01-24-2008 07:51 AM - edited 03-03-2019 08:24 PM
Hi,
We currently have a branch office (BO) router with ptp connection to headquarters (HQ). There is no firewall connecting router to LAN. We are now providing dedicated Internet access to BO, with a ASA firewall between the BO router and LAN. We have digital phone service with Priority Queuing for voice on the old branch office router. Should the Priority Queuing statements be now implemented in the ASA firewall or on the new router?
Thanks.
Solved! Go to Solution.
01-24-2008 12:02 PM
If I understand the setup correctly then I would mark the voice packets at the e0 interface (input) of the BO router. Also apply the policy-map to the output of the s1 on the router.
Ideally, I would mark them at the LAN switch's layer 3 interface then prioritize them at the BO router but it is really no big deal as the odds of latency in a LAN environment are fairly slim.
HTH
01-24-2008 09:17 AM
I would imagine that since you should classify/mark packets as close to the edge as possible then you would need to mark/queue them at the ASA. This is assuming that it goes as follows:
HQ---Router---ASA---BO
If you are doing a lot of manipulation/inspection of the packets on the ASA already then perhaps you could do it on the router to off-load the overhead of the ASA.
01-24-2008 11:21 AM
actually, its
HQ>ptp>s1 BO router
s0 BO router>Internet
E0 router>ASA firewall>LAN
The phone system on the LAN connects via ptp to HQ's LAN/phone system
01-24-2008 12:02 PM
If I understand the setup correctly then I would mark the voice packets at the e0 interface (input) of the BO router. Also apply the policy-map to the output of the s1 on the router.
Ideally, I would mark them at the LAN switch's layer 3 interface then prioritize them at the BO router but it is really no big deal as the odds of latency in a LAN environment are fairly slim.
HTH
01-24-2008 12:15 PM
Thank you.
01-25-2008 09:12 AM
Jon,
How does the following look? The access list is from the previous router. Why are there TCP ports in the list, when when is for voice priority queuing?
class-map voice-priority
match access-group 150
policy-map POLICY1
class voice-priority
priority 512
class class-default
fair-queue
interface Fa0
ip address 172.16.x.x 255.255.255.0
service-policy input POLICY1
service-module t1 timeslots 1-24
interface Serial0
ip address 172.16.x.x 255.255.255.0
service-policy output POLICY1
service-module t1 timeslots 1-24
access-list 150 permit udp any any range 5000 5070
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any eq 5567
access-list 150 permit udp any eq 5567 any
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any eq 5570 any
access-list 150 permit udp any any eq 16384
access-list 150 permit udp any eq 16384 any
access-list 150 permit tcp any any eq 2427
access-list 150 permit tcp any eq 2427 any
access-list 150 permit udp any any eq 4000
access-list 150 permit udp any eq 4000 any
access-list 150 permit udp any any eq 4010
access-list 150 permit udp any eq 4010 any
01-25-2008 09:34 AM
I can't tell you why there are TCP ports in that ACL. TCP port 2427 is MGCP so I can understand that. I don't know what TCP port 5566-5567 and 5570 are. Perhaps they are what you phone systems uses for call control??
By saying priority 512 that has dedicated 512k to that traffic on that link (s0). You are using fair-queuing as well so that will prioritize higher ip precedence packets if they are marked precedence 3 or 4 (Cisco best practices).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide