Layer 2 and Layer 3 trusted and untrusted ports

You can configure interface module ports as trusted or untrusted at both Layer 2 (802.1p) or Layer 3 (DSCP) for ingress packet classification.

The switch provides eight internal QoS levels. These eight levels, numbered zero to seven, map to the queues through

the ingress 8021p to (internal) QoS mapping table
the ingress DSCP to (internal) QoS mapping table

To configure a port as trusted or untrusted, use the commands and the parameter values as shown in the following tables:


Layer 2 Trusted	Layer 2 Untrusted
802.1p-override	802.1p-override
`disable`	`enable`


Layer 3 Trusted		Layer 3 Untrusted
enable-diffserv	access-diffserv *	enable-diffserv	access-diffserv *
`enable`	`disable`	`disable`	`disable`
		`disable`	`enable`
		`enable`	`enable` **
* Configure access-diffserv as either a core or access port. If enabled, this command specifies an access port and overrides incoming DSCP bits. If disabled, it specifies a core port that honors and services incoming DSCP bits. ** If the ingress port has enable-diffserv and access-diffserv enabled, then the packet is DSCP remarked at egress.

Layer 2 untrusted and Layer 3 untrusted

To configure a port as Layer 2 untrusted and Layer 3 untrusted, refer to the tables above and assign the parameter values accordingly.

For more information, see Data packet ingress mapping.

Layer 2 untrusted and Layer 3 trusted

To configure a port as Layer 2 untrusted and Layer 3 trusted, refer to the tables above and assign the parameter values accordingly.

Use these configuration options to classify packet QoS through the DSCP parameter for all IP packets, whether tagged or untagged. Use this configuration when another QoS or DiffServ enabled and configured switch marks the IP packets at the edge. These already-marked packets arrive Layer 3 trusted, and the switch continues with the trust (DiffServ core port operation). For tagged packets, the system does not examine the 802.1p bits. For non-IP packets, this configuration causes classification by port QoS settings.

Note

For IP switched and tagged packets, use the 802.1p bits to derive the internal QoS. For untagged or routed packets, use the DSCP to derive the internal QoS.

For more information, see Data packet ingress mapping.

Layer 2 trusted and Layer 3 trusted

To configure a port as Layer 2 trusted and Layer 3 trusted, refer to the tables above and assign the parameter values accordingly.

Use these configuration options to classify packet QoS through DSCP for all IP packets, and through 802.1p for all tagged non IP packets. If it is an IP packet, DSCP is used. If it is a tagged non IP packet, 802.1p bits are used. If it is an untagged non IP packet, the port QoS is used.

For more information, see Data packet ingress mapping.

Layer 2 trusted and Layer 3 untrusted

To configure a port as Layer 2 trusted and Layer 3 untrusted, refer to the tables above and assign the parameter values accordingly.

Use these configuration options to classify packet QoS through 802.1p for all tagged packets, and port QoS levels for all untagged (IP or non-IP) packets. If the packet is an IP packet, the system does not modify or examine the DSCP parameter bits.

For more information, see Data packet ingress mapping.

DiffServ disabled

If you disable the DiffServ parameter, the system ignores the Layer 3 DSCP parameter. For more information, see Data packet ingress mapping.