Open as PDF
Enabling Prioritization for Legacy Voice over IP 407
Configuring a VLAN for Voice Clients
MSS requires all clients to be authenticated by RADIUS or the local
database, and to be authorized for a specific VLAN. MSS places the user
in the authorized VLAN.
Configure a VLAN for voice clients
You can use the same VLAN for other clients. However, it is a best
practice to use the VLAN primarily, if not exclusively, for voice traffic.
Disable IGMP snooping in the VLAN. (Disabling this feature is required
To configure a VLAN and a last-resort user for the voice SSID:
WX4400# set vlan 2 name v1 port 3
WX4400# set igmp disable vlan v1
The set vlan and set igmp commands create VLAN v1 and add the
uplink port to it, then disable IGMP snooping in the VLAN.
Configuring an ACL to Prioritize Voice Traffic
MSS does not provide priority forwarding for SVP traffic by default. To
enable prioritization for SVP traffic, you must configure an ACL and map
it to the both the inbound and outbound directions of the VLAN to which
the voice clients are assigned. The ACL must contain an ACE that
matches on IP protocol 119 and marks the IP ToS bits in matching packets
with CoS value 7. When a MAP receives a packet with CoS value 7, the
MAP places the packet in the voice queue for priority forwarding.
If the VLAN will be shared by other clients, you also need to add an ACE
that permits the traffic that is not using IP protocol 119. Otherwise, the
WX drops this traffic. Every ACL has an implicit ACE at the end that
denies all traffic that does not match any of the other ACEs in the ACL.
After you configure the ACE and map it to the VLAN, you must commit
the VLAN to the configuration. The ACL does not take effect until you
map it and commit it.
The following commands configure an ACE to prioritize SVP traffic and
map the ACE to the outbound direction of the voice VLAN:
WX1200# set security acl ip SVP permit cos 7 udp 10.2.4.69
255.255.255.255 gt 0 any gt 0