mls qos trust
The trusted boundary feature prevents security problems if users disconnect their PCs from networked
Cisco IP Phones and connect them to the switch port to take advantage of trusted CoS or DSCP settings.
You must globally enable the Cisco Discovery Protocol (CDP) on the switch and on the port connected
to the IP phone. If the telephone is not detected, trusted boundary disables the trusted setting on the
switch or routed port and prevents misuse of a high-priority queue.
If you configure the trust setting for DSCP or IP precedence, the DSCP or IP precedence values in the
incoming packets are trusted. If you configure the mls qos cos override interface configuration
command on the switch port connected to the IP phone, the switch overrides the CoS of the incoming
voice and data packets and assigns the default CoS value to them.
For an inter-QoS domain boundary, you can configure the port to the DSCP-trusted state and apply the
DSCP-to-DSCP-mutation map if the DSCP values are different between the QoS domains.
Classification using a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and a
policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last one
configured overwrites the previous configuration.
Examples
This example shows how to configure a port to trust the IP precedence field in the incoming packet:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# mls qos trust ip-precedence
This example shows how to specify that the Cisco IP Phone connected on a port is a trusted device:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# mls qos trust device cisco-phone
You can verify your settings by entering the show mls qos interface privileged EXEC command.
Related Commands
Command
mls qos cos
mls qos dscp-mutation
mls qos map
show mls qos interface
Cisco Catalyst Blade Switch 3020 for HP Command Reference
2-214
Chapter 2
Cisco Catalyst Blade Switch 3020 for HP Cisco IOS Commands
Description
Defines the default CoS value of a port or assigns the default CoS to all
incoming packets on the port.
Applies a DSCP-to DSCP-mutation map to a DSCP-trusted port.
Defines the CoS-to-DSCP map, DSCP-to-CoS map, the
DSCP-to-DSCP-mutation map, the IP-precedence-to-DSCP map, and the
policed-DSCP map.
Displays QoS information.
OL-8916-01