Catalyst QoS: IP Telephony Endpoints
Catalyst QoS configuration for IP Telephony endpoints is one of the CCIE Voice labs topics. Many people have issues with that one, because of need to memorize a lot of SRND recommendations to do it right. The good news is that during the lab exam you have full access to the QoS SRND documents and UniverCD content. The bad news is that you won’t probably have enough time to navigate the UniverCD with comfort plus the reference configurations often have a lot of typos and mistakes in them.
Here are the three main goals you need to accomplish with the Catalyst QoS:
1) Remark voice signaling and bearer traffic on the server ports (CCMs & Unity) to ensure compliance with QoS SRND.
2) Classify & mark voice/signaling traffic on Cisco IP Phones switch-ports. Apply scavenger markdown if required.
3) If required, ensure proper class to interface queue mappings and WRR weight assignments. Provision expedite queue if needed.
4) Trust marking on uplinks to the routers (to retain the marking for traffic entering from the WAN). Apply DSCP mutations if needed.
The first thing you should always keep in mind – don’t do the things you are not asked to do. For example, if they require you to enforce traffic marking in the Catalyst switches, but don’t ask for PQ/WRR weights tuning – don’t even bother with the latter task.
The second point – never type your configs right into the switch CLI. Copy-paste them from DocCD and edit in notepad. Save you switch running config and then paste. Practice this long enough to have good speed and typing accuracy.
OK, to begin with, all the configuration examples you need (for every major switch model) could be found here:
UniverCD > Voice/Telephony > Cisco CallManager > 4.1 > SRND > IP Telephony Endpoints
We start with 6500 & IP Phones. Copy-paste the stuff they have on the documentation page and then remove all the leftovers (Press Ctrl-H to search & replace in notepad). This is what they have on the DocCD for CCM 4.x:
#
# CoS->DSCP map according to 4.x model
# (note that CoS 3 maps to CS3 not AF31 for signaling)
#
set qos cos-dscp-map 0 8 16 24 32 46 48 56#
# DSCP markdown settings.
#
# Note that on DocCD they put spaces between the
# DCSP values and commas - remove those
#
set qos policed-dscp-map 0,24,26,46:8#
# They have policers set up for everything.
# Depending on your task you may not need all of them
#
set qos policer aggregate VVLAN-VOICE rate 128 burst 8000 dropset qos policer aggregate VVLAN-CALL-SIGNALING rate 32 burst 8000 policed-dscp
set qos policer aggregate VVLAN-ANY rate 5000 burst 8000 policed-dscp
set qos policer aggregate PC-DATA rate 5000 burst 8000 policed-dscp
#
# Policers are applied using QoS ACLs on 6500.
#
# Don’t forget to replace
# "Voice_IP_Subnet/Subnet_Mask"
# with your actual voice VLAN subnet e.g. 177.1.101.0/24
#
set qos acl ip IPPHONE-PC dscp 46 aggregate VVLAN-VOICE udp 177.1.101.0 255.255.255.0 any range 16384 32767set qos acl ip IPPHONE-PC dscp 24 aggregate VVLAN-CALL-SIGNALING tcp 177.1.101.0 255.255.255.0 any range 2000 2002
set qos acl ip IPPHONE-PC dscp 0 aggregate VVLAN-ANY 177.1.101.0 255.255.255.0 any
set qos acl ip IPPHONE-PC dscp 0 aggregate PC-DATA any
#
# Commit the ACL and apply it to respective voice-ports
#
commit qos acl IPPHONE-PCset port qos mod/port trust-device ciscoipphone
set qos acl map IPPHONE-PC mod/port
Configure 3550 for policing and re-marking on Cisco IP Telephone ports. Use the same copy-paste trick. Watch for typos, tons of them in Cisco example (e.g. missing dashes, two DSCP on separate lines in the voice-signaling class-map etc).
!
! Replace vvlan_id and dvlan_id in
! text with your values e.g. 101 & 201
!!
! CoS->DSCP map per CS3 usage for signaling
!
mls qos map cos-dscp 0 8 16 24 34 46 48 56!
! Markdown everything to CS1 (scavenger)
!
mls qos map policed-dscp 0 24 26 46 to 8!
! ACL to match any IP traffic - misses dash in the
! keyword "access-list"
!
ip access-list standard ACL_ANY
permit any!
! Voice bearer
!
class-map match-all VOICE
match ip dscp 46!
! VoIP signaling
!
class-map match-any CALL-SIGNALING
match ip dscp 24 26!
! Per-VLAN: Voice Bearer & Signaling
!
class-map match-all VVLAN-VOICE
match vlan 101
match class-map VOICEclass-map match-all VVLAN-CALL-SIGNALING
match vlan 101
match class-map CALL-SIGNALING!
! DocCD has incorrect acl name "ACL_Name" here,
! replace with ACL_ANY
!
class-map match-all ANY
match access-group name ACL_ANY!
! Anything else on Voice and Data VLAN
!
class-map match-all VVLAN-ANY
match vlan 101
match class-map ANY!
! Anything on Data VLAN
!
class-map match-all DVLAN-ANY
match vlan 201
match class-map ANY!
! The actual Per-Port Per-VLAN policy map
!!
! Voice Traffic policed hard to 128Kps
!
policy-map IPPHONE-PC
class VVLAN-VOICE
set ip dscp 46
police 128000 8000 exceed-action drop!
! Sinaling traffic is remarked on exceed
!
class VVLAN-CALL-SIGNALING
set ip dscp 24
police 32000 8000 exceed-action policed-dscp-transmit!
! Anything else on Voice VLAN
!
class VVLAN-ANY
set ip dscp 0
police 32000 8000 exceed-action policed-dscp-transmit!
! They use the name DVLAN-VOICE on DocCD should be
! DVLAN-ANY
!!
! Data traffic is remarked to CS1 when exceeds 5Mbsp
!
class DVLAN-ANY
set ip dscp 0
police 5000000 8000 exceed-action policed-dscp-transmit!
! Apply the policy
!
interface FastEthernet 0/1
switchport voice vlan 101
switchport access vlan 201
mls qos trust device cisco-phone
service-policy input IPPHONE-PC
Next we need to enforce marking on servers traffic. For this one, you’d better memorize all the voice signaling ports. Use the following link as your reference
TCP and UDP Ports Used by Cisco CallManager 3.3
However, if you suddenly find you forgot some of the ports, dont panic. Use the command show ip nbar port-map to find the port numbers assigned to the protocol in questions (e.g. MGCP or H.323).
Mostly likely you will have servers connected to 6500. In addition to that, CatOS ACL syntax is a bit more unfamiliar to most of us, so we are going to come with an example of QoS ACL for CatOS.
clear qos acl SERVERS
commit qos acl SERVERS#
# SCCP/Skinny
#
set qos acl ip SERVERS dscp 24 tcp any any range 2000 2002
set qos acl ip SERVERS dscp 24 tcp any range 2000 2002 any#
# SIP
#
set qos acl ip SERVERS dscp 24 tcp any any eq 5060
set qos acl ip SERVERS dscp 24 udp any any eq 5060#
# H.323 RAS (discovery & response/reply)
#
set qos acl ip SERVERS dscp 24 udp any any range 1718 1719#
# H.323 Signaling
#
set qos acl ip SERVERS dscp 24 tcp any any eq 1720#
# H.245 Media Negotiation
#
set qos acl ip SERVERS dscp 24 tcp any any range 11000 65535#
# MGCP PRI backhaul/signaling
#
set qos acl ip SERVERS dscp 24 tcp any any eq 2428
set qos acl ip SERVERS dscp 24 tcp any eq 2428 any
set qos acl ip SERVERS dscp 24 udp any any eq 2427
set qos acl ip SERVERS dscp 24 udp any eq 2427 any
#
# Voice bearer
#
set qos acl udp SERVERS dscp 46 udp any any range 16384 32767#
# Apply the ACL to all server ports
#
commit qos acl SERVERS
set port qos 2/1 port-based
set qos acl map SERVERS 2/1
Note that in the above configuration we match application ports for flows to/from the servers. This is not needed in all cases, but usually it's safe to leave the configuration like this, just to save some time thinking on the optimal access-list structure :)
The last thing needed to be done - trusting DSCP on the uplinks to routers. This is just a one-line configuration on 3550. However, not all 6500 linecards support DSCP trust feature on switch port. You may need to use the QoS ACL trick for that:
clear qos acl TRUNK
commit qos acl TRUNK#
set qos acl ip TRUNK trust-dscp any
#
commit qos acl TRUNKset port qos 2/5 port-based
set qos acl map TRUNK 2/5
This is an example of applying a fairly complicated configuration without having memorizing a lot of crazy stuff. Just keep in mind that you still need to practice this quite enough not to get lost in the lab. Note that we did not discuss the CoS to Queue-Id mappings, WRR weights and things like that - because you can quickly get a working example by applying the auto-qos macro to any switchport.
