Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Shoretel Phone System Auto QoS: Cisco 2960s, 5k's, and 5510 Firewall


We have recently deployed a Shoretel Phone system in our environment and are experiencing a tremendous amount of Packet Loss/Jitter/Latency on both internal and external phones.  We want to enable QoS but would like clarification as to what we need to enable QoS on if not the whole environment.  Any information relating to prior experience would be greatly appreciated.

  Our network environment consists of:

(2) Nexus 5ks (all stacks connect to)

Cisco 5510 Firewall

Cisco Router (provided by carrier)

WindStream PRI (connected directly to Shoregear switch)

Stack 1 = (4) 2960 Cisco Catalyst Switches (10g Fiber connection to Nexus 5k)

Stack 2 = (2) 2960 Cisco Catalyst Switches (10G fiber connection to Nexus 5k) 

Stack 3 = (4) 2960 Cisco Catalyst Switches (10G Fiber connection to Nexus 5k)

Stack 4 = (2) 2960 Cisco Catalyst Switches (10G Fiber connection to Nexus 5k)

* Stack 2 = Switch 2 contains shoretel phone system and shoregear switchports

* Stack 1-3-4 = Mix of Voice/Data ports.  Each port is segregated to either be Voice or Data.  No sharing

  • LAN Switching and Routing
VIP Purple

I can only help you with the

I can only help you with the 2960 part.  Cisco have a bunch of macros on all their Catalyst switch platforms that configures QoS as per Cisco recommendations.

This does rely on your devices uses the same QoS markings as Cisco recommends.

On the 2960 uplinks to the Nexus use:

macro apply cisco-switch

Typically on interfaces facing Cisco phones you use:

macro apply cisco-phone

New Member

You need QoS on all devices. 

You need QoS on all devices. 

From global config:

class-map match-any <name>

  match access-group name <name of access-group>

class-map match-any <name2>

  match access-group name <name of access-group2>

Then you need the policy-map:

policy-map WAN-QoS-003
 class Name
  set ip dscp ef
  priority percent 40
 class Name2
  bandwidth percent 36
  set ip dscp af31
  class class-default

 set ip dscp default


Then you will need the ACL:

ip access-list extended <Name>
 remark Real Time Traffic - all VoIP RTP traffic
 permit ip any any dscp ef
 permit udp any any range 10000 14500

ip access-list extended <name2>
  permit tcp any any eq ftp
 permit tcp any any eq 22
 permit tcp any any eq domain
 permit tcp any any eq telnet
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq 3389

And then add the policy (in or out) to the interface you want to apply it to:

interface FastEthernet0/0/0
 description This is the desc of this interface

 bandwidth 50000
 ip address x.x.x.x
  no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 load-interval 30
 duplex full
 speed 100
 service-policy output <name>

If you are just wanting voice to be tagged, you want ef traffic.  ShoreTel uses other ports for signaling that you want want to put in another policy.

How that helps.