This is my first time at trying to tune VOIP, and I could use a little bit of advice.... I have altered the config of the 2600 series router using suggestions from Cisco's site... The problem is that with class VoIPovFR enabled on s0/0.1 inbound http and Windows Terminal services are unable to connect..... If I remove class VoIPovFR from s0/0.1 then it all works again. Any pointers on how to make this work properly would be appreciated - and any suggestions on improving the VOIP performance would also be appreciated.
Regards,
Andy
------ -Config from offending Router --------------------
! ! Last configuration change at 23:41:06 UTC Mon Feb 7 2005 ! NVRAM config last updated at 22:38:33 UTC Mon Feb 7 2005 ! version 12.3 no service pad service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone no service password-encryption ! hostname nyc_router ! boot-start-marker boot-end-marker ! logging buffered 10000 debugging no logging console enable password sterility ! clock timezone UTC -5 clock summer-time UTC recurring no aaa new-model ip subnet-zero ip cef ! ! ip domain name ourcompany.com ip name-server 205.12.1.1 ip dhcp excluded-address 10.0.0.1 10.0.0.99 ip dhcp excluded-address 10.0.0.200 10.0.0.254 ! ip dhcp pool 100 network 10.0.0.0 255.255.255.0 default-router 10.0.0.1 dns-server 10.0.0.4 205.12.1.1 ! ip audit po max-events 100 ip audit name INFO4U info action alarm ip audit name ATTACK4U attack action alarm vpdn enable ! ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! ! ! class-map match-all voice-signaling match access-group 106 class-map match-any http-hacks match protocol http url "*readme.eml*" match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*default.ida*" match protocol http url "*x.ida*" match protocol http url "*_vti_bin*" match protocol http url "*_mem_bin*" match protocol http mime "*readme.exe*" match protocol http mime "*readme.eml*" match protocol http url "*54321.html*" class-map match-all voice match access-group 105 ! ! policy-map VOIP class voice priority 64 class class-default fair-queue policy-map mark-inbound-http-hacks class http-hacks set ip dscp 1 ! ! ! ! ! ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside duplex auto speed auto priority-group 1 ! interface Serial0/0 description to LOCALISP bandwidth 768 no ip address no ip redirects no ip proxy-arp encapsulation frame-relay IETF no ip mroute-cache service-module t1 timeslots 12-23 frame-relay traffic-shaping frame-relay lmi-type ansi ! interface Serial0/0.1 point-to-point bandwidth 768 ip address 207.19.124.254 255.255.255.252 ip nat outside frame-relay interface-dlci 886 IETF class VoIPovFR ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip nat pool ovrld 207.19.124.254 207.19.124.254 prefix-length 24 ip nat inside source list 7 pool ovrld overload ip nat inside source static tcp 10.0.0.25 25 207.19.124.249 25 extendable ip nat inside source static 10.0.0.250 207.19.124.250 ip nat inside source static tcp 10.0.0.25 22 207.19.124.249 22 extendable ip nat inside source static tcp 10.0.0.25 9090 207.19.124.249 9090 extendable ip nat inside source static tcp 10.0.0.4 80 207.19.124.249 80 extendable ip nat inside source static tcp 10.0.0.4 3389 207.19.124.249 3389 extendable ip nat inside source static tcp 10.0.0.2 110 207.19.124.249 110 extendable no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 207.19.124.253 ! ! ! map-class frame-relay VoIPovFR frame-relay cir 128000 frame-relay bc 1280 frame-relay be 0 frame-relay mincir 64000 service-policy output VOIP frame-relay fragment 1000 access-list 7 permit 10.0.0.0 0.0.0.255 access-list 10 permit 10.0.0.250 access-list 11 permit 10.0.0.4 access-list 12 permit 10.0.0.2 access-list 25 permit 10.0.0.25 access-list 103 permit ip any any dscp cs1 access-list 103 permit ip any any dscp af13 access-list 103 permit ip any any dscp cs1 log access-list 103 permit ip any any dscp af13 log access-list 104 remark - Outbound passthrough for priority-list ping access-list 104 permit icmp any any access-list 105 permit ip any any dscp ef access-list 105 permit udp any any range 16384 32767 access-list 105 permit ip any any precedence critical access-list 106 permit tcp any eq 1720 any access-list 106 permit tcp any any eq 1720 access-list 106 permit tcp any eq 5060 any access-list 106 permit tcp any any eq 5060 access-list 106 permit udp any eq 5060 any access-list 106 permit udp any any eq 5060 priority-list 1 protocol ip high list 10 priority-list 1 protocol ip high udp 5060 priority-list 1 protocol ip high tcp 5298 priority-list 1 protocol ip high udp 5298 priority-list 1 protocol ip high udp 5678 priority-list 1 protocol ip high udp 5363 priority-list 1 protocol ip high list 11 priority-list 1 protocol ip low list 12 priority-list 1 protocol ip high tcp 22 priority-list 1 protocol ip high tcp telnet priority-list 1 protocol ip medium tcp pop3 priority-list 1 protocol ip normal tcp smtp priority-list 1 protocol ip medium tcp domain priority-list 1 protocol ip medium udp domain priority-list 1 protocol ip medium tcp www priority-list 1 protocol ip normal list 25 priority-list 1 protocol ip medium tcp 443 priority-list 1 protocol ip medium list 104 priority-list 1 protocol ip normal tcp ftp priority-list 1 protocol ip high tcp 5060 priority-list 1 protocol ip high udp 4569 priority-list 1 protocol ip high udp 5004 priority-list 1 protocol ip high udp 5036 priority-list 1 protocol ip normal tcp 9090 priority-list 1 default low ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 password sterile login transport preferred none line aux 0 password sterile login transport preferred none line vty 0 4 password sterile login transport preferred none ! ntp clock-period 17179453 ntp server 198.72.72.10 ntp server 131.144.4.9 ! end