RE: voice acl

From: ashwin kohli (ashwin_kohli1@yahoo.com)
Date: Wed Aug 03 2005 - 09:29:31 GMT-3

• Next message: Schulz, Dave: "RE: frame-relay inverse arp"
• Previous message: Thomwin Chen: "RE: frame-relay inverse arp"
• Maybe in reply to: Rajib Khan: "voice acl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Raj,
 
Your ACLs have two completey different meanings:
 
1. Capture all VOIP traffic in the port ranges you defined. This will capture all VOIP traffic from most of the VOIP manufacturers using standard voice and voice signalling protocols.
 
2. Capture ONLY the VOIP UDP traffic with ToS value of 5. This presumes that the VOIP packets are marked with a CoS of 5. VOIP Signalling traffic is generally marked with CoS of 3 and this ACL will not capture that.
 
I hope that helps. Thanks.
 

eFREMENKO aLEKSEJ <Alexey.Yefremenko@incom.kiev.ua> wrote:
Hi Raj,
If you want capture all voice traffic you should understand that voice use some ports for actually voice traffic transmission and another port range for voice signaling traffic (for establishing and managing voice sessions).

You absolutely right that voice packets transmits via udp (rtp) and uses 16384 32767 port range.

But, port range for voice signaling depends on what actually signaling protocol you are uses. Most wide deployed signaling protocols are H.323, MGCP, SIP. Every of those protocols use different port range.
For example, H.323 uses tcp ports 1719 1720 (and may use another ports depends on implemented configuration); MGCP use tcp 2000 2002.

Also you can capture voice traffic using NBAR technology
!
class-map match-all Voice
match protocol rtp audio
!

---
Alexey
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Rajib Khan
> Sent: Tuesday, August 02, 2005 6:38 PM
> To: ccielab@groupstudy.com
> Subject: voice acl
> 
> Hi Group,
> 
> I help with the voice acces-list
> 
> Would following acl recognize all voice traffic
> 
> access-lis 101 per tcp any any eq 1720
> access-lis 101 udp any any 16384 32767
> or
> 
> access-lis 101 udp any any 16384 32767 precedence 5 -- is this line
> nexessary?
> 
> Thanks
> 
> Raj
> 
> 
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Schulz, Dave: "RE: frame-relay inverse arp"
• Previous message: Thomwin Chen: "RE: frame-relay inverse arp"
• Maybe in reply to: Rajib Khan: "voice acl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3