Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch_QoS

QoS

You can use Quality of Service (QoS) to implement priority queuing within a network. QoS provides consistent and predictable data delivery by distinguishing between packets with stricter timing requirements and those more tolerant of delays. QoS prioritizes traffic, such as voice and video streaming, by assigning them to high-priority queues while avoiding excessive broadcast and multicast traffic. Other traffic is assigned to lower-priority queues, resulting in uninterrupted actions. Without QoS, all traffic data is equally likely to be dropped when the network is congested, resulting in reduced network performance.

Sophos Switch offers multiple queues per port, allowing for the prioritization of specific packets based on user-defined criteria. When a packet is queued for transmission within a port, the processing rate depends on how the queue is configured and the amount of traffic present within other queues on the port. If a delay is necessary, packets are held in the queue until they're authorized for transmission.

General settings

You can use the General settings page to configure the following settings:

  • Status: Select Enabled or Disabled to turn QoS on or off.

    Select Not set to use the QoS settings configured locally on the switch.

  • Scheduling method: Select one of the following options:

    • Not set: Use the Scheduling method settings configured locally on the switch.
    • Strict priority: The switch always serves higher-priority queues first and only serves lower-priority traffic when higher-priority queues are empty.
    • WRR: Use the Weighted Round Robin (WRR) to distribute bandwidth across all queues based on the queue weights. You must set Queue weights for each of the eight work queues. The available values are 0 to 128, with 128 being the highest priority.

  • Trust mode: Select one of the following options:

    • DSCP: A Layer 3 QoS standard that uses 6 bits in the IP header to mark traffic priority. DSCP values range from 0 to 63.
    • 802.1p: A Layer 2 QoS standard that uses the 3-bit Class of Service (CoS) field in the VLAN tag to mark traffic priority. 802.1p values range from 0 to 7.
    • 802.1p-DSCP: The switch can translate between Layer 2 and Layer 3 QoS markings when traffic moves between different network segments or devices that use different QoS methods.

Click Update to save your changes.

CoS mapping

Use CoS mapping to map CoS values to a specific traffic queue on the switch. The priority values and the traffic typically associated with them are as follows:

  • 7: Network control (highest)
  • 6: Voice and video signaling
  • 5: Voice media traffic
  • 4: Video media
  • 3: Critical applications
  • 2: High-priority data
  • 1: Medium-priority data
  • 0: Best effort (lowest)

Select a traffic queue from the drop-down list to map that queue to the specified CoS value.

Click Update to save your changes.

DSCP mapping

Use DSCP mapping to map DSCP values to specific traffic queues on the switch. The priority values and the traffic typically associated with them are as follows:

  • 56 to 63: Network control (highest)
  • 48 to 55: Voice and video signaling
  • 40 to 47: Voice media traffic
  • 32 to 39: Video media
  • 24 to 31: Critical applications
  • 16 to 23: High-priority data
  • 8 to 15: Medium-priority data
  • 0 to 7: Best effort (lowest)

Select a traffic queue from the drop-down list to map that queue to the specified DSCP value.

Click Update to save your changes.

Ports

Use the Ports tab to configure CoS, bandwidth control, and storm control on a per-port basis.

CoS mapping

Use the CoS mapping table to configure the following CoS settings for each port:

  • CoS: Use the drop-down list to set the CoS value from 0 to 7. The values correspond to the configuration you set under Global settings.

    Select Not set to use the QoS settings configured locally on the switch.

  • Trust state: Select one of the following options from the drop-down list:

    • Not set: Use the Trust state settings configured locally on the switch.
    • Trusted: Trust the CoS marking on incoming packets.
    • Untrusted: Don't trust the CoS marking on incoming packets.

Configuration source shows the origin of the CoS mapping settings for that port.

Click Update to save your changes.

Bandwidth control

On the Bandwidth control table, you can define the following bandwidth settings for a specified port's inbound and outbound traffic:

  • Egress (kbps): Set the outbound bandwidth in kilobits per second (kbps).
  • Ingress (kbps): Set the inbound bandwidth in kilobits per second (kbps).

Note

The Egress (kbps) and Ingress (kbps) values must be a multiple of 16, ranging from 16 to 10,000,000. A value of 0 turns off bandwidth control. Select Not set to use the settings configured locally on the switch.

Configuration source shows the origin of the bandwidth control for that port.

Click Update to save your changes.

Storm control

Storm control limits the number of broadcast, unknown multicast, and unknown unicast frames accepted and forwarded by the switch. You can turn on storm control on a per-port basis by defining the packet type and the packets' transmit rate. The switch measures the incoming broadcast, unknown multicast, and unknown unicast frames separately on each port and discards the frames if the rate exceeds the defined rate.

  • Broadcast (kbps): Set the allowed number of broadcast packets in kilobits per second (kbps).
  • Multicast (kbps): Set the allowed number of multicast packets in kilobits per second (kbps).
  • Unicast: Set the allowed number of unicast packets in kilobits per second (kbps).

Note

The Broadcast (kbps), Multicast (kbps), and Unicast values must be a multiple of 16, ranging from 16 to 10,000,000. A value of 0 turns off storm control. Select Not set to use the settings configured locally on the switch.

Configuration source shows the origin of the storm control settings for that port.

Policies

On the Policies tab, you can create per-protocol QoS policies to apply to traffic on a per-port or per-VLAN basis.

You can see the following settings for each policy:

  • Class name: The name of the policy.
  • Ports binding: The ports to which the policy applies. You can select ports from the drop-down list.
  • Binding source: The source of the Ports binding settings.
  • MAC address: The source and destination MAC addresses.
  • IP address: The source and destination IP addresses.
  • VLAN: The VLAN and VLAN priority.

  • Service: The ethertype and service type.

    Ethertype values define what protocol is used in an Ethernet frame's payload. See Ethertypes.

    Service type values define the DSCP values that identify the type of traffic for QoS processing. See DSCP mapping.

  • Protocol: The protocol value

    You can select this value from a drop-down list when creating a policy, or you can select Custom to enter any protocol value from the defined IANA IP protocol numbers. See Assigned Internet Protocol Numbers.

  • Action: The action the switch takes and the value it assigns

Configuration source shows the origin of the policy settings.

  • To create a new policy, click Add policy, enter the settings, and click Save.
  • To edit a policy, click its name, enter the settings, and click Save.
  • To delete policies, select them and click Delete policy.