Deploying QoS to Cat4507 SUP 6-E

latintrpt · ‎06-03-2011

I was wondering if you guys can check out my config. I haven't finished it all but I got a good start.

I'm confused about the ingress policy-map and where it should be applied. Should it be applied to all the ports where the phones and PC's will be?

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

**-Conditionally Trust Port(s) (By default all ports are trusted)

int range gi1/1 - 48
qos trust device cisco-phone

int range gi2/1 - 48
qos trust device cisco-phone

int range gi5/1 - 48
qos trust device cisco-phone
exit

**-Classify traffic for QoS

ip access-list extended RTP
remark RTP (Real-time Transport Protocol) VIDEO CONFERENCING
permit udp 10.72.0.0 0.0.255.255 any range 16384 32767
permit udp 10.172.0.0 0.0.255.255 any range 16384 32767

ip access-list extended NETMGMT
remark SCCP (Skinny Client Control Protocol), Call Setup Traffic
permit tcp 10.72.0.0 0.0.255.255 any range 2000 2002
permit tcp 10.172.0.0 0.0.255.255 any range 2000 2002
remark SIP (Session Initiation Protocol), Established Calls
permit tcp 10.72.0.0 0.0.255.255 any range 5060 5061
permit tcp 10.172.0.0 0.0.255.255 any range 5060 5061
permit udp 10.72.0.0 0.0.255.255 any range 5060 5061
permit udp 10.172.0.0 0.0.255.255 any range 5060 5061
remark SSH/SFTP
permit tcp any any eq 22
remark TELNET
permit tcp any any eq 23
remark SNMP
permit tcp any any eq 161
remark NETFLOW
permit udp any any eq 2055
remark MGCP
permit udp any any eq 2427
permit udp any any eq 2727
remark H.323
permit udp any any eq 1718
permit udp any any eq 1719
permit udp any any eq 1720

ip access-list extended DEFAULT
remark EXPLICIT CLASS-DEFAULT
permit ip any any

**-Creating class-map for each application service and applying match statement

class-map match-all VVLAN-SIGNALING
match ip dscp cs3

class-map match-all VVLAN-VOIP
match ip dscp ef

class-map match-all RTP
match access-group name RTP

class-map match-all NETMGMT
match access-group name NETMGMT

class-map match-all DEFAULT
match access-group name DEFAULT

**-Implementing Ingress QoS Policing

policy-map PHONE+PC-POLICY
description Only one voice call (wideband) is permitted per switchport VVLAN

class VVLAN-VOIP
police 128k bc 8000
conform-action transmit
exceed-action drop

class VVLAN-SIGNALING
police 32k bc 8000
conform-action transmit
exceed-action dropt

class RTP
police 5m bc 8000
conform-action transmit
exceed-action drop

class NETMGMT
police 32k bc 8000
conform-action transmit
exceed-action drop

class class-default
police 10m bc 8000
conform-action transmit
exceed-action set-dscp-transmit cs1

**-Implementing Ingress Marking

policy-map Phone+PC-Policy

class VVLAN-VOIP
set dscp ef

class VVLAN-SIGNALING
set dscp cs3

class RTP
set dscp af41

class NETMGMT
set dscp cs3

class DEFAULT
set dscp default

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks guys

Amit Singh · ‎06-03-2011

Hi,

Cat 4507 + Sup6-E supports Per-port and Per-port/Per-vlan QOS policy.What you are configuring right now is that per-port policing and marking model, so you should apply this to all the ports.

With per-port/per-vlan HQOS model you have more granualrity to apply different QOS based on data and voice vlan. Depending upon your requirement, you can design that as well. Please see a medianet QOS campus design guide for more refrence :

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1100332

Cheers,

-amit singh