Just an observation.
Cisco IOS routers and switches mark locally originated SSH and Telnet traffic with 802.1p = 6, DSCP = CS6 (48). That is, if you initiate an SSH session to the router, the returning traffic will have DSCP set to CS6. It’s a bit weird because Cisco IOS CLI states that default DSCP value for locally originated SSH packets is 0.
C3750(config)#ip ssh dscp ? <0-63> ip dscp value (default value 0 )
I have explicitly set SSH’s DSCP to 0 and confirmed the switch stared to use DSCP Default 0 for all new connections. There’s a similar command for telnet:
C3750(config)#ip telnet tos ? <0-FF> TOS value
So, keep this in mind if you design End-to-End QoS model.