Cisco Systems WSC4500X16SFP Manual De Usuario
27-26
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 27 Configuring Quality of Service
Configuring QoS
Configuring a Trusted Boundary to Ensure Port Security
In a typical network, you connect a Cisco IP phone to a switch port as discussed in
Traffic sent from the telephone to the switch is typically marked with a
tag that uses the 802.1Q header. The header contains the VLAN information and the class of service
(CoS) 3-bit field, which determines the priority of the packet. For most Cisco IP phone configurations,
the traffic sent from the telephone to the switch is trusted to ensure that voice traffic is properly
prioritized over other types of traffic in the network. By using the qos trust cos interface configuration
command, you can configure the switch port to which the telephone is connected to trust the CoS labels
of all traffic received on that port.
(CoS) 3-bit field, which determines the priority of the packet. For most Cisco IP phone configurations,
the traffic sent from the telephone to the switch is trusted to ensure that voice traffic is properly
prioritized over other types of traffic in the network. By using the qos trust cos interface configuration
command, you can configure the switch port to which the telephone is connected to trust the CoS labels
of all traffic received on that port.
In some situations, you also might connect a PC or workstation to the IP phone. In this case, you can use
the switchport priority extend cos interface configuration command to configure the telephone through
the switch CLI to override the priority of the traffic received from the PC. With this command, you can
prevent a PC from taking advantage of a high-priority data queue.
the switchport priority extend cos interface configuration command to configure the telephone through
the switch CLI to override the priority of the traffic received from the PC. With this command, you can
prevent a PC from taking advantage of a high-priority data queue.
However, if a user bypasses the telephone and connects the PC directly to the switch, the CoS labels
generated by the PC are trusted by the switch (because of the trusted CoS setting) and can allow misuse
of high-priority queues. The trusted boundary feature solves this problem by using the CDP to detect the
presence of a Cisco IP phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port.
generated by the PC are trusted by the switch (because of the trusted CoS setting) and can allow misuse
of high-priority queues. The trusted boundary feature solves this problem by using the CDP to detect the
presence of a Cisco IP phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port.
Note
If CDP is not running on the switch globally or on the port in question, trusted boundary will not work.
When you configure trusted boundary on a port, trust is disabled. Then, when a phone is plugged in and
detected, trust is enabled. (It may take a few minutes to detect the phone.) Now, when a phone is
unplugged (and not detected), the trusted boundary feature disables the trusted setting on the switch port
and prevents misuse of a high-priority queue.
detected, trust is enabled. (It may take a few minutes to detect the phone.) Now, when a phone is
unplugged (and not detected), the trusted boundary feature disables the trusted setting on the switch port
and prevents misuse of a high-priority queue.
To enable trusted boundary on a port, perform this task:
To disable the trusted boundary feature, use the no qos trust device cisco-phone interface configuration
command.
command.
Command
Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode, and specifies the interface connected
to the IP phone.
to the IP phone.
Valid interfaces include physical interfaces.
Step 3
Switch(config)# qos trust [cos |
dscp]
Configures the interface to trust the CoS value in received traffic. By
default, the port is not trusted.
default, the port is not trusted.
Step 4
Switch(config)# qos trust device
cisco-phone
Specifies that the Cisco IP phone is a trusted device.
You cannot enable both trusted boundary and auto-QoS (auto qos voip
interface configuration command) at the same time; they are mutually
exclusive.
interface configuration command) at the same time; they are mutually
exclusive.
Step 5
Switch(config)# end
Returns to privileged EXEC mode.
Step 6
Switch# show qos interface
interface-id
Verifies your entries.
Step 7
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.