[OSL | CCIE_Voice] 3750 QoS signalling MGCP

[Steve Keller]

If I were trying to police MGCP signalling traffic from the HQ RTR  would
it be best to classify my traffic based on AF31, as this is the default
signalling marking used by the gateway, or is there a better way? I dont
have the option of NBAR on a catalyst switch, so i think my only other
option would be an access list. I have tried to match the MGCP signalling
traffic both the access list (TCP 2428 and UDP 2427) and also the dscp
value of AF31 but not sure if i am actually achieving my objective.

Then apply my policer as required in the policy-map that gets attached to
the port connecting the router to the switch...

Also, i have been playing with this configuration and since the Catalyst
3750 does not provide any matches when using the show policy-map interface
fa1/0/1 command how would you all verify that mgcp signalling traffic is
indeed being matched and thus policed by your policy map?
routers are so much nicer becuase you can actually see if your class-maps
are getting hit or not...

thanks all

steve
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 Qos Question

[datucha123 datucha123]

Please refer to the following great Posts, which will explain the SRR for
you:

http://blog.ine.com/2008/06/26/quick-notes-on-the-3560-egress-queuing/#more-141

http://blog.ine.com/2008/03/03/bridging-the-gap-between-3550-and-3560-qos-part-i/#more-84

On Wed, Dec 28, 2011 at 7:31 AM, Randall Crumm rrcr...@yahoo.com wrote:

  Hi,
 Can someone explain  the command,  mls qos srr-queue input bandwidth 4 4:
  a little and an example of having one queue with twice as much bandwidth
 as the oterh queue (or something like that).

 Thanks,
 Randall

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com

 Are you a CCNP or CCIE and looking for a job? Check out
 www.PlatinumPlacement.com http://www.platinumplacement.com/

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 Qos Question

[Rrcrumm]

Thanks
I saw an example and now it makes sense. I knew it was simple but I just wanted 
to make sure

Randall

Sent from my iPhone

On Dec 28, 2011, at 12:42 AM, datucha123 datucha123 datucha...@gmail.com 
wrote:

 Please refer to the following great Posts, which will explain the SRR for you:
  
 http://blog.ine.com/2008/06/26/quick-notes-on-the-3560-egress-queuing/#more-141
  
 http://blog.ine.com/2008/03/03/bridging-the-gap-between-3550-and-3560-qos-part-i/#more-84
 
 On Wed, Dec 28, 2011 at 7:31 AM, Randall Crumm rrcr...@yahoo.com wrote:
 Hi,
 Can someone explain  the command,  mls qos srr-queue input bandwidth 4 4:  a 
 little and an example of having one queue with twice as much bandwidth as the 
 oterh queue (or something like that).
 
 Thanks,
 Randall
 
 ___
 For more information regarding industry leading CCIE Lab training, please 
 visit www.ipexpert.com
 
 Are you a CCNP or CCIE and looking for a job? Check out 
 www.PlatinumPlacement.com
 
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

[OSL | CCIE_Voice] 3750 Qos Question

[Randall Crumm]

Hi,
Can someone explain  the command,  mls qos srr-queue input bandwidth 4 4:  a 
little and an example of having one queue with twice as much bandwidth as the 
oterh queue (or something like that).

Thanks,
Randall___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

[OSL | CCIE_Voice] 3750 QoS

[Cristobal Priego]

guys i have a question for your

my questions is in regards to the shared bandwidth i know it's measured as a
weight and whenever you have shape you ignore the value so
the q2 in this case the weight is indeed 10 / (10+60+20) = so Q2 has 1/9 of
the shared bandwidth right ?

and this is how the config looks like

interface FastEthernet0/1
 switchport access vlan 6
 switchport voice vlan 8
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast

so if the bandwith needs to be shared on q2 40 %, q3 20%, q4 40%

how could i calculate or know what do i need to put on  srr-queue bandwidth
share command



will this be an accurate config  srr-queue bandwidth share 0 40 20 40 ??

thanks
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 QoS

[ccieid1ot]

Answer your 1st question, its 1/10th.

2nd question is correct.

duy
ccie #27737 voice

tmobile g2
On May 31, 2011 4:19 PM, Cristobal Priego cristobalpri...@gmail.com
wrote:
 guys i have a question for your

 my questions is in regards to the shared bandwidth i know it's measured as
a
 weight and whenever you have shape you ignore the value so
 the q2 in this case the weight is indeed 10 / (10+60+20) = so Q2 has 1/9
of
 the shared bandwidth right ?

 and this is how the config looks like

 interface FastEthernet0/1
 switchport access vlan 6
 switchport voice vlan 8
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape 10 0 0 0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast

 so if the bandwith needs to be shared on q2 40 %, q3 20%, q4 40%

 how could i calculate or know what do i need to put on srr-queue bandwidth
 share command



 will this be an accurate config srr-queue bandwidth share 0 40 20 40 ??

 thanks
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 QoS

[Cristobal Priego]

thank you

2011/5/31 ccieid1ot ccieid...@gmail.com

 Answer your 1st question, its 1/10th.

 2nd question is correct.

 duy
 ccie #27737 voice

 tmobile g2
 On May 31, 2011 4:19 PM, Cristobal Priego cristobalpri...@gmail.com
 wrote:
  guys i have a question for your
 
  my questions is in regards to the shared bandwidth i know it's measured
 as a
  weight and whenever you have shape you ignore the value so
  the q2 in this case the weight is indeed 10 / (10+60+20) = so Q2 has 1/9
 of
  the shared bandwidth right ?
 
  and this is how the config looks like
 
  interface FastEthernet0/1
  switchport access vlan 6
  switchport voice vlan 8
  srr-queue bandwidth share 10 10 60 20
  srr-queue bandwidth shape 10 0 0 0
  mls qos trust device cisco-phone
  mls qos trust cos
  auto qos voip cisco-phone
  spanning-tree portfast
 
  so if the bandwith needs to be shared on q2 40 %, q3 20%, q4 40%
 
  how could i calculate or know what do i need to put on srr-queue
 bandwidth
  share command
 
 
 
  will this be an accurate config srr-queue bandwidth share 0 40 20 40 ??
 
  thanks

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 QoS

[Ki Wi]

R3(config)#class-map test

R3(config-cmap)#match dscp R3(config-cmap)#match dscp ?
  0-63   Differentiated services codepoint value
  af11 Match packets with AF11 dscp (001010)
  af12 Match packets with AF12 dscp (001100)
  af13 Match packets with AF13 dscp (001110)
  af21 Match packets with AF21 dscp (010010)
  af22 Match packets with AF22 dscp (010100)
  af23 Match packets with AF23 dscp (010110)
  af31 Match packets with AF31 dscp (011010)
  af32 Match packets with AF32 dscp (011100)
  af33 Match packets with AF33 dscp (00)
*  af41 Match packets with AF41 dscp (100010)*
  af42 Match packets with AF42 dscp (100100)
  af43 Match packets with AF43 dscp (100110)
  cs1  Match packets with CS1(precedence 1) dscp (001000)
  cs2  Match packets with CS2(precedence 2) dscp (01)
  cs3  Match packets with CS3(precedence 3) dscp (011000)
  cs4  Match packets with CS4(precedence 4) dscp (10)
  cs5  Match packets with CS5(precedence 5) dscp (101000)
  cs6  Match packets with CS6(precedence 6) dscp (11)
  cs7  Match packets with CS7(precedence 7) dscp (111000)
  default  Match packets with default dscp (00)
  ef   Match packets with EF dscp (101110)

Example AF41 ... === use calculator from your PC to convert , u will get
the correct value of 34? or manually count it =)



On Fri, May 20, 2011 at 11:28 AM, Cristobal Priego 
cristobalpri...@gmail.com wrote:

 hello all

 I have a quick question for you
 how would you configure the outout queues so in case of congestion the
 packets marked with AFXY once they go from AF41 for example, to AF42, AF43
 when those packets are remarked how would you send them to a different queue
 ?

 also what's the eassiest way to transform the AF values to DSCP values ?

 thanks

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com

 Are you a CCNP or CCIE and looking for a job? Check out
 www.PlatinumPlacement.com

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 QoS

[Miron Kobelski]

AFxy = 8*x + 2*y

AF41 = 8*4 + 2*1 = DSCP 34
AF31 = 8*3 +2*1 = DSCP 26

best regards
kobel

On Fri, May 20, 2011 at 05:28, Cristobal Priego
cristobalpri...@gmail.comwrote:

 hello all

 I have a quick question for you
 how would you configure the outout queues so in case of congestion the
 packets marked with AFXY once they go from AF41 for example, to AF42, AF43
 when those packets are remarked how would you send them to a different queue
 ?

 also what's the eassiest way to transform the AF values to DSCP values ?

 thanks

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com

 Are you a CCNP or CCIE and looking for a job? Check out
 www.PlatinumPlacement.com

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Re: [OSL | CCIE_Voice] 3750 QoS

[Cristobal Priego]

thank you guys
that's the little formula that i needed

2011/5/22 Miron Kobelski findko...@gmail.com

 AFxy = 8*x + 2*y

 AF41 = 8*4 + 2*1 = DSCP 34
 AF31 = 8*3 +2*1 = DSCP 26

 best regards
 kobel

 On Fri, May 20, 2011 at 05:28, Cristobal Priego cristobalpri...@gmail.com
  wrote:

 hello all

 I have a quick question for you
 how would you configure the outout queues so in case of congestion the
 packets marked with AFXY once they go from AF41 for example, to AF42, AF43
 when those packets are remarked how would you send them to a different queue
 ?

 also what's the eassiest way to transform the AF values to DSCP values ?

 thanks

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com

 Are you a CCNP or CCIE and looking for a job? Check out
 www.PlatinumPlacement.com



___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

[OSL | CCIE_Voice] 3750 QoS

[Cristobal Priego]

hello all

I have a quick question for you
how would you configure the outout queues so in case of congestion the
packets marked with AFXY once they go from AF41 for example, to AF42, AF43
when those packets are remarked how would you send them to a different queue
?

also what's the eassiest way to transform the AF values to DSCP values ?

thanks
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

[OSL | CCIE_Voice] 3750 QOS

[adam compton]

I'm sure a lot of you have seen this document, but I thought I would share
it to anyone who hasn't seen it:

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml

This document has the best descriptions of all of the 3750 QOS features I
have seen.

Regards,

Adam
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port

[Miron Kobelski]

WOW, this is what I call a serious investigation :) Thanks for this
interesting input. This confirms my observations.

In your opinion, what would be the results in such scenario:
1) conditional trust configured on the switch port: mls qos trust device
cisco+ mls qos trust dscp
2) IP phone connected to the switchport
3) PC connected to IP phone
4) PC tags all traffic it sends with EF

Documentation says:

*mls qos trust dscp - *Classify an ingress packet by using the packet DSCP
value (most significant 6 bits of 8-bit service-type field). For a non-IP
packet, the packet CoS is used if the packet is tagged. For an untagged
packet, the default port CoS value is used.

I'd say that since the PC sends untagged traffic, its markings would be
ignored. switchport's mls qos cos VALUE setting would be use to override
non-existing COS and finally COS-to-DSCP map applied to decide about final
DSCP marking for such packet. do you agree?

regards
kobel

On Sat, Jan 29, 2011 at 16:41, Friderich Claude cfrider...@netcore.luwrote:

  Hi Miron,



 I have made some tests regarding your statements.



 I have a 3750 switch version 12.2(44)SE6. - Cisco IOS Software, C3750
 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE
 (fc1)





 *As Roger said, QoS SRND is outdated.*



 I have configured the port 14 as below :

 switchport access vlan 30

  switchport mode access

  switchport voice vlan 20

  srr-queue bandwidth share 10 10 60 20

  priority-queue out

  mls qos trust device cisco-phone

  mls qos trust dscp

  auto qos voip cisco-phone

  spanning-tree portfast

  service-policy input AutoQoS-Police-CiscoPhone



 I put my PC on this port and as you can see below the port is not trusted
 thanks to the mls qos trust device Cisco-phone

 My service-policy and mls qos trust cmd are  still there even after
 rebooting the switch.





 HQ-3750#show mls qos interface giga 1/0/14

 GigabitEthernet1/0/14

 Attached policy-map for Ingress: AutoQoS-Police-CiscoPhone

 trust state: not trusted

 trust mode: trust dscp

 trust enabled flag: dis

 COS override: dis

 default COS: 0

 DSCP Mutation Map: Default DSCP Mutation Map

 Trust device: cisco-phone

 qos mode: port-based



 *In this case*, I just trust DSCP without mls qos trust device Cisco-phone

 As you can see, the port is trusted as I put my PC on this interface.



 interface GigabitEthernet1/0/12

  description LapTop VMWare

  switchport access vlan 30

  switchport mode access

  mls qos trust dscp

  spanning-tree portfast



 HQ-3750#show mls qos interface giga 1/0/12

 GigabitEthernet1/0/12

 trust state: trust dscp

 trust mode: trust dscp

 trust enabled flag: ena

 COS override: dis

 default COS: 0

 DSCP Mutation Map: Default DSCP Mutation Map

 Trust device: none

 qos mode: port-based



 So to resume, service-policy and mls qos trust device Cisco-phone  can be
 configured together without removing mls qos trust command as you put the
 service-policy command.

 Reboot the switch, same config still there, no modifications.



 As we trust dscp, a rogue PC is not going to be trusted if you put the mls
 qos trust device cisco-phone. (and this cmd is not removed J). So I think
 this is what you(we) expect, isn’t it ?



 Best Regards,



 Claude.





 *Claude Friderich*

 *PreSales Support*

 *[image: ccvp_voice_sm]***

 *NETCORE PSF S.A.***

 49 rue du Baerendall

 B.P.65 L-8201 Mamer

 Téléphone: 31 33 80-407

 Fax: 31 33 80 8-407

 GSM: 621 303 616

 E-mail: cfrider...@netcore.lu



 *From:* ccie_voice-boun...@onlinestudylist.com [mailto:
 ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski
 *Sent:* jeudi 27 janvier 2011 19:49
 *To:* Roger Källberg
 *Cc:* ccie_voice@onlinestudylist.com
 *Subject:* Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust
 commands on the same port



 Thanks Roger, I need to check this in my lab. Have you tried to save the
 config and reload the switch to see if this configuration persists?

 Any idea since which IOS version this is possible? Is it available in the
 3750 software used in the actual lab (version is not under NDA?)

 regards
 kobel

 2011/1/27 Roger Källberg roger.kallb...@cygate.se

 Hi Kobel,

 I belive that the QoS SRND have it wrong, or at least is outdated, in this
 case.



 I used this configuration on PL's 3750 during my study for the lab.



 class-map match-all MGCP
  match access-group 101
 class-map match-all AutoQoS-VoIP-RTP-Trust
  match ip dscp ef
 class-map match-all AutoQoS-VoIP-Control-Trust
  match ip dscp cs3  af31
 !
 !
 policy-map Police-MGCP
  class MGCP
   set dscp cs3
   police 16000 8000 exceed-action policed-dscp-transmit
 policy-map AutoQoS-Police-CiscoPhone
  class AutoQoS-VoIP-RTP-Trust
   set dscp ef
   police 32 8000 exceed-action policed-dscp-transmit
  class AutoQoS-VoIP-Control-Trust
   set dscp cs3
   police 32000 8000 exceed-action policed-dscp-transmit

 !

 interface FastEthernet1/0/1
  switchport trunk

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[Miron Kobelski]

Hi Steve,

thanks for confirmation.

regards
kobel

On Wed, Jan 26, 2011 at 23:05, Steve Denney (stdenney)
stden...@cisco.comwrote:

 To answer your second question - the Enterprise QoS SRND is here:


 http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html



 AFAIK it’s not accessible via the support URL available to you in the lab (
 http://www.cisco.com/cisco/web/psa/default.html) – which is why they give
 you a pdf copy on the candidate desktop.



___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[Miron Kobelski]

Hi Matthew,

I agree about the cos part, adding that you can control the cos value for PC
connected to the phone using switchport priority extend command with 4
options:
 * trust
 * don't trust
 * overwrite with specific cos value
 * by default - overwrite with COS 0

But the question is, how DSCP markings from the PC are handled with this
configuration? I understand that IP phone marks its RTP and signaling
packets with both COS and DSCP and you can choose on the switchport which
one you want to trust. But what about the PC markings? PC can only mark
using DSCP (no 802.1q header between PC and IP phone).
What happens when I decide to trust DSCP in such situation? Both markings
from the PC and IP phone are trusted? This would constitute weak solution,
since I don't want rogue PC to send all it's traffic as EF... any idea?

regards
kobel

On Thu, Jan 27, 2011 at 00:15, matt...@ciscovoiceguru.com 
matt...@ciscovoiceguru.com wrote:

 If you set mls qos trust cos then CoS markings will be preserved;
 however, any DSCP marking will be written to 0.

 The same holds true for mls qos trust dscp.  Any packet entering the
 switch with a CoS marking will be written to 0.

 That is why you have cos-to-dscp and dscp-to-cos mappings.  This allows the
 packet to essentially become a blank slate, delete L2/L3 QoS values, and
 remap them.



___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port

[Miron Kobelski]

Thanks Roger, I need to check this in my lab. Have you tried to save the
config and reload the switch to see if this configuration persists?

Any idea since which IOS version this is possible? Is it available in the
3750 software used in the actual lab (version is not under NDA?)

regards
kobel

2011/1/27 Roger Källberg roger.kallb...@cygate.se

  Hi Kobel,
 I belive that the QoS SRND have it wrong, or at least is outdated, in this
 case.

 I used this configuration on PL's 3750 during my study for the lab.

 class-map match-all MGCP
  match access-group 101
 class-map match-all AutoQoS-VoIP-RTP-Trust
  match ip dscp ef
 class-map match-all AutoQoS-VoIP-Control-Trust
  match ip dscp cs3  af31
 !
 !
 policy-map Police-MGCP
  class MGCP
   set dscp cs3
   police 16000 8000 exceed-action policed-dscp-transmit
 policy-map AutoQoS-Police-CiscoPhone
  class AutoQoS-VoIP-RTP-Trust
   set dscp ef
   police 32 8000 exceed-action policed-dscp-transmit
  class AutoQoS-VoIP-Control-Trust
   set dscp cs3
   police 32000 8000 exceed-action policed-dscp-transmit
 !
 interface FastEthernet1/0/1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  speed 100
  duplex full
  srr-queue bandwidth share 10 10 60 20
  priority-queue out
  mls qos trust dscp
  auto qos voip trust
  service-policy input Police-MGCP
 !
 interface FastEthernet1/0/2
  switchport access vlan 10
  switchport mode access
  switchport voice vlan 20
  srr-queue bandwidth share 10 10 60 20
  priority-queue out
  mls qos trust device cisco-phone
  mls qos trust cos
  auto qos voip cisco-phone
  spanning-tree portfast
  service-policy input AutoQoS-Police-CiscoPhone
 !
 access-list 101 permit udp any any eq 2427
 access-list 101 permit udp any eq 2427 any
 access-list 101 permit tcp any any eq 2428
 access-list 101 permit tcp any eq 2428 any

 As you can see it has both mls qos trust cos and service-policy input
 AutoQoS-Police-CiscoPhone or mls qos trust dscp and service-policy input
 Police-MGCP attached to the same interface, and this works as expected.

 This can also be seen in vol2 PG for the labs that has this requirement.
  Sincerely

  *Roger Källberg*
 CCIE #26199 (Voice)
 Consultant
 Cygate AB
 Eric Perssons väg 21, SE-217 62 MALMÖ

  --
 *Från:* Miron Kobelski [findko...@gmail.com]
 *Skickat:* den 26 januari 2011 19:07
 *Till:* ccie_voice@onlinestudylist.com
 *Ämne:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust
 commands on the same port

  Hello,

 I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
 trust DSCP markings from the Cisco IP phone, which can be accomplished with:

 mls qos trust device cisco-phone
 mls qos trust dscp

 But 5.3 requires policing and remarking using service-policy for the same
 switch port.
 In the Enterprise QoS SRND page 106 we have:

 At the time of writing, the Catalyst 2970/3560/3750 does not support a
 trust statement (such as mls qos
 trust device cisco-phone) in conjunction with a service-policy input
 statement applied to given port at
 the same time. While this may be configurable, if the switch is reset, one
 or the other statement may be
 removed when the switch reloads. This limitation is to be addressed;
 consult the latest Catalyst
 2970/3560/3750 QoS documentation for updates on this limitation

 PG's solution seems to ignore this fact. What's your opinion on this? I was
 unable to find anything on this in the archive.

 BTW, how can I find QoS SRND via cisco.com documentation portal?

 regards
 kobel



___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[Miron Kobelski]

After refering to documentation:

*mls qos trust dscp*
Classify an ingress packet by using the packet DSCP value (most significant
6 bits of 8-bit service-type field). For a non-IP packet, the packet CoS is
used if the packet is tagged. For an untagged packet, the default port CoS
value is used.

So:
mls qos trust device cisco-phone
mls qos trust dscp
should trust DSCP sent by IP phone, but remark everything from the PC
(native vlan) to 0 by default or whatever is configured with mls qos cos X

Comments apprieciated ;)
kobel

On Thu, Jan 27, 2011 at 19:46, Miron Kobelski findko...@gmail.com wrote:

 Hi Matthew,

 I agree about the cos part, adding that you can control the cos value for
 PC connected to the phone using switchport priority extend command with 4
 options:
  * trust
  * don't trust
  * overwrite with specific cos value
  * by default - overwrite with COS 0

 But the question is, how DSCP markings from the PC are handled with this
 configuration? I understand that IP phone marks its RTP and signaling
 packets with both COS and DSCP and you can choose on the switchport which
 one you want to trust. But what about the PC markings? PC can only mark
 using DSCP (no 802.1q header between PC and IP phone).
 What happens when I decide to trust DSCP in such situation? Both markings
 from the PC and IP phone are trusted? This would constitute weak solution,
 since I don't want rogue PC to send all it's traffic as EF... any idea?

 regards
 kobel


 On Thu, Jan 27, 2011 at 00:15, matt...@ciscovoiceguru.com 
 matt...@ciscovoiceguru.com wrote:

 If you set mls qos trust cos then CoS markings will be preserved;
 however, any DSCP marking will be written to 0.

 The same holds true for mls qos trust dscp.  Any packet entering the
 switch with a CoS marking will be written to 0.

 That is why you have cos-to-dscp and dscp-to-cos mappings.  This allows
 the packet to essentially become a blank slate, delete L2/L3 QoS values,
 and remap them.




___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos

[romain mullier]

Hey Roberto,

I haven't read the whole thread so I may be irrelevant here but if you want
to match RTP packets your access list 125 should be udp instead of tcp.

cheers.

Romain

On Thu, Jan 27, 2011 at 6:23 PM, Roberto Reyes Alanis rre...@plannet.com.mx
 wrote:

 We need remember that we can use ACL for marking, and we can classify the
 traffic that come from IP Phones (voice vlan), and traffic that come from PC
 (data vlan), and trust or remark inside of policy map, and also I think that
 the answer is the match-all of the class map. For example:



 Voice vlan 192.168.1.0

 Data Vlan  192.168.2.0



 If you Want differentiation over RTP packet, you can configure something
 like this.



 access-list 125 permit tcp any range 16384 32767 any

 access-list 125 permit tcp any any range 16384 32767



 access-list 126 permit ip 192.168.1.0 0.0.0.255 any

 access-list 126 permit ip any 192.168.1.0 0.0.0.255



 access-list 127 permit ip 192.168.2.0 0.0.0.255 any

 access-list 127 permit ip any 192.168.2.0 0.0.0.255



 class-map match-all RTP-Phones

   match access-group 125

   match access-group 126



 class-map match-all RTP-PC

   match access-group 125

   match access-group 126

 policy-map Voice

 class RTP-Phones

   set dscp ef

 class RTP-PC

   set dscp AF11





 And you know the rest…




 _

 Greetings



 Hi Matthew,



 I agree about the cos part, adding that you can control the cos value for
 PC connected to the phone using switchport priority extend command with 4

 options:

 * trust

 * don't trust

 * overwrite with specific cos value

 * by default - overwrite with COS 0



 But the question is, how DSCP markings from the PC are handled with this
 configuration? I understand that IP phone marks its RTP and signaling
 packets with both COS and DSCP and you can choose on the switchport which
 one you want to trust. But what about the PC markings? PC can only mark
 using DSCP (no 802.1q header between PC and IP phone).

 What happens when I decide to trust DSCP in such situation? Both markings
 from the PC and IP phone are trusted? This would constitute weak solution,
 since I don't want rogue PC to send all it's traffic as EF... any idea?



 regards

 kobel


 _

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com


___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

[OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port

[Miron Kobelski]

Hello,

I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
trust DSCP markings from the Cisco IP phone, which can be accomplished with:

mls qos trust device cisco-phone
mls qos trust dscp

But 5.3 requires policing and remarking using service-policy for the same
switch port.
In the Enterprise QoS SRND page 106 we have:

At the time of writing, the Catalyst 2970/3560/3750 does not support a trust
statement (such as mls qos
trust device cisco-phone) in conjunction with a service-policy input
statement applied to given port at
the same time. While this may be configurable, if the switch is reset, one
or the other statement may be
removed when the switch reloads. This limitation is to be addressed; consult
the latest Catalyst
2970/3560/3750 QoS documentation for updates on this limitation

PG's solution seems to ignore this fact. What's your opinion on this? I was
unable to find anything on this in the archive.

BTW, how can I find QoS SRND via cisco.com documentation portal?

regards
kobel
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port

[ccieid1ot]

Correct me if I'm wrong, isn't trusting the ports setting the ingress and
service policy is setting on egress?

duy
ccie #27737 voice

tmobile g2
On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote:
 Hello,

 I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
 trust DSCP markings from the Cisco IP phone, which can be accomplished
with:

 mls qos trust device cisco-phone
 mls qos trust dscp

 But 5.3 requires policing and remarking using service-policy for the same
 switch port.
 In the Enterprise QoS SRND page 106 we have:

 At the time of writing, the Catalyst 2970/3560/3750 does not support a
trust
 statement (such as mls qos
 trust device cisco-phone) in conjunction with a service-policy input
 statement applied to given port at
 the same time. While this may be configurable, if the switch is reset, one
 or the other statement may be
 removed when the switch reloads. This limitation is to be addressed;
consult
 the latest Catalyst
 2970/3560/3750 QoS documentation for updates on this limitation

 PG's solution seems to ignore this fact. What's your opinion on this? I
was
 unable to find anything on this in the archive.

 BTW, how can I find QoS SRND via cisco.com documentation portal?

 regards
 kobel
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port

[ccieid1ot]

On your other question, the qos srnd is placed on the desktop.

duy
ccie #27737 voice

tmobile g2
On Jan 26, 2011 1:32 PM, ccieid1ot ccieid...@gmail.com wrote:
 Correct me if I'm wrong, isn't trusting the ports setting the ingress and
 service policy is setting on egress?

 duy
 ccie #27737 voice

 tmobile g2
 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote:
 Hello,

 I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
 trust DSCP markings from the Cisco IP phone, which can be accomplished
 with:

 mls qos trust device cisco-phone
 mls qos trust dscp

 But 5.3 requires policing and remarking using service-policy for the same
 switch port.
 In the Enterprise QoS SRND page 106 we have:

 At the time of writing, the Catalyst 2970/3560/3750 does not support a
 trust
 statement (such as mls qos
 trust device cisco-phone) in conjunction with a service-policy input
 statement applied to given port at
 the same time. While this may be configurable, if the switch is reset,
one
 or the other statement may be
 removed when the switch reloads. This limitation is to be addressed;
 consult
 the latest Catalyst
 2970/3560/3750 QoS documentation for updates on this limitation

 PG's solution seems to ignore this fact. What's your opinion on this? I
 was
 unable to find anything on this in the archive.

 BTW, how can I find QoS SRND via cisco.com documentation portal?

 regards
 kobel
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port

[Miron Kobelski]

I agree that QoS SRND should be available on desktop, but it bothers me that
I don't know how to find it on cisco.com...

On switch you configure service policy for ingress:
https://tools.cisco.com/Support/CLILookup/cltSearchAction.do?AT=gDBM=tCN=%22service-policy%22IndexOptionId=All%20index%20OPtionsIndexId=Catalyst
 service-policy

Use the service-policy interface configuration command on the switch stack
or on a standalone switch to apply a policy map defined by the policy-map
command to the input of a port. Use the no form of this command to remove
the policy map and port association.

regards
kobel

On Wed, Jan 26, 2011 at 20:32, ccieid1ot ccieid...@gmail.com wrote:

 Correct me if I'm wrong, isn't trusting the ports setting the ingress and
 service policy is setting on egress?

 duy
 ccie #27737 voice

 tmobile g2
 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote:
  Hello,
 
  I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
  trust DSCP markings from the Cisco IP phone, which can be accomplished
 with:
 
  mls qos trust device cisco-phone
  mls qos trust dscp
 
  But 5.3 requires policing and remarking using service-policy for the same
  switch port.
  In the Enterprise QoS SRND page 106 we have:
 
  At the time of writing, the Catalyst 2970/3560/3750 does not support a
 trust
  statement (such as mls qos
  trust device cisco-phone) in conjunction with a service-policy input
  statement applied to given port at
  the same time. While this may be configurable, if the switch is reset,
 one
  or the other statement may be
  removed when the switch reloads. This limitation is to be addressed;
 consult
  the latest Catalyst
  2970/3560/3750 QoS documentation for updates on this limitation
 
  PG's solution seems to ignore this fact. What's your opinion on this? I
 was
  unable to find anything on this in the archive.
 
  BTW, how can I find QoS SRND via cisco.com documentation portal?
 
  regards
  kobel

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[Miron Kobelski]

With your configuration you would trust ANY dscp marking received from the
IP phone port. No matter if it was sent by cisco ip phone or a rogue PC
behind it.
You loose the benefit of conditional trust boundary... I suspect that these
tasks are contradictory.

regards
kobel


On Wed, Jan 26, 2011 at 21:28, Friderich Claude cfrider...@netcore.luwrote:

  Hello Miron,



 I agree with you and the same remark in the attached file p.4

 You can use either one of these three methods. You cannot use more than one
 method in a port. For example,

 you have configured the mls qos trust cos command on a port. When you
 configure the port with the

 service−policy input policy−map−name command, it removes the mls qos
 trust cos command

 automatically.



 I think we have to put the service-policy input policy-map with the
 following class-map in this policy-map



 policy-map myname

 class myname

 trust dscp



 and create the class before with a match ip dscp ef



 My opinion …. But remarks appreciated J



 Regards

 Claude



 *Claude Friderich*

 *PreSales Support*

 *[image: ccvp_voice_sm]***

 *NETCORE PSF S.A.***

 49 rue du Baerendall

 B.P.65 L-8201 Mamer

 Téléphone: 31 33 80-407

 Fax: 31 33 80 8-407

 GSM: 621 303 616

 E-mail: cfrider...@netcore.lu



 *From:* ccie_voice-boun...@onlinestudylist.com [mailto:
 ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski
 *Sent:* mercredi 26 janvier 2011 19:07
 *To:* ccie_voice@onlinestudylist.com
 *Subject:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos
 trustcommands on the same port



 Hello,

 I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
 trust DSCP markings from the Cisco IP phone, which can be accomplished with:

 mls qos trust device cisco-phone
 mls qos trust dscp

 But 5.3 requires policing and remarking using service-policy for the same
 switch port.
 In the Enterprise QoS SRND page 106 we have:

 At the time of writing, the Catalyst 2970/3560/3750 does not support a
 trust statement (such as mls qos
 trust device cisco-phone) in conjunction with a service-policy input
 statement applied to given port at
 the same time. While this may be configurable, if the switch is reset, one
 or the other statement may be
 removed when the switch reloads. This limitation is to be addressed;
 consult the latest Catalyst
 2970/3560/3750 QoS documentation for updates on this limitation

 PG's solution seems to ignore this fact. What's your opinion on this? I was
 unable to find anything on this in the archive.

 BTW, how can I find QoS SRND via cisco.com documentation portal?

 regards
 kobel



 --

 This email was Anti Virus checked.


image001.gif___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[Miron Kobelski]

But giving it a second thought... If you have mls qos trust device
cisco-phone on the same port there is a chance it could work as you expect.
But I'd believe it, if I saw this in cisco docs :)


On Wed, Jan 26, 2011 at 21:31, Miron Kobelski findko...@gmail.com wrote:

 With your configuration you would trust ANY dscp marking received from the
 IP phone port. No matter if it was sent by cisco ip phone or a rogue PC
 behind it.
 You loose the benefit of conditional trust boundary... I suspect that these
 tasks are contradictory.

 regards
 kobel



 On Wed, Jan 26, 2011 at 21:28, Friderich Claude cfrider...@netcore.luwrote:

  Hello Miron,



 I agree with you and the same remark in the attached file p.4

 You can use either one of these three methods. You cannot use more than
 one method in a port. For example,

 you have configured the mls qos trust cos command on a port. When you
 configure the port with the

 service−policy input policy−map−name command, it removes the mls qos
 trust cos command

 automatically.



 I think we have to put the service-policy input policy-map with the
 following class-map in this policy-map



 policy-map myname

 class myname

 trust dscp



 and create the class before with a match ip dscp ef



 My opinion …. But remarks appreciated J



 Regards

 Claude



 *Claude Friderich*

 *PreSales Support*

 *[image: ccvp_voice_sm]***

 *NETCORE PSF S.A.***

 49 rue du Baerendall

 B.P.65 L-8201 Mamer

 Téléphone: 31 33 80-407

 Fax: 31 33 80 8-407

 GSM: 621 303 616

 E-mail: cfrider...@netcore.lu



 *From:* ccie_voice-boun...@onlinestudylist.com [mailto:
 ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski
 *Sent:* mercredi 26 janvier 2011 19:07
 *To:* ccie_voice@onlinestudylist.com
 *Subject:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos
 trustcommands on the same port



 Hello,

 I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally
 trust DSCP markings from the Cisco IP phone, which can be accomplished with:

 mls qos trust device cisco-phone
 mls qos trust dscp

 But 5.3 requires policing and remarking using service-policy for the same
 switch port.
 In the Enterprise QoS SRND page 106 we have:

 At the time of writing, the Catalyst 2970/3560/3750 does not support a
 trust statement (such as mls qos
 trust device cisco-phone) in conjunction with a service-policy input
 statement applied to given port at
 the same time. While this may be configurable, if the switch is reset, one
 or the other statement may be
 removed when the switch reloads. This limitation is to be addressed;
 consult the latest Catalyst
 2970/3560/3750 QoS documentation for updates on this limitation

 PG's solution seems to ignore this fact. What's your opinion on this? I
 was unable to find anything on this in the archive.

 BTW, how can I find QoS SRND via cisco.com documentation portal?

 regards
 kobel



 --

 This email was Anti Virus checked.



image001.gif___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[Steve Denney (stdenney)]

To answer your second question - the Enterprise QoS SRND is here:

http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html

 

AFAIK it’s not accessible via the support URL available to you in the lab 
(http://www.cisco.com/cisco/web/psa/default.html) – which is why they give you 
a pdf copy on the candidate desktop.

 

cheers, sd

 

From: ccie_voice-boun...@onlinestudylist.com 
[mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of Miron Kobelski
Sent: Wednesday, January 26, 2011 1:07 PM
To: ccie_voice@onlinestudylist.com
Subject: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on 
the same port

 

Hello,

I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust 
DSCP markings from the Cisco IP phone, which can be accomplished with:

mls qos trust device cisco-phone
mls qos trust dscp

But 5.3 requires policing and remarking using service-policy for the same 
switch port.
In the Enterprise QoS SRND page 106 we have:

At the time of writing, the Catalyst 2970/3560/3750 does not support a trust 
statement (such as mls qos 
trust device cisco-phone) in conjunction with a service-policy input statement 
applied to given port at 
the same time. While this may be configurable, if the switch is reset, one or 
the other statement may be 
removed when the switch reloads. This limitation is to be addressed; consult 
the latest Catalyst 
2970/3560/3750 QoS documentation for updates on this limitation

PG's solution seems to ignore this fact. What's your opinion on this? I was 
unable to find anything on this in the archive.

BTW, how can I find QoS SRND via cisco.com documentation portal?

regards
kobel



___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port

[matt...@ciscovoiceguru.com]

If you set mls qos trust cos then CoS markings will be preserved; however, 
any DSCP marking will be written to 0.

The same holds true for mls qos trust dscp.  Any packet entering the switch 
with a CoS marking will be written to 0.

That is why you have cos-to-dscp and dscp-to-cos mappings.  This allows the 
packet to essentially become a blank slate, delete L2/L3 QoS values, and 
remap them.

 

Matthew Berry, CCIE #26721

Email: matt...@ciscovoiceguru.com
Twitter: http://twitter.com/CiscoVoiceGuru
Blog: http://ciscovoiceguru.com

On Jan 26, 2011, at 2:57 PM, Miron Kobelski wrote:

 Now I'm not sure any longer ;)
 
 when you have on a switch port:
 mls qos trust device cisco-phone
 mls qos trust cos
 
 the COS sent by phone is trusted, PC COS markings are trusted or not 
 depending on switchport priority extend command.
 But I have no idea how it behaves when DSCP markings are conditionally 
 trusted, as switchport priority extends' seem to work only with COS.
 
 Any ideas? It's late here, I will try to read some docs about this tommorow.
 
 regards
 kobel
 
 
 
 
 On Wed, Jan 26, 2011 at 21:46, Friderich Claude cfrider...@netcore.lu wrote:
 OK
 
 So you mean that with mls qos trust dscp, all traffic form pc port is going 
 to be marked to dscp 0 and should be a better solution for a rogue device 
 behind the phone … correct me if I’m wrong …
 
 Regards
 
 Claude.
 
  
 Claude Friderich
 
 PreSales Support
 
 image001.gif
 
 NETCORE PSF S.A.
 
 49 rue du Baerendall
 
 B.P.65 L-8201 Mamer
 
 Téléphone: 31 33 80-407
 
 Fax: 31 33 80 8-407
 
 GSM: 621 303 616
 
 E-mail: cfrider...@netcore.lu
 ___
 For more information regarding industry leading CCIE Lab training, please 
 visit www.ipexpert.com

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Police

[Miron Kobelski]

Afaik,  it's not supported
--
Sent from my mobile device.

Am 09.07.2010 23:41 schrieb Mark Holloway m...@markholloway.com:

I'm attempting to police VoIP signaling on Fast1/0/1 of a 3750 switch that
is configured as a trunk port connecting to the HQ router.  I can't apply
the service-policy in the output direction.  Am I thinking about this the
wrong way because I can apply it in the inbound direction.

# show run

interface FastEthernet1/0/1
 description ** To R1-HQ Gigabit Ethernet 0/0 **
 switchport trunk encapsulation dot1q
 switchport mode trunk

HQ-3750(config-if)#service-policy output VOIP-SIGNAL

police command is not supported for this interface
The interface does not support the specified policy configuration and/or
parameter values.
Warning: Assigning a policy map to the output side of an interface not
supported



HQ-3750(config-if)#service-policy input VOIP-SIGNAL
HQ-3750(config-if)#do sh run

interface FastEthernet1/0/1
 description ** R1-HQ Gigabit Ethernet 0/0 **
 switchport trunk encapsulation dot1q
 switchport mode trunk
 service-policy input VOIP-SIGNAL

mls qos map policed-dscp  24 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos

class-map match-any SIGNAL
 match ip dscp cs3

policy-map VOIP-SIGNAL
 class SIGNAL
 police 32000 8000 exceed-action policed-dscp-transmit



___
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

[OSL | CCIE_Voice] 3750 QoS Police

[Mark Holloway]

I'm attempting to police VoIP signaling on Fast1/0/1 of a 3750 switch that is 
configured as a trunk port connecting to the HQ router.  I can't apply the 
service-policy in the output direction.  Am I thinking about this the wrong way 
because I can apply it in the inbound direction.

# show run

interface FastEthernet1/0/1
 description ** To R1-HQ Gigabit Ethernet 0/0 **
 switchport trunk encapsulation dot1q
 switchport mode trunk

HQ-3750(config-if)#service-policy output VOIP-SIGNAL

police command is not supported for this interface
The interface does not support the specified policy configuration and/or 
parameter values.
Warning: Assigning a policy map to the output side of an interface not supported



HQ-3750(config-if)#service-policy input VOIP-SIGNAL
HQ-3750(config-if)#do sh run

interface FastEthernet1/0/1
 description ** R1-HQ Gigabit Ethernet 0/0 **
 switchport trunk encapsulation dot1q
 switchport mode trunk
 service-policy input VOIP-SIGNAL

mls qos map policed-dscp  24 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos

class-map match-any SIGNAL
 match ip dscp cs3 

policy-map VOIP-SIGNAL
 class SIGNAL
  police 32000 8000 exceed-action policed-dscp-transmit



___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Farkas Péter]

At earlier time AF31 was the prefered PHB for voice 
signaling, but the latest rule is CS3. The reason is because AF PHB can mark 
down or drop packages in contrast of CS PHB.

hey, in the
!  police 32 8000 exceed-action policed-dscp-transmit
command the 8000 means burst volume not degradation to 8k of speed.

Peter
  - Original Message - 
  From: Alex Hannah 
  To: Michael Ciarfello 
  Cc: ccie_voice@onlinestudylist.com ; Farkas Péter 
  Sent: Thursday, November 12, 2009 8:11 AM
  Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question


  Michael,

  My understanding was older CUCM servers ( 4.x and early 5.x ) sent signalling 
out at AF31, also I thought I remembered something about CIPC not sending 
traffic out with right markings.  I was trying to do a catch all to match any 
type of signaling be it either CS3 or AF31.  

  And the police statement I have verified on my 2811 running 12.4(22) T2 ( 
Same as v3 lab last month ).  So I believe this to be correct.  What exactly 
did you mean by checking it to meet ONLY my requirements?  The exceed action 
would remark traffic above 32k down to 8k correct?  

  Thanks again,

  Alex


  2009/11/11 Michael Ciarfello mciarfe...@iplogic.com

That's looking better.  Check your policed-dscp line to ONLY meet your 
requirements.

Check the command reference and 3750 Switch COnfiguration guide - QoS 
chapter on that police command. I haven't looked at that or remember if it's 
correct.

Pay attention to what Farkas said.  Look at other documents to find the 
source of that.  Maybe the document I mentioned above on what he is saying is 
in there.

Why CS3 and AF31?  If you have a home lab or a partial home lab, use a 
sniffer and sniff around.  Let us know what you find.



From: ccie_voice-boun...@onlinestudylist.com 
[ccie_voice-boun...@onlinestudylist.com] On Behalf Of Alex Hannah 
[alex.han...@gmail.com]
Sent: Wednesday, November 11, 2009 6:56 PM

To: Farkas P¨¦ter
Cc: ccie_voice@onlinestudylist.com 

Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question



Michael and Farkas,

Okay, I have thought about what you mentioned.  Here is my revised 
approach.  Let me know what you think about this way:

!
mls qos map policed-dscp  0 24 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos
!
!
class-map match-any SCCP-Traffic
  match ip dscp cs3  af31 
!
!
policy-map POLICE-MAP
  class SCCP-Traffic
police 32 8000 exceed-action policed-dscp-transmit
   set dscp cs3
!
!
interface FastEthernet0/6
  service-policy input POLICE-MAP
!

What is the signifigance of matching both ip dscp cs3  af31?  Since I have 
match-any will it match on both?  New CUCM 7.x servers should send SCCP out at 
cs3 correct?   

Thanks,

Alex



2009/11/11 Farkas P¨¦ter wormh...@sch.bme.hu

  AutoQoS cannot be configured until service-policy is attached to the 
interface so you cannot use it for correction. Also, AutoQos does not work on 
Eth.


  - Original Message -
  From: Michael Ciarfello mciarfe...@iplogic.com
  Date: Wednesday, November 11, 2009 8:56 pm
  Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question
  To: Alex Hannah alex.han...@gmail.com, ccie_voice@onlinestudylist.com 
ccie_voice@onlinestudylist.com


   Here are some hints for you to research:
  
I believe there is an error in one of the class-maps.  See if you can 
find it or agree.
  
I believe you have too much extra stuff configured, let’s eliminate 
the unneeded stuff.
  
How about use match IP protocol instead of access-lists?
  
Are you sure your access-list is correct for the inbound / outbound 
traffic you have?
  
I think the data vlan people are going to be pissed and complain about 
slowness.  I know it’s
   a lab.  I believe you can get the entire config down to a much simplier 
10-15 lines instead of
   all the stuff you have.
  

From: ccie_voice-boun...@onlinestudylist.com [ On Behalf Of Alex Hannah

Sent: Wednesday, November 11, 2009 2:41 PM
To: ccie_voice@onlinestudylist.com
Subject: [OSL | CCIE_Voice] 3750 QoS Question
  
Hello everyone.
  
I am attempting to create the following QoS policy on a 3750  port 
with an IP Phone plugged in
   behind it.
  
The policy will police signalling ( SCCP ) 32k down to 8k and remark 
to DSCP 8.  I have read
   through most of the SRND guide for the 3750, the model I am following 
is the:
  
2970/3560/3750–Conditionally-Trusted IP Phone + PC + Scavenger (Basic) 
Model Configuration on
   page 105 of the 3.3 QoS SRND.
  
Can anyone validate my work below and let me know if you think this 
meets those requirements?
   Also, in this scenerio, Auto

[OSL | CCIE_Voice] 3750 QoS Question

[Alex Hannah]

Hello everyone.

I am attempting to create the following QoS policy on a 3750  port with an
IP Phone plugged in behind it.

The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP
8.  I have read through most of the SRND guide for the 3750, the model I am
following is the:

2970/3560/3750—Conditionally-Trusted IP Phone + PC + Scavenger (Basic) Model
Configuration on page 105 of the 3.3 QoS SRND.

Can anyone validate my work below and let me know if you think this meets
those requirements?  Also, in this scenerio, Auto Qos would not need to be
applied over top of it correct?

mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos map policed-dscp 0 24 to 8

class-map match-all VVLAN-VOICE
 !Was in SRND but not using match access-group name VVLAN-VOICE
 match ip dscp ef

class-map match-all VVLAN-CALL-SIGNALING
 !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING
 match ip dscp cs3 af31

class-map match-all VVLAN-ANY
  match access-group name VVLAN-ANY

policy-map IPPHONE+PC-BASIC
 class VVLAN-VOICE
  set ip dscp 46
  police 128000 8000
  exceed-action drop
 class VVLAN-CALL-SIGNALING
  set ip dscp 24
  police 32000 8000
  exceed-action policed-dscp-transmit
 class VVLAN-ANY
  set ip dscp 0
  police 32000 8000
  exceed-action policed-dscp-transmit

 class class-default
  set ip dscp 0
  police 500 8000
  exceed-action policed-dscp-transmit

interface FastEthernet0/1
 service-policy input IPPHONE+PC-BASIC

ip access list extended VVLAN-VOICE
 permit udp x.x.x.x 0.0.0.255 any range 16384 32767

ip access list extended VVLAN-CALL-SIGNALING
 permit tcp x.x.x.x 0.0.0.255 any range 2000 2002

ip access list extended VVLAN-ANY
 permit ip x.x.x.x 0.0.0.255 any



Thanks,

Alex

 *


*
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Michael Ciarfello]

Here are some hints for you to research:

I believe there is an error in one of the class-maps.  See if you can find it 
or agree.

I believe you have too much extra stuff configured, let’s eliminate the 
unneeded stuff.

How about use match IP protocol instead of access-lists?

Are you sure your access-list is correct for the inbound / outbound traffic you 
have?

I think the data vlan people are going to be pissed and complain about 
slowness.  I know it’s a lab.  I believe you can get the entire config down to 
a much simplier 10-15 lines instead of all the stuff you have.

From: ccie_voice-boun...@onlinestudylist.com 
[mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of Alex Hannah
Sent: Wednesday, November 11, 2009 2:41 PM
To: ccie_voice@onlinestudylist.com
Subject: [OSL | CCIE_Voice] 3750 QoS Question

Hello everyone.

I am attempting to create the following QoS policy on a 3750  port with an IP 
Phone plugged in behind it.

The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 8. 
 I have read through most of the SRND guide for the 3750, the model I am 
following is the:

2970/3560/3750—Conditionally-Trusted IP Phone + PC + Scavenger (Basic) Model 
Configuration on page 105 of the 3.3 QoS SRND.

Can anyone validate my work below and let me know if you think this meets those 
requirements?  Also, in this scenerio, Auto Qos would not need to be applied 
over top of it correct?

mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos map policed-dscp 0 24 to 8

class-map match-all VVLAN-VOICE
 !Was in SRND but not using match access-group name VVLAN-VOICE
 match ip dscp ef

class-map match-all VVLAN-CALL-SIGNALING
 !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING
 match ip dscp cs3 af31

class-map match-all VVLAN-ANY
  match access-group name VVLAN-ANY

policy-map IPPHONE+PC-BASIC
 class VVLAN-VOICE
  set ip dscp 46
  police 128000 8000
  exceed-action drop
 class VVLAN-CALL-SIGNALING
  set ip dscp 24
  police 32000 8000
  exceed-action policed-dscp-transmit
 class VVLAN-ANY
  set ip dscp 0
  police 32000 8000
  exceed-action policed-dscp-transmit

 class class-default
  set ip dscp 0
  police 500 8000
  exceed-action policed-dscp-transmit

interface FastEthernet0/1
 service-policy input IPPHONE+PC-BASIC

ip access list extended VVLAN-VOICE
 permit udp x.x.x.x 0.0.0.255 any range 16384 32767

ip access list extended VVLAN-CALL-SIGNALING
 permit tcp x.x.x.x 0.0.0.255 any range 2000 2002

ip access list extended VVLAN-ANY
 permit ip x.x.x.x 0.0.0.255 any



Thanks,

Alex　

　

　

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Alex Hannah]

Michael and Farkas,

Okay, I have thought about what you mentioned.  Here is my revised
approach.  Let me know what you think about this way:

!
mls qos map policed-dscp  0 24 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos
!
!
class-map match-any SCCP-Traffic
  match ip dscp cs3  af31
!
!
policy-map POLICE-MAP
  class SCCP-Traffic
police 32 8000 exceed-action policed-dscp-transmit
   set dscp cs3
!
!
interface FastEthernet0/6
  service-policy input POLICE-MAP
!

What is the signifigance of matching both ip dscp cs3  af31?  Since I have
match-any will it match on both?  New CUCM 7.x servers should send SCCP out
at cs3 correct?

Thanks,

Alex


2009/11/11 Farkas Péter wormh...@sch.bme.hu

 AutoQoS cannot be configured until service-policy is attached to the
 interface so you cannot use it for correction. Also, AutoQos does not work
 on Eth.

 - Original Message -
 From: Michael Ciarfello mciarfe...@iplogic.com
 Date: Wednesday, November 11, 2009 8:56 pm
 Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question
 To: Alex Hannah alex.han...@gmail.com, ccie_voice@onlinestudylist.com
 ccie_voice@onlinestudylist.com


  Here are some hints for you to research:
 
   I believe there is an error in one of the class-maps.  See if you can
 find it or agree.
 
   I believe you have too much extra stuff configured, let’s eliminate the
 unneeded stuff.
 
   How about use match IP protocol instead of access-lists?
 
   Are you sure your access-list is correct for the inbound / outbound
 traffic you have?
 
   I think the data vlan people are going to be pissed and complain about
 slowness.  I know it’s
  a lab.  I believe you can get the entire config down to a much simplier
 10-15 lines instead of
  all the stuff you have.
 
   From: ccie_voice-boun...@onlinestudylist.com [ On Behalf Of Alex Hannah
Sent: Wednesday, November 11, 2009 2:41 PM
   To: ccie_voice@onlinestudylist.com
   Subject: [OSL | CCIE_Voice] 3750 QoS Question
 
   Hello everyone.
 
   I am attempting to create the following QoS policy on a 3750  port with
 an IP Phone plugged in
  behind it.
 
   The policy will police signalling ( SCCP ) 32k down to 8k and remark to
 DSCP 8.  I have read
  through most of the SRND guide for the 3750, the model I am following is
 the:
 
   2970/3560/3750–Conditionally-Trusted IP Phone + PC + Scavenger (Basic)
 Model Configuration on
  page 105 of the 3.3 QoS SRND.
 
   Can anyone validate my work below and let me know if you think this
 meets those requirements?
  Also, in this scenerio, Auto Qos would not need to be applied over top of
 it correct?
 
   mls qos map cos-dscp 0 8 16 24 32 46 48 56
   mls qos map policed-dscp 0 24 to 8
 
   class-map match-all VVLAN-VOICE
!Was in SRND but not using match access-group name VVLAN-VOICE
match ip dscp ef
 
   class-map match-all VVLAN-CALL-SIGNALING
!Was in SRND but not using match access-group name
 VVLAN-CALL-SIGNALLING
match ip dscp cs3 af31
 
   class-map match-all VVLAN-ANY
 match access-group name VVLAN-ANY
 
   policy-map IPPHONE+PC-BASIC
class VVLAN-VOICE
 set ip dscp 46
 police 128000 8000
 exceed-action drop
class VVLAN-CALL-SIGNALING
 set ip dscp 24
 police 32000 8000
 exceed-action policed-dscp-transmit
class VVLAN-ANY
 set ip dscp 0
 police 32000 8000
 exceed-action policed-dscp-transmit
 
class class-default
 set ip dscp 0
 police 500 8000
 exceed-action policed-dscp-transmit
 
   interface FastEthernet0/1
service-policy input IPPHONE+PC-BASIC
 
   ip access list extended VVLAN-VOICE
permit udp x.x.x.x 0.0.0.255 any range 16384 32767
 
   ip access list extended VVLAN-CALL-SIGNALING
permit tcp x.x.x.x 0.0.0.255 any range 2000 2002
 
   ip access list extended VVLAN-ANY
permit ip x.x.x.x 0.0.0.255 any
 
 
 
   Thanks,
 
   Alex
 
 
 
 
 
  ___
   For more information regarding industry leading CCIE Lab training,
 please visit www.ipexpert.com

___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Michael Ciarfello]

That's looking better.  Check your policed-dscp line to ONLY meet your 
requirements.

Check the command reference and 3750 Switch COnfiguration guide - QoS chapter 
on that police command. I haven't looked at that or remember if it's correct.

Pay attention to what Farkas said.  Look at other documents to find the source 
of that.  Maybe the document I mentioned above on what he is saying is in there.

Why CS3 and AF31?  If you have a home lab or a partial home lab, use a sniffer 
and sniff around.  Let us know what you find.

From: ccie_voice-boun...@onlinestudylist.com 
[ccie_voice-boun...@onlinestudylist.com] On Behalf Of Alex Hannah 
[alex.han...@gmail.com]
Sent: Wednesday, November 11, 2009 6:56 PM
To: Farkas Péter
Cc: ccie_voice@onlinestudylist.com
Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question

Michael and Farkas,

Okay, I have thought about what you mentioned.  Here is my revised approach.  
Let me know what you think about this way:

!
mls qos map policed-dscp  0 24 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos
!
!
class-map match-any SCCP-Traffic
  match ip dscp cs3  af31
!
!
policy-map POLICE-MAP
  class SCCP-Traffic
police 32 8000 exceed-action policed-dscp-transmit
   set dscp cs3
!
!
interface FastEthernet0/6
  service-policy input POLICE-MAP
!

What is the signifigance of matching both ip dscp cs3  af31?  Since I have 
match-any will it match on both?  New CUCM 7.x servers should send SCCP out at 
cs3 correct?

Thanks,

Alex


2009/11/11 Farkas Péter wormh...@sch.bme.humailto:wormh...@sch.bme.hu
AutoQoS cannot be configured until service-policy is attached to the interface 
so you cannot use it for correction. Also, AutoQos does not work on Eth.

- Original Message -
From: Michael Ciarfello mciarfe...@iplogic.com
Date: Wednesday, November 11, 2009 8:56 pm
Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question
To: Alex Hannah alex.han...@gmail.commailto:alex.han...@gmail.com, 
ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com 
ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com


 Here are some hints for you to research:

  I believe there is an error in one of the class-maps.  See if you can find 
 it or agree.

  I believe you have too much extra stuff configured, let’s eliminate the 
 unneeded stuff.

  How about use match IP protocol instead of access-lists?

  Are you sure your access-list is correct for the inbound / outbound traffic 
 you have?

  I think the data vlan people are going to be pissed and complain about 
 slowness.  I know it’s
 a lab.  I believe you can get the entire config down to a much simplier 10-15 
 lines instead of
 all the stuff you have.

  From: 
 ccie_voice-boun...@onlinestudylist.commailto:ccie_voice-boun...@onlinestudylist.com
  [ On Behalf Of Alex Hannah
  Sent: Wednesday, November 11, 2009 2:41 PM
  To: ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com
  Subject: [OSL | CCIE_Voice] 3750 QoS Question

  Hello everyone.

  I am attempting to create the following QoS policy on a 3750  port with an 
 IP Phone plugged in
 behind it.

  The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 
 8.  I have read
 through most of the SRND guide for the 3750, the model I am following is the:

  2970/3560/3750�CConditionally-Trusted IP Phone + PC + Scavenger (Basic) 
 Model Configuration on
 page 105 of the 3.3 QoS SRND.

  Can anyone validate my work below and let me know if you think this meets 
 those requirements?
 Also, in this scenerio, Auto Qos would not need to be applied over top of it 
 correct?

  mls qos map cos-dscp 0 8 16 24 32 46 48 56
  mls qos map policed-dscp 0 24 to 8

  class-map match-all VVLAN-VOICE
   !Was in SRND but not using match access-group name VVLAN-VOICE
   match ip dscp ef

  class-map match-all VVLAN-CALL-SIGNALING
   !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING
   match ip dscp cs3 af31

  class-map match-all VVLAN-ANY
match access-group name VVLAN-ANY

  policy-map IPPHONE+PC-BASIC
   class VVLAN-VOICE
set ip dscp 46
police 128000 8000
exceed-action drop
   class VVLAN-CALL-SIGNALING
set ip dscp 24
police 32000 8000
exceed-action policed-dscp-transmit
   class VVLAN-ANY
set ip dscp 0
police 32000 8000
exceed-action policed-dscp-transmit

   class class-default
set ip dscp 0
police 500 8000
exceed-action policed-dscp-transmit

  interface FastEthernet0/1
   service-policy input IPPHONE+PC-BASIC

  ip access list extended VVLAN-VOICE
   permit udp x.x.x.x 0.0.0.255 any range 16384 32767

  ip access list extended VVLAN-CALL-SIGNALING
   permit tcp x.x.x.x 0.0.0.255 any range 2000 2002

  ip access list extended VVLAN-ANY
   permit ip x.x.x.x 0.0.0.255 any



  Thanks,

  Alex　





 ___
  For more information regarding industry leading CCIE Lab training, please 
 visit

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Michael Ciarfello]

oh!  Thanks for the hint Johnathan,
And there's the recording stream or silent monitoring stream!  Forgot about 
that one.  (x1 phones and above.)




From: ccie_voice-boun...@onlinestudylist.com 
[ccie_voice-boun...@onlinestudylist.com] On Behalf Of Jonathan Charles 
[jonv...@gmail.com]
Sent: Sunday, August 30, 2009 1:20 AM
To: James Key
Cc: ccie_voice@onlinestudylist.com
Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question

When would you ever have two active streams to a phone?

I can't think of a set of circumstances that would have more than one
RTP stream hitting a phone.



Jonathan

On Thu, Aug 27, 2009 at 11:07 AM, James Keyj...@jackhenry.com wrote:
 Anyone have any guidance on the questions below  I posted yesterday?



 -James



 From: ccie_voice-boun...@onlinestudylist.com
 [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key
 Sent: Wednesday, August 26, 2009 2:09 PM
 To: ccie_voice@onlinestudylist.com
 Subject: [OSL | CCIE_Voice] 3750 QoS Question



 Reading over the QoS SRND and trying to get a better understanding of 3750
 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with
 Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic
 as well as queuing, but am having some difficulty in understanding the
 theory behind the policing within the Policy-Maps.



 example:



 class-map match-all VVLAN-VOICE

 match access-group name VVLAN-VOICE



 class-map match-all VVLAN-CALL-SIGNALING

 match access-group name VVLAN-CALL-SIGNALING



 policy-map IPPHONE+PC-BASIC

 class VVLAN-VOICE

  set ip dscp 46

  police 128000 8000 exceed-action drop

 class VVLAN-CALL-SIGNALING

  set ip dscp 24

  police 32000 8000 exceed-action policed-dscp-transmit





 ip access list extended VVLAN-VOICE

 permit udp 10.1.110.0 0.0.0.255 any range 16384 32767



 ip access list extended VVLAN-CALL-SIGNALING

 permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002





 the comment for the police statement under class VVLAN-VOICE states that
 this will only allow one voice call per switchport VVLAN.   So my question
 is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so
 on concurrent call that may come from an IP Phone connected to a switchport
 with this policy?  Same question for the police statement under class
 VVLAN-CALL-SIGNALING.  Is it that any signaling traffic that exceeds 32k
 will be marked down to CS1?





 any clarification on this would be much appreciated!





 James







 NOTICE: This electronic mail message and any files transmitted with it are
 intended

 exclusively for the individual or entity to which it is addressed. The
 message,

 together with any attachment, may contain confidential and/or privileged
 information.

 Any unauthorized review, use, printing, saving, copying, disclosure or
 distribution

 is strictly prohibited. If you have received this message in error, please

 immediately advise the sender by reply email and delete all copies.

 NOTICE: This electronic mail message and any files transmitted with it are
 intended
 exclusively for the individual or entity to which it is addressed. The
 message,
 together with any attachment, may contain confidential and/or privileged
 information.
 Any unauthorized review, use, printing, saving, copying, disclosure or
 distribution
 is strictly prohibited. If you have received this message in error, please
 immediately advise the sender by reply email and delete all copies.

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com


___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Michael Ciarfello]

There should only be one call on a port.  UNLESS you are on your deskphone 
talking to a customer and VPN'ed into that customer's network using IP 
Communicator (PC connected to phone) to solve an issue on their system.  Then 
the policing policy (does that count as a repetitive redundancy?) breaks.  
Cisco is just trying to limit the amount of bandwidth coming into one specific 
port because we know a little bit about the traffic characteristics of some of 
the traffic (voice).  I think you know this, maybe not the exception I thought 
of above.

Yea, and that guy's article doesn't apply the service policy in on any 
interface.  And he's restricting data to 5Mb/s.  Let's all buy (or sell) 
expensive Gigabit phones (x5's) and restrict the network port to 5Mb.  Oh well. 
 First customer I did that on, I would be driving back over there to remove, 
I'd say in about 1 day.  That's not my comment on the bottom, but sounds right 
on.

Some more investigation is needed, but I think the statement allow one voice 
call per switchport VVLAN. means for each port that has a voice vlan defined, 
allow 128K RTP and 32K signaling. There's a bunch of restrictions they mention. 
 I would have to believe in 4 years later that these had to be taken care of.  
I'm using 122-35SE2.  Let's check some updated QoS documentation to see what's 
up.  I can try to look at this some more sometime later in the week.  I don't 
think we should follow too closely the SRND when it comes to the 3750 QoS.  
Maybe a combination of QoS SRND, then validate / update the info witht he CCM 
7.x SRND and whatever other QoS documents we can find on the 3750.



From: ccie_voice-boun...@onlinestudylist.com 
[ccie_voice-boun...@onlinestudylist.com] On Behalf Of Jeff Garvas [j...@cia.net]
Sent: Thursday, August 27, 2009 2:15 PM
To: James Key
Cc: ccie_voice@onlinestudylist.com
Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question


James,

I started to respond to this yesterday and realized I was going down the wrong 
path.   I did run into this article which I have not had a chance to digest yet:

http://www.networkworld.com/community/node/42427

It seems that they may be talking about the same exact example you're talking 
about.How is the policy being applied in your example so that it limits the 
calls per switch port?  Are you applying it at each interface inbound to the 
switch?

If I'm understanding this right I believe that unless you have some other form 
of CAC subsequent calls would cause all call audio to be poor due to drops (for 
all calls).  I'm not clear exactly on what is going to happen to the signaling 
traffic.

-Jeff



On Thu, Aug 27, 2009 at 12:07 PM, James Key 
j...@jackhenry.commailto:j...@jackhenry.com wrote:

Anyone have any guidance on the questions below  I posted yesterday?



-James



From: 
ccie_voice-boun...@onlinestudylist.commailto:ccie_voice-boun...@onlinestudylist.com
 
[mailto:ccie_voice-boun...@onlinestudylist.commailto:ccie_voice-boun...@onlinestudylist.com]
 On Behalf Of James Key
Sent: Wednesday, August 26, 2009 2:09 PM
To: ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com
Subject: [OSL | CCIE_Voice] 3750 QoS Question



Reading over the QoS SRND and trying to get a better understanding of 3750 QoS 
and more specifically, the Conditionally-Trusted IP Phone + PC with 
Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as 
well as queuing, but am having some difficulty in understanding the theory 
behind the policing within the Policy-Maps.



example:



class-map match-all VVLAN-VOICE

match access-group name VVLAN-VOICE



class-map match-all VVLAN-CALL-SIGNALING

match access-group name VVLAN-CALL-SIGNALING



policy-map IPPHONE+PC-BASIC

class VVLAN-VOICE

 set ip dscp 46

 police 128000 8000 exceed-action drop

class VVLAN-CALL-SIGNALING

 set ip dscp 24

 police 32000 8000 exceed-action policed-dscp-transmit





ip access list extended VVLAN-VOICE

permit udp 10.1.110.0 0.0.0.255 any range 16384 32767



ip access list extended VVLAN-CALL-SIGNALING

permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002





the comment for the police statement under class VVLAN-VOICE states that this 
will only allow one voice call per switchport VVLAN.   So my question is (I 
hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so on 
concurrent call that may come from an IP Phone connected to a switchport with 
this policy?  Same question for the police statement under class 
VVLAN-CALL-SIGNALING.  Is it that any signaling traffic that exceeds 32k will 
be marked down to CS1?





any clarification on this would be much appreciated!





James







NOTICE: This electronic mail message and any files transmitted with it are 
intended

exclusively for the individual or entity to which it is addressed. The message,

together with any attachment, may contain confidential and/or privileged 
information.

Any unauthorized review, use

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Jonathan Charles]

When would you ever have two active streams to a phone?

I can't think of a set of circumstances that would have more than one
RTP stream hitting a phone.



Jonathan

On Thu, Aug 27, 2009 at 11:07 AM, James Keyj...@jackhenry.com wrote:
 Anyone have any guidance on the questions below  I posted yesterday?



 -James



 From: ccie_voice-boun...@onlinestudylist.com
 [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key
 Sent: Wednesday, August 26, 2009 2:09 PM
 To: ccie_voice@onlinestudylist.com
 Subject: [OSL | CCIE_Voice] 3750 QoS Question



 Reading over the QoS SRND and trying to get a better understanding of 3750
 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with
 Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic
 as well as queuing, but am having some difficulty in understanding the
 theory behind the policing within the Policy-Maps.



 example:



 class-map match-all VVLAN-VOICE

 match access-group name VVLAN-VOICE



 class-map match-all VVLAN-CALL-SIGNALING

 match access-group name VVLAN-CALL-SIGNALING



 policy-map IPPHONE+PC-BASIC

 class VVLAN-VOICE

  set ip dscp 46

  police 128000 8000 exceed-action drop

 class VVLAN-CALL-SIGNALING

  set ip dscp 24

  police 32000 8000 exceed-action policed-dscp-transmit





 ip access list extended VVLAN-VOICE

 permit udp 10.1.110.0 0.0.0.255 any range 16384 32767



 ip access list extended VVLAN-CALL-SIGNALING

 permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002





 the comment for the police statement under class VVLAN-VOICE states that
 this will only allow one voice call per switchport VVLAN.   So my question
 is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so
 on concurrent call that may come from an IP Phone connected to a switchport
 with this policy?  Same question for the police statement under class
 VVLAN-CALL-SIGNALING.  Is it that any signaling traffic that exceeds 32k
 will be marked down to CS1?





 any clarification on this would be much appreciated!





 James







 NOTICE: This electronic mail message and any files transmitted with it are
 intended

 exclusively for the individual or entity to which it is addressed. The
 message,

 together with any attachment, may contain confidential and/or privileged
 information.

 Any unauthorized review, use, printing, saving, copying, disclosure or
 distribution

 is strictly prohibited. If you have received this message in error, please

 immediately advise the sender by reply email and delete all copies.

 NOTICE: This electronic mail message and any files transmitted with it are
 intended
 exclusively for the individual or entity to which it is addressed. The
 message,
 together with any attachment, may contain confidential and/or privileged
 information.
 Any unauthorized review, use, printing, saving, copying, disclosure or
 distribution
 is strictly prohibited. If you have received this message in error, please
 immediately advise the sender by reply email and delete all copies.

 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com


___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[James Key]

Anyone have any guidance on the questions below  I posted yesterday?

-James

From: ccie_voice-boun...@onlinestudylist.com 
[mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key
Sent: Wednesday, August 26, 2009 2:09 PM
To: ccie_voice@onlinestudylist.com
Subject: [OSL | CCIE_Voice] 3750 QoS Question

Reading over the QoS SRND and trying to get a better understanding of 3750 QoS 
and more specifically, the Conditionally-Trusted IP Phone + PC with 
Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as 
well as queuing, but am having some difficulty in understanding the theory 
behind the policing within the Policy-Maps.

example:

class-map match-all VVLAN-VOICE
match access-group name VVLAN-VOICE

class-map match-all VVLAN-CALL-SIGNALING
match access-group name VVLAN-CALL-SIGNALING

policy-map IPPHONE+PC-BASIC
class VVLAN-VOICE
 set ip dscp 46
 police 128000 8000 exceed-action drop
class VVLAN-CALL-SIGNALING
 set ip dscp 24
 police 32000 8000 exceed-action policed-dscp-transmit


ip access list extended VVLAN-VOICE
permit udp 10.1.110.0 0.0.0.255 any range 16384 32767

ip access list extended VVLAN-CALL-SIGNALING
permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002


the comment for the police statement under class VVLAN-VOICE states that this 
will only allow one voice call per switchport VVLAN.   So my question is (I 
hope this doesn't sound to dumb!), what happens to a 2nd,3rd, and so on 
concurrent call that may come from an IP Phone connected to a switchport with 
this policy?  Same question for the police statement under class 
VVLAN-CALL-SIGNALING.  Is it that any signaling traffic that exceeds 32k will 
be marked down to CS1?


any clarification on this would be much appreciated!


James




NOTICE: This electronic mail message and any files transmitted with it are 
intended

exclusively for the individual or entity to which it is addressed. The message,

together with any attachment, may contain confidential and/or privileged 
information.

Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution

is strictly prohibited. If you have received this message in error, please

immediately advise the sender by reply email and delete all copies.
NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Jeff Garvas]

James,

I started to respond to this yesterday and realized I was going down the
wrong path.   I did run into this article which I have not had a chance to
digest yet:

http://www.networkworld.com/community/node/42427

It seems that they may be talking about the same exact example you're
talking about.How is the policy being applied in your example so that it
limits the calls per switch port?  Are you applying it at each interface
inbound to the switch?

If I'm understanding this right I believe that unless you have some other
form of CAC subsequent calls would cause all call audio to be poor due to
drops (for all calls).  I'm not clear exactly on what is going to happen to
the signaling traffic.

-Jeff



On Thu, Aug 27, 2009 at 12:07 PM, James Key j...@jackhenry.com wrote:

  Anyone have any guidance on the questions below  I posted yesterday?



 -James



 *From:* ccie_voice-boun...@onlinestudylist.com [mailto:
 ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *James Key
 *Sent:* Wednesday, August 26, 2009 2:09 PM
 *To:* ccie_voice@onlinestudylist.com
 *Subject:* [OSL | CCIE_Voice] 3750 QoS Question



 Reading over the QoS SRND and trying to get a better understanding of 3750
 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with
 Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic
 as well as queuing, but am having some difficulty in understanding the
 theory behind the policing within the Policy-Maps.



 example:



 class-map match-all VVLAN-VOICE

 match access-group name VVLAN-VOICE



 class-map match-all VVLAN-CALL-SIGNALING

 match access-group name VVLAN-CALL-SIGNALING



 policy-map IPPHONE+PC-BASIC

 class VVLAN-VOICE

  set ip dscp 46

  police 128000 8000 exceed-action drop

 class VVLAN-CALL-SIGNALING

  set ip dscp 24

  police 32000 8000 exceed-action policed-dscp-transmit





 ip access list extended VVLAN-VOICE

 permit udp 10.1.110.0 0.0.0.255 any range 16384 32767



 ip access list extended VVLAN-CALL-SIGNALING

 permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002





 the comment for the police statement under class VVLAN-VOICE states that
 this will only allow one voice call per switchport VVLAN.   So my question
 is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so
 on concurrent call that may come from an IP Phone connected to a switchport
 with this policy?  Same question for the police statement under class
 VVLAN-CALL-SIGNALING.  Is it that any signaling traffic that exceeds 32k
 will be marked down to CS1?





 any clarification on this would be much appreciated!





 James







 NOTICE: This electronic mail message and any files transmitted with it are 
 intended

 exclusively for the individual or entity to which it is addressed. The 
 message,

 together with any attachment, may contain confidential and/or privileged 
 information.

 Any unauthorized review, use, printing, saving, copying, disclosure or 
 distribution

 is strictly prohibited. If you have received this message in error, please

 immediately advise the sender by reply email and delete all copies.

 NOTICE: This electronic mail message and any files transmitted with it are 
 intended
 exclusively for the individual or entity to which it is addressed. The 
 message,
 together with any attachment, may contain confidential and/or privileged 
 information.
 Any unauthorized review, use, printing, saving, copying, disclosure or 
 distribution
 is strictly prohibited. If you have received this message in error, please
 immediately advise the sender by reply email and delete all copies.


 ___
 For more information regarding industry leading CCIE Lab training, please
 visit www.ipexpert.com


___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Re: [OSL | CCIE_Voice] 3750 QoS Question

[Jeff Garvas]

James,

In the example you're looking at is there a mls qos map policed-dscp X to X
line?

I believe that defines the mark-down to CS1 (or otherwise) when
policed-dscp-transmit is used in an exceed action.

Thanks.  I just learned something new :)

-jeff
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

[OSL | CCIE_Voice] 3750 QoS Question

[James Key]

Reading over the QoS SRND and trying to get a better understanding of 3750 QoS 
and more specifically, the Conditionally-Trusted IP Phone + PC with 
Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as 
well as queuing, but am having some difficulty in understanding the theory 
behind the policing within the Policy-Maps.

example:

class-map match-all VVLAN-VOICE
match access-group name VVLAN-VOICE

class-map match-all VVLAN-CALL-SIGNALING
match access-group name VVLAN-CALL-SIGNALING

policy-map IPPHONE+PC-BASIC
class VVLAN-VOICE
 set ip dscp 46
 police 128000 8000 exceed-action drop
class VVLAN-CALL-SIGNALING
 set ip dscp 24
 police 32000 8000 exceed-action policed-dscp-transmit


ip access list extended VVLAN-VOICE
permit udp 10.1.110.0 0.0.0.255 any range 16384 32767

ip access list extended VVLAN-CALL-SIGNALING
permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002


the comment for the police statement under class VVLAN-VOICE states that this 
will only allow one voice call per switchport VVLAN.   So my question is (I 
hope this doesn't sound to dumb!), what happens to a 2nd,3rd, and so on 
concurrent call that may come from an IP Phone connected to a switchport with 
this policy?  Same question for the police statement under class 
VVLAN-CALL-SIGNALING.  Is it that any signaling traffic that exceeds 32k will 
be marked down to CS1?


any clarification on this would be much appreciated!


James



NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.
___
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com