Topology
It's always easier to understand network modifications when we have a topology plan. So here it is :
 |
| Figure 1: Example Network Topology |
From the topology, we can see that voice traffic follows this path :
IP phone > WS-C3560-48PS-S > WS-C3560G-24TS-S > SonicWall 2400 X4 VoIP interface > SonicWall 2400 X1 WAN interface > WS-C3560G-24TS-S > ISP
As you might imagine, the ISP connected WS-C3560G-24TS switch has three VLANs:
- VLAN 300 is the VoIP VLAN.
- VLAN 144 is the WAN (or ISP) VLAN.
- VLAN 200 is the Management VLAN.
A Little Theory
By default, both Polycom and Cisco IP phones will add a « voice » tag to all the packets they generate. This tag can take two different forms :
The Polycom IP phones will use DSCP while the Cisco IP phones use COS (I'm not 100 % sure on this, anyone?). The idea here is to configure each devices in the packet path to « trust » the packet tag from the other device. Otherwise the packet's tag is not honored.
Configuration
We will start our configuration with both devices into which the IP phones are connected : these are the two WS-C3560-48PS. They can be reached at 172.16.1.2/24 and 172.16.1.3/24. Once both of those devices are configured, we will configure the switch found at 172.16.1.1/24. I assume that all switches already have IP addresses and that SSH is working on all of them. I also assume you have a user that can perform administrative fonctions.
First WS-C3560-48PS Switch
Connect to the switch and check the interfaces. In this example, also assume that interfaces Fa0/1 to Fa0/47 all start with the same configuration. In a real life scenario, make sure this is true!
ssh 172.22.1.2
switch> enable
switch# sh run int fa0/1
!
interface FastEthernet0/1
switchport access vlan 300
switchport mode access
speed 100
duplex full
no cdp enableend
The interface is set to 100 Mb/s full duplex. It does not send CDP packets. It is in access mode and into VLAN 300, but we don't know what that VLAN is at the moment. Let's check our VLAN Transfer Protocol (VTP) status?
switch# sh vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : dmz
VTP Pruning Mode : Disabled
VTP Traps Generation : Enabled
Device ID : 0018.19a9.2800
Configuration last modified by 172.16.1.2 at 3-8-93 23:56:45
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 20
MD5 digest : 0x3B 0x54 0xC1 0x4F 0x88 0x4B 0x84 0xBB
0xC1 0x82 0x8C 0x07 0x5B 0x27 0x96 0x28
Ok, so we are a VTP client. Let's check our current VLAN status then.
switch# sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2, Gi0/4
19 DMZ active
144 WAN ISP active
200 Management active Fa0/48
300 VoIP active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa0/25, Fa0/26, Fa0/27, Fa0/28, Fa0/29, Fa0/30, Fa0/31, Fa0/32, Fa0/33, Fa0/34, Fa0/35, Fa0/36, Fa0/37, Fa0/38
Fa0/39, Fa0/40, Fa0/41, Fa0/42, Fa0/43, Fa0/44, Fa0/45, Fa0/46, Fa0/47
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
We can see that VLAN 300 is indeed our VoIP VLAN. We also see that interface Fa0/48 is connected to the Management VLAN. According to our topology map, interface Gi0/3 is our connection to the WS-C3560G-24TS switch. If it's not listed here, it must be a trunk then. Let's check.
switch# sh int status | inc Gi0/3
Gi0/3 c3560g VoIP trunk connected trunk a-full a-1000 1000BaseSX SFP
switch# sh run int gi0/3
!
interface GigabitEthernet0/3
description c3560g VoIP trunk
switchport trunk encapsulation dot1q
switchport mode trunk
end
So indeed it is. Our first task is to discover which ports have which IP phone? The reason is simple : Polycom IP phones and Cisco IP phones do not have the same configuration. Cisco IP phones support a tightly integrated configuration with the Cisco switches. But the Polycom do not. We thus need to configure each ports differently depending on which type of phone is connected to it.
Luckly for us, both types of devices support Cisco's Cisco Discovery Protocol (CDP). So let's start CDP and check it's status.
switch# conf t
switch(config)# cdp run
switch(config)# end
switch# sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
core.company.com
Fas 0/48 129 R S I WS-C4507R Fas 5/44
wan.company.com
Gig 0/3 130 S I WS-C3560G Gig 0/27
Hummm, we don't see any IP phones here. That's because CDP is disabled on all interfaces except those two. Let's enable it to all the other FastEthernet interfaces.
switch# conf t
switch(config)# int range fa0/1 - 47
switch(config-if-range)# cdp enable
switch(config-if-range)# end
Now let's see if we have those phones now.
switch# sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
core.company.com
Fas 0/48 129 R S I WS-C4507R Fas 5/44
wan.company.com
Gig 0/3 130 S I WS-C3560G Gig 0/27
Weird, still no phones. I'm not quite sure why (someone knows?), but one trick to get them to talk CDP again is to shutdown the interfaces and bring them back online again.
WARNING : this command will shutdwon all voice operations from that switch. Make sure you have authorization to do this!
switch# conf t
switch(config)# int range fa0/1 - 47
switch(config-if-range)# shutdown
switch(config-if-range)# no shutdown
switch(config-if-range)# end
Most IP phones are Power over Ethernet (PoE) devices. So by doing a shutdown on the interfaces, we also cut the power supply of all the connected IP phones. So if we looked at CDP right after that, we would not see anything new. Why? Because we need to wait for the IP phones to boot and start sending CDP packets. This takes about two or three minutes. After that delay, we check the CDP again.
switch# sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
SEP0004f22ebe3e Fas 0/30 144 H P Polycom S Port 1
SEP0004f235b3f6 Fas 0/12 145 H P Polycom S Port 1
SEP0004f22ec344 Fas 0/6 143 H P Polycom S Port 1
SEP0004f22ebe3f Fas 0/36 146 H P Polycom S Port 1
SEP0004f22ec122 Fas 0/28 136 H P Polycom S Port 1
SEP0004f22c72b3 Fas 0/33 141 H P Polycom S Port 1
SEP0004f22ec100 Fas 0/9 136 H P Polycom S Port 1
SEP0004f22cce0b Fas 0/37 124 H P Polycom S Port 1
SEP0004f235ad32 Fas 0/8 140 H P Polycom S Port 1
SEP0004f2318999 Fas 0/34 142 H P Polycom S Port 1
SEP0004f22ed7fa Fas 0/14 141 H P Polycom S Port 1
SEP0004f216a70a Fas 0/47 142 H P Polycom S Port 1
SEP0004f22ed0ba Fas 0/15 141 H P Polycom S Port 1
SEP0004f22ec3fa Fas 0/19 138 H P Polycom S Port 1
SEP0004f22eb0fc Fas 0/10 140 H P Polycom S Port 1
SEP0004f22eb037 Fas 0/13 140 H P Polycom S Port 1
SEP0004f2318675 Fas 0/16 143 H P Polycom S Port 1
SEP0004f22ec282 Fas 0/29 142 H P Polycom S Port 1
SEP0004f22ed619 Fas 0/23 139 H P Polycom S Port 1
SEP0004f22ed718 Fas 0/21 143 H P Polycom S Port 1
SEP0004f22eb109 Fas 0/3 141 H P Polycom S Port 1
SEP0004f22ebdb9 Fas 0/26 144 H P Polycom S Port 1
core.company.com
Fas 0/48 133 R S I WS-C4507R Fas 5/44
SEP0004f22ed758 Fas 0/46 139 H P Polycom S Port 1
SEP0004f2358788 Fas 0/5 138 H P Polycom S Port 1
wan.company.com
Gig 0/3 134 S I WS-C3560G Gig 0/27
SIP1CDF0F4A6A5B Fas 0/38 168 H P IP Phone Port 1
SEP0004f22eb17d Fas 0/32 139 H P Polycom S Port 1
SEP0004f22ed72b Fas 0/35 140 H P Polycom S Port 1
SEP0004f22ec3d7 Fas 0/24 146 H P Polycom S Port 1
SEP0004f22eb3e7 Fas 0/31 145 H P Polycom S Port 1
SEP0004f22ed03d Fas 0/4 136 H P Polycom S Port 1
SEP0004f22ec13c Fas 0/20 140 H P Polycom S Port 1
SEP0004f22ec05d Fas 0/7 145 H P Polycom S Port 1
SEP0004f2e4c11a Fas 0/44 138 H P Polycom S Port 1
SEP0004f22ed6a5 Fas 0/17 136 H P Polycom S Port 1
SEP0004f22ec2e9 Fas 0/25 145 H P Polycom S Port 1
SIP1CDF0F4A676B Fas 0/18 164 H P IP Phone Port 1
SEP0004f22902f7 Fas 0/42 139 H P Polycom S Port 1
SIP1CDF0F4A6A66 Fas 0/27 132 H P IP Phone Port 1
Ah ha! That's better. We now have a complete list of which type of phone is connected to which port. The Cisco IP phones connected ports are :
switch# sh cdp nei | inc IP Phone
SIP1CDF0F4A6A5B Fas 0/38 152 H P IP Phone Port 1
SIP1CDF0F4A676B Fas 0/18 145 H P IP Phone Port 1
SIP1CDF0F4A6A66 Fas 0/27 172 H P IP Phone Port 1
While the Polycom phones connected ports are :
switch# sh cdp nei | inc Polycom
SEP0004f22ebe3e Fas 0/30 123 H P Polycom S Port 1
SEP0004f235b3f6 Fas 0/12 123 H P Polycom S Port 1
SEP0004f22ec344 Fas 0/6 122 H P Polycom S Port 1
SEP0004f22ebe3f Fas 0/36 125 H P Polycom S Port 1
SEP0004f22ec122 Fas 0/28 174 H P Polycom S Port 1
SEP0004f22c72b3 Fas 0/33 179 H P Polycom S Port 1
SEP0004f22ec100 Fas 0/9 175 H P Polycom S Port 1
SEP0004f22cce0b Fas 0/37 163 H P Polycom S Port 1
SEP0004f235ad32 Fas 0/8 178 H P Polycom S Port 1
SEP0004f2318999 Fas 0/34 120 H P Polycom S Port 1
SEP0004f22ed7fa Fas 0/14 120 H P Polycom S Port 1
SEP0004f216a70a Fas 0/47 120 H P Polycom S Port 1
SEP0004f22ed0ba Fas 0/15 179 H P Polycom S Port 1
SEP0004f22ec3fa Fas 0/19 177 H P Polycom S Port 1
SEP0004f22eb0fc Fas 0/10 178 H P Polycom S Port 1
SEP0004f22eb037 Fas 0/13 178 H P Polycom S Port 1
SEP0004f2318675 Fas 0/16 121 H P Polycom S Port 1
SEP0004f22ec282 Fas 0/29 120 H P Polycom S Port 1
SEP0004f22ed619 Fas 0/23 177 H P Polycom S Port 1
SEP0004f22ed718 Fas 0/21 122 H P Polycom S Port 1
SEP0004f22eb109 Fas 0/3 120 H P Polycom S Port 1
SEP0004f22ebdb9 Fas 0/26 123 H P Polycom S Port 1
SEP0004f22ed758 Fas 0/46 178 H P Polycom S Port 1
SEP0004f2358788 Fas 0/5 176 H P Polycom S Port 1
SEP0004f22eb17d Fas 0/32 177 H P Polycom S Port 1
SEP0004f22ed72b Fas 0/35 178 H P Polycom S Port 1
SEP0004f22ec3d7 Fas 0/24 124 H P Polycom S Port 1
SEP0004f22eb3e7 Fas 0/31 123 H P Polycom S Port 1
SEP0004f22ed03d Fas 0/4 175 H P Polycom S Port 1
SEP0004f22ec13c Fas 0/20 178 H P Polycom S Port 1
SEP0004f22ec05d Fas 0/7 123 H P Polycom S Port 1
SEP0004f2e4c11a Fas 0/44 177 H P Polycom S Port 1
SEP0004f22ed6a5 Fas 0/17 175 H P Polycom S Port 1
SEP0004f22ec2e9 Fas 0/25 123 H P Polycom S Port 1
SEP0004f22902f7 Fas 0/42 178 H P Polycom S Port 1
Polycom SoundPoint IP 335 Ports Configuration
Ok, now that we know all this, we can now configure the telephone ports. Let's start with the Polycom ports.
switch# conf t
switch(config)# int range fa0/3-10, fa0/12-17, fa0/19-21, fa0/23-26, fa0/28-37, fa0/42, fa0/44, fa0/46-47
switch(config-if-range)# description Polycom phone port
switch(config-if-range)# mls qos trust dscp
switch(config-if-range)# auto qos trust
switch(config-if-range)# priority-queue out
switch(config-if-range)# spanning-tree portfast
switch(config-if-range)# end
If QoS was not enabled on this switch, then the « mls qos trust dscp » command will enable it. Now check an interface to see what has happened?
switch# sh run int fa0/42
!
interface FastEthernet0/42
description VoIP telephone port
switchport access vlan 300
switchport mode access
speed 100
duplex full
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
auto qos trust
spanning-tree portfast
end
Notice how the « srr-queue bandwidth share 1 30 35 5 » configuration is now listed. This is placed automatically by the « auto qos trust » command.
Cisco SPA504G IP Phone Ports Configuration
Good, now let's configure the Cisco IP phone connected ports.
switch# conf t
switch(config)# int range fa0/18, fa0/27, fa0/38
switch(config-if-range)# description Cisco IP phone port
switch(config-if-range)# mls qos trust cos
switch(config-if-range)# mls qos trust device cisco-phone
switch(config-if-range)# auto qos voip cisco-phone
switch(config-if-range)# priority-queue out
switch(config-if-range)# spanning-tree portfast
switch(config-if-range)# end
Notice how it's a little different from the Polycom configuration. Let's see what happens to the interface?
switch#sh run int fa0/18
!
interface FastEthernet0/18
description VoIP telephone port
switchport access vlan 300
switchport mode access
speed 100
duplex full
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end
Again the « srr-queue bandwidth share 1 30 35 5 » configuration was installed along with the « service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY ».
Running Configuration
Those new interface configurations now have « mls » and « policy-map ». If we have those, then they must be defined in the configuration. Let's find out by checking the running-config. I've listed here only the relevant parts for this blog post :
switch# sh run
mls qos map policed-dscp 0 10 18 24 46 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
auto qos srnd4
As you can see, there is a lot going on when we use the auto keywords to configure VoIP QoS.
We now have all IP phone connected ports configured. But we haven't configured the trunk port yet. So do this now.
And once we're finished, this is what the interface looks like :
switch# sh run int gi0/3
!
interface GigabitEthernet0/3
description c3560g VoIP trunk
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
auto qos trust
end
WARNING : this command will shutdwon all voice operations from that switch. Make sure you have authorization to do this!
switch# sh cdp nei | inc Polycom
SEP0004f22ec3ed Fas 0/5 125 H P Polycom S Port 1
SEP0004f22ed793 Fas 0/6 137 H P Polycom S Port 1
SEP0004f22ec090 Fas 0/1 131 H P Polycom S Port 1
SEP0004f22ec05f Fas 0/7 136 H P Polycom S Port 1
SEP0004f22ed7f0 Fas 0/3 133 H P Polycom S Port 1
SEP0004f22eb3e3 Fas 0/46 133 H P Polycom S Port 1
Then configure only those ports.
switch# sh cdp nei | inc IP Phone
SIP1CDF0F4A6A9C Fas 0/42 145 H P IP Phone Port 1
SIP1CDF0F4A6AA8 Fas 0/4 124 H P IP Phone Port 1
SIP1CDF0F4A6AA7 Fas 0/36 151 H P IP Phone Port 1
SIP1CDF0F4A66EE Fas 0/31 147 H P IP Phone Port 1
SIP1CDF0F4A6713 Fas 0/30 143 H P IP Phone Port 1
SIP1CDF0F4A6714 Fas 0/44 151 H P IP Phone Port 1
SIP1CDF0F4A6AA1 Fas 0/39 147 H P IP Phone Port 1
SIP1CDF0F4A6AC2 Fas 0/35 150 H P IP Phone Port 1
SIP1CDF0F4A6A53 Fas 0/34 150 H P IP Phone Port 1
SIP1CDF0F4A6A52 Fas 0/43 127 H P IP Phone Port 1
SIP1CDF0F4A6A50 Fas 0/2 139 H P IP Phone Port 1
SIP1CDF0F4A6AAC Fas 0/37 152 H P IP Phone Port 1
SIP1CDF0F4A6A57 Fas 0/38 146 H P IP Phone Port 1
SIP1CDF0F4A6AAB Fas 0/40 170 H P IP Phone Port 1
SIP1CDF0F4A6AAA Fas 0/33 151 H P IP Phone Port 1
SIP1CDF0F4A6A54 Fas 0/41 159 H P IP Phone Port 1
mls qos map policed-dscp 0 10 18 24 46 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
auto qos srnd4
class-map match-all AUTOQOS_VOIP_DATA_CLASS
match ip dscp ef
class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
match ip dscp cs3
!
policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
class AUTOQOS_VOIP_DATA_CLASS
set dscp ef
police 128000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VOIP_SIGNAL_CLASS
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_DEFAULT_CLASS
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit
As you can see, there is a lot going on when we use the auto keywords to configure VoIP QoS.
Trunk Port Configuration
We now have all IP phone connected ports configured. But we haven't configured the trunk port yet. So do this now.
switch# conf t
switch(config)# int gi0/3
switch(config-if)# description c3560g VoIP trunk
switch(config-if)# mls qos trust dscp
switch(config-if)# auto qos trust
switch(config-if)# priority-queue out
switch(config-if)# end
And once we're finished, this is what the interface looks like :
switch# sh run int gi0/3
!
interface GigabitEthernet0/3
description c3560g VoIP trunk
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
auto qos trust
end
Again, we can see the « srr-queue » config has been installed even if we did not explicitly configured it.
Save Configuration
The last task to do on this switch is to save the configuration. Very easy to do, but oh so important!
switch# write memory
switch# copy run start
switch# copy start tftp
That's it for our first WS-C3560-48PS Switch. Let's configure the second one now.
Second WS-C3560-48PS Switch
On this switch, we simply need to do all what we did on the first one : check VLAN, VTP status, CDP and then configure phone ports and trunk port. I'll skip most of the discussion as I hope I've been clear enough on the first switch.
ssh 172.22.1.3
switch> enable
switch# sh vtp status
switch# sh vlan brief
switch# sh int status | inc Gi0/3
switch# sh run int gi0/3
switch# conf t
switch(config)# cdp run
switch(config)# end
switch# sh cdp neighbors
switch# conf t
switch(config)# int range fa0/1 - 47
switch(config-if-range)# cdp enable
WARNING : this command will shutdwon all voice operations from that switch. Make sure you have authorization to do this!
switch(config-if-range)# shutdown
switch(config-if-range)# no shutdown
switch(config-if-range)# end
switch#
switch# sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
SEP0004f22ec3ed Fas 0/5 123 H P Polycom S Port 1
SEP0004f22ed793 Fas 0/6 135 H P Polycom S Port 1
SEP0004f22ec090 Fas 0/1 130 H P Polycom S Port 1
core.company.com
Fas 0/48 143 R S I WS-C4507R Fas 5/43
wan.company.com
Gig 0/3 136 S I WS-C3560G Gig 0/28
SIP1CDF0F4A6A9C Fas 0/42 166 H P IP Phone Port 1
SIP1CDF0F4A6AA8 Fas 0/4 169 H P IP Phone Port 1
SIP1CDF0F4A6AA7 Fas 0/36 164 H P IP Phone Port 1
SIP1CDF0F4A66EE Fas 0/31 165 H P IP Phone Port 1
SIP1CDF0F4A6713 Fas 0/30 165 H P IP Phone Port 1
SIP1CDF0F4A6714 Fas 0/44 164 H P IP Phone Port 1
SIP1CDF0F4A6AA1 Fas 0/39 164 H P IP Phone Port 1
SIP1CDF0F4A6AC2 Fas 0/35 165 H P IP Phone Port 1
SEP0004f22ec05f Fas 0/7 135 H P Polycom S Port 1
SEP0004f22ed7f0 Fas 0/3 132 H P Polycom S Port 1
SEP0004f22eb3e3 Fas 0/46 132 H P Polycom S Port 1
SIP1CDF0F4A6A53 Fas 0/34 164 H P IP Phone Port 1
SIP1CDF0F4A6A52 Fas 0/43 165 H P IP Phone Port 1
SIP1CDF0F4A6A50 Fas 0/2 164 H P IP Phone Port 1
SIP1CDF0F4A6AAC Fas 0/37 164 H P IP Phone Port 1
SIP1CDF0F4A6A57 Fas 0/38 163 H P IP Phone Port 1
SIP1CDF0F4A6AAB Fas 0/40 166 H P IP Phone Port 1
SIP1CDF0F4A6AAA Fas 0/33 165 H P IP Phone Port 1
SIP1CDF0F4A6A54 Fas 0/41 166 H P IP Phone Port 1
We thus need to configure ports diffrently because this switch also has a mix of Polycom and Cisco phones.
Polycom SoundPoint IP 335 Ports Configuration
Again, as we did on the first VoIP access switch, let's configure the Polycom ports first. In order to do that, we need to narrow our search in CDP to only the Polycom devices.
switch# sh cdp nei | inc Polycom
SEP0004f22ec3ed Fas 0/5 125 H P Polycom S Port 1
SEP0004f22ed793 Fas 0/6 137 H P Polycom S Port 1
SEP0004f22ec090 Fas 0/1 131 H P Polycom S Port 1
SEP0004f22ec05f Fas 0/7 136 H P Polycom S Port 1
SEP0004f22ed7f0 Fas 0/3 133 H P Polycom S Port 1
SEP0004f22eb3e3 Fas 0/46 133 H P Polycom S Port 1
switch# conf t
switch(config)# int range fa0/1, fa0/3, fa0/5-7, fa0/46
switch(config-if-range)# description Polycom phone port
switch(config-if-range)# mls qos trust dscp
switch(config-if-range)# auto qos trust
switch(config-if-range)# priority-queue out
switch(config-if-range)# spanning-tree portfast
switch(config-if-range)# end
Cisco SPA504G IP Phone Ports Configuration
Now let's configure the Cisco IP phone connected ports. We first list our Cisco IP Phone ports.
switch# sh cdp nei | inc IP Phone
SIP1CDF0F4A6A9C Fas 0/42 145 H P IP Phone Port 1
SIP1CDF0F4A6AA8 Fas 0/4 124 H P IP Phone Port 1
SIP1CDF0F4A6AA7 Fas 0/36 151 H P IP Phone Port 1
SIP1CDF0F4A66EE Fas 0/31 147 H P IP Phone Port 1
SIP1CDF0F4A6713 Fas 0/30 143 H P IP Phone Port 1
SIP1CDF0F4A6714 Fas 0/44 151 H P IP Phone Port 1
SIP1CDF0F4A6AA1 Fas 0/39 147 H P IP Phone Port 1
SIP1CDF0F4A6AC2 Fas 0/35 150 H P IP Phone Port 1
SIP1CDF0F4A6A53 Fas 0/34 150 H P IP Phone Port 1
SIP1CDF0F4A6A52 Fas 0/43 127 H P IP Phone Port 1
SIP1CDF0F4A6A50 Fas 0/2 139 H P IP Phone Port 1
SIP1CDF0F4A6AAC Fas 0/37 152 H P IP Phone Port 1
SIP1CDF0F4A6A57 Fas 0/38 146 H P IP Phone Port 1
SIP1CDF0F4A6AAB Fas 0/40 170 H P IP Phone Port 1
SIP1CDF0F4A6AAA Fas 0/33 151 H P IP Phone Port 1
SIP1CDF0F4A6A54 Fas 0/41 159 H P IP Phone Port 1
Once we know our Cisco IP Phone connected ports, we can configure them.
switch# conf t
switch(config)# int range fa0/2, fa0/4, fa0/30-31, fa0/33-44
switch(config-if-range)# description Cisco IP phone port
switch(config-if-range)# mls qos trust cos
switch(config-if-range)# mls qos trust device cisco-phone
switch(config-if-range)# auto qos voip cisco-phone
switch(config-if-range)# priority-queue out
switch(config-if-range)# spanning-tree portfast
switch(config-if-range)# end
As we did with our first access switch, we need to configure our trunk port.
This switch connects all of our pieces together : both access switches, the firewall and our ISP uplink. So we need to configure these ports :
ssh 172.16.1.1
switch> enable
switch#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : dmz
VTP Pruning Mode : Disabled
VTP Traps Generation : Enabled
Device ID : 001a.2f98.2f00
Configuration last modified by 172.22.200.6 at 3-8-93 23:56:45
Local updater ID is 172.16.1.1 on interface Vl200 (preferred interface)
Preferred interface name is vlan200
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 20
MD5 digest : 0x3B 0x54 0xC1 0x4F 0x88 0x4B 0x84 0xBB
0xC1 0x82 0x8C 0x07 0x5B 0x27 0x96 0x28
We have all the same VLAN as our two other switches plus a new one : VLAN 19 (DMZ). That means this switch also has some DMZ ports. This is not showed in the VoIP topology and it's not required for our purposes.
Let's see what interfaces are connected on this device?
switch# sh int status | inc connected
Gi0/1 WAN ISP connected 144 a-full a-1000 10/100/1000BaseTX
Gi0/4 firewall X2 WAN connected 144 full a-100 10/100/1000BaseTX
Gi0/9 firewall X3 DMZ connected 19 full a-100 10/100/1000BaseTX
Gi0/10 www.company.com connected 19 full a-100 10/100/1000BaseTX
Gi0/12 ftp.company.com connected 19 a-full a-100 10/100/1000BaseTX
Gi0/17 firewall X4 VoIP connected 300 a-half a-100 10/100/1000BaseTX
Gi0/24 Switch mgmt port connected 200 full a-100 10/100/1000BaseTX
Gi0/27 VoIP 1 trunk connected trunk a-full a-1000 1000BaseSX SFP
Gi0/28 VoIP 2 trunk connected trunk a-full a-1000 1000BaseSX SFP
switch# conf t
switch(config)# int range gi0/27-28
switch(if-range)# description VoIP trunk
switch(if-range)# switchport trunk allowed vlan 200,300
switch(if-range)# priority-queue out
switch(if-range)# mls qos trust dscp
switch(if-range)# auto qos voip trust
switch(if-range)# end
So this configure both trunk ports. Let's see what that gives us?
switch# sh run int gi0/27
!
interface GigabitEthernet0/27
description VoIP trunk
switchport trunk allowed vlan 200,300
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
end
switch# sh run int gi0/28
!
interface GigabitEthernet0/28
description VoIP trunk
switchport trunk allowed vlan 200,300
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
end
As for the other ports, the « srr-queue bandwidth share 10 10 60 20 » and the « queue-set 2 » were installed without us having to type them.
Notice the « switchport trunk allowed vlan 200,300 » config. It prevents the DMZ and the WAN VLANs to reach the VoIP access switches for security reasons. Let's make sure that is the case.
switch# sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/27 auto n-802.1q trunking 200
Gi0/28 auto n-802.1q trunking 200
Port Vlans allowed on trunk
Gi0/27 200,300
Gi0/28 200,300
Port Vlans allowed and active in management domain
Gi0/27 200,300
Gi0/28 200,300
Port Vlans in spanning tree forwarding state and not pruned
Gi0/27 300
Gi0/28 300
Our last interface to configure is the Gi0/1 which connects to our ISP's switch installed in our data center.
And the resulting configuration is :
switch# sh run int gi0/1
!
interface GigabitEthernet0/1
description ISP uplink
switchport access vlan 144
switchport mode access
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
no cdp enable
spanning-tree portfast
end
Trunk Port Configuration
As we did with our first access switch, we need to configure our trunk port.
switch# conf t
switch(config)# int gi0/3
switch(config-if)# description c3560g VoIP trunk
switch(config-if)# mls qos trust dscp
switch(config-if)# auto qos trust
switch(config-if)# priority-queue out
switch(config-if)# end
Save Configuration
And finally, save the configuration.
switch# write memory
switch# copy run start
switch# copy start tftp
That's it for our second WS-C3560-48PS access switch. We must now move on to the WS-C3560G-24TS-S switch which is the central connection for both the VoIP and WAN VLANs, both VoIP access switches and our firewall.
Cisco WS-C3560G-24TS-S Switch Configuration
This switch connects all of our pieces together : both access switches, the firewall and our ISP uplink. So we need to configure these ports :
- Gi0/1 which is connected to our ISP uplink.
- Gi0/4 which is connected to the WAN interface in our firewall.
- Gi0/17 which is connected to the VoIP interface in our firewall.
- Gi0/27-28 which are connected to the WS-C3560-48PS access switch.
ssh 172.16.1.1
switch> enable
switch#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : dmz
VTP Pruning Mode : Disabled
VTP Traps Generation : Enabled
Device ID : 001a.2f98.2f00
Configuration last modified by 172.22.200.6 at 3-8-93 23:56:45
Local updater ID is 172.16.1.1 on interface Vl200 (preferred interface)
Preferred interface name is vlan200
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
Configuration Revision : 20
MD5 digest : 0x3B 0x54 0xC1 0x4F 0x88 0x4B 0x84 0xBB
0xC1 0x82 0x8C 0x07 0x5B 0x27 0x96 0x28
Ok, so this is the VTP master for VTP domain dmz. It means if we ever need to change VLAN for our three switches, it's via this one that we need to do so.
switch#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/2, Gi0/5, Gi0/7, Gi0/8, Gi0/14, Gi0/15, Gi0/16, Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/25, Gi0/26
19 DMZ active Gi0/9, Gi0/10, Gi0/11, Gi0/12, Gi0/13
144 WAN active Gi0/1, Gi0/3, Gi0/4, Gi0/6
200 Management active Gi0/24
300 VoIP active Gi0/17, Gi0/18
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
We have all the same VLAN as our two other switches plus a new one : VLAN 19 (DMZ). That means this switch also has some DMZ ports. This is not showed in the VoIP topology and it's not required for our purposes.
Let's see what interfaces are connected on this device?
switch# sh int status | inc connected
Gi0/1 WAN ISP connected 144 a-full a-1000 10/100/1000BaseTX
Gi0/4 firewall X2 WAN connected 144 full a-100 10/100/1000BaseTX
Gi0/9 firewall X3 DMZ connected 19 full a-100 10/100/1000BaseTX
Gi0/10 www.company.com connected 19 full a-100 10/100/1000BaseTX
Gi0/12 ftp.company.com connected 19 a-full a-100 10/100/1000BaseTX
Gi0/17 firewall X4 VoIP connected 300 a-half a-100 10/100/1000BaseTX
Gi0/24 Switch mgmt port connected 200 full a-100 10/100/1000BaseTX
Gi0/27 VoIP 1 trunk connected trunk a-full a-1000 1000BaseSX SFP
Gi0/28 VoIP 2 trunk connected trunk a-full a-1000 1000BaseSX SFP
As per our topology, we can see that port Gi0/1 is our WAN port. We also see some DMZ hosts (the firewall, a web server and an FTP server). We clearly see that the firewall is connected on three interfaces on this device : Gi0/4 in VLAN 144 which connects to the firewall to the WAN, Gi0/9 in VLAN 19 for the DMZ and Gi0/17 in VLAN 300 which is the VoIP VLAN. Ports Gi0/27 and Gi0/28 are the trunk ports going to the WS-C3560-48PS access switches. While we're here, let's configure them.
Gi0/27-28 Trunk Ports Configuration
switch# conf t
switch(config)# int range gi0/27-28
switch(if-range)# description VoIP trunk
switch(if-range)# switchport trunk allowed vlan 200,300
switch(if-range)# priority-queue out
switch(if-range)# mls qos trust dscp
switch(if-range)# auto qos voip trust
switch(if-range)# end
So this configure both trunk ports. Let's see what that gives us?
switch# sh run int gi0/27
!
interface GigabitEthernet0/27
description VoIP trunk
switchport trunk allowed vlan 200,300
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
end
switch# sh run int gi0/28
!
interface GigabitEthernet0/28
description VoIP trunk
switchport trunk allowed vlan 200,300
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
end
As for the other ports, the « srr-queue bandwidth share 10 10 60 20 » and the « queue-set 2 » were installed without us having to type them.
Notice the « switchport trunk allowed vlan 200,300 » config. It prevents the DMZ and the WAN VLANs to reach the VoIP access switches for security reasons. Let's make sure that is the case.
switch# sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/27 auto n-802.1q trunking 200
Gi0/28 auto n-802.1q trunking 200
Port Vlans allowed on trunk
Gi0/27 200,300
Gi0/28 200,300
Port Vlans allowed and active in management domain
Gi0/27 200,300
Gi0/28 200,300
Port Vlans in spanning tree forwarding state and not pruned
Gi0/27 300
Gi0/28 300
Indeed, that is the case. These trunk ports will only allow the Management and the VoIP VLANs to reach the VoIP access switches. Which is good.
Gi0/17 Firewall VoIP Interface Port Configuration
We continue with our setup by configuring the Gi0/17 port that connects to the firewall's VoIP interface. Our goal is always the same : make sure the DSCP and CoS tags are honored and not striped when passing on the interface. That's why we add those trust commands.
switch# conf t
switch(config)# int gi0/17
switch(config-if)# description firewall X4 VoIP interface
switch(config-if)# switchport access vlan 300
switch(config-if)# switchport mode access
switch(config-if)# priority-queue out
switch(config-if)# mls qos trust dscp
switch(config-if)# auto qos voip trust
switch(config-if)# no cdp enable
switch(config-if)# end
These commands create the configuration :
switch# sh run int gi0/17
!
interface GigabitEthernet0/17
description firewall X4 VoIP interface
switchport access vlan 300
switchport mode access
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
no cdp enable
end
Our next step is to configure interface Gi0/4 which connects our firewalls's WAN interface to the current switch.
Gi0/4 Firewall WAN Interface Port Configuration
So again, we setup trust commands on this interface.
switch# conf t
switch(config)# int gi0/4
switch(config-if)# description firewall X4 WAN interface
switch(config-if)# switchport access vlan 144
switch(config-if)# switchport mode access
switch(config-if)# priority-queue out
switch(config-if)# mls qos trust dscp
switch(config-if)# auto qos voip trust
switch(config-if)# no cdp enable
switch(config-if)# end
And the configuration created by these commands is that one :
switch# sh run int gi0/4
!
interface GigabitEthernet0/4
description firewall X4 WAN interface
switchport access vlan 144
switchport mode access
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
no cdp enable
end
We're almost there. One more interface to configure : the WAN ISP interface.
Gi0/1 ISP Uplink Port Configuration
Our last interface to configure is the Gi0/1 which connects to our ISP's switch installed in our data center.
switch# conf t
switch(config)# int gi0/1
switch(config-if)# description ISP uplink
switch(config-if)# switchport access vlan 144
switch(config-if)# switchport mode access
switch(config-if)# priority-queue out
switch(config-if)# mls qos trust dscp
switch(config-if)# auto qos voip trust
switch(config-if)# no cdp enable
switch(config-if)# spanning-tree portfast
switch(config-if)# end
And the resulting configuration is :
switch# sh run int gi0/1
!
interface GigabitEthernet0/1
description ISP uplink
switchport access vlan 144
switchport mode access
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
no cdp enable
spanning-tree portfast
end
Save Configuration
The last task, as always, is to save the configuration.
switch# write memory
switch# copy run start
switch# copy start tftp
Great! We now have configured our entire topology for VoIP QoS!
But how do we know it works?
Testing and Monitoring
To check if the configuration is working, one must first clear the statistics of the WAN port Gi0/1 that we just configured. To do this, connect to the switch and issue the following.
switch# clear mls qos interface gi0/1 statistics
Then, we need to generate VoIP traffic. That's quite easy, pickup the phone and call a friend ;) Place him on spearkers and while you're talking, check the statistics on the interface. It will start by a complete zero right after the clear command. But after a while, counters will start to increase. To see the statistics data, do this :
switch# sh mls qos interface gi0/1 statistics
GigabitEthernet0/1 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 8648676 16 1984532 0 751
5 - 9 : 0 15 156 5502 64
10 - 14 : 4611 0 57 0 4
15 - 19 : 0 449 0 15 0
20 - 24 : 10 0 0 0 304172
25 - 29 : 0 25 0 1 0
30 - 34 : 4 0 33 0 68
35 - 39 : 0 0 0 1167 0
40 - 44 : 216 0 0 0 0
45 - 49 : 0 4408223 0 271 0
50 - 54 : 0 0 0 0 0
55 - 59 : 1182 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 9432900 0 0 0 11952
5 - 9 : 0 0 0 58829 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 28328 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 459249
45 - 49 : 0 4165178 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 15365764 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 9444939 58829 0 28328 0
5 - 7 : 4624427 0 0
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 4624427
queue 1: 0 379 124143
queue 2: 0 0 0
queue 3: 58829 0 9445149
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
Hummm, ok, what do all these numbers mean?
Relax. Back off and look at the entire output, not at the numbers. You will find that we have both DSCP incoming and outgoing tables. We also have COS incoming and outgoing tables. And then we have both incoming and outgoing queues. So let's break this down to three subjects :
- DSCP Statistics
- COS Statistics
- Queue Statistics
DSCP Statistics
DSCP stats are displayed like two tables : one for incoming packets (i.e. dscp: incoming) and another for outgoing packets (i.e.dscp: outgoing ). I've highlighted these two tables in bold right here :
switch# sh mls qos interface gi0/1 statistics
GigabitEthernet0/1 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 8648676 16 1984532 0 751
5 - 9 : 0 15 156 5502 64
10 - 14 : 4611 0 57 0 4
15 - 19 : 0 449 0 15 0
20 - 24 : 10 0 0 0 304172
25 - 29 : 0 25 0 1 0
30 - 34 : 4 0 33 0 68
35 - 39 : 0 0 0 1167 0
40 - 44 : 216 0 0 0 0
45 - 49 : 0 4408223 0 271 0
50 - 54 : 0 0 0 0 0
55 - 59 : 1182 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 9432900 0 0 0 11952
5 - 9 : 0 0 0 58829 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 28328 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 459249
45 - 49 : 0 4165178 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
Both table are quite the same. One the X axis, or the first column of the table if you prefer, we see a list of ranges : 0 - 4 is followed by 5 - 9 all the way down to 60 - 64. These represent the various possible DSCP values which range from zero to 64.
Each lines represent a possible DSCP value in the range found on the left hand side. For example, take line 45 - 49 from the « dscp: outgoing » table. Right after the 45 - 49 : there are four columns with these values : 0, 4165178, 0 and 0. Since we're looking at the 45 - 49 line, this tells us that DSCP value 45 has 0 packets, DSCP value 46 has 4165178 packets, DSCP values 48 and 49 both don't have any packets at all, so they both show a 0. So we know that this interface (gi0/1) has sent 4165178 packets tagged as DSCP value 46.
Now I didn't choose DSCP value 46 by error : this is the standard VoIP DSCP packet tag! That's because DSCP 46 is the « Expedited Forwarding » DSCP value. So it has a very high priority.
Since we know that the Polycom IP phones tag all their packets with DSCP 46 and we configured all of our equipement to trust each other's QoS values, then we know that a Polycom telephone generating packet tagged as DSCP 46 from either of the VoIP access switches finds it's way to this switch still tagged as a DSCP 46 packet : a VoIP packet.
Now look at both the « dscp: incoming » table and the « dscp: outgoing » table. Notice how they both have a very high value in the DSCP 46 spot. That means VoIP traffic flows in both directions : incoming and outgoing. If you have a high DSCP 46 value in the « dscp: outgoing » table, but a value of 0 in the « dscp: incoming » table, you know something is wrong (or vice-versa). Simply because a telephone conversation is never flowing in one direction only.
COS Statistics
The COS tables are a bit smaller than the DSCP ones. Again, we have two of them : one for incoming packets and the other for outgoing packets.
cos: incoming
-------------------------------
0 - 4 : 15365764 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 9444939 58829 0 28328 0
5 - 7 : 4624427 0 0
The trick to read these two table is the same to read the DSCP table : each row (either 0 - 4 and 5 - 7) represent a COS value. These values range from 0 to 7. To find the amount of incoming packets with a COS value of four, we must check the « cos: outgoing » table, select row 0 - 4 and check the fourth value (28328). Simple!
Voice traffic has a COS value of 5 by default.
From « cos: outgoing » table, we can see that this switch has sent 4624427 packets with a COS value of 5. But unfortunately, our ISP sends everything in COS value 0. That's why we see 15365764 packets with COS value 0 in the « cos: incoming » table.
Queue Statistics
The last set of tables displayed by the « sh mls qos interface gi0/1 statistics » command are the queue tables :
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 4624427
queue 1: 0 379 124143
queue 2: 0 0 0
queue 3: 58829 0 9445149
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
There are two tables : the « output queues enqueued » and the « output queues dropped ». Obviously, we don't want any packets to be listed in the « output queues dropped » table. That would mean that the interface is dropping packets. There are many reasons to drop packets, but a high value should indicate that you need to check this problem and fix it (new hardware? better QoS? larger bandwith? YMMV)
There are four queues on each interfaces : queue 0 to queue 3. And each queue has three thresholds : threshold1, threshold2 and threshold3. These queues are the ones referenced by the « srr-queue bandwidth » commands found on all the interfaces we worked with. For example, « srr-queue bandwidth share 1 30 35 5 » assigns different weights to each queue. Queue 0 gets a weight of 1, queue 1 get a weight of 30, 35 for queue 2 and 5 for queue 3. Check out Catalyst 3560 Switch Software Configuration Guide - Configuring QoS for a complete description of the queues.
HTH,
David
Nice write-up! Deux morceaux de robot!
ReplyDeleteDude i thank you for this!!!
ReplyDeleteHey Sean, glad I could help! :)
DeleteVery helpful, thank you.
ReplyDeleteon the main 24-port switch, why did you use "auto qos voip trust" vs "auto qos trust" as on the access layer switches? thanks.
ReplyDelete