class-map voice-priority

Answered Question
Jan 24th, 2008

Hi,

We currently have a branch office (BO) router with ptp connection to headquarters (HQ). There is no firewall connecting router to LAN. We are now providing dedicated Internet access to BO, with a ASA firewall between the BO router and LAN. We have digital phone service with Priority Queuing for voice on the old branch office router. Should the Priority Queuing statements be now implemented in the ASA firewall or on the new router?

Thanks.

I have this problem too.
0 votes

If I understand the setup correctly then I would mark the voice packets at the e0 interface (input) of the BO router. Also apply the policy-map to the output of the s1 on the router.

Ideally, I would mark them at the LAN switch's layer 3 interface then prioritize them at the BO router but it is really no big deal as the odds of latency in a LAN environment are fairly slim.

HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.

I would imagine that since you should classify/mark packets as close to the edge as possible then you would need to mark/queue them at the ASA. This is assuming that it goes as follows:

HQ---Router---ASA---BO

If you are doing a lot of manipulation/inspection of the packets on the ASA already then perhaps you could do it on the router to off-load the overhead of the ASA.

saidfrh Thu, 01/24/2008 - 11:21

actually, its

HQ>ptp>s1 BO router

s0 BO router>Internet

E0 router>ASA firewall>LAN

The phone system on the LAN connects via ptp to HQ's LAN/phone system

Correct Answer

If I understand the setup correctly then I would mark the voice packets at the e0 interface (input) of the BO router. Also apply the policy-map to the output of the s1 on the router.

Ideally, I would mark them at the LAN switch's layer 3 interface then prioritize them at the BO router but it is really no big deal as the odds of latency in a LAN environment are fairly slim.

HTH

saidfrh Fri, 01/25/2008 - 09:12

Jon,

How does the following look? The access list is from the previous router. Why are there TCP ports in the list, when when is for voice priority queuing?

class-map voice-priority

match access-group 150

policy-map POLICY1

class voice-priority

priority 512

class class-default

fair-queue

interface Fa0

ip address 172.16.x.x 255.255.255.0

service-policy input POLICY1

service-module t1 timeslots 1-24

interface Serial0

ip address 172.16.x.x 255.255.255.0

service-policy output POLICY1

service-module t1 timeslots 1-24

access-list 150 permit udp any any range 5000 5070

access-list 150 permit udp any range 5000 5070 any

access-list 150 permit udp any any eq 5567

access-list 150 permit udp any eq 5567 any

access-list 150 permit tcp any any eq 5566

access-list 150 permit tcp any eq 5566 any

access-list 150 permit tcp any any eq 5570

access-list 150 permit tcp any eq 5570 any

access-list 150 permit udp any any eq 16384

access-list 150 permit udp any eq 16384 any

access-list 150 permit tcp any any eq 2427

access-list 150 permit tcp any eq 2427 any

access-list 150 permit udp any any eq 4000

access-list 150 permit udp any eq 4000 any

access-list 150 permit udp any any eq 4010

access-list 150 permit udp any eq 4010 any

I can't tell you why there are TCP ports in that ACL. TCP port 2427 is MGCP so I can understand that. I don't know what TCP port 5566-5567 and 5570 are. Perhaps they are what you phone systems uses for call control??

By saying priority 512 that has dedicated 512k to that traffic on that link (s0). You are using fair-queuing as well so that will prioritize higher ip precedence packets if they are marked precedence 3 or 4 (Cisco best practices).

Actions

This Discussion