Cisco Catalyst 3550 Command Reference Manual page 204

mls qos trust
When a port is configured with trust DSCP or trust IP precedence and the incoming packet is a non-IP
packet, the CoS-to-DSCP map derives the corresponding DSCP value from the CoS value. The CoS can
be the packet CoS for trunk ports or the port default CoS for nontrunk ports.
If the DSCP is trusted, the DSCP field of the IP packet is not modified. However, it is still possible that
the CoS value of the packet is modified (according to the CP-to-CoS map) unless the pass-through cos
keyword is specified.
If the CoS is trusted, the CoS field of the packet is not modified, but the DSCP can be modified
(according to the CoS-to-DSCP map) if the packet is an IP packet (unless the pass-through dscp
keyword is specified).
If you configure the mls qos trust [cos pass-through dscp | dscp pass-through cos] interface
configuration command and then configure the mls qos trust [cos | dscp] interface configuration
command, pass-through mode is disabled.
If you configure an interface for DSCP pass-through mode by using the mls qos trust cos pass-through
dscp interface configuration command and apply the DSCP-to-DSCP mutation map to the same
interface, the DSCP value changes according to the mutation map.
The trusted boundary feature prevents security problems if users disconnect their PCs from networked
Cisco IP phones and connect them to the switch port to take advantage of trusted CoS settings. You must
globally enable the Cisco Discovery Protocol (CDP) on the switch and on the interface connected to the
IP phone. If the telephone is not detected, trusted boundary disables the trusted setting on the switch port
(sets the trust state to not trusted) and prevents misuse of a high-priority queue.
For an inter-QoS domain boundary, you can configure the port to the DSCP-trusted state and apply the
DSCP-to-DSCP-mutation map if the DSCP values are different between the QoS domains.
A classification that uses a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and
classification that uses a policy map (for example, service-policy input policy-map-name) are mutually
exclusive. The last setting configured overwrites the previous configuration.
Examples This example shows how to configure a port as an IP-precedence trusted port:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# mls qos trust ip-precedence
This example shows how to specify that the Cisco IP phone is a trusted device:
Switch(config)# interface fastethernet0/1
Switch(config-if)# mls qos trust device cisco-phone
You can verify your settings by entering the show mls qos interface privileged EXEC command.
Related Commands Command
mls qos cos
mls qos dscp-mutation
mls qos map
show mls qos interface
Catalyst 3550 Multilayer Switch Command Reference
2-178
Description
Defines the default CoS value of a port or assigns the default CoS to all
incoming packets on the port.
Applies a DSCP-to DSCP-mutation map to a DSCP-trusted port.
Defines the CoS-to-DSCP map, DSCP-to-CoS map, the
DSCP-to-DSCP-mutation map, the IP-precedence-to-DSCP map, and the
policed-DSCP map.
Displays QoS information.
Chapter 2 Cisco IOS Commands
78-11195-09