We need remember that we can use ACL for marking, and we can classify the traffic that come from IP Phones (voice vlan), and traffic that come from PC (data vlan), and trust or remark inside of policy map, and also I think that the answer is the match-all of the class map. For example:
Voice vlan 192.168.1.0 Data Vlan 192.168.2.0 If you Want differentiation over RTP packet, you can configure something like this. access-list 125 permit tcp any range 16384 32767 any access-list 125 permit tcp any any range 16384 32767 access-list 126 permit ip 192.168.1.0 0.0.0.255 any access-list 126 permit ip any 192.168.1.0 0.0.0.255 access-list 127 permit ip 192.168.2.0 0.0.0.255 any access-list 127 permit ip any 192.168.2.0 0.0.0.255 class-map match-all RTP-Phones match access-group 125 match access-group 126 class-map match-all RTP-PC match access-group 125 match access-group 126 policy-map Voice class RTP-Phones set dscp ef class RTP-PC set dscp AF11 And you know the rest... ________________________________________________________________________ ________________________________________________________________________ _________ Greetings Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using "switchport priority extend" command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel ________________________________________________________________________ ________________________________________________________________________ _________
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
