[cisco-voip] Easy QoS question - trust boundary

Peter Slow peter.slow at gmail.com
Fri Jan 29 12:20:42 EST 2010


...You could also just use an access list that only matched on
precedence on whatever interface you'd like.

Long story short though, your router is never going to change DSCP
markings without you configuring a policy map  that tells it to do so.
(yes, if you set up a policy map that tells it to do X based on
precedence, it will "trust" whatever precedence it received on the
packet.)

best practice states that you should be marking and setting CoS/DSCP
values at your network edge, so all those trust commands are on the
switches. (i do recognize that sometimes the edge is a router, but
we're focusing on endpoints =)

-Peter


On Fri, Jan 29, 2010 at 9:45 AM, Ed Leatherman <ealeatherman at gmail.com> wrote:
> Good idea Rob. I just ran that - odd thing is my packets start out at
> tos 184 (EF) and end up 96 CS3.. i think maybe our service provide is
> remarking them. Good to know :)
>
> On Thu, Jan 28, 2010 at 3:17 PM, Leetun, Rob <rleetun at bouldercounty.org> wrote:
>> Hi Ed,
>>
>> Here is a test that will let you know if QoS is being passed through.
>>
>> Capture the traffic of a phone call that goes through that router.
>>
>> Also check to see if DSCP markings make it through with the following
>> command.
>>
>> ip sla monitor 333
>>  type udpEcho dest-ipaddr 192.168.1.1 dest-port 1967 source-ipaddr
>> 192.168.253.1  tos 184  frequency 10
>>
>> ip sla monitor schedule 333 life 30 start-time now
>>
>> The above command will send a few packets to 1.1 and the DSCP will be
>> set to EF.
>>
>> Watch the packets in Wireshark and examine the DSCP.
>>
>>
>> Rob
>>
>> Robert Leetun
>> Network Engineer
>> Boulder County Information Technology
>> 2025 14th Street
>> Boulder, CO 80302
>> 303 441-3866 (W)
>> 303 441-3983 (F)
>> rleetun at bouldercounty.org
>>
>>
>> -----Original Message-----
>> From: cisco-voip-bounces at puck.nether.net
>> [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ed Leatherman
>> Sent: Thursday, January 28, 2010 12:44 PM
>> To: Cisco VOIP
>> Subject: [cisco-voip] Easy QoS question - trust boundary
>>
>> I'm sure this is an elementary question for many.
>>
>> We're reviewing (and correcting) our qos settings and right now i'm
>> looking at trust boundaries. We're doing our packet marking on the
>> edges (usually at the IP Phone or access port), so our internal
>> connections all trust. My question is when I get to our 7206VXR that
>> handles WAN connections, I don't have an "mls qos trust" command
>> available on the interfaces. Do these interfaces then implicitly trust
>> QoS markings on incoming packets, or do I need to setup some maps to
>> mark them again?
>> Most of the other devices on our network are catalyst switches so i'm
>> unfamiliar with this platform.. reading thru the srnd on qos has some
>> configurations with class-maps but I didnt see anywhere where it
>> talked about setting up or not setting up trust.
>>
>> Thanks!
>>
>> --
>> Ed Leatherman
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
>
>
> --
> Ed Leatherman
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>


More information about the cisco-voip mailing list