4 Replies Latest reply on Dec 5, 2014 11:19 AM by levi

    QOS map on VLAN interfaces for ip passthrough and extra routed subnet.

    mkoerber New Member

      Hello all, first post, and semi-new to the configuration game, working an issue right now where I have two connections, a 50 meg Time warner, and a 100 meg verizon circuit. The verizon circuit also has a routed subnet along with it. My config below should have the relevant information to my question, but what I am wondering is the following:

       

      Verizon will come in on eth 0/1, and pass traffic to the routed subnet through sw 0/8.

      Time warner will come into sw 0/1, and hand off the remaining IPs in it's subnet through sw 0/2. For now, this is a firewall using a public IP and PCs behind it.

      The only items behind the other switch ports are unmanaged switches and phones.

       

      With the QoS policy on the wan interfaces, will this be able to apply it to outbound traffic from the firewall, or anything on the routed subnet? If not, is there a way to apply QoS to all of this traffic without 1:1 natting and using secondary IPs on the interfaces?

       

       

      qos map VOIP-OUT 10

        match dscp 46 26

        priority percent 100

      !

      interface eth 0/1

        description Verizon 100 D 100 U

        ip address  1.1.1.2  255.255.255.252

        ip packet-capture 1CAPTURE

        ip access-policy Public2

        media-gateway ip primary

        qos-policy out VOIP-OUT

        no awcp

        no shutdown

      !

      interface switchport 0/1

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 100

        no lldp send-and-receive

      !

      interface switchport 0/2

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 100

        no lldp send-and-receive

      !

      interface switchport 0/3

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 125

        no lldp send-and-receive

      !

      interface switchport 0/4

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 125

        no lldp send-and-receive

      !

      interface switchport 0/5

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 125

        no lldp send-and-receive

      !

      interface switchport 0/6

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 125

        no lldp send-and-receive

      !

      interface switchport 0/7

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 125

        no lldp send-and-receive

      !

      interface switchport 0/8

        no snmp trap link-status

        spanning-tree edgeport

        no shutdown

        switchport access vlan 200

        no lldp send-and-receive

      !

      interface vlan 100

        description Time Warner 50D 5U

        ip address  1.2.3.2  255.255.255.240

        ip packet-capture 1CAPTURE

        ip mtu 1500

        ip access-policy Public

        media-gateway ip primary

        traffic-shape rate 5000000

        max-reserved-bandwidth 95

        qos-policy out VOIP-OUT

        no awcp

        no shutdown

      !

      interface vlan 125

        ip address  192.168.125.1  255.255.255.0

        ip packet-capture 1CAPTURE

        ip access-policy Private

        media-gateway ip primary

        no awcp

        no shutdown

      !

      interface vlan 200

        description Verizon Routed Subnet

        ip address  1.3.4.5  255.255.255.240

        ip packet-capture 1CAPTURE

        media-gateway ip primary

        no awcp

        no shutdown

      !

      ip route 0.0.0.0 0.0.0.0 1.2.3.1 100

      ip route 0.0.0.0 0.0.0.0 1.1.1.1 PING1

        • Re: QOS map on VLAN interfaces for ip passthrough and extra routed subnet.
          levi Employee

          mkoerber:

           

          Thank you for asking this in the support community!

           

          First, let me say that based on AOS Feature Matrix - Product Feature Matrix the bandwidth for this unit (NV3448) appears to be overutilized.

           

          The QoS engine is the last process that is invoked before traffic leaves a routed interface.  Therefore, based on the description above, as long as the firewall is using the ADTRAN unit as the default-gateway, then the packets will be passed through the QoS engine.  If the firewall was not configured to use the ADTRAN as the default-gateway, but instead the ISPs router, then the traffic would simply be Layer 2 switched through the ADTRAN, and thus not be processed by QoS.

           

          I hope that answers your question, but please do not hesitate to reply to this post with any additional information.  I will be happy to help in any way I can.

           

          Levi

          1 of 1 people found this helpful
          • Re: QOS map on VLAN interfaces for ip passthrough and extra routed subnet.
            calvine New Member

            Levi,

             

            I couldn't find the option to branch the discussion, so please excuse the tangent here. When using this configuration, does the "traffic-shape rate 5000000" on vlan 100 affect sw 0/2 in a manner that would effectively limit the firewall's downstream bandwidth from the Internet? I.E. they might have 50Mb downstream from the ISP (sw 0/1 ingress), but would only get 5Mb to the firewall due to traffic shaping on the sw 0/2 egress.

             

             

            Time warner will come into sw 0/1, and hand off the remaining IPs in it's subnet through sw 0/2.

             

            interface switchport 0/1

              no snmp trap link-status

              spanning-tree edgeport

              no shutdown

              switchport access vlan 100

              no lldp send-and-receive

            !

            interface switchport 0/2

              no snmp trap link-status

              spanning-tree edgeport

              no shutdown

              switchport access vlan 100

              no lldp send-and-receive

            !

            interface vlan 100

              description Time Warner 50D 5U

              ip address  1.2.3.2  255.255.255.240

              ip packet-capture 1CAPTURE

              ip mtu 1500

              ip access-policy Public

              media-gateway ip primary

              traffic-shape rate 5000000

              max-reserved-bandwidth 95

              qos-policy out VOIP-OUT

              no awcp

              no shutdown