We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
COURSE of the MONTH
13 days, 23 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
acls & qos for dummies
Posted on 2008-10-20
Hi experts, i need to setup from zero QoS for our voip & wireless SIP phones.
In short, we tryed to place out PBX and all ip phone on a separate vlan, but unfortunately, due different version of IP phone firmwares, we have 50% of phones that can work only to vlan1. We'll upgrade the firmware, but are more than 60 ip phone, so at the moment i'm thinking about a workaround. I added the 10.72.182.0/24 as secondary ip class on vlan1, reserved only for voip, our DHCP server assign address on this class only to voip phone mac address, so i'm sure that only voip apparate are in this class (i'm thinking at when we'll upgrade the firmwares, so i'll need to reassign the ip class to the voip vlan and in one shot i'll place all voip in a separate vlan).
THE ACTUAL SITUATION: we have all voip equipement on a dedicated lan, that at the momend is a secondary class on vlan1, (10.72.182.0/24). I would like to try to activate Qos to this IP class, is it possible? If it's possilble, what i need to do? I mean i have to use the mls command? I need to build an ACLS? If yes...well...how can i do?
Our PBX address is 10.72.182.1, the SIP interface is the 10.72.182.2 so i need to priorize the traffic of the voip clients to the 10.72.182.1, and SIP clients to the 10.72.182.2 our catalyst 6513 gateway is 10.72.182.254, concerning SIP wireless phone i have a pool of reserved IP. What should i need to know about our IP phones? I mean, for sip i can choose the TOS id, but for the IP wired phone i know nothing. I can understand that it's a poor condition...but if you can give me some suggestion i'll try to collect more info.
That's all for the moment. Thank's in advance.
In short, we tryed to place out PBX and all ip phone on a separate vlan, but unfortunately, due different version of IP phone firmwares, we have 50% of phones that can work only to vlan1. We'll upgrade the firmware, but are more than 60 ip phone, so at the moment i'm thinking about a workaround. I added the 10.72.182.0/24 as secondary ip class on vlan1, reserved only for voip, our DHCP server assign address on this class only to voip phone mac address, so i'm sure that only voip apparate are in this class (i'm thinking at when we'll upgrade the firmwares, so i'll need to reassign the ip class to the voip vlan and in one shot i'll place all voip in a separate vlan).
THE ACTUAL SITUATION: we have all voip equipement on a dedicated lan, that at the momend is a secondary class on vlan1, (10.72.182.0/24). I would like to try to activate Qos to this IP class, is it possible? If it's possilble, what i need to do? I mean i have to use the mls command? I need to build an ACLS? If yes...well...how can i do?
Our PBX address is 10.72.182.1, the SIP interface is the 10.72.182.2 so i need to priorize the traffic of the voip clients to the 10.72.182.1, and SIP clients to the 10.72.182.2 our catalyst 6513 gateway is 10.72.182.254, concerning SIP wireless phone i have a pool of reserved IP. What should i need to know about our IP phones? I mean, for sip i can choose the TOS id, but for the IP wired phone i know nothing. I can understand that it's a poor condition...but if you can give me some suggestion i'll try to collect more info.
That's all for the moment. Thank's in advance.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
2
7 Comments
- What brand/model IP phones are they?
- What brand/model PABX is it?
--------------------------
For starters the easiest way to provide QoS where you are now is to allocate a pool for your IP phones and just match that by ACL - class it, then prioritise:
- What brand/model PABX is it?
--------------------------
For starters the easiest way to provide QoS where you are now is to allocate a pool for your IP phones and just match that by ACL - class it, then prioritise:
!
! Catch all IP traffic originating from the 10.72.182.0/24 network AND
! destined for the same network.
access-list 110 permit ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
!
! Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.192 10.72.182.0 0.0.0.192
access-list 120 permit ip any any
!
! Mark them as VoIP packets
class-map voip
match access-group 110
!
! Catch the rest
class-map data
match access-group 120
!
! Create a policy map, setting DSCP values depending
! on class.
policy-map qos-policy
class voip
set ip dscp 48
class data
set ip dscp 16
!
! Set all your ports to obey policy rules depending on VLAN membership
interface range Fa0 - 24
mls qos vlan-based
!
! Set Vlan1 to apply this policy upon ingress, the
! DSCP value will then take over for egress QoS.
interface vlan 1
service-policy input qos-policy
!
First of all thank you very much.
The PBX is a "AAstra MATRA NeXspan L , rj , M7425 Express, R4.2 ", the IP phpnes are AAstra Matra i740 and wireless SIP phones are
"Aastra Phone 312" .
Now i'll try to setup the access list as you suggested, i'll give you feedback if i'll be fired or not =)
The PBX is a "AAstra MATRA NeXspan L , rj , M7425 Express, R4.2 ", the IP phpnes are AAstra Matra i740 and wireless SIP phones are
"Aastra Phone 312" .
Now i'll try to setup the access list as you suggested, i'll give you feedback if i'll be fired or not =)
Thank you very much, It seems that our voips now work much but much better than before ;) thank you very much.
Hi Kyleb84, i just need a little clarifycation on the alcs 120
"Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.192 10.72.182.0 0.0.0.192
access-list 120 permit ip any any"
I have reserved the whole 10.72.182.0/24 subnet for the VOIP traffic, and i don't understand why you subnetted i with 0.0.0.192 = 255.255.255.63...forgive me but i don't understand it.
Please, can you explain me this ACLS? Thank you.
"Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.192 10.72.182.0 0.0.0.192
access-list 120 permit ip any any"
I have reserved the whole 10.72.182.0/24 subnet for the VOIP traffic, and i don't understand why you subnetted i with 0.0.0.192 = 255.255.255.63...forgive me but i don't understand it.
Please, can you explain me this ACLS? Thank you.
Sorry, my bad, that line should be:
Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
access-list 120 permit ip any any
Those wildcardmasks are inverse of subnet masks, /24 = (Network Mask) 255.255.255.0 = (ACL MASK) 0.0.0.255
Match the rest
access-list 120 deny ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
access-list 120 permit ip any any
Those wildcardmasks are inverse of subnet masks, /24 = (Network Mask) 255.255.255.0 = (ACL MASK) 0.0.0.255
Just another doubt... if pbx and all voip devices are in the same network (10.72.182.0/24) and the 6513 vlan1 secondary address (that is the default gateway in this network) is 10.72.182.254..phones and pbx can communicate without using the gateway (where we enabled mls qos vlan-based) the access lists are really considered and working or not? Another thing that i didn't explained you is our lan enviroment...that is composed by 27 cisco devices (2590,2960,3750) and the catalyst 6513 is our core device, and all others switches reach the 6513 via fiber optic, the 6513 is equipped with 2 SFM 16 port GBIC for the switch connections and a 48 port 10/100/1000 where ours servers are connected. We have also 6 networks, actually all in vlan1, and their default gateway are primary and secondary IP in vlan1 interface in our cat 6513, for instance for the network 10.72.128.0/24 the dgw is the vlan1 primary ip of the 6513 (10.72.128.254), for the network 10.72.158.0/24 is the vlan1 secondary ip of 6513 10.72.158.258 and so on for all our networks. Now i need to use the vlans to try to segment our network traffic, the first step should have been the voip vlan experiments...but unfortunatly due the voip phones firmware problem we cannot start with this test, but now we are "dancing" with this topic and i would like to solve it. I'm telling this to you because i would like that you know that our voip phones are not directly connected to 6513 but are distributed in many cisco devices. All fiber ports are in trunk mode, so vlans are not a problems, and inter vlan switching is already working, i know perfectly where each phone is connected and the ports are already in trunk mode and the allowed vlans are only the vlan1 and the vlan150 (that i'll use for the voip vlan). So i changed your suggested configuration for the interface range in the 6513 from "interface range Fa0 - 24" in "interface range gigabitEthernet 3/1-16" and "interface range gigabitEthernet 4/1-16" that are our 6513 modules connected to the rest of cisco switches. The AAstra pbx ethernet interface is not direclty connected to the 6513 but in another cisco switch (that reach the 6513 via fiber optic in trunk mode). Now, considering all that i tryed to explain...the access lists are working or not? In the cat 6513 with the sho access-list and mls i had this results
"centrostella#sho access-lists
Extended IP access list 110
permit ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255 (5917 matches)
Extended IP access list 120
deny ip 10.72.182.0 0.0.0.255 10.72.182.0 0.0.0.255
permit ip any any (2053189 matches)
Extended IP access list 125
permit ip any any"
centrostella#show mls qos
QoS is enabled globally
Microflow policing is enabled globally
QoS is vlan-based on the following interfaces:
Gi3/1 Gi3/2 Gi3/3 Gi3/4 Gi3/5 Gi3/6 Gi3/7 Gi3/8 Gi3/9 Gi3/10
Gi3/11 Gi3/12 Gi3/13 Gi3/14 Gi3/15 Gi3/16 Gi4/1 Gi4/2 Gi4/3 Gi4/4
Gi4/5 Gi4/6 Gi4/7 Gi4/8 Gi4/9 Gi4/10 Gi4/11 Gi4/12 Gi4/13 Gi4/14
Gi4/15 Gi4/16
Vlan or Portchannel(Multi-Earl) policies supported: Yes
----- Module [1] -----
QoS global counters:
Total packets: 3342320
IP shortcut packets: 0
Packets dropped by policing: 0
IP packets with TOS changed by policing: 52166
IP packets with COS changed by policing: 132
Non-IP packets with COS changed by policing: 0
Thank you very much...
Featured Post
Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The Zaptel people (www.zaptel.com) got kind of annoyed with the fact that they were getting bombarded with searches for the zaptel driver system for Asterisk (not to mention they own the trademark on zaptel). So, they kindly requested that Digium ch…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month13 days, 23 hours left to enroll
800 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.