Solved: Easy QoS switch ACE's with phone IP address

David Yang · ‎02-09-2017

Greetings!

It was noticed that Easy QoS is using IP addresses of the phones for matching ingress classes for VOICE and MM_CONF. The questions is how this configuration would be up to date if customer is adding new phones after QoS is applied to the switches? The voice traffic from the new phones would be marked as default. Would the ACE's be updated when customer choose to re-apply the same policy?

ip access-list extended prm-APIC_QOS_IN#VOICE__acl

PERMIT IP host 10.17.240.216 any dscp ef

PERMIT IP host 10.17.240.171 any dscp ef

PERMIT IP host 10.17.240.144 any dscp ef

PERMIT IP host 10.17.240.33 any dscp ef

PERMIT IP host 10.17.240.23 any dscp ef

PERMIT IP host 10.17.240.247 any dscp ef

PERMIT IP host 10.17.240.225 any dscp ef

Thanks,
Chubu

aradford · ‎02-10-2017

Great question.

have you seen the CVD for EQ?

The answer is APIC-EM periodically (25min by default) rediscovers the network-devices connected and updates the ACL. You also need traps enabled for APIC-EM to discover the client-devices (phones etc) that have MAC (Moved/Added/Changed)

http://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2016/APIC-EM-EasyQoS-DesignGuide-Dec2016.html#_Toc469388803

APIC-EM will periodically re-discover devices on the network and automatically update the entries in the ACLs for devices that have been added/moved/changed. As a prerequisite for adds/moves/changes, the network operator will need to enable SNMP traps on the access switches to be sent to APIC-EM. After the interface connected to a Cisco IP Phone, Cisco video conferencing endpoint, Cisco Telepresence device, or Cisco video surveillance camera goes up or down APIC-EM will receive an SNMP trap and starts collecting information from the access switch that generated the SNMP trap, about the new Cisco endpoints. This takes approximately 80 seconds plus the time needed for the collection of the device information. After the Cisco endpoint information is collected, APIC-EM automatically pushes ACE entries containing the source IP address of the endpoint device to any destination, with the prm-APIC_QOS_IN#VOICE__acl, prm-APIC_QOS_IN#BROADCAST__acl, prm-APIC_QOS_IN#REALTIME__acl, and prm-APIC_QOS_IN#MM_CONF__acl entries with IP + DSCP in both static and dynamic policies.

View solution in original post

aradford · ‎02-10-2017

Great question.

have you seen the CVD for EQ?

The answer is APIC-EM periodically (25min by default) rediscovers the network-devices connected and updates the ACL. You also need traps enabled for APIC-EM to discover the client-devices (phones etc) that have MAC (Moved/Added/Changed)

http://www.cisco.com/c/en/us/td/docs/solutions/CVD/Dec2016/APIC-EM-EasyQoS-DesignGuide-Dec2016.html#_Toc469388803

APIC-EM will periodically re-discover devices on the network and automatically update the entries in the ACLs for devices that have been added/moved/changed. As a prerequisite for adds/moves/changes, the network operator will need to enable SNMP traps on the access switches to be sent to APIC-EM. After the interface connected to a Cisco IP Phone, Cisco video conferencing endpoint, Cisco Telepresence device, or Cisco video surveillance camera goes up or down APIC-EM will receive an SNMP trap and starts collecting information from the access switch that generated the SNMP trap, about the new Cisco endpoints. This takes approximately 80 seconds plus the time needed for the collection of the device information. After the Cisco endpoint information is collected, APIC-EM automatically pushes ACE entries containing the source IP address of the endpoint device to any destination, with the prm-APIC_QOS_IN#VOICE__acl, prm-APIC_QOS_IN#BROADCAST__acl, prm-APIC_QOS_IN#REALTIME__acl, and prm-APIC_QOS_IN#MM_CONF__acl entries with IP + DSCP in both static and dynamic policies.