cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
496
Views
0
Helpful
8
Replies

Best way to send voice to one interface and everything else to another interface

patricianet
Level 1
Level 1

I have two wan connections. One is dedicated for data and the other is dedicated to voice.

What is the best way to send data to one interface and voice to another.

f0/0

ip add 10.0.0.1 255.255.255.0

s0/0

ip add 199.1.1.40 255.255.255.192

s0/1

ip add 199.1.1.71 255.255.255.192

8 Replies 8

Richard Burts
Hall of Fame
Hall of Fame

The solution that satisfies your requirements would be Policy Based Routing. PBR allows you to identify certain types of traffic and to make routing decisions for them that are different from what you would do with most traffic. PBR is configured with a route map which uses an access list to identify the traffic. So what you would do would be:

- configure an extended access list (perhaps named voice_traffic) which identifies the voice traffic. You would use your knowledge of your network to decide how you would identify the voice traffic (perhaps it has certain source addresses, perhaps it has certain destination addresses, perhaps it uses certain protocols or UDP port numbers).

- you would configure a route map that might look something like this:

route-map route_voice permit 10

match ip address voice_traffic

set ip next-hop

- you would configure a default route for all non-voice traffic

ip route 0.0.0.0 0.0.0.0

That should take care of sending voice on one circuit and other traffic on the other. You have not mentioned whether you need to provide redundancy (if one link fails should all traffic use the other link). What I have suggested would, in fact, provide redundancy if the voice link failed. To provide redundancy if the data link failed you would want a floating static route:

ip route 0.0.0.0 0.0.0.0 250

The 250 at the end makes it a floating static which will only be used if the primary default route is withdrawn from the routing table.

HTH

Rick

HTH

Rick

patricianet
Level 1
Level 1

This is what I have now and it's not working. How do I fix it?

Perhaps you can clarify what you mean when you say it does not work. Does any of it work? What does not work? In what way does it not work?

You know your network better than I do. But I wonder about the assumption in the config that voice traffic can be accurately identified as coming from a single host:

access-list 111 permit ip host 10.1.10.252 any log

HTH

Rick

HTH

Rick

I just inherited this network. Testing the phones they ring but I hear no audio. If I put a sniffer on my router I only see SIP traffic and no RTP traffic.

10.1.10.252  is session border controller. I have voice and data using 10.1.0.0/16.

From what I see the major flaw in the config is the very simplistic approach in the access list which equates voice traffic with a single host in the network. I suggest that you re-write both access lists. Look for RTP and permit it in the voice access list and deny it in the data access list.

HTH

Rick

HTH

Rick

I wrote a simple acl to see if the phones would work then I can start tightening things down.

The problem that even with an acl that permits everything on the subnet it still does not work

If I do access-list 101 permit ip any any I get locked out of the router via telnet.

acl 10 per 10.1.0.0 0.0.255.255 < if I use this acl the phones never register.

or

acl 110 per ip 10.1.0.0 0.0.255.255 any  < if I use this acl the phones do register. Do I still need to permit the tcp and udp ranges here?

So there is some sort of two way traffic because the phones do register. Correct me if I am wrong shouldn't I be able to have the phones register and hear audio at this time?

I modified the config

F0/0

Ip nat inside

Ip policy route-map VOICE_TRAFFIC

Atm 0/3/0.38

Ip nat out

Atm 0/3/0.100

Ip nat out

access-list 110 permit ip 10.1.0.0 0.0.255.255 any

(ideally there would  be a subnet for data under another acl/route-map entry pointing to the data interface)

Route-map VOICE_TRAFFIC per 10

Match ip addres 110

Set ip  next-hop 216.5.7.65

ip nat inside source route-map Data-NAT interface ATM0/3/0.38 overload

ip nat inside source route-map VoIP-NAT interface ATM0/3/0.100 overload

route-map Data-NAT permit 10

match ip address 110

match interface ATM0/3/0.38

!

route-map VoIP-NAT permit 10

match ip address 110

match interface ATM0/3/0.100

*Jul 21 10:36:15.503: NAT: s=10.1.10.252->216.5.7.71, d=216.217.68.13 [13630] < nat debug

Before and after a call is made:

Router(config)#           do sho ip nat trans

Pro Inside global         Inside local          Outside local         Outside global

tcp 216.5.7.40:3389    10.1.0.1:3389         ---                   ---

udp 216.5.7.71:1027    10.1.10.252:5060      216.217.68.13:5060    216.217.68.13:5060

tcp 216.5.7.40:49201   10.1.10.252:49201     ---                   ---

udp 216.5.7.71:54545   10.1.10.252:54545     134.84.84.84:123      134.84.84.84:123

udp 216.5.7.71:62109   10.1.10.252:62109     216.171.155.29:53     216.171.155.29:53

udp 216.5.7.71:63549   10.1.10.252:63549     216.171.155.29:53     216.171.155.29:53

With this config I can make calls but no audio.

I modified the acl to allow ranges and now I get nothing at all.

F0/0

Ip nat inside

Ip policy route-map VOICE_TRAFFIC

Atm 0/3/0.38

Ip nat out

Atm 0/3/0.100

Ip nat out

access-list 110 permit ip 10.1.0.0 0.0.255.255 any

(ideally there would  be a subnet for data under another acl/route-map entry pointing to the data interface)

Route-map VOICE_TRAFFIC per 10

Match ip addres 130

Set ip  next-hop 216.5.7.65

ip nat inside source route-map Data-NAT interface ATM0/3/0.38 overload

ip nat inside source route-map VoIP-NAT interface ATM0/3/0.100 overload

route-map Data-NAT permit 10

match ip address 140

match interface ATM0/3/0.38

!

route-map VoIP-NAT permit 10

match ip address 130

match interface ATM0/3/0.100

I added this acl to permit the SIP/RTP ports through nat.

access-list 130 permit tcp 10.1.0.0 0.0.255.255 range 5060 5070 any range 5060 5070 log-input

access-list 130 permit udp 10.1.0.0 0.0.255.255 range 5060 5070 any range 5060 5070 log-input

access-list 130 permit udp 10.1.0.0 0.0.255.255 range 10000 32000 any range 10000 32000 log-input

access-list 140 deny tcp 10.1.0.0 0.0.255.255 range 5060 5070 any range 5060 5070 log-input

access-list 140 deny udp 10.1.0.0 0.0.255.255 range 10000 32000 any range 10000 32000 log-input

access-list 140 permit ip 10.1.0.0 0.0.255.255 any log

Now nothing passes through nat.

Pro Inside global         Inside local          Outside local         Outside global

tcp 216.5.7.40:3389    10.1.0.1:3389         ---                   ---

tcp 216.5.7.40:49201   10.1.10.252:49201     ---                   ---

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco