Cisco Catalyst 3560X-24P Command Reference Manual page 431

Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands
The trusted boundary feature prevents security problems if users disconnect their PCs from networked
Cisco IP Phones and connect them to the switch port to take advantage of trusted CoS or DSCP settings.
You must globally enable the Cisco Discovery Protocol (CDP) on the switch and on the port connected
to the IP phone. If the telephone is not detected, trusted boundary disables the trusted setting on the
switch or routed port and prevents misuse of a high-priority queue.
If you configure the trust setting for DSCP or IP precedence, the DSCP or IP precedence values in the
incoming packets are trusted. If you configure the mls qos cos override interface configuration
command on the switch port connected to the IP phone, the switch overrides the CoS of the incoming
voice and data packets and assigns the default CoS value to them.
For an inter-QoS domain boundary, you can configure the port to the DSCP-trusted state and apply the
DSCP-to-DSCP-mutation map if the DSCP values are different between the QoS domains.
Classification using a port trust state (for example, mls qos trust [cos | dscp | ip-precedence] and a
policy map (for example, service-policy input policy-map-name) are mutually exclusive. The last one
configured overwrites the previous configuration.
The switch supports IPv6 port-based trust with the dual IPv4 and IPv6 Switch Database Management
Note
(SDM) templates. You must reload the switch with the dual IPv4 and IPv6 templates for switches
running IPv6.
Related Commands This example shows how to configure a port to trust the IP precedence field in the incoming packet:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# mls qos trust ip-precedence
This example shows how to specify that the Cisco IP Phone connected on a port is a trusted device:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# mls qos trust device cisco-phone
You can verify your settings by entering the show mls qos interface privileged EXEC command.
Related Commands Command
mls qos cos
mls qos dscp-mutation
mls qos map
show mls qos interface
OL-21522-02
Description
Defines the default CoS value of a port or assigns the default CoS to all
incoming packets on the port.
Applies a DSCP-to DSCP-mutation map to a DSCP-trusted port.
Defines the CoS-to-DSCP map, DSCP-to-CoS map, the
DSCP-to-DSCP-mutation map, the IP-precedence-to-DSCP map, and the
policed-DSCP map.
Displays QoS information.
Catalyst 3750-X and 3560-X Switch Command Reference
mls qos trust
2-399