Catalyst 3750-E and 3560-E Switch Cisco IOS ... - DNIP . NET

More documents

Recommendations

Info

mls qos trustChapter 2Catalyst 3750-E and 3560-E Switch Cisco IOS Commandsmls qos trustUse the mls qos trust interface configuration command on the switch stack or on a standalone switch toconfigure the port trust state. Ingress traffic can be trusted, and classification is performed by examiningthe packet Differentiated Services Code Point (DSCP), class of service (CoS), or IP-precedence field.Use the no form of this command to return a port to its untrusted state.mls qos trust [cos | device cisco-phone | dscp | ip-precedence]no mls qos trust [cos | device | dscp | ip-precedence]Syntax Descriptioncosdevice cisco-phonedscpip-precedence(Optional) Classify an ingress packet by using the packet CoS value. For anuntagged packet, use the port default CoS value.(Optional) Classify an ingress packet by trusting the CoS or DSCP value sentfrom the Cisco IP Phone (trusted boundary), depending on the trust setting.(Optional) Classify an ingress packet by using the packet DSCP value (mostsignificant 6 bits of 8-bit service-type field). For a non-IP packet, the packetCoS is used if the packet is tagged. For an untagged packet, the default portCoS value is used.(Optional) Classify an ingress packet by using the packet IP-precedence value(most significant 3 bits of 8-bit service-type field). For a non-IP packet, thepacket CoS is used if the packet is tagged. For an untagged packet, the portdefault CoS value is used.DefaultsThe port is not trusted. If no keyword is specified when you enter the command, the default is dscp.Command ModesInterface configurationCommand HistoryRelease12.2(35)SE2ModificationThis command was introduced.Usage GuidelinesPackets entering a quality of service (QoS) domain are classified at the edge of the domain. When thepackets are classified at the edge, the switch port within the QoS domain can be configured to one of thetrusted states because there is no need to classify the packets at every switch within the domain. Use thiscommand to specify whether the port is trusted and which fields of the packet to use to classify traffic.When a port is configured with trust DSCP or trust IP precedence and the incoming packet is a non-IPpacket, the CoS-to-DSCP map is used to derive the corresponding DSCP value from the CoS value. TheCoS can be the packet CoS for trunk ports or the port default CoS for nontrunk ports.If the DSCP is trusted, the DSCP field of the IP packet is not modified. However, it is still possible thatthe CoS value of the packet is modified (according to DSCP-to-CoS map).If the CoS is trusted, the CoS field of the packet is not modified, but the DSCP can be modified(according to CoS-to-DSCP map) if the packet is an IP packet.2-386Catalyst 3750-E and 3560-E Switch Command ReferenceOL-9776-08
Chapter 2Catalyst 3750-E and 3560-E Switch Cisco IOS Commandsmls qos trustThe trusted boundary feature prevents security problems if users disconnect their PCs from networkedCisco IP Phones and connect them to the switch port to take advantage of trusted CoS or DSCP settings.You must globally enable the Cisco Discovery Protocol (CDP) on the switch and on the port connectedto the IP phone. If the telephone is not detected, trusted boundary disables the trusted setting on theswitch or routed port and prevents misuse of a high-priority queue.If you configure the trust setting for DSCP or IP precedence, the DSCP or IP precedence values in theincoming packets are trusted. If you configure the mls qos cos override interface configurationcommand on the switch port connected to the IP phone, the switch overrides the CoS of the incomingvoice and data packets and assigns the default CoS value to them.For an inter-QoS domain boundary, you can configure the port to the DSCP-trusted state and apply theDSCP-to-DSCP-mutation map if the DSCP values are different between the QoS domains.Classification using a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and apolicy map (for example, service-policy input policy-map-name) are mutually exclusive. The last oneconfigured overwrites the previous configuration.NoteCisco IOS Release 12.2(46)SE and later. the switch supports IPv6 port-based trust with the dual IPv4and IPv6 Switch Database Management (SDM) templates. You must reload the switch with the dual IPv4and IPv6 templates for switches running IPv6.Related CommandsThis example shows how to configure a port to trust the IP precedence field in the incoming packet:Switch(config)# interface gigabitethernet2/0/1Switch(config-if)# mls qos trust ip-precedenceThis example shows how to specify that the Cisco IP Phone connected on a port is a trusted device:Switch(config)# interface gigabitethernet2/0/1Switch(config-if)# mls qos trust device cisco-phoneYou can verify your settings by entering the show mls qos interface privileged EXEC command.Related Commands Command Descriptionmls qos cosDefines the default CoS value of a port or assigns the default CoS to allincoming packets on the port.mls qos dscp-mutation Applies a DSCP-to DSCP-mutation map to a DSCP-trusted port.mls qos mapDefines the CoS-to-DSCP map, DSCP-to-CoS map, theDSCP-to-DSCP-mutation map, the IP-precedence-to-DSCP map, and thepoliced-DSCP map.show mls qos interface Displays QoS information.OL-9776-08Catalyst 3750-E and 3560-E Switch Command Reference2-387
Page 1 and 2:
CHAPTER2Catalyst 3750-E and 3560-E
Page 3 and 4:
Chapter 2Catalyst 3750-E and 3560-E
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 156 and 157:
dot1x critical (global configuratio
Page 158 and 159:
dot1x critical (interface configura
Page 160 and 161:
dot1x fallbackChapter 2Catalyst 375
Page 162 and 163:
dot1x guest-vlanChapter 2Catalyst 3
Page 164 and 165:
dot1x initializeChapter 2Catalyst 3
Page 166 and 167:
dot1x mac-auth-bypassChapter 2Catal
Page 168 and 169:
dot1x max-reauth-reqChapter 2Cataly
Page 170 and 171:
dot1x paeChapter 2Catalyst 3750-E a
Page 172 and 173:
dot1x port-controlChapter 2Catalyst
Page 174 and 175:
dot1x reauthenticationChapter 2Cata
Page 176 and 177:
dot1x test eapol-capableChapter 2Ca
Page 178 and 179:
dot1x timeoutChapter 2Catalyst 3750
Page 180 and 181:
dot1x timeoutChapter 2Catalyst 3750
Page 182 and 183:
duplexChapter 2Catalyst 3750-E and
Page 184 and 185:
epm access-controlChapter 2Catalyst
Page 186 and 187:
errdisable detect causeChapter 2Cat
Page 188 and 189:
errdisable detect cause small-frame
Page 190 and 191:
errdisable recoveryChapter 2Catalys
Page 192 and 193:
errdisable recoveryChapter 2Catalys
Page 194 and 195:
exception crashinfoChapter 2Catalys
Page 196 and 197:
fallback profileChapter 2Catalyst 3
Page 198 and 199:
flowcontrolChapter 2Catalyst 3750-E
Page 200 and 201:
hw-moduleChapter 2Catalyst 3750-E a
Page 202 and 203:
interface port-channelChapter 2Cata
Page 204 and 205:
interface rangeChapter 2Catalyst 37
Page 206 and 207:
interface vlanChapter 2Catalyst 375
Page 208 and 209:
ip access-groupChapter 2Catalyst 37
Page 210 and 211:
ip addressChapter 2Catalyst 3750-E
Page 212 and 213:
ip admissionChapter 2Catalyst 3750-
Page 214 and 215:
ip admission name proxy httpChapter
Page 216 and 217:
ip arp inspection filter vlanChapte
Page 218 and 219:
ip arp inspection limitChapter 2Cat
Page 220 and 221:
ip arp inspection log-bufferChapter
Page 222 and 223:
ip arp inspection trustChapter 2Cat
Page 224 and 225:
ip arp inspection validateChapter 2
Page 226 and 227:
ip arp inspection vlan loggingChapt
Page 228 and 229:
ip device trackingChapter 2Catalyst
Page 230 and 231:
ip device tracking probeChapter 2Ca
Page 232 and 233:
ip dhcp snoopingChapter 2Catalyst 3
Page 234 and 235:
ip dhcp snooping bindingChapter 2Ca
Page 236 and 237:
ip dhcp snooping databaseChapter 2C
Page 238 and 239:
ip dhcp snooping information option
Page 240 and 241:
ip dhcp snooping information option
Page 242 and 243:
ip dhcp snooping limit rateChapter
Page 244 and 245:
ip dhcp snooping verifyChapter 2Cat
Page 246 and 247:
ip dhcp snooping vlan information o
Page 248 and 249:
ip igmp filterChapter 2Catalyst 375
Page 250 and 251:
ip igmp max-groupsChapter 2Catalyst
Page 252 and 253:
ip igmp profileChapter 2Catalyst 37
Page 254 and 255:
ip igmp snoopingChapter 2Catalyst 3
Page 256 and 257:
ip igmp snooping last-member-query-
Page 258 and 259:
ip igmp snooping querierChapter 2Ca
Page 260 and 261:
ip igmp snooping report-suppression
Page 262 and 263:
ip igmp snooping tcnChapter 2Cataly
Page 264 and 265:
ip igmp snooping tcn floodChapter 2
Page 266 and 267:
ip igmp snooping vlan mrouterChapte
Page 268 and 269:
ip igmp snooping vlan staticChapter
Page 270 and 271:
ip snap forwardingChapter 2Catalyst
Page 272 and 273:
ip source bindingChapter 2Catalyst
Page 274 and 275:
ip sshChapter 2Catalyst 3750-E and
Page 276 and 277:
ip sticky-arp (global configuration
Page 278 and 279:
ip sticky-arp (interface configurat
Page 280 and 281:
ip verify sourceChapter 2Catalyst 3
Page 282 and 283:
ipv6 access-listChapter 2Catalyst 3
Page 284 and 285:
ipv6 address dhcpChapter 2Catalyst
Page 286 and 287:
ipv6 dhcp ping packetsChapter 2Cata
Page 288 and 289:
ipv6 dhcp poolChapter 2Catalyst 375
Page 290 and 291:
ipv6 dhcp poolChapter 2Catalyst 375
Page 292 and 293:
ipv6 dhcp serverChapter 2Catalyst 3
Page 294 and 295:
ipv6 mld snoopingChapter 2Catalyst
Page 296 and 297:
ipv6 mld snooping last-listener-que
Page 298 and 299:
ipv6 mld snooping last-listener-que
Page 300 and 301:
ipv6 mld snooping robustness-variab
Page 302 and 303:
ipv6 mld snooping tcnChapter 2Catal
Page 304 and 305:
ipv6 mld snooping vlanChapter 2Cata
Page 306 and 307:
ipv6 traffic-filterChapter 2Catalys
Page 308 and 309:
l2protocol-tunnelChapter 2Catalyst
Page 310 and 311:
l2protocol-tunnelChapter 2Catalyst
Page 312 and 313:
lacp port-priorityChapter 2Catalyst
Page 314 and 315:
lacp system-priorityChapter 2Cataly
Page 316 and 317:
license bootChapter 2Catalyst 3750-
Page 318 and 319:
link state groupChapter 2Catalyst 3
Page 320 and 321:
link state trackChapter 2Catalyst 3
Page 322 and 323:
location (global configuration)Chap
Page 324 and 325:
location (interface configuration)C
Page 326 and 327:
logging event power-inline-statusCh
Page 328 and 329:
logging fileChapter 2Catalyst 3750-
Page 330 and 331:
mab request format attribute 32Chap
Page 332 and 333:
mac access-groupChapter 2Catalyst 3
Page 334 and 335:
mac access-list extendedChapter 2Ca
Page 336 and 337: mac address-table learning vlanChap
Page 338 and 339: mac address-table move updateChapte
Page 340 and 341: mac address-table notificationChapt
Page 342 and 343: mac address-table staticChapter 2Ca
Page 344 and 345: mac address-table static dropChapte
Page 346 and 347: match (access-map configuration)Cha
Page 348 and 349: match (class-map configuration)Chap
Page 350 and 351: mdix autoChapter 2Catalyst 3750-E a
Page 352 and 353: mls qosChapter 2Catalyst 3750-E and
Page 354 and 355: mls qos aggregate-policerChapter 2C
Page 356 and 357: mls qos cosChapter 2Catalyst 3750-E
Page 358 and 359: mls qos dscp-mutationChapter 2Catal
Page 360 and 361: mls qos mapChapter 2Catalyst 3750-E
Page 362 and 363: mls qos mapChapter 2Catalyst 3750-E
Page 364 and 365: mls qos queue-set output buffersCha
Page 366 and 367: mls qos queue-set output thresholdC
Page 368 and 369: mls qos rewrite ip dscpChapter 2Cat
Page 370 and 371: mls qos srr-queue input bandwidthCh
Page 372 and 373: mls qos srr-queue input buffersChap
Page 374 and 375: mls qos srr-queue input cos-mapChap
Page 376 and 377: mls qos srr-queue input dscp-mapCha
Page 378 and 379: mls qos srr-queue input priority-qu
Page 380 and 381: mls qos srr-queue input thresholdCh
Page 382 and 383: mls qos srr-queue output cos-mapCha
Page 384 and 385: mls qos srr-queue output dscp-mapCh
Page 388 and 389: mls qos vlan-basedChapter 2Catalyst
Page 390 and 391: monitor sessionChapter 2Catalyst 37
Page 396 and 397: mvr (global configuration)Chapter 2
Page 398 and 399: mvr (interface configuration)Chapte
Page 400 and 401: mvr (interface configuration)Chapte
Page 402 and 403: network-policy profile (global conf
Page 404 and 405: network-policy profile (network-pol
Page 406 and 407: nmsp attachment suppressChapter 2Ca
Page 408 and 409: no dot1x syslog verboseChapter 2Cat
Page 410 and 411: nsfChapter 2Catalyst 3750-E and 356
Page 412 and 413: pagp learn-methodChapter 2Catalyst
Page 414 and 415: pagp port-priorityChapter 2Catalyst
Page 416 and 417: permit (ARP access-list configurati
Page 418 and 419: permit (IPv6 access-list configurat
Page 424 and 425: permit (MAC access-list configurati
Page 426 and 427: permit (MAC access-list configurati
Page 428 and 429: policeChapter 2Catalyst 3750-E and
Page 430 and 431: police aggregateChapter 2Catalyst 3
Page 432 and 433: policy-mapChapter 2Catalyst 3750-E
Page 434 and 435: port-channel load-balanceChapter 2C
Page 436 and 437:
power inlineChapter 2Catalyst 3750-
Page 438 and 439:
power inlineChapter 2Catalyst 3750-
Page 440 and 441:
power inline consumptionChapter 2Ca
Page 442 and 443:
power inline policeChapter 2Catalys
Page 444 and 445:
power rpsChapter 2Catalyst 3750-E a
Page 446 and 447:
power supplyChapter 2Catalyst 3750-
Page 448 and 449:
priority-queueChapter 2Catalyst 375
Page 450 and 451:
private-vlanChapter 2Catalyst 3750-
Page 452 and 453:
private-vlanChapter 2Catalyst 3750-
Page 454 and 455:
private-vlan mappingChapter 2Cataly
Page 456 and 457:
adius-server dead-criteriaChapter 2
Page 458 and 459:
adius-server hostChapter 2Catalyst
Page 460 and 461:
commandChapter 2Catalyst 3750-E and
Page 462 and 463:
eloadChapter 2Catalyst 3750-E and 3
Page 464 and 465:
emote commandChapter 2Catalyst 3750
Page 466 and 467:
emote-spanChapter 2Catalyst 3750-E
Page 468 and 469:
enew ip dhcp snooping databaseChapt
Page 470:
eserved-onlyChapter 2Catalyst 3750-
show all

Catalyst 3750-E and 3560-E Switch Cisco IOS ... - DNIP . NET

Create successful ePaper yourself

Delete template?

Save as template?