From: Rookie Ccie (rookie.ccie@gmail.com)
Date: Wed Jan 14 2009 - 17:18:37 ARST
Hi,
Thanks for your replies. I did some digging, and found that 3750 and 3560
supports port trust states with policy-maps in IOS 12.2(40) and later.
What I want to know is if I use "mls qos trust device cisco-phone" and apply
a policy-map remarking certain traffic coming from the PC, will it work as
below
1. mls qos trust device cisco-phone
mls qos trust cos
The switch will trust cos, only if an IP phone is connected
2. policy-map TEST (to mark http traffic comming from PC)
class TEST
set dscp af31
Switch will mark untrusted PC http traffic, other traffic will be cos/dscp 0
I want to use the trust boundary and data traffic classification, will this
work ?
Rgds
On Fri, Jan 9, 2009 at 2:10 AM, Tyson Scott <tscott@ipexpert.com> wrote:
> Rookie,
>
> Based on your question I would state the policy map will not match dscp
> packets from the PC except dscp 0 or cos 0 ;).
>
> Here is the output for what you have stated
>
> SW4#show mls qos interface f0/3
> FastEthernet0/3
> trust state: not trusted
> trust mode: trust dscp
> trust enabled flag: dis
> COS override: dis
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> Trust device: cisco-phone
> qos mode: port-based
>
> As you can see the state of the port is untrusted. If you want to trust
> QoS
> marking from both the phone and PC just do "mls qos trust" on the
> interface.
>
> SW4(config-if)#mls qos trust
> SW4(config-if)#do sh mls qos int f0/3
> FastEthernet0/3
> trust state: trust dscp
> trust mode: trust dscp
> trust enabled flag: ena
> COS override: dis
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> Trust device: none
> qos mode: port-based
>
> SW4(config-if)#
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S and Security
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
> Cell: +1.248.504.7309
> Fax: +1.810.454.0130
> Mailto: tscott@ipexpert.com
>
> Join our free online support and peer group communities:
> http://www.IPexpert.com/communities <http://www.ipexpert.com/communities>
>
> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On
> Demand
> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage
> Lab Certifications.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Rookie Ccie
> Sent: Thursday, January 08, 2009 3:31 PM
> To: ccielab@groupstudy.com
> Subject: QOS Trust Boundry
>
> Dear Experts,
>
> If I enable cat qos trust boundary feature on a 3560 using *mls qos trust
> device cisco-phone* command and enable an inbound policy map (to match
> specific PC traffic) on the same interface, what will be the behaviour ?
>
> Rgds
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:37 ARST