Matching VoIP traffic

Answered Question
Feb 2nd, 2009
User Badges:

Hi,


Just wondering if these two class maps accomplish the same goal:


class-map match-all VoIP-1

match protocol rtp audio

class-map match-all VoIP-2

match access-group 123

!

access-list 123 permit udp any any range 16384 32767


thanks!

Correct Answer by Nicholas Matthews about 8 years 3 months ago

That is the same as your access list. It's not deep packet inspection like the match protocol statement. The 2nd number there is a range, and is an alternative to using an ACL.


-nick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Nicholas Matthews Mon, 02/02/2009 - 18:52
User Badges:
  • Red, 2250 points or more

Hi,


These are actually quite different.


If you have a Cisco only VoIP deployment, they should be equivalent. The 16384 - 32767 is a Cisco only standard. Many SIP providers and other voice applications will use ports 10000-70000.


The first uses NBAR (requires CEF), and looks inside the packet for a RTP header. If you're worried about CPU utilization this would kick up a bit.


The optimal matching would be to ensure you have a switched network that is trusting DSCP and mark/match it EF.



hth,

nick

enriquebs Tue, 02/03/2009 - 00:58
User Badges:

OK


No worries about CPU utilization I just trying to understand how to match VoIP traffic in a Cisco network. Also found this ACL:


match ip rtp 16384 16383


Is it also suppose to match VoIP traffic?


thanks!

Correct Answer
Nicholas Matthews Tue, 02/03/2009 - 05:48
User Badges:
  • Red, 2250 points or more

That is the same as your access list. It's not deep packet inspection like the match protocol statement. The 2nd number there is a range, and is an alternative to using an ACL.


-nick

Actions

This Discussion