Last bit to this string.
If QoS is enabled on the L2 switches ask the proctor if you can turn it off. As it is not a primary goal of the Security exam for understanding QoS don't mess around with learning Catalyst QoS as it is a whole other ball game to L3 QoS on the Routers/Security Devices. To disable QoS at l2 globally put in the command "no mls qos" and all interface commands become useless. That is my 2 cents :) Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Richard Chan Sent: Wednesday, June 22, 2011 3:54 AM To: Mark Senteza Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Understanding "mls qos trust" command Hi This interface command is necessary if mls qos is enabled globally. By default, mls qos is OFF, and the switch will not change any DSCP/COS values. The moment you enable "mls qos" at global config, the Catalyst switch will automatically remark the packets to DSCP 0 unless you explicitly trust the interface (similar to DHCP snooping trust or DAI trust). This seems more of an RS-type question than SEC but it could be the basis of a really evil troubleshooting question in the lab, i.e., they enable "mls qos" globally and then we wonder why our markings are lost. In summary, if "mls qos" is not enabled globally you do not have to do anything at the interface level. If "mls qos" is enabled globally, you must configure "mls qos trust..." at the interface-level otherwise the packet will get remarked. Regards Richard
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
