QoS Overview

With QoS, you can provide preferential treatment to certain types of traffic at the expense of others. You
can differentiate the traffic using QoS labels. The two most commonly used QoS labels in the Layer 3 IP
header are the IP precedence field and the DSCP field. The QoS label in the Layer 2 frame header is called
Class of Service (CoS). Catalyst switch QoS tools can provide the preferential treatment based on either
Layer 3 QoS labels or Layer 2 QoS labels. This document provides various examples that can give you an
idea of the Layer 2 and Layer 3 QoS labels usage in Cisco Catalyst switches.

Cisco Catalyst 3750 Switch without QoS

QoS is disabled by default on the Catalyst 3750 Switches. While QoS is disabled, all frames/packets are
passed-through the switch unaltered. For example, if a frame with CoS 5 and the packet inside the frame
with DSCP EF enters the switch, the CoS and DSCP labels are not changed. The traffic leaves with the
same CoS and DSCP values as it enters. All the traffic, which includes voice, are delivered on the best effort
basis.

Switch#show mls qos

QoS is disabled
QoS ip packet dscp rewrite is enabled

!--- Even though it says QoS ip packet dscp rewrite is enabled,

!--- the switch does not alter the DSCP label on the packets when the QoS is disabled.

1
Cisco Catalyst 3750 Switch QoS Features

After the QoS is enabled on the 3750 Switch, there are few ingress and egress QoS features enabled by
default. This diagram shows the high level view of the QoS architecture of the switch:

This is a summary of points based on the diagram:

 Ingress QoS features such as classification, marking and policing can be configured per port basis.
 Input map tables and ingress queueing can be configured globally. These cannot be configured per
port basis.
 SRR for ingress queue can be configured globally.
 Stack ring bandwidth depends on the stack cabling. If the stack is connected at full bandwidth, you
receive 32Gbps bandwidth. This bandwidth is shared by all the switches in the stack.
 Output map tables and egress queues are configured globally. You can have two sets of queue
configurations and you can apply any one of the queue set configurations to a port.
 SRR for egress queue can be configured on per port basis.

Ingress QoS Features

This section explains the concepts of various possible ingress QoS configurations. This section covers these
topics:

 Default Ingress QoS Configuration

 Classification and Marking
2
  Policing
 Congestion Management and Avoidance

Default Ingress QoS Configuration

This is how the switch treats frames by default after the QoS is enabled:

 A frame enters the switch port and it does not have the frame tagged (it means the port is access port
and the frame enters the switch does not have ISL or dot1q encapsulation).
 The switch encapsulates the frame with the dot1q (ignore ISL because dot1q is the default on all the
new switches).
 Inside the dot1q frame tag, there are three bits called 802.1p priority bits available which are also
called CoS. These bits are set to 0.
 Then, the switch calculates DSCP value based on the CoS-DSCP map table. As per the table, the
switch sets the DSCP value to 0. DSCP value is located at the IP header of the packet.

In summary, the CoS and DSCP values of the frame enter the switch set to 0 by default if the QoS is
enabled on the switch.

Classification and Marking

Unlike the routers, the QoS classification and marking act differently in Cisco Catalyst switches. In Cisco
routers, you can classify the packets using MQC either based on the incoming packet DSCP value or based
on the access control list (ACL). This depends on whether you trust the QoS label of the incoming packet or
not. In the Cisco Catalyst 3750 Switch, you can classify the frames either based on the incoming CoS/DSCP
values or based on the ACL.

The configuration based on the incoming CoS/DSCP value is achieved in three different ways:

 Port based configuration using the mls qos interface based commands
 MQC based configuration using class-map and policy-map
 VLAN based configuration

You can use either one of these three methods. You cannot use more than one method in a port. For
example, you have configured the mls qos trust cos command on a port. When you configure the port with
the service-policy input <policy-map-name> command, it removes the mls qos trust cos command
automatically.

The Classification and Marking - Port Based section explains the port based configuration.

The Classification and Marking - MQC Based section explains the MQC based classification.

Classification and Marking - Port Based

This section explains the classification based on the interface specific configuration. A question can arise
with the section title classification and marking. This is because in the Cisco Catalyst 3750 Switch, CoS or
DSCP values of the frames (packet inside the frame) are remarked using the map tables. Map tables are not
available in Cisco routers. These are available only in the Cisco Catalyst switches. You will see the
functionality of these tables throughout this section.
3
This section discusses these two configurations:

 Classification - Port Trust Configuration

 Marking - QoS Map Tables Configuration

Classification - Port Trust Configuration

An incoming packet or frame can already have a QoS label assigned. These questions can arise:

 Do you trust the QoS label of the incoming packet/frame on a port?

 If an IP phone and PC are connected to a port, do you trust QoS labels of the phone, PC or both?

If you do not trust the QoS labels of the incoming packet/frame, you need to classify the packet based on an
access-list and mark QoS label. If you trust the QoS labels of the incoming packet/frame, another question
is do you need to trust the CoS value or DSCP value of the incoming packet/frame on a port? This depends
on the scenario. You can see the different scenarios with examples in this section.

The port trust configuration options are:

Switch(config-if)#mls qos trust ?

cos cos keyword
device trusted device class
dscp dscp keyword
ip-precedence ip-precedence keyword
<cr>

 Example 1: If the port is an access port or Layer 3 port, you need to configure the mls qos trust
dscp command. You cannot use the mls qos trust cos command because the frame from the access
4
 port or Layer 3 port does not contain dot1q or ISL tag. CoS bits are present in the dot1q or ISL
frame only.
 interface GigabitEthernet1/0/1
 description **** Layer 3 Port ****
 no switchport
 ip address 192.168.10.1 255.255.255.0
 mls qos trust dscp
end
interface GigabitEthernet1/0/2
description **** Access Port ****
switchport access vlan 10
switchport mode access
mls qos trust dscp
end

 Example 2: If the port is trunk port, you can configure either the mls qos trust cos or mls qos trust
dscp command. The dscp-cos map table is used to calculate the CoS value if the port is configured
to trust DSCP. Similarly, the cos-dscp map table is used to calculate the DSCP value if the port is
configured to trust CoS.
 interface GigabitEthernet1/0/3
 description **** Trunk Port ****
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan 5
 switchport trunk allowed vlan 5,10,20,30,40,50
 mls qos trust cos
end
interface GigabitEthernet1/0/12
description **** Cisco IP Phone ****
switchport access vlan 10
switchport mode access
switchport voice vlan 20
mls qos trust cos
spanning-tree portfast
end

!--- The Cisco IP Phone uses IEEE 802.1Q frames for Voice VLAN traffic.

 Example 3: If the port is a dot1q trunk port and the port is configured with the mls qos trust cos
command, native VLAN frames will have CoS and DSCP values as 0. Because native VLAN frames
are untagged and the frame is tagged after it enters the switch, the switch will set the default CoS
value to 0 and the CoS-to-DSCP table sets the DSCP value to 0.

Note: The DSCP value of the packet coming from native VLAN will be reset to 0.

You can also configure the switch port to change the default CoS value of the untagged frames from
0 to any other values between 0-7 using the mls qos cos<0-7> command. This command does not
change the CoS values of the tagged frames.

5
For example, the port GigabitEthernet1/0/12 is configured with access VLAN 10 and voice VLAN
20.

interface GigabitEthernet1/0/12
description **** Cisco IP Phone ****
switchport access vlan 10
switchport mode access
switchport voice vlan 20
mls qos trust cos
spanning-tree portfast

!--- The Cisco IP Phone uses IEEE 802.1Q frames for Voice VLAN traffic.
!--- Voice VLAN is only supported on access ports and not on trunk ports,
!--- even though the configuration is allowed.

end

By default, the PC sends data untagged. Untagged traffic from the device attached to the Cisco IP
Phone passes through the phone unchanged, regardless of the trust state of the access port on the
phone. The phone sends dot1q tagged frames with voice VLAN ID 20. Therefore, if you configure
the port with the mls qos trust cos command, it trusts the CoS values of the frames from the phone
(tagged frames) and sets the CoS value of the frames (untagged) from the PC to 0. After that, the
CoS-DSCP map table sets the DSCP value of the packet inside the frame to 0 because the CoS-
DSCP map table has DSCP value 0 for the CoS value 0. If the packets from the PC have any specific
DSCP value, that value will be reset to 0. If you configure the mls qos cos 3 command on the port, it
sets the CoS value of all the frames from the PC to 3 and does not alter the CoS value of the frames
from the phone.

interface GigabitEthernet1/0/12
description **** Cisco IP Phone ****
switchport access vlan 10
switchport mode access
switchport voice vlan 20
mls qos trust cos
mls qos cos 3
spanning-tree portfast
end

If you configure the port with the mls qos cos 3 override command, it sets the CoS values of all the
frames (both the tagged and untagged) to 3. It overrides the previously configured trust values.

interface GigabitEthernet1/0/12
description **** Cisco IP Phone ****
switchport access vlan 10
switchport mode access
switchport voice vlan 20
mls qos trust cos
mls qos cos 3 override

!--- Overrides the mls qos trust cos.

!--- Applies CoS value 3 on all the incoming packets on both the vlan 10
and 20.

spanning-tree portfast
end
6
 Example 4: For example, take a look at the port gi 1/0/12 configuration:
 interface GigabitEthernet1/0/12
 description **** Cisco IP Phone ****
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 mls qos trust cos
 spanning-tree portfast
end

If the PC tags its frame with the VLAN 20, it also sets the CoS value to 5. The switch processes
tagged data traffic (traffic in IEEE 802.1Q or IEEE 802.1p frame types) from the device attached to
the access port on the Cisco IP Phone. Because the interface is configured to trust the CoS value, all
traffic received through the access port on the Cisco IP Phone passes through the phone unchanged.
The switch also trusts and allows the traffic from the PC, and gives the same priority as the IP phone
traffic. This is not a desirable result you want to see. This can be avoided using the switchport
priority extend cos <cos-value> command.

interface GigabitEthernet1/0/12
description **** Cisco IP Phone ****
switchport access vlan 10
switchport mode access
switchport voice vlan 20
mls qos trust cos
switchport priority extend cos 0

!--- Overrides the CoS value of PC traffic to 0.

spanning-tree portfast
end

The switchport priority extend cos <cos-value> command configures the phone such that the IP
phone changes the CoS value of the PC traffic to 0.

 Example 5: For example, in the same interface, someone connects the PC directly to the switch and
tags the PC data with dot1q frame with a higher CoS value. This can be avoided using the mls qos
trust device cisco-phone command.
 interface GigabitEthernet1/0/12
 description **** Cisco IP Phone ****
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 mls qos trust cos
 switchport priority extend cos 0
 mls qos trust device cisco-phone

 !--- Specify that the Cisco IP Phone is a trusted device.

 spanning-tree portfast
end

7
  Example 6: For example, in the interface GigabitEthernet1/0/12, you have to trust the QoS labels
from the PC. Also, the PC is connected to the native VLAN 10. In this case, the mls qos trust cos
command does not help because the PC packet does not tag the CoS value. It is going to tag only the
DSCP value. Therefore, the switch adds the dot1q frame and configures the default CoS value to 0.
Then, the CoS-DSCP table calculates and resets the DSCP value to 0.

In order to fix this problem, you have two choices. One is to configure classification and marking
using MQC. You can create an ACL to match your PC traffic based on source, destination IP
addresses, and source/destination port numbers. Then, you can match this ACL in class-map. You
can create a policy-map to trust this traffic. This solution is discussed in the next section. This
section discusses the second method. The second method is to trust the DSCP label instead of the
CoS label. Then the DSCP-CoS label calculates and sets the CoS value that corresponds to the
DSCP value.

interface GigabitEthernet1/0/12
description **** Cisco IP Phone ****
switchport access vlan 10
switchport mode access
switchport voice vlan 20
mls qos trust dscp
spanning-tree portfast
end

The first method is the preferred one because it is not recommended to trust all the PC traffic's QoS
labels.

Marking - QoS Map Tables Configuration

After the QoS is enabled, the map tables are created with the default values and are enabled.

Distribution1#show mls qos maps cos-dscp

Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56

Distribution1#show mls qos maps dscp-cos

Dscp-cos map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07

 Example 1: If the port is configured to trust CoS, all the incoming CoS values are trusted and the
DSCP values are remarked based on the CoS-DSCP table. As per the default CoS-DSCP
configuration, the values are mapped as shown here:

CoS DSCP (decimal) DSCP

8
0 0 Default
1 8 CS1
2 16 CS2
3 24 CS3
4 32 CS4
5 40 CS5
6 48 CS6
7 56 CS7

 One important value you need to note here is the DSCP value corresponds to CoS value 5. It is CS5.
Example 2 talks about this value.
 Example 2: For example, the interface GigabitEthernet1/0/12 is configured to trust CoS.
 interface GigabitEthernet1/0/12
 description **** Cisco IP Phone ****
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 mls qos trust cos
 spanning-tree portfast
end

The Cisco IP Phone marks the voice payload with CoS 5 and DSCP EF when it sends the traffic to
the switch. When the traffic enters the port Gi 1/0/12, the switch trusts the CoS value. Then, the
switch derives the DSCP value CS5 (40) for the CoS value 5 from the CoS-DSCP table. All the
voice payloads with CoS 5 are marked with the DSCP value CS5. This is not the desirable value.
The required DSCP value for the voice payload is DSCP EF. By default, the other CoS values to
DSCP values are mapped correctly as per the RFCs.

This configuration helps you to configure the CoS-DSCP map table to change the DSCP value EF
that corresponds to CoS 5.

Distribution1(config)#mls qos map cos-dscp 0 8 16 24 32 46 48 56

!--- DSCP 46 is EF

After this configuration, the values are mapped as shown here:

CoS DSCP (decimal) DSCP

0 0 Default
1 8 CS1
2 16 CS2
3 24 CS3
4 32 CS4
9
5 46 EF
6 48 CS6
7 56 CS7

 Example 3: If the port is configured to trust DSCP, all the incoming DSCP values are trusted and
the CoS values are remarked based on the DSCP-CoS table. As per the default DSCP-CoS
configuration, the values are mapped as shown here:

DSCP DSCP (decimal) CoS

Default 0-7 0
CS1 AF11 AF12
8-15 1
AF13
CS2 AF21 AF22
16-23 2
AF23
CS3 AF31 AF32
24-31 3
AF33
CS4 AF41 AF42
32-39 4
AF43
CS5 EF 40-47 5
CS6 48-55 6
CS7 56-63 7

 You do not need to change these default values.

This table summarizes the DSCP values and CoS values just for reference:

DSCP (Decimal) DSCP CoS

0 Default 0
     
8 CS1 1
10 AF11 1
12 AF12 1
14 AF13 1
     
16 CS2 2
18 AF21 2
20 AF22 2
22 AF23 2
     
10
24 CS3 3
26 AF31 3
28 AF32 3
30 AF33 3
     
32 CS4 4
34 AF41 4
36 AF42 4
38 AF43 4
     
40 CS5 5
42   5
44   5
46 EF 5
     
48 CS6 6
     
56 CS7 7

Note: In a network, all the Cisco Catalyst switches should have identical map tables. Different map table
values in different switches cause undesirable QoS behavior.

11