Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trust boundary

Hi..

I extend the trust boundary to IP phones,

and there is a PC connected to the IP phone. CCO documentation mentioned that the IP phone will reset the CoS of packet coming from the PC that connects to the phone. My questions are

(1) The PC connected to IP phone is not trunk, so there is no CoS field in the packet. The CoS will be reset to 0 anyway.

(2) Will the IP phone reset the DSCP value of the packet coming from the PC?

If it doesn't, and i configure "trust dscp" on the switch, then there will be problem. Can someone confirm ?

Thanks

Eng Wee

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: Trust boundary

Hi Eng Wee,

1. That is correct that there is no CoS field if the phone is receiving untagged frames from the PC. If the frames are tagged, the CoS value will be reset to zero.

2. Yes. The DSCP of traffic received from the PC is also re-marked to zero by default. Therefore, 'trust dscp' should be fine on your switch port. Also, you might want to configure 'mls qos trust device cisco-phone' so that DSCP is only trusted when a Cisco IP phone is plugged into the port.

Hope that helps - pls rate the post if it does.

Paresh

4 REPLIES
Purple

Re: Trust boundary

Hi Eng Wee,

1. That is correct that there is no CoS field if the phone is receiving untagged frames from the PC. If the frames are tagged, the CoS value will be reset to zero.

2. Yes. The DSCP of traffic received from the PC is also re-marked to zero by default. Therefore, 'trust dscp' should be fine on your switch port. Also, you might want to configure 'mls qos trust device cisco-phone' so that DSCP is only trusted when a Cisco IP phone is plugged into the port.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Trust boundary

Hi Paresh,

Thanks for your reply.

If what you mentioned is correct, i am wondering what is the use of "trust cos". We can just use "trust dscp".

When u use auto qos, the default is "trust cos". I personally find "trust dscp" is better. When u connect a switch port to gateway or CCM, u will need to configure "trust dscp" since those are access ports. I think we should just standardise and use "trust dscp", instead of some ports using "trust dscp", some using "trust cos"

Comments.

Thanks

Eng Wee

Purple

Re: Trust boundary

Hi again,

You are right that DSCP is a bit more useful. But there are circumstances where you might want to use 'trust cos':

1. When you have non-IP traffic

2. When you are connecting to a trusted switch which can only re-mark CoS and not DSCP. In that case, you would want to make sure that you also re-mark DSCP accordingly by trusting the received CoS value.

If none of the above apply to you, 'trust dscp' is certainly the better option.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Trust boundary

Thanks for your comments. I totally agree with u.

141
Views
4
Helpful
4
Replies
CreatePlease login to create content