Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1550
Views
0
Helpful
7
Replies

IP Based ACL on switch

timjeens1
Level 1
Level 1

‎10-28-2011 01:40 AM

Hey everyone,

I need some help setting up IP based ACLs for voip phones on my Cisco switch (SGE2010p).

Basically I have no idea what to put in the window (see attached image)

What protocols?  What IP addresses? what ports?  do I need to put the DSCP number here or elsewhere?

Thanks

-Tim

Labels:
Preview file
81 KB
0 Helpful
7 Replies 7

jasbryan
Level 6
Level 6

‎10-28-2011 06:25 AM

Tim,

Are you trying to set up QoS for your VOIP phones? or just ACL's? If so explain what you are trying to accomplish.

Jasbryan

0 Helpful

timjeens1
Level 1
Level 1
In response to jasbryan

‎10-28-2011 06:47 AM

Hi Jas,

Yea I'm trying to QOS for my VOIP softphones.  No idea how to set it up, and thought I would have to use ACL's, but if you know a better way that would be good, basically I have no idea how to do it.

Why: all of our phones within our network are getting choppy sounds, for hard phones and softphones.  we are using xlite (softphones), and Ploycom SoundPoints (hard phones, these do not support DSCP)

we currently have 4 of these switches in a stack, and notice drop out of everything if a large transfer is made between a server and workstation.  we are going to move this to a LAG layout, but would like to get QoS set up as well.

So if you can help that would be great.

If you need more info then just ask

-Tim

0 Helpful

jasbryan
Level 6
Level 6
In response to timjeens1

‎10-28-2011 06:51 AM

Tim,

if you are trying to set up QoS you will need to create one ACL to mark your interesting traffic. I will try and type up a how to document and post shortly.What subnet is your VoIP traffic on?

Jasbryan

0 Helpful

timjeens1
Level 1
Level 1
In response to jasbryan

‎10-28-2011 07:03 AM

Brilliant Thank you.

/23 is our subnet.

-Tim

0 Helpful

jasbryan
Level 6
Level 6
In response to timjeens1

‎10-28-2011 07:09 AM

Tim

what is your IP address scheme for VoIP?

Jasbryan

0 Helpful

timjeens1
Level 1
Level 1
In response to timjeens1

‎10-28-2011 07:19 AM

They are given out via DHCP

10.20.30.***

-Tim

0 Helpful

jasbryan
Level 6
Level 6
In response to timjeens1

‎10-28-2011 07:45 AM

Step 1

Add IP Based ACL

ACL Name = VoIP Qos

Rule priority 10

Protocol = ANY

Source Port = ANY

Destination Port = Any

TCP Flags = don’t set leave default

ICMP = don’t set leave default

ICMP Code =don’t set leave default

IGMP = don’t set leave default

Source IP Address =10.20.30.0 0.0.0.255

Destination IP Address = ANY

Traffic Class = don’t check

Action = permit

Now we need to add another rule to permit all under ACL we just create , click close and now click add Rule

ACL Name = VoIP Qos

Rule priority 20

Protocol = ANY

Source Port = ANY

Destination Port = Any

TCP Flags = don’t set leave default

ICMP = don’t set leave default

ICMP Code =don’t set leave default

IGMP = don’t set leave default

Source IP Address = ANY

Destination IP Address = ANY

Traffic Class = don’t check

Action = permit

Step 2

Make sure the SGE switch QoS is in Advance mode

Quality of Service••àGeneral••àCos ••àQoS mode = Advanced

Step 3

Under Advanced Mode

Class Mapping

Class Map Name = CMVOIP

Check IP ACL ••àcheck IPv4 (ACL NAME you created)

Apply

NEXT add a policy

Policy Table

New Policy Nam= VoipQos

Check Class Map and choose Class map we just create

Check Action     set DSCP new Value = 46 ( This value can be what you want it to be)

You can leave police unchecked

And apply settings

Now add the policy to the ports

This should include Advance QoS setup

Hope this helps,

Jasbryan

0 Helpful
Customers Also Viewed These Support Documents