09-24-2008 09:00 AM - edited 03-06-2019 01:34 AM
Hi,
We have Site A and Site B interconnected via 1 Gb Ethernet terminating on Cisco 3750G switches. Our requirement
1. Data, Voice and Internet traffic to be on different L2 VLAN (security concern).
2. Data and Internet traffic capped to 100 Mbps max.
3. Voice to use all available BW (which includes any un utilized Data/internet under the 100 Mbps cap)
Note: Data and Voice traffic are from different subnets (meaning we have at least 5 X /24 for data and 3 X /24 for voice)
Please give some inputs on what is the best way of doing this.
Thanks in advance,
subra.
Diagram in the attachment with IOS details
09-24-2008 09:53 AM
class-map match-all voice
description class for voice
match access-group name Voice
policy-map voice
class voice
priority percent 90
class class-default
fair-queue
ip access-list extended Voice permit ip x.x.x.x x.x.x.x (x being your telephony subnet)any
Just one way of doing it.
09-25-2008 12:15 AM
Hi,
Thanks for the input.
I am wondering how to get this implemented. Should I create 3 routed interfaces and implement policy maps on it or 3 SVI.
Any more ideas plz post.
Thanks
subra
09-25-2008 02:53 AM
let consider this example
data 192.168.1.0/24
internet 172.168.1.0/24
voice 10.1.1.0/24
on Site A
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
access-list 102 permit ip 10.1.1.0 0.0.0.255 any
now let make class maps to match these ACLs
class-map data
match access-group 100
class-map internet
match access-group 101
class-map voice
match access-group 102
now lets make a policy for bandwdith management
plicy-map data
class data
police 100000 8000 exceed-action drop
plicy-map internet
class internet
police 100000 8000 exceed-action drop
now we gonna apply these polices on the inbound direction on the source ports not the uplink between switchs
so lets say the port that connected to data is fa0/1
and the port connected to internet is
fa0/5
this is on site A
interface fa0/1
service-policy input data
interface fa0/5
service-policy input internet
and leave the voice port wiout limitation
based on this config the traffic will be droped even befor it enter the switch f its above 100M
and the same idea on the site B
and if u want the communication be isolated between VLANs on L2 make the linke between the swithes as trunk and dont make SVIs to avoid routing between VLANs unless u make the routing with filtering
and keep the vlans span the upling as L2 vlans
and about the above ACLs if u have more subnest u can added to the ACLs eachwith it own class like data or internet
good luck
if helpful Rate
09-25-2008 03:54 AM
Hello Mate,
Thanks for your time and the informative Input.
I have a small doubt here regarding the network congestion. In a scenario where the Voice, Data and Internet all running full capacity i.e. 800+100+100 respectively. How will be the voice packet treated. Is it just like the Data and Internet. What could be done , if thatz the case.
Thanks
Subra
09-25-2008 04:00 AM
in ur case
as the vlans in saparte interfaces and saparate vlans
and we have policed the trraffic exept voice then all other bandwidth will be for voice
if u gonna use trust boundaries and u have ur voice traffic already marked as COS 5 for example
then u can use the scheduling methoed and droping thrthould as an extra qos level on the uplink trunk between switches
this will help u service voice first
but as i mention the bamdwidth will be about 800 for voice as we policed the other two links to 100 each
hope this helpful
09-25-2008 06:30 AM
The voice traffic will get priority up to 90% in this configuration. Everything else is best effort.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide