QoS for Voice on C3560 (and others)

Unanswered Question
Sep 3rd, 2008
User Badges:

We are looking to build up a very tight trusted bundary for different none Cisco voice-hard/soft-phones on the edge of the LAN.

We are trying to use vendors mac address and used voice/UDP/RTP-ports to classify the "trusted" traffic for EF.


Config could look like:


mac access-list extended vendmac

permit 0080.9f00.0000 0000.00ff.ffff any


access-list 2250 permit udp any range 32514 32515 any range 32560 32570


access-list 2226 permit tcp any any eq 1720

access-list 2226 permit tcp any any range 16340 16800


class-map match-all voice

match access-group name vendmac

match access-group 2250


class-map match-all voice-control

match access-group 2226

class-map match-any best_effort

match access-group 2201


policy-map VoIP

class voice

set dscp ef

class voice-control

set dscp af21

class best_effort

set dscp default


int fa0/1 - 48

service-policy input VoIP


Unfortunately, the service-policy VoIP is not being accepted on the switch ports (fa0/1 -48), since the "class-map match-all voice" contains 2 match statements. (if either of the two match statements is kept as a single entry in the class-map, everything is OK, but then we are loosing the relation VendorMac<>used RTP stream to qualify for real voice traffic!!)


-> Is this a bug ? Works as designed?

-> Any work around??


thank you for any input on this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Wed, 09/03/2008 - 21:48
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first of all

the udp ACl should be like


permit udp any any range 16384 32767


what i suggest you to do only use the udp ACl

as i mention it above thus, u can remark this udp traffic to EF in the ingres policy on the port

u dont need the mac address

if u look for security issues u cam use port security with max mac can be used on any port to one


good luck


if helpful Rate

aodermatt Wed, 09/03/2008 - 22:14
User Badges:

Dear Rate,


thx for replying. We are aware off this u cam port security features.

Unfortunatley, we want to correlate vendor mac with the UDP/RTP voice stream, used by the vendor.

Marwan ALshawi Wed, 09/03/2008 - 22:28
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

but as long it is not support it

and i think u dont need it if u shore the device is connected is a phon

even on cisco documentations and srnds they u se the ACL i sen you to match voice traffic


or u can match the traffic based on its vlan

for example u have all phones i network 10.1.1.0/24

so u mtach all udp traffic from that network

then mark it as EF


any good luck




if helpful Rate


Marwan

Actions

This Discussion