Quality of Service (QoS) is the set of tools that allows network engineers to manage bandwidth, delay, jitter, and packet loss for different traffic types. On the CCNA 200-301 exam, QoS appears under exam objective 4.8 (IP Services) and typically counts for 2-4 questions. In real networks, QoS is the difference between a clear VoIP call and garbled audio, or between a responsive video conference and a frozen screen. Understanding QoS fundamentals is essential for any network professional who touches real-time applications.
Jump to a section
Imagine a busy airport security checkpoint. Passengers arrive at a single queue, but they have different travel classes: first-class, business, and economy. The airport uses a priority system: first-class passengers skip to a dedicated fast lane, business-class passengers get a slightly shorter queue, and economy passengers wait in the standard line. This is exactly how QoS classification and marking work. The airline (network administrator) decides which passengers (packets) are important based on their ticket (DSCP/CoS marking). The security lanes (queues) have different service rates: the VIP lane processes 10 passengers per minute, business processes 5, and economy processes 3. This is like a CBWFQ (Class-Based Weighted Fair Queue) configuration where each class gets a guaranteed minimum bandwidth. However, if the VIP lane is empty, the security officers can help the business lane — this is the principle of borrowing unused bandwidth, similar to the 'bandwidth remaining' command in QoS. If too many VIP passengers arrive, the VIP lane itself may become congested, but they still get priority over others. This mirrors the strict priority queue (LLQ) used for voice traffic. Finally, if a passenger (packet) arrives and all queues are full, they are turned away — this is tail drop. But the airport could instead use a 'random early drop' system for economy passengers to avoid global synchronization, which is exactly what WRED (Weighted Random Early Detection) does for TCP traffic. The airport analogy perfectly captures classification, marking, queuing, scheduling, and congestion avoidance — the five key components of QoS.
What is QoS and Why Do We Need It?
Quality of Service (QoS) is a collection of mechanisms that provide different levels of service to different packets on the same network. The fundamental problem QoS solves is that network resources (bandwidth, buffer space) are finite, and not all traffic is equally important. Voice and video traffic require low latency, low jitter, and low loss, while email and file transfers can tolerate delays. Without QoS, all traffic competes equally, leading to poor performance for real-time applications during congestion.
The Three Main QoS Models
Cisco defines three QoS service models: - Best-Effort (BE): No QoS at all. All packets are treated equally. This is the default on IP networks. - Integrated Services (IntServ): Applications signal their QoS requirements using RSVP (Resource Reservation Protocol). This provides per-flow guarantees but does not scale well on large networks. - Differentiated Services (DiffServ): Packets are marked with a priority level (DSCP or IP Precedence), and routers apply different forwarding treatments based on those marks. This is the model used in enterprise networks and the focus of the CCNA exam.
Classification and Marking
Classification identifies packets based on criteria like source/destination IP, port numbers, or DSCP values. Marking sets a QoS value in the packet header so downstream devices can treat the packet accordingly. The two main marking fields are: - IP Precedence: Uses 3 bits in the ToS byte of the IP header, allowing values 0-7. Rarely used today. - DSCP (Differentiated Services Code Point): Uses 6 bits of the ToS byte, allowing 64 values (0-63). Common DSCP values include:
- EF (Expedited Forwarding): 46 – used for voice - AF41 (Assured Forwarding 4.1): 34 – used for video - AF31: 26 – used for call signaling - CS0: 0 – best effort - CS1: 8 – scavenger class
At Layer 2, you can mark the 802.1p CoS (Class of Service) bits in the VLAN tag. CoS values are 0-7, with 5 typically used for voice, 4 for video, and 0 for best effort.
Queuing and Scheduling
Queuing is the process of storing packets in buffers when the output interface is congested. Scheduling determines which queue gets to send next. The main queuing mechanisms on Cisco routers are: - FIFO (First In, First Out): Simplest, no QoS. - PQ (Priority Queuing): Strict priority – high-priority queues always empty before low-priority ones. Can starve low-priority traffic. - CQ (Custom Queuing): Round-robin with byte counts. Not commonly used. - WFQ (Weighted Fair Queuing): Automatically classifies flows and gives equal bandwidth to each flow. No configuration needed, but no control. - CBWFQ (Class-Based Weighted Fair Queuing): You define classes and assign bandwidth guarantees to each class. This is the standard Cisco QoS queuing mechanism. - LLQ (Low Latency Queuing): Adds a strict priority queue to CBWFQ. Voice traffic goes into the priority queue and is always sent first. This is mandatory for VoIP.
Congestion Avoidance
Congestion avoidance techniques drop packets before buffers fill completely, to prevent TCP global synchronization. The main tool is WRED (Weighted Random Early Detection). WRED monitors queue depth and randomly drops packets from lower-priority flows when the queue starts to fill. This causes those TCP flows to slow down, preventing full buffer overflow.
Shaping and Policing
Shaping and policing both control traffic rate, but they differ in how they handle excess traffic: - Policing: Drops or remarks packets that exceed a configured rate. It does not buffer packets. Policing is typically applied inbound. - Shaping: Buffers packets that exceed the rate and sends them later, smoothing traffic bursts. Shaping is applied outbound.
IOS QoS Configuration Example
Here is a simple QoS configuration on a Cisco router that gives priority to voice traffic and guarantees bandwidth for video:
! Classify traffic
class-map match-any VOICE
match ip dscp ef
class-map match-any VIDEO
match ip dscp af41
!
! Policy map defines the treatment
policy-map QOS-POLICY
class VOICE
priority 1000 ! Strict priority queue, 1 Mbps
class VIDEO
bandwidth 4000 ! Guaranteed 4 Mbps
class class-default
fair-queue ! Default class uses WFQ
!
! Apply to interface
interface GigabitEthernet0/1
service-policy output QOS-POLICYVerification Commands
To verify QoS operation, use:
show policy-map interface GigabitEthernet0/1Example output:
GigabitEthernet0/1
Service-policy output: QOS-POLICY
Class-map: VOICE (match-any)
1000 packets, 64000 bytes
5 minute offered rate 10000 bps, drop rate 0 bps
Match: ip dscp ef (46)
Priority:
Strict Priority
Queue 0: queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 1000/64000
Class-map: VIDEO (match-any)
2000 packets, 256000 bytes
5 minute offered rate 50000 bps, drop rate 0 bps
Match: ip dscp af41 (34)
Bandwidth: 4000 kbps
Queue 1: queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2000/256000
Class-map: class-default (match-any)
5000 packets, 500000 bytes
5 minute offered rate 100000 bps, drop rate 0 bps
Match: any
Fair-queue: per-flow queue limit 16QoS Trust Boundaries
A trust boundary defines where the network trusts the marking of incoming packets. Typically, the access switch trusts markings from IP phones but not from PCs. The command mls qos trust cos or mls qos trust dscp sets the trust boundary on a switch port.
Identify traffic types and requirements
First, determine which applications need QoS. Voice (VoIP) requires low latency (<150 ms one-way), low jitter (<30 ms), and low loss (<1%). Video conferencing has similar requirements. Critical data (e.g., database transactions) needs low loss but can tolerate some delay. Default traffic (web browsing, email) is best-effort. Create a list of applications with their DSCP or CoS markings. For example, voice uses DSCP EF (46), video uses AF41 (34), call signaling uses AF31 (26), and scavenger traffic uses CS1 (8).
Classify traffic using class-maps
Create class-maps that match traffic based on criteria such as DSCP, IP precedence, source/destination IP, or port numbers. On a Cisco router, use the `class-map` command. Example: `class-map match-any VOICE` then `match ip dscp ef`. You can also match on access lists: `match access-group name VOICE-ACL`. Class-maps can use `match-all` (all conditions must match) or `match-any` (any condition matches).
Create a policy-map to define actions
The policy-map associates classes with QoS actions like bandwidth guarantee, priority, policing, or shaping. Use `policy-map POLICY-NAME`. For each class, specify actions. For voice, use `priority` to place it in the strict priority LLQ. For video, use `bandwidth` to guarantee a minimum rate. For the default class, use `fair-queue` or `bandwidth`. Example: `policy-map QOS-POLICY` then `class VOICE` then `priority 1000` (kbps). The `priority` command automatically polices to the configured rate.
Apply the policy-map to an interface
Attach the policy-map to the interface in the appropriate direction. Most queuing is applied outbound. Use the `service-policy` command: `interface GigabitEthernet0/1` then `service-policy output QOS-POLICY`. You can also apply inbound policing with `service-policy input`. The policy-map can only be applied to one interface per direction, but the same policy can be reused on multiple interfaces.
Configure trust boundaries on switches
On Cisco switches, you must configure trust boundaries so that the switch honors markings from trusted devices (e.g., IP phones) and re-marks or ignores markings from untrusted devices (e.g., PCs). Use `mls qos trust cos` or `mls qos trust dscp` on the switchport connected to the phone. For the PC port, you can use `mls qos trust device cisco-phone` to trust only the phone. By default, QoS is disabled on most switches; you must enable it globally with `mls qos`.
Verify with show commands
Use `show policy-map interface [interface]` to see packets matched, offered rate, drop rate, and queue statistics. For switches, use `show mls qos interface [interface]` to see trust state and CoS/DSCP mappings. Example: `show policy-map interface GigabitEthernet0/1` shows per-class counters. Also use `show class-map` and `show policy-map` to verify configuration. If drops are high, check queue limits or adjust bandwidth allocation.
In an enterprise network, QoS is critical for voice and video over IP. A typical deployment involves IP phones that mark voice traffic with CoS 5 and DSCP EF. The access switch trusts the phone's marking but re-marks traffic from the PC to best-effort (CoS 0). On the distribution layer, a QoS policy is applied to the uplink to the WAN router. For example, a 10 Mbps WAN link might allocate 1 Mbps for voice (priority), 4 Mbps for video, and the remaining 5 Mbps for data. This ensures that even during a large file transfer, voice quality remains clear.
Another scenario is a data center with storage traffic (iSCSI) that requires low loss. The network administrator can classify iSCSI traffic by TCP port 3260 and assign it a high bandwidth guarantee. Without QoS, a burst of backup traffic could cause iSCSI timeouts.
Common scale considerations: QoS policies are applied on every interface where congestion might occur. In a large network, this means hundreds of interfaces. Configuration templates and automation tools (Ansible, Python) are used to apply consistent policies. Performance considerations: QoS classification and queuing consume CPU cycles. On high-speed interfaces (10 Gbps+), hardware-based QoS is used to avoid CPU impact.
When misconfigured, QoS can cause more harm than good. For example, giving too much bandwidth to the priority queue can starve data traffic, leading to TCP retransmissions and poor application performance. Another common mistake is forgetting to enable mls qos globally on a switch, causing all marking and trust commands to be ignored. Also, applying shaping instead of policing on an inbound interface can cause buffer overflow and packet loss. Proper planning and testing are essential.
The CCNA 200-301 exam tests QoS fundamentals under objective 4.8. Expect 2-4 questions covering classification, marking, trust boundaries, queuing (especially LLQ and CBWFQ), and policing vs. shaping. Common wrong answers include:
Confusing policing and shaping: Many candidates think policing buffers traffic. Actually, policing drops or remarks; shaping buffers. The exam may ask which tool is used to smooth traffic bursts – answer: shaping.
Mixing up DSCP and CoS: DSCP is Layer 3 (IP header), CoS is Layer 2 (802.1Q tag). A question might ask where to mark for end-to-end QoS – answer: DSCP, because CoS is stripped across router hops.
Assuming LLQ is unlimited: The priority command in CBWFQ has a policed rate. If traffic exceeds that rate, it is dropped. Candidates think priority means unlimited bandwidth – wrong.
Default trust setting: On switches, the default is to not trust markings (unless mls qos is enabled). A question might present a scenario where a PC's DSCP markings are ignored – the answer is that the switch port is untrusted.
Specific values to memorize:
DSCP EF = 46 (voice)
DSCP AF41 = 34 (video)
CoS 5 = voice, CoS 4 = video, CoS 0 = best effort
LLQ uses strict priority queue
service-policy output for queuing
mls qos must be enabled globally on switches
For scenario questions, use elimination: If the problem is jitter and delay for voice, the solution is LLQ (priority queue). If the problem is TCP global synchronization, the solution is WRED. If the problem is traffic bursts on a slow link, the solution is shaping.
QoS classification identifies packets; marking sets DSCP (L3) or CoS (L2) values.
DSCP EF (46) is used for voice; AF41 (34) for video; default is best-effort (0).
LLQ provides a strict priority queue for real-time traffic; use the 'priority' command in CBWFQ.
Policing drops or remarks excess traffic; shaping buffers it to smooth bursts.
Trust boundaries: access switches trust markings from IP phones but not from PCs.
Enable 'mls qos' globally on Cisco switches for QoS to work.
Use 'show policy-map interface' to verify QoS operation and check drops.
These come up on the exam all the time. Here's how to tell them apart.
Policing
Drops or remarks packets exceeding the rate
No buffering – immediate action
Typically applied inbound or outbound
Can cause TCP retransmissions due to drops
Uses token bucket algorithm
Shaping
Buffers packets exceeding the rate and sends later
Smooths traffic bursts
Typically applied outbound
Increases delay but reduces drops
Uses token bucket with queue
Mistake
QoS gives you more bandwidth.
Correct
QoS does not increase bandwidth; it prioritizes traffic during congestion. You still have the same link capacity.
Marketing hype often makes people think QoS 'adds' bandwidth, but it only manages existing resources.
Mistake
The 'priority' command in CBWFQ provides unlimited bandwidth to the class.
Correct
The 'priority' command creates a strict priority queue but also polices the traffic to the configured rate (e.g., 'priority 1000' allows max 1 Mbps). Excess traffic is dropped.
Candidates assume 'priority' means always sent first without limits, but policing is built-in to prevent starvation of other queues.
Mistake
CoS markings survive across routers.
Correct
CoS is in the 802.1Q tag, which is stripped when a packet leaves a Layer 2 domain. For end-to-end QoS, use DSCP (Layer 3).
Candidates confuse Layer 2 and Layer 3 headers; CoS is only relevant on switched segments.
Mistake
Shaping and policing are interchangeable.
Correct
Policing drops or remarks excess traffic (no buffering), while shaping buffers excess traffic and sends it later. Shaping is applied outbound; policing can be inbound or outbound.
Both control rate, but the mechanism is different; exam questions test the distinction.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
CBWFQ (Class-Based Weighted Fair Queuing) allows you to define classes and assign bandwidth guarantees to each. LLQ (Low Latency Queuing) extends CBWFQ by adding a strict priority queue for real-time traffic. In CBWFQ without LLQ, all queues are serviced based on their bandwidth weights, which can introduce delay for voice. LLQ ensures the priority queue is always emptied first, providing low latency and jitter. On Cisco IOS, you enable LLQ by using the 'priority' command inside a class in a policy-map.
By default, QoS is disabled on most Cisco switches. This means all packets are treated equally, and any marking or trust commands are ignored until you enable QoS globally with the 'mls qos' command. Once enabled, the switch can perform classification, marking, and queuing. Without 'mls qos', the switch operates in a pass-through mode. For the CCNA exam, remember that you must enable 'mls qos' globally for any QoS features to work.
Use policing when you want to enforce a strict rate limit and are okay with dropping excess traffic. Policing is often applied inbound on a service provider link to enforce a contracted rate. Use shaping when you want to smooth traffic bursts and avoid drops, typically outbound on a slower link (e.g., WAN). Shaping buffers excess traffic and sends it later, which increases delay but reduces packet loss. For example, shape traffic to 80% of the link speed to prevent interface congestion.
The trust boundary defines which devices are allowed to mark packets. On an access switch, the trust boundary is typically set at the IP phone. The switch trusts the CoS/DSCP markings from the phone (because the phone is trusted) but does not trust markings from the PC connected through the phone. The switch may re-mark PC traffic to best-effort. The command 'mls qos trust device cisco-phone' tells the switch to trust the phone's markings. Trust boundaries prevent end users from marking their own traffic as high priority.
IP Precedence uses 3 bits in the ToS byte of the IP header, allowing 8 values (0-7). DSCP uses 6 bits, allowing 64 values (0-63). DSCP is backward-compatible with IP Precedence (the first 3 bits of DSCP correspond to IP Precedence). DSCP provides more granularity and is the preferred marking method for modern QoS. Common DSCP values include EF (46) for voice and AF41 (34) for video. The CCNA exam expects you to know DSCP values like EF, AF41, and CS0.
Use 'show policy-map interface [interface]' to see the policy applied, packets matched, offered rate, drop rate, and queue statistics. For example, 'show policy-map interface GigabitEthernet0/1' shows per-class counters. Use 'show class-map' to list class-maps, and 'show policy-map' to view policy-map definitions. On switches, use 'show mls qos interface [interface]' to see trust state and CoS/DSCP mappings. Also, 'show mls qos' shows global QoS settings.
WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that monitors queue depth and randomly drops packets before the queue becomes full. It is used to prevent TCP global synchronization, where multiple TCP flows all back off at the same time after a tail drop, causing a sawtooth pattern of congestion. WRED drops packets from lower-priority flows more aggressively, causing those TCP flows to slow down while higher-priority flows are less affected. WRED is configured under a class in a policy-map using the 'random-detect' command.
You've just covered QoS Fundamentals — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?