Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
2
Replies

Trust Boundaries

avillalva
Level 1
Level 1

‎01-29-2009 10:04 PM - edited ‎03-15-2019 03:52 PM

Hi all,

Can you please help me clear this up.

I am confused about DSCP trust boundaries. I understand that COS is Layer 2 and it is stripped off at the router.

But what about DSCP? The IP portion of the packet is not stripped so why whould there be a need to trust DSCP?

Is the DSCP cleared at the switch if DSCP is not trusted? i.e. a phone marks a packet with EF. What happens to that marking with a) mls qos trust dscp and b) not trusted.

Thanks for your help,

Labels:
0 Helpful
2 Replies 2

Nicholas Matthews
Level 9
Level 9

‎01-29-2009 10:51 PM

Hi,

If you have mls qos enabled on the switch, every port is untrusted by default.

If you have mls qos enabled on the switch, and you have 'mls qos trust dscp', then all values are trusted.

So in essence, mls qos + mls qos trust dscp is the same thing as not having mls qos enabled at all.

hth,

nick

0 Helpful

avillalva
Level 1
Level 1
In response to Nicholas Matthews

‎02-01-2009 03:41 PM

Thanks Nick,

What does the trust and untrust mean for a physical packet? i.e. if mls qos is enabled and my port is untrusted, does that mean any DSCP values set by an end node are cleared? An example would be an IP phone attached to an untrusted port. The phone sets the dscp to EF, once the packet traverses the switch will the DSCP be reset 00.

Thanks,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents