Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Trust Boundaries

Hi all,

Can you please help me clear this up.

I am confused about DSCP trust boundaries. I understand that COS is Layer 2 and it is stripped off at the router.

But what about DSCP? The IP portion of the packet is not stripped so why whould there be a need to trust DSCP?

Is the DSCP cleared at the switch if DSCP is not trusted? i.e. a phone marks a packet with EF. What happens to that marking with a) mls qos trust dscp and b) not trusted.

Thanks for your help,

2 REPLIES

Re: Trust Boundaries

Hi,

If you have mls qos enabled on the switch, every port is untrusted by default.

If you have mls qos enabled on the switch, and you have 'mls qos trust dscp', then all values are trusted.

So in essence, mls qos + mls qos trust dscp is the same thing as not having mls qos enabled at all.

hth,

nick

New Member

Re: Trust Boundaries

Thanks Nick,

What does the trust and untrust mean for a physical packet? i.e. if mls qos is enabled and my port is untrusted, does that mean any DSCP values set by an end node are cleared? An example would be an IP phone attached to an untrusted port. The phone sets the dscp to EF, once the packet traverses the switch will the DSCP be reset 00.

Thanks,

327
Views
0
Helpful
2
Replies
CreatePlease to create content