QoSInterface Config

mls qos trust [cos|dscp]

Sets the trust state on an interface to use either the CoS or DSCP value for QoS classification, enabling the switch to honor incoming QoS markings.

Syntax·Interface Config

mls qos trust [cos|dscp]

When to Use This Command

Trusting DSCP markings from a VoIP phone to prioritize voice traffic on an access port.
Trusting CoS markings from a router on a trunk link to preserve QoS across the network.
Configuring trust on an uplink port to a service provider to accept their DSCP markings.
Setting trust on a port connected to a trusted server that marks its own traffic.

Command Examples

Trust DSCP on an access port for VoIP

interface GigabitEthernet0/1
mls qos trust dscp

Switch(config-if)# mls qos trust dscp
Switch(config-if)# end
Switch# show mls qos interface GigabitEthernet0/1
GigabitEthernet0/1
  trust state: trust dscp
  trust mode: trust dscp
  COS override: dis
  default COS: 0
  DSCP mutation: none
  trust device: none
  qos mode: port-based

The 'trust state' shows the current trust setting. 'trust dscp' means the switch will use the DSCP value for QoS. 'COS override' is disabled, so CoS is not used. 'default COS' is 0 for untrusted traffic. 'DSCP mutation' is none, meaning no DSCP mapping is applied. 'trust device' shows no specific device trust. 'qos mode' is port-based.

Trust CoS on a trunk port

interface GigabitEthernet0/2
mls qos trust cos

Switch(config-if)# mls qos trust cos
Switch(config-if)# end
Switch# show mls qos interface GigabitEthernet0/2
GigabitEthernet0/2
  trust state: trust cos
  trust mode: trust cos
  COS override: dis
  default COS: 0
  DSCP mutation: none
  trust device: none
  qos mode: port-based

The 'trust state' is now 'trust cos', meaning the switch will use the CoS value from the frame. All other fields remain similar. This is typical on trunk links where CoS markings are preserved.

Understanding the Output

The 'show mls qos interface' command displays the QoS trust configuration for a specific interface. The 'trust state' field indicates whether the interface trusts CoS, DSCP, or is untrusted. 'trust mode' shows the configured trust type. 'COS override' indicates if CoS is overridden (dis or en). 'default COS' is the CoS value assigned to untrusted traffic. 'DSCP mutation' shows any DSCP mutation map applied. 'trust device' indicates if a specific device (like Cisco IP Phone) is trusted. 'qos mode' shows the QoS mode (port-based or vlan-based). A good configuration shows the desired trust state; a bad configuration might show 'untrusted' when trust was intended.

CCNA Exam Tips

Remember that 'mls qos trust' must be configured after enabling 'mls qos' globally.

On access ports, trust DSCP is common for VoIP; on trunk ports, trust CoS is typical.

The default trust state on a port is 'untrusted' unless explicitly configured.

CCNA may test that 'mls qos trust cos' is used on trunk ports to preserve Layer 2 CoS markings.

Common Mistakes

Forgetting to enable 'mls qos' globally before configuring trust on an interface.

Using 'mls qos trust cos' on an access port where DSCP is more appropriate for IP traffic.

Assuming trust is enabled by default; it is not, and QoS markings will be ignored without it.

Related Commands

mls qos

Enables QoS globally on a Catalyst switch and enters MLS QoS configuration mode to configure trust settings, queueing, and policing.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions