53-10
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 53 Using Automatic QoS
Using the Automatic QoS Macro on the Switch
Port-Specific Automatic QoS Settings—ciscosoftphone
On the ports that connect to a Cisco SoftPhone, the QoS settings must be configured to trust the Layer 3
markings of the traffic that enters the port. Trusting all Layer 3 markings is a security risk because the
PC users could send the nonpriority traffic with DSCP 46 and gain unauthorized performance benefits.
Policing on all inbound traffic prevents the malicious users from obtaining unauthorized bandwidth from
the network. Policing is accomplished by rate limiting the DSCP 46 (EF) inbound traffic to the codec
rate that is used by the Cisco SoftPhone application (worst case G.722). Any traffic that exceeds this rate
is marked down to the default traffic rate (DSCP 0 - BE). Signaling traffic (DSCP 24) is also policed and
marked down to zero if excess signaling traffic is detected. All the other inbound traffic types are
reclassified to default traffic (DSCP 0 – BE).
Caution You must disable trusted boundary for the Cisco SoftPhone ports.
Table 53-8 lists the port-specific settings that are implemented after executing the automatic QoS voip
ciscosoftphone macro on a port. See the “Port-Specific Automatic QoS—voip ciscosoftphone” section
on page 53-22 for detailed configuration examples.
Table 53-7 Port-Specific Settings for Voice (ciscoipphone Keyword)
Item Value
Interface type Port-based
Policy source—config Local
Policy source—runtime Local (as per default)
Trust type—config Trust-cos
Trust type—runtime Trust-cos
Default CoS—config 0 (as per default)
Default CoS—runtime 0 (as per default)
Trust-device Ciscoipphone
QoS ACL attached to port trust-cos any (if 1q4t/2q2t port, otherwise none)
QoS ACL name ACL_IP-PHONES (if 1q4t/2q2t port, otherwise
none)
1,
2, 3
1. Only the IP QoS ACLs are applied (not IPX).
2. If the ACL_IP-PHONES name is already in use, the name ACL_IP-PHONESx, where x is a value from 1 to 99, will be tried
sequentially. If all these names are taken, a syslog message displays.
3. ACL_IP-PHONES acl will not be created on WS-X6148-RJ-45 and WS-X6148-RJ-21 modules.
Trust-ext Untrusted
Cos-ext 0
Table 53-8 Port-Specific Settings for Voice (ciscosoftphone Keyword)
Item Value
Interface type Port-based
Policy source—config Local
Policy source—runtime Local
To Next Page
Loading...
Need help?
General