BCMSN - Trusted boundaries

Unanswered Question
Jul 4th, 2008


I am studying to take my second BCMSN test since I failed the first one. There are some topics where I am not very clear and I keep finding different answers. I hope I can find the correct one here.

1. Trusted Boundaries

mls qos trust cos --> this command trust CoS coming from the IP Phone. Which one will be the trust boundary here, the IP Phone or the switch?

switchport priority extend trust --> this command extends the trust to the IP Phone, so it trust the frames coming from the PC. Which one will be the trusted boundary, the IP Phone or the PC?


Switch ---- IP Phone --- PC

The command: mls qos trust cos has been entered on the switch.

What is the trust boundary effect on this command?

a. RTP will be used to negotiate to CoS value upon bandwidth utilization on the link

b. The host is now establishing the CoS value and has effectively become the trust boundary

c. The switch will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS

d. The switch is rewriting packets it receives from the IP Phone and determining the CoS value

e. Effectively the trust boundary has moved to the IP phone

I can see that the answer is E since none of the other options make sense but, shouldn't the boundary be just the switch since it is the one trusting the packets?

Let me know if I don't explain myself correctly. I hope somebody can explain this loud and clear :-)

Thanks for all your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
brianjpisa Sat, 07/05/2008 - 05:42

The trust boundary cuts off an untrusted device from the trusted devices. The pc is untrusted and the ip phone is trusted. So the trusted boundary is at the ip phone. I didn't really understand it when I was studying for BCMSN because the training material really didn't cover it. They go over it in the ONT material.

johnlloyd_13 Tue, 08/12/2008 - 03:34

trust boundary is moved on the ip phone coz the ip phone is now the one rewriting the cos values coming from the pc. it lessens the burden on the cat switch in classifying/rewriting packets from the pc, since the ip phone can definitely do it. remember, trust boundary should be placed near the source


This Discussion