class-map match-any VOIP_C match access-group name RTP match access-group name SIP ! ! policy-map SHAPE-TO-LAN class VOIP_C bandwidth 1024 class class-default shape average 1024000 policy-map SHAPE-TO-INTERNET class VOIP_C bandwidth 1024 class class-default shape average 1024000 ! interface FastEthernet0/0 description WAN bandwidth 2048 ip address 94.185.xxx.xxx 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto crypto map MAPNAME1 service-policy output SHAPE-TO-INTERNET ! interface FastEthernet0/1 description LAN bandwidth 2048 ip address 18.104.22.168 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto service-policy output SHAPE-TO-LAN
ip access-list extended RTP remark ** voice payload ** permit udp any any range 16384 32768 !
ip access-list extended SIP remark ** SIP Protocol ** permit tcp any any eq 5060 permit udp any any eq 5060 permit tcp any eq 5060 any permit udp any eq 5060 any
The template you have probably will not work as you expect.
1, I see you have crypto-map configured under WAN interface, the traffic will be encrypted before enter the egress queue; which means the marking based on pre-encryption port number will not work, you need to classify on the LAN interface in ingress direction or use ipsec pre-classify feature.
2, You are using 100M interface on your side, and on SP side they will police down to 2M. So any traffic beyond 2M will be dropped by the provider side. You need to configure a HQOS with parent level shaping down to 2M to make sure your egress traffic rate wont exceed 2M.
3,voice traffic is delay sensitive traffic, it is better give them priority level rather than bandwidth guarantee, but you should not give priority queue more than 33% of the total available bandwidth, otherwise it can saturate other type traffic and lower down your overall performance.
4,You don’t need shape the traffic going out to your LAN interface; basically the traffic coming in from WAN interface will not exceed the 100M LAN bandwidth, the queue will never be used.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...