© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 12 of 70
permit udp any any eq 1214
ip access-list extended SIGNALING
remark SCCP
permit tcp any any range 2000 2002
remark SIP
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended TRANSACTIONAL-DATA
remark HTTPS
permit tcp any any eq 443
remark ORACLE-SQL*NET
permit tcp any any eq 1521
permit udp any any eq 1521
The following is the configuration for creating a class-map for each application service and applying match
statements:
class-map match-any BULK-DATA
match access-group name BULK-DATA
class-map match-any VVLAN-SIGNALING
match ip dscp cs3
class-map match-any MULTIMEDIA-CONFERENCING
match access-group name MULTIMEDIA-CONFERENCING
class-map match-any DEFAULT
match access-group name DEFAULT
class-map match-any SCAVENGER
match access-group name SCAVENGER
class-map match-any SIGNALING
match access-group name SIGNALING
class-map match-any VVLAN-VOIP
match ip dscp ef
class-map match-any TRANSACTIONAL-DATA
match access-group name TRANSACTIONAL-DATA
Ingress Marking and Policing
It is important to limit the bandwidth that each class may use at the access layer in the ingress direction. To
achieve proper policing, accurate DSCP marking on ingress traffic at the access-layer switch is critical. It is best to
use an explicit marking command for all trusted application classes.
There are two methods for ingress marking. These are “table-map” and “set” commands. For marking down,
however, table-map is the only option that can be used.