Using Trusted Ports
A port can be set to trust on ingress for CoS, IPP, or DSCP.
‘mls qos trust cos’
‘mls qos trust ip-precedence’
‘mls qos trust dscp’
using ‘mls qos trust’ will default to trust dscp.
trust cos
If the port receives an ingress Ethernet frame 802.1, as this frame does not have any CoS bits the port applies the ingress port CoS value to the internal DSCP value. The ingress port CoS value is configured using ‘mls qos cos x’
If the port recieved an ingress 802.1q/p frame, the CoS bits in the 801.p bits are used to derive the internal DSCP value.
Both of these mapping use the cos-dscp map.
Deriving Internal DSCP Values from CoS
The internal DSCP values that are derived from a port CoS, IPP use the CoS-DSCP map which can be viewed by using:
'show mls qos maps' Cos-dscp map: cos: 0 1 2 3 4 5 6 7 ---------------------------------- dscp: 0 1 2 3 4 5 6 7
The map can be modified by using the global command ‘mls qos map cos-dscp’ which takes up to 8 DSCP values as arguments, each ones of these maps to a CoS value.
e.g mls qos map cos-dscp 8 16 22 32 35 45 46 47′
which will map DSCP value 8 to CoS 0, this means that a frame arriving or having CoS 0, will have an internal DSCP value of 8 assigned whilst being processed through the switch.
trust ip-precedence
If the port recieves a frame with a valid IP packet with TOS bits, the port will derive a internal DSCP value using a ip-prec-dscp map.
Deriving Internal DSCP Values from ip-precedence
The internal DSCP values that are derived from the IPP value use the ip-prec-dscp map, which can be viewed by using
'show mls qos maps' IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7 ---------------------------------- dscp: 0 1 2 3 4 5 6 7
The map can be modified by using the global command ‘mls qos map ip-prec-dscp’ which takes up to 8 DSCP values as arguments, each ones of these maps to a IPP value.
e.g mls qos map ip-prec-dscp 3 4 2 1 4 5 6 7
which will map IPP value 1 to DSCP 4, this means that a frame arriving with IPP value 1, will have an internal DSCP value of 4 assigned whilst being processed through the switch.
trust dscp
The ‘mls qos trust dscp’ enables the switch to used the DSCP value in a IP packet arriving on the switchport. The DSCP value is then mapped directly to the internal DSCP value. No map is required for this as it is a direct copy.