Cisco Catalyst 2950 Command Reference Manual page 248

Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
mls qos trust
If DSCP is trusted, the DSCP field of the IP packet is not modified. However, it is still possible that the
CoS value of the packet is modified (according to the DSCP-to-CoS map).
If CoS is trusted, the CoS of the packet is not modified, but DSCP can be modified (according to the
CoS-to-DSCP map) if it is an IP packet.
To return a port to the untrusted state, use the no mls qos trust interface configuration command.
The trusted boundary feature prevents security problems if users disconnect their PCs from networked
Cisco IP phones and connect them into the switch port to take advantage of trusted CoS settings. You
must globally enable the Cisco Discovery Protocol (CDP) on both the switch and on the interface
connected to the IP phone. If the phone is not detected, trusted boundary disables the trust setting on the
switch port and prevents misuse of a high-priority queue.
If trusted boundary is enabled and the no mls qos trust command is entered, the port returns to the
untrusted state and cannot be configured to trust if it is connected to a Cisco IP phone.
To disable trusted boundary, use the no mls qos trust device interface configuration command.
In software releases earlier than Cisco IOS Release 12.1(11)EA1, the switch is in pass-through mode. It
uses the CoS value of incoming packets without modifying the DSCP value and sends the packets from
one of the four egress queues. You cannot enable or disable pass-through mode if your switch is running
a software release earlier than Cisco IOS Release 12.1(11)EA1.
In Cisco IOS Release 12.1(11)EA1 or later, pass-through mode is disabled by default. The switch assigns
a CoS value of 0 to all incoming packets without modifying the packets. It offers best-effort service to
each packet regardless of the packet contents or size and sends it from a single egress queue.
You can enable pass-through mode on a switch running Cisco IOS Release 12.1(11)EA1 or later by using
the mls qos trust cos pass-through dscp interface configuration command. To disable pass-through
mode, use the no mls qos trust cos pass-through interface configuration command.
In software releases earlier than Cisco IOS Release 12.1(11)EA1, the mls qos trust command is
Note
available only when the switch is running the EI.
Examples
This example shows how to configure a port to be a DSCP-trusted port:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# mls qos trust dscp
This example shows how to specify that the Cisco IP phone is a trusted device:
Switch(config)# interface fastethernet0/1
Switch(config-if)# mls qos trust device cisco-phone
This example shows how to configure the interface to trust the CoS of incoming packets and to send them
without modifying the DSCP field:
Switch(config)# interface fastethernet0/1
Switch(config-if)# mls qos trust cos pass-through dscp
You can verify your settings by entering the show mls qos interface privileged EXEC command.
Catalyst 2950 and Catalyst 2955 Switch Command Reference
2-218
OL-10102-01