Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

QoS for Voice on C3560 (and others)

We are looking to build up a very tight trusted bundary for different none Cisco voice-hard/soft-phones on the edge of the LAN.

We are trying to use vendors mac address and used voice/UDP/RTP-ports to classify the "trusted" traffic for EF.

Config could look like:

mac access-list extended vendmac

permit 0080.9f00.0000 0000.00ff.ffff any

access-list 2250 permit udp any range 32514 32515 any range 32560 32570

access-list 2226 permit tcp any any eq 1720

access-list 2226 permit tcp any any range 16340 16800

class-map match-all voice

match access-group name vendmac

match access-group 2250

class-map match-all voice-control

match access-group 2226

class-map match-any best_effort

match access-group 2201

policy-map VoIP

class voice

set dscp ef

class voice-control

set dscp af21

class best_effort

set dscp default

int fa0/1 - 48

service-policy input VoIP

Unfortunately, the service-policy VoIP is not being accepted on the switch ports (fa0/1 -48), since the "class-map match-all voice" contains 2 match statements. (if either of the two match statements is kept as a single entry in the class-map, everything is OK, but then we are loosing the relation VendorMac<>used RTP stream to qualify for real voice traffic!!)

-> Is this a bug ? Works as designed?

-> Any work around??

thank you for any input on this


Re: QoS for Voice on C3560 (and others)

first of all

the udp ACl should be like

permit udp any any range 16384 32767

what i suggest you to do only use the udp ACl

as i mention it above thus, u can remark this udp traffic to EF in the ingres policy on the port

u dont need the mac address

if u look for security issues u cam use port security with max mac can be used on any port to one

good luck

if helpful Rate

New Member

Re: QoS for Voice on C3560 (and others)

Dear Rate,

thx for replying. We are aware off this u cam port security features.

Unfortunatley, we want to correlate vendor mac with the UDP/RTP voice stream, used by the vendor.

Re: QoS for Voice on C3560 (and others)

but as long it is not support it

and i think u dont need it if u shore the device is connected is a phon

even on cisco documentations and srnds they u se the ACL i sen you to match voice traffic

or u can match the traffic based on its vlan

for example u have all phones i network

so u mtach all udp traffic from that network

then mark it as EF

any good luck

if helpful Rate


CreatePlease to create content