How to configure QoS trust boundary on Cisco Switches

Hello Helen.

Do you mean the ToS field? If so you can find info about this lesson:

If you don’t mean the ToS field, can you clarify what field you mean?

QoS can take place at layer 3 (when packets are routed) or at layer 2 (on trunk links). The DSCP values are those found in the ToS field of the IP header and are used to implement QoS at Layer 3.
They are contained within a field of 6 bits so they have values from 0 to 63. More about these can be found in the lesson shared above.

The CoS values are those found within the VLAN tag and are used to implement QoS at Layer 2. These CoS values are briefly mentioned under the “Classification and Marking” section in the following lesson, and are referred to as the "priority field: of the VLAN tag:

These CoS values are important when multiple VLANs are competing for available bandwidth on a trunk port. QoS mechanisms on a switch will prioritize VLAN frames over a trunk based on the CoS values. CoS values are contained within a 3 bit field, so CoS values can be 0 to 7.

CoS to DSCP mappings, and vice versa, are used to allow routers and switches to maintain a common QoS strategy from end to end by translating Layer 2 QoS markings to Layer 3 and vice versa. An example of how you can display these mappings is shown below:

c3750#sh mls qos maps cos-dscp
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 26 32 46 48 56

c3750#sh mls qos maps dscp-cos
   Dscp-cos map:
     d1 :  d2 0  1  2  3  4  5  6  7  8  9
     ---------------------------------------
      0 :    00 00 00 00 00 00 00 00 01 01
      1 :    01 01 01 01 01 01 02 02 02 02
      2 :    02 02 02 02 03 03 03 03 03 03
      3 :    03 03 04 04 04 04 04 04 04 04
      4 :    05 05 05 05 05 05 05 05 06 06
      5 :    06 06 06 06 06 06 07 07 07 07
      6 :    07 07 07 07

The syntax may be a bit different for different platforms. To understand the output of the dscp-cos mappings, take a look at the lesson mentioned before.

Yes this is correct.

This command actually means that the switch uses the CoS value of the incoming packets without modifying the DSCP value. It passes through the switch with both CoS and DSCP values unchanged. If this command is used without pass-through keyword, then the DSCP value is derived from the CoS to DSCP map. More info here.

Yes, a trust boundary is a Layer 2 concept, which is not present o routers.

The concepts of QoS on an ASA are much the same as those on an IOS router. Some of the commands may have a slight syntax change, but the principles are the same. Some examples of QoS implementation on an ASA can be found in the following Cisco documentation:

I hope this has been helpful!

Laz