'qos trust extend' command on 4500E causes Alcatel phones to reboot

Hi, We have autoqos configured on our 3560G access layer switches, when entering the 'qos trust extend' command on the 4500 interfaces which connect to the access layer switches this caused out Alcatel Phones to reboot.
I thought that this command just trusts the DSCP/CoS markings but obviously there is something else going on.
Any advice would be appreciated.
Thanks,
Paul

Hello.
I doubt if "auto qos voip trust" would suit you on inter-switch links, as per documentation the command applies policy-map that gives only 320K for voice and signalling traffic (+ remarking exceeded traffic to BE).
If you want to protect your video traffic in the future, you will have to design new QoS policy and apply it per link.
Regarding "trust dscp" toward WLC/AP - if you configure this, all your laptops will be able to inject marked traffic into your network, abusing your QoS policy; that is why the best practice for VoIP phones is to be placed into dedicated voice VLAN + trust cos (not dscp).
PS: I would suggest you to try the command[s] on one switch and see what configuration will be applied per port (+global).

Similar Messages

  • Mls qos trust{cos/ip-precedence/dscp} command

    Hi every body!
    I have few questions
    1)
    The command " mls qos trust dscp" is only valid on mulilayer switch or it is also valid for layer 2 switch? If layer 2 switch is configured with that command, can it modify the dcsp value based on policy?
    2)is the following correct:
    switch(config-if) mls qos trust dscp
    switch will set the cos value to set default. If the default set is zero, then frame will be processed by best-effort delivery.
    But the egress-queue will be decided by dscp value in the packet. A dscp to cos map will be used to drive the cos value and then frame will be placed in the queue that corresponds to cos value.( off course if egress port is configured for trunk)
    thanks a lot and I wish America and all of you a happy new year!
    thanks a lot!

    Sarah
    1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
    "mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
    2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
    Jon

  • QoS trust dscp or cos on catalyst 4500

    We have a 4510R with Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software cat4500e-UNIVERSALK9-M), Version 03.05.02.E RELEASE SOFTWARE (fc1).
    I want use qos trust dscp or qos trust cos on the interface conected to other cisco switch or wlan controller.
    The current IOS version, do not support qos trust dscp:
    SW(config)#interface gi10/16
    SW(config-if)#qos tr
    SW(config-if)#qos trust ?
      device  trusted device class
      extend  Extend trust through a connected device
    SW(config-if)#qos trust device ?
      cisco-phone   Cisco IP Phone
      cts           Cisco-telepresence
      ip-camera     Cisco video surveillance camera
      media-player  Cisco Digital Media Player
    SW(config-if)#qos trust device
    What is the software that I need for this?. I tried with command lookup tool but the cat4500 do not appears.

    That is even new for me.
    I did a search and found that, now a days you no longer have to provide the Trust DSCP command, it is by default trusted.
    Went through this White Paper and excerpts are below:
    http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
    The answer to your question comes from the following excerpt :-
    "Previously supervisor engines relied on “port trust” to classify traffic; however, this does not fall into the MQC CLI construct. MQC provides a more flexible capability, i.e. all traffic is trusted by default, an administrator can change this trust state using a policy map. Another difference is the “internal DSCP” value used within the switch to place packets in the proper queue.
    Cisco Catalyst 4500E Supervisor Engines do not use “internal DSCP”; rather, it relies on explicit matching of QoS values using class maps so that packets can be placed in the correct queue.
    Also, note that there is no specific priority queue: it is not queue 3 or queue 1. The priority queue is simply configured within a class; therefore, it is not tied to a specific queue. One final difference is that of classification. Cisco Catalyst 4500E Supervisor Engines provide sequential classification rather than parallel. This allows the network administrator to classify traffic at egress based on the ingress markings. These markings can be done unconditionally, using a policer or using a table map. Based on these changes, QoS CLI will now be more contiguous on the Supervisor Engines as it will now have standard Cisco MQC CLI, making configuration management much simpler"
    HTH,
    Please rate all helpful posts.
    Regards

  • Why does mls qos trust dscp dissapear after reboot?

    The command takes but after reboot, Invlaid inputs detected show up and "mls qos tust dscp" is gone from every interface.
    Happens on both 2960-24PC-S / 2960-48PST-S switches.

    Hi,
    thanks for your reply.
    mls qos
    interface GigabitEthernet3/34
    description *** DATA VLAN 35 - VOICE VLAN 34 ***
    switchport
    switchport trunk native vlan 36
    switchport trunk allowed vlan 34,36
    switchport mode trunk
    mls qos trust dscp
    no cdp enable
    spanning-tree portfast trunk
    If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value.  If I add the mls qos command this causes the switch to set the dscp values to zero.
    Thanks again 
    ps.  there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..

  • Mls qos trust dscp??? is setting my DSCP values to zero!?

    Hi,
    I was just doing some testing to ensure that the command 'mls qos trust dscp' is working on my 6509 switches before rolling out QoS.
    Before adding any configuration I could see using wireshark that traffic from my Avaya 9608 handset was coming through with a DSCP value of 46 (as it is supposed to).
    I then added the command 'mls qos' (at global level)
    on examining the wireshark output this time, the DSCP value had been set to zero (i.e. it defaulted it to best effort)
    I then expected by adding the commmand 'mls qos trust dscp' on the interface the phone is connected to that the DSCP value would would again be left alone?
    does anybody know why this is happening?
    Many thanks in advance.
    Andy

    Hi,
    thanks for your reply.
    mls qos
    interface GigabitEthernet3/34
    description *** DATA VLAN 35 - VOICE VLAN 34 ***
    switchport
    switchport trunk native vlan 36
    switchport trunk allowed vlan 34,36
    switchport mode trunk
    mls qos trust dscp
    no cdp enable
    spanning-tree portfast trunk
    If i don't include the global 'mls qos' command then the voice packets keep the dscp 46 value.  If I add the mls qos command this causes the switch to set the dscp values to zero.
    Thanks again 
    ps.  there are some other mls commands on the switch... i don't know if these could interfere but they were already on there so i'm reluctant to remove them..

  • Problem on the QoS trust boundary on FEX

    HI: all
         During a test, we found the N5K attached FEX will override all the DSCP marking to 0  for the class-default traffic. Based on my understanding, the N5K will enable the qos trust on all access port by defual. But how about I configure a policy-map on the interface for DSCP marking, and want to leave the unclassified traffic as the original DSCP tag, is that possible?
        Thanks!
    BR
    LIBING

    Hi There,
    Take a look at the QoS config guide, it has some of the answers you are after.
    You should refer to the guide relevant to your OS version.
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/nexus5500/sw/qos/602_N1_1/b_5500_QoS_Config_602N11_chapter_0110.html
    Any incoming packet not tagged with an 802.1p CoS value is assigned the default untagged CoS value of zero (which maps to the default Ethernet drop system class). You can override the default untagged CoS value for an Ethernet or EtherChannel interface.
    On a Cisco Nexus device, you can configure a type qos policy map and untagged CoS on the same interface.
    Trust Boundaries
    The trust boundary is enforced by the incoming interface as follows:
    All Fibre Channel and virtual Fibre Channel interfaces are automatically classified into the FCoE system class.
    By default, all Ethernet interfaces are trusted interfaces.The 802.1p CoS and DSCP are preserved unless the marking is configured. There is no default CoS to queue and DSCP to queue mapping. You can define and apply a policy to create these mappings. By default, without a user defined policy, all traffic is assigned to the default queue.
    Any packet that is not tagged with an 802.1p CoS value is classified into the default drop system class. If the untagged packet is sent over a trunk, it is tagged with the default untagged CoS value, which is zero.
    You can override the default untagged CoS value for an Ethernet interface or port channel.
    You can override the default untagged CoS value for an Ethernet interface or a port channel interface using the untagged cos cos-value command.
    You can override the default untagged Cos value for an Ethernet or a Layer 3 interface or a port channel interface using the untagged cos cos-value command.
    After the system applies the untagged CoS value, QoS functions the same as for a packet that entered the system tagged with the CoS value.
    Hope that helps.

  • QoS Trust

    Hi,
    I just want to confirm the best practice with CUCM and LAN QoS. I have a CUCM 10.5 cluster attached to a 4948 edge. CUCM is marking all signalling traffic with the appropriate DSCP markings. Therefore I assume all that is required on the LAN is to trust the QoS/DSCP markings?
    An example edge port with AutoQoS to a CUCM Subscriber:
    *The key command being  'auto qos voip trust'
    *This switch port is connected to a UCS C-Series
    SWITCH#sh run int Gig 1/47
    Building configuration...
    Current configuration : 285 bytes
    interface GigabitEthernet1/47
    description CUCM_SUB
    switchport trunk encapsulation dot1q
    switchport mode trunk
    media-type rj45
    qos trust cos
    auto qos voip trust
    tx-queue 3
    bandwidth percent 33
    priority high
    shape percent 33
    service-policy output autoqos-voip-policy
    end
    All uplinks in the LAN also have the same ' auto qos voip trust' command set. So we should have 'end to end' QoS in the LAN?
    Edge ports to IP Phones are set as 'auto qos voip cisco-phone'.
    Thanks!
    Dean

    Thanks you for your response.
    Yes you’re right there, but the problem is that if an incoming packed has a dscp value 0 (not marked) than it should be remarked and only then. Therefore I need the trust dscp command as shown in the IOS CLI configuration segment I posted, otherwise the incoming packed is remarked no matter what dscp value it has. I didn’t find another way yet to solve this without the trust dscp command.

  • Qos trust cos or qos trust dscp?

    My core switches are a pair Cisco catalyst 4006s with a sup 4 module. The questions are:
    1. Should I use qos trust cos or qos trust dscp when setting up qos on a per port basis?
    2. Which is preferred?
    3. I have a cos to dscp mapping so does it really matter?
    Any help is greatly appreciated. I just want to make sure that I'm honoring all tags.
    Mark

    If you have ip phones connected to the switch, you can enter qos trust cos on the switch and in the router which is connected to the switch enter the command to trust the DSCP since the switch will pass the dscp information to teh router.
    http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m2.html#wp1015945

  • Mls qos trust

    Hello, if the command 'mls qos trust xxxxx' is not issued, and qos is turned on for the interface, does this mean the switch will erase all cos and dscp markings received, therefore preventing me from testing packets/frames against these cos/dscp values ?
    So if I want to set up class maps, policy maps, and then service policies, it is essential that I:
    1. turn on mls qos ?
    2. enter a trust statement in order to preserve the cos or dscp values that I want to test against ?
    3. now I can test against against cos or dscp values ?
    Thanks for clarification.

    That is correct, when you would use for instance mls qos trust cos. You would need to define you cos<>dscp mappings on the switch and the switch will apply qos accordingly.
    So really if you have an ingress switch port and you trust cos or dscp, you can still have egress policies on a port (on the same switch), using these cos or dscp values.
    the mls qos trus command is just a way to make it easier to rely on existing cos/dscp values that a phone sends (based on your CUCM configuration,), without the need for you having to configure it explicitly on each access port.
    =============================
    Please remember to rate useful posts, by clicking on the stars below. 
    =============================

  • Cisco 3560 switch| mls qos trust dscp question

    Hi everybody
    Hi everybody .
    Please consider the following example:
    3560 sw f1/1--------trunk---SW2
    3560 sw
    f1/1
    mls qos trust dscp
    3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
    1) will it use its default cos --dscp map  ( cos 4--.dscp 32) and rewrite 32 in dscp field  of the packet in the frame and provide PHB for dscp 32 ?
    Much appreciated!!
    Have  a great weekend.

    Hi
    No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
    /Mikael

  • Mls qos VS mls qos trust

    Hello world!
    I want to enable qos on a 3560 switch,
    So, I put:
    Overall setup mode "mls qos"
    Question:
    is what it is Verily nessaiire to interface configuration mode: "mls qos trust"?
    Regards,

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    Generally, on many Catalyst switches, once you enable QoS, they will erase an ingress CoS/ToS markings unless your trust it or otherwise (i.e. policy) maintain it.
    I.e. the answer to your question is an "it depends"; but unless you want the markings reset to zero, the answer is probably yes (you want to trust).

  • Mls qos trust cos vs mls qos cos in cat6k

    Hello
    I am trying to configure basic qos topology with two 6k connected to each other by the trunk port.
    According to the documentation, if I set the mls qos cos value at the interface level I should modify the default cos on it, and all packets leaving incoming to this port, should be marked with the new cos value.
    http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/24055-173.html
    Unfortunately, when I set such config, all incoming packets transmitted through this interface was tagged with cos = 0 until I set the "mls qos trust cos" on the same interface.
    Does anybody can explain to me this strange behavior?
    I would like to mention that both 6k was connected to each other with ws-x6548-GE-TX modules.
    Thank you in advance.
    Ragards
    Lukas

    Sarah
    1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
    "mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
    2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
    Jon

  • "mls qos trust dscp" vs. "mls qos trust cos"

    Are these statements correct ?
    1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
    - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
    2. If using QoS profile with setting "wired qos protocol",
    - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
    - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
    3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
    4. Always use "mls qos trust dscp" on non-HREAP AP ports
    Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
    Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
    5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks

    Are these statements correct ?
    1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
      - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
    Ans: Not sure about always. you can use both 'mls qos trust dscp' and 'mls qos trust cos'. Since it is a trunk port the packets will have a cos value (802.1p tag) and hence you can trust cos. Downstream and upstream traffic both are capped to the WLAN max QoS value. for example if Wlan is set to silver, and if a packet comes in at platinum QoS, the AP will cap it to silver in upstream direction. Same holds true for a cos 5 / dscp 46 packet coming in from the wired side.
    2. If using QoS profile with setting "wired qos protocol",
      - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
      - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
    Ans:
    3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
    Ans: Traffic in both direction wil always get capped to WLAN max QoS. Untagged (802.1p = 0) traffic will be treated as best effort.
    4. Always use "mls qos trust dscp" on non-HREAP AP ports
       Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
       Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
    Ans:
    5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks
    Ans: I think on purely layer 2 switches you can trust dscp, but am not 100% sure.

  • OSB "Extended command output" preference permanence

    There is a per user preference for "Extended command output".  When I set that, it only stays set for the duration of the session.  If the session times out, or the user logs out and then back in, the preference is reset.  I have tested this under Firefox 20-22, IE 9-10, and Chrome 27 - all behave the same and lose the preference setting after the end of the session.
    Is there a method to make the preferences persist across sessions?  I find the extended command output very useful.
    OSB version 10.4.0.2.0

    The problem is that "admin" was included as a Restore option and it is not a valid Restore / obtar option.
    Here are links to the documentation which describe what are valid restore / obtar options:
    http://download.oracle.com/docs/cd/E14812_01/doc/doc.103/e12834/osb_filesystem_restore.htm#CJAGECJD
    "Optionally, in Restore options, enter one or more obtar options.
    For example, -J enables debug output and provides a high level of detail in restore transcripts." A complete list of obtar options is:
    http://download.oracle.com/docs/cd/E14812_01/doc/doc.103/e12838/ap_obtar.htm#OBREF362
    Donna

  • QOS: egress police command not supported in non-leaf classes

    Hello,
    I have issue with egress policers on EFP (Service instance).
    When configure two egress policers on EFPs (on one physical interface), I received a message:
    ME-3600X(config-if-srv)#service-policy output VLAN-50M
    QOS: egress police command not supported in non-leaf classes
    QoS: Policy attachment failed for policymap VLAN-50M
    The configuration looks easy:
    policy-map VLAN-50M
    class VLAN
      police cir 50000000
       exceed-action drop
    class-map match-all VLAN
    match protocol ip
    interface GigabitEthernet0/11
    description TEST
    switchport trunk allowed vlan none
    switchport mode trunk
    mtu 1998
    load-interval 30
    service instance 199 ethernet
      encapsulation dot1q 199
      rewrite ingress tag pop 1 symmetric
      service-policy output VLAN-50M
      xconnect 82.119.245.231 3291 encapsulation mpls
    service instance 500 ethernet
      description L2MNG-SWITCHE
      encapsulation dot1q 500
      rewrite ingress tag pop 1 symmetric
      bridge-domain 500
    I tried to attach the same policy-map to Service Instance 500, with the messages above mentioned.
    I am not sure if this is correct behaviour, and what means term "non-leaf class".
    IOS version is 15.2(4)S2 with AdvancedMetroIPAccess.
    Best regards,
    Josef

    Platform supports three level hierarchy - Port, VLAN and Class.
    Class is the leaf level.
    Queuing is done only at the leaf level.
    You need to attach your policy to the port level policy so that it can be a two level policy.
    Three Level Class-default Policy Example:
    policy-map leaf
    class class-default
    queue-limit xxxxx bytes
    policy-map logical
    class class-default
    service-policy leaf
    policy-map root
    class class-default
    service-policy logical
    Invalid Queue-Limit Policy Configuration Example:
    This case "class-default" is being considered as the port level.
    Following QOS policy configuration failed because the configuration check assumes user is trying to apply the queue-limit at the vlan level which is not supported.
    policy-map child-1
    class class-default
      queue-limit 256 packets
    policy-map VLAN-OUT
    class class-default       <<< Class default is being assumed at the port level , Child policy at the second level
      shape average 5000000
      service-policy child-1
    interface GigabitEthernet0/5
    switchport trunk allowed vlan none
    switchport mode trunk
    service instance 2 ethernet
      encapsulation dot1q 60
      rewrite ingress tag pop 1 symmetric
      bridge-domain 60
    3600-HL-2-N(config)#interface GigabitEthernet0/5
    3600-HL-2-N(config-if-srv)#service-policy output VLAN-OUT
    QOS: queue-limit command not supported in non-leaf classes
    QoS: Policy attachment failed for policymap VLAN-OUT
    *Feb 13 09:55:28.700: %QOSMGR-3-QLIMIT_LEVEL_ERROR: Qlimit command not supported in non-leaf classes

Maybe you are looking for

  • [Solved] game has no sound

    again, after i installed system, i want to run skulltag. i installed everything, everything runs but sound doesnt work. i have flac and libfmod installed, anyone know the solution? in everywhere else sound is working fine Last edited by syms (2009-03

  • Order of javascript jquery declarations matters?

    hi guys. trying to understand this whole jquery/javascript methodology but getting stumped. i'm using ddsmoothmenu for a horizontal menu http://www.dynamicdrive.com/dynamicindex1/ddsmoothmenu.htm prettyPhoto lightbox for photo galleries http://www.no

  • Application Manager has 'Up to date' won't let me download after purchase

    Hello, I just purchased the monthly subscription to InDesign CS6 about 2 hours ago. I am going through the steps and when I get to the Application Manager to download I have 'Up to date' in grey and I am unable to download InDesign CS 6. How can I fi

  • Have not been prompted to download new iOS

    I am not able to upgrade some of my apps because I don't have ios5 but I have not had any prompt to upgrade and my iPad won't let me download.  Please help?

  • VBA with SAPbobsCOM.Recordset

    Hi all, I'm trying to do a report using VBA microsoft word. I manage to connect to the database using the DI API. But when i tried to do the SAPbobsCOM.Recordset, i got error. Need advice. Regards, Bruce.