cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mkoerber
New Contributor

QOS map on VLAN interfaces for ip passthrough and extra routed subnet.

Hello all, first post, and semi-new to the configuration game, working an issue right now where I have two connections, a 50 meg Time warner, and a 100 meg verizon circuit. The verizon circuit also has a routed subnet along with it. My config below should have the relevant information to my question, but what I am wondering is the following:

Verizon will come in on eth 0/1, and pass traffic to the routed subnet through sw 0/8.

Time warner will come into sw 0/1, and hand off the remaining IPs in it's subnet through sw 0/2. For now, this is a firewall using a public IP and PCs behind it.

The only items behind the other switch ports are unmanaged switches and phones.

With the QoS policy on the wan interfaces, will this be able to apply it to outbound traffic from the firewall, or anything on the routed subnet? If not, is there a way to apply QoS to all of this traffic without 1:1 natting and using secondary IPs on the interfaces?

qos map VOIP-OUT 10

  match dscp 46 26

  priority percent 100

!

interface eth 0/1

  description Verizon 100 D 100 U

  ip address  1.1.1.2  255.255.255.252

  ip packet-capture 1CAPTURE

  ip access-policy Public2

  media-gateway ip primary

  qos-policy out VOIP-OUT

  no awcp

  no shutdown

!

interface switchport 0/1

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 100

  no lldp send-and-receive

!

interface switchport 0/2

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 100

  no lldp send-and-receive

!

interface switchport 0/3

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 125

  no lldp send-and-receive

!

interface switchport 0/4

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 125

  no lldp send-and-receive

!

interface switchport 0/5

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 125

  no lldp send-and-receive

!

interface switchport 0/6

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 125

  no lldp send-and-receive

!

interface switchport 0/7

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 125

  no lldp send-and-receive

!

interface switchport 0/8

  no snmp trap link-status

  spanning-tree edgeport

  no shutdown

  switchport access vlan 200

  no lldp send-and-receive

!

interface vlan 100

  description Time Warner 50D 5U

  ip address  1.2.3.2  255.255.255.240

  ip packet-capture 1CAPTURE

  ip mtu 1500

  ip access-policy Public

  media-gateway ip primary

  traffic-shape rate 5000000

  max-reserved-bandwidth 95

  qos-policy out VOIP-OUT

  no awcp

  no shutdown

!

interface vlan 125

  ip address  192.168.125.1  255.255.255.0

  ip packet-capture 1CAPTURE

  ip access-policy Private

  media-gateway ip primary

  no awcp

  no shutdown

!

interface vlan 200

  description Verizon Routed Subnet

  ip address  1.3.4.5  255.255.255.240

  ip packet-capture 1CAPTURE

  media-gateway ip primary

  no awcp

  no shutdown

!

ip route 0.0.0.0 0.0.0.0 1.2.3.1 100

ip route 0.0.0.0 0.0.0.0 1.1.1.1 PING1

Labels (2)
0 Kudos
4 Replies
Anonymous
Not applicable

Re: QOS map on VLAN interfaces for ip passthrough and extra routed subnet.

mkoerber:

Thank you for asking this in the support community!

First, let me say that based on AOS Feature Matrix - Product Feature Matrix the bandwidth for this unit (NV3448) appears to be overutilized.

The QoS engine is the last process that is invoked before traffic leaves a routed interface.  Therefore, based on the description above, as long as the firewall is using the ADTRAN unit as the default-gateway, then the packets will be passed through the QoS engine.  If the firewall was not configured to use the ADTRAN as the default-gateway, but instead the ISPs router, then the traffic would simply be Layer 2 switched through the ADTRAN, and thus not be processed by QoS.

I hope that answers your question, but please do not hesitate to reply to this post with any additional information.  I will be happy to help in any way I can.

Levi

Anonymous
Not applicable

Re: QOS map on VLAN interfaces for ip passthrough and extra routed subnet.

Levi,

I couldn't find the option to branch the discussion, so please excuse the tangent here. When using this configuration, does the "traffic-shape rate 5000000" on vlan 100 affect sw 0/2 in a manner that would effectively limit the firewall's downstream bandwidth from the Internet? I.E. they might have 50Mb downstream from the ISP (sw 0/1 ingress), but would only get 5Mb to the firewall due to traffic shaping on the sw 0/2 egress.


Time warner will come into sw 0/1, and hand off the remaining IPs in it's subnet through sw 0/2.



interface switchport 0/1


  no snmp trap link-status


  spanning-tree edgeport


  no shutdown


  switchport access vlan 100


  no lldp send-and-receive


!


interface switchport 0/2


  no snmp trap link-status


  spanning-tree edgeport


  no shutdown


  switchport access vlan 100


  no lldp send-and-receive


!


interface vlan 100


  description Time Warner 50D 5U


  ip address  1.2.3.2  255.255.255.240


  ip packet-capture 1CAPTURE


  ip mtu 1500


  ip access-policy Public


  media-gateway ip primary


  traffic-shape rate 5000000


  max-reserved-bandwidth 95


  qos-policy out VOIP-OUT


  no awcp


  no shutdown


Re: QOS map on VLAN interfaces for ip passthrough and extra routed subnet.

levi:

   Thanks for this information, from what you said it sounds like the routed subnet would work just fine then. While IP passthrough would be jumping right to the default gateway of the ISP and never hitting the interface. With the routed subnet the gateway for all IPs behind it is the VLAN interface IP.

Anonymous
Not applicable

Re: QOS map on VLAN interfaces for ip passthrough and extra routed subnet.

calvine:

There is a similar post on this topic:  https://supportforums.adtran.com/message/2111#2111

If you have further questions on this topic, please do not hesitate to open a new post, or I can branch this as a new post.

Levi