Mls qos trust dscp??? is setting my DSCP values to zero!?

Similar Messages

• Why does mls qos trust dscp dissapear after reboot?

  The command takes but after reboot, Invlaid inputs detected show up and "mls qos tust dscp" is gone from every interface.
  Happens on both 2960-24PC-S / 2960-48PST-S switches.

  Hi,
  thanks for your reply.
  mls qos
  interface GigabitEthernet3/34
  description *** DATA VLAN 35 - VOICE VLAN 34 ***
  switchport
  switchport trunk native vlan 36
  switchport trunk allowed vlan 34,36
  switchport mode trunk
  mls qos trust dscp
  no cdp enable
  spanning-tree portfast trunk
  If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value.  If I add the mls qos command this causes the switch to set the dscp values to zero.
  Thanks again 
  ps.  there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..

• "mls qos trust dscp" vs. "mls qos trust cos"

  Are these statements correct ?
  1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
  - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
  2. If using QoS profile with setting "wired qos protocol",
  - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
  - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
  3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
  4. Always use "mls qos trust dscp" on non-HREAP AP ports
  Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
  Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
  5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks

  Are these statements correct ?
  1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
    - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
  Ans: Not sure about always. you can use both 'mls qos trust dscp' and 'mls qos trust cos'. Since it is a trunk port the packets will have a cos value (802.1p tag) and hence you can trust cos. Downstream and upstream traffic both are capped to the WLAN max QoS value. for example if Wlan is set to silver, and if a packet comes in at platinum QoS, the AP will cap it to silver in upstream direction. Same holds true for a cos 5 / dscp 46 packet coming in from the wired side.
  2. If using QoS profile with setting "wired qos protocol",
    - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
    - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
  Ans:
  3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
  Ans: Traffic in both direction wil always get capped to WLAN max QoS. Untagged (802.1p = 0) traffic will be treated as best effort.
  4. Always use "mls qos trust dscp" on non-HREAP AP ports
     Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
     Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
  Ans:
  5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks
  Ans: I think on purely layer 2 switches you can trust dscp, but am not 100% sure.

• Cisco 3560 switch| mls qos trust dscp question

  Hi everybody
  Hi everybody .
  Please consider the following example:
  3560 sw f1/1--------trunk---SW2
  3560 sw
  f1/1
  mls qos trust dscp
  3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
  1) will it use its default cos --dscp map  ( cos 4--.dscp 32) and rewrite 32 in dscp field  of the packet in the frame and provide PHB for dscp 32 ?
  Much appreciated!!
  Have  a great weekend.

  Hi
  No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
  /Mikael

• Mls qos trust{cos/ip-precedence/dscp} command

  Hi every body!
  I have few questions
  1)
  The command " mls qos trust dscp" is only valid on mulilayer switch or it is also valid for layer 2 switch? If layer 2 switch is configured with that command, can it modify the dcsp value based on policy?
  2)is the following correct:
  switch(config-if) mls qos trust dscp
  switch will set the cos value to set default. If the default set is zero, then frame will be processed by best-effort delivery.
  But the egress-queue will be decided by dscp value in the packet. A dscp to cos map will be used to drive the cos value and then frame will be placed in the queue that corresponds to cos value.( off course if egress port is configured for trunk)
  thanks a lot and I wish America and all of you a happy new year!
  thanks a lot!

  Sarah
  1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
  "mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
  2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
  Jon

• Mls qos trust cos vs mls qos cos in cat6k

  Hello
  I am trying to configure basic qos topology with two 6k connected to each other by the trunk port.
  According to the documentation, if I set the mls qos cos value at the interface level I should modify the default cos on it, and all packets leaving incoming to this port, should be marked with the new cos value.
  http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/24055-173.html
  Unfortunately, when I set such config, all incoming packets transmitted through this interface was tagged with cos = 0 until I set the "mls qos trust cos" on the same interface.
  Does anybody can explain to me this strange behavior?
  I would like to mention that both 6k was connected to each other with ws-x6548-GE-TX modules.
  Thank you in advance.
  Ragards
  Lukas

  Sarah
  1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
  "mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
  2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
  Jon

• What is the best way to trust DSCP values on 6509 interfaces?

  I have 6509's with 2 Ten-gig interfaces configured into a Port Channel (routed with IP addressing) - the IOS is 12.2(18)SXE3. I want to trust the DSCP values of packets traveling through the interfaces and have applied 'mls qos trust dscp' on both the physical Ten-gig interfaces as well as the L3 Port Channel interface.
  1.Is it necessary to have the statement on all the interfaces, or is just having it on the Port channel enough?
  Here is the config right now:
  interface Port-channel4
  description to 6509-Core-A P4 (T1/3, T2/3)
  ip address 164.xxx.xx.xx 255.255.255.252
  ip pim sparse-mode
  ip route-cache flow
  mls qos trust dscp
  interface TenGigabitEthernet1/1
  description to 6509-Core-A T1/3 (P4)
  no ip address
  ip route-cache flow
  mls qos trust dscp
  channel-group 4 mode desirable
  interface TenGigabitEthernet1/2
  description to 6509-Core-A T2/3 (P4)
  no ip address
  ip route-cache flow
  mls qos trust dscp
  channel-group 4 mode desirable
  Also, what command can I use to see the dscp counters? In the 3560/3750 catalyst line you can enter: 'sh mls qos int f0/1 statistics' and get a display of all the dscp/cos input/output packet counts, but I can't find a comparable command in the 6509.
  2. Is there one?

  I think you do this on the individual port interfaces, not the port-channel interface, becasue the queueing mechanisims associated with DSCP values are port based.
  By doing this, if you have policy maps you want to use, you attach them to the ports not the port-channel.
  For the command on 6509, you can use:
  sh mls qos ip gigabitEthernet 1/1
  Hope this helps and let me know how that works out.
  Gary

• Setting Negative Forecast Values to Zero

  In 7.0 we used a option - Setting Negative Forecast Values to Zero.
  But after upgrade to 7.3 this option is missing and I can find any information about this.
  Can we open the option in 7.3?
  Anatoly

  Hi,
  thanks for your reply.
  mls qos
  interface GigabitEthernet3/34
  description *** DATA VLAN 35 - VOICE VLAN 34 ***
  switchport
  switchport trunk native vlan 36
  switchport trunk allowed vlan 34,36
  switchport mode trunk
  mls qos trust dscp
  no cdp enable
  spanning-tree portfast trunk
  If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value.  If I add the mls qos command this causes the switch to set the dscp values to zero.
  Thanks again 
  ps.  there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..

• Qos trust cos or qos trust dscp?

  My core switches are a pair Cisco catalyst 4006s with a sup 4 module. The questions are:
  1. Should I use qos trust cos or qos trust dscp when setting up qos on a per port basis?
  2. Which is preferred?
  3. I have a cos to dscp mapping so does it really matter?
  Any help is greatly appreciated. I just want to make sure that I'm honoring all tags.
  Mark

  If you have ip phones connected to the switch, you can enter qos trust cos on the switch and in the router which is connected to the switch enter the command to trust the DSCP since the switch will pass the dscp information to teh router.
  http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m2.html#wp1015945

• QoS trust dscp or cos on catalyst 4500

  We have a 4510R with Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software cat4500e-UNIVERSALK9-M), Version 03.05.02.E RELEASE SOFTWARE (fc1).
  I want use qos trust dscp or qos trust cos on the interface conected to other cisco switch or wlan controller.
  The current IOS version, do not support qos trust dscp:
  SW(config)#interface gi10/16
  SW(config-if)#qos tr
  SW(config-if)#qos trust ?
    device  trusted device class
    extend  Extend trust through a connected device
  SW(config-if)#qos trust device ?
    cisco-phone   Cisco IP Phone
    cts           Cisco-telepresence
    ip-camera     Cisco video surveillance camera
    media-player  Cisco Digital Media Player
  SW(config-if)#qos trust device
  What is the software that I need for this?. I tried with command lookup tool but the cat4500 do not appears.

  That is even new for me.
  I did a search and found that, now a days you no longer have to provide the Trust DSCP command, it is by default trusted.
  Went through this White Paper and excerpts are below:
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
  The answer to your question comes from the following excerpt :-
  "Previously supervisor engines relied on “port trust” to classify traffic; however, this does not fall into the MQC CLI construct. MQC provides a more flexible capability, i.e. all traffic is trusted by default, an administrator can change this trust state using a policy map. Another difference is the “internal DSCP” value used within the switch to place packets in the proper queue.
  Cisco Catalyst 4500E Supervisor Engines do not use “internal DSCP”; rather, it relies on explicit matching of QoS values using class maps so that packets can be placed in the correct queue.
  Also, note that there is no specific priority queue: it is not queue 3 or queue 1. The priority queue is simply configured within a class; therefore, it is not tied to a specific queue. One final difference is that of classification. Cisco Catalyst 4500E Supervisor Engines provide sequential classification rather than parallel. This allows the network administrator to classify traffic at egress based on the ingress markings. These markings can be done unconditionally, using a policer or using a table map. Based on these changes, QoS CLI will now be more contiguous on the Supervisor Engines as it will now have standard Cisco MQC CLI, making configuration management much simpler"
  HTH,
  Please rate all helpful posts.
  Regards

• Mls qos trust

  Hello, if the command 'mls qos trust xxxxx' is not issued, and qos is turned on for the interface, does this mean the switch will erase all cos and dscp markings received, therefore preventing me from testing packets/frames against these cos/dscp values ?
  So if I want to set up class maps, policy maps, and then service policies, it is essential that I:
  1. turn on mls qos ?
  2. enter a trust statement in order to preserve the cos or dscp values that I want to test against ?
  3. now I can test against against cos or dscp values ?
  Thanks for clarification.

  That is correct, when you would use for instance mls qos trust cos. You would need to define you cos<>dscp mappings on the switch and the switch will apply qos accordingly.
  So really if you have an ingress switch port and you trust cos or dscp, you can still have egress policies on a port (on the same switch), using these cos or dscp values.
  the mls qos trus command is just a way to make it easier to rely on existing cos/dscp values that a phone sends (based on your CUCM configuration,), without the need for you having to configure it explicitly on each access port.
  =============================
  Please remember to rate useful posts, by clicking on the stars below. 
  =============================

• Mls qos VS mls qos trust

  Hello world!
  I want to enable qos on a 3560 switch,
  So, I put:
  Overall setup mode "mls qos"
  Question:
  is what it is Verily nessaiire to interface configuration mode: "mls qos trust"?
  Regards,

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Generally, on many Catalyst switches, once you enable QoS, they will erase an ingress CoS/ToS markings unless your trust it or otherwise (i.e. policy) maintain it.
  I.e. the answer to your question is an "it depends"; but unless you want the markings reset to zero, the answer is probably yes (you want to trust).

• Mls qos trust "cos or dscp" ?

  I have an uplink from an access switch configured as a trunk 802.1q that needs to trust Qos towards the distribution switch, does this have to trust cos or dscp ? the issue is that the access switch has a local voice vlan and the trunk uses another vlan to connect to the distribution.

  You don't trust "to" a device, only from.
  The advice I've gotten from switching guys is "If you're not sure - just trust DSCP".
  If you try to trust cos on an access port where there is no VLAN header, there is no cos, and you can have problems.
  If you have a trunk to another switch, you can trust cos and you shouldn't have any problems.
  hth,
  nick

• Question about 3750 mls qos map dscp-output-q and cos-output-q

  1. If a egress packet has both Cos and Dscp setting, which map should this packet used to put into queue?
  2. The 3750 is doing ip route. After the packet is routed, will the packet keep the DSCP and COS? Or it will just keep the DSCP and using the dscp-cos map to create a new COS.

  Apologies for the confusion with the terminalogy.
  The question is where you have configured the trust boundaries, do you necessarily trust the DSCP value prior to being routed across your network?
  Therefore, although you have explicity trusted the DSCP value, do you still trust the value at the remote peer.
  For example, you connect into an MPLS with QoS enabled, you know that the values you are trusting are correct within your network, however at the remote peer/branch they could be remarked by the provider. Therefore do you 'believe' the values, or do you simply not trust them and then reclassify on ingress.
  Regards
  Allan.
  Hope this makes sense..

• Without 'MLS QOS' in 6500 does any interface queueing and trusting take place?

  I have a 6500 that does not have 'mls qos' global configured, although the interfaces do have 'mls qos trust dscp' on them as in:
  interface GigabitEthernet3/3
  switchport
  switchport access vlan 536
  switchport mode access
  switchport voice vlan 910
  logging event link-status
  mls qos trust dscp
  spanning-tree portfast
  When I 'show queueing int gx/x', it does show the default queueing structure of the interface as in:
  LLT-6509AS-A#sh queueing int g3/3
  Interface GigabitEthernet3/3 queueing strategy:  Weighted Round-Robin
    QoS is disabled globally
    Port is untrusted
    Extend trust state: not trusted [COS = 0]
    Default COS is 0
      Queueing Mode In Tx direction: mode-cos
      Transmit queues [type = 1p3q8t]:
      Queue Id    Scheduling  Num of thresholds
         01         WRR                 08
         02         WRR                 08
         03         WRR                 08
         04         Priority              01
  ---- snip ----
      queue thresh cos-map
      1     1      0 1 2 3 4 5 6 7
      1     2     
      1     3     
      1     4     
      1     5     
      1     6     
      1     7     
      1     8     
    Packets dropped on Transmit:
      BPDU packets:  0
      queue              dropped  [cos-map]
      1                        0  [0 1 2 3 4 5 6 7 ]
      2                        0  []
      3                        0  []
      4                        0  []
    Packets dropped on Receive:
      BPDU packets:  0
      queue              dropped  [cos-map]
      1                        0  [0 1 2 3 4 5 6 7 ]
  So just what does the global 'mls qos' do?  Without it is the command 'mls qos trust dscp' ignored?
  I'm trying to track down where in our network dscp settings are being stripped out of packets and this is when I noticed the 'mls qos' was not configured.

  it enables QOS on the switch, without it no QOS is being used.
  Sent from Cisco Technical Support iPhone App