Thursday, July 9, 2009

QoS settings for ATA 186

Hi all,
Playing with Qos on switches today, I've found a small configuration mistake with ATA 186 ports.

This is the config I've found:
interface FastEthernet0/10
description ATA 186
switchport access vlan 4
switchport mode access
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
spanning-tree portfast
end


Well, we must recall that ATA 186 it's NOT a cisco-phone, so with this settings, the port will result in untrusted mode. In addition, the port is in access mode, so there's no COS, because cos is a L2 marking sent only on trunk ports.

3560#sh cdp neighbors | inc 0/10
SEP00070E36E2C0 Fas 0/10 175 H ATA 186 Port 1

3560#sh mls qos int fa 0/10
FastEthernet0/10
trust state: not trusted
trust mode: trust cos
trust enabled flag: dis
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
qos mode: port-based


I've read the "QoS recommendations" for ATA 186 on http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/endpts.html#wp1063240

The final configuration for ATA 186 will be:
interface FastEthernet0/10
description Voip ATA 186
switchport access vlan 4
switchport mode access
priority-queue out
mls qos trust dscp
spanning-tree portfast
end


and the port will be in trust state, traffic will be prioritized according to the rest of qos configs.
3560#sh mls qos int fa 0/10
FastEthernet0/10
trust state: trust dscp
trust mode: trust dscp
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based


... let's return telnetting around ;-)

5 comments:

YY said...

Hi Marco,

I am studying my QoS Exam, i am a bit confused in the above scenario.

Provided the attached phone is Cisco IP Phone instead of ATA 186, and a PC is connected to the IP Phone, the Switch configuration still remained unchanged:

mls qos trust device cisco-phone
mls qos trust cos

Will it trust the PC and IP Phone at the same time?

Marco Rizzi said...

Hi YY,
nice to hear from you again!
Interesting question, the scenario is a little more complex when a cisco ip phone with attached pc is involved.
In short, the two mls qos trust commands you have entered are logically "AND" threated.
So you switchport will be in a trust state only if a cisco-phone is detected via cdp and the trusted value will be cos.

Obviuosly you will need an auxiliary vlan configured, with the switchport voice vlan nn or your port have to be a trunk.

A good reference is the book "Cisco QoS exam certification guide", Odom - Cavanaugh, Cisco Press (http://www.ciscopress.com/bookstore/product.asp?isbn=1587201240 ), Chapter 9 is "Lan QoS".

have fun with QoS!
Marco

YY said...

Hi Marco,

Thanks for the explanation. :)
I read through the page 535 from Cisco QoS exam certification guide", Odom - Cavanaugh, Cisco Press.

May I know what is the difference between applying:
-mls qos trust device cisco-phone
-mls qos trust cos

and

applying ONLY:

-mls qos trust device cisco-phone

Thanks.

Marco Rizzi said...

Hi YY,
sorry for delay, let me try to better clarify those two commands with some examples:

1) you configure only "mls qos trust cos" on a switchport. That will put the port in "trust" state, and the trusted marking value is cos. No matter what device is attached on the port (non cisco ip phones for example....)

2) you configure both "mls qos trust cos" and "mls qos trust device cisco-phone" on a switchport. The switchport will be in "trust" state only if a cisco phone is detected via cdp and the trusted value is cos. (no surprise here :-)

3) you configure only "mls qos trust device cisco-phone" on a switchport. The switchport will use the default trust mode, that is "UNTRUSTED". If a cisco ip phone is detected, doesn't matter, the trust state will remain "UNTRUSTED" and the cos overwritten to 0.
So this command alone is not enough to define a trust boundary.

hth
Marco

YY said...

Thanks Marco,

It is really enlightening!
I just passed 642-642 QoS Exam this morning with score 988/1000. :)