Cisco 2621XM Qos/Tos settings 1

[imagefree]

Hi,

I need some help. I am the lone IT guy at a small call centre and I am having call quality issues. My attempt to segregate traffic without VLANs has been adequate but not perfect.
I have a T1 and a 6meg ADSL at my disposal, I've been trying to route all web traffic through the ADSL using NAT policies and firewall restrictions.

My current set up is a Cisco 2600 -> Sonicwall 2400 -> linksys router

The sonicwall has two WAN ports one from the cisco and the other from the adsl. The sonicwall doesnt provide vlans so I've been using load balancing round robin, routing most http traffic through the ADSL.
This is not ideal and I suffer from poor quality even dropped calls.

Ive been told that "bandwidth reservation for voice and TOS priority would be ideal."

The question is. How do you configure a Cisco 2600 router to reserve bandwith for udp traffic up to 90% and 10 % for the tcp?

I would appreciate your help and time.

 

[imagefree]

No, with the changes I could only ping through one interface at a time. I could get the internet through the 2621xm via the modem last night when I tested it. However I could not get anything through the T1.

 

[Minue]

Hello
When the 2 links are use at same time the router will use the only one of the default routes,unless you are load balancing.To test if both the links can work together you need to put the interfaces in shut one after the other.Try using an Admistrative distance on the ip route to the T1 to make the ADSL the prefer link.

ip route 0.0.0.0 0.0.0.0 208.138.32.173 100

With this command when you shut the ADSL the T1 should kick in.Can you confirm that the T1 doesn't use NAT to get the clients out to the Internet?It seems strange that your clients can get to the WEB without NAT.
Regards

 

[imagefree]

I tested if both can work at the same time already, that test came up negative (I will try again).

You have seen the configs what other confirmation is possible to confirm that the T1 is using NAT.

How would I execute the load balance and have the T1 handle all Voice traffic?

 

[imagefree]

The T1 serial port is not using NAT, confirmed it with a sho ip int s0/0 output. And yes I can ping through it on LAN pc and router, browse the net as well.

Looky looky

Address determined by non-volatile memory
Peer address is xxx.xxx.xx.xxx
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled <----
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled

 

[Minue]

We need to get the router to pass traffic on both interface but not load balancing.The VOIP traffic will go through the T1 line by policy-based routing.Our problem is to get the T1 to kick-in when the ADSL goes down,so we need to troubleshoot that.Please try to do the steps I posted in the last mail.Also try putting the NAT under the serial interface.Let me know how it goes.

Regards

 

[imagefree]

I got both interfaces working at the same time. I dont know how to set the Administrative distance so that the ADSL is the preferred link. How would I do that?

ip default-gateway xxx.xxx.xxx.xxx

The T1 interface is the default or preferred int if I shut it down the ADSL picks up the scent and I can still ping.

I havent punched in the
ip route 0.0.0.0 0.0.0.0 208.138.32.173 100
since the ADSL is not preferred yet.

And why the NAT on the serial if you dont mind me asking, its working just fine without it?

 

[Minue]

Wooh!!!We making progress.

Punching this ip route "ip route 0.0.0.0 0.0.0.0 208.138.32.173 100" for the T1 with distance 100 should make the ADSL the prefered link.Once we get it working I will post you a script with the PBR that says when it see's UDP or RTP traffic send it to the serial interface.

"And why the NAT on the serial if you dont mind me asking, its working just fine without it?"

No problem in asking we're all here to learn.I just find it so strange that your LAN clients can go to the Internet without NAT.This seem to be breaking the rules or I am missing something.Maybe you the HUB site is Natting for you.After you have apply the floating static router can you please post the scrub conf.

Regards

 

[imagefree]

Findings

Punched it in already didnt work, T1 was still preferred. Even tried ip route 192.168.6.0 255.255.255.0 FastEthernet0/1 90. The T1 is still preferred.

When I enable ip nat outside on the s0/0 it would ping from the router. Wouldnt ping from PC or browse net.

Heres the scrub (important parts)

interface FastEthernet0/0
description LAN to Sonicwall
bandwidth 1544
ip address xxx.xxx.xx.xx 255.255.255.248
ip nat inside
ip virtual-reassembly
service-policy output VOICE
speed auto
full-duplex
!
interface Serial0/0
ip address xxx.xxx.xx.xxx 255.255.255.252
encapsulation ppp
service-module t1 timeslots 1-24
!
interface FastEthernet0/1
description outside WAN
bandwidth 6000
ip address dhcp
ip nat outside
duplex auto
speed auto
pppoe enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 208.138.32.173 100
ip route 192.168.6.0 255.255.255.0 FastEthernet0/1 90
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
!
access-list 1 permit xxx.xxx.xx.0 0.0.0.255

 

[imagefree]

Can you send the PBR config?

I got it working, the ADSL is now preferred.

I removed
192.168.6.0 255.255.255.0 FastEthernet0/1 90

and replaced it with
ip route 0.0.0.0 0.0.0.0 192.168.6.1 90

Copying the routing config the serial interface uses.
Voila

 

[Minue]

Hello
I will start working on it today.In meantime can you please post me the working scrub running-config.

Regards

 

[imagefree]

I could not browse the net with the administrative distance on. However when I took it off I could.
The ADSL is still the preferred interface, tracert goes through the ADSL.

Will the VOICE service policy still work?
Will voice traffic still go through the T1 or do I have to make the T1 interface the default route?


Thanks alot again for your help!

Here's the scrub config:
Current configuration : 1396 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway.gss
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$TKbU$DbvbBGZb4cvjle5S1vYZ4/
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
!
!
ip cef
ip ips po max-events 100
no ftp-server write-enable
!
class-map match-any RTP
match protocol rtp audio
!
policy-map VOICE
class RTP
priority 70
!
interface FastEthernet0/0
description LAN to Sonicwall
bandwidth 1544
ip address 200.100.49.57 255.255.255.248
ip nat inside
ip virtual-reassembly
service-policy output VOICE
speed auto
full-duplex
!
interface Serial0/0
ip address 200.110.2.174 255.255.255.252
encapsulation ppp
service-module t1 timeslots 1-24
!
interface FastEthernet0/1
description outside WAN
bandwidth 6000
ip address dhcp
ip nat outside
duplex auto
speed auto
pppoe enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.6.1
ip route 0.0.0.0 0.0.0.0 200.110.2.173
ip route 192.168.6.0 255.255.255.0 FastEthernet0/1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 200.100.49.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end

 

[Minue]

Hello
It's best to have the ADSL as the primary route.It's strange that the that route wouldn't work with the admistrative distance.We will need to find out why,because there's no guarantee that that ADSl will always be the prefered exit without having a better "AD".
In any case the below route-map should make the VOIP traffic goes through the T1:

route-map ROUTE_VOIP permit 10
match ip address 110
set ip next-hop 200.110.2.174

access-list 110 permit udp any any

interface FastEthernet0/0
ip policy route-map ROUTE_VOIP

Please note the the above conf is just to test if the VOIP traffic will go through the T1.If it works we will then have to make the access-list more specific because UDP is too broad,also build redundancy with the ADSL as the second next-hop in case the T1 goes down.Also change the QOS policy.Still a long way to go ;-)

 

[imagefree]

Hey Minue,
We are already 50 posts into this thing and we have a long way to go? Might have to open a new thread

The ADSL is still primary, the call quality is ok. Not sure where the VOIP is being routed. I tried the commands:

gateway.gss(config)#route-map ROUTE-VOIP permit 10
gateway.gss(config-route-map)#match ip address 110
gateway.gss(config-route-map)#set ip next-hop 200.110.2.174
% Warning: Next hop address is our address
gateway.gss(config-route-map)#exit
gateway.gss(config)#access-list 110 permit udp any any
gateway.gss(config)#int f0/0
gateway.gss(config-if)#ip policy route-map ROUTE-VOIP

When I did I couldnt make any outbound calls. I couldnt troubleshoot anything else. I had a small window.

 

[Minue]

Hello
Certainly the Voice is using the ADSL line.To test this please remove this command "service-policy output VOICE" from the LAN interface and put it on both WAN,then do a "show policy-map interface" command to see where the voice is going.
Replace the next hop with this address 200.110.2.173,if it doesn't work.I will take a deep look at the route-map to see if I made some mistake.
Other trouble shooting steps would be to shut down the 2621XM interface that goes to ADSL modem to see if the T1 will route the Voice correctly.Try this without the route-map.
Regards

 

[imagefree]

Ok Minue,
The next hop should have been .173 not the actual ip address.
Its working. If I shutdown the T1 interface I can't make any VoIP calls. All VoIP calls are being routed through the T1.

Should I remove the VOICE policy map we put in place earlier that preserved 70 of bandwidth to rtp. The f0/0 (link to firewall) is configured as having a bandwidth of 1544. With the ADSL and the T1 going through it should it be 7544?

 

[Minue]

To get redundancy on the Voice.Try the below command:

route-map ROUTE_VOIP permit 10
match ip address 110
set ip next-hop 200.110.2.174 192.168.6.1

You will also have to test the data traffic to see if the ADSL goes down,that it will pass the traffic through the T1.First shut down the 2621XM interface that goes to the modem then verify.After that it's very important that you pull the ADSL cable that goes to the wall jack.
As for the QOS we will have to change the priority bandwith.To do this we have to know the average or if prefer the maximum calls that you have on your network and the voice codec in use.The bandwith command will now be use on both WAN interfaces.Please take the bandwith and "service-policy output VOICE" of the LAN interface.
Finally as mention before concerning the "access-list 110" UDP is too broad,The best way that I have found so far to tighten it,is to use port numbers.Anyway let give the most importantance to the redundancy,I will post anyexample in my next post.
Regards

 

[imagefree]

Ok Minue,

Data traffic is not compromised when the ADSL link is down or unplugged.
I changed the policy map configs; removed it from the LAN interface and placed it on the WAN interfaces. The show policy-map interface cmd now displays both WAN interfaces mapped with a strict queuing priority of 75%.
Bandwidth settings have been removed from f0/0 and placed on both WAN interfaces.
The intention is to have all VoIP calls on the T1. Therefore the maximum calls should be around 40 concurrent calls using g729 a/b

The redundancy settings didnt work. The settings are accepted. Calls route through the T1 when the ADSL is disconnected/down. However calls fail when the T1 is down.

Send on those examples and your ideas about the redundancy.

 

[imagefree]

I had to turn off the setting. The call quality was very poor.
Dont think its siphoning off the VoIP traffic exclusively to the t1.

 

[imagefree]

This seems to be working better. With the service-policy taken off the ADSL interface.

class-map match-any RTP
match protocol rtp audio
!
policy-map VOICE
class RTP
priority percent 75
!
interface FastEthernet0/0
description LAN to Sonicwall
ip address 200.100.49.57 255.255.255.248
ip nat inside
ip virtual-reassembly
ip policy route-map ROUTE_VOIP
speed auto
full-duplex
!
interface Serial0/0
bandwidth 1544
ip address 200.110.2.174 255.255.255.252
service-policy output VOICE
encapsulation ppp
service-module t1 timeslots 1-24
!
interface FastEthernet0/1
description outside WAN
bandwidth 6000
ip address dhcp
ip nat outside
duplex auto
speed auto
pppoe enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.6.1
ip route 0.0.0.0 0.0.0.0 200.110.2.173
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 200.100.49.0 0.0.0.255
access-list 110 permit udp any any
!
route-map ROUTE_VOIP permit 10
match ip address 110
set ip next-hop 200.110.2.173

 

[Minue]

Hello
The redundancy should work when the T1 went down.Try changing the route-map to:

route-map ROUTE_VOIP permit 10
match ip address 110
set interface Serial0/0 FastEthernet0/1

As for the policy-map it's no way that I can see it affecting traffic when it's applied to the Fastethernet0/1.Normally QOS kicks in when the link is overload.So it should be safe the apply the updated policy-map for 40 voip calls.

policy-map VOICE
class RTP
priority bandwith 800

So lets recap ,with the present config voice is working good.The voice is being route through the T1?But we have no redundancy.To verify voice being route through the T1 can you post me a show service-policy interface serial0/0.
To verify what kind of UDP that being routed through PBR.
Please apply the below command:

ip nbar protocol-discovery
interface Serial0/0

Then post me a "show ip nbar protocol-discovery stats bit-rate top-n 10"

Regards