Mls Qos Trust - Cisco Catalyst 2950 Command Reference Manual
Desktop switch
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
mls qos trust
If DSCP is trusted, the DSCP field of the IP packet is not modified. However, it is still possible that the
CoS value of the packet is modified (according to the DSCP-to-CoS map).
If CoS is trusted, the CoS of the packet is not modified, but DSCP can be modified (according to the
CoS-to-DSCP map) if it is an IP packet.
To return a port to the untrusted state, use the no mls qos trust interface configuration command.
The trusted boundary feature prevents security problems if users disconnect their PCs from networked
Cisco IP phones and connect them into the switch port to take advantage of trusted CoS settings. You
must globally enable the Cisco Discovery Protocol (CDP) on both the switch and on the interface
connected to the IP phone. If the phone is not detected, trusted boundary disables the trust setting on the
switch port and prevents misuse of a high-priority queue.
If trusted boundary is enabled and the no mls qos trust command is entered, the port returns to the
untrusted state and cannot be configured to trust if it is connected to a Cisco IP phone.
To disable trusted boundary, use the no mls qos trust device interface configuration command.
In software releases earlier than Release 12.1(11)EA1, the switch is in pass-through mode. It uses the
CoS value of incoming packets without modifying the DSCP value and sends the packets from one of
the four egress queues. You cannot enable or disable pass-through mode if your switch is running a
software release earlier than Release 12.1(11)EA1.
In Release 12.1(11)EA1 or later, pass-through mode is disabled by default. The switch assigns a CoS
value of 0 to all incoming packets without modifying the packets. It offers best-effort service to each
packet regardless of the packet contents or size and sends it from a single egress queue.
You can enable pass-through mode on a switch running Release 12.1(11)EA1 or later by using the mls
qos trust cos pass-through dscp interface configuration command. To disable pass-through mode, use
the no mls qos trust cos pass-through interface configuration command.
Note
In software releases earlier than Release 12.1(11)EA1, the mls qos trust command is available only
when the switch is running the EI.
Examples
This example shows how to configure a port to be a DSCP-trusted port:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# mls qos trust dscp
The mls qos trust dscp command is available only when the switch is running the EI.
Note
This example shows how to specify that the Cisco IP phone is a trusted device:
Switch(config)# interface fastethernet0/1
Switch(config-if)# mls qos trust device cisco-phone
This example shows how to configure the interface to trust the CoS of incoming packets and to send them
without modifying the DSCP field:
Switch(config)# interface fastethernet0/1
Switch(config-if)# mls qos trust cos pass-through dscp
You can verify your settings by entering the show mls qos interface privileged EXEC command.
Catalyst 2950 Desktop Switch Command Reference
2-98
Chapter 2
Cisco IOS Commands
78-11381-05
Hide quick links:
Advertisement
Table of Contents
