We recently upgraded our bandwidth from 30Mbps to 100Mbps from our ISP. Ever since then we have been having problems with bandwidth to our two branch sites. I had to struggle to get everything connecting at 100 Full Duplex, forcing some to take. We primarily struggle with upload speeds. I am new to this position and have inherited the configuration on the routers. We have two branch offices and a main branch which is configured in a standard hub and spoke topology. Branch 1 and 2 connect to the main branch and then out. I see that there was a policy-map put in place and the computers referenced in the policy seem to be having the most problem as those are our primary working computers that access an SQL database. As the day goes on the problems worsen. Can anyone suggest a configuration for the routers? I have worked with Cisco in the past but would consider myself somewhat of a newbie. I have uploaded the configurations of each router.
I'm not quite sure how to remove them. Could you guide me? I'm thinking that it would be
no service-policy qos
for each interface. Does that sound correct?
Hi again. I've just checked your attachments a little more closely. A lot of your interfaces are experiencing input errors. Specifically CCPL-NEWPORT fa0/0 interface:
2546727 input errors, 155903 CRC
Is it possible to see the output of a show interface of the switch trunk port? It looks like you may have a layer 1 problem.
Branch2 also has a number of input errors although not quite as extreme:
578 input errors, 0 CRC
I was able to remove the service-policy from each of the interfaces and still the same problem. The switches are actually unmanaged so I cannot get any info on the switch trunk port. I just think that it's a duplex issue. The reason I say that is I should be able to set the router interfaces to auto negotiate and I would expect them to connect at 100 full duplex but they do not. They connect at 100 half duplex so I have to force them 100 full. If it can only negotiate a 100 half connection but I force it anyway I would assume I would get errors correct?
Is it possible for you to attach the output of a show log from the routers, and an updated show interfaces to use as a comparison?
If it were a duplex mismatch the collisions counter would increment but i'm not seeing that, only input and CRC errors. The interface will also default to 10/100 half if autonegotiation fails and the port is not gig ethernet. That could point to a problem with the unmanaged switches or possibly a cabling issue.
Can you tell me what kind of device connects to Main Branch Fa0/0 interface?
I would like to gain further understanding so I can work out what's causing the errors below (although I think this may be a congested link):
Main Branch#show interfaces
FastEthernet0/0 is up, line protocol is up
Description: Main Branch LAN
11749 input errors, 0 CRC, 0 frame, 0 overrun, 11749 ignored
5479 unknown protocol drops
I can see on your topology that your Branches are comunicated by your ISP and not by Internet, so you don´t need VPN between them, the configuration that you only need is basic routing to reach the SQL databases.
First step is define the Network Segments in each branch, it depends on the quantity of users, I recommend one VLAN for management, one for users, one for voice, one for servers and one for guest, for this you need switches that support VLAN´s, minimum layer 2 VLAN´s.
Second is configure each router with the defined VLAN´s.
The last step is to route the SQL databases Network Segment to branches, for example into branch 1 you have to define one route to SQL, ip route x.x.x.x y.y.y.y.y z.z.z.z
Where x.x.x.x is the SQL segment.
y.y.y.y is the network mask.
z.z.z.z is the IP of the 2811 WAN interface that connect to the branch.
When you have your final scheme, you have to configure security, for example access via ssh, access restriccion by acl, line vty timeouts, etc.
Please let me know if you need anything else.