Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
WOW, this is what I call a serious investigation :) Thanks for this interesting input. This confirms my observations. In your opinion, what would be the results in such scenario: 1) conditional trust configured on the switch port: mls qos trust device cisco+ mls qos trust dscp 2) IP phone connected to the switchport 3) PC connected to IP phone 4) PC tags all traffic it sends with EF Documentation says: *mls qos trust dscp - *Classify an ingress packet by using the packet DSCP value (most significant 6 bits of 8-bit service-type field). For a non-IP packet, the packet CoS is used if the packet is tagged. For an untagged packet, the default port CoS value is used. I'd say that since the PC sends untagged traffic, its markings would be ignored. switchport's mls qos cos VALUE setting would be use to override non-existing COS and finally COS-to-DSCP map applied to decide about final DSCP marking for such packet. do you agree? regards kobel On Sat, Jan 29, 2011 at 16:41, Friderich Claude cfrider...@netcore.luwrote: Hi Miron, I have made some tests regarding your statements. I have a 3750 switch version 12.2(44)SE6. - Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1) *As Roger said, QoS SRND is outdated.* I have configured the port 14 as below : switchport access vlan 30 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust dscp auto qos voip cisco-phone spanning-tree portfast service-policy input AutoQoS-Police-CiscoPhone I put my PC on this port and as you can see below the port is not trusted thanks to the mls qos trust device Cisco-phone My service-policy and mls qos trust cmd are still there even after rebooting the switch. HQ-3750#show mls qos interface giga 1/0/14 GigabitEthernet1/0/14 Attached policy-map for Ingress: AutoQoS-Police-CiscoPhone trust state: not trusted trust mode: trust dscp trust enabled flag: dis COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map Trust device: cisco-phone qos mode: port-based *In this case*, I just trust DSCP without mls qos trust device Cisco-phone As you can see, the port is trusted as I put my PC on this interface. interface GigabitEthernet1/0/12 description LapTop VMWare switchport access vlan 30 switchport mode access mls qos trust dscp spanning-tree portfast HQ-3750#show mls qos interface giga 1/0/12 GigabitEthernet1/0/12 trust state: trust dscp trust mode: trust dscp trust enabled flag: ena COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map Trust device: none qos mode: port-based So to resume, service-policy and mls qos trust device Cisco-phone can be configured together without removing mls qos trust command as you put the service-policy command. Reboot the switch, same config still there, no modifications. As we trust dscp, a rogue PC is not going to be trusted if you put the mls qos trust device cisco-phone. (and this cmd is not removed J). So I think this is what you(we) expect, isn’t it ? Best Regards, Claude. *Claude Friderich* *PreSales Support* *[image: ccvp_voice_sm]*** *NETCORE PSF S.A.*** 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski *Sent:* jeudi 27 janvier 2011 19:49 *To:* Roger Källberg *Cc:* ccie_voice@onlinestudylist.com *Subject:* Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port Thanks Roger, I need to check this in my lab. Have you tried to save the config and reload the switch to see if this configuration persists? Any idea since which IOS version this is possible? Is it available in the 3750 software used in the actual lab (version is not under NDA?) regards kobel 2011/1/27 Roger Källberg roger.kallb...@cygate.se Hi Kobel, I belive that the QoS SRND have it wrong, or at least is outdated, in this case. I used this configuration on PL's 3750 during my study for the lab. class-map match-all MGCP match access-group 101 class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 ! ! policy-map Police-MGCP class MGCP set dscp cs3 police 16000 8000 exceed-action policed-dscp-transmit policy-map AutoQoS-Police-CiscoPhone class AutoQoS-VoIP-RTP-Trust set dscp ef police 32 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust set dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit ! interface FastEthernet1/0/1 switchport trunk
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
Hi Steve, thanks for confirmation. regards kobel On Wed, Jan 26, 2011 at 23:05, Steve Denney (stdenney) stden...@cisco.comwrote: To answer your second question - the Enterprise QoS SRND is here: http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html AFAIK it’s not accessible via the support URL available to you in the lab ( http://www.cisco.com/cisco/web/psa/default.html) – which is why they give you a pdf copy on the candidate desktop. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using switchport priority extend command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel On Thu, Jan 27, 2011 at 00:15, matt...@ciscovoiceguru.com matt...@ciscovoiceguru.com wrote: If you set mls qos trust cos then CoS markings will be preserved; however, any DSCP marking will be written to 0. The same holds true for mls qos trust dscp. Any packet entering the switch with a CoS marking will be written to 0. That is why you have cos-to-dscp and dscp-to-cos mappings. This allows the packet to essentially become a blank slate, delete L2/L3 QoS values, and remap them. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
Thanks Roger, I need to check this in my lab. Have you tried to save the config and reload the switch to see if this configuration persists? Any idea since which IOS version this is possible? Is it available in the 3750 software used in the actual lab (version is not under NDA?) regards kobel 2011/1/27 Roger Källberg roger.kallb...@cygate.se Hi Kobel, I belive that the QoS SRND have it wrong, or at least is outdated, in this case. I used this configuration on PL's 3750 during my study for the lab. class-map match-all MGCP match access-group 101 class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 ! ! policy-map Police-MGCP class MGCP set dscp cs3 police 16000 8000 exceed-action policed-dscp-transmit policy-map AutoQoS-Police-CiscoPhone class AutoQoS-VoIP-RTP-Trust set dscp ef police 32 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust set dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit ! interface FastEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk speed 100 duplex full srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust service-policy input Police-MGCP ! interface FastEthernet1/0/2 switchport access vlan 10 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone spanning-tree portfast service-policy input AutoQoS-Police-CiscoPhone ! access-list 101 permit udp any any eq 2427 access-list 101 permit udp any eq 2427 any access-list 101 permit tcp any any eq 2428 access-list 101 permit tcp any eq 2428 any As you can see it has both mls qos trust cos and service-policy input AutoQoS-Police-CiscoPhone or mls qos trust dscp and service-policy input Police-MGCP attached to the same interface, and this works as expected. This can also be seen in vol2 PG for the labs that has this requirement. Sincerely *Roger Källberg* CCIE #26199 (Voice) Consultant Cygate AB Eric Perssons väg 21, SE-217 62 MALMÖ -- *Från:* Miron Kobelski [findko...@gmail.com] *Skickat:* den 26 januari 2011 19:07 *Till:* ccie_voice@onlinestudylist.com *Ämne:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
After refering to documentation: *mls qos trust dscp* Classify an ingress packet by using the packet DSCP value (most significant 6 bits of 8-bit service-type field). For a non-IP packet, the packet CoS is used if the packet is tagged. For an untagged packet, the default port CoS value is used. So: mls qos trust device cisco-phone mls qos trust dscp should trust DSCP sent by IP phone, but remark everything from the PC (native vlan) to 0 by default or whatever is configured with mls qos cos X Comments apprieciated ;) kobel On Thu, Jan 27, 2011 at 19:46, Miron Kobelski findko...@gmail.com wrote: Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using switchport priority extend command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel On Thu, Jan 27, 2011 at 00:15, matt...@ciscovoiceguru.com matt...@ciscovoiceguru.com wrote: If you set mls qos trust cos then CoS markings will be preserved; however, any DSCP marking will be written to 0. The same holds true for mls qos trust dscp. Any packet entering the switch with a CoS marking will be written to 0. That is why you have cos-to-dscp and dscp-to-cos mappings. This allows the packet to essentially become a blank slate, delete L2/L3 QoS values, and remap them. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos
Hey Roberto, I haven't read the whole thread so I may be irrelevant here but if you want to match RTP packets your access list 125 should be udp instead of tcp. cheers. Romain On Thu, Jan 27, 2011 at 6:23 PM, Roberto Reyes Alanis rre...@plannet.com.mx wrote: We need remember that we can use ACL for marking, and we can classify the traffic that come from IP Phones (voice vlan), and traffic that come from PC (data vlan), and trust or remark inside of policy map, and also I think that the answer is the match-all of the class map. For example: Voice vlan 192.168.1.0 Data Vlan 192.168.2.0 If you Want differentiation over RTP packet, you can configure something like this. access-list 125 permit tcp any range 16384 32767 any access-list 125 permit tcp any any range 16384 32767 access-list 126 permit ip 192.168.1.0 0.0.0.255 any access-list 126 permit ip any 192.168.1.0 0.0.0.255 access-list 127 permit ip 192.168.2.0 0.0.0.255 any access-list 127 permit ip any 192.168.2.0 0.0.0.255 class-map match-all RTP-Phones match access-group 125 match access-group 126 class-map match-all RTP-PC match access-group 125 match access-group 126 policy-map Voice class RTP-Phones set dscp ef class RTP-PC set dscp AF11 And you know the rest… _ Greetings Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using switchport priority extend command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel _ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
Correct me if I'm wrong, isn't trusting the ports setting the ingress and service policy is setting on egress? duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote: Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
On your other question, the qos srnd is placed on the desktop. duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:32 PM, ccieid1ot ccieid...@gmail.com wrote: Correct me if I'm wrong, isn't trusting the ports setting the ingress and service policy is setting on egress? duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote: Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
I agree that QoS SRND should be available on desktop, but it bothers me that I don't know how to find it on cisco.com... On switch you configure service policy for ingress: https://tools.cisco.com/Support/CLILookup/cltSearchAction.do?AT=gDBM=tCN=%22service-policy%22IndexOptionId=All%20index%20OPtionsIndexId=Catalyst service-policy Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a port. Use the no form of this command to remove the policy map and port association. regards kobel On Wed, Jan 26, 2011 at 20:32, ccieid1ot ccieid...@gmail.com wrote: Correct me if I'm wrong, isn't trusting the ports setting the ingress and service policy is setting on egress? duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote: Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
With your configuration you would trust ANY dscp marking received from the IP phone port. No matter if it was sent by cisco ip phone or a rogue PC behind it. You loose the benefit of conditional trust boundary... I suspect that these tasks are contradictory. regards kobel On Wed, Jan 26, 2011 at 21:28, Friderich Claude cfrider...@netcore.luwrote: Hello Miron, I agree with you and the same remark in the attached file p.4 You can use either one of these three methods. You cannot use more than one method in a port. For example, you have configured the mls qos trust cos command on a port. When you configure the port with the service−policy input policy−map−name command, it removes the mls qos trust cos command automatically. I think we have to put the service-policy input policy-map with the following class-map in this policy-map policy-map myname class myname trust dscp and create the class before with a match ip dscp ef My opinion …. But remarks appreciated J Regards Claude *Claude Friderich* *PreSales Support* *[image: ccvp_voice_sm]*** *NETCORE PSF S.A.*** 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski *Sent:* mercredi 26 janvier 2011 19:07 *To:* ccie_voice@onlinestudylist.com *Subject:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel -- This email was Anti Virus checked. image001.gif___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
But giving it a second thought... If you have mls qos trust device cisco-phone on the same port there is a chance it could work as you expect. But I'd believe it, if I saw this in cisco docs :) On Wed, Jan 26, 2011 at 21:31, Miron Kobelski findko...@gmail.com wrote: With your configuration you would trust ANY dscp marking received from the IP phone port. No matter if it was sent by cisco ip phone or a rogue PC behind it. You loose the benefit of conditional trust boundary... I suspect that these tasks are contradictory. regards kobel On Wed, Jan 26, 2011 at 21:28, Friderich Claude cfrider...@netcore.luwrote: Hello Miron, I agree with you and the same remark in the attached file p.4 You can use either one of these three methods. You cannot use more than one method in a port. For example, you have configured the mls qos trust cos command on a port. When you configure the port with the service−policy input policy−map−name command, it removes the mls qos trust cos command automatically. I think we have to put the service-policy input policy-map with the following class-map in this policy-map policy-map myname class myname trust dscp and create the class before with a match ip dscp ef My opinion …. But remarks appreciated J Regards Claude *Claude Friderich* *PreSales Support* *[image: ccvp_voice_sm]*** *NETCORE PSF S.A.*** 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski *Sent:* mercredi 26 janvier 2011 19:07 *To:* ccie_voice@onlinestudylist.com *Subject:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel -- This email was Anti Virus checked. image001.gif___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
To answer your second question - the Enterprise QoS SRND is here: http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html AFAIK it’s not accessible via the support URL available to you in the lab (http://www.cisco.com/cisco/web/psa/default.html) – which is why they give you a pdf copy on the candidate desktop. cheers, sd From: ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of Miron Kobelski Sent: Wednesday, January 26, 2011 1:07 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
If you set mls qos trust cos then CoS markings will be preserved; however, any DSCP marking will be written to 0. The same holds true for mls qos trust dscp. Any packet entering the switch with a CoS marking will be written to 0. That is why you have cos-to-dscp and dscp-to-cos mappings. This allows the packet to essentially become a blank slate, delete L2/L3 QoS values, and remap them. Matthew Berry, CCIE #26721 Email: matt...@ciscovoiceguru.com Twitter: http://twitter.com/CiscoVoiceGuru Blog: http://ciscovoiceguru.com On Jan 26, 2011, at 2:57 PM, Miron Kobelski wrote: Now I'm not sure any longer ;) when you have on a switch port: mls qos trust device cisco-phone mls qos trust cos the COS sent by phone is trusted, PC COS markings are trusted or not depending on switchport priority extend command. But I have no idea how it behaves when DSCP markings are conditionally trusted, as switchport priority extends' seem to work only with COS. Any ideas? It's late here, I will try to read some docs about this tommorow. regards kobel On Wed, Jan 26, 2011 at 21:46, Friderich Claude cfrider...@netcore.lu wrote: OK So you mean that with mls qos trust dscp, all traffic form pc port is going to be marked to dscp 0 and should be a better solution for a rogue device behind the phone … correct me if I’m wrong … Regards Claude. Claude Friderich PreSales Support image001.gif NETCORE PSF S.A. 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
