29-32
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
Chapter 29 Configuring QoS
Configuring Standard QoS
Configuring a Trusted Boundary to Ensure Port Security
In a typical network, you connect a Cisco IP phone to a switch port as shown in Figure 29-9 on
page 29-29. Traffic sent from the telephone to the switch is typically marked with a tag that uses the
802.1Q header. The header contains the VLAN information and the class of service (CoS) 3-bit field,
which determines the priority of the packet. For most Cisco IP phone configurations, the traffic sent from
the telephone to the switch is trusted to ensure that voice traffic is properly prioritized over other types
of traffic in the network. By using the mls qos trust cos interface configuration command, you can
configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received
on that port.
In some situations, you also might connect a PC or workstation to the IP phone. In this case, you can use
the switchport priority extend cos interface configuration command to configure the telephone through
the switch CLI to override the priority of the traffic received from the PC. With this command, you can
prevent a PC from taking advantage of a high-priority data queue.
However, if a user bypasses the telephone and connects the PC directly to the switch, the CoS labels
generated by the PC are trusted by the switch (because of the trusted CoS setting) and can allow misuse
of high-priority queues. The trusted boundary feature solves this problem by using the CDP to detect the
presence of a Cisco IP phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port.
If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch
port and prevents misuse of a high-priority queue.
Beginning in privileged EXEC mode, follow these steps to enable trusted boundary on a port:
To disable the trusted boundary feature, use the no mls qos trust device interface configuration
command.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
mls qos Enable QoS globally.
Step 3
cdp run Enable CDP globally. By default, CDP is enabled.
Step 4
interface interface-id Enter interface configuration mode, and specify the interface connected to
the IP phone.
Valid interfaces include physical interfaces.
Step 5
cdp enable Enable CDP on the interface. By default, CDP is enabled.
Step 6
mls qos trust cos Configure the interface to trust the CoS value in received traffic. By default,
the port is not trusted.
Step 7
mls qos trust device cisco-phone Specify that the Cisco IP phone is a trusted device.
You cannot enable both trusted boundary and auto-QoS (auto qos voip
interface configuration command) at the same time; they are mutually
exclusive.
Step 8
end Return to privileged EXEC mode.
Step 9
show mls qos interface Verify your entries.
Step 10
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page
Loading...
Need help?
General
