Ethernet Switches & Routers

Reply
New Contributor
Posts: 2
Registered: ‎12-27-2010

QOS via ACL dscp-marking

So I have a softphone that is not able to mark its own traffic with a specific DSCP code due to some issue with it and Windows 7. As a work around I had planned on applying an ACL that would mark the specific type of traffic I wanted sent priority. (FCX48GS POE stack)

access-list 146 remark : ShoreTel VoIP Call Control and CSIS

access-list 146 remark port 5440-5546 = Inter-Switch Call Control
access-list 146 permit udp any any range 5440 5446 dscp-marking 46

access-list 146 remark port 5447-5548 = Client Application Server
access-list 146 permit udp any any range 5447 5448 dscp-marking 46

access-list 146 remark port 2427 = mgcp-gateway - Media Gateway Control Protocol Gateway
access-list 146 permit udp any any eq 2427 dscp-marking 46

access-list 146 remark port 2427 = mgcp-callagent - Media Gateway Control Protocol Call Agent
access-list 146 permit udp any any eq 2727 dscp-marking 46

access-list 146 remark port udp and tcp 111 = Server to Switch Call Control / RPC
access-list 146 permit tcp any any eq 111 dscp-marking 46
access-list 146 permit udp any any eq 111 dscp-marking 46

access-list 146 remark port 5440 = CSIS client server traffic
access-list 146 permit tcp any any eq 5440 dscp-marking 46

access-list 146 remark port udp and tcp 31453 - ShoreTel Contact Center for client server communication
access-list 146 permit tcp any any eq 31453 dscp-marking 46
access-list 146 permit udp any any eq 31453  dscp-marking 46

access-list 146 remark Allow all other traffic without setting dscp marking. Defaults to 0
access-list 146 permit ip any any dscp-marking 0

interface 2/1/31
ip access-group 146 in

Here is my port configuration that I was going use to test this config.

interface ethernet 2/1/31
port-name 2/1/31 "6-081-2"
dual-mode  406
spanning-tree 802-1w admin-edge-port
inline power power-by-class 2
stp-bpdu-guard
trust dscp
sflow forwarding
sflow sample 1000

when I apply the ACL, this is the result.

SSH@FCXA(config-if-e1000-2/1/31)#ip access-group 146 in
Cannot apply an ACL on tagged port 2/1/31 - please apply on VE or PPPve.

Becuase it is tagged with two VLAN's (406 "data" and 506 "voice") How else could I go about prioritizing these specifc protocols?

Occasional Contributor
Posts: 10
Registered: ‎04-03-2012

Re: QOS via ACL dscp-marking

If you are going to mark the packets you can remove "trust dscp".

I have found that if you have a VE, you have to appy the acl to the VE instead of the interface.

Try adding the following to your acl

ip access-list 101 bridged-routed


And add this in the global config

enable acl-per-port-per-vlan ==> Requires a reboot

I have more tips on my website, www.Goatnetworking.com - View forum - General Brocade

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook