if the PC and Cisco IP Phone are connected to a hub that is
connected to the switch.
In some situations, you can prevent a PC connected to the Cisco IP Phone
from taking advantage of a high-priority data queue. You can use the
switchport priority extend cos interface configuration command to configure
the telephone through the switch CLI to override the priority of the traffic
received from the PC.
Beginning in privileged EXEC mode, follow these steps to enable trusted
boundary on a port:
___________________________________
Brett Michael Spunt, CCIE No. 12745
Senior Consultant
Convergence Practice, AT&T Consulting
http://www.att.com/consulting
Bs3757@att.com
Your world. Delivered.
--- On Sun, 8/24/08, Hobbs <deadheadblues@gmail.com> wrote:
> From: Hobbs <deadheadblues@gmail.com>
> Subject: mls qos trust device cisco-phone -vs- mls qos trust cos
> To: "GS CCIE-Lab" <ccielab@groupstudy.com>
> Date: Sunday, August 24, 2008, 1:00 PM
> Hello,
>
> I had a task that states the there are 7960 ip phones
> connected to a
> switchport and the phone's cos value (cos 5) must be
> trusted. I used the
> command:
>
> int f0/7
> mls qos trust device cisco-phone
>
> but the answer had:
>
> int f0.7
> mls qos trust cos
>
> I have 4 questions:
>
> In this scenario, is there a difference between these two
> commands?
> Are both enabling trust of the phones cos value?
> Does the "trust device" require the "trust
> cos" command to take effect?
> Consider if you are also using "switchport priority
> extend cos #" command,
> does either option still work as normal?
>
> here is the doccd reference and it seems both would do the
> trick.
>
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
2.2_44_se/command/reference/cli1.html#wp2331034
>
> thank you,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART