Configuring Layer 3 trusted or untrusted ports

Configure a port as trusted or untrusted to determine the Layer 3 QoS actions the switch performs. A trusted (core) port honors incoming Differentiated Services Code Point (DSCP) markings. An untrusted (access) port overrides DSCP markings. The default configuration is trusted.

Before you begin

Enable DiffServ.

Procedure

  1. Enter Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]} or interface vlan <1–4059>

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure the port as an access port, use one of the following options:

    no enable-diffserv [port {slot/port[/sub-port][-slot/port[/sub-port]][,...]}] [enable]

    OR configure both parameters:

    enable-diffserv [port {slot/port[/sub-port][-slot/port[/sub-port]][,...]}] [enable]

    access-diffserv [port {slot/port[/sub-port][-slot/port[/sub-port]][,...]}] [enable]

  3. Configure the port as a core port:

    no access-diffserv [port {slot/port[/sub-port][-slot/port[/sub-port]][,...]}] [enable]

Variable definitions

Use the data in the following table to use the access-diffserv commands.

Variable

Value

enable

If enabled, specifies an access port and overrides incoming DSCP bits. If disabled, specifies a core port that honors and services incoming DSCP bits.

port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.