10-29-2008 01:43 PM - edited 03-15-2019 02:14 PM
I am looking at attaching Cisco IP Phones to a Cat6509E on WS-X6148A-GE-45AF line cards. The IP Phones will not share a port with a PC/Device but all devices connected to line card access ports will be in the same Vlan.
I have QoS enabled and have customized some queuing paramters.
I am ready to apply trust boundaries and can only find config docs for implementations where a PC/Device is connected to the Cisco Ip Phone and trunked over separate vlan(s) into the switch. I will not be using that model.
I only want to trust dscp/cos on Cisco Ip Phones.. nothing else.
Has any Netpro had experience in setting up QoS trust boundaries in this scenario?
Thanks in advance
Bill
10-29-2008 04:32 PM
The only concern I have with the WS-X6148A-GE-45AF line card is that I'm not sure sure whether the same restrictions apply, which applied to the WS-X6148-RJ45V?
With the WS-X6148-RJ45V it was not possible to configure the port for mls qos trust cos or dscp.
Below is a sample configuration that you can apply for the switchport:-
interface fastethernet ?/?
switchport mode access
switchport access vlan
spanning-tree portfast
power inline auto
mls qos trust cos
wrr-queue cos-map 1 1 1
wrr-queue cos-map 1 2 0
wrr-queue cos-map 2 1 2 3 4 6 7
wrr-queue cos-map 2 2 5
If you receive an error when configuring the command 'mls qos trust cos' or 'dscp' then you will need to configure the port for vlan-base QoS, and apply a service-policy to the SVI:-
You can tie these ACLs down, the Voice_Control ACL covers most signalling protocols so you probably only limit it to only SCCP?
ip access-list extended Voice_Media
permit udp any any range 16384 32767
!
ip access-list extended Voice_Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
permit tcp any eq 1720 any
permit tcp any range 11000 11999 any
permit udp any eq 2427 any
permit tcp any eq 2428 any
permit tcp any range 2000 2002 any
permit udp any eq 1719 any
permit udp any eq 5060 any
!
class-map Voice_Media
match access-group Voice_Media
!
class-map Voice_Control
match access-group Voice_Control
!
policy-map Voice_Marking
class Voice_Media
set ip dscp 46
class Voice_Control
set ip dscp 24
!
interface vlan (Voice-vlan-id)
service-policy input Voice_Marking
!
HTH
Allan.
10-29-2008 05:08 PM
Apologies Bill, I notice that you refered to CatOS not IOS, however the same restriction may still possibly apply.
Therefore sample config as follows:-
set port qos 2/1-48 vlan-based
set port qos 2/1-48 trust untrusted
set qos acl ip ACL-IP-PHONES dscp 26 tcp any any range 2000 2002
set qos acl ip ACL-IP-PHONES dscp 46 udp any any range 16384 32767
set qos acl ip ACL-IP-PHONES trust-cos ip any any
#
commit qos acl all
#
set qos acl map ACL-IP-PHONES
HTH
Allan.
10-30-2008 05:53 AM
Thanks Allan,
I'll test your recommendation...
Bill
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide