Voice traffic in a LAN
hi all!
can i priority voice traffic in a campus LAN ? we have 2950 EI switch on the access an 3550 on the core layer with vlans...i search a configuration example
many thanks for the answers!
Yes you can. If you're running IOS 12.1(12c)EA1 or above on your switches, the easiest way to configure QoS is with the "autoqos" command. Please see the following link for details.
http://www.cisco.com/en/US/tech/tk543/tk759/tk879/technologies_white_paper0900aecd800a8561.shtml
Hope this helps. If so, please rate the post.
Brandon
Similar Messages
-
Voice Traffic over MPLS-enabled OSPF running backbone links
Hi All;
We have running frame-mode MPLS backbone and OPSF as well. Voice as real-time traffic is passing through our backbone links and marked with precedence 5 as an ordinary behaviour.
What i face is that i can not balance the voice traffic between the uplinks of the LER routers through LSR routers. Let me summarise like this.
I have a PE that has 4xE1 connection as uplinks terminated at two different LSRs. However, when i look at the voice traffic distribution from PE to Ps,the general attribute is voice traffic is choosing only one E1 and uses it. And other links are not used so much by voice traffic. And this causes poor quality of voice because, it exceeds the amount of the reserved bandtwidth that is defined via LLQ under the backbone links. I have also re-defined the priorty class bantwidth and raised it as much as it can be defined, but now, the business in contract traffic is under danger. :)
As OSPF does not support unequal load-balancing and also "load-sharing per-packet" command sucks the voice traffic, there is nothing to balance the voice traffic on the backbone links.
By the way, i have defined MPLS/TE tunnels that are PE-PE tunnels, according to my observations of voice traffic goes to where. I tried to balance the output traffic somehow but the situation is still the same. Sometimes, traffic chooses one tunnel and goes over there. In fact this problem bears with CEF itself but this is another case.
So any suggestion how i can come over this obstacle. Thanks in advance.
Regards,
Baris.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
BTW, 20 Mbps can push the practical performance capacity of a 2821.
class-map match-any LLQ
!match your VoIP bearer traffic here
policy-map Shape20M
class class-default
shape average 17000000 !we're shaping 15% slower to allow for L2 overhead
service-policy Sample
policy-map Sample
class LLQ
priority percent 30
class class-default
bandwidth remaining percent 100
fair-queue
interface tunnel #
ip tcp adjust-mss 1436
ip mtu 1476
service-policy output Shape20M
tunnel path-mtu-discovery
keepalive 1 -
Putting QOS for voice traffic in switches.
Hi All,
does anybody know how to prioritize the voice traffic over data in the 2960 SW, in a scenario in which ethernet cable coming to ipphone & from IPphone to PC.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, I do.
laugh - I was temped to stop with the above, as it directly answers your question, but I assume you want to know how.
In principle, you recognize the VoIP traffic as being different from data traffic and provide it "special" egress treatment. Normally you would enable QoS, and for egress, enable PQ, direct VoIP bearer traffic to that queue. You might also direct VoIP signalling traffic to a queue that insures it's not unduly delayed or dropped. You might also set rate caps on ingress VoIP traffic.
Recognition of VoIP traffic can be done in different ways. Your phones might support L2 CoS or L3 ToS marking, your switch might "analyze" ingress traffic, your switch might trust a Cisco VoIP phone, your switch and VoIP phones might use a dedicated VLAN. Basically, there's lots of variables dealing with ingress.
Unfortunately, you've provided insufficient information for specific recommendations.
PS:
BTW, your 2960 might also support auto-QoS, which may, or may not, be all you need to enable. -
Hello, I have been running 20Mb mpls circuit over which i have formed GRE tunnel. My circuit goes choke most of the times. So i am planning to configure QoS and assign 5mb for voice traffic(i.e. for VOIP phone communication) and rest BW for others traffic. What would be best solution, should i police voice traffic under voice class map or PQ would be good.
Also how should i classify voice traffic for my voip phones. pls help.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
BTW, 20 Mbps can push the practical performance capacity of a 2821.
class-map match-any LLQ
!match your VoIP bearer traffic here
policy-map Shape20M
class class-default
shape average 17000000 !we're shaping 15% slower to allow for L2 overhead
service-policy Sample
policy-map Sample
class LLQ
priority percent 30
class class-default
bandwidth remaining percent 100
fair-queue
interface tunnel #
ip tcp adjust-mss 1436
ip mtu 1476
service-policy output Shape20M
tunnel path-mtu-discovery
keepalive 1 -
AutoQoS for voice traffic settings?
Hi Everybody,
I have enabled auto qos on switch and following are information
Voice is the most important traffic in network, must ensure voice traffic goes first
SW# show mls qos map dscp-output-q
Dscp-outputq-threshold map:
d1 :d2 0 1 2 3 4 5 6 7 8 9
0 : 04-03 04-03 04-03 04-03 04-03 04-03 04-03 04-03 04-01 04-02
1 : 04-02 04-02 04-02 04-02 04-02 04-02 03-03 03-03 03-03 03-03
2 : 03-03 03-03 03-03 03-03 02-03 02-03 02-03 02-03 02-03 02-03
3 : 02-03 02-03 03-03 03-03 03-03 03-03 03-03 03-03 03-03 03-03
4 : 01-03 01-03 01-03 01-03 01-03 01-03 01-03 01-03 02-03 02-03
5 : 02-03 02-03 02-03 02-03 02-03 02-03 02-03 02-03 02-03 02-03
6 : 02-03 02-03 02-03 02-03
SW# show mls qos queue-set
Queueset: 1
Queue : 1 2 3 4
buffers : 10 10 26 54
threshold1: 138 138 36 20
threshold2: 138 138 77 50
reserved : 92 92 100 67
maximum : 138 400 318 400
For the
DSCP 46 : it's 01-03 (voice)
DSCP 0 : it's 04-03 (general traffic)
From my understanding
- 01-03 means queue 1 and threshold3. (by default threshold3 is 100 and hidden)
- queue-set 1 is enabled by default on all interface and hidden
According to the above information,
- Does the Auto Qos is design for voice goes first?
- Why the Q1 buffer and maximum are less then Q4? isn't suppose to set more buffer on Q1 for voice traffic? or I have to re-distribute the queue buffer and threshold, etc...
- or I just use priority-queue out, then those queue setting will be ignored?
Thanks in advance
Samudp ports 16384 to 32767 for rtp traffic
1720 tcp for control (h323 protocol) -
Characteristics of voice traffic
Why "benign" is considered as a characteristics of voice traffic, but not "smooth".
thanks,
HanI guess that most voice traffic is very forgiving and that even with packet loss you can get the message across. With this in mind you can say its "kind" which seems to be one of the best definitions for benign. Why would you say that voice traffic is smooth?
-
Hi Experts..
Pls help me in setting up QoS for my company. I have MPLS circuit for my all company locations. Main locations has 60mb MPLS circuit and branch locations has 20mb each. I have CME in my main location to which VOIP phones are registered. Since past few days i have been observing bandwith choke of my main location, due to this calling through VOIP phones from main locations to hub locations are getting drop intermediately.
I am looking to prioritize voice traffic so that other traffic could not make impact on voip calls. I want to assign 10mb bandwith to voice traffic and rest bandwith for others traffic.
Pls help me good way to configure this.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
policy-map sample
class voip-bearer
priority percent 33
class voip-signaling
bandwidth remaining 10 percent
class class-default
bandwidth remaining 90 percent
fair-queue
For above, you need to classify traffic and mark to agree with MPLS QoS support. Percentages might also be changed to agree with MPLS QoS.
Apply above as an out policy on MPLS egress port. -
Separate Physical LAN for Voice Traffic
HI everyone,
How common is it to set up an entirely separate switching and routing infrastructure to handle voice over IP traffic? I'm curious if this would be necessary as opposed to just logically separating the traffic via a voice VLAN. Any input would be much appreciated.Not very common at all, as I said I have only seen this at Trading companies (very typical to that market), but that is a small percentage of all deployments. I have worked with pretty much every imaginable market and have not see it anywhere else.
HTH, please rate all useful posts!
Chris -
How to priortize video & voice traffic over mpls network
Dear all,
I have taken a 512k link from mpls network containing juniper as core routers, while i am using completely cisco in my network, my query is can i priortize my voice and video traffic over this mpls network i am also using rtp header compression.
plz give me sample config if it is possible.
thankshi
if i m not wrong there will be different kinda service offering in general being provided by the SPs.
it falls under 2 main major categories one is managed and the other is unmanaged.
in managed services your SP will honour the marking being done by the customers and the same is being carried throughout(in SP backbone) till reaching the remote destination.
in unmanaged services whatever markings you do at ur end will be remarked or ignored by SP according to the policies followed by them.
you can enquire about this with your SP and you can have the QOS policies configured accordingly.
regds -
ASA 5510 Not able to route traffic between 2 LAN interfaces
Hi everybody,
I need help to enable traffic between two physical ports on my Cisco ASA 5510. I created access rules and NAT but traffic doe not go from accounting interface to Inside. I am able to access internet from both interfaces. Can someone pin point me in the right direction since I am not an expert in Cisco but has to finish this by the end of the week.
Thank you,
Sigor
Here is my configuration:
ASA Version 8.2(2)
hostname Cisco
domain-name xxx.com
names
interface Ethernet0/0
description Outside
nameif Outside
security-level 0
ip address 101.101.101.101 255.255.240.0
interface Ethernet0/1
description Inside Network
nameif Inside
security-level 90
ip address 192.168.10.1 255.255.255.0
interface Ethernet0/2
description Accounting
nameif Accounting
security-level 100
ip address 20.0.1.1 255.255.255.0
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
clock timezone EST -5
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name xxx.com
same-security-traffic permit inter-interface
object-group service Port-10000 tcp
port-object eq 10000
object-group service Port-8080 tcp
port-object eq 8080
object-group service Port-8011 tcp
port-object eq 8011
object-group service DM_INLINE_TCP_1 tcp
group-object Port-8080
port-object eq www
group-object Port-8011
object-group service DM_INLINE_TCP_2 tcp
group-object Port-10000
port-object eq https
port-object eq www
object-group service rdp tcp
port-object eq 3389
object-group service DM_INLINE_TCP_3 tcp
group-object rdp
port-object eq ftp
object-group service DM_INLINE_TCP_4 tcp
group-object Port-10000
port-object eq www
port-object eq https
port-object eq ssh
object-group service DM_INLINE_TCP_5 tcp
group-object Port-8011
group-object Port-8080
port-object eq www
object-group service DM_INLINE_TCP_6 tcp
group-object Port-10000
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_7 tcp
group-object rdp
port-object eq ftp
access-list Outside_access_in extended permit tcp any host 101.101.101.104 object-group DM_INLINE_TCP_5
access-list Outside_access_in extended permit tcp any host 101.101.101.102 object-group DM_INLINE_TCP_6
access-list Outside_access_in extended permit tcp any host 101.101.101.103 object-group DM_INLINE_TCP_7
access-list Outside_access_in extended permit tcp any host 101.101.101.106 eq smtp
access-list Outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.80.0 255.255.255.0
access-list CiscoIPsec_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 any
pager lines 24
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu Accounting 1500
mtu management 1500
ip local pool IPSecDHCP 192.168.80.100-192.168.80.200 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 0.0.0.0 0.0.0.0
nat (Accounting) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) tcp 101.101.101.104 www 192.168.10.14 www netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.104 8011 192.168.10.14 8011 netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.104 8080 192.168.10.14 8080 netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.102 10000 192.168.10.3 10000 netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.102 https 192.168.10.3 https netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.102 www 192.168.10.3 www netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.103 ftp 192.168.10.17 ftp netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.103 3389 192.168.10.32 3389 netmask 255.255.255.255
static (Inside,Outside) tcp 101.101.101.106 smtp 192.168.10.23 smtp netmask 255.255.255.255
static (Inside,Accounting) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
access-group Outside_access_in in interface Outside
access-group Accounting in interface Accounting
route Outside 0.0.0.0 0.0.0.0 101.101.101.101 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.10.0 255.255.255.0 Inside
http 20.0.1.0 255.255.255.0 Accounting
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 32608000
crypto ipsec security-association replay disable
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256
-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set pfs group1
crypto map Outside_map 1 set peer 89.216.17.35
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
dhcpd address 20.0.1.100-20.0.1.200 Accounting
dhcpd dns 192.168.10.19 8.8.8.8 interface Accounting
dhcpd lease 306800 interface Accounting
dhcpd domain abtscs.com interface Accounting
dhcpd enable Accounting
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy CiscoIPsec internal
group-policy CiscoIPsec attributes
dns-server value 192.168.10.30 192.168.10.19
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value CiscoIPsec_splitTunnelAcl
default-domain value xxx.com
vpn-group-policy CiscoIPsec
tunnel-group 198.226.20.35 type ipsec-l2l
tunnel-group 198.226.20.35 ipsec-attributes
pre-shared-key *****
tunnel-group CiscoIPsec type remote-access
tunnel-group CiscoIPsec general-attributes
address-pool IPSecDHCP
default-group-policy CiscoIPsec
tunnel-group CiscoIPsec ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
Cryptochecksum:2a7c97a7a22397908ef83ca6f0065919
: endWithout diving too deep into your config, I noticed a couple of things:
interface Ethernet0/1
description Inside Network
nameif Inside
security-level 90
ip address 192.168.10.1 255.255.255.0
interface Ethernet0/2
description Accounting
nameif Accounting
security-level 100
ip address 20.0.1.1 255.255.255.0
On an ASA, higher security level interfaces are always allowed, by default, to lower security levels, but not the other way around. So, if you want to keep this config, you would need an acl on the Inside interface to allow traffic to go from level 90 to 100:
access-list Inside permit ip any any
access-group Inside in interface Inside
The acl will permit the traffic into either interface (outside or Accounting). As long as you have your other rules set up correctly, this should resolve your issue...
HTH,
John -
Block guest mDNS traffic on business LAN
For my company, I am running a Cisco 5508 WLC with a 4400 WLC as a guest anchor in our DMZ. There is a guest SSID and several business SSID's for internal equipment. Guest traffic should be tunneled out to the 4400 controller where [the client] gets its IP address and is sent out to the internet. No internal corporate access is possible. However, when I do a packet capture from my wired PC, I'm seeing traffic generated by different iPhones. It appears to be mostly IPv6 mDNS or ICMPv6 traffic. How would this traffic make it onto the corporate wired network, when it should be staying on the guest network? None of the iPhones have been setup on the business SSIDs, so I know it isn't legit traffic. Is there a setting in the WLC that will block this? Will an ACL work?
These are examples of some of the traffic that wireshark is capturing:
349 7.794875 fe80::e77:1aff:fe3c:f81 ff02::fb MDNS 253 Standard query response PTR, cache flush Tonyas-iPhone-2.local PTR, cache flush Tonyas-iPhone-2.local
356 7.802667 fe80::e77:1aff:fe3c:f81 ff02::fb MDNS 151 Standard query ANY Tonyas-iPhone-2.local, "QU" question ANY Tonyas-iPhone-2.local, "QU" question
361 7.806964 fe80::e77:1aff:fe3c:f81 ff02::fb MDNS 151 Standard query ANY Tonyas-iPhone-2.local, "QM" question ANY Tonyas-iPhone-2.local, "QM" question
Both controllers are running software version 6.0.196.0. I also have a WCS server running version 7.0.220.
Thanks!
Joe P.Well, you are asking a valid question but unfortunately I don't know the answer. I tried to find in config guide and multicast design guide if there disabling mylticast affects only L3 multicat or both L3 and L2 multicast but I unfortunately could not find an answer.
Just one hint came to my mind, do you have Ipv6 bridging enabled under your WLAN (under advanced tab)?
I think it is enabled so you may try disabling it. That would possibly stop the IPv6 traffic.
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70wlan.html#wp1345783
HTH
Amjad -
Maximum cos1 (voice traffic) supported by Cisco ASR 1006 router
Dear Team,
Please confirm the maximum cos 1 traffic supported by cisco ASR 1006 router.Yes, it would. If you are planning on terminating a single site on this router I would spread over multiple routers for redundancy.
Table 6 explains number of ports and channels providing you have the DSPs:
http://www.cisco.com/c/dam/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/product_data_sheet0900aecd8057f2e0.pdf -
Block internet traffic but allow LAN traffic
Hi,
I have a WAP54G. Is it possible to set it so that when someone accesses the device, they can only access my local network (no internet access).
Thanks,
JTThere are a few ways to do this.
In your router, you can block a computer's Internet access by MAC address or by LAN IP address. I would suggest blocking by MAC address.
Obtain the MAC address of the offending computer. Then enter your router and go to the "Security" tab, "Filter" subtab. Click on "Edit MAC filter setting" and enter the MAC address of the offending computer. Click on "Apply". You might also need to return to the "Security-Filter" page and click on "Save settings". Reboot the router.
Alternatively, you could block by LAN IP address, but this might interfere with the computer's ability to access other wireless systems, at home or while traveling. If you do this, you would need to go into the offending computer, and assign it a fixed LAN IP address. Then enter the router (same page as above), and in "Filter IP address range" just enter his IP address, for example 192.168.1.12 (or whatever fixed LAN IP address you gave him). Then click on "Save settings".
Note that if he is computer savvy, it may not take him long to figure out how to bypass these roadblocks. IP addresses can be easily changed. MAC addresses can be faked.
The problem that you are having is similar to the "my teen is running wild on the Internet" problem. Many parents have found that router settings only work to control young children, who don't know much about computers. Older kids are better controlled using software products installed on the offending computer (I assume you own his work computer.) There are several parental control products on the market. I am not personally familiar with them, but when I did a search, "Safe Eyes" and "ContentWatch ContentProtect" were rated well. These programs can be used to limit the web sites visited, or stop Internet access entirely, or on a schedule. -
Priority queue for voice/audio traffic
Hi,
Still in limbo after multiple discussions with our vendors, TAC and in general other engineers, so starting a thread here. In the process of rolling out enterprise audio, with the intent to prioritize and allocate 25% of link bandwidth for voice class.
Our config snapshow is as follows -
policy-map qos-wan-out
class dscp-voice-lan
set ip precedence 5
priority percent 25
I understand that
-DURING congestion, this will ensure voice gets a maximum of 25% and is dequeued first due to the priority setting
-And during NO congestion, the voice traffic will be dequeued before other traffic, but at the same time, can go over 25% as QoS kicks in only during congestion.
I am seeing some contradictory results in that we are having high packet loss if we exceed 25% even when the link is less than 40% utilized. I doubt the above CE configurations are an issue. But, wanted to run this by this group.
Alternate theory is that with the above configurations, our traffic is exiting fine - but the service provider who is using priority class queuing within their MPLS network may be capping the bandwidth at 25% at all times (with or without congestion).
thanksHi Bro
Maybe the incoming voice packets into your FW isn't marked with ef. For this reason, you don't see anything at all. I hope the QOS isn't tied to a subinterface, as QOS is only supported on the main interface itself. What you're doing here is QoS Configuration based on DSCP. You could refer to this URL for troubleshooting purposes.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml#tab4
Did you marked on the Cisco Catalyst switchports, which ports are ef? -
Voice video traffic classification
Hi All,
A simple query.
With Cisco ios NBAR, when we say 'match protocol rtp video' , do we also match the audio embedded in the video stream ? .. or does that audio get matched only with the 'match protocol rtp audio' statement ?
Also, is the 'match protocol rtp audio' statement sufficient to match all voice traffic from IP phones on the LAN ?
Regards,
AmitHi Amit,
Match protocol rtp video will match only video.
In regards to your second question:
Match rtp audio is good but it should be just a part of full end-to-end QoS policy and you should not only just rely on that.
While deploying QoS - there are some best practices, like marking closest to the source. Most VoIP end devices, servers will mark the traffic (audio as 46 and signalinging as 24 at either l3 or like in case of phones at l2 level)
You should configure QoS on catalyst switches. Traffic is already marked you need to enable trust on the switches and ensure traffic is priortised and markings are carried to routers. At routers you can catch this based on markings, protocol (like rtp audio), source/destination, and several other criteria. Then this is sent across WAN with appropriate markings and get preferential treatment in Service Provides network and markings are maintained through out.
So just to summarise yes it should catch audio by matching rtp audio but for QoS to work effectvely you should deploy QoS based on a wider policy that makes sure voice traffic is priortised at all possible levels.
Hope it helps.
Terry
Please rate if you find it helpful.
Maybe you are looking for
-
Lacie external hard drive undetected (USB)
My Lacie 500GB external hard drive is undetectable by my iMac G5. It just happened one day when I clicked on the icon on my desktop and the error message said it was undetectable. I secured the USB cables and made sure there was power. I also verifie
-
I use a CachedRowSet instance with an Oracle 8i (i get the same result with a 9i) datbase. if the table i do the query in contains any CLOB or BLOB column, when i execute the populate(ResultSet) method i get the following exception : java.lang.Number
-
Why does FCPX crash every time I use plug-in effects?
I don't understand why FCPX crashes every time I use a plug-in effect. I install the plug-in effects in the Effects folder - User/Movies/Motion Templates/Effects - and I apply the plug-in effect to the clip in the timeline, but as soon as the clip is
-
Catldap.sql or dbmsldap.sql files?
Hi, I can't find the files catldap.sql or dbmsldap.sql in the ORACLE_HOME/rdbms/admin directory. Using 8.1.6 EE.I haven't installed OID yet, but would just like to install the ldap packages so I can bind to an external LDAP server using PL/SQL LDAP A
-
Please help me to understand...