From: cannonr (cannonr@attbi.com)
Date: Tue Feb 25 2003 - 21:30:56 GMT-3
I wouldn't recommend doing it this way. If you chose to match on ports and
precedence and the precedence is not set correctly, your ACL won't match.
There is no reason to take a chance. If you tagged the traffic yourself
with an ip precedence of 5 on the ingress port with a route map or within
the dial-peer configuration, then your ACL would definitely match on the IP
precedence of 5. In this case, there is no added value of defining ports
.... Just match on precedence. You can match on precedence in your
class-map/policy-map config.
Royce
----- Original Message -----
From: "Umair Hoodbhoy" <umair@cisco.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, February 23, 2003 6:13 PM
Subject: Matching IP Precedence in VoIP ACLs
> Hier,
>
> Searching through the archives of this group and various docs I've
> always come across this ACL for matching VoIP traffic:
>
> access-list 101 permit udp any any range 16384 32767
>
> My question is why don't people use this instead:
>
> access-list 101 permit udp any any range 16384 32767 precedence
> critical
> ?
>
> IP Precedence 5 is 'critical' and my understanding is that VoIP
> appliances like IP Phones transmit IP with that precedence. Is this a
> fair question to ask a proctor or should we know this before walking
> into the exam?
>
> TIA,
>
> -- Umair
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:35 GMT-3