[OSL | CCIE_Voice] 3750 QoS signalling MGCP
If I were trying to police MGCP signalling traffic from the HQ RTR would it be best to classify my traffic based on AF31, as this is the default signalling marking used by the gateway, or is there a better way? I dont have the option of NBAR on a catalyst switch, so i think my only other option would be an access list. I have tried to match the MGCP signalling traffic both the access list (TCP 2428 and UDP 2427) and also the dscp value of AF31 but not sure if i am actually achieving my objective. Then apply my policer as required in the policy-map that gets attached to the port connecting the router to the switch... Also, i have been playing with this configuration and since the Catalyst 3750 does not provide any matches when using the show policy-map interface fa1/0/1 command how would you all verify that mgcp signalling traffic is indeed being matched and thus policed by your policy map? routers are so much nicer becuase you can actually see if your class-maps are getting hit or not... thanks all steve ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 Qos Question
Please refer to the following great Posts, which will explain the SRR for you: http://blog.ine.com/2008/06/26/quick-notes-on-the-3560-egress-queuing/#more-141 http://blog.ine.com/2008/03/03/bridging-the-gap-between-3550-and-3560-qos-part-i/#more-84 On Wed, Dec 28, 2011 at 7:31 AM, Randall Crumm rrcr...@yahoo.com wrote: Hi, Can someone explain the command, mls qos srr-queue input bandwidth 4 4: a little and an example of having one queue with twice as much bandwidth as the oterh queue (or something like that). Thanks, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://www.platinumplacement.com/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 Qos Question
Thanks I saw an example and now it makes sense. I knew it was simple but I just wanted to make sure Randall Sent from my iPhone On Dec 28, 2011, at 12:42 AM, datucha123 datucha123 datucha...@gmail.com wrote: Please refer to the following great Posts, which will explain the SRR for you: http://blog.ine.com/2008/06/26/quick-notes-on-the-3560-egress-queuing/#more-141 http://blog.ine.com/2008/03/03/bridging-the-gap-between-3550-and-3560-qos-part-i/#more-84 On Wed, Dec 28, 2011 at 7:31 AM, Randall Crumm rrcr...@yahoo.com wrote: Hi, Can someone explain the command, mls qos srr-queue input bandwidth 4 4: a little and an example of having one queue with twice as much bandwidth as the oterh queue (or something like that). Thanks, Randall ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
[OSL | CCIE_Voice] 3750 Qos Question
Hi, Can someone explain the command, mls qos srr-queue input bandwidth 4 4: a little and an example of having one queue with twice as much bandwidth as the oterh queue (or something like that). Thanks, Randall___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
[OSL | CCIE_Voice] 3750 QoS
guys i have a question for your my questions is in regards to the shared bandwidth i know it's measured as a weight and whenever you have shape you ignore the value so the q2 in this case the weight is indeed 10 / (10+60+20) = so Q2 has 1/9 of the shared bandwidth right ? and this is how the config looks like interface FastEthernet0/1 switchport access vlan 6 switchport voice vlan 8 srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone spanning-tree portfast so if the bandwith needs to be shared on q2 40 %, q3 20%, q4 40% how could i calculate or know what do i need to put on srr-queue bandwidth share command will this be an accurate config srr-queue bandwidth share 0 40 20 40 ?? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 QoS
Answer your 1st question, its 1/10th. 2nd question is correct. duy ccie #27737 voice tmobile g2 On May 31, 2011 4:19 PM, Cristobal Priego cristobalpri...@gmail.com wrote: guys i have a question for your my questions is in regards to the shared bandwidth i know it's measured as a weight and whenever you have shape you ignore the value so the q2 in this case the weight is indeed 10 / (10+60+20) = so Q2 has 1/9 of the shared bandwidth right ? and this is how the config looks like interface FastEthernet0/1 switchport access vlan 6 switchport voice vlan 8 srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone spanning-tree portfast so if the bandwith needs to be shared on q2 40 %, q3 20%, q4 40% how could i calculate or know what do i need to put on srr-queue bandwidth share command will this be an accurate config srr-queue bandwidth share 0 40 20 40 ?? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 QoS
thank you 2011/5/31 ccieid1ot ccieid...@gmail.com Answer your 1st question, its 1/10th. 2nd question is correct. duy ccie #27737 voice tmobile g2 On May 31, 2011 4:19 PM, Cristobal Priego cristobalpri...@gmail.com wrote: guys i have a question for your my questions is in regards to the shared bandwidth i know it's measured as a weight and whenever you have shape you ignore the value so the q2 in this case the weight is indeed 10 / (10+60+20) = so Q2 has 1/9 of the shared bandwidth right ? and this is how the config looks like interface FastEthernet0/1 switchport access vlan 6 switchport voice vlan 8 srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone spanning-tree portfast so if the bandwith needs to be shared on q2 40 %, q3 20%, q4 40% how could i calculate or know what do i need to put on srr-queue bandwidth share command will this be an accurate config srr-queue bandwidth share 0 40 20 40 ?? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 QoS
R3(config)#class-map test R3(config-cmap)#match dscp R3(config-cmap)#match dscp ? 0-63 Differentiated services codepoint value af11 Match packets with AF11 dscp (001010) af12 Match packets with AF12 dscp (001100) af13 Match packets with AF13 dscp (001110) af21 Match packets with AF21 dscp (010010) af22 Match packets with AF22 dscp (010100) af23 Match packets with AF23 dscp (010110) af31 Match packets with AF31 dscp (011010) af32 Match packets with AF32 dscp (011100) af33 Match packets with AF33 dscp (00) * af41 Match packets with AF41 dscp (100010)* af42 Match packets with AF42 dscp (100100) af43 Match packets with AF43 dscp (100110) cs1 Match packets with CS1(precedence 1) dscp (001000) cs2 Match packets with CS2(precedence 2) dscp (01) cs3 Match packets with CS3(precedence 3) dscp (011000) cs4 Match packets with CS4(precedence 4) dscp (10) cs5 Match packets with CS5(precedence 5) dscp (101000) cs6 Match packets with CS6(precedence 6) dscp (11) cs7 Match packets with CS7(precedence 7) dscp (111000) default Match packets with default dscp (00) ef Match packets with EF dscp (101110) Example AF41 ... === use calculator from your PC to convert , u will get the correct value of 34? or manually count it =) On Fri, May 20, 2011 at 11:28 AM, Cristobal Priego cristobalpri...@gmail.com wrote: hello all I have a quick question for you how would you configure the outout queues so in case of congestion the packets marked with AFXY once they go from AF41 for example, to AF42, AF43 when those packets are remarked how would you send them to a different queue ? also what's the eassiest way to transform the AF values to DSCP values ? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 QoS
AFxy = 8*x + 2*y AF41 = 8*4 + 2*1 = DSCP 34 AF31 = 8*3 +2*1 = DSCP 26 best regards kobel On Fri, May 20, 2011 at 05:28, Cristobal Priego cristobalpri...@gmail.comwrote: hello all I have a quick question for you how would you configure the outout queues so in case of congestion the packets marked with AFXY once they go from AF41 for example, to AF42, AF43 when those packets are remarked how would you send them to a different queue ? also what's the eassiest way to transform the AF values to DSCP values ? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
Re: [OSL | CCIE_Voice] 3750 QoS
thank you guys that's the little formula that i needed 2011/5/22 Miron Kobelski findko...@gmail.com AFxy = 8*x + 2*y AF41 = 8*4 + 2*1 = DSCP 34 AF31 = 8*3 +2*1 = DSCP 26 best regards kobel On Fri, May 20, 2011 at 05:28, Cristobal Priego cristobalpri...@gmail.com wrote: hello all I have a quick question for you how would you configure the outout queues so in case of congestion the packets marked with AFXY once they go from AF41 for example, to AF42, AF43 when those packets are remarked how would you send them to a different queue ? also what's the eassiest way to transform the AF values to DSCP values ? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
[OSL | CCIE_Voice] 3750 QoS
hello all I have a quick question for you how would you configure the outout queues so in case of congestion the packets marked with AFXY once they go from AF41 for example, to AF42, AF43 when those packets are remarked how would you send them to a different queue ? also what's the eassiest way to transform the AF values to DSCP values ? thanks ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
[OSL | CCIE_Voice] 3750 QOS
I'm sure a lot of you have seen this document, but I thought I would share it to anyone who hasn't seen it: http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml This document has the best descriptions of all of the 3750 QOS features I have seen. Regards, Adam ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
WOW, this is what I call a serious investigation :) Thanks for this interesting input. This confirms my observations. In your opinion, what would be the results in such scenario: 1) conditional trust configured on the switch port: mls qos trust device cisco+ mls qos trust dscp 2) IP phone connected to the switchport 3) PC connected to IP phone 4) PC tags all traffic it sends with EF Documentation says: *mls qos trust dscp - *Classify an ingress packet by using the packet DSCP value (most significant 6 bits of 8-bit service-type field). For a non-IP packet, the packet CoS is used if the packet is tagged. For an untagged packet, the default port CoS value is used. I'd say that since the PC sends untagged traffic, its markings would be ignored. switchport's mls qos cos VALUE setting would be use to override non-existing COS and finally COS-to-DSCP map applied to decide about final DSCP marking for such packet. do you agree? regards kobel On Sat, Jan 29, 2011 at 16:41, Friderich Claude cfrider...@netcore.luwrote: Hi Miron, I have made some tests regarding your statements. I have a 3750 switch version 12.2(44)SE6. - Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1) *As Roger said, QoS SRND is outdated.* I have configured the port 14 as below : switchport access vlan 30 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust dscp auto qos voip cisco-phone spanning-tree portfast service-policy input AutoQoS-Police-CiscoPhone I put my PC on this port and as you can see below the port is not trusted thanks to the mls qos trust device Cisco-phone My service-policy and mls qos trust cmd are still there even after rebooting the switch. HQ-3750#show mls qos interface giga 1/0/14 GigabitEthernet1/0/14 Attached policy-map for Ingress: AutoQoS-Police-CiscoPhone trust state: not trusted trust mode: trust dscp trust enabled flag: dis COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map Trust device: cisco-phone qos mode: port-based *In this case*, I just trust DSCP without mls qos trust device Cisco-phone As you can see, the port is trusted as I put my PC on this interface. interface GigabitEthernet1/0/12 description LapTop VMWare switchport access vlan 30 switchport mode access mls qos trust dscp spanning-tree portfast HQ-3750#show mls qos interface giga 1/0/12 GigabitEthernet1/0/12 trust state: trust dscp trust mode: trust dscp trust enabled flag: ena COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation Map Trust device: none qos mode: port-based So to resume, service-policy and mls qos trust device Cisco-phone can be configured together without removing mls qos trust command as you put the service-policy command. Reboot the switch, same config still there, no modifications. As we trust dscp, a rogue PC is not going to be trusted if you put the mls qos trust device cisco-phone. (and this cmd is not removed J). So I think this is what you(we) expect, isn’t it ? Best Regards, Claude. *Claude Friderich* *PreSales Support* *[image: ccvp_voice_sm]*** *NETCORE PSF S.A.*** 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski *Sent:* jeudi 27 janvier 2011 19:49 *To:* Roger Källberg *Cc:* ccie_voice@onlinestudylist.com *Subject:* Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port Thanks Roger, I need to check this in my lab. Have you tried to save the config and reload the switch to see if this configuration persists? Any idea since which IOS version this is possible? Is it available in the 3750 software used in the actual lab (version is not under NDA?) regards kobel 2011/1/27 Roger Källberg roger.kallb...@cygate.se Hi Kobel, I belive that the QoS SRND have it wrong, or at least is outdated, in this case. I used this configuration on PL's 3750 during my study for the lab. class-map match-all MGCP match access-group 101 class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 ! ! policy-map Police-MGCP class MGCP set dscp cs3 police 16000 8000 exceed-action policed-dscp-transmit policy-map AutoQoS-Police-CiscoPhone class AutoQoS-VoIP-RTP-Trust set dscp ef police 32 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust set dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit ! interface FastEthernet1/0/1 switchport trunk
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
Hi Steve, thanks for confirmation. regards kobel On Wed, Jan 26, 2011 at 23:05, Steve Denney (stdenney) stden...@cisco.comwrote: To answer your second question - the Enterprise QoS SRND is here: http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html AFAIK it’s not accessible via the support URL available to you in the lab ( http://www.cisco.com/cisco/web/psa/default.html) – which is why they give you a pdf copy on the candidate desktop. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using switchport priority extend command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel On Thu, Jan 27, 2011 at 00:15, matt...@ciscovoiceguru.com matt...@ciscovoiceguru.com wrote: If you set mls qos trust cos then CoS markings will be preserved; however, any DSCP marking will be written to 0. The same holds true for mls qos trust dscp. Any packet entering the switch with a CoS marking will be written to 0. That is why you have cos-to-dscp and dscp-to-cos mappings. This allows the packet to essentially become a blank slate, delete L2/L3 QoS values, and remap them. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
Thanks Roger, I need to check this in my lab. Have you tried to save the config and reload the switch to see if this configuration persists? Any idea since which IOS version this is possible? Is it available in the 3750 software used in the actual lab (version is not under NDA?) regards kobel 2011/1/27 Roger Källberg roger.kallb...@cygate.se Hi Kobel, I belive that the QoS SRND have it wrong, or at least is outdated, in this case. I used this configuration on PL's 3750 during my study for the lab. class-map match-all MGCP match access-group 101 class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 ! ! policy-map Police-MGCP class MGCP set dscp cs3 police 16000 8000 exceed-action policed-dscp-transmit policy-map AutoQoS-Police-CiscoPhone class AutoQoS-VoIP-RTP-Trust set dscp ef police 32 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust set dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit ! interface FastEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk speed 100 duplex full srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust service-policy input Police-MGCP ! interface FastEthernet1/0/2 switchport access vlan 10 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone spanning-tree portfast service-policy input AutoQoS-Police-CiscoPhone ! access-list 101 permit udp any any eq 2427 access-list 101 permit udp any eq 2427 any access-list 101 permit tcp any any eq 2428 access-list 101 permit tcp any eq 2428 any As you can see it has both mls qos trust cos and service-policy input AutoQoS-Police-CiscoPhone or mls qos trust dscp and service-policy input Police-MGCP attached to the same interface, and this works as expected. This can also be seen in vol2 PG for the labs that has this requirement. Sincerely *Roger Källberg* CCIE #26199 (Voice) Consultant Cygate AB Eric Perssons väg 21, SE-217 62 MALMÖ -- *Från:* Miron Kobelski [findko...@gmail.com] *Skickat:* den 26 januari 2011 19:07 *Till:* ccie_voice@onlinestudylist.com *Ämne:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
After refering to documentation: *mls qos trust dscp* Classify an ingress packet by using the packet DSCP value (most significant 6 bits of 8-bit service-type field). For a non-IP packet, the packet CoS is used if the packet is tagged. For an untagged packet, the default port CoS value is used. So: mls qos trust device cisco-phone mls qos trust dscp should trust DSCP sent by IP phone, but remark everything from the PC (native vlan) to 0 by default or whatever is configured with mls qos cos X Comments apprieciated ;) kobel On Thu, Jan 27, 2011 at 19:46, Miron Kobelski findko...@gmail.com wrote: Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using switchport priority extend command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel On Thu, Jan 27, 2011 at 00:15, matt...@ciscovoiceguru.com matt...@ciscovoiceguru.com wrote: If you set mls qos trust cos then CoS markings will be preserved; however, any DSCP marking will be written to 0. The same holds true for mls qos trust dscp. Any packet entering the switch with a CoS marking will be written to 0. That is why you have cos-to-dscp and dscp-to-cos mappings. This allows the packet to essentially become a blank slate, delete L2/L3 QoS values, and remap them. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos
Hey Roberto, I haven't read the whole thread so I may be irrelevant here but if you want to match RTP packets your access list 125 should be udp instead of tcp. cheers. Romain On Thu, Jan 27, 2011 at 6:23 PM, Roberto Reyes Alanis rre...@plannet.com.mx wrote: We need remember that we can use ACL for marking, and we can classify the traffic that come from IP Phones (voice vlan), and traffic that come from PC (data vlan), and trust or remark inside of policy map, and also I think that the answer is the match-all of the class map. For example: Voice vlan 192.168.1.0 Data Vlan 192.168.2.0 If you Want differentiation over RTP packet, you can configure something like this. access-list 125 permit tcp any range 16384 32767 any access-list 125 permit tcp any any range 16384 32767 access-list 126 permit ip 192.168.1.0 0.0.0.255 any access-list 126 permit ip any 192.168.1.0 0.0.0.255 access-list 127 permit ip 192.168.2.0 0.0.0.255 any access-list 127 permit ip any 192.168.2.0 0.0.0.255 class-map match-all RTP-Phones match access-group 125 match access-group 126 class-map match-all RTP-PC match access-group 125 match access-group 126 policy-map Voice class RTP-Phones set dscp ef class RTP-PC set dscp AF11 And you know the rest… _ Greetings Hi Matthew, I agree about the cos part, adding that you can control the cos value for PC connected to the phone using switchport priority extend command with 4 options: * trust * don't trust * overwrite with specific cos value * by default - overwrite with COS 0 But the question is, how DSCP markings from the PC are handled with this configuration? I understand that IP phone marks its RTP and signaling packets with both COS and DSCP and you can choose on the switchport which one you want to trust. But what about the PC markings? PC can only mark using DSCP (no 802.1q header between PC and IP phone). What happens when I decide to trust DSCP in such situation? Both markings from the PC and IP phone are trusted? This would constitute weak solution, since I don't want rogue PC to send all it's traffic as EF... any idea? regards kobel _ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
[OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
Correct me if I'm wrong, isn't trusting the ports setting the ingress and service policy is setting on egress? duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote: Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
On your other question, the qos srnd is placed on the desktop. duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:32 PM, ccieid1ot ccieid...@gmail.com wrote: Correct me if I'm wrong, isn't trusting the ports setting the ingress and service policy is setting on egress? duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote: Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trust commands on the same port
I agree that QoS SRND should be available on desktop, but it bothers me that I don't know how to find it on cisco.com... On switch you configure service policy for ingress: https://tools.cisco.com/Support/CLILookup/cltSearchAction.do?AT=gDBM=tCN=%22service-policy%22IndexOptionId=All%20index%20OPtionsIndexId=Catalyst service-policy Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a port. Use the no form of this command to remove the policy map and port association. regards kobel On Wed, Jan 26, 2011 at 20:32, ccieid1ot ccieid...@gmail.com wrote: Correct me if I'm wrong, isn't trusting the ports setting the ingress and service policy is setting on egress? duy ccie #27737 voice tmobile g2 On Jan 26, 2011 1:21 PM, Miron Kobelski findko...@gmail.com wrote: Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
With your configuration you would trust ANY dscp marking received from the IP phone port. No matter if it was sent by cisco ip phone or a rogue PC behind it. You loose the benefit of conditional trust boundary... I suspect that these tasks are contradictory. regards kobel On Wed, Jan 26, 2011 at 21:28, Friderich Claude cfrider...@netcore.luwrote: Hello Miron, I agree with you and the same remark in the attached file p.4 You can use either one of these three methods. You cannot use more than one method in a port. For example, you have configured the mls qos trust cos command on a port. When you configure the port with the service−policy input policy−map−name command, it removes the mls qos trust cos command automatically. I think we have to put the service-policy input policy-map with the following class-map in this policy-map policy-map myname class myname trust dscp and create the class before with a match ip dscp ef My opinion …. But remarks appreciated J Regards Claude *Claude Friderich* *PreSales Support* *[image: ccvp_voice_sm]*** *NETCORE PSF S.A.*** 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski *Sent:* mercredi 26 janvier 2011 19:07 *To:* ccie_voice@onlinestudylist.com *Subject:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel -- This email was Anti Virus checked. image001.gif___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
But giving it a second thought... If you have mls qos trust device cisco-phone on the same port there is a chance it could work as you expect. But I'd believe it, if I saw this in cisco docs :) On Wed, Jan 26, 2011 at 21:31, Miron Kobelski findko...@gmail.com wrote: With your configuration you would trust ANY dscp marking received from the IP phone port. No matter if it was sent by cisco ip phone or a rogue PC behind it. You loose the benefit of conditional trust boundary... I suspect that these tasks are contradictory. regards kobel On Wed, Jan 26, 2011 at 21:28, Friderich Claude cfrider...@netcore.luwrote: Hello Miron, I agree with you and the same remark in the attached file p.4 You can use either one of these three methods. You cannot use more than one method in a port. For example, you have configured the mls qos trust cos command on a port. When you configure the port with the service−policy input policy−map−name command, it removes the mls qos trust cos command automatically. I think we have to put the service-policy input policy-map with the following class-map in this policy-map policy-map myname class myname trust dscp and create the class before with a match ip dscp ef My opinion …. But remarks appreciated J Regards Claude *Claude Friderich* *PreSales Support* *[image: ccvp_voice_sm]*** *NETCORE PSF S.A.*** 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *Miron Kobelski *Sent:* mercredi 26 janvier 2011 19:07 *To:* ccie_voice@onlinestudylist.com *Subject:* [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel -- This email was Anti Virus checked. image001.gif___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
To answer your second question - the Enterprise QoS SRND is here: http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html AFAIK it’s not accessible via the support URL available to you in the lab (http://www.cisco.com/cisco/web/psa/default.html) – which is why they give you a pdf copy on the candidate desktop. cheers, sd From: ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of Miron Kobelski Sent: Wednesday, January 26, 2011 1:07 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port Hello, I'm working on Vol2 Lab8 QoS section. Task 5.2 requires to conditionally trust DSCP markings from the Cisco IP phone, which can be accomplished with: mls qos trust device cisco-phone mls qos trust dscp But 5.3 requires policing and remarking using service-policy for the same switch port. In the Enterprise QoS SRND page 106 we have: At the time of writing, the Catalyst 2970/3560/3750 does not support a trust statement (such as mls qos trust device cisco-phone) in conjunction with a service-policy input statement applied to given port at the same time. While this may be configurable, if the switch is reset, one or the other statement may be removed when the switch reloads. This limitation is to be addressed; consult the latest Catalyst 2970/3560/3750 QoS documentation for updates on this limitation PG's solution seems to ignore this fact. What's your opinion on this? I was unable to find anything on this in the archive. BTW, how can I find QoS SRND via cisco.com documentation portal? regards kobel ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS: service-policy + mls qos trustcommands on the same port
If you set mls qos trust cos then CoS markings will be preserved; however, any DSCP marking will be written to 0. The same holds true for mls qos trust dscp. Any packet entering the switch with a CoS marking will be written to 0. That is why you have cos-to-dscp and dscp-to-cos mappings. This allows the packet to essentially become a blank slate, delete L2/L3 QoS values, and remap them. Matthew Berry, CCIE #26721 Email: matt...@ciscovoiceguru.com Twitter: http://twitter.com/CiscoVoiceGuru Blog: http://ciscovoiceguru.com On Jan 26, 2011, at 2:57 PM, Miron Kobelski wrote: Now I'm not sure any longer ;) when you have on a switch port: mls qos trust device cisco-phone mls qos trust cos the COS sent by phone is trusted, PC COS markings are trusted or not depending on switchport priority extend command. But I have no idea how it behaves when DSCP markings are conditionally trusted, as switchport priority extends' seem to work only with COS. Any ideas? It's late here, I will try to read some docs about this tommorow. regards kobel On Wed, Jan 26, 2011 at 21:46, Friderich Claude cfrider...@netcore.lu wrote: OK So you mean that with mls qos trust dscp, all traffic form pc port is going to be marked to dscp 0 and should be a better solution for a rogue device behind the phone … correct me if I’m wrong … Regards Claude. Claude Friderich PreSales Support image001.gif NETCORE PSF S.A. 49 rue du Baerendall B.P.65 L-8201 Mamer Téléphone: 31 33 80-407 Fax: 31 33 80 8-407 GSM: 621 303 616 E-mail: cfrider...@netcore.lu ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Police
Afaik, it's not supported -- Sent from my mobile device. Am 09.07.2010 23:41 schrieb Mark Holloway m...@markholloway.com: I'm attempting to police VoIP signaling on Fast1/0/1 of a 3750 switch that is configured as a trunk port connecting to the HQ router. I can't apply the service-policy in the output direction. Am I thinking about this the wrong way because I can apply it in the inbound direction. # show run interface FastEthernet1/0/1 description ** To R1-HQ Gigabit Ethernet 0/0 ** switchport trunk encapsulation dot1q switchport mode trunk HQ-3750(config-if)#service-policy output VOIP-SIGNAL police command is not supported for this interface The interface does not support the specified policy configuration and/or parameter values. Warning: Assigning a policy map to the output side of an interface not supported HQ-3750(config-if)#service-policy input VOIP-SIGNAL HQ-3750(config-if)#do sh run interface FastEthernet1/0/1 description ** R1-HQ Gigabit Ethernet 0/0 ** switchport trunk encapsulation dot1q switchport mode trunk service-policy input VOIP-SIGNAL mls qos map policed-dscp 24 to 8 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos class-map match-any SIGNAL match ip dscp cs3 policy-map VOIP-SIGNAL class SIGNAL police 32000 8000 exceed-action policed-dscp-transmit ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
[OSL | CCIE_Voice] 3750 QoS Police
I'm attempting to police VoIP signaling on Fast1/0/1 of a 3750 switch that is configured as a trunk port connecting to the HQ router. I can't apply the service-policy in the output direction. Am I thinking about this the wrong way because I can apply it in the inbound direction. # show run interface FastEthernet1/0/1 description ** To R1-HQ Gigabit Ethernet 0/0 ** switchport trunk encapsulation dot1q switchport mode trunk HQ-3750(config-if)#service-policy output VOIP-SIGNAL police command is not supported for this interface The interface does not support the specified policy configuration and/or parameter values. Warning: Assigning a policy map to the output side of an interface not supported HQ-3750(config-if)#service-policy input VOIP-SIGNAL HQ-3750(config-if)#do sh run interface FastEthernet1/0/1 description ** R1-HQ Gigabit Ethernet 0/0 ** switchport trunk encapsulation dot1q switchport mode trunk service-policy input VOIP-SIGNAL mls qos map policed-dscp 24 to 8 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos class-map match-any SIGNAL match ip dscp cs3 policy-map VOIP-SIGNAL class SIGNAL police 32000 8000 exceed-action policed-dscp-transmit ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
At earlier time AF31 was the prefered PHB for voice signaling, but the latest rule is CS3. The reason is because AF PHB can mark down or drop packages in contrast of CS PHB. hey, in the ! police 32 8000 exceed-action policed-dscp-transmit command the 8000 means burst volume not degradation to 8k of speed. Peter - Original Message - From: Alex Hannah To: Michael Ciarfello Cc: ccie_voice@onlinestudylist.com ; Farkas Péter Sent: Thursday, November 12, 2009 8:11 AM Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question Michael, My understanding was older CUCM servers ( 4.x and early 5.x ) sent signalling out at AF31, also I thought I remembered something about CIPC not sending traffic out with right markings. I was trying to do a catch all to match any type of signaling be it either CS3 or AF31. And the police statement I have verified on my 2811 running 12.4(22) T2 ( Same as v3 lab last month ). So I believe this to be correct. What exactly did you mean by checking it to meet ONLY my requirements? The exceed action would remark traffic above 32k down to 8k correct? Thanks again, Alex 2009/11/11 Michael Ciarfello mciarfe...@iplogic.com That's looking better. Check your policed-dscp line to ONLY meet your requirements. Check the command reference and 3750 Switch COnfiguration guide - QoS chapter on that police command. I haven't looked at that or remember if it's correct. Pay attention to what Farkas said. Look at other documents to find the source of that. Maybe the document I mentioned above on what he is saying is in there. Why CS3 and AF31? If you have a home lab or a partial home lab, use a sniffer and sniff around. Let us know what you find. From: ccie_voice-boun...@onlinestudylist.com [ccie_voice-boun...@onlinestudylist.com] On Behalf Of Alex Hannah [alex.han...@gmail.com] Sent: Wednesday, November 11, 2009 6:56 PM To: Farkas P¨¦ter Cc: ccie_voice@onlinestudylist.com Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question Michael and Farkas, Okay, I have thought about what you mentioned. Here is my revised approach. Let me know what you think about this way: ! mls qos map policed-dscp 0 24 to 8 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos ! ! class-map match-any SCCP-Traffic match ip dscp cs3 af31 ! ! policy-map POLICE-MAP class SCCP-Traffic police 32 8000 exceed-action policed-dscp-transmit set dscp cs3 ! ! interface FastEthernet0/6 service-policy input POLICE-MAP ! What is the signifigance of matching both ip dscp cs3 af31? Since I have match-any will it match on both? New CUCM 7.x servers should send SCCP out at cs3 correct? Thanks, Alex 2009/11/11 Farkas P¨¦ter wormh...@sch.bme.hu AutoQoS cannot be configured until service-policy is attached to the interface so you cannot use it for correction. Also, AutoQos does not work on Eth. - Original Message - From: Michael Ciarfello mciarfe...@iplogic.com Date: Wednesday, November 11, 2009 8:56 pm Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question To: Alex Hannah alex.han...@gmail.com, ccie_voice@onlinestudylist.com ccie_voice@onlinestudylist.com Here are some hints for you to research: I believe there is an error in one of the class-maps. See if you can find it or agree. I believe you have too much extra stuff configured, let’s eliminate the unneeded stuff. How about use match IP protocol instead of access-lists? Are you sure your access-list is correct for the inbound / outbound traffic you have? I think the data vlan people are going to be pissed and complain about slowness. I know it’s a lab. I believe you can get the entire config down to a much simplier 10-15 lines instead of all the stuff you have. From: ccie_voice-boun...@onlinestudylist.com [ On Behalf Of Alex Hannah Sent: Wednesday, November 11, 2009 2:41 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Hello everyone. I am attempting to create the following QoS policy on a 3750 port with an IP Phone plugged in behind it. The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 8. I have read through most of the SRND guide for the 3750, the model I am following is the: 2970/3560/3750–Conditionally-Trusted IP Phone + PC + Scavenger (Basic) Model Configuration on page 105 of the 3.3 QoS SRND. Can anyone validate my work below and let me know if you think this meets those requirements? Also, in this scenerio, Auto
[OSL | CCIE_Voice] 3750 QoS Question
Hello everyone. I am attempting to create the following QoS policy on a 3750 port with an IP Phone plugged in behind it. The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 8. I have read through most of the SRND guide for the 3750, the model I am following is the: 2970/3560/3750—Conditionally-Trusted IP Phone + PC + Scavenger (Basic) Model Configuration on page 105 of the 3.3 QoS SRND. Can anyone validate my work below and let me know if you think this meets those requirements? Also, in this scenerio, Auto Qos would not need to be applied over top of it correct? mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos map policed-dscp 0 24 to 8 class-map match-all VVLAN-VOICE !Was in SRND but not using match access-group name VVLAN-VOICE match ip dscp ef class-map match-all VVLAN-CALL-SIGNALING !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING match ip dscp cs3 af31 class-map match-all VVLAN-ANY match access-group name VVLAN-ANY policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit class VVLAN-ANY set ip dscp 0 police 32000 8000 exceed-action policed-dscp-transmit class class-default set ip dscp 0 police 500 8000 exceed-action policed-dscp-transmit interface FastEthernet0/1 service-policy input IPPHONE+PC-BASIC ip access list extended VVLAN-VOICE permit udp x.x.x.x 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp x.x.x.x 0.0.0.255 any range 2000 2002 ip access list extended VVLAN-ANY permit ip x.x.x.x 0.0.0.255 any Thanks, Alex * * ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
Here are some hints for you to research: I believe there is an error in one of the class-maps. See if you can find it or agree. I believe you have too much extra stuff configured, let’s eliminate the unneeded stuff. How about use match IP protocol instead of access-lists? Are you sure your access-list is correct for the inbound / outbound traffic you have? I think the data vlan people are going to be pissed and complain about slowness. I know it’s a lab. I believe you can get the entire config down to a much simplier 10-15 lines instead of all the stuff you have. From: ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of Alex Hannah Sent: Wednesday, November 11, 2009 2:41 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Hello everyone. I am attempting to create the following QoS policy on a 3750 port with an IP Phone plugged in behind it. The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 8. I have read through most of the SRND guide for the 3750, the model I am following is the: 2970/3560/3750—Conditionally-Trusted IP Phone + PC + Scavenger (Basic) Model Configuration on page 105 of the 3.3 QoS SRND. Can anyone validate my work below and let me know if you think this meets those requirements? Also, in this scenerio, Auto Qos would not need to be applied over top of it correct? mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos map policed-dscp 0 24 to 8 class-map match-all VVLAN-VOICE !Was in SRND but not using match access-group name VVLAN-VOICE match ip dscp ef class-map match-all VVLAN-CALL-SIGNALING !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING match ip dscp cs3 af31 class-map match-all VVLAN-ANY match access-group name VVLAN-ANY policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit class VVLAN-ANY set ip dscp 0 police 32000 8000 exceed-action policed-dscp-transmit class class-default set ip dscp 0 police 500 8000 exceed-action policed-dscp-transmit interface FastEthernet0/1 service-policy input IPPHONE+PC-BASIC ip access list extended VVLAN-VOICE permit udp x.x.x.x 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp x.x.x.x 0.0.0.255 any range 2000 2002 ip access list extended VVLAN-ANY permit ip x.x.x.x 0.0.0.255 any Thanks, Alex ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
Michael and Farkas, Okay, I have thought about what you mentioned. Here is my revised approach. Let me know what you think about this way: ! mls qos map policed-dscp 0 24 to 8 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos ! ! class-map match-any SCCP-Traffic match ip dscp cs3 af31 ! ! policy-map POLICE-MAP class SCCP-Traffic police 32 8000 exceed-action policed-dscp-transmit set dscp cs3 ! ! interface FastEthernet0/6 service-policy input POLICE-MAP ! What is the signifigance of matching both ip dscp cs3 af31? Since I have match-any will it match on both? New CUCM 7.x servers should send SCCP out at cs3 correct? Thanks, Alex 2009/11/11 Farkas Péter wormh...@sch.bme.hu AutoQoS cannot be configured until service-policy is attached to the interface so you cannot use it for correction. Also, AutoQos does not work on Eth. - Original Message - From: Michael Ciarfello mciarfe...@iplogic.com Date: Wednesday, November 11, 2009 8:56 pm Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question To: Alex Hannah alex.han...@gmail.com, ccie_voice@onlinestudylist.com ccie_voice@onlinestudylist.com Here are some hints for you to research: I believe there is an error in one of the class-maps. See if you can find it or agree. I believe you have too much extra stuff configured, let’s eliminate the unneeded stuff. How about use match IP protocol instead of access-lists? Are you sure your access-list is correct for the inbound / outbound traffic you have? I think the data vlan people are going to be pissed and complain about slowness. I know it’s a lab. I believe you can get the entire config down to a much simplier 10-15 lines instead of all the stuff you have. From: ccie_voice-boun...@onlinestudylist.com [ On Behalf Of Alex Hannah Sent: Wednesday, November 11, 2009 2:41 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Hello everyone. I am attempting to create the following QoS policy on a 3750 port with an IP Phone plugged in behind it. The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 8. I have read through most of the SRND guide for the 3750, the model I am following is the: 2970/3560/3750–Conditionally-Trusted IP Phone + PC + Scavenger (Basic) Model Configuration on page 105 of the 3.3 QoS SRND. Can anyone validate my work below and let me know if you think this meets those requirements? Also, in this scenerio, Auto Qos would not need to be applied over top of it correct? mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos map policed-dscp 0 24 to 8 class-map match-all VVLAN-VOICE !Was in SRND but not using match access-group name VVLAN-VOICE match ip dscp ef class-map match-all VVLAN-CALL-SIGNALING !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING match ip dscp cs3 af31 class-map match-all VVLAN-ANY match access-group name VVLAN-ANY policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit class VVLAN-ANY set ip dscp 0 police 32000 8000 exceed-action policed-dscp-transmit class class-default set ip dscp 0 police 500 8000 exceed-action policed-dscp-transmit interface FastEthernet0/1 service-policy input IPPHONE+PC-BASIC ip access list extended VVLAN-VOICE permit udp x.x.x.x 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp x.x.x.x 0.0.0.255 any range 2000 2002 ip access list extended VVLAN-ANY permit ip x.x.x.x 0.0.0.255 any Thanks, Alex ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
That's looking better. Check your policed-dscp line to ONLY meet your requirements. Check the command reference and 3750 Switch COnfiguration guide - QoS chapter on that police command. I haven't looked at that or remember if it's correct. Pay attention to what Farkas said. Look at other documents to find the source of that. Maybe the document I mentioned above on what he is saying is in there. Why CS3 and AF31? If you have a home lab or a partial home lab, use a sniffer and sniff around. Let us know what you find. From: ccie_voice-boun...@onlinestudylist.com [ccie_voice-boun...@onlinestudylist.com] On Behalf Of Alex Hannah [alex.han...@gmail.com] Sent: Wednesday, November 11, 2009 6:56 PM To: Farkas Péter Cc: ccie_voice@onlinestudylist.com Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question Michael and Farkas, Okay, I have thought about what you mentioned. Here is my revised approach. Let me know what you think about this way: ! mls qos map policed-dscp 0 24 to 8 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos ! ! class-map match-any SCCP-Traffic match ip dscp cs3 af31 ! ! policy-map POLICE-MAP class SCCP-Traffic police 32 8000 exceed-action policed-dscp-transmit set dscp cs3 ! ! interface FastEthernet0/6 service-policy input POLICE-MAP ! What is the signifigance of matching both ip dscp cs3 af31? Since I have match-any will it match on both? New CUCM 7.x servers should send SCCP out at cs3 correct? Thanks, Alex 2009/11/11 Farkas Péter wormh...@sch.bme.humailto:wormh...@sch.bme.hu AutoQoS cannot be configured until service-policy is attached to the interface so you cannot use it for correction. Also, AutoQos does not work on Eth. - Original Message - From: Michael Ciarfello mciarfe...@iplogic.com Date: Wednesday, November 11, 2009 8:56 pm Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question To: Alex Hannah alex.han...@gmail.commailto:alex.han...@gmail.com, ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com Here are some hints for you to research: I believe there is an error in one of the class-maps. See if you can find it or agree. I believe you have too much extra stuff configured, let’s eliminate the unneeded stuff. How about use match IP protocol instead of access-lists? Are you sure your access-list is correct for the inbound / outbound traffic you have? I think the data vlan people are going to be pissed and complain about slowness. I know it’s a lab. I believe you can get the entire config down to a much simplier 10-15 lines instead of all the stuff you have. From: ccie_voice-boun...@onlinestudylist.commailto:ccie_voice-boun...@onlinestudylist.com [ On Behalf Of Alex Hannah Sent: Wednesday, November 11, 2009 2:41 PM To: ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Hello everyone. I am attempting to create the following QoS policy on a 3750 port with an IP Phone plugged in behind it. The policy will police signalling ( SCCP ) 32k down to 8k and remark to DSCP 8. I have read through most of the SRND guide for the 3750, the model I am following is the: 2970/3560/3750�CConditionally-Trusted IP Phone + PC + Scavenger (Basic) Model Configuration on page 105 of the 3.3 QoS SRND. Can anyone validate my work below and let me know if you think this meets those requirements? Also, in this scenerio, Auto Qos would not need to be applied over top of it correct? mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos map policed-dscp 0 24 to 8 class-map match-all VVLAN-VOICE !Was in SRND but not using match access-group name VVLAN-VOICE match ip dscp ef class-map match-all VVLAN-CALL-SIGNALING !Was in SRND but not using match access-group name VVLAN-CALL-SIGNALLING match ip dscp cs3 af31 class-map match-all VVLAN-ANY match access-group name VVLAN-ANY policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit class VVLAN-ANY set ip dscp 0 police 32000 8000 exceed-action policed-dscp-transmit class class-default set ip dscp 0 police 500 8000 exceed-action policed-dscp-transmit interface FastEthernet0/1 service-policy input IPPHONE+PC-BASIC ip access list extended VVLAN-VOICE permit udp x.x.x.x 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp x.x.x.x 0.0.0.255 any range 2000 2002 ip access list extended VVLAN-ANY permit ip x.x.x.x 0.0.0.255 any Thanks, Alex ___ For more information regarding industry leading CCIE Lab training, please visit
Re: [OSL | CCIE_Voice] 3750 QoS Question
oh! Thanks for the hint Johnathan, And there's the recording stream or silent monitoring stream! Forgot about that one. (x1 phones and above.) From: ccie_voice-boun...@onlinestudylist.com [ccie_voice-boun...@onlinestudylist.com] On Behalf Of Jonathan Charles [jonv...@gmail.com] Sent: Sunday, August 30, 2009 1:20 AM To: James Key Cc: ccie_voice@onlinestudylist.com Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question When would you ever have two active streams to a phone? I can't think of a set of circumstances that would have more than one RTP stream hitting a phone. Jonathan On Thu, Aug 27, 2009 at 11:07 AM, James Keyj...@jackhenry.com wrote: Anyone have any guidance on the questions below I posted yesterday? -James From: ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key Sent: Wednesday, August 26, 2009 2:09 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Reading over the QoS SRND and trying to get a better understanding of 3750 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as well as queuing, but am having some difficulty in understanding the theory behind the policing within the Policy-Maps. example: class-map match-all VVLAN-VOICE match access-group name VVLAN-VOICE class-map match-all VVLAN-CALL-SIGNALING match access-group name VVLAN-CALL-SIGNALING policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ip access list extended VVLAN-VOICE permit udp 10.1.110.0 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002 the comment for the police statement under class VVLAN-VOICE states that this will only allow one voice call per switchport VVLAN. So my question is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so on concurrent call that may come from an IP Phone connected to a switchport with this policy? Same question for the police statement under class VVLAN-CALL-SIGNALING. Is it that any signaling traffic that exceeds 32k will be marked down to CS1? any clarification on this would be much appreciated! James NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
There should only be one call on a port. UNLESS you are on your deskphone talking to a customer and VPN'ed into that customer's network using IP Communicator (PC connected to phone) to solve an issue on their system. Then the policing policy (does that count as a repetitive redundancy?) breaks. Cisco is just trying to limit the amount of bandwidth coming into one specific port because we know a little bit about the traffic characteristics of some of the traffic (voice). I think you know this, maybe not the exception I thought of above. Yea, and that guy's article doesn't apply the service policy in on any interface. And he's restricting data to 5Mb/s. Let's all buy (or sell) expensive Gigabit phones (x5's) and restrict the network port to 5Mb. Oh well. First customer I did that on, I would be driving back over there to remove, I'd say in about 1 day. That's not my comment on the bottom, but sounds right on. Some more investigation is needed, but I think the statement allow one voice call per switchport VVLAN. means for each port that has a voice vlan defined, allow 128K RTP and 32K signaling. There's a bunch of restrictions they mention. I would have to believe in 4 years later that these had to be taken care of. I'm using 122-35SE2. Let's check some updated QoS documentation to see what's up. I can try to look at this some more sometime later in the week. I don't think we should follow too closely the SRND when it comes to the 3750 QoS. Maybe a combination of QoS SRND, then validate / update the info witht he CCM 7.x SRND and whatever other QoS documents we can find on the 3750. From: ccie_voice-boun...@onlinestudylist.com [ccie_voice-boun...@onlinestudylist.com] On Behalf Of Jeff Garvas [j...@cia.net] Sent: Thursday, August 27, 2009 2:15 PM To: James Key Cc: ccie_voice@onlinestudylist.com Subject: Re: [OSL | CCIE_Voice] 3750 QoS Question James, I started to respond to this yesterday and realized I was going down the wrong path. I did run into this article which I have not had a chance to digest yet: http://www.networkworld.com/community/node/42427 It seems that they may be talking about the same exact example you're talking about.How is the policy being applied in your example so that it limits the calls per switch port? Are you applying it at each interface inbound to the switch? If I'm understanding this right I believe that unless you have some other form of CAC subsequent calls would cause all call audio to be poor due to drops (for all calls). I'm not clear exactly on what is going to happen to the signaling traffic. -Jeff On Thu, Aug 27, 2009 at 12:07 PM, James Key j...@jackhenry.commailto:j...@jackhenry.com wrote: Anyone have any guidance on the questions below I posted yesterday? -James From: ccie_voice-boun...@onlinestudylist.commailto:ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.commailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key Sent: Wednesday, August 26, 2009 2:09 PM To: ccie_voice@onlinestudylist.commailto:ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Reading over the QoS SRND and trying to get a better understanding of 3750 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as well as queuing, but am having some difficulty in understanding the theory behind the policing within the Policy-Maps. example: class-map match-all VVLAN-VOICE match access-group name VVLAN-VOICE class-map match-all VVLAN-CALL-SIGNALING match access-group name VVLAN-CALL-SIGNALING policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ip access list extended VVLAN-VOICE permit udp 10.1.110.0 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002 the comment for the police statement under class VVLAN-VOICE states that this will only allow one voice call per switchport VVLAN. So my question is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so on concurrent call that may come from an IP Phone connected to a switchport with this policy? Same question for the police statement under class VVLAN-CALL-SIGNALING. Is it that any signaling traffic that exceeds 32k will be marked down to CS1? any clarification on this would be much appreciated! James NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use
Re: [OSL | CCIE_Voice] 3750 QoS Question
When would you ever have two active streams to a phone? I can't think of a set of circumstances that would have more than one RTP stream hitting a phone. Jonathan On Thu, Aug 27, 2009 at 11:07 AM, James Keyj...@jackhenry.com wrote: Anyone have any guidance on the questions below I posted yesterday? -James From: ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key Sent: Wednesday, August 26, 2009 2:09 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Reading over the QoS SRND and trying to get a better understanding of 3750 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as well as queuing, but am having some difficulty in understanding the theory behind the policing within the Policy-Maps. example: class-map match-all VVLAN-VOICE match access-group name VVLAN-VOICE class-map match-all VVLAN-CALL-SIGNALING match access-group name VVLAN-CALL-SIGNALING policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ip access list extended VVLAN-VOICE permit udp 10.1.110.0 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002 the comment for the police statement under class VVLAN-VOICE states that this will only allow one voice call per switchport VVLAN. So my question is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so on concurrent call that may come from an IP Phone connected to a switchport with this policy? Same question for the police statement under class VVLAN-CALL-SIGNALING. Is it that any signaling traffic that exceeds 32k will be marked down to CS1? any clarification on this would be much appreciated! James NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
Anyone have any guidance on the questions below I posted yesterday? -James From: ccie_voice-boun...@onlinestudylist.com [mailto:ccie_voice-boun...@onlinestudylist.com] On Behalf Of James Key Sent: Wednesday, August 26, 2009 2:09 PM To: ccie_voice@onlinestudylist.com Subject: [OSL | CCIE_Voice] 3750 QoS Question Reading over the QoS SRND and trying to get a better understanding of 3750 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as well as queuing, but am having some difficulty in understanding the theory behind the policing within the Policy-Maps. example: class-map match-all VVLAN-VOICE match access-group name VVLAN-VOICE class-map match-all VVLAN-CALL-SIGNALING match access-group name VVLAN-CALL-SIGNALING policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ip access list extended VVLAN-VOICE permit udp 10.1.110.0 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002 the comment for the police statement under class VVLAN-VOICE states that this will only allow one voice call per switchport VVLAN. So my question is (I hope this doesn't sound to dumb!), what happens to a 2nd,3rd, and so on concurrent call that may come from an IP Phone connected to a switchport with this policy? Same question for the police statement under class VVLAN-CALL-SIGNALING. Is it that any signaling traffic that exceeds 32k will be marked down to CS1? any clarification on this would be much appreciated! James NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
James, I started to respond to this yesterday and realized I was going down the wrong path. I did run into this article which I have not had a chance to digest yet: http://www.networkworld.com/community/node/42427 It seems that they may be talking about the same exact example you're talking about.How is the policy being applied in your example so that it limits the calls per switch port? Are you applying it at each interface inbound to the switch? If I'm understanding this right I believe that unless you have some other form of CAC subsequent calls would cause all call audio to be poor due to drops (for all calls). I'm not clear exactly on what is going to happen to the signaling traffic. -Jeff On Thu, Aug 27, 2009 at 12:07 PM, James Key j...@jackhenry.com wrote: Anyone have any guidance on the questions below I posted yesterday? -James *From:* ccie_voice-boun...@onlinestudylist.com [mailto: ccie_voice-boun...@onlinestudylist.com] *On Behalf Of *James Key *Sent:* Wednesday, August 26, 2009 2:09 PM *To:* ccie_voice@onlinestudylist.com *Subject:* [OSL | CCIE_Voice] 3750 QoS Question Reading over the QoS SRND and trying to get a better understanding of 3750 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as well as queuing, but am having some difficulty in understanding the theory behind the policing within the Policy-Maps. example: class-map match-all VVLAN-VOICE match access-group name VVLAN-VOICE class-map match-all VVLAN-CALL-SIGNALING match access-group name VVLAN-CALL-SIGNALING policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ip access list extended VVLAN-VOICE permit udp 10.1.110.0 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002 the comment for the police statement under class VVLAN-VOICE states that this will only allow one voice call per switchport VVLAN. So my question is (I hope this doesn’t sound to dumb!), what happens to a 2nd,3rd, and so on concurrent call that may come from an IP Phone connected to a switchport with this policy? Same question for the police statement under class VVLAN-CALL-SIGNALING. Is it that any signaling traffic that exceeds 32k will be marked down to CS1? any clarification on this would be much appreciated! James NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_Voice] 3750 QoS Question
James, In the example you're looking at is there a mls qos map policed-dscp X to X line? I believe that defines the mark-down to CS1 (or otherwise) when policed-dscp-transmit is used in an exceed action. Thanks. I just learned something new :) -jeff ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
[OSL | CCIE_Voice] 3750 QoS Question
Reading over the QoS SRND and trying to get a better understanding of 3750 QoS and more specifically, the Conditionally-Trusted IP Phone + PC with Scavenger-Class QoS (Basic) Model. I understand the ACLs and marking traffic as well as queuing, but am having some difficulty in understanding the theory behind the policing within the Policy-Maps. example: class-map match-all VVLAN-VOICE match access-group name VVLAN-VOICE class-map match-all VVLAN-CALL-SIGNALING match access-group name VVLAN-CALL-SIGNALING policy-map IPPHONE+PC-BASIC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ip access list extended VVLAN-VOICE permit udp 10.1.110.0 0.0.0.255 any range 16384 32767 ip access list extended VVLAN-CALL-SIGNALING permit tcp 10.1.110.0 0.0.0.255 any range 2000 2002 the comment for the police statement under class VVLAN-VOICE states that this will only allow one voice call per switchport VVLAN. So my question is (I hope this doesn't sound to dumb!), what happens to a 2nd,3rd, and so on concurrent call that may come from an IP Phone connected to a switchport with this policy? Same question for the police statement under class VVLAN-CALL-SIGNALING. Is it that any signaling traffic that exceeds 32k will be marked down to CS1? any clarification on this would be much appreciated! James NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com