I have a DMVPN setup and on the spoke router the tunnel interface is T0 and it's on FE0/0 where the ISP router is connected. The total bandwidth is 1.5Mbps.
I have IP phone traffic on the VPN tunnel and I want to prioritize it. However the local internet traffic goes directly out of FE0/0, not through the tunnel. How can I setup the QoS so the phone traffic on the vpn tunnel will have priority and guaranteed bandwidth while the internet traffic will still be able to fully utilize the 1.5 link when there is no phone traffic? Thanks!
I am doing a very similar setup at he mo, the only difference is that internet traffic is tunneled to the hub site as well, but I don't think that should make a difference. If you add qos pre-classify statement to the tunnel interface that will ensure traffic is classified for QoS prior to being encrypted. Use a priority command to use low latency queueing for voice traffic (other traffic will be able to use this bandwdith when voice does not require it) something like.....
match dscp ef
policy map enterprise
priority 256 (kbps, that may be too much)
You may want to shape the traffic as well to stop packets leaving your router at 100 mbps you can do this something like.....
Then apply the new policy map to the interface, e.g.
The other thing you may want to consider is auto qos (this will monitor packets based on NBAR or DSCP (I reckon DSCP is better) and provide info and recommend (but not implement a policy) to do this...
auto discovery qos trust (trust specifies using dscp, if you don't use that you would need to enable nbar)
I'm no expert on QoS but thats how I am currently setting it up
Richard (Ricey) hope you don't mind me answering these questions.
#1 The real interface would be the preferred location (in case there was other traffic besides just the one tunnel's traffic).
#2 It allows the service policy to see packet information before it was encrypted. (An alternative approach is to rely on ToS tags, e.g. DSCP.)
#3 You could, but the shaper is critical to create congestion that corresponds to the downstream bandwidth. Otherwise, VoIP wouldn't be treated better until the f0/0 congested. (Also, when working with Ethernet that hands off [eventually] to another media, you may need to allow for Ethernet framing overhead in your shaping. Also for VoIP, you might need to decrease the shaper's Tc.)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :