Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

C881 Ethernet router - basic QoS with Dialer0 and GRE o IPSec Tunnel

Hi,

I would like to implement simple QOS between two C881 Ethernet router.

There are a GRE over IPSec Tunnel between both and 2 vlans configured on it (data & voice).

The fa4 is connected to a modem, and a dialer is configured with the PPP account provided by the ISP.

The DSL line is a 30 Megas bits download and 2 Megas bits upload.

This is my config on one side (the other is the same with reversed) WITHOUT QOS CONFIG injected.

This config works fine.

!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname my_site
!
boot-start-marker
boot-end-marker
!
enable secret cisco
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.200.1
ip dhcp excluded-address 192.168.200.240
ip dhcp excluded-address 192.168.200.241
ip dhcp excluded-address 192.168.0.251
!
ip dhcp pool local_network
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8
!
ip dhcp pool Voice
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
!
!
ip cef
no ip domain lookup
ip domain name S1.lan
no ipv6 cef
!
!
vpdn enable
!
vpdn-group 1
!
!
!
username cisco privilege 15 secret cisco

!
!
ip ssh version 2
!
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key S1.key address IP_address_of_remote_site
!
!
crypto ipsec transform-set MYSET esp-des
!
crypto map MYMAP 1 ipsec-isakmp
set peer IP_address_of_remote_site
set transform-set MYSET
match address 100
!
!
!
!
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.252
keepalive 10 2
tunnel source Dialer0
tunnel destination IP_address_of_remote_site
!
interface FastEthernet0
description TOswitch
!
interface FastEthernet1
!
interface FastEthernet2
description ToPABX#1
switchport access vlan 2
!
interface FastEthernet3
description ToPABX#2
switchport access vlan 2
!
interface FastEthernet4
description WAN Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Vlan2
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description ISP
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname mypppaccount
ppp chap password myppppassword
ppp pap sent-username mypppaccount password myppppassword
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map MYMAP
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 150 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.123.0 255.255.255.0 172.16.1.1
ip route 192.168.223.0 255.255.255.0 172.16.1.1
!
access-list 100 permit gre host IP_address_of_my_site host IP_address_of_remote_site
access-list 150 permit ip 192.168.0.0 0.0.0.255 any
access-list 150 permit ip 192.168.200.0 0.0.0.255 any
no cdp run
!
!
!
!
snmp-server community public RO
!
control-plane
!
banner login ^C
########### !!!!!!!!!!!!!!!!!!!!!!!! ###########


     - Unauthorized access is prohibited -

################################################
^C
!
line con 0
logging synchronous
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
login local
transport input telnet ssh
!
scheduler max-task-time 50
end

I would like to make a priority during the congestion.

For testing, I make a call with a sip direct application (SJphone) between the 2 sites and I transfer a lot of Data with a FTP transfert!

I make this conf:

conf t
int dialer0
bandwidth 2000
ip nbar protocol-discovery

sh ip nbar protocol-discovery int dialer 0

                            Input                    Output
                            -----                    ------
   Protocol                 Packet Count             Packet Count
   ------------------------ ------------------------ ------------------------
   http                     40655                    20546
   ftp                      0                        15419
   ipsec                    12923                    0
   rtp                      0                        2112
   skype                    0                        501
   telnet                   0                        104
   gre                      0                        50
   snmp                     0                        50
   isakmp                   21                       0
   dns                      11                       0
   sip                      0                        4

A this point, I can view the voice & data trafic: OK

Now, I inject a QoS config:

conf t
class-map match-any VOIP-SIGNALING
match protocol sip
class-map match-any VOIP-RTP
match protocol rtp audio
match protocol skype
!
!
!
policy-map VOIPQOSout
class VOIP-RTP
    priority percent 20
class VOIP-SIGNALING
    bandwidth percent 5
class class-default
    fair-queue
!
!
!
interface dialer 0
service-policy output VOIPQOSout
!

The problem: When i inject this config, the int dialer0 goes down !

and when it goes up, no packets are classed by the policy (all packets are classed in the "class-default" class ).

Jul  9 13:18:04.318: %DIALER-6-UNBIND: Interface Vi3 unbound from profile Di0
Jul  9 13:18:04.338: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
Jul  9 13:18:05.306: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
Jul  9 13:18:05.330: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

sh policy-map interface dialer 0
Dialer0

  Service-policy output: VOIPQOSout

    Class-map: VOIP-RTP (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol rtp audio
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol skype
        0 packets, 0 bytes
        5 minute rate 0 bps
      Queueing
        Strict Priority
        Output Queue: Conversation 264
        Bandwidth 20 (%)
        Bandwidth 400 (kbps) Burst 10000 (Bytes)
        (pkts matched/bytes matched) 0/0
        (total drops/bytes drops) 0/0

    Class-map: VOIP-SIGNALING (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol sip
        0 packets, 0 bytes
        5 minute rate 0 bps
            Queueing
        Output Queue: Conversation 265
        Bandwidth 5 (%)
        Bandwidth 100 (kbps)Max Threshold 64 (packets)
        (pkts matched/bytes matched) 0/0
        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)
      938 packets, 488252 bytes
      5 minute offered rate 12000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 256
        (total queued/total drops/no-buffer drops) 0/0/0

Can you help me ?

is it a best qos config ?

Maybe the C881 is not compatible ?

a IOS bug ?

Thanks for helps !

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

C881 Ethernet router - basic QoS with Dialer0 and GRE o IPSec Tu

3 REPLIES
New Member

C881 Ethernet router - basic QoS with Dialer0 and GRE o IPSec Tu

No one ?

Hall of Fame Super Bronze

C881 Ethernet router - basic QoS with Dialer0 and GRE o IPSec Tu

New Member

Re: C881 Ethernet router - basic QoS with Dialer0 and GRE o IPSe

Thanks for your help !

I add qos pre-classify under the GRE tunnel and modify my QOS config :

conf t

class-map match-any VOIP-SIGNALING

match protocol sip

match protocol rtcp

match protocol skinny

class-map match-any VOIP-RTP

match protocol rtp audio

match protocol skype

!

policy-map queueing

class VOIP-RTP

priority 512

class VOIP-SIGNALING

priority 128

!

interface dialer0

service-policy output queueing

!

And now it's working !

router#sh policy-map interface

Dialer0

  Service-policy output: queueing

    Class-map: VOIP-RTP (match-any)

      204434 packets, 50289436 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: protocol rtp audio

        204434 packets, 50289436 bytes

        5 minute rate 0 bps

      Match: protocol skype

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Strict Priority

        Output Queue: Conversation 264

        Bandwidth 512 (kbps) Burst 12800 (Bytes)

        (pkts matched/bytes matched) 0/0

        (total drops/bytes drops) 0/0

    Class-map: VOIP-SIGNALING (match-any)

      3137 packets, 1653990 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: protocol sip

        2359 packets, 1520198 bytes

        5 minute rate 0 bps

      Match: protocol rtcp

        778 packets, 133792 bytes

        5 minute rate 0 bps

      Match: protocol skinny

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Strict Priority

        Output Queue: Conversation 264

        Bandwidth 128 (kbps) Burst 3200 (Bytes)

        (pkts matched/bytes matched) 0/0

        (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)

      106176 packets, 23447135 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

Thanks !

Regards!

2792
Views
0
Helpful
3
Replies