Sie sind auf Seite 1von 17


Communication Training Center

Marine Corps Communication-Electronics School
Training Command
Box 788251
Twenty-nine Palms, CA. 92278



Lesson 1: Observing Layer 3 Marking Lab

• Study the physical cabling and configuration of your Pod
• Configure port mirroring for Protocol Analyzer Use
• Determine Layer 3 marking using Wireshark

Task 1: Study the physical cabling and the device configuration of your Pod.

a. Your Pod should include two 3750g PoE switches, two 3825 ISR routers, two 7970 IP
Phones, and two computers.

NOTE: All of your Pod devices have been connected and configured prior to your arrival.
The first port of your switch has been connected to your IP Phone. It has been
configured to be on the Voice VLAN, which has been assigned to VLAN 5. The second
port is assigned as an access port belonging to VLAN 10. 1 2 The 24th port has been
configured as a trunk to carry VLANs 5 and 10 up to the router. The switch “trunked” its
traffic up to the router and is plugged into the switching module on the router. SVIs 3 were
assigned for VLANs 5 and 10. A serial cable connected at 38Kbps was used to connect
the two routers. This is not a connection speed you are likely to see, it was intentionally
set low to make your configurations more challenging.

b. For simplicity, static routing was used on both routers. You can verify this by typing
“show ip route”.

c. Call Manager Express (CME) was used for IP Telephony Services on both routers. The
IP Phone that is connected to Router A has the directory number 1000. The IP Phone
that is connected to Router B has the directory number 2000. This can be verified by
looking at the top right hand corner of your Phone.

NOTE: CME is not approved for use in certain tactical situations. It was used for this
course because of the ease of use and reduced gear overhead. Check with your
Telecommunications Systems Officer (0610) before using CME on Marine Corps

1 It is a best practice to assign your voice VLAN to the lowest VLAN of all of the configured VLANs. This is recommended because in the

event of a port failure resulting in a Spanning-Tree reconfiguration, Spanning-Tree will recomputed and reroute traffic starting with the
lowest VLAN first.
Normally, you would plug your computer into the PC port of your IP Phone, and assign the “data” portion of that port to an access
VLAN. We are not doing this for the QoS course because we will be using our computers for packet sniffing.

3 SVIs, or Switched Virtual Interfaces, are logical default gateways and used for inter-VLAN routing. This method of inter-VLAN routing

has displaced the older “Router-on-a-Stick” method you learned in entry-level school.

Task 2: Configure the Switch for Port Mirroring
a. Ensure you are in privileged mode by typing: “enable” then press ENTER.

b. Prompt will change from > to #.

c. Enter Global Configuration Mode by typing: “conf t” then press ENTER

d. (Optional) Set the hostname of the switch with your Pod number. Use all CAPS. It should
be something to aid troubleshooting, like “POD1SWITCH”.

e. From Global Configuration Mode, configure port mirroring. To configure port mirroring, a
source must be set (what will be mirrored) and destination (where it will be mirrored to).
The command to accomplish this task is “monitor session 1 destination interface g 1/0/2”
and “monitor session 1 source interface g 1/0/1”.
f. On the computer connected to your Pod, open WireShark 4, this will allow for packet
capture and for you see packet loss and packet capture.

4 Wireshark is an open-source packet capture program. If you have taken Security+ or any other network security programs, you have heard
this described as a protocol analyzer, or by its less formal description “packet sniffer”.

Task 3: Determine Layer 3 Marking using Wireshark.
a. Open the Wireshark program. Click on the network interface card (NIC) under the
“Capture” header. As depicted in the screenshot below the “Broadcom” gigabit NIC that
is highlighted in grey.

b. When your capture screen is generated, pick up Phone number 1000 and dial Phone
number 2000. After your Phone rings pick up both handsets and leave them off-hook on
your desk. At this point, a large number of UDP packets will be generated, as depicted

c. If you do not see the packets, click on the “+” to the left of “Internet Protocol”. Your
screen should look very similar to the screenshot above.

d. Using the information that you see above, what is the Layer 3 (IP) marking for your voice
packets? (Write your response here) _________________________________________

e. Did you expect this marking? Why or why not?




Lesson 2: Low Latency Queuing (LLQ) Configuration Lab

• Perform network analysis for QoS (given below situation).
• Configure LLQ using realistic bandwidth allocations.
• Determine success of your configuration.

Task 1: Perform network analysis for QoS.

a. Your IP Phone quality has dropped significantly for your platoon (Pod). You only have
the one Phone, and the CODEC you are using is G.729. Be sure to allocate enough
bandwidth to your priority queue to accommodate a single phone call. Your platoon
commander needs 10% of your remaining bandwidth dedicated to MOL (which will
fictionally be port 443). 10% of your remaining bandwidth needs to be allocated
to Marine Corps maintenance information systems (which will fictionally be represented
by the network). You will also need to allocate 5% of your remaining
bandwidth to voice signaling.

Task 2: Configure LLQ using realistic bandwidth allocations.

a. The LLQ combines a priority queue with Class Based Weighted Fair Queuing (CBWFQ).

NOTE: There are detailed examples in the PowerPoint presentation for the chapter, so
for brevity they will not be included here.

b. You will utilize access lists to define traffic for the MOL and Marine Corps maintenance
traffic. The voice signaling and voice payload traffic would normally be marked by the IP
Phone. This was not noticed in the first lab as this was not happening properly. The
router will need to be configured to look for that traffic using NBAR.

NOTE: NBAR has not been taught yet, this is taught in an advanced networking course.
These configurations will be provided for the ACLs and NBAR implementation.

c. Implementing a QoS policy involves creating class maps that define what traffic belongs
to each class, creating a policy map that includes the classes that were created and how
to treat that traffic, and applying the policy map as created (as a service policy) in either
the inbound or outbound direction.

d. To start class maps you must define the ACLs for your MOL and Maintenance traffic.
The configurations are provided in the screenshot below.

e. You have now defined the ACLs for MOL and Maintenance traffic and now the different
classes of traffic must be defined..

f. You have now defined the different traffic classes. Utilizing a policy map the traffic must
be identified from the different classes.

Task 3: Determine success of your configuration.

a. When you have completed your configs and you are ready to test your setup, do not
initially apply your service policy. Start things off with a rudimentary baseline. Call from
1000 to 2000. Start by having your lab partner say something into the Phone. Keep in
mind about how long it takes from when they talk to when you hear their voice. Next put
an MP3 player next to the microPhone of one of the Phones. Does the audio remain
continuous or are there some breaks in the audio?

b. Next check the call statistics on your current call.

1. Start by pushing the “settings” button on your Phone.

2. Next, chose option 6 “status”

3. Lastly, chose option 5 “call statistics”

4. On your “call statistics” page, pay close attention to your dropped packets,
average, max jitter, and Mean Opinion Score (MOS). When you look at these
statistics remember that your goal is to keep packet loss under 1%, jitter under
30ms and latency under 150ms each way. Your MOS 5 value should remain nearly

c. To simulate strain on the network, we are going to send modified pings from your
workstations to the opposite default gateways. This means the workstation with IP
address will ping the gateway and the workstation with IP
address will ping To increase the strain we will open 3
sessions on each workstation. To open a session, navigate to the command prompt.
(Click “Start” button, chose “run” and type in “cmd”) From there, on the workstation
connected to Router A you will type “ping –l 1400 –t”. We used the modifiers
–l (as in Lima) to make our ICMP (ping) packet size larger, and –t to send a continuous
ping. Repeat this process an additional two times and you should be generating enough

5MOS, Mean Opinion Score, is a value from 1-5 to express call quality. A score of 5 would be perfect and a score of 1 would render
communication nearly impossible.

traffic to adequately strain your connection. Without your service policy applied you
should see noticeable degradation in your voice quality. Latency and Jitter will exceed
1000ms and you will be able to hear packet loss.

d. Apply your service policy to your serial interfaces. You should see your quality and
statistics return to the values we observed before.

e. After finishing your configurations you need to verify your QoS policy configuration, and
the implementation.

Lesson 3: Basic NBAR Configuration Lab

• Configure NBAR on your WAN port
• Issue proper show commands to determine interface usage

Task 1: Configure NBAR on your WAN port.

a. Enter global configuration mode by typing in “conf t” (configure terminal). From there,
enter interface configuration mode by typing “int s 0/0/0” (interface serial 0/0/0). Now you
will need to enable NBAR on the port. This can be achieved by typing “ip nbar protocol-
discovery”. Repeat this process again for the other Pod Router.

Task 2: Issue proper show commands to determine interface usage.
a. Determine the protocols running on your WAN port using NBAR. To display your NBAR
interface statistics, type “show ip nbar protocol-discovery” from privilege executive mode. 6

b. The above output was generated by starting a call from 1000 to 2000. Given the output
shown above (or on your router) replicating this scenario, how much bandwidth should be
assigned to the priority queue? ____________________

6 If you want to issue a show command without having to exit all the way back to privilege executive mode, you can prepend “do” in front

of your command. In this case, you could issue the command “do show ip nbar protocol-discovery” from interface configuration mode, or
global configuration mode.

Lesson 4: Advanced NBAR Configuration Lab

• Determine situational requirements
• Create custom PDLMs for NBAR classification
• Implement a QoS (LLQ) configuration using your created PDLM

Task 1: Your forward operating base (FOB) is using VX-900 media gateway devices to merge
your circuit switched (telephone) and packet switched (data) networks. You need to create two
separate NBAR PDLMs to provide QoS classification for your BSPEs 7. One for IBP 8, which uses
UDP port 60000, and one for VTP 9 UDP port 50000.

Task 2: Create a custom PDLM.

a. Enter global configuration mode by typing in “conf t”. Use the command syntax “ip nbar
port-map protocol name [tcp/udp] port number”. An example of this would be “ip nbar
port-map DNS udp 53”. Because we are using a custom (not built in) protocol we will
need to use “custom-01” through “custom-10”. It does not matter which one you use.

Task 3: Implement an LLQ QoS configuration using NBAR for classification. Use reasonable
bandwidth allocations for all categories and utilize your created PDLMs. LLQ configurations
were covered in a previous lab, so this will not be covered in depth here.

7 BSPE, or Best Signaling Protocol Ethernet, is a VX-900 propriety protocol. BSPE uses Ethernet, where BSPS uses a serial cable. A BSPE

will consist of both IBP and VTP.

8 IBP, or Inter Box Protocol, is a VX-900 proprietary signaling protocol to handle the signaling between two VX-900 media gateway devices.
It uses UDP port 60,000.

9 VTP, a propriety frame packing protocol used on the VX-900, should not be confused with VTP, VLAN Trunking Protocol, a Cisco

propriety protocol for carrying VLAN information between switches. VTP uses UDP port 50,000 and carries voice payload.

Lesson 5: Switch AutoQoS Configuration Lab

• Implement AutoQoS on your 3750 switch
• Determine trust boundaries and understand conditional trusts
• Interpret the configurations produced by AutoQoS.

Task 1: Implement AutoQoS on your 3750 switch. QoS, especially for switches, is intricate and
complicated. AutoQoS for switches is a great and simple way to implement QoS without getting
deep into configuration or without being too complicated.

a. For the purposes of this course, we are only going to use two QoS commands. The first
command is to be used on the port of the switch we connect to our IP Phone. The
command “auto qos voip cisco-Phone” is used to set up a QoS profile on the port, and to
allow the switch to accept the markings from your Phone.

b. The next command will be entered on your switch’s trunk port. This command will set up
a QoS profile on your trunk port and accept QoS markings coming from other switches.
This is very important to ensure end-to-end QoS strategies. The command to accomplish
this is “auto qos voip trust”.

c. Be sure you use the “auto qos voip trust” command very carefully. This command will
automatically trust a packet’s marking without verifying the source. The default of the
switch is to be suspicious of your markings. Unless told otherwise, the switch will not
trust any markings. If you added the command to every switch port, all markings would
be trusted and theoretically you could give all of your computer’s traffic the same priority
as the voice traffic.

Task 2: Determine trust boundaries and conditional trusts. A trust boundary is a logical marker
where QoS markings will begin to be trusted. Keep in mind that if you do not properly configure
these trust boundaries, computers will be allowed to tag their traffic as important and implement
AutoQoS on your 3750 switch.

a. The trust boundaries have already been configured for you when you placed the
AutoQoS commands. You can verify the trust boundaries by using the “show mls qos
interface interface type interface number”. It will look like this:

You can see from the above output (for the IP Phone port) that QoS is trusted. In this
case, the type of trust is a Conditional Trust. This means that in order to be trusted on
this interface, it is based on the condition that you are a Cisco IP Phone. In the event a
device other than a Cisco Phone sends traffic on this interface, it will be given the default
QoS value.

b. It is also important to study the trust state of the trunk port. It should look like this:

Studying the two outputs they are nearly identical with the exception that no trust device
is required. Previously, QoS would be trusted if and only if a Cisco IP Phone was
detected. In this case, it is not necessary to detect anything, whatever is passed will be

Task 3: Interpret the configurations produced by AutoQoS.

a. You can check the configuration on your switch or router at any time by issuing the “show
run” command. While the AutoQoS commands actually configure a great deal more than
what we see on the interface, for the purposes of this course, we will pay attention to
what commands were placed on the respective interfaces.

b. Switch port connected to the IP Phone.

c. The trunk port configurations.

Again, notice the commands are nearly the same with the exception of a lack of a trust

d. Now that we trust the markings on the IP Phone port, we need to open Wireshark and
verify the DSCP values are present now. Repeat the same steps you used in the Lesson
1 Lab Task 3.

Remember from the Lesson 1 Lab the DSCP value was 0 before we configured
AutoQoS. You see that voice has been given a DSCP value of EF (Expedited