Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help with Router Configurations

We recently upgraded our bandwidth from 30Mbps to 100Mbps from our ISP. Ever since then we have been having problems with bandwidth to our two branch sites. I had to struggle to get everything connecting at 100 Full Duplex, forcing some to take. We primarily struggle with upload speeds. I am new to this position and have inherited the configuration on the routers. We have two branch offices and a main branch which is configured in a standard hub and spoke topology. Branch 1 and 2 connect to the main branch and then out. I see that there was a policy-map put in place and the computers referenced in the policy seem to be having the most problem as those are our primary working computers that access an SQL database. As the day goes on the problems worsen. Can anyone suggest a configuration for the routers? I have worked with Cisco in the past but would consider myself somewhat of a newbie. I have uploaded the configurations of each router.



Community Member

What happens when you set the

Is it possible for you to remove the policy maps from the interfaces and re-test?

Community Member

I'm not quite sure how to

I'm not quite sure how to remove them. Could you guide me? I'm thinking that it would be

no service-policy qos

for each interface. Does that sound correct?



Community Member

Use no service-policy output

Use no service-policy output <name> under the interface configuration.

Community Member

Hi again. I've just checked

Hi again. I've just checked your attachments a little more closely. A lot of your interfaces are experiencing input errors. Specifically CCPL-NEWPORT fa0/0 interface:

2546727 input errors, 155903 CRC

Is it possible to see the output of a show interface of the switch trunk port? It looks like you may have a layer 1 problem.

Branch2 also has a number of input errors although not quite as extreme:

578 input errors, 0 CRC
Community Member

Hey petenixon,I was able to

Hey petenixon,

I was able to remove the service-policy from each of the interfaces and still the same problem. The switches are actually unmanaged so I cannot get any info on the switch trunk port. I just think that it's a duplex issue. The reason I say that is I should be able to set the router interfaces to auto negotiate and I would expect them to connect at 100 full duplex but they do not. They connect at 100 half duplex so I have to force them 100 full. If it can only negotiate a 100 half connection but I force it anyway I would assume I would get errors correct?



Community Member

Is it possible for you to

Is it possible for you to attach the output of a show log from the routers, and an updated show interfaces to use as a comparison?

If it were a duplex mismatch the collisions counter would increment but i'm not seeing that, only input and CRC errors. The interface will also default to 10/100 half if autonegotiation fails and the port is not gig ethernet. That could point to a problem with the unmanaged switches or possibly a cabling issue.


Community Member

Hello,I've uploaded the files


I've uploaded the files you requested. The log files do show where I was toggling between auto and forced full duplex and speed settings and I have cleared the counters on the interfaces since my original post.


Thank you,

Community Member

Can you tell me what kind of

Can you tell me what kind of device connects to Main Branch Fa0/0 interface?

I would like to gain further understanding so I can work out what's causing the errors below (although I think this may be a congested link):

Main Branch#show  interfaces
FastEthernet0/0 is up, line protocol is up
     Description: Main Branch LAN
     rxload 66/255
     11749 input errors, 0 CRC, 0 frame, 0 overrun, 11749 ignored
     5479 unknown protocol drops

Community Member

Hello,"Main Branch LAN" would


"Main Branch LAN" would be connecting to an unmanaged switch (I think a Dell 2324)



Hi,Can you post your topology


Can you post your topology? Do you want to communicate the branches via VPN?


Community Member

I threw together a quick

I threw together a quick topology of the WAN. Let me know if you need more detail.



Community Member

Forgot to add, I don't think

Forgot to add, I don't think it is necessary to communicate to the branches via VPN. 

Hi,I can see on your topology


I can see on your topology that your Branches are comunicated by your ISP and not by Internet, so you don´t need VPN between them, the configuration that you only need is basic routing to reach the SQL databases.

First step is define the Network Segments in each branch, it depends on the quantity of users, I recommend one VLAN for management, one for users, one for voice, one for servers and one for guest, for this you need switches that support VLAN´s, minimum layer 2 VLAN´s.

Second is configure each router with the defined VLAN´s.

The last step is to route the SQL databases Network Segment to branches, for example into branch 1 you have to define one route to SQL, ip route x.x.x.x y.y.y.y.y z.z.z.z

Where x.x.x.x is the SQL segment.

             y.y.y.y is the network mask.

             z.z.z.z is the IP of the 2811 WAN interface that connect to the branch.

When you have your final scheme, you have to configure security, for example access via ssh, access restriccion by acl, line vty timeouts, etc.

Please let me know if you need anything else.


CreatePlease to create content