From: brett spunt (bspunt_2000@yahoo.com)
Date: Sun Aug 24 2008 - 21:23:24 ART
No actually the trust-device puts a condition to trust a cisco phone (using CDP) based only if you have trust cos or trust dscp..
The switchport extend priority would tell the IP Phone to "not" trust the packets it receives from the PC connected to the phone...I might not have explained that correctly before..
so, trust cos and extend priority is a correct answer....
trust-device, as stated, is so you can't bypass the phone, plug directly into the switch, and make use of the high priority queue..
___________________________________
Brett Michael Spunt, CCIE No. 12745
Senior Consultant
Convergence Practice, AT&T Consulting
http://www.att.com/consulting
Bs3757@att.com
Your world. Delivered.
--- On Sun, 8/24/08, Hobbs <deadheadblues@gmail.com> wrote:
> From: Hobbs <deadheadblues@gmail.com>
> Subject: Re: mls qos trust device cisco-phone -vs- mls qos trust cos
> To: "GS CCIE-Lab" <ccielab@groupstudy.com>
> Date: Sunday, August 24, 2008, 3:20 PM
> Thank you both for the information. From what I understand
> now "trust
> device" just puts a condition on whether to trust the
> cos or not.
>
> The thing about the solution guide is that it doesn't
> have "trust device"
> just "mls qos trust cos" and "switchport
> priority extend cos 1" to remark PC
> traffic.
>
> So I would say that "mls qos trust device" does
> not require "mls qos trust
> cos". "mls qos trust device" is used so that
> a user can't plug the pc into
> the port and send high priority traffic.
>
> Since the task explicitly stated "7960 phone" I
> thought that's what they
> were hinting at, but it appears not. But, it also seems
> either solution will
> work.
>
>
> On Sun, Aug 24, 2008 at 3:28 PM, Joseph Brunner
> <joe@affirmedsystems.com>wrote:
>
> > Thanks brent...
> >
> > So the mls qos trust device has no effect WITHOUT the
> MLS qos cos trust
> > command?
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> > brett spunt
> > Sent: Sunday, August 24, 2008 5:22 PM
> > To: GS CCIE-Lab; Hobbs
> > Subject: Re: mls qos trust device cisco-phone -vs- mls
> qos trust cos
> >
> > Hobbs,
> >
> > There is a difference. Trust cos does just
> that...trust's cos of incoming
> > packets to that port.
> >
> > "mls qos trust device cisco-phone" enables a
> "trusted boundary feature",
> > similiar to the command "switchport priority
> extend cos #", except it only
> > trusts the cos values if the first connected device is
> an IP Phone. (if
> > trust cos is enabled ALSO)
> >
> > You need both to accomplish both (trusted boundary and
> trust cos values)
> > but
> > you only need mls qos trust cos to trust the cos value
> of the phone. that
> > would accomplish the criteria...
> >
> > see this link
> >
> >
> >
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
> > 2.2_25_sed/configuration/guide/swqos.html#wp1229179
> >
> > plus I pasted info directly into this email from this
> link...
> >
> > Configuring a Trusted Boundary to Ensure Port Security
> :
> >
> > "mls qos trust device cisco-phone"
> >
> > In a typical network, you connect a Cisco IP Phone to
> a switch port, as
> > shown in Figure 32-12, and cascade devices that
> generate data packets from
> > the back of the telephone. The Cisco IP Phone
> guarantees the voice quality
> > through a shared data link by marking the CoS level of
> the voice packets as
> > high priority (CoS = 5) and by marking the data
> packets as low priority
> > (CoS
> > = 0). Traffic sent from the telephone to the switch is
> typically marked
> > with
> > a tag that uses the 802.1Q header. The header contains
> the VLAN information
> > and the class of service (CoS) 3-bit field, which is
> the priority of the
> > packet.
> >
> > For most Cisco IP Phone configurations, the traffic
> sent from the telephone
> > to the switch should be trusted to ensure that voice
> traffic is properly
> > prioritized over other types of traffic in the
> network. By using the mls
> > qos
> > trust cos interface configuration command, you
> configure the switch port to
> > which the telephone is connected to trust the CoS
> labels of all traffic
> > received on that port. Use the mls qos trust dscp
> interface configuration
> > command to configure a routed port to which the
> telephone is connected to
> > trust the DSCP labels of all traffic received on that
> port.
> >
> > With the trusted setting, you also can use the trusted
> boundary feature to
> > prevent misuse of a high-priority queue if a user
> bypasses the telephone
> > and
> > connects the PC directly to the switch. Without
> trusted boundary, the CoS
> > labels generated by the PC are trusted by the switch
> (because of the
> > trusted
> > CoS setting). By contrast, trusted boundary uses CDP
> to detect the presence
> > of a Cisco IP Phone (such as the Cisco IP Phone 7910,
> 7935, 7940, and 7960)
> > on a switch port. If the telephone is not detected,
> the trusted boundary
> > feature disables the trusted setting on the switch
> port and prevents misuse
> > of a high-priority queue. Note that the trusted
> boundary feature is not
> > effective if the PC and Cisco IP Phone are connected
> to a hub that is
> > connected to the switch.
> >
> > In some situations, you can prevent a PC connected to
> the Cisco IP Phone
> > from taking advantage of a high-priority data queue.
> You can use the
> > switchport priority extend cos interface configuration
> command to configure
> > the telephone through the switch CLI to override the
> priority of the
> > traffic
> > received from the PC.
> >
> > Beginning in privileged EXEC mode, follow these steps
> to enable trusted
> > boundary on a port:
> >
> >
> > ___________________________________
> > Brett Michael Spunt, CCIE No. 12745
> > Senior Consultant
> > Convergence Practice, AT&T Consulting
> > http://www.att.com/consulting
> > Bs3757@att.com
> > Your world. Delivered.
> >
> >
> >
> > --- On Sun, 8/24/08, Hobbs
> <deadheadblues@gmail.com> wrote:
> >
> > > From: Hobbs <deadheadblues@gmail.com>
> > > Subject: mls qos trust device cisco-phone -vs-
> mls qos trust cos
> > > To: "GS CCIE-Lab"
> <ccielab@groupstudy.com>
> > > Date: Sunday, August 24, 2008, 1:00 PM
> > > Hello,
> > >
> > > I had a task that states the there are 7960 ip
> phones
> > > connected to a
> > > switchport and the phone's cos value (cos 5)
> must be
> > > trusted. I used the
> > > command:
> > >
> > > int f0/7
> > > mls qos trust device cisco-phone
> > >
> > > but the answer had:
> > >
> > > int f0.7
> > > mls qos trust cos
> > >
> > > I have 4 questions:
> > >
> > > In this scenario, is there a difference between
> these two
> > > commands?
> > > Are both enabling trust of the phones cos value?
> > > Does the "trust device" require the
> "trust
> > > cos" command to take effect?
> > > Consider if you are also using "switchport
> priority
> > > extend cos #" command,
> > > does either option still work as normal?
> > >
> > > here is the doccd reference and it seems both
> would do the
> > > trick.
> > >
> >
> >
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
> > 2.2_44_se/command/reference/cli1.html#wp2331034
> > >
> > > thank you,
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART