RE: mls qos trust device cisco-phone -vs- mls qos trust cos

From: brett spunt (bspunt_2000@yahoo.com)
Date: Sun Aug 24 2008 - 20:58:27 ART

• Next message: brett spunt: "Re: mls qos trust device cisco-phone -vs- mls qos trust cos"
• Previous message: Michael Permoda: "RE: Matching Real-time traffic"
• Maybe in reply to: Hobbs: "mls qos trust device cisco-phone -vs- mls qos trust cos"
• Next in thread: brett spunt: "Re: mls qos trust device cisco-phone -vs- mls qos trust cos"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Right...

I always use the "auto qos" feature which enables your mls qos global commands and at the port level enables mls qos trust cos and trust device cisco-phone....plus you get portfast enabled as well..

Then, for switch to switch trunks, you can enable auto qos voip trust..

then just tweak your cos-dscp maps and dscp-cos egress maps accordingly...(depends on your environment)

___________________________________
Brett Michael Spunt, CCIE No. 12745
Senior Consultant
Convergence Practice, AT&T Consulting
http://www.att.com/consulting
Bs3757@att.com
Your world. Delivered.

--- On Sun, 8/24/08, Joseph Brunner <joe@affirmedsystems.com> wrote:

> From: Joseph Brunner <joe@affirmedsystems.com>
> Subject: RE: mls qos trust device cisco-phone -vs- mls qos trust cos
> To: "'brett spunt'" <bspunt_2000@yahoo.com>, "'GS CCIE-Lab'" <ccielab@groupstudy.com>, "'Hobbs'" <deadheadblues@gmail.com>
> Date: Sunday, August 24, 2008, 2:28 PM
> Thanks brent...
>
> So the mls qos trust device has no effect WITHOUT the MLS
> qos cos trust
> command?
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> On Behalf Of
> brett spunt
> Sent: Sunday, August 24, 2008 5:22 PM
> To: GS CCIE-Lab; Hobbs
> Subject: Re: mls qos trust device cisco-phone -vs- mls qos
> trust cos
>
> Hobbs,
>
> There is a difference. Trust cos does just
> that...trust's cos of incoming
> packets to that port.
>
> "mls qos trust device cisco-phone" enables a
> "trusted boundary feature",
> similiar to the command "switchport priority extend
> cos #", except it only
> trusts the cos values if the first connected device is an
> IP Phone. (if
> trust cos is enabled ALSO)
>
> You need both to accomplish both (trusted boundary and
> trust cos values) but
> you only need mls qos trust cos to trust the cos value of
> the phone. that
> would accomplish the criteria...
>
> see this link
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
> 2.2_25_sed/configuration/guide/swqos.html#wp1229179
>
> plus I pasted info directly into this email from this
> link...
>
> Configuring a Trusted Boundary to Ensure Port Security :
>
> "mls qos trust device cisco-phone"
>
> In a typical network, you connect a Cisco IP Phone to a
> switch port, as
> shown in Figure 32-12, and cascade devices that generate
> data packets from
> the back of the telephone. The Cisco IP Phone guarantees
> the voice quality
> through a shared data link by marking the CoS level of the
> voice packets as
> high priority (CoS = 5) and by marking the data packets as
> low priority (CoS
> = 0). Traffic sent from the telephone to the switch is
> typically marked with
> a tag that uses the 802.1Q header. The header contains the
> VLAN information
> and the class of service (CoS) 3-bit field, which is the
> priority of the
> packet.
>
> For most Cisco IP Phone configurations, the traffic sent
> from the telephone
> to the switch should be trusted to ensure that voice
> traffic is properly
> prioritized over other types of traffic in the network. By
> using the mls qos
> trust cos interface configuration command, you configure
> the switch port to
> which the telephone is connected to trust the CoS labels of
> all traffic
> received on that port. Use the mls qos trust dscp interface
> configuration
> command to configure a routed port to which the telephone
> is connected to
> trust the DSCP labels of all traffic received on that port.
>
>
> With the trusted setting, you also can use the trusted
> boundary feature to
> prevent misuse of a high-priority queue if a user bypasses
> the telephone and
> connects the PC directly to the switch. Without trusted
> boundary, the CoS
> labels generated by the PC are trusted by the switch
> (because of the trusted
> CoS setting). By contrast, trusted boundary uses CDP to
> detect the presence
> of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935,
> 7940, and 7960)
> on a switch port. If the telephone is not detected, the
> trusted boundary
> feature disables the trusted setting on the switch port and
> prevents misuse
> of a high-priority queue. Note that the trusted boundary
> feature is not
> effective if the PC and Cisco IP Phone are connected to a
> hub that is
> connected to the switch.
>
> In some situations, you can prevent a PC connected to the
> Cisco IP Phone
> from taking advantage of a high-priority data queue. You
> can use the
> switchport priority extend cos interface configuration
> command to configure
> the telephone through the switch CLI to override the
> priority of the traffic
> received from the PC.
>
> Beginning in privileged EXEC mode, follow these steps to
> enable trusted
> boundary on a port:
>
>
> ___________________________________
> Brett Michael Spunt, CCIE No. 12745
> Senior Consultant
> Convergence Practice, AT&T Consulting
> http://www.att.com/consulting
> Bs3757@att.com
> Your world. Delivered.
>
>
>
> --- On Sun, 8/24/08, Hobbs <deadheadblues@gmail.com>
> wrote:
>
> > From: Hobbs <deadheadblues@gmail.com>
> > Subject: mls qos trust device cisco-phone -vs- mls qos
> trust cos
> > To: "GS CCIE-Lab"
> <ccielab@groupstudy.com>
> > Date: Sunday, August 24, 2008, 1:00 PM
> > Hello,
> >
> > I had a task that states the there are 7960 ip phones
> > connected to a
> > switchport and the phone's cos value (cos 5) must
> be
> > trusted. I used the
> > command:
> >
> > int f0/7
> > mls qos trust device cisco-phone
> >
> > but the answer had:
> >
> > int f0.7
> > mls qos trust cos
> >
> > I have 4 questions:
> >
> > In this scenario, is there a difference between these
> two
> > commands?
> > Are both enabling trust of the phones cos value?
> > Does the "trust device" require the
> "trust
> > cos" command to take effect?
> > Consider if you are also using "switchport
> priority
> > extend cos #" command,
> > does either option still work as normal?
> >
> > here is the doccd reference and it seems both would do
> the
> > trick.
> >
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
> 2.2_44_se/command/reference/cli1.html#wp2331034
> >
> > thank you,
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: brett spunt: "Re: mls qos trust device cisco-phone -vs- mls qos trust cos"
• Previous message: Michael Permoda: "RE: Matching Real-time traffic"
• Maybe in reply to: Hobbs: "mls qos trust device cisco-phone -vs- mls qos trust cos"
• Next in thread: brett spunt: "Re: mls qos trust device cisco-phone -vs- mls qos trust cos"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART