Cisco 3560 switch| mls qos trust dscp question

Hi everybody
Hi everybody .
Please consider the following example:
3560 sw f1/1--------trunk---SW2
3560 sw
f1/1
mls qos trust dscp
3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
1) will it use its default cos --dscp map  ( cos 4--.dscp 32) and rewrite 32 in dscp field  of the packet in the frame and provide PHB for dscp 32 ?
Much appreciated!!
Have  a great weekend.

Hi
No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
/Mikael

Similar Messages

  • Why does mls qos trust dscp dissapear after reboot?

    The command takes but after reboot, Invlaid inputs detected show up and "mls qos tust dscp" is gone from every interface.
    Happens on both 2960-24PC-S / 2960-48PST-S switches.

    Hi,
    thanks for your reply.
    mls qos
    interface GigabitEthernet3/34
    description *** DATA VLAN 35 - VOICE VLAN 34 ***
    switchport
    switchport trunk native vlan 36
    switchport trunk allowed vlan 34,36
    switchport mode trunk
    mls qos trust dscp
    no cdp enable
    spanning-tree portfast trunk
    If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value.  If I add the mls qos command this causes the switch to set the dscp values to zero.
    Thanks again 
    ps.  there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..

  • Mls qos trust dscp??? is setting my DSCP values to zero!?

    Hi,
    I was just doing some testing to ensure that the command 'mls qos trust dscp' is working on my 6509 switches before rolling out QoS.
    Before adding any configuration I could see using wireshark that traffic from my Avaya 9608 handset was coming through with a DSCP value of 46 (as it is supposed to).
    I then added the command 'mls qos' (at global level)
    on examining the wireshark output this time, the DSCP value had been set to zero (i.e. it defaulted it to best effort)
    I then expected by adding the commmand 'mls qos trust dscp' on the interface the phone is connected to that the DSCP value would would again be left alone?
    does anybody know why this is happening?
    Many thanks in advance.
    Andy

    Hi,
    thanks for your reply.
    mls qos
    interface GigabitEthernet3/34
    description *** DATA VLAN 35 - VOICE VLAN 34 ***
    switchport
    switchport trunk native vlan 36
    switchport trunk allowed vlan 34,36
    switchport mode trunk
    mls qos trust dscp
    no cdp enable
    spanning-tree portfast trunk
    If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value.  If I add the mls qos command this causes the switch to set the dscp values to zero.
    Thanks again 
    ps.  there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..

  • "mls qos trust dscp" vs. "mls qos trust cos"

    Are these statements correct ?
    1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
    - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
    2. If using QoS profile with setting "wired qos protocol",
    - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
    - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
    3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
    4. Always use "mls qos trust dscp" on non-HREAP AP ports
    Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
    Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
    5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks

    Are these statements correct ?
    1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
      - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
    Ans: Not sure about always. you can use both 'mls qos trust dscp' and 'mls qos trust cos'. Since it is a trunk port the packets will have a cos value (802.1p tag) and hence you can trust cos. Downstream and upstream traffic both are capped to the WLAN max QoS value. for example if Wlan is set to silver, and if a packet comes in at platinum QoS, the AP will cap it to silver in upstream direction. Same holds true for a cos 5 / dscp 46 packet coming in from the wired side.
    2. If using QoS profile with setting "wired qos protocol",
      - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
      - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
    Ans:
    3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
    Ans: Traffic in both direction wil always get capped to WLAN max QoS. Untagged (802.1p = 0) traffic will be treated as best effort.
    4. Always use "mls qos trust dscp" on non-HREAP AP ports
       Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
       Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
    Ans:
    5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks
    Ans: I think on purely layer 2 switches you can trust dscp, but am not 100% sure.

  • Mls qos trust{cos/ip-precedence/dscp} command

    Hi every body!
    I have few questions
    1)
    The command " mls qos trust dscp" is only valid on mulilayer switch or it is also valid for layer 2 switch? If layer 2 switch is configured with that command, can it modify the dcsp value based on policy?
    2)is the following correct:
    switch(config-if) mls qos trust dscp
    switch will set the cos value to set default. If the default set is zero, then frame will be processed by best-effort delivery.
    But the egress-queue will be decided by dscp value in the packet. A dscp to cos map will be used to drive the cos value and then frame will be placed in the queue that corresponds to cos value.( off course if egress port is configured for trunk)
    thanks a lot and I wish America and all of you a happy new year!
    thanks a lot!

    Sarah
    1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
    "mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
    2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
    Jon

  • Mls qos trust cos vs mls qos cos in cat6k

    Hello
    I am trying to configure basic qos topology with two 6k connected to each other by the trunk port.
    According to the documentation, if I set the mls qos cos value at the interface level I should modify the default cos on it, and all packets leaving incoming to this port, should be marked with the new cos value.
    http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/24055-173.html
    Unfortunately, when I set such config, all incoming packets transmitted through this interface was tagged with cos = 0 until I set the "mls qos trust cos" on the same interface.
    Does anybody can explain to me this strange behavior?
    I would like to mention that both 6k was connected to each other with ws-x6548-GE-TX modules.
    Thank you in advance.
    Ragards
    Lukas

    Sarah
    1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
    "mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
    2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
    Jon

  • Cat3560 and Trust DSCP Question

    Hello,
    we have several Cat3560 (IOS12.2.20SE4)as pure Layer-2 Switches in use. At these Switches are IP-Phones via a dot1q trunk connected (cisco and non-cisco Phones). The phones mark their traffic with COS=5 and DSCP=46.
    Is it possible to configure a "mls qos trust dscp" at the switch-interfaces with IP-Phones, when the switchports are configured as Layer-2?
    Of course the switches should also be able to put the traffic in the different receive and transmit-queues based on the received dscp-value.
    We'd like configure QoS over our whole campus area DCSP-based and not CoS based to avoid the effort with the CoS<->DSCP mappings.
    Thanks
    HL

    Hi,
    Check if that helps.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12220se/3560scg/swqos.htm
    HTH, Please rate if it does.
    -amit singh

  • Qos trust cos or qos trust dscp?

    My core switches are a pair Cisco catalyst 4006s with a sup 4 module. The questions are:
    1. Should I use qos trust cos or qos trust dscp when setting up qos on a per port basis?
    2. Which is preferred?
    3. I have a cos to dscp mapping so does it really matter?
    Any help is greatly appreciated. I just want to make sure that I'm honoring all tags.
    Mark

    If you have ip phones connected to the switch, you can enter qos trust cos on the switch and in the router which is connected to the switch enter the command to trust the DSCP since the switch will pass the dscp information to teh router.
    http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m2.html#wp1015945

  • Mls qos VS mls qos trust

    Hello world!
    I want to enable qos on a 3560 switch,
    So, I put:
    Overall setup mode "mls qos"
    Question:
    is what it is Verily nessaiire to interface configuration mode: "mls qos trust"?
    Regards,

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    Generally, on many Catalyst switches, once you enable QoS, they will erase an ingress CoS/ToS markings unless your trust it or otherwise (i.e. policy) maintain it.
    I.e. the answer to your question is an "it depends"; but unless you want the markings reset to zero, the answer is probably yes (you want to trust).

  • QoS trust dscp or cos on catalyst 4500

    We have a 4510R with Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software cat4500e-UNIVERSALK9-M), Version 03.05.02.E RELEASE SOFTWARE (fc1).
    I want use qos trust dscp or qos trust cos on the interface conected to other cisco switch or wlan controller.
    The current IOS version, do not support qos trust dscp:
    SW(config)#interface gi10/16
    SW(config-if)#qos tr
    SW(config-if)#qos trust ?
      device  trusted device class
      extend  Extend trust through a connected device
    SW(config-if)#qos trust device ?
      cisco-phone   Cisco IP Phone
      cts           Cisco-telepresence
      ip-camera     Cisco video surveillance camera
      media-player  Cisco Digital Media Player
    SW(config-if)#qos trust device
    What is the software that I need for this?. I tried with command lookup tool but the cat4500 do not appears.

    That is even new for me.
    I did a search and found that, now a days you no longer have to provide the Trust DSCP command, it is by default trusted.
    Went through this White Paper and excerpts are below:
    http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
    The answer to your question comes from the following excerpt :-
    "Previously supervisor engines relied on “port trust” to classify traffic; however, this does not fall into the MQC CLI construct. MQC provides a more flexible capability, i.e. all traffic is trusted by default, an administrator can change this trust state using a policy map. Another difference is the “internal DSCP” value used within the switch to place packets in the proper queue.
    Cisco Catalyst 4500E Supervisor Engines do not use “internal DSCP”; rather, it relies on explicit matching of QoS values using class maps so that packets can be placed in the correct queue.
    Also, note that there is no specific priority queue: it is not queue 3 or queue 1. The priority queue is simply configured within a class; therefore, it is not tied to a specific queue. One final difference is that of classification. Cisco Catalyst 4500E Supervisor Engines provide sequential classification rather than parallel. This allows the network administrator to classify traffic at egress based on the ingress markings. These markings can be done unconditionally, using a policer or using a table map. Based on these changes, QoS CLI will now be more contiguous on the Supervisor Engines as it will now have standard Cisco MQC CLI, making configuration management much simpler"
    HTH,
    Please rate all helpful posts.
    Regards

  • Mls qos trust

    Hello, if the command 'mls qos trust xxxxx' is not issued, and qos is turned on for the interface, does this mean the switch will erase all cos and dscp markings received, therefore preventing me from testing packets/frames against these cos/dscp values ?
    So if I want to set up class maps, policy maps, and then service policies, it is essential that I:
    1. turn on mls qos ?
    2. enter a trust statement in order to preserve the cos or dscp values that I want to test against ?
    3. now I can test against against cos or dscp values ?
    Thanks for clarification.

    That is correct, when you would use for instance mls qos trust cos. You would need to define you cos<>dscp mappings on the switch and the switch will apply qos accordingly.
    So really if you have an ingress switch port and you trust cos or dscp, you can still have egress policies on a port (on the same switch), using these cos or dscp values.
    the mls qos trus command is just a way to make it easier to rely on existing cos/dscp values that a phone sends (based on your CUCM configuration,), without the need for you having to configure it explicitly on each access port.
    =============================
    Please remember to rate useful posts, by clicking on the stars below. 
    =============================

  • Ipv6 HSRP gloabl unicast address on cisco 3560 switch

    Dear Team,
    We are using cisco 3560 switch. Now we are going to implement ipv6 in our network. But we are not disturbing to existing ipv4. my question is 1) Can we confiure the global unicast ipv6 address in ipv6 HSRP and 2) can cisco 3560 switch will support ipv4 and ipv6 standby group on same SVI ?                 

    YES

  • DHCP and voice vlan on Cisco 3560 switch

    Greetings,
    I'm setting up a Cisco 3560 switch for voice and data comms. I'm looking for documentation with best practice guidelines for the following requirements.
    1. Using the Cisco 3560 as a DHCP server - Config examples.  Do I need to use different subnets for the voice and data vlans?
    2. Layer 2 CoS QoS  - I'm connecting Aastra phones as well as notebooks - I've been told that Aastra also makes use of the voice vlan config through LLDP and that Aastra phones supports CDP.
    Your assistance will be appreciated.

    Hi ,
    Cisco recommends that you have a separate vlan for  voice and data with different ip subnets for voice and data. You will need to configure the dhcp pool accordingly.
    Here is the config guide for setting up IOS DHCP server:
    http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html
    Here is the LAN qos recommendations:
    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/netstruc.html#wp1044009

  • Embeded Event Manager on cisco 3560 switch

    Can someone help me please? I have EEM configured on cisco 3560 switch. The configuration is below. I want that switch inform me through email when device with particilular IP address become unavailable. For some reason this configuration is not good and I can't tell why. I already try to debug this with debug event manager action mail but didn't see any output .
    ip sla 11
    icmp-echo ip address
    frequency 20
    ip sla schedule 11 life forever start-time now
    event manager applet device-TEST
    event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.11 get-type exact entry-op lt entry-val "2" poll-interval 20
    trigger occurs 5 period 120
    action 02.0 mail server "ip address" to "[email protected]" from "[email protected]" subject "device is down"

    The mail part looks good, I'm not sure you are hitting the trigger right.
    Why not do a track on the ip sla instead of the snmp stuff?
    Here's a good example of that.
    https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet

  • MTU Size Issue on Cisco 3560 Switch

    Could anybody tell me how to change MTU Size on a Cisco 3560 Switch.i mean to say whether it is to be changed on FastEthernet Interfaces or on VLAN 1 or on Global Configuration Mode and with which Command to change it.

    I am using MPLS on my Routers and the MTU size i have set on my Router Interfaces is 1524.
    When i do a normal ping from Customer's one site to another (where my Traffic has to pass through this Switch VLAN)i get a reply , but when a Ping with a Byte Size of 1500 or more the Packets get completely dropped.
    I think due to MTU Mistach bet. Switch and Router the Packets r getting droped,that is why i was trying to change it.
    could the Packets get dropped because of this reason.Please suggest.

Maybe you are looking for