2q 2 Layer 2 queues. Traffic can be directed to the desired queue based on classification.
1p1q 1 priority Layer 2 queue and 1 standard Layer 2 queue. Traffic can be directed to the priority queue based on classification. Other traffic can be directed to the standard queue.
1p2q 1 priority Layer 2 queue and 2 standard Layer 2 queues. Traffic can be directed to the priority queue based on classification. Traffic can be directed to the desired standard queues based on additional classification.
Table 10-3 Drop Thesholds
Queue Use Threshold Traffic to Drop
50% CoS 0–1
60% CoS 2–3
80% CoS 4–5
100% CoS 6–7
696 Chapter 10: LAN QoS
After the queue has reached 50 percent of capacity, any traffic classified with CoS of 0 or 1 becomes drop candidates to avoid congestion. If the queue continues to fill in spite of the drops, at 60 percent of capacity any traffic classified with a CoS of 0, 1, 2, or 3 becomes drop candidates to avoid congestion. If the queue still continues to fill in spite of the drops, at 80 percent of capacity any traffic classified with a CoS of 0, 1, 2, 3, 4, or 5 becomes drop candidates to avoid congestion. At 100 percent of capacity, all traffic, regardless of classification, becomes drop candidates.
Figure 10-4 illustrates the drop thresholds.
Figure 10-4 Drop Thresholds
Thesholds provide an alternative to dividing the buffer space to add more standard queues, eliminating the risk of starving one queue while flooding another. Setting a drop theshold allows the entire buffer space to be used, decreasing the potential for instaneous buffer overrun for higher-priority traffic in the standard queue.
Trust Boundries
As discussed in Chapter 3, trust boundaries represent the point in the network that you begin to trust the packet markings. Establishing a trust boundary becomes increasingly important as PC
Drop Threshold 4: 100%
Drop Threshold 3: 80%
Drop Threshold 2: 60%
Drop Threshold 1: 50%
Reserved for CoS 6 and 7 Reserved for CoS 4 and Higher Reserved for CoS 2 and Higher
Available for Traffic with Any CoS Value
Receive Queue
Traffic Is Dropped
(Default Values Shown) CoS
6and 7 CoS
4and CoS 5
2and 3 CoS0
and 1
100% Available for CoS 6 and 7 80% Available for CoS 4 and 5
60% Available for CoS 2 and 3 50% Available for CoS 0 and 1
The Need for QoS on the LAN 697
network interface cards (NICs) gain the capability to mark traffic and alter the desired QoS design of your network. Figure 10-5 shows a network that uses a trust boundary at the IP Phone.
A trust boundary can also be configured on an access switch in the event that an IP Phone is not present.
Figure 10-5 Trust Boundaries
R1
IP SW1
Hannah
Jessie
Trust Boundary
Hannah’s PC Can Mark IP Precedence and IP DSCP, and CoS if Trunking
Layer 3 Switch:
Classification and Marking Based on IP Precedence and IP DSCP Values Layer 2 Switch:
Classification and Marking Based on CoS Values
If SW1 Is Layer 3 Capable:
Classification and Marking Based on IP Precedence or IP DSCP for Ingress Traffic
If ISL/802.1q to SW1:
Map Incoming CoS Value to IP Precedence or IP DSCP Values
Voice Bearer Traffic Mark CoS 5, IP Precedence 5 and IP DSCP EF
Voice Signaling Traffic Mark CoS 3, IP Precedence 3 and IP DSCP AF31
Re-Mark PC Traffic CoS 0, IP Precedence 0 and IPDSCP Default
X Y Z Mark
X Y Z Mark
X Y Z Mark
X Y Z Mark
698 Chapter 10: LAN QoS
This allows the network administrator to mark the packet as close to the end of the network without trusting all the applications on the PCs. You can gain more granular control of QoS tools by Specifying which devices are trusted.
Cisco Catalyst Switch QoS Features
Cisco Catalyst switches offer a wide array of QoS tools to help configure QoS in the LAN to support real-time applications. The following sections discuss the QoS capabilities, and hardware components if applicable, of these Cisco Catalyst switches:
• Catalyst 6500 series
• Catalyst 4500/4000 series
• Catalyst 3550 series
• Catalyst 3524 series
Catalyst 6500 QoS Features
This section is not intended to be an exhaustive look at the Cisco Catalyst 6500. Although many options exist for this product, the scope of this discussion covers only the Qos features of the Catalyst 6500 as they relate to the prioritization of real-time applications such as IP telepehony.
The 6500 architecture distributes the QoS features among the line cards, the Supervisor card, and the Policy Feature Card (PFC). To appreciate what is really happening in the 6500, you must first have a basic understanding of the line cards and Supervisor cards.
Supervisor and Switching Engine
The type of supervisor and switching engine installed in your Catalyst 6500 determines the QoS feature set. As of this writing, there are four supervisor/switching engine combinations.
Table 10-4 outlines these.
Table 10-4 Supervisor and Switching Engine Combinations
Supervisor Switching Engine
Supervisor II
(WS-X6K-SUP2-2GE)
Layer 3 Switching Engine II (WS-F6K-PFC2—PFC2) Supervisor Engine I
(WS-X6K-SUP1A-2GE) or (WS-X6K-SUP1-2GE)
Layer 3 Switching Engine (WS-F6K-PFC)
Cisco Catalyst Switch QoS Features 699
Enter the show module command for the supervisor engine to display your switching engine configuration. The next several examples just provide a reference so that you can determine which cards are in your particular 6500 switch. Example 10-2, for instance, shows the response of a Catalyst 6500 configured with a Supervisor II card, which includes the Policy Feature Card (PFC2) Layer 3 switching engine.
Supervisor Engine I
(WS-X6K-SUP1A-2GE) or (WS-X6K-SUP1-2GE)
Layer 2 Switching Engine II (WS-F6020A)
Supervisor Engine I
(WS-X6K-SUP1A-2GE) or (WS-X6K-SUP1-2GE)
Layer 2 Switching Engine I (WS-F6020)
Example 10-2show module of Catalyst 6500 with a Supervisor II
Cat6500>(enable) show module
Mod Slot Ports Module-Type Model Sub Status --- ---- --- --- --- --- --- 1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok 15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no OK 2 2 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes standby 16 2 1 Multilayer Switch Feature WS-F6K-MSFC2 no OK Mod Module-Name Serial-Num
--- --- --- 1 SAD051307ER 15 SAD050814J3 2 SAD0421058D 16 SAD042106PB
Mod MAC-Address(es) Hw Fw Sw
--- --- --- --- --- 1 00-01-64-75-eb-ce to 00-01-64-75-eb-cf 2.2 6.1(3) 6.2(2)
00-01-64-75-eb-cc to 00-01-64-75-eb-cd 00-05-5f-0f-ec-80 to 00-05-5f-0f-ec-bf
15 00-05-5e-da-ee-00 to 00-05-5e-da-ee-3f 1.2 12.1(8a)E5 12.1(8a)E5 2 00-01-64-f8-38-ac to 00-01-64-f8-38-ad 0.310 6.1(2) 6.3(3) 00-01-64-f8-38-ae to 00-01-64-f8-38-af
16 00-02-fd-b1-0f-00 to 00-02-fd-b1-0f-3f 1.1 12.1(8a)E5 12.1(8a)E5 Mod Sub-Type Sub-Model Sub-Serial Sub-Hw --- --- --- --- --- 1 L3 Switching Engine II WS-F6K-PFC2 SAD051405TV 1.3 2 L3 Switching Engine II WS-F6K-PFC2 SAD04110B5E 0.305
Table 10-4 Supervisor and Switching Engine Combinations (Continued)
Supervisor Switching Engine
show module
WS-X6K-SUP2-2GE WS-X6K-SUP2-2GE
L3 Switching Engine II WS-F6K-PFC2 L3 Switching Engine II WS-F6K-PFC2
Example 10-3 shows the response of a Catalyst 6500 configured with a Supervisor IA card and the optional PFC card.
Example 10-4 shows the response of a Catalyst 6500 configured with a Supervisor IA card, which includes the Layer 2 switching engine.
Example 10-3show module of Catalyst 6500 with a Supervisor IA and Layer 3 PFC Switching Engine
Cat6500> (enable) show module
Mod Slot Ports Module-Type Model Sub Status --- ---- --- --- --- --- --- 1 1 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes OK 15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no OK 2 2 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes standby 16 2 1 Multilayer Switch Feature WS-F6K-MSFC2 no OK Mod Module-Name Serial-Num
--- --- --- 1 SAD0433088P 15 SAD04360AJ8 2 SAD05030UEW 16 SAD05030Z4W
Mod MAC-Address(Es) Hw Fw SW
--- --- --- --- --- 1 00-d0-d3-3d-d2-3a to 00-d0-d3-3d-d2-3b 3.2 5.3(1) 6.3(3)
00-d0-d3-3d-d2-38 to 00-d0-d3-3d-d2-39 00-30-7b-4e-64-00 to 00-30-7b-4e-67-ff
15 00-03-6b-f1-2a-40 to 00-03-6b-f1-2a-7f 1.1 12.1(8a)E5 12.1(8a)E5 2 00-02-7e-f5-c8-7e to 00-02-7e-f5-c8-7f 7.1 5.3(1) 6.2(2) 00-02-7e-f5-c8-7c to 00-02-7e-f5-c8-7d
16 00-04-dd-f1-f0-80 to 00-04-dd-f1-f0-bf 1.2 12.1(8a)E5 12.1(8a)E5 Mod Subtype Sub-Model Sub-Serial Sub-Hw --- --- --- --- --- 1 L3 Switching Engine WS-F6K-PFC SAD04330KWZ 1.1 2 L3 Switching Engine WS-F6K-PFC SAD050315AR 1.1
Example 10-4show module of Catalyst 6500 with a Supervisor IA and Layer 2 Switching Engine
Cat6500>(enable)show module
Mod Slot Ports Module-Type Model Sub Status --- ---- --- --- --- --- --- 1 1 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes ok 2 2 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes standby Mod Module-Name Serial-Num
--- --- --- 1 SAD050404KM
show module
1000BaseX Supervisor WS-X6K-SUP1A-2GE 1000BaseX Supervisor WS-X6K-SUP1A-2GE
L3 Switching Engine WS-F6K-PFC L3 Switching Engine WS-F6K-PFC
show module
WS-X6K-SUP1A-2GE WS-X6K-SUP1A-2GE
Policy Feature Card
Cisco 6500 QoS features differ based on whether a PFC is installed and on other configuration options. For instance, the Layer 2 switching engine on the Supervisor I or Supervisor IA classifies, marks, and schedules traffic based on destination Media Access Control (MAC) address or VLAN tag information. Without the optional PFC, all marking of packets by the Layer 2 switching engine takes place in the CoS field. A Layer 2 switching engine does not examine the IP header, and so markings in the IP Precidence and DSCP fields are ignored.
With the addition of the PFC, the Catalyst 6500 is capable of enabling advanced QoS tools such as packet classification and marking, scheduling, and congestion avoidance based on either Layer 2, 3, or 4 header information. Specifically, the PFC can perform classification and mark- ing, and policing. The line cards perform queuing and packet-drop logic. The PFC performs the actual packet-forwarding process, effectively making it a Layer 3 switching engine. The PFC can examine the Layer 2 and Layer 3 headers as the packet arrives. If the destination IP adress exists in the flow cache, for PFC cards, or the Cisco Express Forwarding (CEF) Forwarding Information Base (FIB), for PFC2 cards, the PFC can rewrite the following five header fields:
• Layer 2 (MAC) Destination address
• Layer 2 (MAC) Source address
• Layer 3 IP Time-to-Live (TTL)
• Layer 3 Checksum
The Layer 2 (MAC) checksum (also called the frame checksum or FCS) allows the packet to retain the original Layer 2 and Layer 3 QoS markings.
In the event that the IP destination does not exist in the flow cache, or CEF FIB, the first packet of the flow is forwarded to the Multilayer Switch Feature Card (MSFC) to route the packet to the correct interface. The routing decision populates the flow cache or CEF FIB for subsequent
2 SAD05040EC2
Mod MAC-Address(es) Hw Fw Sw
--- --- --- --- --- 1 00-02-7e-27-17-f6 to 00-02-7e-27-17-f7 7.0 5.3(1) 5.5(9)
00-02-7e-27-17-f4 to 00-02-7e-27-17-f5 00-d0-03-8c-9c-00 to 00-d0-03-8c-9f-ff
2 00-01-64-75-80-16 to 00-01-64-75-80-17 7.0 5.3(1) 5.5(9) 00-01-64-75-80-14 to 00-01-64-75-80-15
Mod Sub-Type Sub-Model Sub-Serial Sub-Hw --- --- --- --- --- 1 L2 Switching Engine II WS-F6020A SAD05030WR5 2.0 2 L2 Switching Engine II WS-F6020A SAD05030VZH 2.0
Example 10-4show module of Catalyst 6500 with a Supervisor IA and Layer 2 Switching Engine (Continued)
L2 Switching Engine II WS-F6020A L2 Switching Engine II WS-F6020A
packets; however, the first routed packet loses the original CoS marking. All subsequent packets are switched by the PFC and retain their original Layer 2 and Layer 3 markings.
Although the PFC and PFC2 are both Layer 3 switching engines, they differ in a few ways, as listed in Table 10-5.
After a flow has been established, the PFC has the capability to use a QoS access list to police traffic to reduce the flow of traffic to a predefined limit. Traffic in excess of that limit can be dropped or have the DSCP value in the frame marked down to a lower value.
A QoS access-control list (ACL), consisting of a list of acess-control entries (ACEs), defines a set of QoS rules that the PFC uses to process incoming frames. ACEs are similar to a router ACL. The ACE defines classification, marking, and policing criteria for an incoming frame. If an incoming frame matches the criteria set in the ACE, the QoS engine processes the frame.
Ethernet Interfaces
The QoS role of Ethernet interfaces in a Catalyst 6500 includes the scheduling of packets and congestion management, as well as providing inline power to support the addition of real-time applications such as IP telephony. It is important to understand the capabilities of the Ethernet modules in your Catalyst to properly provision your network for the addition of real-time applications. Table 10-6 illustrates the QoS advantage that the current generation of Ethernet modules, typically the WS-X65xx series of cards, offers over the past generation of Table 10-5 PFC and PFC2 Differences
PFC PFC2 Available as an option on Supervisor Engine IA
only
Premounted on all Supervisor Engine II modules Performs Layer 2/3/4 services according to on a
flow-based architecture
Required for Layer 2/3/4 services in a CEF-based architecture
Performs certain Cisco IOS features such as PBR, standard and extended access lists, and reflexive ACLs in hardware
Performs certain Cisco IOS features such as PBR, unicast RPF, TCP intercept, standard and extended access lists, and reflexive ACLs in hardware, and incorporates significant performance improvements
Centralized forwarding mechanism based on a flow-caching mechanism
Distributed forwarding mechanism based on a distributed Cisco Express Forwarding (DCEF) architecture. Used for IP unicast and multicast traffic and Layer 2 forwarding
Ethernet modules, typically the WS-X63xx series of cards. Table 10-6 shows a comparision of the 48-port Ethernet modules.
The show port capabilities command enables you to display QoS information about a partic- ular port or modules. Example 10-5 displays the QoS capabilities of a supervisor IA card and a WS-X6248-RJ-45 card.
Table 10-6 Ethernet Buffers, Queues, and Thresholds
Ethernet Module
Total Buffer Size
RX Buffer Size
TX Buffer
Size RX Queue TX Queue
WS-X6548-RJ-45 1116 KB 28 KB 1088 KB 1p1q0t 1p3q1t
WS-X6348-RJ-45 128 KB 16 KB 112 KB 1q4t 2q2t
Example 10-5The show port capabilities Command
CAT6K> (enable) show port capabilities 1/1 Model WS-X6K-SUP1A-2GE Port 1/1
Type 1000BaseSX Speed 1000 Duplex full Trunk encap type 802.1Q,ISL
Trunk mode on,off,desirable,auto,nonegotiate Channel yes
Broadcast suppression percentage(0-100)
Flow control receive-(off,on,desired),send-(off,on,desired) Security yes
Dot1x yes
Membership static,dynamic Fast start yes
QOS scheduling rx-(1p1q4t),tx-(1p2q2t) CoS rewrite yes
ToS rewrite DSCP UDLD yes Inline power no AuxiliaryVlan no
SPAN source,destination COPS port group 1/1-2
Link debounce timer yes CAT6K> (enable)
CAT6K> (enable) show port capabilities 2/1 Model WS-X6248-RJ-45 Port 2/1
Type 10/100BaseTX Speed auto,10,100 Duplex half,full Trunk encap type 802.1Q,ISL
Trunk mode on,off,desirable,auto,nonegotiate
continues
WS-X6K-SUP1A-2GE
QOS scheduling rx-(1p1q4t),tx-(1p2q2t)
WS-X6248-RJ-45
The WS-X65xx series of Ethernet cards introduce a priority queue and extend the buffer sizes to better accommodate traffic during times of congestion. In a side-by-side comparison, it is plain to see that the WS-65xx series of Ethernet line cards are the better choice for QoS.
The uplink Gigabit Ethernet ports on the Supervisor I support a single receive queue with four thresholds (1q4t) and two transmit queues with two thresholds (2q2t). The uplink Gigabit Ethernet ports on the Supervisor IA and the Supervisor II cards include enhanced QoS features that provide an additional priority queue for both ingress (1p1q4t) and egress (1p2q2t) interfaces.
These queues are serviced in a WRR method, except for the priority queue, which is always serviced as soon as frames have entered the queue. Table 10-7 lists the TX and RX queues supported by each supervisor engine.
The addition of the priority queue on the Supervisor IA and Supervisor II offers an advantage for providing QoS for real-time applications over Supervisor I.
Channel yes
Broadcast suppression percentage(0-100)
Flow control receive-(off,on),send-(off) Security yes
Dot1x yes
Membership static,dynamic Fast start yes
QOS scheduling rx-(1q4t),tx-(2q2t) CoS rewrite yes
ToS rewrite DSCP UDLD yes Inline power no
AuxiliaryVlan 1..1000,1025..4094,untagged,dot1p,none SPAN source,destination
COPS port group 2/1-48 Link debounce timer yes CAT6K> (enable)
Table 10-7 Supervior Queues and Thresholds
Supervisor RX Queue TX Queue
Supervisor II
(WS-X6K-SUP2-2GE)
1p1q4t 1p2q2t
Supervisor Engine IA (WS-X6K-SUP1A-2GE)
1p1q4t 1p2q2t
Supervisor Engine I (WS-X6K-SUP1-2GE)
1q4t 2q2t
Example 10-5The show port capabilities Command (Continued)
QOS scheduling rx-(1q4t),tx-(2q2t)
Ingress and egress scheduling are always based on the CoS value associated with the frame.
By default, higher CoS values are mapped to higher queue numbers. CoS 5 traffic, typically associated with Voice over IP (VoIP) traffic, is mapped to the strict-priority queue, if present.
In addition to the different queues, each standard queue has one or more drop thresholds. There are two types of drop thresholds:
• Tail-drop thresholds
On ports with tail-drop thresholds, frames of a given CoS value are admitted to the queue until the drop threshold associated with that CoS value is exceeded; subsequent frames of that CoS value are discarded until the threshold is no longer exceeded.
If CoS 1 is assigned to Queue 1, threshold 2, for example, and the threshold 2 watermark is 60 percent, frames with CoS 1 are not dropped until Queue 1 is 60 percent full. All subsequent CoS 1 frames are dropped until the queue is less than 60 percent full.
• WRED-drop thresholds
On ports with Weighted Random Early Detection (WRED)-drop thresholds, frames of a given CoS value are admitted to the queue based on a random probability designed to avoid buffer congestion. The probability of a frame with a given CoS being admitted to the queue or discarded depends on the weight and threshold assigned to that CoS value.
If CoS 2 is assigned to Queue 1, threshold 2, for example, and the threshold 2 watermarks are 40 percent (low) and 80 percent (high), frames with CoS 2 are not dropped until Queue 1 is at least 40 percent full. As the queue depth approaches 80 percent, frames with CoS 2 have an increasingly higher probability of being discarded rather than being admitted to the queue. When the queue is more than 80 percent full, all CoS 2 frames are dropped until the queue is less than 80 percent full. The frames that the switch discards when the queue level is between the low and high thresholds are picked at random, rather than on a per-flow or FIFO basis. This method works well with protocols such as TCP that are capable of adjusting to periodic packet drops by backing off and adjusting their transmission window size.
Enter the show qos info config [mod/port] command to determine whether your Catalyst switch port supports WRED. In Example 10-6, the show qos info config command shows that port 2/
1 does not support WRED.
Example 10-6The show qos info config Command
Cat6500> show qos info config 2/1 QoS setting in NVRAM:
QoS is enabled
Port 2/1 has 2 transmit queue with 2 drop thresholds (2q2t).
Port 2/1 has 1 receive queue with 4 drop thresholds (1q4t).
Interface type:vlan-based ACL attached:
The qos trust type is set to untrusted.
show qos info config 2/1
QoS Flow on the Catalyst 6500
Now that you have an understanding of the various hardware options available on the Catalyst 6500 as they relate to QoS, we can begin to discuss the QoS flow as the frames are received and forwarded through the switch. Figure 10-6 shows the QoS flow overview.
Figure 10-6 QoS Flow Overview
Default CoS = 0
Queue and Threshold Mapping:
Queue Threshold CoS
--- --- --- 1 1 0 1
1 2 2 3 2 1 4 5 2 2 6 7 Rx drop thresholds:
Rx drop thresholds are disabled for untrusted ports.
Queue # Thresholds - percentage (abs values) --- --- 1 50% 60% 80% 100%
Tx drop thresholds:
Queue # Thresholds - percentage (abs values) --- --- 1 40% 100%
2 40% 100%
Tx WRED thresholds:
WRED feature is not supported for this port_type.
Queue Sizes:
Queue # Sizes - percentage (abs values) --- --- 1 80%
2 20%
WRR Configuration of ports with speed 1000MBPS:
Queue # Ratios (abs values)
--- --- 1 100
2 255
Example 10-6The show qos info config Command (Continued)
Frame Enters Switch
Ethernet Ingress
Port
PFC / PFC2 or L2 Switching Engine
Ethernet Egress
Port
Multilayer Switch Feature Card (MSFC)
CoS = 0 for All Traffic Exiting the MSFC
FlexWAN Module Interfaces Transmit
Queue
The frame arrives at the switch Ethernet ingress port. The existing frame marking, Ethernet ingress queuing structure, and the current trust state of the ingress Ethernet port determine the level of service the frame receives. After the ingress queue and threshold have been determined, the ingress port forwards the frame to the Layer 2 switching engine, or the PFC Layer 3 switching engine if one is installed.
When the supervisor does not have a PFC, the Layer 2 switching engine forwards the packet to the egress Ethernet port. The egress switch port uses the CoS marking on the frame to determine the queue that is used for the frame as it exits the switch.
When the supervisor does have a PFC, the PFC consults its cache to determine whether it has a known path to the destination address. If the path exists in the cache, the PFC forwards the packet to the correct egress port. Because the PFC can operate at Layer 3, it has the capability to switch the packet between VLANs without losing the Layer 2 CoS markings, so the frame retains its CoS marking, and the packet retains its DSCP or IP precedence marking.
In the event that the PFC does not have the path in cache, the packet is forwarded to the MSFC to determine which Ethernet egress port to use. When the MFSC makes a routing decision, and determines the correct Ethernet egress port needed to reach the destination address, the PFC populates its cache with this information for future use. This means the first packet in a flow loses the CoS value, because the first packet is routed at Layer 3 across the MSFC. However, subsequent packets are switched by the PFC and retain their original marked values. After the egress Ethernet port has been identified, the packet is assigned to the proper queue and threshold indicated by the Layer 2 or Layer 3 markings on the packet.
Ingress Queue Scheduling
The first opportunity for applying any kind of QoS tool to an incoming frame occurs when the frame enters the switch. Even before the supervisor or PFC forwards the frame to the egress line card, ingress QoS features occur. For instance, ingress queue scheduling defines the treatment that a frame or packet receives as it enters the switch. If QoS has been enabled, and the ingress port is trusted, the switch uses receive queue drop thresholds to schedule the arriving frames.
Figure 10-7 shows the treatment received by the frame or packet in the ingress queue.
The first variable encountered as the frame enters the switch is trust. This asks the questions
“Where is our trust boundary? Do we want to trust the markings on a frame as it enters the switch on this port?” If the port is untrusted, there is no need to continue to classify the frame.
The ingress port just applies the configured port QoS value, typically 0, and forwards the frame to the switching engine.
If the port is trusted, the next questions asked are “Is this an 802.1Q or ISL trunk port? Does the incoming frame have an 802.1Q or ISL header?” If this ingress Ethernet port is not a trunk port, the configured port CoS value is assigned to the frame. If this ingress Ethernet port is configured as a trunk port, the CoS value marked on the frame is trusted.