01-03-2014 12:24 PM - edited 03-03-2019 07:15 AM
Hi there. I've got a Cisco infrastructure, but a non-Cisco VOIP platform (Mitel 3300). I've been experiencing some call quality issues lately, so I was reviewing port configs on the access switches at three of my corporate sites. These switchport configs were setup before I joined the company, and seem to have been setup by different people at different times and with different intentions (ie. wildly varying config).
The access switches at each site tend to be Catalyst 3750 POE, but the switchport config can vary:
eg. Site A:
interface FastEthernet1/0/10
description typical VOIP switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 111
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust cos
auto qos voip trust
spanning-tree portfast trunk
end
eg. Site B:
interface FastEthernet3/0/10
description typical VOIP switchport
switchport access vlan 122
switchport mode access
switchport voice vlan 120
spanning-tree portfast
end
eg. Site C:
interface GigabitEthernet1/0/10
description typical VOIP switchport
switchport mode access
switchport port-security maximum 5
switchport port-security
switchport port-security violation restrict
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
macro description USERS
auto qos trust
storm-control broadcast level 70.00
spanning-tree portfast
end
Most of the end user work areas have a single LAN drop, and we connect the Mitel VOIP phone to that, and connect the user's PC/laptop to the phone's PC port. Also, between all corporate sites, there is a 50 Mbps TLS service, provided by our ISP/telco, and we have a separate Mitel 330 VOIP switch at each site.
What is the best config, given my requirements and above, for my Cat 3750 POE switchports in order to best concurrently support data and VOIP traffic? Are any of the above examples good enough?
Thanks so much in advance,
- Jeremy
Solved! Go to Solution.
01-04-2014 04:19 PM
Hi Jeremy,
Site A config is setup to trunk and has QoS configured. Site B config is setup as access ports, but no QoS. Site C is setup as access ports, has QoS enabled and has port security configured. Site C also uses a macro for the port config. The macro helps with config consistency (locally only). Here is what I would suggest:
description DATA/VOICE/WIFI
switchport trunk encapsulation dot1q
switchport trunk native vlan 111
switchport mode trunk
mls qos trust cos
auto qos voip trust
spanning-tree portfast trunk
If you would like more security on your ports you can add the following commands
description DATA/VOICE/WIFI
switchport trunk allowed vlan [data and voice vlan numbers]
switchport port-security maximum 2
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
ip dhcp snooping limit rate 15
Note that when you run the auto qos command, it will add additional commands to each ports config. Here's an example of some that might be added.
load-interval 30
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
priority-queue out
Hope it helps
01-04-2014 04:19 PM
Hi Jeremy,
Site A config is setup to trunk and has QoS configured. Site B config is setup as access ports, but no QoS. Site C is setup as access ports, has QoS enabled and has port security configured. Site C also uses a macro for the port config. The macro helps with config consistency (locally only). Here is what I would suggest:
description DATA/VOICE/WIFI
switchport trunk encapsulation dot1q
switchport trunk native vlan 111
switchport mode trunk
mls qos trust cos
auto qos voip trust
spanning-tree portfast trunk
If you would like more security on your ports you can add the following commands
description DATA/VOICE/WIFI
switchport trunk allowed vlan [data and voice vlan numbers]
switchport port-security maximum 2
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
ip dhcp snooping limit rate 15
Note that when you run the auto qos command, it will add additional commands to each ports config. Here's an example of some that might be added.
load-interval 30
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
priority-queue out
Hope it helps
01-06-2014 08:36 AM
That's great Collin, thanks so much for your recommendations. I will try to implement that port config across all VOIP ports to ensure consistency throughout. Thanks again!!
10-02-2014 01:52 PM
Hi collins, I found you note helpful. However, I was wondering why did you configure the storm-control level pps = 1 k and 2k respectively. Is that a best practices from Cisco?
thanks
01-04-2014 05:16 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
A common issue with 3750s, they don't provide a lot of egress buffers, and so when QoS is enabled on them, performance might actually worsen without careful tuning of QoS parameters. I.e., what you might first try is disabling QoS on all your 3750s.
The 3750X is documented as "... 3750-X has 2MB for each set of 24 downlink ports and 2MB for uplinks." Unknown if similar for earlier 3750 series, but if you're seeing egress drops on an non-uplink port, you might try moving the link to an "uplink" port.
Assuming your LAN links are either FE or gig, your 50 Mbps inter-site links would appear to be a potential (early) bottleneck. I would first insure you're not losing packets across it (especially if the physical hand-offs are more than the "allowed" rate) or if there's congestion, prioritize the treatment for VoIP.
If you were going to do QoS, considering how different your three examples are, you'll want to define and implement a consistent QoS policy.
01-06-2014 08:38 AM
Thanks Joseph! I had no idea the 3750 had this potential limitation! I'll certainly bear that in mind. Given the nature of the symptoms that I've been seeing, I totally agree that the WAN link is likely the first place to start to regulate QoS. Thanks so much for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide