Catalyst QoS configuration for IP Telephony endpoints is one of the CCIE Voice labs topics. Many people have issues with that one, because of need to memorize a lot of SRND recommendations to do it right. The good news is that during the lab exam you have full access to the QoS SRND documents and UniverCD content. The bad news is that you won’t probably have enough time to navigate the UniverCD with comfort plus the reference configurations often have a lot of typos and mistakes in them.
Here are the three main goals you need to accomplish with the Catalyst QoS:
1) Remark voice signaling and bearer traffic on the server ports (CCMs & Unity) to ensure compliance with QoS SRND.
2) Classify & mark voice/signaling traffic on Cisco IP Phones switch-ports. Apply scavenger markdown if required.
3) If required, ensure proper class to interface queue mappings and WRR weight assignments. Provision expedite queue if needed.
4) Trust marking on uplinks to the routers (to retain the marking for traffic entering from the WAN). Apply DSCP mutations if needed.
The first thing you should always keep in mind – don’t do the things you are not asked to do. For example, if they require you to enforce traffic marking in the Catalyst switches, but don’t ask for PQ/WRR weights tuning – don’t even bother with the latter task.
The second point – never type your configs right into the switch CLI. Copy-paste them from DocCD and edit in notepad. Save you switch running config and then paste. Practice this long enough to have good speed and typing accuracy.
OK, to begin with, all the configuration examples you need (for every major switch model) could be found here:
UniverCD > Voice/Telephony > Cisco CallManager > 4.1 > SRND > IP Telephony Endpoints
We start with 6500 & IP Phones. Copy-paste the stuff they have on the documentation page and then remove all the leftovers (Press Ctrl-H to search & replace in notepad). This is what they have on the DocCD for CCM 4.x:
# # CoS->DSCP map according to 4.x model # (note that CoS 3 maps to CS3 not AF31 for signaling) # set qos cos-dscp-map 0 8 16 24 32 46 48 56 # # DSCP markdown settings. # # Note that on DocCD they put spaces between the # DCSP values and commas - remove those # set qos policed-dscp-map 0,24,26,46:8 # # They have policers set up for everything. # Depending on your task you may not need all of them # set qos policer aggregate VVLAN-VOICE rate 128 burst 8000 drop set qos policer aggregate VVLAN-CALL-SIGNALING rate 32 burst 8000 policed-dscp set qos policer aggregate VVLAN-ANY rate 5000 burst 8000 policed-dscp set qos policer aggregate PC-DATA rate 5000 burst 8000 policed-dscp # # Policers are applied using QoS ACLs on 6500. # # Don’t forget to replace # "Voice_IP_Subnet/Subnet_Mask" # with your actual voice VLAN subnet e.g. 188.8.131.52/24 # set qos acl ip IPPHONE-PC dscp 46 aggregate VVLAN-VOICE udp 184.108.40.206 255.255.255.0 any range 16384 32767 set qos acl ip IPPHONE-PC dscp 24 aggregate VVLAN-CALL-SIGNALING tcp 220.127.116.11 255.255.255.0 any range 2000 2002 set qos acl ip IPPHONE-PC dscp 0 aggregate VVLAN-ANY 18.104.22.168 255.255.255.0 any set qos acl ip IPPHONE-PC dscp 0 aggregate PC-DATA any # # Commit the ACL and apply it to respective voice-ports # commit qos acl IPPHONE-PC set port qos mod/port trust-device ciscoipphone set qos acl map IPPHONE-PC mod/port
Configure 3550 for policing and re-marking on Cisco IP Telephone ports. Use the same copy-paste trick. Watch for typos, tons of them in Cisco example (e.g. missing dashes, two DSCP on separate lines in the voice-signaling class-map etc).
! ! Replace vvlan_id and dvlan_id in ! text with your values e.g. 101 & 201 ! ! ! CoS->DSCP map per CS3 usage for signaling ! mls qos map cos-dscp 0 8 16 24 34 46 48 56 ! ! Markdown everything to CS1 (scavenger) ! mls qos map policed-dscp 0 24 26 46 to 8 ! ! ACL to match any IP traffic - misses dash in the ! keyword "access-list" ! ip access-list standard ACL_ANY permit any ! ! Voice bearer ! class-map match-all VOICE match ip dscp 46 ! ! VoIP signaling ! class-map match-any CALL-SIGNALING match ip dscp 24 26 ! ! Per-VLAN: Voice Bearer & Signaling ! class-map match-all VVLAN-VOICE match vlan 101 match class-map VOICE class-map match-all VVLAN-CALL-SIGNALING match vlan 101 match class-map CALL-SIGNALING ! ! DocCD has incorrect acl name "ACL_Name" here, ! replace with ACL_ANY ! class-map match-all ANY match access-group name ACL_ANY ! ! Anything else on Voice and Data VLAN ! class-map match-all VVLAN-ANY match vlan 101 match class-map ANY ! ! Anything on Data VLAN ! class-map match-all DVLAN-ANY match vlan 201 match class-map ANY ! ! The actual Per-Port Per-VLAN policy map ! ! ! Voice Traffic policed hard to 128Kps ! policy-map IPPHONE-PC class VVLAN-VOICE set ip dscp 46 police 128000 8000 exceed-action drop ! ! Sinaling traffic is remarked on exceed ! class VVLAN-CALL-SIGNALING set ip dscp 24 police 32000 8000 exceed-action policed-dscp-transmit ! ! Anything else on Voice VLAN ! class VVLAN-ANY set ip dscp 0 police 32000 8000 exceed-action policed-dscp-transmit ! ! They use the name DVLAN-VOICE on DocCD should be ! DVLAN-ANY ! ! ! Data traffic is remarked to CS1 when exceeds 5Mbsp ! class DVLAN-ANY set ip dscp 0 police 5000000 8000 exceed-action policed-dscp-transmit ! ! Apply the policy ! interface FastEthernet 0/1 switchport voice vlan 101 switchport access vlan 201 mls qos trust device cisco-phone service-policy input IPPHONE-PC
Next we need to enforce marking on servers traffic. For this one, you’d better memorize all the voice signaling ports. Use the following link as your reference
However, if you suddenly find you forgot some of the ports, dont panic. Use the command show ip nbar port-map to find the port numbers assigned to the protocol in questions (e.g. MGCP or H.323).
Mostly likely you will have servers connected to 6500. In addition to that, CatOS ACL syntax is a bit more unfamiliar to most of us, so we are going to come with an example of QoS ACL for CatOS.
clear qos acl SERVERS commit qos acl SERVERS # # SCCP/Skinny # set qos acl ip SERVERS dscp 24 tcp any any range 2000 2002 set qos acl ip SERVERS dscp 24 tcp any range 2000 2002 any # # SIP # set qos acl ip SERVERS dscp 24 tcp any any eq 5060 set qos acl ip SERVERS dscp 24 udp any any eq 5060 # # H.323 RAS (discovery & response/reply) # set qos acl ip SERVERS dscp 24 udp any any range 1718 1719 # # H.323 Signaling # set qos acl ip SERVERS dscp 24 tcp any any eq 1720 # # H.245 Media Negotiation # set qos acl ip SERVERS dscp 24 tcp any any range 11000 65535 # # MGCP PRI backhaul/signaling # set qos acl ip SERVERS dscp 24 tcp any any eq 2428 set qos acl ip SERVERS dscp 24 tcp any eq 2428 any set qos acl ip SERVERS dscp 24 udp any any eq 2427 set qos acl ip SERVERS dscp 24 udp any eq 2427 any # # Voice bearer # set qos acl udp SERVERS dscp 46 udp any any range 16384 32767 # # Apply the ACL to all server ports # commit qos acl SERVERS set port qos 2/1 port-based set qos acl map SERVERS 2/1
Note that in the above configuration we match application ports for flows to/from the servers. This is not needed in all cases, but usually it’s safe to leave the configuration like this, just to save some time thinking on the optimal access-list structure
The last thing needed to be done – trusting DSCP on the uplinks to routers. This is just a one-line configuration on 3550. However, not all 6500 linecards support DSCP trust feature on switch port. You may need to use the QoS ACL trick for that:
clear qos acl TRUNK commit qos acl TRUNK # set qos acl ip TRUNK trust-dscp any # commit qos acl TRUNK set port qos 2/5 port-based set qos acl map TRUNK 2/5
This is an example of applying a fairly complicated configuration without having memorizing a lot of crazy stuff. Just keep in mind that you still need to practice this quite enough not to get lost in the lab. Note that we did not discuss the CoS to Queue-Id mappings, WRR weights and things like that – because you can quickly get a working example by applying the auto-qos macro to any switchport.
About Petr Lapukhov, 4xCCIE/CCDE:
Petr Lapukhov's career in IT begain in 1988 with a focus on computer programming, and progressed into networking with his first exposure to Novell NetWare in 1991. Initially involved with Kazan State University's campus network support and UNIX system administration, he went through the path of becoming a networking consultant, taking part in many network deployment projects. Petr currently has over 12 years of experience working in the Cisco networking field, and is the only person in the world to have obtained four CCIEs in under two years, passing each on his first attempt. Petr is an exceptional case in that he has been working with all of the technologies covered in his four CCIE tracks (R&S, Security, SP, and Voice) on a daily basis for many years. When not actively teaching classes, developing self-paced products, studying for the CCDE Practical & the CCIE Storage Lab Exam, and completing his PhD in Applied Mathematics.
8 Responses to “Catalyst QoS: IP Telephony Endpoints”
Leave a Reply