The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.
Course Of The Month
4 days, left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
acls & qos for dummies
Posted on 2008-10-20
Hi experts, i need to setup from zero QoS for our voip & wireless SIP phones.
In short, we tryed to place out PBX and all ip phone on a separate vlan, but unfortunately, due different version of IP phone firmwares, we have 50% of phones that can work only to vlan1. We'll upgrade the firmware, but are more than 60 ip phone, so at the moment i'm thinking about a workaround. I added the 10.72.182.0/24 as secondary ip class on vlan1, reserved only for voip, our DHCP server assign address on this class only to voip phone mac address, so i'm sure that only voip apparate are in this class (i'm thinking at when we'll upgrade the firmwares, so i'll need to reassign the ip class to the voip vlan and in one shot i'll place all voip in a separate vlan).
THE ACTUAL SITUATION: we have all voip equipement on a dedicated lan, that at the momend is a secondary class on vlan1, (10.72.182.0/24). I would like to try to activate Qos to this IP class, is it possible? If it's possilble, what i need to do? I mean i have to use the mls command? I need to build an ACLS? If yes...well...how can i do?
Our PBX address is 10.72.182.1, the SIP interface is the 10.72.182.2 so i need to priorize the traffic of the voip clients to the 10.72.182.1, and SIP clients to the 10.72.182.2 our catalyst 6513 gateway is 10.72.182.254, concerning SIP wireless phone i have a pool of reserved IP. What should i need to know about our IP phones? I mean, for sip i can choose the TOS id, but for the IP wired phone i know nothing. I can understand that it's a poor condition...but if you can give me some suggestion i'll try to collect more info.
That's all for the moment. Thank's in advance.
In short, we tryed to place out PBX and all ip phone on a separate vlan, but unfortunately, due different version of IP phone firmwares, we have 50% of phones that can work only to vlan1. We'll upgrade the firmware, but are more than 60 ip phone, so at the moment i'm thinking about a workaround. I added the 10.72.182.0/24 as secondary ip class on vlan1, reserved only for voip, our DHCP server assign address on this class only to voip phone mac address, so i'm sure that only voip apparate are in this class (i'm thinking at when we'll upgrade the firmwares, so i'll need to reassign the ip class to the voip vlan and in one shot i'll place all voip in a separate vlan).
THE ACTUAL SITUATION: we have all voip equipement on a dedicated lan, that at the momend is a secondary class on vlan1, (10.72.182.0/24). I would like to try to activate Qos to this IP class, is it possible? If it's possilble, what i need to do? I mean i have to use the mls command? I need to build an ACLS? If yes...well...how can i do?
Our PBX address is 10.72.182.1, the SIP interface is the 10.72.182.2 so i need to priorize the traffic of the voip clients to the 10.72.182.1, and SIP clients to the 10.72.182.2 our catalyst 6513 gateway is 10.72.182.254, concerning SIP wireless phone i have a pool of reserved IP. What should i need to know about our IP phones? I mean, for sip i can choose the TOS id, but for the IP wired phone i know nothing. I can understand that it's a poor condition...but if you can give me some suggestion i'll try to collect more info.
That's all for the moment. Thank's in advance.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
2
7 Comments
- What brand/model IP phones are they?
- What brand/model PABX is it?
--------------------------
For starters the easiest way to provide QoS where you are now is to allocate a pool for your IP phones and just match that by ACL - class it, then prioritise:
- What brand/model PABX is it?
--------------------------
For starters the easiest way to provide QoS where you are now is to allocate a pool for your IP phones and just match that by ACL - class it, then prioritise:
!
! Catch all IP traffic originating from the 10.72.182.0/24 network AND
! destined for the same network.
access-list 110 permit ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
!
! Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.192 10.72.182.0 0.0.0.192
access-list 120 permit ip any any
!
! Mark them as VoIP packets
class-map voip
match access-group 110
!
! Catch the rest
class-map data
match access-group 120
!
! Create a policy map, setting DSCP values depending
! on class.
policy-map qos-policy
class voip
set ip dscp 48
class data
set ip dscp 16
!
! Set all your ports to obey policy rules depending on VLAN membership
interface range Fa0 - 24
mls qos vlan-based
!
! Set Vlan1 to apply this policy upon ingress, the
! DSCP value will then take over for egress QoS.
interface vlan 1
service-policy input qos-policy
!
First of all thank you very much.
The PBX is a "AAstra MATRA NeXspan L , rj , M7425 Express, R4.2 ", the IP phpnes are AAstra Matra i740 and wireless SIP phones are
"Aastra Phone 312" .
Now i'll try to setup the access list as you suggested, i'll give you feedback if i'll be fired or not =)
The PBX is a "AAstra MATRA NeXspan L , rj , M7425 Express, R4.2 ", the IP phpnes are AAstra Matra i740 and wireless SIP phones are
"Aastra Phone 312" .
Now i'll try to setup the access list as you suggested, i'll give you feedback if i'll be fired or not =)
Thank you very much, It seems that our voips now work much but much better than before ;) thank you very much.
Hi Kyleb84, i just need a little clarifycation on the alcs 120
"Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.192 10.72.182.0 0.0.0.192
access-list 120 permit ip any any"
I have reserved the whole 10.72.182.0/24 subnet for the VOIP traffic, and i don't understand why you subnetted i with 0.0.0.192 = 255.255.255.63...forgive me but i don't understand it.
Please, can you explain me this ACLS? Thank you.
"Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.192 10.72.182.0 0.0.0.192
access-list 120 permit ip any any"
I have reserved the whole 10.72.182.0/24 subnet for the VOIP traffic, and i don't understand why you subnetted i with 0.0.0.192 = 255.255.255.63...forgive me but i don't understand it.
Please, can you explain me this ACLS? Thank you.
Sorry, my bad, that line should be:
Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
access-list 120 permit ip any any
Those wildcardmasks are inverse of subnet masks, /24 = (Network Mask) 255.255.255.0 = (ACL MASK) 0.0.0.255
Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
access-list 120 permit ip any any
Those wildcardmasks are inverse of subnet masks, /24 = (Network Mask) 255.255.255.0 = (ACL MASK) 0.0.0.255
Just another doubt... if pbx and all voip devices are in the same network (10.72.182.0/24) and the 6513 vlan1 secondary address (that is the default gateway in this network) is 10.72.182.254..phones and pbx can communicate without using the gateway (where we enabled mls qos vlan-based) the access lists are really considered and working or not? Another thing that i didn't explained you is our lan enviroment...that is composed by 27 cisco devices (2590,2960,3750) and the catalyst 6513 is our core device, and all others switches reach the 6513 via fiber optic, the 6513 is equipped with 2 SFM 16 port GBIC for the switch connections and a 48 port 10/100/1000 where ours servers are connected. We have also 6 networks, actually all in vlan1, and their default gateway are primary and secondary IP in vlan1 interface in our cat 6513, for instance for the network 10.72.128.0/24 the dgw is the vlan1 primary ip of the 6513 (10.72.128.254), for the network 10.72.158.0/24 is the vlan1 secondary ip of 6513 10.72.158.258 and so on for all our networks. Now i need to use the vlans to try to segment our network traffic, the first step should have been the voip vlan experiments...but unfortunatly due the voip phones firmware problem we cannot start with this test, but now we are "dancing" with this topic and i would like to solve it. I'm telling this to you because i would like that you know that our voip phones are not directly connected to 6513 but are distributed in many cisco devices. All fiber ports are in trunk mode, so vlans are not a problems, and inter vlan switching is already working, i know perfectly where each phone is connected and the ports are already in trunk mode and the allowed vlans are only the vlan1 and the vlan150 (that i'll use for the voip vlan). So i changed your suggested configuration for the interface range in the 6513 from "interface range Fa0 - 24" in "interface range gigabitEthernet 3/1-16" and "interface range gigabitEthernet 4/1-16" that are our 6513 modules connected to the rest of cisco switches. The AAstra pbx ethernet interface is not direclty connected to the 6513 but in another cisco switch (that reach the 6513 via fiber optic in trunk mode). Now, considering all that i tryed to explain...the access lists are working or not? In the cat 6513 with the sho access-list and mls i had this results
"centrostella#sho access-lists
Extended IP access list 110
permit ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255 (5917 matches)
Extended IP access list 120
deny ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
permit ip any any (2053189 matches)
Extended IP access list 125
permit ip any any"
centrostella#show mls qos
QoS is enabled globally
Microflow policing is enabled globally
QoS is vlan-based on the following interfaces:
Gi3/1 Gi3/2 Gi3/3 Gi3/4 Gi3/5 Gi3/6 Gi3/7 Gi3/8 Gi3/9 Gi3/10
Gi3/11 Gi3/12 Gi3/13 Gi3/14 Gi3/15 Gi3/16 Gi4/1 Gi4/2 Gi4/3 Gi4/4
Gi4/5 Gi4/6 Gi4/7 Gi4/8 Gi4/9 Gi4/10 Gi4/11 Gi4/12 Gi4/13 Gi4/14
Gi4/15 Gi4/16
Vlan or Portchannel(Multi-Earl) policies supported: Yes
----- Module [1] -----
QoS global counters:
Total packets: 3342320
IP shortcut packets: 0
Packets dropped by policing: 0
IP packets with TOS changed by policing: 52166
IP packets with COS changed by policing: 132
Non-IP packets with COS changed by policing: 0
Thank you very much...
Featured Post
Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Ever wanted to query Cisco Call Manager CDR records from MS SQL Server? Here's how!
CUCM can be configured to upload a CDR file to a given FTP server every minute. This article will show you how to set this up, schedule the import of this data an…
There are no good configuration guides for HP-H3C router to LYNC on the web. :(
Big statement, but we havent been able to find one yet. We did find the following document useful, but the information was not enough to use H3C router for use as a L…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.