| Description | This object is used to indicate the operational trust state of
an interface. The operational trust state may or may not be
identical to the config trust state denoted by
caqIfTrustStateConfig. The value of this object depends on the
runtime conditions such as whether the interface is configured
to trust a certain type of device as denoted by caqIfTrustDevice
as well as whether a device of the trusted type is connected to
the interface. For example, if the interface is configured to
only trust Cisco IP Phone and the phone is not connected to
the interface at runtime, the operational trust state of this
interface will have the untrusted(1) value even if the
trustCoS(2) value is configured in caqIfTrustStateConfig.
This object is only instantiated if the platform supports
trust device configuration.
If the object is untrusted(1), then the DSCP assigned to the
packet is the DSCP specified by classification rule obtained
from the matching ACE (Access Control Entry). ACE is a filter
that is used to identify flows with certain characteristics. It
includes fields such as ingress/egress ports, L2 addresses, L3
addresses , TCP/UDP port number.
If this object is trustCoS(2), then the DSCP assigned
to the packet is the layer2 CoS of the packet mapped to a
DSCP by the CoS-to-DSCP mapping defined in object
caqCosToDscpDscp.
When this object is trustIpPrec(3), a DSCP is assigned to
an IP packet according to the IP-Precedence-to-DSCP mapping
defined by the values contained in caqIpPrecToDscpTable. For
non-IP packets, trustIpPrec(3) has identical behavior as
trustCoS(2).
When this object is trustDscp(4), the DSCP contained in an IP
packet is trusted as being the correct value to assign to it.
For non-IP packets, trustDscp(4) has identical behavior as
trustCoS(2). |