Adding to @pyro13g...this is also where a good QoS policy ACL is specific. You configure the ACL to include the server (s) IP and service port(s) for the application. Configuring QoS to "trust" the tags coming from the access port is just asking for trouble. Do you really want Pandora or Skype classified and prioritized to EF with your real VoIP traffic?
D
