Solved: access-list - how to match traffic

snooter · ‎06-30-2006

Hello

I've got an issue where a call forwarded accross the WAN isn't being put in the proper priorit queue.

Our call managers both sit in area A. Area B has nothing more then a router and voip phones.

The setup is, area B has a fax machine with a basic pots line. The machine is set to forward calls to a DID number inside that office. Once the call comes in the router it is right away changed from 4559 to 8689 via the following command: "num-exp 4559 8689"

The call then hits the following dial-peer:

!

dial-peer voice 8685 voip

destination-pattern 8689

session target ipv4:172.16.1.2

dtmf-relay h245-alphanumeric

codec g711ulaw

fax-relay ecm disable

fax rate disable

fax protocol pass-through g711ulaw

no vad

!

My Policy/Priority Queues are setup like so:

!

class-map match-all VoIP-RTP

match access-group 105

!

policy-map QoS-Policy

class VoIP-RTP

priority 280

class class-default

fair-queue

!

access-list 105 permit udp any any range 16384 32767

access-list 105 permit ip any 172.16.0.0 0.0.255.255

My call managers use the 172.16.0.0/24 subnet, everyting data is 10.10.0.0/24.

Any typical voice call from office B to office A is put into the VoIP-RTP prioroity queue, except the call that is converted and sent up the frame. I'm using the "Show policy int" command to make sure. Beings it's not hitting the queue, i'm having quality issues with those particular calls.

I'm thinking it's being put into the regular data queue cause it's not marking the forward as Ip Presedence or DSCP priority.

Anyone got any ideas on what details I could use for another access-list to make it match that particular dial-peer's traffic?

mheusinger · ‎06-30-2006

Hello,

probably your call does not use the UDP range specified and it does not terminate at the call managers but at another voice gateway (?).

Can you try

ip cef

class-map match-any VoIP-RTP

match access-group 105

match protocol RTP

This will enable NBAR and should grab all traffic transported over RTP, hence I would assume your call under question should be matched.

Hope this helps! Please rate all posts.

Regards, Martin

View solution in original post

mheusinger · ‎06-30-2006

Hello,

probably your call does not use the UDP range specified and it does not terminate at the call managers but at another voice gateway (?).

Can you try

ip cef

class-map match-any VoIP-RTP

match access-group 105

match protocol RTP

This will enable NBAR and should grab all traffic transported over RTP, hence I would assume your call under question should be matched.

Hope this helps! Please rate all posts.

Regards, Martin

tdrais · ‎06-30-2006

I cannot see why it would not match the target address in the access list. It should work but there are many issue matching data that is generated by the router itself. When I have used these internal dial ports I have always matched DSCP since it is set by the peer statement by default.

This is a link I keep that shows example of how to do QoS with these phone ports. The first one is very close to what you have but the ones near the bottom that show actually dial peer setting always use dscp and RTP to match stuff so maybe there is a restriction.

http://www.cisco.com/en/US/tech/tk652/tk698/technologies_tech_note09186a00800f6cf8.shtml

snooter · ‎06-30-2006

class-map match-any VoIP-RTP

match access-group 105

match protocol RTP

that did it! Thank You!

hey, beings i'm matching everything rtp, that means i really don't need my access-list commands in there right?