14-2. Voice QoS To support proper delivery of voice traffic in a hierarchical switched network, follow several QoS rules of thumb. See the basic network diagram in Figure 14-1. Figure 14-1. QoS Trust Considerations in a Switched Network 
You can use several voice protocols within a network: Voice control protocols Protocols that are used to register and set up calls: - Skinny Client Control Protocol (SCCP), also known as Simple Client Control Protocol - H.323 - Session Initiation Protocol (SIP) - Media Gateway Control Protocol (MGCP) - Megaco or H.248
Real-Time Transport Protocol (RTP) The UDP encapsulation of the actual voice-bearer packets. All voice protocols use RTP as the transport mechanism, after a call has been established.
These voice protocols use the UDP or TCP port numbers shown in Table 14-2. These values can come in handy when you need to classify voice traffic for QoS in a Catalyst switch. Each of the voice-call control protocols should be marked as CoS 3 or DSCP 26 (AF31). The RTP voice-bearer packets should always be marked as CoS 5 or DSCP 46 (EF) to ensure timely delivery. RTP packet marking is usually done at the source, by definition. Table 14-2. Voice Protocol Port NumbersVoice Protocol | Port | Description |
|---|
Skinny | TCP 2000 | Skinny Client Control Protocol (SCCP) | TCP 2001 | Skinny Station Protocol (SSP) | TCP 2002 | Skinny Gateway Protocol (SGP) | H.323 | TCP 1718 TCP 1719 TCP 1720 TCP 11000 to 11999 | Gatekeeper messages Gatekeeper RAS H.225 call control H.245 | SIP | UDP/TCP 5060 | Default server ports; can also be arbitrarily chosen | MGCP | TCP 2427 TCP 2727 | Call agents to gateway Gateway to call agents | Megaco H.248 | UDP/TCP 2944 UDP/TCP 2945 | Text call control messages Binary call control messages | RTP | UDP port negotiated by voice-call signaling protocol | Voice payload transport |
Access Layer Configuration TIP The commands presented are broken out according to the switch platform that is used. The L3 switches have a Layer 3 switching engine, supported by the Catalyst 6000 with Policy Feature Card (PFC) or PFC2. The L2 switches have a Layer 2 switching engine, supported on the Catalyst 4000 and 5000 platforms. The Catalyst 2900XL and 3500XL models are labeled as 3500.
1. | (Optional) Establish a trust boundary at the access layer.
- a. (Optional) Trust QoS from a Cisco IP Phone:
COS L3 | set port qos mod/port vlan-based set port qos mod/port trust trust-cos
| IOS L3 | (interface) mls qos vlan-based (interface) mls qos trust cos
| COS L2 | set port qos mod/port trust trust-cos
| IOS L2 | (interface) mls qos trust cos
| IOS 3500 | (interface) switchport priority default 0 (interface) no switchport priority override (interface) switchport priority extend cos 0
|
A single QoS policy can be applied to all voice traffic from IP Phones on a common voice VLAN. This is only possible on Layer 3 switches. Otherwise, the inbound CoS values can be trusted when IP Phones classify and mark CoS from their own voice and data access ports. The IP Phone is instructed to control QoS trust with the configuration in Step 3.
TIP A Cisco IP Phone marks its SCCP voice control packets with CoS 3, ToS 3, and DSCP 26 (AF31). The RTP voice bearer packets are marked with CoS 5, ToS 5, and DSCP 46 (EF). These are carried over the frames in the voice VLAN (VVID) of the 802.1Q trunk. The IP Phone also marks traffic from its access switch port, if instructed to do so. By default, these frames are carried untagged over the native VLAN of the 802.1Q trunk, and have their ToS and DSCP values set to 0. - b. (Optional) Don't trust QoS from a PC running Cisco SoftPhone:
COS L3 | set port qos mod/ports cos 0 set port qos mod/port trust untrusted
| IOS L3 | (interface) mls qos cos 0 (interface) no mls qos trust
| COS L2 | set port qos mod/ports cos 0 set port qos mod/port trust untrusted
| IOS L2 | (interface) mls qos cos 0 (interface) no mls qos trust
| IOS 3500 | (interface) switchport priority default 0 (interface) switchport priority override
|
Although a SoftPhone PC produces voice control and bearer data packets, other applications running can attempt to mark the CoS in nonvoice packets. Because of this, you should not trust the QoS information coming from the PC. Set these switch ports to an untrusted state and configure Layer 3 switches in your QoS domain to classify and mark the voice control and bearer packets appropriately.
TIP The Cisco SoftPhone application marks its SCCP voice control packets with CoS 0, ToS 0, and DSCP 0 (default). The RTP voice bearer packets are marked with CoS 5, ToS 5, and DSCP 46 (EF). These are carried over the access VLAN untagged because no inherent trunk is used. - c. (Optional) Don't trust QoS from a regular data-only host:
COS L3 | set port qos mod/ports cos 0 set port qos mod/port trust untrusted
| IOS L3 | (interface) mls qos cos 0 (interface) no mls qos trust
| COS L2 | set port qos mod/ports cos 0 set port qos mod/port trust untrusted
| IOS L2 | (interface) mls qos cos 0 (interface) no mls qos trust
| IOS 3500 | (interface) switchport priority default 0 (interface) switchport priority override
|
Frames that are untagged or that do not match any QoS-classifying access control lists (ACLs) will be marked with CoS value 0. This also causes the ingress DSCP values to be mapped to 0 by the CoS-to-DSCP mapping. (See the next step.)
| 2. | (Optional; Layer 3 only) Adjust the ingress QoS-to-DSCP mappings:
COS | set qos cos-dscp-map 0 8 16 26 32 46 48 56 set qos ipprec-dscp-map 0 8 16 26 32 46 48 56
| IOS | [View full width] (global) mls qos map cos-dscp 0 8 16 26 32 46 48 56 (global) mls qos map ip-prec-dscp 0 8 16 26 32 46  48 56
|
You can make minor adjustments to the mappings so that CoS 3 maps to DSCP 26 (AF31) and CoS 5 maps to DSCP 46 (EF). The default values are slightly different and are not the standard values expected for voice traffic.
| 3. | (Optional) Extend QoS trust into the IP Phone.
- a. Set the phone access-port trust:
COS | set port qos mod/ports trust-ext {trusted | untrusted}
| IOS | (interface) switchport priority extend {trust | none}
|
A Cisco IP Phone has its own access layer switch port, where a PC can be connected. This port is untrusted (IOS none) by default, causing the CoS and IP Precedence values for inbound frames to be set to 0. To allow the PC to mark its own packets with IP Precedence values, set the mode to trusted (IOS trust).
- b. Set the default phone access-port CoS value:
COS | set port qos mod/ports cos-ext cos-value
| IOS | (interface) switchport priority extend cos cos-value
|
- When the phone's access port is set to untrusted mode, the CoS value for all inbound data frames is set to cos-value (0 to 7, default 0) by the phone.
| 4. | (Layer 3 only) Trust DSCP information on the uplink ports:
COS | set port qos mod/ports trust trust-dscp
| IOS | (interface) mls qos trust dscp
|
Because the distribution and core layer switches are also within the QoS domain and are properly configured to follow the QoS requirements, you can safely assume that any QoS information coming from them has been examined and adjusted to conform to the QoS policies. As such, this information can be trusted over the uplink ports on an access layer switch.
| 5. | (Optional; Layer 3 only) Apply a QoS policy to the voice traffic.
- a. Define matching traffic with an ACL:
COS | [View full width] set qos acl ip acl-name dscp 26 tcp any any range 2000 2002 set qos acl ip acl-name trust-cos ip any any
| IOS | [View full width] (global) ip access-list extended acl-name (access-list) permit tcp any any range 2000 2002 dscp 26 (access-list) exit
|
In this case, SCCP voice control TCP ports 2000, 2001, and 2002 are matched. These frames are given a DSCP value of 26 (AF31), even if this value was already set. This matching ACL is also necessary so that the CoS trust can be established on switch ports configured with the set port qos trust trust-cos command.
If other voice protocols are used, you can change the ACL to match against the appropriate port numbers.
- b. (Layer 3 IOS only) Define the QoS policy:
COS | N/A | IOS | (global) policy-map policy-name (pmap) class class-name access-group acl-name (pmap-class) trust cos
|
The policy uses a class to match traffic from the ACL. CoS values are then trusted for matching traffic.
- c. Apply the QoS policy to the voice VLAN:
COS | commit qos acl acl-name set qos acl map acl-name voice-vlan
| IOS | (global) interface vlan voice-vlan (interface) service-policy input policy-name
|
You can apply the QoS policy to all ports carrying the voice VLAN. This is an efficient way to use a QoS policy on one specific VLAN within a trunk.
| 6. | Configure voice scheduling on the egress ports.
Catalyst 2900XL and 3500XL switches have fixed scheduling on their egress ports. Voice control frames with CoS 3 are assigned to the lower-priority queue (queue 1), whereas CoS 5 frames go to the higher-priority queue (queue 2). There are no strict-priority queues.
COS L3 | set port qos mod/port port-based set qos map 1p2q2t tx 2 1 cos 3 set qos map 2q2t tx 2 1 cos 3
| IOS L3 | (interface) no mls qos vlan-based (interface) wrr-queue cos-map 2 1 3
| COS L2 | set qos map 1p2q2t tx 2 1 cos 3 set qos map 2q2t tx 2 1 cos 3
| IOS L2 | (interface) wrr-queue cos-map 2 1 3
| IOS 3500 | N/A |
By default, all frames with CoS 5 are sent to the strict-priority queue. Frames with CoS 3 are sent to the lowest-priority queue. The scheduling map makes sure that the voice control frames (CoS 3) are sent to a higher-priority queue, serviced ahead of other traffic.
|
Distribution and Core Layer Configuration 1. | Establish a trust boundary.
- a. (Optional; Layer 3 only) Trust VLAN-based QoS from an L2 access layer switch:
COS L3 | set port qos mod/port vlan-based set port qos mod/port trust trust-cos
| IOS L3 | (interface) mls qos vlan-based (interface) mls qos trust cos
| COS L2 | N/A | IOS L2 | N/A | IOS 3500 | N/A |
A Layer 2 access layer switch can classify and mark traffic based only on Layer 2 CoS values. As well, QoS is applied to the voice VLAN where IP Phone traffic is carried. A distribution or core layer switch can then apply QoS policies directly to the voice VLAN.
- b. (Optional) Trust QoS from another distribution or core switch or a Layer 3 access layer switch:
COS L3 | set port qos mod/port port-based set port qos mod/port trust trust-dscp
| IOS L3 | (interface) no mls qos vlan-based (interface) mls qos trust dscp
| COS L2 | set port qos mod/port trust trust-cos
| IOS L2 | (interface) no mls qos trust cos
| IOS 3500 | N/A |
The QoS information from other switches in a QoS domain can be trusted. This assumes that every switch in the QoS domain has been configured to enforce QoS policies consistently.
QoS is port-based on these connections because every VLAN carried over the link will have its QoS values already examined and modified. A Layer 3 switch can trust the inbound DSCP information, but a Layer 2 switch can trust only the inbound CoS values.
- c. (Optional) Don't trust QoS from sources outside the QoS domain:
COS L3 | set port qos mod/ports cos 0 set port qos mod/port trust untrusted
| IOS L3 | (interface) mls qos cos 0 (interface) no mls qos trust
| COS L2 | set port qos mod/ports cos 0 set port qos mod/port trust untrusted
| IOS L2 | (interface) mls qos cos 0 (interface) no mls qos trust
| IOS 3500 | N/A |
Frames that are untagged receive CoS value 0. This also causes the ingress DSCP values to be mapped to 0 by the CoS-to-DSCP mapping. (See the next step.)
| 2. | (Optional; Layer 3 only) Adjust the ingress QoS-to-DSCP mappings:
COS | set qos cos-dscp-map 0 8 16 26 32 46 48 56 set qos ipprec-dscp-map 0 8 16 26 32 46 48 56
| IOS | [View full width] (global) mls qos map cos-dscp 0 8 16 26 32 46 48 56 (global) mls qos map ip-prec-dscp 0 8 16 26 32 46 48 56
|
You can make minor adjustments to the mappings so that CoS 3 maps to DSCP 26 (AF31) and CoS 5 maps to DSCP 46 (EF). The default values are slightly different and are not the standard values expected for voice traffic.
| 3. | (Optional; Layer 3 only) Apply a QoS policy to the voice traffic.
- a. Define matching traffic with an ACL:
COS | [View full width] set qos acl ip acl-name dscp 26 tcp any any range 2000 2002
| IOS | [View full width] (global) ip access-list extended acl-name (access-list) permit tcp any any range 2000 2002 dscp 26 (access-list) exit
|
In this case, the SCCP voice control TCP ports 2000, 2001, and 2002 are matched. These frames are given a DSCP value of 26 (AF31), even if this value was already set.
If other voice protocols are used, you can change the ACL to match against the appropriate port numbers.
- b. (Layer 3 IOS only) Define the QoS policy:
COS | N/A | IOS | (global) policy-map policy-name (pmap) class class-name access-group acl-name
|
The policy uses a class to match traffic from the ACL.
- c. Apply the QoS policy to the voice VLAN:
COS | commit qos acl acl-name set qos acl map acl-name voice-vlan
| IOS | (global) interface vlan voice-vlan (interface) service-policy input policy-name
|
The QoS policy can be applied to all ports carrying the voice VLAN. This is an efficient way to use a QoS policy on one specific VLAN within a trunk.
| 4. | Configure voice scheduling on the egress ports:
COS L3 | set port qos mod/port port-based set qos map 1p2q2t tx 2 1 cos 3 set qos map 2q2t tx 2 1 cos 3
| IOS L3 | (interface) no mls qos vlan-based (interface) wrr-queue cos-map 2 1 3
| COS L2 | set qos map 1p2q2t tx 2 1 cos 3 set qos map 2q2t tx 2 1 cos 3
| IOS L2 | (interface) wrr-queue cos-map 2 1 3
| IOS 3500 | N/A |
By default, all frames with CoS 5 are sent to the strict-priority queue. Frames with CoS 3 are sent to the lowest-priority queue. The scheduling map makes sure that the voice control frames (CoS 3) are sent to a higher-priority queue, serviced ahead of other traffic.
|
Voice QoS Example See the QoS example in section "13-2: QoS Configuration," which presents a complete voice example, covering a variety of switch platforms in a layered network design. |
