From: ccie2be (ccie2be@nyc.rr.com)
Date: Sat Aug 20 2005 - 12:35:07 GMT-3
Chris,
Thanks for bearing with us on this topic.
If I need to match voice traffic, do I need to include RTCP as well?
IOW, if I use an acl to match the signaling traffic (tcp port 1720) and use
match ip rtp 16384 16383 to capture the voice payload packets, will I have
achieved the needed results?
TIA, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Saturday, August 20, 2005 10:36 AM
To: Edwards, Andrew M; ccie2be; Group Study
Subject: RE: match protocol rtp audio
Well, presuming we are talking about entries in a class-map, the first
does not exist, match ip rtp 16384 16383 does :) and that does not match
RTCP, as it only matches even numbered ports in the defined range.
Match protocol rtp audio also does not match RTCP
To match odd and even ports to capture RTCP I think you'd have to use
the ACL option.
Chris
-----Original Message-----
From: Edwards, Andrew M [mailto:andrew.m.edwards@boeing.com]
Sent: Friday, August 19, 2005 5:15 PM
To: Chris Lewis (chrlewis); ccie2be; Group Study
Subject: RE: match protocol rtp audio
Chris, et.al.
What tim and I are wondering for NBAR is this:
Match protocol ip rtp 16384 16383
AND
Match protocol rtp audio
We know that the first doesn't match RTCP. What about the second?
Andy
-----Original Message-----
From: Chris Lewis (chrlewis) [mailto:chrlewis@cisco.com]
Sent: Friday, August 19, 2005 10:23 AM
To: ccie2be; Group Study
Subject: RE: match protocol rtp audio
RTP has payload and control packets (referred to as RTCP), H.323 is
completely separate.
RTP for voice uses the range 16384 to 32767
RTP for video uses 49152 to 65535
There is a significant difference between the two methods you describe.
The NBAR RTP Payload Classification feature does not identify RTCP
packets, whereas the ACL will, as it matches on both even and odd
numbered ports within the range. RTCP packets run on odd-numbered ports
while RTP packets run on even-numbered ports.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Thursday, August 18, 2005 7:40 AM
To: Group Study
Subject: match protocol rtp audio
Hi guys,
Can someone confirm this:
access-list 100 permit udp any any range 16384 32767 = match prot rtp
audio
And, match prot rtp audio doesn't include the control H323 signaling
(tcp any any eq 1720).
The Doc-CD is about as clear as mud on this:
<quote>
audio: Specifies matching by audio payload-type values in the range of 0
to 23. These payload-type values are reserved for audio traffic.
<endquote>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
qos_
r/qos_m1g.htm#wp1112916
TIA, Tim
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3