Mls qos trust dscp??? is setting my DSCP values to zero!?
Hi,
I was just doing some testing to ensure that the command 'mls qos trust dscp' is working on my 6509 switches before rolling out QoS.
Before adding any configuration I could see using wireshark that traffic from my Avaya 9608 handset was coming through with a DSCP value of 46 (as it is supposed to).
I then added the command 'mls qos' (at global level)
on examining the wireshark output this time, the DSCP value had been set to zero (i.e. it defaulted it to best effort)
I then expected by adding the commmand 'mls qos trust dscp' on the interface the phone is connected to that the DSCP value would would again be left alone?
does anybody know why this is happening?
Many thanks in advance.
Andy
Hi,
thanks for your reply.
mls qos
interface GigabitEthernet3/34
description *** DATA VLAN 35 - VOICE VLAN 34 ***
switchport
switchport trunk native vlan 36
switchport trunk allowed vlan 34,36
switchport mode trunk
mls qos trust dscp
no cdp enable
spanning-tree portfast trunk
If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value. If I add the mls qos command this causes the switch to set the dscp values to zero.
Thanks again
ps. there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..
Similar Messages
-
Why does mls qos trust dscp dissapear after reboot?
The command takes but after reboot, Invlaid inputs detected show up and "mls qos tust dscp" is gone from every interface.
Happens on both 2960-24PC-S / 2960-48PST-S switches.Hi,
thanks for your reply.
mls qos
interface GigabitEthernet3/34
description *** DATA VLAN 35 - VOICE VLAN 34 ***
switchport
switchport trunk native vlan 36
switchport trunk allowed vlan 34,36
switchport mode trunk
mls qos trust dscp
no cdp enable
spanning-tree portfast trunk
If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value. If I add the mls qos command this causes the switch to set the dscp values to zero.
Thanks again
ps. there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them.. -
"mls qos trust dscp" vs. "mls qos trust cos"
Are these statements correct ?
1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
- downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
2. If using QoS profile with setting "wired qos protocol",
- use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
- use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
4. Always use "mls qos trust dscp" on non-HREAP AP ports
Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunksAre these statements correct ?
1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
- downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
Ans: Not sure about always. you can use both 'mls qos trust dscp' and 'mls qos trust cos'. Since it is a trunk port the packets will have a cos value (802.1p tag) and hence you can trust cos. Downstream and upstream traffic both are capped to the WLAN max QoS value. for example if Wlan is set to silver, and if a packet comes in at platinum QoS, the AP will cap it to silver in upstream direction. Same holds true for a cos 5 / dscp 46 packet coming in from the wired side.
2. If using QoS profile with setting "wired qos protocol",
- use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
- use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
Ans:
3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
Ans: Traffic in both direction wil always get capped to WLAN max QoS. Untagged (802.1p = 0) traffic will be treated as best effort.
4. Always use "mls qos trust dscp" on non-HREAP AP ports
Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
Ans:
5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks
Ans: I think on purely layer 2 switches you can trust dscp, but am not 100% sure. -
Cisco 3560 switch| mls qos trust dscp question
Hi everybody
Hi everybody .
Please consider the following example:
3560 sw f1/1--------trunk---SW2
3560 sw
f1/1
mls qos trust dscp
3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
1) will it use its default cos --dscp map ( cos 4--.dscp 32) and rewrite 32 in dscp field of the packet in the frame and provide PHB for dscp 32 ?
Much appreciated!!
Have a great weekend.Hi
No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
/Mikael -
Mls qos trust{cos/ip-precedence/dscp} command
Hi every body!
I have few questions
1)
The command " mls qos trust dscp" is only valid on mulilayer switch or it is also valid for layer 2 switch? If layer 2 switch is configured with that command, can it modify the dcsp value based on policy?
2)is the following correct:
switch(config-if) mls qos trust dscp
switch will set the cos value to set default. If the default set is zero, then frame will be processed by best-effort delivery.
But the egress-queue will be decided by dscp value in the packet. A dscp to cos map will be used to drive the cos value and then frame will be placed in the queue that corresponds to cos value.( off course if egress port is configured for trunk)
thanks a lot and I wish America and all of you a happy new year!
thanks a lot!Sarah
1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
"mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
Jon -
Mls qos trust cos vs mls qos cos in cat6k
Hello
I am trying to configure basic qos topology with two 6k connected to each other by the trunk port.
According to the documentation, if I set the mls qos cos value at the interface level I should modify the default cos on it, and all packets leaving incoming to this port, should be marked with the new cos value.
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/24055-173.html
Unfortunately, when I set such config, all incoming packets transmitted through this interface was tagged with cos = 0 until I set the "mls qos trust cos" on the same interface.
Does anybody can explain to me this strange behavior?
I would like to mention that both 6k was connected to each other with ws-x6548-GE-TX modules.
Thank you in advance.
Ragards
LukasSarah
1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
"mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
Jon -
What is the best way to trust DSCP values on 6509 interfaces?
I have 6509's with 2 Ten-gig interfaces configured into a Port Channel (routed with IP addressing) - the IOS is 12.2(18)SXE3. I want to trust the DSCP values of packets traveling through the interfaces and have applied 'mls qos trust dscp' on both the physical Ten-gig interfaces as well as the L3 Port Channel interface.
1.Is it necessary to have the statement on all the interfaces, or is just having it on the Port channel enough?
Here is the config right now:
interface Port-channel4
description to 6509-Core-A P4 (T1/3, T2/3)
ip address 164.xxx.xx.xx 255.255.255.252
ip pim sparse-mode
ip route-cache flow
mls qos trust dscp
interface TenGigabitEthernet1/1
description to 6509-Core-A T1/3 (P4)
no ip address
ip route-cache flow
mls qos trust dscp
channel-group 4 mode desirable
interface TenGigabitEthernet1/2
description to 6509-Core-A T2/3 (P4)
no ip address
ip route-cache flow
mls qos trust dscp
channel-group 4 mode desirable
Also, what command can I use to see the dscp counters? In the 3560/3750 catalyst line you can enter: 'sh mls qos int f0/1 statistics' and get a display of all the dscp/cos input/output packet counts, but I can't find a comparable command in the 6509.
2. Is there one?I think you do this on the individual port interfaces, not the port-channel interface, becasue the queueing mechanisims associated with DSCP values are port based.
By doing this, if you have policy maps you want to use, you attach them to the ports not the port-channel.
For the command on 6509, you can use:
sh mls qos ip gigabitEthernet 1/1
Hope this helps and let me know how that works out.
Gary -
Setting Negative Forecast Values to Zero
In 7.0 we used a option - Setting Negative Forecast Values to Zero.
But after upgrade to 7.3 this option is missing and I can find any information about this.
Can we open the option in 7.3?
AnatolyHi,
thanks for your reply.
mls qos
interface GigabitEthernet3/34
description *** DATA VLAN 35 - VOICE VLAN 34 ***
switchport
switchport trunk native vlan 36
switchport trunk allowed vlan 34,36
switchport mode trunk
mls qos trust dscp
no cdp enable
spanning-tree portfast trunk
If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value. If I add the mls qos command this causes the switch to set the dscp values to zero.
Thanks again
ps. there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them.. -
Qos trust cos or qos trust dscp?
My core switches are a pair Cisco catalyst 4006s with a sup 4 module. The questions are:
1. Should I use qos trust cos or qos trust dscp when setting up qos on a per port basis?
2. Which is preferred?
3. I have a cos to dscp mapping so does it really matter?
Any help is greatly appreciated. I just want to make sure that I'm honoring all tags.
MarkIf you have ip phones connected to the switch, you can enter qos trust cos on the switch and in the router which is connected to the switch enter the command to trust the DSCP since the switch will pass the dscp information to teh router.
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m2.html#wp1015945 -
QoS trust dscp or cos on catalyst 4500
We have a 4510R with Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software cat4500e-UNIVERSALK9-M), Version 03.05.02.E RELEASE SOFTWARE (fc1).
I want use qos trust dscp or qos trust cos on the interface conected to other cisco switch or wlan controller.
The current IOS version, do not support qos trust dscp:
SW(config)#interface gi10/16
SW(config-if)#qos tr
SW(config-if)#qos trust ?
device trusted device class
extend Extend trust through a connected device
SW(config-if)#qos trust device ?
cisco-phone Cisco IP Phone
cts Cisco-telepresence
ip-camera Cisco video surveillance camera
media-player Cisco Digital Media Player
SW(config-if)#qos trust device
What is the software that I need for this?. I tried with command lookup tool but the cat4500 do not appears.That is even new for me.
I did a search and found that, now a days you no longer have to provide the Trust DSCP command, it is by default trusted.
Went through this White Paper and excerpts are below:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
The answer to your question comes from the following excerpt :-
"Previously supervisor engines relied on “port trust” to classify traffic; however, this does not fall into the MQC CLI construct. MQC provides a more flexible capability, i.e. all traffic is trusted by default, an administrator can change this trust state using a policy map. Another difference is the “internal DSCP” value used within the switch to place packets in the proper queue.
Cisco Catalyst 4500E Supervisor Engines do not use “internal DSCP”; rather, it relies on explicit matching of QoS values using class maps so that packets can be placed in the correct queue.
Also, note that there is no specific priority queue: it is not queue 3 or queue 1. The priority queue is simply configured within a class; therefore, it is not tied to a specific queue. One final difference is that of classification. Cisco Catalyst 4500E Supervisor Engines provide sequential classification rather than parallel. This allows the network administrator to classify traffic at egress based on the ingress markings. These markings can be done unconditionally, using a policer or using a table map. Based on these changes, QoS CLI will now be more contiguous on the Supervisor Engines as it will now have standard Cisco MQC CLI, making configuration management much simpler"
HTH,
Please rate all helpful posts.
Regards -
Hello, if the command 'mls qos trust xxxxx' is not issued, and qos is turned on for the interface, does this mean the switch will erase all cos and dscp markings received, therefore preventing me from testing packets/frames against these cos/dscp values ?
So if I want to set up class maps, policy maps, and then service policies, it is essential that I:
1. turn on mls qos ?
2. enter a trust statement in order to preserve the cos or dscp values that I want to test against ?
3. now I can test against against cos or dscp values ?
Thanks for clarification.That is correct, when you would use for instance mls qos trust cos. You would need to define you cos<>dscp mappings on the switch and the switch will apply qos accordingly.
So really if you have an ingress switch port and you trust cos or dscp, you can still have egress policies on a port (on the same switch), using these cos or dscp values.
the mls qos trus command is just a way to make it easier to rely on existing cos/dscp values that a phone sends (based on your CUCM configuration,), without the need for you having to configure it explicitly on each access port.
=============================
Please remember to rate useful posts, by clicking on the stars below.
============================= -
Hello world!
I want to enable qos on a 3560 switch,
So, I put:
Overall setup mode "mls qos"
Question:
is what it is Verily nessaiire to interface configuration mode: "mls qos trust"?
Regards,Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Generally, on many Catalyst switches, once you enable QoS, they will erase an ingress CoS/ToS markings unless your trust it or otherwise (i.e. policy) maintain it.
I.e. the answer to your question is an "it depends"; but unless you want the markings reset to zero, the answer is probably yes (you want to trust). -
Mls qos trust "cos or dscp" ?
I have an uplink from an access switch configured as a trunk 802.1q that needs to trust Qos towards the distribution switch, does this have to trust cos or dscp ? the issue is that the access switch has a local voice vlan and the trunk uses another vlan to connect to the distribution.
You don't trust "to" a device, only from.
The advice I've gotten from switching guys is "If you're not sure - just trust DSCP".
If you try to trust cos on an access port where there is no VLAN header, there is no cos, and you can have problems.
If you have a trunk to another switch, you can trust cos and you shouldn't have any problems.
hth,
nick -
Question about 3750 mls qos map dscp-output-q and cos-output-q
1. If a egress packet has both Cos and Dscp setting, which map should this packet used to put into queue?
2. The 3750 is doing ip route. After the packet is routed, will the packet keep the DSCP and COS? Or it will just keep the DSCP and using the dscp-cos map to create a new COS.Apologies for the confusion with the terminalogy.
The question is where you have configured the trust boundaries, do you necessarily trust the DSCP value prior to being routed across your network?
Therefore, although you have explicity trusted the DSCP value, do you still trust the value at the remote peer.
For example, you connect into an MPLS with QoS enabled, you know that the values you are trusting are correct within your network, however at the remote peer/branch they could be remarked by the provider. Therefore do you 'believe' the values, or do you simply not trust them and then reclassify on ingress.
Regards
Allan.
Hope this makes sense.. -
Without 'MLS QOS' in 6500 does any interface queueing and trusting take place?
I have a 6500 that does not have 'mls qos' global configured, although the interfaces do have 'mls qos trust dscp' on them as in:
interface GigabitEthernet3/3
switchport
switchport access vlan 536
switchport mode access
switchport voice vlan 910
logging event link-status
mls qos trust dscp
spanning-tree portfast
When I 'show queueing int gx/x', it does show the default queueing structure of the interface as in:
LLT-6509AS-A#sh queueing int g3/3
Interface GigabitEthernet3/3 queueing strategy: Weighted Round-Robin
QoS is disabled globally
Port is untrusted
Extend trust state: not trusted [COS = 0]
Default COS is 0
Queueing Mode In Tx direction: mode-cos
Transmit queues [type = 1p3q8t]:
Queue Id Scheduling Num of thresholds
01 WRR 08
02 WRR 08
03 WRR 08
04 Priority 01
---- snip ----
queue thresh cos-map
1 1 0 1 2 3 4 5 6 7
1 2
1 3
1 4
1 5
1 6
1 7
1 8
Packets dropped on Transmit:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
2 0 []
3 0 []
4 0 []
Packets dropped on Receive:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
So just what does the global 'mls qos' do? Without it is the command 'mls qos trust dscp' ignored?
I'm trying to track down where in our network dscp settings are being stripped out of packets and this is when I noticed the 'mls qos' was not configured.it enables QOS on the switch, without it no QOS is being used.
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
I get this error message "this connection is untrusted" after I re-installed Windows Vista and all my programs. This happened before but after reformatting my computer everything was good. Why am I getting this? Could it be a virus of some sort? It h
-
My laptop has been repaired and for some reason my library on itunes has been wiped. Didn't pay attention and synced my iphone so have lost all the tunes off that now too. Ipad still has all the music on, is there an easy and free way to repopulate i
-
Edit colors for all pages in a multipage PDF
Hi, I have a PDF with 189 pages. Each page is an scanned image. Unfortunately, all the pages are too dark and I would like to increase the contrast of each and all of them. Is there any way to do this to the whole PDF, or do I have to do it page by p
-
Is ASAP part of Solution manager or bothe are different
hai to everybody, when we are in implementation we have to use either ASAP methodology or Solution Manager, the question is Is ASAP methodology a part of Solution manager or both are different Can any one tell me even Schedule manager also suitable a
-
HT201442 how to disable your phone?
How to unlock your phone after trying 9 times?