BTW
Port 1718 This doc says UDP: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note0 9186a00801a62b9.shtml#topic1 This doc says TCP: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/4_2/42plrev2.pdf Maybe it can be either... Greg Jost Network Consulting Engineer Unified Communications Practice Cisco Systems, Inc. 214-274-1922 ________________________________ From: Gregory Jost (grjost) Sent: Thursday, April 17, 2008 12:44 PM To: Gregory Jost (grjost); Justin Steinberg Cc: [email protected] Subject: RE: [OSL | CCIE_Voice] QoS marking based on port Correction!!! Near the bottom... "At any rate, marking on UDP (not TCP) 1719 should take care of this" Greg Jost Network Consulting Engineer Unified Communications Practice Cisco Systems, Inc. 214-274-1922 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gregory Jost (grjost) Sent: Thursday, April 17, 2008 12:18 PM To: Justin Steinberg Cc: [email protected] Subject: Re: [OSL | CCIE_Voice] QoS marking based on port There are various flavors of this. There isn't any partial credit, and no one knows the right answer. Per "sh IP sockets" and "netstat -a": udp any any eq 5060 udp any any eq 1719 udp any any eq 1718 <<<<<<<Router shows udp port tcp any eq 1720 any tcp any range 2000 2002 any udp any eq 2427 any udp any eq 2428 any Per Mark Snow: tcp any range 2000 2002 any tcp any any range 1024 4999 tcp any any range 11000 11999 tcp any any eq 1718 udp any any eq 1719 tcp any any eq 1720 udp any eq 2427 any tcp any eq 2428 any Per IPExpert bootcamp notes last week: Udp any any range 1718 1720 Udp any range 1718 1720 any Tcp any any range 1718 1720 Tcp any range 1718 1720 any Udp any eq 2427 any Tcp any eq 2428 any Tcp any any eq 5060 Tcp any eq 5060 any Udp any any eq 5060 Udp any eq 5060 any Documentation: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/4_2/42plrev2.pdf Discrepancies: 1. 1718 shows udp on router, not tcp HQ#sh ip sockets | include 1718 Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- 224.0.1.41 1718 0 0 1 0 Note: Proto 17=udp, Proto 6=tcp 2. tcp 1024-4999. This is pre-2000.2.7 OS ephemeral. At any rate, marking on TCP 1719 should take care of this 3. tcp 11000-11999 This is dynamic for H.245 (per call I think), so it wouldn't show unless there is an active call. I didn't have this in my notes from the class. I need to verify in lab. Greg Jost Network Consulting Engineer Unified Communications Practice Cisco Systems, Inc. 214-274-1922 ________________________________ From: Justin Steinberg [mailto:[EMAIL PROTECTED] Sent: Thursday, April 17, 2008 10:13 AM To: Gregory Jost (grjost) Cc: [email protected] Subject: Re: [OSL | CCIE_Voice] QoS marking based on port this thread covers it pretty well. http://www.certificationtalk.com:81/showflat.php?Cat//Board/voice4twelve /Number/27122/page/0/view/collapsed/sb/5/o//fpart/1 here is ACL that Mark Snow posted... --snippet-- set port qos 2/42 port-based set qos acl ip POD12_SERVER dscp 26 tcp any range 2000 2002 any set qos acl ip POD12_SERVER dscp 26 tcp any any range 1024 4999 set qos acl ip POD12_SERVER dscp 26 tcp any any range 11000 11999 set qos acl ip POD12_SERVER dscp 26 tcp any any eq 1718 set qos acl ip POD12_SERVER dscp 26 udp any any eq 1719 set qos acl ip POD12_SERVER dscp 26 tcp any any eq 1720 set qos acl ip POD12_SERVER dscp 26 udp any eq 2427 any set qos acl ip POD12_SERVER dscp 26 tcp any eq 2428 any commit qos acl POD12_SERVER set qos acl map POD12_SERVER 2/42 --snippet-- I'll add SIP set qos acl ip POD12_SERVER dscp 26 udp any any eq 5060 set qos acl ip POD12_SERVER dscp 26 tcp any any eq 5060 I've personally verified ports 2000, 1719, 1720, 2427, 2428 from Mark's post in wireshark. I don't know about 1718 - Cisco docs list it as gateway discovery (multicast?) - easy enough to add....although, I'm fairly confident CCM doesn't support this method. Justin On Thu, Apr 17, 2008 at 10:07 AM, Gregory Jost (grjost) <[EMAIL PROTECTED]> wrote: There's a shroud of mystery around protocol port mappings. It's documented one way, taught another, but no one really knows what the proctor is looking for. To me, the definitive answer would be to look at the open ports on servers ("netstat -a" from CMD), and the open ports on the routers ("sh ip sockets"). This will show the exact ports being used by the active devices, including src/dst and udp/tcp (IP 17 and 6 respectively); however, this may not be what the proctor is looking for. For example, if you're using UDP for SIP, there will not be an open TCP port. If the proctor sees that you've only included udp 5060 for SIP, he may deduct points. For something like this, there should be a right way; otherwise, we should be able to just remember the port numbers and use tcp/udp src/dst for all signaling traffic. It doesn't make sense to me that we can be overkill with some, but not with others. Since my lab is next week, I'm going to just memorize it per IPExpert and hope for the best, instead of trying to make sense of it. I think it's worth bringing up to the proctors though. Anyone have any thoughts or suggestions on this? Greg Jost Network Consulting Engineer Unified Communications Practice Cisco Systems, Inc. 214-274-1922
