I have a little weird request at work. One of our offices would like to split the VOIP traffic. At that office we have a 10MB primary and 3MB backup circuit. Currently the phones are routing over the 10MB circuit. The General Manager would like to use the 3MB backup circuit for VOIP traffic. For the 3MB we have two T1 lines bundled together in a multilink. Configuration is bellow if needed
3MB Circuit
I am tasked to connect my VoIP phones from remote site to my corp site. Basically all remote phones will be registering into a VoIP server in corp site. I have a site to site vpn tunnel established already from remote site to corp site. My hardware includes the following:
-Cisco ASA 5505
-Cisco small business POE switch SF300 24p
-Avaya 2015p VoIP phones
Successfully Register remote VoIP phones to corporate VoIP server 10.30.18.55.I have already configured vlan1 10.30.15.0/24(inside lan) and vlan2 public int(outside Internet) which my dmz only allows 2 per my basic asa licensing.When I connect my phones and register it states "subnet conflict" unable to register.
I am facing a problem with transmitting of VoIP traffic through VPN.
I have a 1921 router in my end where two ISP's terminate and load balancing is done over the ISP'S. I also have a site-to-site IPSEC VPN connection to remote location. Also I am having to analog phones connected to the network through an ATA. My Call manager is in the peer end and has public IP assigned to it. The IP phones get registered when coonected to general inernet connection.
The loadbalancing and VPN is working fine. Now I need to transmit the VoIP traffic over the VPN. I have configured the same but seems not working. [code]
We are using an ASA 5510 as our gateway to our ISP. All of our VOIP traffic is sent to an Internet SIP provider for our outbound calls. Our pipe to the Internet is 100Mbps metro ethernet. I am trying to find a way to provide QoS for this traffic so that I can reserve 20Mbps of the available 100Mbps pipe for VOIP traffic.From what I've been able to figure out so far I would use a combination of priority queues and traffic policing. However, it seems that this is nearly impossible to accomplish because I cannot control the remote device that my ASA connects to because it is the ISP device. I could police traffic on the inside interface of the ASA. However, lets say that a client on our network starts downloading from an Internet host and the downloaded traffic saturates my Internet connection. I could police this incoming (from the Internet) traffic on my outside interface of the firewall. This would drop the packets but the bandwidth would have already been used by the time it reaches my firewall.Would the fact that I'm policing incoming traffic on my outside interface cause the sender to throttle down their transmit rate because packets are being dropped? Would this achieve my goal of guaranteeing available bandwidth for my VOIP traffic by not allowing other traffic to saturate the link?Most documents I find regarding this topic describe providing QoS for VOIP traffic traversing a VPN connection in which case you could configure both end devices.
View 1 Replies View RelatedI have a SF300 24 P and Iam trying to configure a voice vlan this is what I have done so far and it doesnt work.
1. create vlan 30 for voice traffic and enable it
2. Telephony OUI add my mac address for allworx phones
3. Port to VLAN add 30 has tagged, port to vlan 1 untagged
4. Vlan to port I try to add 30 and get this error (Port e15 is candidate in voice Vlan 30 and cant be configured as static member in the vlan.
5. Under Discovery LLDP, LLDP MED port Setting Enable MED status, then all other options to yes
In my LLDP neighbor information all my phones are there and says under port ID 0 ( my phones support LLDP and CDP)
I have a new VOIP implementation using 2960 switches. I want to prioritize voice traffic. After creating VLAN 2 I did the following:
Per Cisco, I did the following on my up-link ports:
switch port trunk allowed vlan 1,2
switch port mode trunk
switch port nonegotiate
priority-queue out
mls qos trust cos
switchport trunk allowed vlan 1,2
switchport mode trunk
switchport nonegotiate
priority-queue out
mls qos trust cos
spanning-tree port fast trunk
spanning-tree bpduguard enable
On my ports where a VOIP phone was plugged in, I did the following:
switch port trunk allowed v lan 1,2switchport mode trunk switch port no negotiate priority-queue outmls qos trust cos spanning-tree port fast trunk spanning-tree bpduguard enable
How can I verify that my voice traffic is being prioritized?
regarding QOS on Nexus 7000. Our Nexus 7000's form a collapsed distribution/core layer, our access layer switches are are a mixture of Cisco 3750 & Cisco 4507. 3750 switches will connect to Nexus switches via 1Gb uplink, 4507 switches will connect via 10Gb uplinks. Each Nexus will be connected via 20Gb port channel, all servers connect to the Nexus switches via 1Gb links. We're implementing a new telephone system soon which will be using VOIP so I need to configure the switches to perform QOS. The IP phones will mark the RTP traffic with DSCP value EF and call signaling traffic CS3. I'm fine configuring qos on the access layer switches, its just the Nexus switches which I'm not sure about.
Do I actually need to configure any QOS parameters on the Nexus switches so they will prioritise the VOIP traffic. If my understanding the Nexus switches will trust the DSCP values and assign the traffic to the relevent queues?
Just for information VOIP is the only traffic I will be marking QOS values
I have a customer who has a Zyxel USG50 security firewall on their network. They utilize a cloud hosted voip solution called Vocalocity that provides SIP voip service to their Cisco phones. They have about 8 phones in a small office.the problem they are having is that as it stands now, all VOIP phones in the office are dynamically assigned addresses internally. However, the VOIP phones are having a ton of issues that we believe may be related to the firewall blocking traffic somehow or not playing nicely with the service.
- Some calls are dropped altogether
- Some calls do not ring all phones
- Some phones keep ringing even after a call is picked up
While Vocalocity has admitted that they have the "ghost ringing" issue going on with other customers, the dropped calls and not all phones ringing could be firewall related. We are trying to pinpoint what may be going on.i did open up all of the ports that the VOIP provider claims are used by their service, 5060-5090. However, some 5060 packets still seem like they are being blocked in the firewall logs.How does everyone else out there setup their VOIP phones internally to have unfettered access to the internet? Do you recommend just using the DMZ functionality (which I can do on this USG device) or bypassing the firewall altogether somehow? We have some spare switches and another home level Netgear router we can use for testing.
In one of our offices in Tokyo, we used to connect to the internet using a PPPoE connection from an ASA5505 and then ran multiple IP SEC tunnels to our remote sites. We have a /28 public range, but I couldn't work out how to utilize the other addresses, as the firewall was assigned a /32 on it's dialer.
To try to use more of the address space, we changed the topology and put a 1921 router at the internet perimeter terminating the PPPoE and then connected the inside of that to the outside of our ASA5505. We split the /28 into two /29 sub nets. the dialer interface of the router has a /32 from one of the /29s and the link between the inside of the router and the outside of the firewall used the other /29.
Since that change, we have had a number of performance problems to devices located behind the firewall (over VPN). If there's no traffic going over it, then response times to the public facing interfaces of the eqpt there are good. The more traffic we push over it the more packet loss we get. The response times are consistent, it's the packet loss that's the problem. There are no errors or drops on the PPPoE interface.The obvious answer to this is that we're pushing more traffic over it than we should, but it's a 100Mb circuit and I'm having severe packet loss if I try to push about 2 or 3 Mbps through it.
We're pretty certain that it's an ISP problem and can't say for sure that the problem started when we changed the topology out there, but anything to do with the way we've split the subnets out like that?
I have 128KB Dsl connection and two Computer i need to splite them equal. i mean 64KB for each computer, it's very annoying when another computer start downloading or something like that then my computer is totally down.
View 4 Replies View RelatedI have Mediacom cable and internet and I was trying to hook both up in the same room.When I connect it directly from the internet cord to my modem it works fine.But when I connect it using a splitter to hook it up to my modem and tv, only the tv works.So, how would I get this to work??
View 1 Replies View RelatedI'm trying to connect a second desktop to my internet connection. My current setup has my primary desktop using a wireless card and getting internet from the wireless router. Then I bridged the connection from my desktop to my xbox. Everything worked perfectly.
However, I recently got a second desktop(running lubuntu if it matters) and I'm trying to get it connected so that I can use Synergy and share a mouse with it. I found an old router laying around the house and was hoping I could use it to share the bridged connection to my xbox with the second desktop. Like this:
I couldn't get that to work though. The second desktop knew it was connected, but it couldn't connect to the internet. It would also throw off my primary desktop and it would try to connect to the old router.
I also tried to set it up like this:
Using an ethernet plug in the wall that normally just went to the TV and trying to split it there. The TV still worked, but the second desktop didn't.
How I can get this all working. I'd like to do it without having to order a wireless card/usb and just use what I have.
I have a pair of ASA5510 currently running as a failover pair. For some reason we need to move one of the firewall to another site, is there any best practice on splitting up the failover pair then I can re-configure the secondary unit offline?
I'm thinking to power down the secondary unit, unplug it from the network totally then erase the configuration on the secondary unit on console so I can re-configure it. For the primary unit, I will disable the faiolver config by "no failover" on the primary unit. Is that necessarily all thing for splitting up the failover cluster?
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB(code)
I would like to connect to a 1Gb routed uplink, and then impose bandwidth limits (via shaping/policing/whatever) on a per port basis. The ports could either be configured to route, or as switchports on separate VLANS. I'm trying to identify hardware that will let me do this. The set up I have in mind is shown below.
I am wondering if the IP Services Adv software on that switch will allow that functionality?
I have cable internet with 12 Mbit download and 1.25 Mbit upload speed. I'm using Thomson TGW850-4 router and I'm sharing the connection with my brother. Each of us have our own PC, of course.
Problem is, my brother downloads torrents while I play online games which completely screws up with my ping (from 40-80 to 350+) which makes them pretty much unplayable.
Is there a way to split the connection in two so that each of us gets 6 Mbit download and 0.625 Mbit upload at all times so that his torrents don't interfere with my online games?
Trying to split a supplied fixed IP address to multiple wireless devices so that I can piggy back on the internet connection in my office. Cause the IT dept refuse to provide a router.I plank to use a router for the job above.
View 4 Replies View Relatedhow to go about config my bureau connected to HQ and separated by a WAN link of 60mb.
This is my plansplit into halves that is 30 mb for LAN connections, internet and file serving for strictly video streaming, bureaus have routers 2800 conected to HQ HQ has a router 3900
Now I have a 172.16.0.0/16 network with a def. gw. for internet where is a MS Forefront TMG 2010 with BSplitter for traffic shaping. I purchased an 2921, 2,5 GB RAM, security+data license and an EHWIC-D-8ESG.
I made 4 subnets in a test environment with some access-lists, nothing fancy yet. How can I use FF TMG for bandwidth management, where should I put it? For those 4 subnets the def. gw. is, normally, the 2921 router. TMG is splitting traffic by client IP.
I have a desktop with a "black screen", but the computer is running. I need to get files/documents off that computer. How can I get them without being able to see the monitor? I have a netbook, a portable hard drive, and regular ethernet cables, but not a cross over cable.
View 1 Replies View RelatedI was wondering if the EA3500 would support splitting the USB (buying a USB tree) to allow for both a printer and hard drive to connect at the same time?
View 1 Replies View RelatedWe have cisoc 2821 at one of branch and created five sub inetrfaces for different vlans.Output of Show interface shows very frequent increase in the input error count.I have changed the physical cable and switch port on the other side.But still error rate is increasing.When the traffic is less error rate is low but with high traffic it is increasing drastically.My router process is very less(4%) only.What could be possible reason. [code]
View 8 Replies View RelatedWe are looking to implement traffic shaping/policing primarily for P2P traffic. As natively the ASA5550 is only capable of p2p inspection if the traffic is tunneled via port 80 is the AIP-SSM the way forward? We have 2 5550s in active/active failover config. As a side note we are also looking to implement an IDS/IPS system so could this module cover all?Is this module going to provide the desired outcome or is there another module/device out there better suited for this? I would prefer to use the ASA5550s as opposed to implementing another product if only that we can make use of the investment we already made on these devices.
View 1 Replies View RelatedI am testing limit bandwith using my ASA 8.2, i am trying to limit internet access for certains users , i order to save Bandwith for the important things but i can´t get any limitation
My configuration is the following, the acces list is just for my pc in order to test, and the service policy is applied to outside interface (called internet in my case) for incoming traffic
access-list Internet_mpc_1 extended permit ip host 172.16.127.70 any class-map Internet-class-TEST match access-list Internet_mpc_1 policy-map Internet-policy-web class Internet-class-TEST police output 1024000 1500
service-policy Internet-policy-web interface Internet
With show service policy i can´t see any activity on the policy , but if i do a similar configuration for inside interface outgoing traffic i can see packets allowed and dropped
I have an ASA 5520 with the below config
Gi0/0: outside (Internet)
Gi0/1: inside (Internal users)
Gi0/2: DMZ (web servers, ftp, Mail etc..)
I have a SMTP relay deployed on the DMZ for mailing. I have also a mail servers installed in the internal lan,
I want to allow trafic from dmz to reach internal lan, and i want normally also allow stmp relay from dmz to reach Internet.
How can i block trafic from DMZ to reach Internal Lan (instead of smtp) if the to allow trafic from dmz to internet i must put ANY in the policy?
For allowing trafic from DMZ to reach Internet, the policy must be DMZ -----> ANY ----->Services., this policy means DMZ can implicity reach Internal Lan?
We have a Cisco 2811 running ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?
I am trying to come up with the best way to traffic shape traffic with 3750 Me switches. the traffic will be coming from a 6504 Sup-7203b downstream and going out the wan. Core---L3---->6504--intvlan80--trunkport to--->3750Me---g/1/1/1-trunkport to---MetroE network--->int f0/0.80--branch router. The idea is to use the 3750 to traffic shape the traffic going towards the wan/branch to 500 to match the contracted rate and then to use qos on shaped rate. I tried to apply it to g1/1/1 using port based policies but it did not shape the traffic. I changed everything to IP interfaces and it worked. I need to break up the metroe into different vlans so I can bring branch offices in on different vlans.c
View 3 Replies View RelatedI have 4 remote sites that are using a ASA as thir firewall / router. I'm setting up a full mesh VPN between all the sites. One of the sites have a UC500 and the other sites access that UC over the VPN tunnels. I would like to set up some basic QoS for the VOIP traffic
The site that has the UC will have multiple vpn tunnles coming in from the remote sites. How will I do QoS with voice traffic on that site?
I have a Cisco ASA 5540 running 8.2(5). When I dial a phone on the other of the the VPN the first time I get a blank after it rings(i.e when the voice mail get activated if someone picks the phone up), however works the second and consequent times i dial.
A little background. Two sites A and B connected via IPsec Tunnel. No problems in communication except for the VoIP issue. A Phone in on site A(172.17.168.x) and other on site B(192.168.103.x). Site A and Site B is connected via an IPsec tunnel on the Cisco ASA. First call fails. Second call works. Result of a packet trace is also the same. The UDP packet get drops when tried for the first time but subsequent ones pass.
First time
ASA5520# packet-tracer input inside udp 172.17.168.95 10000 192.168.3.103 10000
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
[code].......
How can I do a VoIP Install/Repair?
View 3 Replies View Relatedhaving some issues. My basic VOIP network I can get to work no problem uner Vlan 1. But when I try tomake multiple basic networks to connect and put them in to diffrent Vlans such as Vlan 2, 3, 4 and conect them the phones now say configuering IP.
View 1 Replies View RelatedWe just purchased cisco 2960 for our VoIP needs and we are using polycom phones, and Phone and Computer will use same port. Since Polycom phones are capable working with CDP protocol and we are hoping to get another switch to expand VoIP network. I found easiest way of setting up each port is as following (from the cisco tutorial)
Switch#configure terminal
Switch(config)#mls qos
Switch(config)#interface fastethernet 0/1
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan dot1p
Switch(config-if)#switchport voice vlan 10
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
My first question,when we are using switchport voice vlan dot1p ,I thought we instruct the switch port to use 802.1P priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic.Do I still need to create a Vlan 20 for data and Vlan 10 for voice ?
Secondly,same tutorial adds these commands as well,Do you think for our set up, using those commands are feasible ?
Switch(config-if)#switchport priority extend trust
Switch(config-if)#priority-queue out
Switch(config-if)#spanning-tree portfast
Switch(config-if)#spanning-tree bpduguard enable
Switch(config-if)#exit
Thirdly,when we get another switch and do the same configuration for the second switch, can I use any port on Switch 1 as uplink without doing any configuration ?
my config and all the show's ive run sofar tryign to figure this out, but the policy map isnt matching the traffic for some reason
View 9 Replies View RelatedI have a 887 setup as a EasyVPN server, and a 861 as an EasyVPN remote - network extension mode with split tunnelling.This works fine - I can ping and connect to machines across the tunnel.However if I setup a VOIP handset to connect across the tunnel it registers and calls work, but drop after 30secs....I know this is normally a firewall or nat problem, are easyvpns firewalled or natted?
View 9 Replies View Related