We are looking to build up a very tight trusted bundary for different none Cisco voice-hard/soft-phones on the edge of the LAN.
We are trying to use vendors mac address and used voice/UDP/RTP-ports to classify the "trusted" traffic for EF.
Config could look like:
mac access-list extended vendmac
permit 0080.9f00.0000 0000.00ff.ffff any
access-list 2250 permit udp any range 32514 32515 any range 32560 32570
access-list 2226 permit tcp any any eq 1720
access-list 2226 permit tcp any any range 16340 16800
class-map match-all voice
match access-group name vendmac
match access-group 2250
class-map match-all voice-control
match access-group 2226
class-map match-any best_effort
match access-group 2201
set dscp ef
set dscp af21
set dscp default
int fa0/1 - 48
service-policy input VoIP
Unfortunately, the service-policy VoIP is not being accepted on the switch ports (fa0/1 -48), since the "class-map match-all voice" contains 2 match statements. (if either of the two match statements is kept as a single entry in the class-map, everything is OK, but then we are loosing the relation VendorMac<>used RTP stream to qualify for real voice traffic!!)
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...