cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1009
Views
3
Helpful
3
Replies

QoS across VPN

millerjr
Level 1
Level 1

I have a Cisco 831 Broadband router at my remote end.

At my main location I have a VPN 3005 concentrator.

They are connected via a site-to-site tunnel.

I am running data and VOIP across the tunnel. The VOIP not using Cisco, but another national 3d party telco provider.

How do I set up QoS across the tunnel?

Thanks in advance!

3 Replies 3

jbrunner007
Level 1
Level 1

A 3005 does not really support qos, especially per flow like you need to properly prioritize the voip traffic.

However, since the 3005 is probably not the location that is bandwidth constrained (it better had not be) you can prioritize the traffic at the spoke (the 831).

On the 831 use the basic mqc (modular qos command line) to mark on the way into each interface, and use llq on the way out)

so on f0/0 of the router you mark such as

class-map voice_mark

match protocol rtp

(or match access-group XXX) if your voip application just uses a bunch of specific udp ports, etc)

policy-map qosmarking

class voice_mark

set dscp ef

class-map voice1

match dscp ef

policy-map qosaction

class voice1

!here you need to determine how much of your wan

!will voice get to "OWN". After this level, the

!packets will be policed in this config, becareful

priority 384

class class-default

fair-queue

int f0/0

!prevent crypto from hiding markings, etc

!if you have a tunnel0 interface use there

!if the tunnel interface is used for vpn

qos pre-classify

ip nbar protocol-discovery

service-policy input qosmarking

int s0/0

service-policy output qosaction

Now do the same thing for the inbound, only since vpn traffic is coming from the 3005 you cant really go by markings, as the 3005 wont mark traffic that way... You just need to make an egress policy on f0/0 to boost voice and limit everything else... so using incoming ip source of 3005 network's voip server is bests...

! 1.1.1.1 is the voip host in the 3005 side of the

! tunnel

access-list 101 permit ip host 1.1.1.1 any

class-map incoming_voip

match access-group 101

policy-map incoming_traffic

class incoming_voip

priority 384

class class-default

fair-queue

int f0/0

service-policy output incoming_traffic

ENJOY!

and RATE POSTS!

Thanks for the info, however, some of your commands are not functional in the CLI, like set dscp ef.

My 831 is using the following IOS:

Version 12.3(8)T11, RELEASE SOFTWARE (fc1)

THanks again.

ok, sorry I'm using a 2811 with 12.4

Try set ip dscp ef

Review Cisco Networking for a $25 gift card