Hey Roberto, I haven't read the whole thread so I may be irrelevant here but if you want to match RTP packets your access list 125 should be udp instead of tcp.
cheers. Romain On Thu, Jan 27, 2011 at 6:23 PM, Roberto Reyes Alanis <rre...@plannet.com.mx > wrote: > We need remember that we can use ACL for marking, and we can classify the > traffic that come from IP Phones (voice vlan), and traffic that come from PC > (data vlan), and trust or remark inside of policy map, and also I think that > the answer is the match-all of the class map. For example: > > > > Voice vlan 192.168.1.0 > > Data Vlan 192.168.2.0 > > > > If you Want differentiation over RTP packet, you can configure something > like this. > > > > access-list 125 permit tcp any range 16384 32767 any > > access-list 125 permit tcp any any range 16384 32767 > > > > access-list 126 permit ip 192.168.1.0 0.0.0.255 any > > access-list 126 permit ip any 192.168.1.0 0.0.0.255 > > > > access-list 127 permit ip 192.168.2.0 0.0.0.255 any > > access-list 127 permit ip any 192.168.2.0 0.0.0.255 > > > > class-map match-all RTP-Phones > > match access-group 125 > > match access-group 126 > > > > class-map match-all RTP-PC > > match access-group 125 > > match access-group 126 > > policy-map Voice > > class RTP-Phones > > set dscp ef > > class RTP-PC > > set dscp AF11 > > > > > > And you know the rest… > > > > > _________________________________________________________________________________________________________________________________________________________ > > Greetings > > > > Hi Matthew, > > > > I agree about the cos part, adding that you can control the cos value for > PC connected to the phone using "switchport priority extend" command with 4 > > options: > > * trust > > * don't trust > > * overwrite with specific cos value > > * by default - overwrite with COS 0 > > > > But the question is, how DSCP markings from the PC are handled with this > configuration? I understand that IP phone marks its RTP and signaling > packets with both COS and DSCP and you can choose on the switchport which > one you want to trust. But what about the PC markings? PC can only mark > using DSCP (no 802.1q header between PC and IP phone). > > What happens when I decide to trust DSCP in such situation? Both markings > from the PC and IP phone are trusted? This would constitute weak solution, > since I don't want rogue PC to send all it's traffic as EF... any idea? > > > > regards > > kobel > > > _________________________________________________________________________________________________________________________________________________________ > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com