How to configure QoS trust boundary on Cisco Switches

Jose,
I think the confusion is in regards to the word “tagged” being used in different ways. You are 100% correct that without 802.1Q trunking, there would be nowhere to mark CoS values. In this sense, all frames would be “tagged” meaning each frame has an inserted 802.1Q tag inside.

When the article is talking about “tagged” and “untagged” frames in regards to a CoS value, I think this just another way of saying “marked” and “unmarked” with a particular CoS value. So, for example, in the following sentence

In the example above I will set a CoS value of 4 to all untagged frames. Any frame that is already tagged will not be remarked with this command.

I interpret this to mean “any frame received that already has a CoS value defined this will be honored, while any frame received that has no CoS value defined, will be marked as 4.”

Hi Andrew
Great reply, simple and to the point. Your site won a client just for this, this type of reply gives the confidence that I am in the right place.
Cheers

Jose,
Great to hear–we are thrilled to have you aboard! I hope you will learn a lot.

--Andrew

hi Rene,

I am half way thru the article and saw term called CoS. i didn’t see it in prev. articles , is it just another name for QoS ?

and what is the meaning of “cos-to-dscp map” ?

By default your switch will overwrite the DSCP value of the packet inside your frame according to the “cos-to-dscp map”.

thanks

Hi Abhishek,

We have L2 and L3 marking. Here’s the explanation of L3 markings where we explain DSCP and IP Precedence:

DSCP / IP Precedence explained

L2 markings are used on trunks, take a look at this picture:

802.1Q739×283

CoS means “Class of Service” and it’s the L2 marking that we use on trunk links. Don’t mix it up with QoS

The switch is able to rewrite the DSCP value in the IP packet based on the L2 marking of the frame. It does so according to the cos-to-dscp map.

Rene

I have a question in regards to the topic.

“If the port is an access port or Layer 3 port, you need to configure the mls qos trust dscp command. You cannot use the mls qos trust cos command because the frame from the access port or Layer 3 port does not contain dot1q or ISL tag. CoS bits are present in the dot1q or ISL frame only.”

" If the port is trunk port, you can configure either the mls qos trust cos or mls qos trust dscp command. The dscp-cos map table is used to calculate the CoS value if the port is configured to trust DSCP. Similarly, the cos-dscp map table is used to calculate the DSCP value if the port is configured to trust CoS."

Could you please share your thoughts on this ?

Hi Tatyana,

There are two types of marking: we can mark L2 Ethernet frames or L3 IP packets.

Marking L2 Ethernet frames is only possible on 802.1Q or ISL trunk links since a “regular” Ethernet frame doesn’t have a field to specify the marking. Take a look at the picture right above your question, it shows the 802.1Q frame with the tag that has the priority field.

Interfaces in access mode and L3 interfaces don’t use 802.1Q so we can’t mark L2 frames. In this case, we can use the marking on IP packets though.

On trunk interfaces, you can choose if you want to use the L2 marking in the 802.1Q frame or the L3 marking in the IP packets.

Hope this helps!

Rene

Hi Rene,

What if we have an Avaya phone system. How will the trusting occur when using the mls qos trust device “cisco-phone” on a port connected to an Avaya phone? I assume CDP will determine that it is not a cisco phone but what would be the QOS design for an Avaya deployment using cisco switches?

Hi Rohini,

For any non-Cisco phones, you can use mls qos trust cos to use the CoS marking that the phone sends.

You also might want to look at LLDP, it’s an alternative to CDP which is supported by a couple of vendors.

Rene

Hi Rene,

New to the website which I find very helpful.

We are currently running cisco 3850 switches and trying to apply the mls qos but it appears that mls is not supported on that model. Would you know what commands are needed to apply mls on a 3850?

Steve

Steve,
MLS QOS is an older platform method of QOS implementation. In your case, your 3850 switch is much newer, and uses the “modular quality of service command line interface (MQC)” architecture instead of the MLS one.

This basically means that implementing QoS on your newer switch is pretty much just like implementing QoS on a router. In retrospect, it was kind of dumb for Cisco to have different syntax for a router vs a switch.

You might want to check out the network lesson on QoS Marking to get started. There are quite a few network lessons on QoS here. Just make sure you look for ones that talk about routers and not switches.

Additionally, here are a couple of Cisco links you might find useful:
MLS vs MQC on 3850

MQC Best Practices on a 3850

I am a bit confused. I have the following switch:

DataCenterSwitch#show version
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Version 15.0(2)SG2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport

ROM: 12.2(44r)SG11
Hobgoblin Revision 21, Fortooine Revision 1.32

DataCenterSwitch uptime is 1 year, 43 weeks, 5 days, 3 hours, 58 minutes
System returned to ROM by power-on
System image file is "bootflash:cat4500e-entservices-mz.150-2.SG2.bin"

cisco WS-C4948E-F (MPC8548) processor (revision 8) with 1048576K bytes of memory.
Processor board ID CAT1707S0CD
MPC8548 CPU at 1GHz, Cisco Catalyst 4948E-F
Last reset from PowerUp
3 Virtual Ethernet interfaces
48 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2101

when I use the following command:

DataCenterSwitch(config)#mls ?
% Unrecognized command

it does not recognize it.

However, it does recognize the following:

DataCenterSwitch(config)#qos ?
Global QoS configuration subcommands:
  account          Additional lengths to be accounted by QoS Features
  control-packets  Enable QoS on control packets
  preserve         Preserve packet header bits

DataCenterSwitch(config)#qos

DataCenterSwitch(config-if)#qos ?
  trust  Trust related configuration of the interface

So I am just kind of confused on how to approach this. this is an actual datacenter switch that connects to an MPLS circuit and we are having issues with our VOIP traffic. We want to put QOS on this which I have never looked at before. Probably way above where I am at only just having passed my CCNA however I started looking for information on configuring QOS and found this on the site.

The problem is QoS seems to be very complex. However, I understand the concept of whats going on in this post but then ran into the issue that the switch did not work the same as the commands are different.

We have consultants and will make use of them but I would like to be able to understand Qos some even if not enough to design it or fully implement it maybe enough to work with the consultant and learn the basics.

Is there a book do I study these web pages why is it different and seem to be in different areas like here its under Qos and in global and the interface configuration rather than like the switch shown in the examples.

I need a way to approach learning this so I have an idea of whats going on. I am studying for my CCNP under my classical training but I am only just about to finish up the EIGRP portion and then move into the OSPF and so nothing I am learning so far in my CCNP studies helps alot with this.

Thanks!

Hi Rene/ Andrew,

I have Cisco 7600 router, i try to mark the incoming traffic with DSCP63, the packet looks mark with DSCp63 when show policy map interface.

But when the traffic forward out the port with policy map, i match the ip with dscp 63, seem it can’t match anything.

Can you please advise.

Thanks

Davis

Davis,
Start by checking to see whether each side is working as you think.

1. Can you capture some of the traffic after it has been marked, and examine via Wireshark? This will tell you whether your marking is working as expected.
2. Try generating traffic marked as DSCP 63 (you can do this by just typing “ping” and choosing some advanced settings via the CLI), and send this traffic through your policy-map. This will allow you to see whether your policy-map is actually acting upon this type of traffic.

By the way, DSCP 63? While this is possible, I have never seen somebody do it. Essentially, you are trying to mark this as higher priority than even spanning-tree would be! This is generally not recommended, because unless you police the heck out of it, a larger volume of this type of traffic could cripple your network.

Hi Brian,

Your 4948E has a different QoS model than the 2960 / 3560 / 3750 switches that this lesson was based on. Your best option is to use the Cisco configuration guides.

Here’s the direct link for the 4948E IOS 15.0(2) configuration guide. If you browse around a bit, you’ll find the QoS section.

These switches don’t use the (older) mls commands but use the MQC to configure QoS.

Rene

Hi Rene,

with respect to above example where we are trusting only at DISTRIBUTION Layer, i have 3 basic doubts, can you please explain them : -

1. When IP phone is does marking --> so will it be a cos based marking or dscp based and why?
2. When a frame is generated at IP Phone and put up in packet for further travel : where does COS and DSCP fits in ?
3. as you said : if Access switch is managed by someone else and they configure “mls qos” - so is it correct that cos/dscp values will be lost by the time it reaches
   to distribute layer and we wont have anything to trust ?

Thanks in advace

Hi,
the command mls qos does not working on 3850
Thnaks

Sims,
If you read through the forum comments about 4 or 5 above yours, this question has already been asked and answered (the actual links referenced below are in the original answer):

MLS QOS is an older platform method of QOS implementation. In your case, your 3850 switch is much newer, and uses the “modular quality of service command line interface (MQC)” architecture instead of the MLS one.

This basically means that implementing QoS on your newer switch is pretty much just like implementing QoS on a router. In retrospect, it was kind of dumb for Cisco to have different syntax for a router vs a switch.

You might want to check out the network lesson on QoS Marking to get started. There are quite a few network lessons on QoS here. Just make sure you look for ones that talk about routers and not switches.

Additionally, here are a couple of Cisco links you might find useful:
MLS vs MQC on 3850

MQC Best Practices on a 3850

19 posts were merged into an existing topic: How to configure QoS trust boundary on Cisco Switches

Hi rene/Team

I read somehwere is something caled 1P4Q7S (1 prio queue,4 normal queue…) OR 2P4Q7S …os something like this…what are these ?
and how does it work ?

Thanks