[Config] QoS+VoIP on a Cisco - sample config in Cisco

[Config] QoS+VoIP on a Cisco - sample config in Cisco http://www.dslreports.com/forum/r12421459 en Thu, 03 Dec 2009 11:18:36 EDT Thu, 03 Dec 2009 11:18:36 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13102717 LilYoda : I'm working on a house renovation this week-end, so I won't be able to help

As far as I remember, the 800 series does not allow for one policy-map to call another policy map (aka policy nesting)

I am not sure either if it supports named ACLs now. If it still doesn't, the config might be a LOT nastier to troubleshoot :)

So you could probably still get away with it by using one single policy map like

policy-map Packet-Queueing
  class VoIP-Class-Outbound
    priority 72
  class Hi-Class-Outbound
   bandwidth remaining percent 50
   random-detect prec-based
   random-detect exponential-weighting-constant 8
   random-detect precedence 6   20    60    20
   random-detect precedence 5   6     15    6
  class Med-Class-Outbound
   bandwidth remaining percent 25
   random-detect prec-based
   random-detect exponential-weighting-constant 8
   random-detect precedence 4   15    30    15
   random-detect precedence 3   1     15    3
  class Lo-Class-Outbound
   bandwidth remaining percent 25
   random-detect prec-based
   random-detect exponential-weighting-constant 3
   random-detect precedence 2   15    30    15
   random-detect precedence 1   1     15    3

If it doesn't work, I could look into it and work with you some time next week :)
]]> http://www.dslreports.com/forum/remark,13102717 Wed, 06 Apr 2005 13:30:03 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13101173 anon : LilYoda writes: but I haven't tried it, cause I don't have a 800 handy

Want access to play with one? :)

I'll be trying out your config examples on the weekend on my 827. Running c820-k9osy6-mz.123-9.bin]]> http://www.dslreports.com/forum/remark,13101173 Wed, 06 Apr 2005 10:02:04 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13030589 rolande : Yes. Again, my first statement was that you were correct in your assumption. Without an ACL, the rate-limit command applies to all traffic going in and/or out of an interface depending on the direction it is applied or if it is applied in both directions.
--
Ignorance is temporary...stupidity lasts forever!]]> http://www.dslreports.com/forum/remark,13030589 Tue, 29 Mar 2005 00:40:58 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13029942 Brandonv7 : But that would only if you want to prioritize different kinds of traffic as it does in this voip config. The rate limit command itself doesn't require an ACL thought. That is what i was trying to clarify for a problem i am working on..
--
"Rose Tints My World To Keep Me Safe From My Trouble And Pain" Take a trip down the River Roads!!]]> http://www.dslreports.com/forum/remark,13029942 Mon, 28 Mar 2005 23:06:39 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13029735 rolande : That is correct. If you want to use rate-limit to color traffic with different precedence values it would be pointless without ACLs ;)
--
Ignorance is temporary...stupidity lasts forever!]]> http://www.dslreports.com/forum/remark,13029735 Mon, 28 Mar 2005 22:43:35 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13028855 LilYoda : I believe this is correct.
But you can also attach a access-list, and use it to color inbound traffic by using set-prec-transmit as your conform and exceed actions.]]> http://www.dslreports.com/forum/remark,13028855 Mon, 28 Mar 2005 20:55:27 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13026722 Brandonv7 : You don't have to have an ACL to use the basic Rate-Limit command, do you? I read it as you only use an ACL if you want to rate limit just some of the traffic through that interface?
--
"Rose Tints My World To Keep Me Safe From My Trouble And Pain" Take a trip down the River Roads!!]]> http://www.dslreports.com/forum/remark,13026722 Mon, 28 Mar 2005 16:40:36 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13022852 plm2005 : yes I have ip cef, but NBAR is not for me.
I had big crash files.
It happened in the past, because of memory bugs, but the new IOS has other much worse bugs so I will stay with the current IOS for now.]]> http://www.dslreports.com/forum/remark,13022852 Mon, 28 Mar 2005 04:29:53 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13018641 rolande : Did you globally enable 'ip cef' before enabling NBAR protocol matching? Depending on what you were using NBAR for, a 1712 is kind of a small router if you were doing too much with it. You could easily kill the memory or CPU.

Did you get log msgs or traceback msgs on console? Did the router crash or just log malloc messages?
--
Ignorance is temporary...stupidity lasts forever!]]> http://www.dslreports.com/forum/remark,13018641 Sun, 27 Mar 2005 15:13:15 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13018442 plm2005 : NBAR was real disaster. My router crashed two times after I configured something with NBAR. I just got 2 memory crashes so I removed this shit.
I will wait for the ACLs.
I hope I will manage it.
I have some problems with Microsoft FRS now, so it took my time during the weekend.]]> http://www.dslreports.com/forum/remark,13018442 Sun, 27 Mar 2005 14:43:54 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13017516 LilYoda : linux debian + tac_plus, works like a charm
(except when you're a numb nuts like me and mess up the key on the router :( )

I got the latest version of tac_plus recently for my work lab, so that I could give different rights based on the source IP. I'll post the version here when I get back to work on monday]]> http://www.dslreports.com/forum/remark,13017516 Sun, 27 Mar 2005 12:30:07 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13014068 rolande : What TACACS server do you use? I am contemplating setting one up on my Linux server for my terminal server on my lab rack. Got any good suggestions? Thanks!
--
Ignorance is temporary...stupidity lasts forever!]]> http://www.dslreports.com/forum/remark,13014068 Sat, 26 Mar 2005 22:01:28 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13012841 LilYoda : I wanted to use NBAR, but it isn't supported on my 4700 :(

For the Skype and IPSec traffic, I already have the ACLs built, however I locked myself out of my router yesterday, in a daring attempt to improve my tacacs config *sigh*

So you'll have to wait till I get back home and can break into the router through the console port, which should be some time next week :D]]> http://www.dslreports.com/forum/remark,13012841 Sat, 26 Mar 2005 19:02:27 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,13000279 plm2005 : Hi LilYoda,
I have some questions on how to customize your brilliant QoS config file. On what email can I contact you?
I have cisco 1712 and a VPN site-to-site.
It is configured directly on the WAN interface and I am wondering how to give priority to the IPsec traffic.
I also want to give priority to Skype and tried something with UDP port, but not quite sure if it works. I am using NBAR and this is not working as expected.
You configuration seems much better.]]> http://www.dslreports.com/forum/remark,13000279 Fri, 25 Mar 2005 05:27:59 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12979652 LilYoda : w0000t :D]]> http://www.dslreports.com/forum/remark,12979652 Tue, 22 Mar 2005 22:33:11 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12978816 ultatryon : I just made a derivitive configuration based on this information on a 1720 w/ a WIC-1ENET running 12.2(4)YA6 (Feature Set K9O3SY7)

So, I can definately vouch that it runs on a 1720 ;)

Oh, and to bump this back to the top ;)]]> http://www.dslreports.com/forum/remark,12978816 Tue, 22 Mar 2005 21:08:43 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12832109 LilYoda :

said by rolande

:

I believe that the police command under policy-maps was included in a later 12.2T train code or 12.3.

Otherwise you can use cascaded rate-limit commands to do the same thing. When you set a rate-limit and an exceed-action of drop, anything beyond the threshold gets policed automatically.

True... However, there's 2 differences between police and rate-limit on an interface
1) rate-limit on an interface needs an ACL. In my case, I have 1 ACL per type of traffic, then I bundled all the ACLs in a class-map. It makes it a LOT easier to move one traffic between classes, or to add a new type of traffic to a class
2) the police statements are not here to drop the traffic, but to recolor it. Then the queueing engine (WRED) treats traffic that's exceeding its bandwidth more aggresively.
If you dropped anything above a specific bandwidth, then you'd waste the bandwidth assigned to classes not in use.

In my case, I wanted to reserve 72 Kbps to VoIP, but the remaining 171Kbps to be shared between 3 classes of data traffic. That means that if I am not sending anything that gets colored as HI or MED class, the LO class uses all the 171 Kbps bandwidth. But most of its traffic is colored with precedence 1 instead or precedence 2 (only 43Kbps get colored with precedence 2)

So the WRED queueing engine is more aggressive towards precedence 1 than precedence 2 (cause I configured it like that). Then if I start sending say some MED traffic. It gets colored as Prec. 4 up to 43Kbps and Prec 3 above...

So in the end, the WRED sends packets out in the order of precedence 4, 2, then 3, then 1... Meaning it's very likely the exceeding prec. 1 traffic will be dropped by WRED, and some of the Prec. 3 as well.

I'm not sure I'm making this very clear. I know it's a weird concept... Let me know if more info is needed, or if I'm the only one to understand my post :)]]> http://www.dslreports.com/forum/remark,12832109 Fri, 04 Mar 2005 17:00:32 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12832034 LilYoda :

said by ugalosh

:

The posts above all contain:
"EDIT: made a simpler version using precedence instead of DSCP"

Is that the version posted? Kinda new at this and trying comprehend it all. Working to try find a version of ios for my 2600 that has the 'police' command in policy-map, with very little success.

Yes, I was using DSCP in the past, but found out precedence works just as well, and precedence numbers are easier to follow than DSCP ones

police statements work on any 2600/3600/3700/4500 with a 12.2.24 IOS (IP PLUS versions, the ones with "-is-" in the name)
I think you also have to turn "ip cef" on before you can access the police statement

I think it works on 1720s too, but almost sure that policy nesting doesn't work on 800 chassis]]> http://www.dslreports.com/forum/remark,12832034 Fri, 04 Mar 2005 16:51:26 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12822140 smp606 : Very nice write-up!]]> http://www.dslreports.com/forum/remark,12822140 Thu, 03 Mar 2005 15:44:10 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12820277 Innuendo : LilYoda,

Thanks for sharing your hard work here for all to benefit.

This, IMHO, should be submitted as a FAQ so your hard work can benefit people in the future without danger of it getting buried in the sands of time.]]> http://www.dslreports.com/forum/remark,12820277 Thu, 03 Mar 2005 11:45:24 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12817671 rolande : I believe that the police command under policy-maps was included in a later 12.2T train code or 12.3.

Otherwise you can use cascaded rate-limit commands to do the same thing. When you set a rate-limit and an exceed-action of drop, anything beyond the threshold gets policed automatically.
--
Ignorance is temporary...stupidity lasts forever!]]> http://www.dslreports.com/forum/remark,12817671 Thu, 03 Mar 2005 00:36:06 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12814583 ugalosh : The posts above all contain:
"EDIT: made a simpler version using precedence instead of DSCP"

Is that the version posted? Kinda new at this and trying comprehend it all. Working to try find a version of ios for my 2600 that has the 'police' command in policy-map, with very little success.

Thanks,
Uga.]]> http://www.dslreports.com/forum/remark,12814583 Wed, 02 Mar 2005 19:26:51 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12720783 LilYoda : It runs on almost any platform, except the 800 series.
I think the 800
a) doesn't support named access-lists (which isn't a blocking point just very annoying to troubleshoot all those ACLs if they only have numbers)
b) doesn't support policy nesting... Can't call a policy map from within another policy map. There may be a workaround (like including all in 1 policy, but I haven't tried it, cause I don't have a 800 handy

I am using 12.2.24 on a 4700, but I think it runs on 12.1 IOSes. You just need an IP Plus version, no need for enterprise IOS]]> http://www.dslreports.com/forum/remark,12720783 Sun, 20 Feb 2005 10:01:00 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12719014 BigBlockChev : What version / level of IOS do you need to support these neat QoS features? (I'm a Cisco dinosaur, the last version I used was 11.2 on a 4500M). I'm interested in getting a used 2621 for home office use though.]]> http://www.dslreports.com/forum/remark,12719014 Sun, 20 Feb 2005 00:10:51 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12718175 LilYoda : Got lazy, haven't done the wiring yet :D]]> http://www.dslreports.com/forum/remark,12718175 Sat, 19 Feb 2005 22:09:06 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12717729 rolande : How did your ADT alarm like using VoIP to call out or did it even work at all? Most VoIP gateways and Cisco IOS have the ability to disable modems and faxes from working. Not to mention, a VoIP line is more likely to get squirrely and easily hose up modem negotiation. Just curious to hear your experience with it.
--
Ignorance is temporary...stupidity lasts forever!]]> http://www.dslreports.com/forum/remark,12717729 Sat, 19 Feb 2005 21:10:15 EDT Re: [Config] QoS+VoIP on a Cisco - queuing http://www.dslreports.com/forum/remark,12714610 paarlberg : Here is what I used on my 2621 to add QoS for H.323 and 3Com NBX pbx and phones. The "match ip dscp 46" was for the 3Com NBX portion.

**********************************************
ip cef
class-map match-any VOICE
match protocol rtp
match ip dscp 46
exit
policy-map QOS-RTP
class VOICE
priority percent 50
exit
**********************************************

Then you must apply to each interface that you want it to use..
**********************************************
interface
service-policy output QOS-RTP
**********************************************

You can also set priority by max bandwidth instead of percent (128k in the example below). Would recommend percent on ADSL and bandwidth for ethernet or high-speed serial. If you use both create a new policy-map for that.. QOS-RTP-DSL and QOS-RTP-ETH, or something like that..

**********************************************
priority bandwidth 128
********************************************** ]]> http://www.dslreports.com/forum/remark,12714610 Sat, 19 Feb 2005 12:56:57 EDT Re: [Config] QoS+VoIP on a Cisco - queuing http://www.dslreports.com/forum/remark,12498959 hlygrail : God Bless You!!

I was getting ready to post a question looking for a way to assign priority queueing to my 1720, having tried and failed (now I see why!).

Thank you for doing -- and DOCUMENTING -- the legwork for all to benefit.]]> http://www.dslreports.com/forum/remark,12498959 Wed, 26 Jan 2005 21:34:00 EDT [Config] QoS+VoIP on a Cisco - Add-ons http://www.dslreports.com/forum/remark,12423251 LilYoda : life savers:

The 2 aliases below show you all stats of your upload traffic, and all stats of the queuing (how many packets dropped by the queuing engine, etc...)

alias exec out show policy-map interface Ethernet0 *
 | exclude 0/0               0/0              0/0
alias exec in show policy-map interface Ethernet1
 
(*) WARNING 1 long line(s) split

now from the console just type "out" or "in" to get your stats. If there is a lazy way to do things, it is my duty to find it :D

EDIT watch out for the line break in the exemple above, the "alias exec out" line ends after the last "0/0" and there is no "*" in the final line. It should be
"alias exec out show policy-map interface Ethernet0 | exclude 0/0 0/0 0/0"
]]> http://www.dslreports.com/forum/remark,12423251 Tue, 18 Jan 2005 23:34:57 EDT Re: [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12422093 vonsen : I thank you. My cisco thanks you.

--
Email these Lingo executives about the misrepresented 18% hike: psingh@primustel.com,nhazard@primustel.com,tkloster@primustel.com,jdepodesta@primustel.com,t book@primustel.com,smcintyre@primustel.com,anayar@primustel.com,tlawson@primustel.com,mguirg is@primustel.com,jmelick@primustel.com,jrosenblatt@primustel.com,ghicks@primustel.com,mmagil l@primustel.com]]> http://www.dslreports.com/forum/remark,12422093 Tue, 18 Jan 2005 21:32:17 EDT [Config] QoS+VoIP on a Cisco - queuing http://www.dslreports.com/forum/remark,12421846 LilYoda : And here's the beauty, the queuing engine
Took me a while to figure it out

class-map match-any VoIP-Class-Outbound
  match ip precedence 7
class-map match-any Hi-Class-Outbound
  match ip precedence 6
  match ip precedence 5
class-map match-any Med-Class-Outbound
  match ip precedence 4
  match ip precedence 3
class-map match-any Lo-Class-Outbound
  match ip precedence 2
  match ip precedence 1

Queueing for data only. Parameters unsure for the random-detect, although they work fine for me... The current setting make the low class really hammered when there is traffic in the high & medium classes make the exponential-weighting-constant the same as the others if you want them to be more equal.

But in my experience, you have to be really aggressive to slow down eMule and Bittorent traffic.

policy-map Data-Only-Queueing
  class Hi-Class-Outbound
   bandwidth percent 50
   random-detect prec-based
   random-detect exponential-weighting-constant 8
   random-detect precedence 6   20    60    20
   random-detect precedence 5   6     15    6
  class Med-Class-Outbound
   bandwidth percent 25
   random-detect prec-based
   random-detect exponential-weighting-constant 8
   random-detect precedence 4   15    30    15
   random-detect precedence 3   1     15    3
  class Lo-Class-Outbound
   bandwidth percent 25
   random-detect prec-based
   random-detect exponential-weighting-constant 3
   random-detect precedence 2   15    30    15
   random-detect precedence 1   1     15    3

Class for all traffic.
Uses LLQ with 72Kbps assigned to the Voice class, and 171Kbps assigned to data, using the queuing defined above

policy-map Packet-Queueing
  class VoIP-Class-Outbound
    priority 72
  class class-default
   shape average 171000
   bandwidth 171
   service-policy Data-Only-Queueing

Apply policy to your outbound interface (replace ethernet0 by your outside interface)
max-reserved-bandwidth 95 leaves 14Kbps (in my case) for anything that wasn't foreseen (routing updates, uncolored traffic, etc...)

interface Ethernet0
 bandwidth 256
 max-reserved-bandwidth 95
 service-policy output Packet-Queueing
 tx-ring-limit 2
 tx-queue-limit 2

EDIT: made a simpler version using precedence instead of DSCP
]]> http://www.dslreports.com/forum/remark,12421846 Tue, 18 Jan 2005 21:08:21 EDT [Config] QoS+VoIP on a Cisco - local marking http://www.dslreports.com/forum/remark,12421812 LilYoda : Why is that? Well, because when you telnet to your router from the internet (bad bad you, this isn't secure you know? :p ) your packets aren't going inbound on Ethernet1, so they aren't colored, so the queueing engine won't know what to do with those...

route-map Local-Tagging permit 20
 description --- Telnet traffic goes in High Class
 match ip address Telnet-Traffic
 set ip precedence 6
!
route-map Local-Tagging permit 40
 description --- The rest goes in Medium class
 set ip precedence 4
!
ip local policy route-map Local-Tagging

EDIT: made a simpler version using precedence instead of DSCP
]]> http://www.dslreports.com/forum/remark,12421812 Tue, 18 Jan 2005 21:03:35 EDT [Config] QoS+VoIP on a Cisco - coloring http://www.dslreports.com/forum/remark,12421750 LilYoda : OK, let's get into the funny stuff...

I like to have 4 types of traffic
The VoIP traffic, the high importance data, the medium importance data, and the low importance one (aka the cr@p)

All the below are exemples, you need to either write your access-lists to match what goes where, or use the NBAR service, which I haven't tested yet.

! mandatory (I think)
ip cef

Matching traffics that will go in the VoIP class

ip access-list extended Lingo-ATA
 remark --- traffic from Lingo's ATA box
 permit ip host 192.168.254.11 any
ip access-list extended Skype
 remark --- Skype traffic
 permit udp any eq 44330 any
ip access-list extended TS-server
 remark --- TeamSpeak Server traffic
 permit udp host 192.168.254.1 eq 8767 any

Matching traffics that will go in the High class

ip access-list extended Outbound-DNS
 remark --- outbound DNS queries
 permit udp 192.168.254.0 0.0.0.255 any eq domain
ip access-list extended Telnet-Traffic
 remark --- any telnet traffic
 permit tcp any any eq telnet
 permit tcp any eq telnet any
ip access-list extended WWW-and-SSL
 remark --- make sure you deny eMule traffic
 deny   udp any eq 4672 any
 deny   tcp any eq 4662 any
 remark --- make sure you deny BitTorrent traffic
 deny   tcp any range 6881 6889 any
 deny   udp any range 6881 6889 any
 remark --- make sure you deny any other P2P app traffic
 deny   udp any range XXXX XXXX any
 remark --- permit http and https traffic
 permit tcp any any eq www
 permit tcp any any eq 443

Matching traffics that will go in the Medium class

ip access-list extended ICMP
 remark --- ICMP from LAN
 permit icmp 192.168.254.0 0.0.0.255 any
ip access-list extended FTP
 remark --- FTP traffic from LAN to FTP servers
 permit tcp 192.168.254.0 0.0.0.255 any eq ftp
 permit tcp 192.168.254.0 0.0.0.255 any eq ftp-data

Matching traffics that will go in the Low class

ip access-list extended eMule
 remark --- eMule default ports
 permit udp any eq 4672 any
 permit tcp any eq 4662 any
 permit udp any any eq 4672
 permit tcp any any eq 4662
ip access-list extended BitTorrent
 remark --- BitTorrent default ports
 permit tcp any range 6881 6889 any
 permit udp any range 6881 6889 any
 permit tcp any any range 6881 6889
 permit udp any any range 6881 6889
ip access-list extended Squid
 permit tcp host 192.168.254.1 eq 8080 any

Making your Classes
If you want a specific traffic to go in a class, make a new ACL like the ones above, and add a "match" statement in the correct class below

class-map match-any VoIP-Class-Inbound
  match access-group name Lingo-ATA
  match access-group name Skype
  match access-group name TS-server
  ! DSCP value EF is commonly allocated to voice traffic so
  ! in case you have a voice application already coloring the
  ! traffic to EF, you're all set, no need for a new ACL
  match ip dscp ef
class-map match-any Hi-Class-Inbound
  match access-group name Outbound-DNS
  match access-group name Telnet-Traffic
  match access-group name WWW-and-SSL
class-map match-any Med-Class-Inbound
  match access-group name ICMP
  match access-group name FTP
class-map match-any Lo-Class-Inbound
  match access-group name eMule
  match access-group name BitTorrent
  match access-group name Squid

Policy-map coloring the traffic

VoIP class colored as Precedence 7
High class colored as Precedence 6 when below 85000 bps and Precedence 5 when above
Medium class colored as Precedence 4 when below 43000 bps and Precedence 3 when above
Low class colored as Precedence 2 when below 43000 bps and Precedence 1 when above
Rest of traffic colored as Precedence 1

policy-map Packet-Tagging
class VoIP-Class-Inbound
police 72000 9000 9000 conform-action set-prec-trans 7 exceed-action set-prec-trans 7
class Hi-Class-Inbound
police 85000 10000 10000 conform-action set-prec-trans 6 exceed-action set-dscp-tran 5
class Med-Class-Inbound
police 43000 5000 5000 conform-action set-prec-trans 4 exceed-action set-prec-trans 3
class Lo-Class-Inbound
police 43000 5000 5000 conform-action set-prec-trans 2 exceed-action set-prec-trans 1
class class-default
set ip precedence 1

Apply policy to your inbound interface (replace ethernet1 by your inside interface)

interface Ethernet1
 service-policy input Packet-Tagging

EDIT: made a simpler version using Precedence instead of DSCP
]]> http://www.dslreports.com/forum/remark,12421750 Tue, 18 Jan 2005 20:34:26 EDT [Config] QoS+VoIP on a Cisco - Lingo http://www.dslreports.com/forum/remark,12421662 LilYoda : This is in case you have a Lingo ATA on your LAN.
The below assumes you want your ATA to be 192.168.254.11, if that ain't the case, replace by the IP you wanna give it in all posts from here.

ip dhcp pool Lingo-ATA
   ! REPLACE THE IP BELOW IF YOU WANT TO GIVE ANOTHER ADDRESS TO YOUR LINGO ATA
   host 192.168.254.11 255.255.255.0
   ! REPLACE THE MAC BELOW BY YOUR LINGO ATA MAC ADDRESS
   hardware-address 00c3.8c56.ef57

if your outside interface isn't Ethernet0 (Dialer1 in case of a DSL connection, for ex.), replace Ethernet0 by the appropriate interface

ip nat inside source static udp 192.168.254.11 69 interface Ethernet0 69
ip nat inside source static udp 192.168.254.11 5060 interface Ethernet0 5060
ip nat inside source static udp 192.168.254.11 13456 interface Ethernet0 13456

In the line below, after your ISP has given you a public IP address replace the XXX.XXX.XXX.XXX by your public IP
This line isn't mandatory, so try it only if the service isn't reliabe without it.
It is a major pain, as you would have to update this line every time your ISP gives you a new address, so I recommend using this as last resort and for troubleshooting ONLY!

ip nat inside source static 192.168.254.11 XXX.XXX.XXX.XXX no-alias

]]> http://www.dslreports.com/forum/remark,12421662 Tue, 18 Jan 2005 20:25:27 EDT [Config] QoS+VoIP on a Cisco - Charter HSI http://www.dslreports.com/forum/remark,12421552 LilYoda : Just for info, if you have Charter HSI, here's what the connection to it would look like:

! The below assumes you want to make your router 192.168.254.253
! (replace ethernet0 and ethernet1 by your outside and inside interfaces)
!
service dhcp
!
interface Ethernet0
 description --- Connected to broadband
 ip address dhcp
 ip nat outside
 arp timeout 300
!
interface Ethernet1
 ip nat inside
!
ip access-list standard Networks_2B_NATed
 permit 192.168.254.0 0.0.0.255
!
ip nat inside source list Networks_2B_NATed interface Ethernet0 overload

In case you want to host servers, here are 2 sample commands for port forwarding (making a service on your LAN available to the Internet)

! Line below is for making the TeamSpeak server (192.168.254.1)
! reachable from the outside world (this is an exemple of port forwarding)
ip nat inside source static udp 192.168.254.1 8767 interface Ethernet0 8767
!
! Line below is for making the Squid proxy (192.168.254.1)
! reachable from the outside world (this is an exemple of port forwarding)
ip nat inside source static tcp 192.168.254.1 8080 interface Ethernet0 8080

]]> http://www.dslreports.com/forum/remark,12421552 Tue, 18 Jan 2005 20:14:40 EDT [Config] QoS+VoIP on a Cisco - LAN & DHCP http://www.dslreports.com/forum/remark,12421529 LilYoda : Starting here, all the below relies on a LAN segment of 192.168.254.0/24 (mask of 255.255.255.0)

The below config assumes that 192.168.254.1 is your DNS, NTP server and WINS server. This is my case, cause I have setup those features on my linux server. If you use another DNS/NTP/WINS, change the corresponding options below. If you don't have a WINS or NTP server, remove the lines related to it
If you don't have a private DNS server, replace the "dns-server 192.168.254.1" with the IP address of your ISP's DNS

DHCP addresses will be given in the 192.168.254.128 -> 192.168.254.192 range

!
service dhcp
!
ip domain-name XXX.com
ip name-server 192.168.254.1
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.254.1 192.168.254.128
ip dhcp excluded-address 192.168.254.192 192.168.254.254
!
ip dhcp pool Local-LAN
   network 192.168.254.0 255.255.255.0
   default-router 192.168.254.253
   domain-name XXX.com
   netbios-node-type h-node
   ! DNS server
   dns-server 192.168.254.1
   ! WINS server
   netbios-name-server 192.168.254.1
   ! NTP server
   option 42 ip 192.168.254.1
!
interface Ethernet1
 description --- Internal LAN
 ip address 192.168.254.253 255.255.255.0
 no ip redirects
 fair-queue
!
! Sync the router clock using the NTP server IP
ntp server 192.168.254.1

]]> http://www.dslreports.com/forum/remark,12421529 Tue, 18 Jan 2005 20:12:15 EDT [Config] QoS+VoIP on a Cisco - base http://www.dslreports.com/forum/remark,12421482 LilYoda : Here is the basic

Out of the below, you may want to adjust the timezone seetings, and remove the config for the aux port if your router doesn't have one...

service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
! Come on, let your imagination go wild and name your router !
hostname XXXXXXXX
!
logging buffered 16000 debugging
no logging console
!
! the enable password is not used, but must
! be different from the enable secret
enable secret XXXXXXXX
enable password XXXXXXXX
!
! Modify the 2 following lines to match your timezone, or remove if you
! want the router to display GMT time
clock timezone EST -5
clock summer-time EDT recurring 1 Sun Apr 3:00 last Sun Oct 3:00
!
ip subnet-zero
no ip source-route
no cdp run
no ip bootp server
no ip http server
no ip finger
ip classless
!
! You can change the below to your own badass disclaimer/banner
!
banner motd #
 
NOTICE:  This is a private network device.  All activities on this system
         are monitored and recorded.
         Actual or attempted use, access, examination, or configuration
         change by an unauthorized person will result in criminal and 
         civil prosecution to the full extent of the law.
 
Enter password
 
#
!
! Doesn't have to be the same PWD on Console,Aux and VTY ports
!
line con 0
 password XXXXXXXX
 login
 transport output none
line aux 0
 password XXXXXXXX
 login
 transport input none
 transport output none
line vty 0 4
 password XXXXXXXX
 login
 transport input telnet
 transport output none

]]> http://www.dslreports.com/forum/remark,12421482 Tue, 18 Jan 2005 20:08:39 EDT [Config] QoS+VoIP on a Cisco - sample config http://www.dslreports.com/forum/remark,12421459 LilYoda : Well, took me a while, so I figured I'd post my config, if it can help out others

I will break it down in 7 sections
1) base: what I think every router should have
2) LAN & DHCP: the Local LAN config and DHCP server
3) cable: the specific part of connection I used to connect to Charter High Speed Internet service
4) marking: the coloring of inbound packets
5) local marking: the coloring of locally generated packets
6) lingo specific: cause I have lingo, and it was a b*tch to setup, so here it it
7) queueing: the fun in the post, how to make QoS work

more detail in each section, feel free to comment, and I'll try to keep the post updated if you find obvious errors]]> http://www.dslreports.com/forum/remark,12421459 Tue, 18 Jan 2005 20:06:38 EDT