Equipment Support > Hardware By Brand > Cisco > [HELP] Cisco 887, QOS issues, and Outher issues.

[HELP] Cisco 887, QOS issues, and Outher issues.

car1#show ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(1)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Fri 22-Jul-11 00:04 by prod_rel_team
 
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
 
car1 uptime is 15 hours, 52 minutes
System returned to ROM by power-on
System restarted at 06:50:02 UTC Thu Jan 5 2012
System image file is "flash:c880data-universalk9-mz.152-1.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
 
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
 
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
 
If you require further assistance please contact us by sending email to
export@cisco.com.
 
Cisco 887 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FTX142980AR
 
4 FastEthernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)
 
License Info:
 
License UDI:
 
-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO887-SEC-K9       ******
 
License Information for 'c880-data'
    License Level: advipservices   Type: Permanent
    Next reboot license Level: advipservices
 
Configuration register is 0x2102
 
car1#show runn
Building configuration...
 
Current configuration : 6042 bytes
!
! Last configuration change at 22:32:51 UTC Thu Jan 5 2012
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname car1
!
boot-start-marker
boot system flash c880data-universalk9-mz.152-1.T.bin
boot-end-marker
!
!
no logging buffered
enable secret 5 *************
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-54818165
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-54818165
 revocation-check none
 rsakeypair TP-self-signed-54818165
!
!
crypto pki certificate chain TP-self-signed-54818165
 certificate self-signed 01
*************
!
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.19
ip dhcp excluded-address 10.0.1.231 10.0.1.254
ip dhcp excluded-address 10.0.2.1 10.0.2.19
ip dhcp excluded-address 10.0.2.231 10.0.2.254
!
ip dhcp pool MainLAN
 network 10.0.1.0 255.255.255.0
 domain-name napshome.local
 dns-server 10.0.1.1 10.0.1.2
 default-router 10.0.1.3
 netbios-name-server 10.0.1.1 10.0.1.2
 lease 31
!
ip dhcp pool GuestWLAN
 network 10.0.2.0 255.255.255.0
 domain-name guestWLAN.napshome.local
 dns-server 10.0.2.1
 default-router 10.0.2.1
 lease 31
!
!
ip domain name napshome.local
ip name-server 10.0.1.1
ip name-server 10.0.1.2
ip name-server 4.2.2.2
ip name-server 4.2.2.3
ip name-server 4.2.2.4
ip name-server 4.2.2.5
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn **********
license boot module c880-data level advipservices
!
!
username ******** privilege 15 password 0 **********
!
!
!
!
!
no ip ftp passive
!
class-map match-any Priorty2
 match access-group name bf3game
class-map match-any Priorty1
 match protocol sip
 match protocol icmp
 match protocol dns
 match protocol rtp audio
!
!
policy-map WANQOS
 class Priorty1
  bandwidth 150
 class Priorty2
  bandwidth 250
  shape average 512000
 class class-default
  fair-queue
!
!
!
!
!
!
!
!
!
!
interface Tunnel0
 description HE IPv6 Tunnel
 no ip address
 ipv6 address 2001:470:7:AFC::2/64
 ipv6 enable
 ipv6 traffic-filter ipv6tunnel-in in
 ipv6 traffic-filter ipv6tunnel-out out
 tunnel source Dialer0
 tunnel mode ipv6ip
 tunnel destination 216.66.22.2
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 0/35
  cbr 766
  tx-ring-limit 2
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 switchport mode trunk
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 switchport access vlan 2
 no ip address
!
interface FastEthernet3
 switchport access vlan 4
 no ip address
!
interface Vlan1
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
 ip address 10.0.1.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ipv6 enable
 ipv6 nd prefix 2001:470:E34D:1::/64
 ipv6 nd advertisement-interval
 ipv6 nd ra interval 4
!
interface Vlan4
 ip address 10.0.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer0
 mtu 1478
 bandwidth 766
 ip address negotiated
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1438
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname *******
 ppp chap password 0 ******
 ppp pap sent-username ****** password 0 ******
 service-policy output WANQOS
!
no ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended bf3game
 permit tcp any any eq 25200
 permit tcp any any eq 25210
 permit udp any any eq 25200
 permit udp any any eq 25210
!
access-list 1 remark INSIDE_IF=Vlan2
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 1 permit 10.0.2.0 0.0.0.255
dialer-list 1 protocol ip permit
ipv6 route ::/0 Tunnel0
!
!
!
!
snmp-server community napshomesnmp RO
snmp-server location Milledgeville GA
snmp-server contact Napsterbater
!
ipv6 access-list ipv6tunnel-in
 permit icmp any any
 evaluate reflectout
 deny ipv6 any any
!
ipv6 access-list ipv6tunnel-out
 permit icmp any any
 permit tcp any any reflect reflectout
 permit udp any any reflect reflectout
 deny ipv6 any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password ztinak
 login local
 transport input all
!
scheduler max-task-time 5000
ntp update-calendar
end
 
car1#
 

Try .... no ip domain-lookup

But wouldn't that still prevent NTP from working once it booted up, unless I use IP's, which defeats the purpose of using the pool..

OK, you will have to adjust the time it takes to resolves DNS entries using the following commands options

ip domain timeout
ip domain retry
ip domain  round-robin
 

reply to Napsterbater
Dumb question, what NTP server hostnames are you planning on using?

As for QOS, what's the output of "show policy-map WANQOS" look like?

Regards

Trying to use

0.us.pool.ntp.org
1.us.pool.ntp.org
2.us.pool.ntp.org
3.us.pool.ntp.org

car1#show policy-map WANQOS
  Policy Map WANQOS
    Class Priorty1
      bandwidth 150 (kbps)
    Class Priorty2
      bandwidth 250 (kbps)
      Average Rate Traffic Shaping
      cir 512000 (bps)
    Class class-default
      fair-queue
 

Well I fixed my QOS issue, turns out on the 887 you have to apply the "service-policy out WANQOS" to the atm0.1 interface not the dialer0 interface, even though on the 877w I had it on the dialer0.

Still haven't solved the NTP issues yet.

reply to Napsterbater

C:\Documents and Settings\>nslookup
 
> 0.us.pool.ntp.org
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Non-authoritative answer:
Name:    0.us.pool.ntp.org
Addresses:  208.87.104.40, 72.26.198.240, 72.18.205.156
 
> 1.us.pool.ntp.org
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Non-authoritative answer:
Name:    1.us.pool.ntp.org
Addresses:  69.164.222.108, 173.203.122.111, 72.18.205.157
 
> 2.us.pool.ntp.org
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Non-authoritative answer:
Name:    2.us.pool.ntp.org
Addresses:  63.240.161.99, 169.229.70.183, 66.228.35.252
 
> 3.us.pool.ntp.org
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Non-authoritative answer:
Name:    3.us.pool.ntp.org
Addresses:  199.4.29.166, 204.9.54.119, 64.16.214.60
 

Problem is IP's change, people take servers offline, people remove their server from the pool thus don't want others using it etc..

And the packets were hitting the counter when it was on the dialer but just didn't have an effect.

Just found a workaround.

event manager applet NTP
 event timer countdown time 90
 action 1.0 cli command "enable"
 action 2.0 cli command "configure terminal"
 action 3.0 cli command "ntp server 0.us.pool.ntp.org source Dialer0 burst iburst"
 action 4.0 cli command "ntp server 1.us.pool.ntp.org source Dialer0 burst iburst"
 action 5.0 cli command "ntp server 2.us.pool.ntp.org source Dialer0 burst iburst"
 action 6.0 cli command "ntp server 3.us.pool.ntp.org source Dialer0 burst iburst"
 action 7.0 cli command "exit"
 action 8.0 cli command "exit"