Cisco 837 and policy-map for VOIP

I have a Cisco 837 ADSL router for a SOHO and am trying to configure the IOS to give priority to VOIP data.

192.168.1.2 is Cisco 837 192.168.1.4 is VOIP device (Sipura 3000)

Would appreciate if people could review my startup-config and advise if it is appropriate and functional for VOIP priority. The output of a "sh policy-map int Dialer1" appears to me to show that no traffic is being affected by the policy-map at all ???

--- "sh ver" --- System image file is "flash:c837-k9o3sy6-mz.123-8.T.bin" Cisco C837 (MPC857DSL) processor (revision 0x400) with 44237K/4915K bytes of memory. Processor board ID AMB07300SGD (2102556616), with hardware revision 0000 CPU rev number 7

1 Ethernet interface 4 FastEthernet interfaces 1 ATM interface 128K bytes of NVRAM. 12288K bytes of processor board System flash (Read/Write) 2048K bytes of processor board Web flash (Read/Write)

--- "sh ver" ---

--- startup-config --- ! ! No configuration change since last restart ! version 12.3 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname cisco837 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log enable secret 5 xxxxx ! username router password 7 xxxxx clock timezone EST 10 clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00 aaa new-model ! ! aaa session-id common ip subnet-zero ip wccp version 1 ip wccp web-cache ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.9 ! ip dhcp pool POOL-DHCP network 192.168.1.0 255.255.255.0 default-router 192.168.1.2 dns-server 192.168.1.1 xxxxx xxxxx netbios-name-server 192.168.1.1 domain-name xxxxx option 42 ip 192.168.1.1 update arp ! ! ip tcp selective-ack no ip domain lookup ip domain name xxxxx ip host spa-3000 192.168.1.4 ip name-server 192.168.1.1 ip name-server xxxxx ip name-server xxxxx ip cef ip inspect tcp max-incomplete host 50 block-time 2 ip inspect name OUTBOUND cuseeme ip inspect name OUTBOUND esmtp ip inspect name OUTBOUND ftp ip inspect name OUTBOUND h323 ip inspect name OUTBOUND netshow ip inspect name OUTBOUND realaudio ip inspect name OUTBOUND sip ip inspect name OUTBOUND streamworks ip inspect name OUTBOUND sqlnet ip inspect name OUTBOUND tftp ip inspect name OUTBOUND rcmd ip inspect name OUTBOUND vdolive ip inspect name OUTBOUND rtsp ip inspect name OUTBOUND tcp ip inspect name OUTBOUND udp ip inspect name OUTBOUND icmp ip inspect name OUTBOUND fragment maximum 256 timeout 1 ip inspect name INBOUND esmtp ip inspect name INBOUND sip ip ips po max-events 100 no ftp-server write-enable ! ! ! ! class-map match-all VOICE match ip dscp ef class-map match-any CALL-SETUP match ip dscp af31 match ip dscp cs3 class-map match-any INTERNETWORK-CONTROL match ip dscp cs6 ! ! policy-map VOIP class CALL-SETUP bandwidth percent 2 class INTERNETWORK-CONTROL bandwidth percent 5 class VOICE priority 26 class class-default fair-queue random-detect ! ! ! ! ! interface Ethernet0 description --- Internal LAN ip address 192.168.1.2 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive bundle-enable dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 ip address negotiated ip access-group 101 in no ip unreachables ip wccp web-cache redirect out ip nat outside ip inspect INBOUND in ip inspect OUTBOUND out ip virtual-reassembly service-policy output VOIP encapsulation ppp ip tcp header-compression iphc-format dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxx ppp chap password 7 xxxxx ppp pap sent-username xxxxx password 7 xxxxx ip rtp header-compression iphc-format ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip http server ip http access-class 1 ip http secure-server ip nat inside source list 1 interface Dialer1 overload ip nat inside source static udp 192.168.1.4 5060 interface Dialer1 5060 ip nat inside source static udp 192.168.1.4 5061 interface Dialer1 5061 ip nat inside source static tcp 192.168.1.1 20 interface Dialer1 20 ip nat inside source static tcp 192.168.1.1 21 interface Dialer1 21 ip nat inside source static tcp 192.168.1.1 22 interface Dialer1 22 ip nat inside source static tcp 192.168.1.1 25 interface Dialer1 25 ip nat inside source static tcp 192.168.1.1 80 interface Dialer1 80 ip nat inside source static tcp 192.168.1.1 443 interface Dialer1 443 ip nat inside source static tcp 192.168.1.1 5900 interface Dialer1 5900 ip nat inside source static tcp 192.168.1.1 8237 interface Dialer1 8237 ip nat inside source static tcp 192.168.1.10 5901 interface Dialer1 5901 ip nat inside source static tcp 192.168.1.10 6881 interface Dialer1 6881 ip nat inside source static tcp 192.168.1.10 6882 interface Dialer1 6882 ip nat inside source static tcp 192.168.1.10 6883 interface Dialer1 6883 ip nat inside source static tcp 192.168.1.10 6884 interface Dialer1 6884 ip nat inside source static tcp 192.168.1.10 6885 interface Dialer1 6885 ip nat inside source static tcp 192.168.1.10 6886 interface Dialer1 6886 ip nat inside source static tcp 192.168.1.10 6887 interface Dialer1 6887 ip nat inside source static tcp 192.168.1.10 6888 interface Dialer1 6888 ip nat inside source static tcp 192.168.1.10 6889 interface Dialer1 6889 ! ! logging 192.168.1.1 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 23 permit 192.168.1.0 0.0.0.255 access-list 100 permit ip any any access-list 100 permit gre any any access-list 100 permit icmp any any access-list 101 permit gre any any access-list 101 permit udp host 210.15.254.242 eq ntp any eq ntp access-list 101 permit udp host 128.250.36.2 eq ntp any eq ntp access-list 101 permit udp any any range 5060 5061 access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq ftp-data access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq 443 access-list 101 permit tcp any any eq 8237 access-list 101 permit tcp any any range 5900 5901 access-list 101 permit tcp any any range 6881 6889 access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any echo access-list 101 permit icmp any any source-quench access-list 101 permit icmp any any packet-too-big access-list 101 deny ip 10.0.0.0 0.255.255.255 any log access-list 101 deny ip 127.0.0.0 0.255.255.255 any log access-list 101 deny ip 172.16.0.0 0.15.255.255 any log access-list 101 deny ip 192.168.0.0 0.0.255.255 any log access-list 101 deny ip host 255.255.255.255 any log access-list 101 deny ip host 0.0.0.0 any log access-list 101 deny ip any any log dialer-list 1 protocol ip permit snmp-server community cisco837 RO snmp-server enable traps tty ! control-plane ! banner exec  You have accessed a private system. Unauthorised access is prohibited. Session activated on line $(line), $(line-desc). Enter commands at the prompt.  banner incoming  You have accessed a private system. Unauthorised access is prohibited. You have entered $(hostname).$(domain) on line $(line) ($(line-desc)).  banner login  You have accessed a private system. Unauthorised access is prohibited. You have entered $(hostname).$(domain) on line $(line) ($(line-desc)).  ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 23 in exec-timeout 120 0 length 0 transport preferred all transport input ssh transport output all ! scheduler max-task-time 5000 sntp server 210.15.254.242 sntp server 128.250.36.2 end

--- startup-config ---

--- "sh policy-map int Dialer1" --- Dialer1

Service-policy output: VOIP

Class-map: CALL-SETUP (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp af31 0 packets, 0 bytes 5 minute rate 0 bps Match: ip dscp cs3 0 packets, 0 bytes 5 minute rate 0 bps Queueing Output Queue: Conversation 25 Bandwidth 2 (%) Bandwidth 1 (kbps) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0

Class-map: INTERNETWORK-CONTROL (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp cs6 0 packets, 0 bytes 5 minute rate 0 bps Queueing Output Queue: Conversation 26 Bandwidth 5 (%) Bandwidth 2 (kbps) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0

Class-map: VOICE (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp ef Queueing Strict Priority Output Queue: Conversation 24 Bandwidth 26 (kbps) Burst 650 (Bytes) (pkts matched/bytes matched) 0/0 (total drops/bytes drops) 0/0

Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 16 (total queued/total drops/no-buffer drops) 0/0/0 exponential weight: 9

class Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob 0 0/0 0/0 0/0 20

40 1/10 1 0/0 0/0 0/0 22 40 1/10 2 0/0 0/0 0/0 24 40 1/10 3 0/0 0/0 0/0 26 40 1/10 4 0/0 0/0 0/0 28 40 1/10 5 0/0 0/0 0/0 30 40 1/10 6 0/0 0/0 0/0 32 40 1/10 7 0/0 0/0 0/0 34 40 1/10 rsvp 0/0 0/0 0/0 36 40 1/10

--- "sh policy-map int Dialer1" ---

Cheers, Jason