Configuring a Trust Boundary
Configuring a Trust Boundary
When a Cisco IP Phone is connected to a switch port, think of the phone as another switch (which
it is). If you install the phone as a part of your network, you probably can trust the QoS information
relayed by the phone.
However, remember that the phone also has two sources of data:
■ The VoIP packets native to the phone—The phone can control precisely what QoS
information is included in the voice packets because it produces those packets.
■ The user PC data switch port—Packets from the PC data port are generated elsewhere, so
the QoS information cannot necessarily be trusted to be correct or fair.
A switch instructs an attached IP Phone through CDP messages on how it should extend QoS trust to
its own user data switch port. To configure the trust extension, use the following configuration steps:
Step 1 Enable QoS on the switch:
Switch(config)# mls qos
By default, QoS is disabled globally on a switch and all QoS information is
allowed to pass from one switch port to another. When you enable QoS, all
switch ports are configured as untrusted, by default.
Step 2 Define the QoS parameter that will be trusted:
Switch(config)# interface type mod/num
Switch(config-if)# mls qos trust {cos | ip-precedence | dscp}
You can choose to trust the CoS, IP precedence, or DSCP values of incoming
packets on the switch port. Only one of these parameters can be selected.
Generally, for Cisco IP Phones, you should use the cos keyword because the
phone can control the CoS values on its two-VLAN trunk with the switch.
Step 3 Make the trust conditional:
Switch(config-if)# mls qos trust device cisco-phone
You also can make the QoS trust conditional if a Cisco IP Phone is present.
If this command is used, the QoS parameter defined in step 2 is trusted only
if a Cisco phone is detected through CDP. If a phone is not detected, the
QoS parameter is not trusted.
Step 4 Instruct the IP Phone on how to extend the trust boundary:
Switch(config-if)# switchport priority extend {cos value | trust}
Normally, the QoS information from a PC connected to an IP Phone should
not be trusted. This is because the PC’s applications might try to spoof CoS
or Differentiated Services Code Point (DSCP) settings to gain premium
DiffServ QoS 375
network service. In this case, use the cos keyword so that the CoS bits are
overwritten to value by the IP Phone as packets are forwarded to the switch.
If CoS values from the PC cannot be trusted, they should be overwritten to
a value of 0.
In some cases, the PC might be running trusted applications that are
allowed to request specific QoS or levels of service. Here, the IP Phone can
extend complete QoS trust to the PC, allowing the CoS bits to be forwarded
through the phone unmodified. This is done with the trust keyword.
By default, a switch instructs an attached IP Phone to consider the PC port
as untrusted. The phone will overwrite the CoS values to 0.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
Related searches
- michigan school district boundary map
- pennsylvania school district boundary map
- columbus city schools boundary map
- washington school district boundary map
- independence school district boundary map
- trust in a relationship definition
- westerville city schools boundary map
- baltimore county school boundary map
- ohio school district boundary map
- how a trust account works
- what is a trust fund
- how to rebuild trust in a relationship