Page 110

3-60

Cisco AVVID Network Infrastructure Enterprise Quality of Service Design

956467

Chapter 3 QoS in an AVVID-Enabled Campus Network

Selecting a Distribution-Layer Switch

3550G-Dist(config-ext-nacl)#permit tcp any any range 2000 2002

3550G-Dist(config-ext-nacl)#remark H323 Fast Start

3550G-Dist(config-ext-nacl)#permit tcp any any eq 1720

3550G-Dist(config-ext-nacl)#remark H323 Slow Start

3550G-Dist(config-ext-nacl)#permit tcp any any range 11000 11999

3550G-Dist(config-ext-nacl)#remark H323 MGCP

3550G-Dist(config-ext-nacl)#permit udp any any eq 2427

Step 2

Create classes that use the ACLs as admission criteria.

3550G-Dist(config)#class-map match-all VOICE

3550G-Dist(config-cmap)#description VoIP Bearer Traffic

3550G-Dist(config-cmap)#match access-group name VOICE

3550G-Dist(config)#class-map match-all GOLD-DATA

3550G-Dist(config-cmap)#description Mission Critical Traffic

3550G-Dist(config-cmap)#match access-group name GOLD-DATA

3550G-Dist(config)#class-map match-all VOICE-CONTROL

3550G-Dist(config-cmap)#description VoIP Control Traffic (SCCP, H225, H254, MGCP)

3550G-Dist(config-cmap)#match access-group name VOICE-CONTROL

Step 3

Create a policy to set the DSCP PHB label/value for the classes.

3550G-Dist(config)#policy-map DISTRIBUTION-C3550-UPLINK-IN

3550G-Dist(config-pmap)#description Set DSCP PerHopBehavior Label for VOIP Control and

Bearer Traffic

3550G-Dist(config-pmap)#class VOICE-CONTROL

3550G-Dist(config-pmap-c)#set ip dscp 26

3550G-Dist(config-pmap)#class VOICE

3550G-Dist(config-pmap-c)#set ip dscp 46

3550G-Dist(config-pmap)#class GOLD-DATA

3550G-Dist(config-pmap-c)#set ip dscp 18

Step 4

Apply the policy to an interface so that traffic entering the network through this port is classified with
the appropriate DSCP PHB Label EF and AF31 for VoIP Bearer, and Control respectively.

3550G-Dist(config)#int g 0/12

3550G-Distconfig-if)#service-policy input DISTRIBUTION-C3550-UPLINK-IN

Configuring CoS or DSCP Trust

Additionally, you need to enable the Catalyst 3550 to trust DSCP or CoS depending on the capabilities
of the access-layer switch attached. In this example, port 0/1 is attached to a Layer 3-aware access device
and can trust DSCP arriving from it. Ports 0/2 and 0/3 are attached to Layer 2-only access devices, so
the switch needs to trust CoS.

Step 1

Configure trust for DSCP.

3550G-Dist(config)#int g0/1

3550G-Dist(config-if)#mls qos trust DSCP

Step 2

Configure trust for CoS.

3550G-Dist(config-if)#int g0/2

3550G-Dist(config-if)#mls qos trust cos

3550G-Dist(config-if)#int g0/3

3550G-Dist(config-if)#mls qos trust cos