SA520 and QoS

Similar Messages

• SNA and QOS

  Subject: SNA/QOS
  I AM CURRENTLY RUNNING 12.1(11a) IOS ON A ROUTER BASED NETWORK WITH FOUR
  7500 ROUTERS. I AM CURRENTLY RUNNING CUSTOMER QUEUEING AS MY QOS. I AM
  NOW LOOKING TO USING LLQ W/ CBWFQ AND DISTRIBUTED MODES, AS WELL. I HAVE
  VIP-40 CARDS IN ALL ROUTER. HOWEVER, MY NETWORK IS COMPOSED OF --
  TP0 - BATCH TRAFFIC
  TP1- INTERACTIVE TRAFFIC
  TP2-CONTROLLED TRAFFIC - HIGH AMOUNTS
  I HAVE BEEN TOLD THAT CISCO'S QOS WILL SUPPORT TP1 TRAFFIC SO, I AM
  CONCERNED ABOUT MY TP2 (CONTROLLED TRAFFIC) AND IF I CAN IMPLEMENT LLQ/CBWFQ
  INTO MY NETWORK.
  I WOULD LIKE TO IMPLEMENT THIS FOR MY CRITICAL APPS SUCH AS SNA, AND HTTP
  WEB BASED APPS. THUS, LIMITING MY SQL, FTP AND TELNET TRAFFIC.
  THANKS IN ADVANCE.
  ANY PPT FILES WOULD BE APPRECIATED.

  Hi Connie,
  You open the door to an interesting discussion, by including both SNA and QoS in your question. As you know, a variety of QoS mechanisms have been available for SNA traffic for quite a while. I can't tell from your description what sort of traffic is contained in "TP2-CONTROLLED", so I will assume it is voice and video traffic, and not the "TP2" from OSI Transport Protocols.
  The quick answer is that you can definitely support TP1 traffic while protecting the quality of your TP2 traffic. Essentially you decide what percentage of the available bandwidth to allocate to each class of traffic, providing a minimum guaranteed value. In addition, there is a special class, Low Latency Queuing (LLQ), available for delay and jitter sensitive traffic such as voice. Within each traffic class, IOS will then provide Weighted Fair Queuing (WFQ) for each unique flow (session). This becomes a bit more interesting when combined with different WAN types such as frame relay and ATM, you can take advantage of the VIPs that you mention, and there are considerations for low speed circuits. So here are a couple of URLs that provide more information.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt2/qcdconmg.htm
  http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/avvidqos/qoswan.htm
  Coming back to the SNA traffic, I assume you're currently using custom queuing with DLSw+, using the priority parameter to create four TCP connections, and classifying traffic using one of the three available methods. In moving to a CBWFQ model, you will want to map the existing custom queues into the newly created classes. In other words, you can continue to use the same classification techniques, while changing to the easier to define, and more efficient WFQ for output queue processing.
  The absolute best traffic classification comes with using the Enterprise Extender (EE) feature of SNASw. When SNA traffic is sent across an EE link, the precedence bits in the IP packets are automatically marked with the same values that are used in the SNA Class of Service (CoS). Since SNASw is our APPN node implementation, propagating the precedence markings from SNASw to DLSw+ also provides an automatic means of classifying the SNA traffic.
  Rgds, Dan

• SA520 and dual wan

  Hello!
  Have bought a SA520 and tries to setup with 2 wan. 1 with static and 1 with dhcp. After I set the optional port - wan mode to load balancing, and look in the dashboard it shows that wan interface is up and with right static adress, but the optional(wan) shows down and now ipadress. If I put the cable from optional port into a computer, I got ipadress and internet connection, so the line is ok.
  What are I doing wrong??
  Regards
  Kåre!

  I will  update on things I have tried to get this working. 
  I have checked that Content filtering and ProtectLink are both disabled due to protocol binding not working with them.
  I have setup IP Alias on both Wan ports and changed outgoing firewall setting to Block all then added Firewall rules to allow access through a single Wan.
  I setup the IP of the IP alias of WAN1 as Gateway for the machine.
  Nothing that I have tried has worked and I am thinking the inbound binding is only working because of the port forwarding.

• ASA shun hosts and QoS

  Hi, I'm having trouble configuring Threat-detection and QoS polices at the same time.
  The problem is that if I have QoS rules enabled, this is policing a traffic defined by ACLs, I can't enable at the same time the threat-detection feature "Shun hosts detected by scanning threat" because it shuns the hosts on which there is applying the policing.
  I suppose this is because the policing is based in hits on ACL's so the ASA thinks this is an attack.
  So, how can I resolve this? How can I have policing and shunnig enabled at the same time?
  Thanks

  Hi,
  Weird stuff, one feature doesnt necessarily has to do anything with the Other. Scannig threat what is does is to take statistics of a host in specific and determine if it is sweeping the network or trying to find out if there is a host checking which ports/networks are available.  You have to check what is the factor that is causing the shun to be tiggered. There are a lot of thresholds on scanning theat detection that you will need to modify if it is causing an issue.
  By the thresholds I mean the following table:
  Packet Drop Reason Trigger Settings
  Average Rate Burst Rate
  •DoS attack detected
  •Bad packet format
  •Connection limits exceeded
  •Suspicious ICMP packets detected
  100 drops/sec over the last 600 seconds.
  400 drops/sec over the last 20 second period.
  80 drops/sec over the last 3600 seconds.
  320 drops/sec over the last 120 second period.
  Scanning attack detected
  5 drops/sec over the last 600 seconds.
  10 drops/sec over the last 20 second period.
  4 drops/sec over the last 3600 seconds.
  8 drops/sec over the last 120 second period.
  Incomplete session detected such as TCP SYN attack detected or no data UDP session attack detected (combined)
  100 drops/sec over the last 600 seconds.
  200 drops/sec over the last 20 second period.
  80 drops/sec over the last 3600 seconds.
  160 drops/sec over the last 120 second period.
  Denial by access lists
  400 drops/sec over the last 600 seconds.
  800 drops/sec over the last 20 second period.
  320 drops/sec over the last 3600 seconds.
  640 drops/sec over the last 120 second period.
  •Basic firewall checks failed
  •Packets failed application inspection
  400 drops/sec over the last 600 seconds.
  1600 drops/sec over the last 20 second period.
  320 drops/sec over the last 3600 seconds.
  1280 drops/sec over the last 120 second period.
  Interface overload
  2000 drops/sec over the last 600 seconds.
  8000 drops/sec over the last 20 second period.
  1600 drops/sec over the last 3600 seconds.
  6400 drops/sec over the last 120 second period.
  As you can see on the following document:
  http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html#wp1072953
  Scanning threat is based on the threat detection statistics. So you will need to modify those in order to avoid the host to be shunned.
  That being said, I think if you only enable threat detection alone, it would probably to the same thing as if it was configured in conjunction with QoS.
  Bottom line (and sorry for all the info), modify the threat detection rate values and you should be ok.
  Mike

• Connection lost between SA520 and WAP200

  Hi guys!
  I have a problem with the connection between a SA520 and a WAP200. Following scenario exists.
  SA520:
  two VLANs configured with following settings:
  VLAN1: 192.168.167.1/24
  VLAN2: 192.168.2.1/24
  VLAN1 is for a dedicated network for some private computers connected to port one to four of the SA520
  VLAN2 is for guests and bound to the optinal port of the SA520.
  inter VLAN communication from VLAN1 to VLAN2 is activated.
  One WAP200 is directly connected via ethernet cable to the optional port of the SA520 with following IP: 192.168.2.240/24. Two further WAP200 are existent and repeating the signal to increase the range of the W-LAN.
  Now, if I ping from a computer within VLAN1 to the IP of the WAP200 (192.168.2.240) I get replies from that device. But after some amount of pings the connection between the two devices will be lost (no replies), and after 4 to 10 seconds the connection will be restored again. The weird thing is that I wasn't able to discover a reproducible scenario to hang the connection. Some time the connection between the two devices lives for ten minutes and some times it will break down after 30 seconds.
  Does anybody have a hot tip where the fault for this behavior can be?
  Thanks in advance and best regards

  The Connector 1.0 spec does not provide any API's for testing a connection. The 1.0 RA's dont provide any testing capabilities to allow the container to do so. Even if some 1.0 RA's provide such capabilities, the container cannot rely on these non-standard features. So the container cannot really gaurantee that the connection handed to the application is good. There is no way to know unless the application uses it. The Connector 1.5 specification provides API's for test connections.

• Setting Up VLAN and QoS for VOIP on SG200-18

  We recently purchased the SG200-18 smart switch to replace a Netgear unmanaged switch. We're moving our phone service to VOIP through our local ISP as well. 
  I've currently got the VOIP phone plugged into Port 17 on the SG200-18 (it's a Grandstream cordless VOIP phone).
  I want to put the VOIP phone on a separate VLAN from the rest of the network and optimize the QoS settings so that the VOIP phone has exceptional audio quality even during intense network traffic.
  Here's my questions:
  1. Do I need to adjust anything on the type of port for Port 17 (since it looks like some form of Combo port)?
  2. How do I go about isolating the VOIP phone on it's own VLAN (I'm seeing VLAN and Voice VLAN settings, not sure which one to use; I tried setting a VLAN and broke Internet connectivity to the phone until I went in and removed it)?
  3. Do I need to adjust any QoS settings on the switch to better optimize the VOIP phone?
  A couple of additional questions about the GS200-18 in general:
  1. Do I need to adjust any of the System Time Settings on the switch? I'm in Central Time.
  2. Do I need to adjust any of the Green Ethernet/Energy Saving settings or should I stick with the defaults?
  Also, a couple of "getting started" side questions to Cisco:
  1. I've registered a My Cisco account. What do I need to do to register my switch with Cisco and associate it with my My Cisco account?
  2. What are the benefits of taking out a Cisco Small Business Support Contract, and about how much would it cost on the SG200-18 (I ordered it from Provantage)? I'm curious to see if it's worth the money.
  Here's my "specs":
  Switch: SG200-18
  VOIP phone: Grandstream DP715 and 710 expandable handsets
  Plugged into: Port 17 on the SG200-18
  ISP: Local ISP (Direclynx)
  Connection type: 3M down/500k up DSL, moving to a wireless connection coming up which will give us faster speeds
  VOIP backend provider: VOIP Innovations
  Router: Apple Airport Extreme AC model (I run all Macs and iOS devices and OS X Server on the network, so using the Apple router makes setup easier, since it doesn't QoS, trying to QoS and VLAN at the switch level)
  Thanks everyone!

  Hello,
  Lots of different questions here so I'll try to make sure I don't miss anything.
  1. Do I need to adjust anything on the type of port for Port 17 (since it looks like some form of Combo port)?
     The way the combo ports work is you can either use the SFP slot for a fiber connection or the copper ethernet port, but not both at the same time.  Other then that they just function as normal network ports.
  2. How do I go about isolating the VOIP phone on it's own VLAN (I'm seeing VLAN and Voice VLAN settings, not sure which one to use; I tried setting a VLAN and broke Internet connectivity to the phone until I went in and removed it)?
     It sounds like you created the VLAN correctly and assigned the phone, however there wasn't anything doing any routing for that VLAN.  You would need to have a VLAN capable router or a layer 3 switch so that something would act as the default gateway for the voice VLAN and route the traffic for you.  Since there was nothing like this your phone lost it's connectivity to the internet when you placed it in the new VLAN.  I don't think the Airport is VLAN capable, but we will come back to that.
  3. Do I need to adjust any QoS settings on the switch to better optimize the VOIP phone?
     Once you have a seperate VLAN setup for the phone properly you only have to tell the switch what your Auto Voice VLAN is going to be and it will automatically apply recommended QoS settings for the Voice VLAN and prioritize the voice traffic.  There are ways to do this manually and even with the phone in the same VLAN however the are considerably more complicated.
  1. Do I need to adjust any of the System Time Settings on the switch? I'm in Central Time.
     The system time isn't always very important.  You can set the correct time zone, however you should know the switch does not have a battery in it to keep track of time, so if/when it reboots or loses power the clock will reset.  If you would like the switch to maintain accurate time you should setup an NTP server so the time is automatically updated from the internet.  The switch will keep your timezone settings once you save them.  Time is mostly important for logging and things like that, so you can configure it if you like but it is not necessary.
  2. Do I need to adjust any of the Green Ethernet/Energy Saving settings or should I stick with the defaults?
     Green ethernet simply reduces the power usage of the switch slightly, so unless you are having odd issues where ports are disconnecting, I would just leave them at the defaults.
  1. I've registered a My Cisco account. What do I need to do to register my switch with Cisco and associate it with my My Cisco account?
     There isn't really a way to associate your Small Business devices with your Cisco account.  If you ever call in for technical support we will use your Cisco account and your serial number to create a support case, but even then they aren't linked together.  If you decide to buy a support contract, that will be linked to your switch's S/N and your Cisco ID, so in a way that would associate them together.  Devices being associated with Cisco accounts is something more common with Enterprise equipment, and mainly has to do with technical support cases.
  2. What are the benefits of taking out a Cisco Small Business Support Contract, and about how much would it cost on the SG200-18 (I ordered it from Provantage)? I'm curious to see if it's worth the money.
     There are a few advantages to a Support Contact.  Your switch comes with a Limited Lifetime warranty that includes 1 year of technical support and return to factory hardware.  With a service contract you get 3 years of technical support and next business day Advanced Replacement of the switch if it need to be replaced.  I just did a quick google search, and it looks like a contract (part #CON-SBS-SVC2) costs about $50.
  So there are a few other things to consider however.
  As a frame of reference the average VOIP call uses about 64 - 128 kbps max.
  Since you don't have a VLAN capable router or a layer 3 switch, a separate voice VLAN may not be an option.   You also mention that the Apple Airport does not do QoS, meaning we will only be prioritizing the voice traffic while it is on the switch.  When it is passed off to the Airport to be routed out to the internet all of the QoS settings will be lost, and normal network traffic will get the same priority as voice, since that is all up to the Airport.
  With one phone the hassle of getting more equipment and setting up advanced QoS isn't really worth it, especially if the link to the internet isn't going to be participating in QoS.
  One last thing I wanted to mention is you are switching to a wireless internet connection.  I would ask them how their latency and jitter is, as these two network statistics greatly effect voice quality, and usually wireless performs worse when it comes to voice traffic.
  I hope this information helps, if you have any more questions just let me know.
  Thank you for choosing Cisco,
  Christopher Ebert - Network Support Engineer 
  Cisco Small Business Support Center

• Router with payload compression and QOS

  I have searched for 2 days trying to find information on this subject.  I have a 2851 router with an AIM-COMPR2-V2 module.  The software level is 15.1(4)M7.  We have point-to-point T1 between two of the exact same routers.  I would like to run payload compression, use the AIM module, and enforce a QOS policy on the interface.  The "Show Compress" command counters will not increase as long as the interface has the "Service-Policy Output" command on it.  I found several articles that discuss that as an issue before 12.X versions of software, but I can't find anything newer.
  Should this work?  If not, where can I find the most recent documentation as to why it won't?  Also, if not, what is my best option in the given scenario?

  I have searched for 2 days trying to find information on this subject.  I have a 2851 router with an AIM-COMPR2-V2 module.  The software level is 15.1(4)M7.  We have point-to-point T1 between two of the exact same routers.  I would like to run payload compression, use the AIM module, and enforce a QOS policy on the interface.  The "Show Compress" command counters will not increase as long as the interface has the "Service-Policy Output" command on it.  I found several articles that discuss that as an issue before 12.X versions of software, but I can't find anything newer.
  Should this work?  If not, where can I find the most recent documentation as to why it won't?  Also, if not, what is my best option in the given scenario?

• Correlated message processing and QOS in BPM

  Hi,
  I need one clarification w.r.t correlated message processing within integration process.
  Is there any relationship between the QOS and correlation w.r.t message processing inside the BPM ?
  In otherwords, will the QOS automatically changed to EOIO in BPM while processing correlated messages ?
  I appreciate your reply.
  Regards
  Venkat

  Hi,
  In case of multiple messages to same receiver the QOS will change automatically....EO to EOIO
  For more details:
  http://help.sap.com/saphelp_nwpi71/helpdata/en/28/68073c8e56f658e10000000a114084/content.htm
  This happens to make sure that you get the required message at the required point...Exactly Once IN ORDER
  Regards,
  Abhishek.

• Sg200 vlan and qos

  Hello,
       Looking for best practice setup for this network I have three buildings networked together at layer2 have three swiches 2x sg200-24
  and one sg200-18. The middle building is the one with voip phones. On the other two buildings on each end I have pbx's that mark tos bit with '5'
  and voip cards in pbx's do not have vlan capabilites nor mark dscp. However in the middle building the phones have vlan marking and dscp. So have successfully made communication with setting voip cards on port 2 in the end buildings untagged on vlan 10. and middle building  tagged on vlan10 with vlan1 for downstream pc's hooked to phones (using trunks to phones) 10t 1U.
       My question is how to implement qos. The equipment does not have lldp advertising? Ideas would be apprecitated. I should mention that my idea is to use the oui's. The voip cards are marking tos bit with value '5' but the again voip cards do not support dscp. Not clear on best method for this.
  Mike

  Hi Mike, the SG 200 supports LLDP med. Here's a document I wrote for the SX300
  https://supportforums.cisco.com/docs/DOC-27005
  It's pretty much identical to the SX200.
  If you will keep the phones connected to a port and not move them, you can probably use the QoS  function of the switch, manually set the QoS configuration on the port then over ride ingress DSCP (much more aggressive, but cool) which can be found on the Quality of Service tab.
  -Tom
  Please mark answered for helpful posts

• WLC 5508, Prime Infrastructure, 7921 phones and QoS

  Hi everybody!
  I have deployed about 50 wireless cisco phones int the network with 27 APs with the WLC 5508.
  I'm trying to investigate phones behaviour (I have some loss of audio).
  And I use Prime Infrastructure for monitoring.
  I run the Voice Diagnostic on the selected two phones.
  and in the Charts I see the next:
  1. for one phone "Downlink AC Queue Usage" shows all the traffic of "voice packets". but "Uplink AC Queue Usage" shows all the traffic of the "Best efforts packets".
  2. for the second phone "Downlink AC Queue Usage" shows all the traffic of "Best efforts packets". and "Uplink AC Queue Usage" shows all the traffic of the "Video packets".
  that is strange, very strange. the WLAN of these phones uses platinum QoS. none of other WLANs uses "gold" QoS.
  does this mean I have a QoS misconfiguration?
  where may the failure be? WLC? switches? router?
  please, any suggestions...

  I noticed few misconfigurations as per your response
  1. Are you configured AP as FlexConnect ?  If not AP connected switchport should be configured as ACCESS port & trust DSCP. If it is configured as FlexConnect, then you can configure switchport as turnk & in that case you  have to trust CoS using "mls qos trusct cos" command.
  2. WLC connected trunk ports always to be configured to trust CoS not DSCP. Otherwise WLC set QoS value ignored by your switch.
  3. If you WLAN is set for Platinum then you have to configure Platinum QoS profile for 802.1p & set value as 6.
  I would suggest you to verify QoS value preserve across you switch network. You have to take some wireshark packet caputres (as shown in my reference link) and make sure your voice packet DSCP goes into rest of your network as EF. You need to do this for upstream & downstream (from 7921 perspective) traffic. Here is the traffic flow if AP connected to switchport 1 & WLC connnected to switchport 2.
  7921 <-> AP <-> Switch port 1 <->  Switchport 2 <->  WLC <-> Switchport2 <-> Rest of your network
  Once you do this, then you can go to Prime & check those charts to reflect QoS values correctly. Otherwise you do not know where these QoS value get stripped/or modified in your network.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• BT Broadband, BT Vision and Qos.

  We have had a good reliable service with BT Broadband, consistently achieving 7.2 Meg. When the contract came up for renewal we did so and with BT Vision. However, the activation day came and went for the Vision with no service on the BTVision, repeated error codes and many attempts to update the software which always failed. After many phone calls we were advised that the Broadband had not be set for BT Vision and two weeks later the box sprang into life! However, only the BBC IPlayer worked, the others didn't. Another call to India and was advised there would be a recall. No recall so sent an email instead and then recieved a response to say that QoS was missing from the line and the line would be updated in a couple of days. This happened and the box started to work correctly.
  Soon after we noticed that the response times on the PC's had slowed, so we started doing speed tests and other checks and instead of the 7.2 that we were previously seeing, we were lucky to see 2 Meg! At the time, not knowing any different we started to check and test the PCs in the house, but whatever we did, any time of the day, it was 2 Meg. My son on his PS3 had to give up on-line gaming as the responses were so bad! Using the BT Speed test showed us that the profile was 3500 with a download speed of 1829kbps. However the DSL connection rate was 6752kbps?
  Called India again and went through all there scripted tests -twice as something failed the first time. With he result that an engineer was promised a visit. On the morning of the visit, speedtest.com started showing that we were back up to speed. When the engineer arrived, we did the BT Speed test which showed a profile of 3500 but a connection speed of 4.2M. He said that this was not possible as the profile should always be higher than the reported connection speed. The engineer then did all his tests and every time it showed up 7.2M with very few, if any errors. He said that when he left he would request that the line profile be reset and when he was on the point of leaving we redid the speedtest from the PC to see that the speed had dropped down again. BT man tested the line again and yes the connection rate was 7.2M but speedtest said only 1.9M. He then changed the hub with no difference saying that we should use port 1 for BTVision. He left saying that give it 72 hours for the profile to be reset and see what happens.
  The profile has now been reset and it shows 5500kbps. BT engineer said that with a download speed that we have he would expect a profile of 8000kbps. However we still have the slow sub 2m connection speed.
  Reading other posts, I understand QoS is designed to ensure BTVision always has a 2Meg service and the rest is for everything else. Also I am given to understand that when the box is off the QoS drops much lower, so allowing more bandwidth for other applications. That is definitely not happening on my line. All QoS appears to be doing is limiting the line speed for everything to 2Meg irrespective of the line capability with an occasional (once) upspeed.
  Is there anyone out there that can explain what the problem is and what should actually happen as I can't believe that to make the Vision box work correctly, everything alse has to suffer!
  (To cap it all the BT Vision box power supply has started to emit a loud annoying high pitched noise when in its red mode).
  Solved!
  Go to Solution.

  Line Check.
  Line problems: Line check result
  Thanks for waiting, we've tested your line and here are the results.
  Telephone number checked
  Results of line test
  We cannot detect a problem with this line.It may be caused by a faulty phone or equipment.
  What to do next
  Check your telephone or equipment
  1. Watch this video to troubleshoot now.
  2. Is the equipment set up and connected properly?
  3. Do you get the same problem if you use another phone in the same socket?
  View more troubleshooting tips
  Schedule a visit from an engineer
  You can arrange for us to visit. Please note that there may be a charge for this service if it's an equipment fault you can fix yourself. If you are a Critical Care or Total Care customer and you are available at the premises where the fault exists throughout the next 24 hours, please click on the 'Need help?' link above to contact BT. Alternatively, you could progress below to book an engineer appointment, which may fall outside your service level agreement.
  See terms of repair visit

• About 4500 and QoS

  Hi folks,
  I've a topology like that:
  customer: 3550
  aggregator: 4500
  backbone: 6500
  on 3550 and 6500 I work with DSCP values. Between 3550 and 4500, and 4500-6500, I've trunks. Normally the 4000 family creates the "internal DSCP" value for egress policies using DSCP for IP-traffic, and using CoS for non-IP and for traffic from trunks. That is packets have my DSCP value in ingress, but a DSCP-to-CoS in egress.
  Question: there's a way to have the same DSCP value in ingress and egress on 4500 for traffic trunked?
  <edit> better:
  1- after internal DSCP egress policies, the packet has a CoS-to-DSCP value, or the original DSCP value?
  2- if Cos-to-DSCP value:
  http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00800946e9.shtml
  "Egress policy cannot match new QoS levels that are changed by ingress marking."
  If I remark the ingress traffic with a service-policy in input, I see that DSCP value after egress policies?
  </edit>
  Any advice will be appreciated
  Best Regards
  Andrea

  maybe 'no qos rewrite ip dscp' does the trick?
  thanks
  Andrea

• DHCP and QoS

  Hi all ,
  I'm looking for some way to base the QoS in my LAN on the host's IP address . Of course , there'r many hosts in that network , some of them get their addresses from the DHCP and anyway the question is - is there any way to make the class-maps based on the host without enter the commands manually ? Maybe bind them to DHCP allocation ? Obviously , ACL will do the job but with many hosts on LAN that task becomes very complicated (to me and ,maybe the router too ... just think about many ACLs and MQC commands related to any one among these ACLs) . The perfect solution will be some sort of template , which became active for any device in the LAN ... grouping all together into some "global policy" running on the router . As it happens to be for remote-access clients (L2TP for instance) .
  I'd appreciate any advice ,
  have a nice day ,
  Alex .

  Hi Alex,
  I dont think so that you can make class-maps using hostname.
  if there are good number of hosts, you can create a separate VLAN for them and make a ACL for that particular subnet. so this way your ACL wont grow..
  hope this helps ..

• SIGTRAN and Qos

  Hi all,
  I am new in QoS and trying to apply it in two of my voice links. I have
  a voice circuit (1xE1) between our office and HQ in USA and another
  voice circuit (3xE1) with another branch. I have only voice and
  signaling traffic on the USA circuit and the encapsulation is HDLC. For
  the brach office the 3xE1 links are bonded by MLPPP and I have voice,
  signaling and data. I am using a thrid party device to compress the
  voice (G.729A) and signaling (SIGTRAN) and that device can put ToS bit
  in voice and signal packet. Now here is what I want to do..
  1. For USA circuit I want to give higher priority to signaling by
  putting ToS bit in my compression device. Can the router detect that?
  Do I have to do any additional QoS configuration in the router?
  2. For Brach office I want to have Signaling higher proirity, next
  voice and default priority to data. Same like USA circuit, I cam put
  ToS bit for signaling and Voice but as data is not passing through the
  compression device I cannot put ToS there.
  It would be very nuch helpfull, if anyone can send some sample
  configuration or links to solve my problem.
  Thanks in advance.
  ~/Ovi

  Try these links:>
  http://www.cisco.com/en/US/tech/tk652/tk698/technologies_tech_note09186a0080094660.shtml
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd9ec.html
  http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

• NMH405 and QOS setting on Router to optimize network traffic

  Are there settings to optimize the NMH405 on a Network.  I'm using a Westell DSL Wireless 4 port Modem/Router with QOS options.
  It seems that there is a lot of lag time now when I try to move and read files to or on the NMH405.  If adjusting my router to work well with the NMH405 will help through basic or advanced funtions I'm willing to do that.  This could also help when using the SONY Playstation 3 to access music and photos.
  All the best,
  Thank you 

  Committed Information Rate (%)   Peak Burst Size (ms)   Committed Burst Size (ms)   Max Queue Size:   Can any of these be changed to optimize the NMH405? Thank you? Latency Measurements: Latency Boundary Boundary 1: 0 ms Boundary 2: 10 ms Boundary 3: 20 ms Boundary 4: 40 ms Boundary 5: 100 ms Boundary 6: 1000 ms Boundary 7: 3000 ms  Latency Threshold (ms)   Fragmentation Settings: IP Fragmentation Enable  IP Fragment Size 100 148 244 292 340 388 436