How to configure QoS trust boundary on Cisco Switches

I have a question in regards to the topic.

“If the port is an access port or Layer 3 port, you need to configure the mls qos trust dscp command. You cannot use the mls qos trust cos command because the frame from the access port or Layer 3 port does not contain dot1q or ISL tag. CoS bits are present in the dot1q or ISL frame only.”

" If the port is trunk port, you can configure either the mls qos trust cos or mls qos trust dscp command. The dscp-cos map table is used to calculate the CoS value if the port is configured to trust DSCP. Similarly, the cos-dscp map table is used to calculate the DSCP value if the port is configured to trust CoS."

Could you please share your thoughts on this ?

Hi Tatyana,

There are two types of marking: we can mark L2 Ethernet frames or L3 IP packets.

Marking L2 Ethernet frames is only possible on 802.1Q or ISL trunk links since a “regular” Ethernet frame doesn’t have a field to specify the marking. Take a look at the picture right above your question, it shows the 802.1Q frame with the tag that has the priority field.

Interfaces in access mode and L3 interfaces don’t use 802.1Q so we can’t mark L2 frames. In this case, we can use the marking on IP packets though.

On trunk interfaces, you can choose if you want to use the L2 marking in the 802.1Q frame or the L3 marking in the IP packets.

Hope this helps!

Rene

Hi Rene,

What if we have an Avaya phone system. How will the trusting occur when using the mls qos trust device “cisco-phone” on a port connected to an Avaya phone? I assume CDP will determine that it is not a cisco phone but what would be the QOS design for an Avaya deployment using cisco switches?

Hi Rohini,

For any non-Cisco phones, you can use mls qos trust cos to use the CoS marking that the phone sends.

You also might want to look at LLDP, it’s an alternative to CDP which is supported by a couple of vendors.

Rene

Hi Rene,

New to the website which I find very helpful.

We are currently running cisco 3850 switches and trying to apply the mls qos but it appears that mls is not supported on that model. Would you know what commands are needed to apply mls on a 3850?

Steve

Steve,
MLS QOS is an older platform method of QOS implementation. In your case, your 3850 switch is much newer, and uses the “modular quality of service command line interface (MQC)” architecture instead of the MLS one.

This basically means that implementing QoS on your newer switch is pretty much just like implementing QoS on a router. In retrospect, it was kind of dumb for Cisco to have different syntax for a router vs a switch.

You might want to check out the network lesson on QoS Marking to get started. There are quite a few network lessons on QoS here. Just make sure you look for ones that talk about routers and not switches.

Additionally, here are a couple of Cisco links you might find useful:
MLS vs MQC on 3850

MQC Best Practices on a 3850

I am a bit confused. I have the following switch:

DataCenterSwitch#show version
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Version 15.0(2)SG2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport

ROM: 12.2(44r)SG11
Hobgoblin Revision 21, Fortooine Revision 1.32

DataCenterSwitch uptime is 1 year, 43 weeks, 5 days, 3 hours, 58 minutes
System returned to ROM by power-on
System image file is "bootflash:cat4500e-entservices-mz.150-2.SG2.bin"

cisco WS-C4948E-F (MPC8548) processor (revision 8) with 1048576K bytes of memory.
Processor board ID CAT1707S0CD
MPC8548 CPU at 1GHz, Cisco Catalyst 4948E-F
Last reset from PowerUp
3 Virtual Ethernet interfaces
48 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2101

when I use the following command:

DataCenterSwitch(config)#mls ?
% Unrecognized command

it does not recognize it.

However, it does recognize the following:

DataCenterSwitch(config)#qos ?
Global QoS configuration subcommands:
  account          Additional lengths to be accounted by QoS Features
  control-packets  Enable QoS on control packets
  preserve         Preserve packet header bits

DataCenterSwitch(config)#qos

DataCenterSwitch(config-if)#qos ?
  trust  Trust related configuration of the interface

So I am just kind of confused on how to approach this. this is an actual datacenter switch that connects to an MPLS circuit and we are having issues with our VOIP traffic. We want to put QOS on this which I have never looked at before. Probably way above where I am at only just having passed my CCNA however I started looking for information on configuring QOS and found this on the site.

The problem is QoS seems to be very complex. However, I understand the concept of whats going on in this post but then ran into the issue that the switch did not work the same as the commands are different.

We have consultants and will make use of them but I would like to be able to understand Qos some even if not enough to design it or fully implement it maybe enough to work with the consultant and learn the basics.

Is there a book do I study these web pages why is it different and seem to be in different areas like here its under Qos and in global and the interface configuration rather than like the switch shown in the examples.

I need a way to approach learning this so I have an idea of whats going on. I am studying for my CCNP under my classical training but I am only just about to finish up the EIGRP portion and then move into the OSPF and so nothing I am learning so far in my CCNP studies helps alot with this.

Thanks!

Hi Rene/ Andrew,

I have Cisco 7600 router, i try to mark the incoming traffic with DSCP63, the packet looks mark with DSCp63 when show policy map interface.

But when the traffic forward out the port with policy map, i match the ip with dscp 63, seem it can’t match anything.

Can you please advise.

Thanks

Davis

Davis,
Start by checking to see whether each side is working as you think.

  1. Can you capture some of the traffic after it has been marked, and examine via Wireshark? This will tell you whether your marking is working as expected.
  2. Try generating traffic marked as DSCP 63 (you can do this by just typing “ping” and choosing some advanced settings via the CLI), and send this traffic through your policy-map. This will allow you to see whether your policy-map is actually acting upon this type of traffic.

By the way, DSCP 63? While this is possible, I have never seen somebody do it. Essentially, you are trying to mark this as higher priority than even spanning-tree would be! This is generally not recommended, because unless you police the heck out of it, a larger volume of this type of traffic could cripple your network.

Hi Brian,

Your 4948E has a different QoS model than the 2960 / 3560 / 3750 switches that this lesson was based on. Your best option is to use the Cisco configuration guides.

Here’s the direct link for the 4948E IOS 15.0(2) configuration guide. If you browse around a bit, you’ll find the QoS section.

These switches don’t use the (older) mls commands but use the MQC to configure QoS.

Rene

Hi Rene,

with respect to above example where we are trusting only at DISTRIBUTION Layer, i have 3 basic doubts, can you please explain them : -

  1. When IP phone is does marking --> so will it be a cos based marking or dscp based and why?
  2. When a frame is generated at IP Phone and put up in packet for further travel : where does COS and DSCP fits in ?
  3. as you said : if Access switch is managed by someone else and they configure “mls qos” - so is it correct that cos/dscp values will be lost by the time it reaches
    to distribute layer and we wont have anything to trust ?

Thanks in advace

Hi,
the command mls qos does not working on 3850
Thnaks

Sims,
If you read through the forum comments about 4 or 5 above yours, this question has already been asked and answered (the actual links referenced below are in the original answer):

MLS QOS is an older platform method of QOS implementation. In your case, your 3850 switch is much newer, and uses the “modular quality of service command line interface (MQC)” architecture instead of the MLS one.

This basically means that implementing QoS on your newer switch is pretty much just like implementing QoS on a router. In retrospect, it was kind of dumb for Cisco to have different syntax for a router vs a switch.

You might want to check out the network lesson on QoS Marking to get started. There are quite a few network lessons on QoS here. Just make sure you look for ones that talk about routers and not switches.

Additionally, here are a couple of Cisco links you might find useful:
MLS vs MQC on 3850

MQC Best Practices on a 3850

19 posts were merged into an existing topic: How to configure QoS trust boundary on Cisco Switches

Hi rene/Team

I read somehwere is something caled 1P4Q7S (1 prio queue,4 normal queue…) OR 2P4Q7S …os something like this…what are these ?
and how does it work ?

Thanks

Hi Abhishek,

This tells us the queueing that the interface supports.

You can find some examples here, for the 6500 series:

For example:

1p3q4t

Means there is one priority queue, three normal queues and four drop thresholds per queue.

Rene

Thanks Rene,

I ended up getting this done. I did not realize on my first touching of QoS that MQC and MLS was two different ways of approaching the same and just a difference in switch model and moving form old to new. I found that out later and it was like a aaaaaahhhhhhh! moment.

I appreciate you replying. I got the cisco setup with MQC and every sense the phones are working much better. we use brocade for our access switches and we got most of those setup.

I do have a problem now on the brocade using the lldp med policy command.

on our branch office brocade switches in Denmark they did not separate the voice and data its all on the same vlan and they insist on leaving it that way since its under 50 people even after I tried to push for creating a new VLAN for voice.

So the VLAN is untagged.

from the documentation

Here the full document:

we found the following command:

For untagged traffic

Syntax:[no] lldp med network-policy application application type untagged dscp 0-63 ports ethernet port-list | all

however if you look at it there is nothing listed for layer two prioritization now as a studious but inexperienced network Engineer jumping into QoS related topics can be a little tough.

on Tagged traffic it was not a problem because the tagged command had the priority on it:

For tagged traffic
Syntax: [no] lldp med network-policy application application type taggedvlan vlan ID priority 0-7
dscp 0-63 ports ethernet port-list | all

I opened a ticket with Brocade support but just stick to the guide and do not have an answer so I have requested the question go to a brocade design engineer since they don’t know.

Anyway to me if the untagged lldp med policy command does not effect layer 2 which is what this switch is doing and what the priority porition does then its a waste to add it.

not sure if you would happen to know anything on this lol ;0) if not Its cool but if you had an idea that’s very cool.

sorry Dordrecht not Denmark I guess that’s in the Netherlands. Now that I am doing networking I will be taking my first trip out of the USA and I will have to travel to all these branch offices all over Europe. Norway, France, Itally, Netherlands and more so that’s going to be a big experience to me as well as I basically was just a country boy from the US that’s never really been anywhere lol. My world geography knowledge is crappy I am going to have to get better at it.

19 posts were merged into an existing topic: How to configure QoS trust boundary on Cisco Switches

Hi Brian,

MQC is much easier to configure than MLS. It’s a good thing Cisco is moving towards MQC and getting rid of MLS…

About your branch office, they are probably scared that making changes is going to break some things? :slight_smile: If it’s all in the same VLAN, then there is no way that you can differentiate your traffic on L2…it’s all the same.

You could however differentiate based on L3 information. You could tag all RTP traffic for example, or do this based on the port numbers. Your IP phones are probably also tagging the DSCP field in your IP packets.

If not, you can still do this on a switch or on the router. You can then configure a priority queue for all L3 tagged IP packets.

Visiting all these european countries sounds pretty cool. There’s a lot to see here and each country is very different! Have fun :slight_smile: