I'm currently tidying our Cisco 2811 config as the QoS doesn't appear to be controlling our voice traffic very well. It appears that our phone system (Axxess Inter-Tel, now Mitel) isn't using RTP (I might be wrong) for the voice traffic over the WAN. So, I've set the ToS value to 184 to try and capture the traffic better. Also, the NBAR shows a lot of .H323 and Skinny traffic and I can only presume it's the phone system.
We have a 10MB WAN link, Point-to-Point, connected from the 2811 to another 2811 in the remote site. Site 1 WAN port is 10.0.0.1/24 and Site 2 WAN port is 10.0.0.2/24. Site 1 telephone system is 192.168.101.2/24 and Site to is 192.168.103.2/24.
The QoS is also managing Citrix and is set to 5MB of bandwidth. The Voice is set to 2MB. Both of these values need to be guaranteed at all times, and all other traffic needs best effort.
On a side note, NBAR shows a LOT of traffic using the Skype protocol, although I know for a fact Skype isn't in use. Could this be related?
I've got the (attached) config and need somebody to confirm if this is set up right, or if it could be better, or it may be totally wrong! I think I might have duplicated some things unnecessarily, but I'm sure somebody will tell me so!
Thanks in advance....
class-map match-all CITRIX
match protocol citrix
class-map match-any VOICE
match protocol rtp
match dscp ef
match access-group 101
match access-group 102
set dscp ef
no ip address
ip nbar protocol-discovery
service-policy output QOS-POLICY
description *** LINK TO WAN ***
encapsulation dot1Q 4094
ip address 10.0.0.1 255.255.255.0
!For Skinny, H.323, MGCP:
access-list 101 permit tcp any any range 2000 2002
access-list 101 permit tcp any any eq 1720
access-list 101 permit tcp any any range 11000 11999
access-list 101 permit udp any any eq 2427
access-list 101 permit udp any any eq 4569
access-list 101 permit udp any any eq 5036
access-list 101 permit udp any any eq 5060
!Phone System Host
access-list 101 permit ip host 192.168.101.2 any
access-list 101 permit ip host 192.168.101.2 any dscp ef
access-list 102 permit udp any any range 32767
access-list 102 permit udp any any range 16384 32767
priority-list 1 protocol ip high list 101