A trust boundary is the point in a network where traffic markings, such as DSCP (Layer 3) or Priority Code Point (PCP) / Class of Service (CoS) (Layer 2) are trusted.
Figure 1 – The trust boundary is where DSCP and PCP markings are trusted
Beyond this point, the network devices rely on these markings to prioritize traffic based on Quality of Service (QoS) policy.
But here’s something to think about: What happens if a device outside your control marks its own traffic as high priority to gain an unfair advantage?
=> Traffic markings applied by devices outside the trust boundary are considered untrusted and will be re-marked to align with the network's policies. This ensures that only traffic from trusted devices influences network performance.
The trust boundary is established on devices controlled by IT, such as access layer switches or IP phones.
Answer the question below
The trust boundary is typically placed on network devices where traffic markings can be verified and adjusted if needed. These devices must be fully controlled and managed by IT staff. Common locations for trust boundaries include:
Access Layer Switches: These devices receive traffic from end-user devices and re-mark it to align with network QoS policies.
Trust Boundary: Access Switch
Imagine you’re managing a network where devices like PCs are directly connected to access switches. Would you trust the traffic markings coming from these PCs? Probably not, right? That’s where the access switch steps in as the trust boundary.
Here’s how it looks:
Figure 2 – Access switch as the trust boundary for traffic markings
40 % Complete: you’re making great progress
Unlock the rest of this lesson
If you’d like to continue your CCNA journey, create your free account now.
Access all free CCNA lessons
Practice with quizzes and level test
Progress tracking in your dashboard
Made by network engineers - CCNP certified
Create your Free Account1151 learners continued their CCNA journey this month