Here’s a slightly different way of thinking about it. When you issue the mls qos command on a switch, it will, by default, not trust any DSCP or CoS values on packets/frames it receives. It will therefore set the DSCP and CoS values of those packets/frames to zero. Now in order to change this behavior and keep the DSCP values on the packets received, we can issue the global configuration command no mls qos rewrite ip dscp.
Now, the next command that Rene added, and on the interface this time, is mls qos trust cos. This command simply says that we will trust the CoS values on that particular interface. Now switches have a default cos-to-dscp map, where particular CoS values correspond to DSCP values. If no additional commands are issued, then this cos-to-dscp mapping will be applied by default on all traffic on this particular interface. You can exempt traffic from this mapping by issuing the mls trust cos pass-through.
Yes, but the first default behavior pertains to the whole switch globally when the mls qos command is applied, and the second default behavior pertains to a specific interface and only when the mls qos trust cos command is issued on the interface. These are two different scenarios, but they are related. Does that make sense?
Well, not quite. Although they are related, trusting and not modifying DSCP field are two different things. You can instruct a switch to never modify the DSCP field using this command, but that does not mean that a particular interface will trust traffic. This command is simply an exception to the untrusting of traffic. You must individually configure interfaces to trust or untrust, and those characteristics affect not only DSCP, but also CoS values. So you see, you have a more granular control over how traffic is handled.
In this case, you are essentially saying that you only trust CoS values, and yes, by default, all DSCP values will be rewritten using the cos-to-dscp map.
The above commands (assuming you haven’t issued the no mls qos rewrite ip dscp command, will keep the CoS values as they are, but will erase the DSCP values.