LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit |  [Config] QoS+VoIP on a Cisco - sample config
I will break it down in 7 sections
1) base: what I think every router should have
2) LAN & DHCP: the Local LAN config and DHCP server
3) cable: the specific part of connection I used to connect to Charter High Speed Internet service
4) marking: the coloring of inbound packets
5) local marking: the coloring of locally generated packets
6) lingo specific: cause I have lingo, and it was a b*tch to setup, so here it it
7) queueing: the fun in the post, how to make QoS work
more detail in each section, feel free to comment, and I'll try to keep the post updated if you find obvious errors | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
3 edits | [Config] QoS+VoIP on a Cisco - base
Out of the below, you may want to adjust the timezone seetings, and remove the config for the aux port if your router doesn't have one...
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
! Come on, let your imagination go wild and name your router !
hostname XXXXXXXX
!
logging buffered 16000 debugging
no logging console
!
! the enable password is not used, but must
! be different from the enable secret
enable secret XXXXXXXX
enable password XXXXXXXX
!
! Modify the 2 following lines to match your timezone, or remove if you
! want the router to display GMT time
clock timezone EST -5
clock summer-time EDT recurring 1 Sun Apr 3:00 last Sun Oct 3:00
!
ip subnet-zero
no ip source-route
no cdp run
no ip bootp server
no ip http server
no ip finger
ip classless
!
! You can change the below to your own badass disclaimer/banner
!
banner motd #
NOTICE: This is a private network device. All activities on this system
are monitored and recorded.
Actual or attempted use, access, examination, or configuration
change by an unauthorized person will result in criminal and
civil prosecution to the full extent of the law.
Enter password
#
!
! Doesn't have to be the same PWD on Console,Aux and VTY ports
!
line con 0
password XXXXXXXX
login
transport output none
line aux 0
password XXXXXXXX
login
transport input none
transport output none
line vty 0 4
password XXXXXXXX
login
transport input telnet
transport output none | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit | [Config] QoS+VoIP on a Cisco - LAN & DHCP
The below config assumes that 192.168.254.1 is your DNS, NTP server and WINS server. This is my case, cause I have setup those features on my linux server. If you use another DNS/NTP/WINS, change the corresponding options below. If you don't have a WINS or NTP server, remove the lines related to it
If you don't have a private DNS server, replace the "dns-server 192.168.254.1" with the IP address of your ISP's DNS
DHCP addresses will be given in the 192.168.254.128 -> 192.168.254.192 range
!
service dhcp
!
ip domain-name XXX.com
ip name-server 192.168.254.1
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.254.1 192.168.254.128
ip dhcp excluded-address 192.168.254.192 192.168.254.254
!
ip dhcp pool Local-LAN
network 192.168.254.0 255.255.255.0
default-router 192.168.254.253
domain-name XXX.com
netbios-node-type h-node
! DNS server
dns-server 192.168.254.1
! WINS server
netbios-name-server 192.168.254.1
! NTP server
option 42 ip 192.168.254.1
!
interface Ethernet1
description --- Internal LAN
ip address 192.168.254.253 255.255.255.0
no ip redirects
fair-queue
!
! Sync the router clock using the NTP server IP
ntp server 192.168.254.1 | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit | [Config] QoS+VoIP on a Cisco - Charter HSI
! The below assumes you want to make your router 192.168.254.253
! (replace ethernet0 and ethernet1 by your outside and inside interfaces)
!
service dhcp
!
interface Ethernet0
description --- Connected to broadband
ip address dhcp
ip nat outside
arp timeout 300
!
interface Ethernet1
ip nat inside
!
ip access-list standard Networks_2B_NATed
permit 192.168.254.0 0.0.0.255
!
ip nat inside source list Networks_2B_NATed interface Ethernet0 overload
In case you want to host servers, here are 2 sample commands for port forwarding (making a service on your LAN available to the Internet)
! Line below is for making the TeamSpeak server (192.168.254.1)
! reachable from the outside world (this is an exemple of port forwarding)
ip nat inside source static udp 192.168.254.1 8767 interface Ethernet0 8767
!
! Line below is for making the Squid proxy (192.168.254.1)
! reachable from the outside world (this is an exemple of port forwarding)
ip nat inside source static tcp 192.168.254.1 8080 interface Ethernet0 8080 | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit | [Config] QoS+VoIP on a Cisco - Lingo
The below assumes you want your ATA to be 192.168.254.11, if that ain't the case, replace by the IP you wanna give it in all posts from here.
ip dhcp pool Lingo-ATA
! REPLACE THE IP BELOW IF YOU WANT TO GIVE ANOTHER ADDRESS TO YOUR LINGO ATA
host 192.168.254.11 255.255.255.0
! REPLACE THE MAC BELOW BY YOUR LINGO ATA MAC ADDRESS
hardware-address 00c3.8c56.ef57
ip nat inside source static udp 192.168.254.11 69 interface Ethernet0 69
ip nat inside source static udp 192.168.254.11 5060 interface Ethernet0 5060
ip nat inside source static udp 192.168.254.11 13456 interface Ethernet0 13456
This line isn't mandatory, so try it only if the service isn't reliabe without it.
It is a major pain, as you would have to update this line every time your ISP gives you a new address, so I recommend using this as last resort and for troubleshooting ONLY!
ip nat inside source static 192.168.254.11 XXX.XXX.XXX.XXX no-alias | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
4 edits | [Config] QoS+VoIP on a Cisco - coloring
I like to have 4 types of traffic
The VoIP traffic, the high importance data, the medium importance data, and the low importance one (aka the cr@p)
All the below are exemples, you need to either write your access-lists to match what goes where, or use the NBAR service, which I haven't tested yet.
! mandatory (I think)
ip cef
ip access-list extended Lingo-ATA
remark --- traffic from Lingo's ATA box
permit ip host 192.168.254.11 any
ip access-list extended Skype
remark --- Skype traffic
permit udp any eq 44330 any
ip access-list extended TS-server
remark --- TeamSpeak Server traffic
permit udp host 192.168.254.1 eq 8767 any
ip access-list extended Outbound-DNS
remark --- outbound DNS queries
permit udp 192.168.254.0 0.0.0.255 any eq domain
ip access-list extended Telnet-Traffic
remark --- any telnet traffic
permit tcp any any eq telnet
permit tcp any eq telnet any
ip access-list extended WWW-and-SSL
remark --- make sure you deny eMule traffic
deny udp any eq 4672 any
deny tcp any eq 4662 any
remark --- make sure you deny BitTorrent traffic
deny tcp any range 6881 6889 any
deny udp any range 6881 6889 any
remark --- make sure you deny any other P2P app traffic
deny udp any range XXXX XXXX any
remark --- permit http and https traffic
permit tcp any any eq www
permit tcp any any eq 443
ip access-list extended ICMP
remark --- ICMP from LAN
permit icmp 192.168.254.0 0.0.0.255 any
ip access-list extended FTP
remark --- FTP traffic from LAN to FTP servers
permit tcp 192.168.254.0 0.0.0.255 any eq ftp
permit tcp 192.168.254.0 0.0.0.255 any eq ftp-data
ip access-list extended eMule
remark --- eMule default ports
permit udp any eq 4672 any
permit tcp any eq 4662 any
permit udp any any eq 4672
permit tcp any any eq 4662
ip access-list extended BitTorrent
remark --- BitTorrent default ports
permit tcp any range 6881 6889 any
permit udp any range 6881 6889 any
permit tcp any any range 6881 6889
permit udp any any range 6881 6889
ip access-list extended Squid
permit tcp host 192.168.254.1 eq 8080 any
If you want a specific traffic to go in a class, make a new ACL like the ones above, and add a "match" statement in the correct class below
class-map match-any VoIP-Class-Inbound
match access-group name Lingo-ATA
match access-group name Skype
match access-group name TS-server
! DSCP value EF is commonly allocated to voice traffic so
! in case you have a voice application already coloring the
! traffic to EF, you're all set, no need for a new ACL
match ip dscp ef
class-map match-any Hi-Class-Inbound
match access-group name Outbound-DNS
match access-group name Telnet-Traffic
match access-group name WWW-and-SSL
class-map match-any Med-Class-Inbound
match access-group name ICMP
match access-group name FTP
class-map match-any Lo-Class-Inbound
match access-group name eMule
match access-group name BitTorrent
match access-group name Squid
VoIP class colored as Precedence 7
High class colored as Precedence 6 when below 85000 bps and Precedence 5 when above
Medium class colored as Precedence 4 when below 43000 bps and Precedence 3 when above
Low class colored as Precedence 2 when below 43000 bps and Precedence 1 when above
Rest of traffic colored as Precedence 1
policy-map Packet-Tagging
class VoIP-Class-Inbound
police 72000 9000 9000 conform-action set-prec-trans 7 exceed-action set-prec-trans 7
class Hi-Class-Inbound
police 85000 10000 10000 conform-action set-prec-trans 6 exceed-action set-dscp-tran 5
class Med-Class-Inbound
police 43000 5000 5000 conform-action set-prec-trans 4 exceed-action set-prec-trans 3
class Lo-Class-Inbound
police 43000 5000 5000 conform-action set-prec-trans 2 exceed-action set-prec-trans 1
class class-default
set ip precedence 1
interface Ethernet1
service-policy input Packet-Tagging
EDIT: made a simpler version using Precedence instead of DSCP | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
4 edits | [Config] QoS+VoIP on a Cisco - local marking
route-map Local-Tagging permit 20
description --- Telnet traffic goes in High Class
match ip address Telnet-Traffic
set ip precedence 6
!
route-map Local-Tagging permit 40
description --- The rest goes in Medium class
set ip precedence 4
!
ip local policy route-map Local-Tagging
EDIT: made a simpler version using precedence instead of DSCP | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
2 edits | [Config] QoS+VoIP on a Cisco - queuing
Took me a while to figure it out
class-map match-any VoIP-Class-Outbound
match ip precedence 7
class-map match-any Hi-Class-Outbound
match ip precedence 6
match ip precedence 5
class-map match-any Med-Class-Outbound
match ip precedence 4
match ip precedence 3
class-map match-any Lo-Class-Outbound
match ip precedence 2
match ip precedence 1
But in my experience, you have to be really aggressive to slow down eMule and Bittorent traffic.
policy-map Data-Only-Queueing
class Hi-Class-Outbound
bandwidth percent 50
random-detect prec-based
random-detect exponential-weighting-constant 8
random-detect precedence 6 20 60 20
random-detect precedence 5 6 15 6
class Med-Class-Outbound
bandwidth percent 25
random-detect prec-based
random-detect exponential-weighting-constant 8
random-detect precedence 4 15 30 15
random-detect precedence 3 1 15 3
class Lo-Class-Outbound
bandwidth percent 25
random-detect prec-based
random-detect exponential-weighting-constant 3
random-detect precedence 2 15 30 15
random-detect precedence 1 1 15 3
Uses LLQ with 72Kbps assigned to the Voice class, and 171Kbps assigned to data, using the queuing defined above
policy-map Packet-Queueing
class VoIP-Class-Outbound
priority 72
class class-default
shape average 171000
bandwidth 171
service-policy Data-Only-Queueing
max-reserved-bandwidth 95 leaves 14Kbps (in my case) for anything that wasn't foreseen (routing updates, uncolored traffic, etc...)
interface Ethernet0
bandwidth 256
max-reserved-bandwidth 95
service-policy output Packet-Queueing
tx-ring-limit 2
tx-queue-limit 2 | |
|
 | hlygrail
join:2002-09-08
| Re: [Config] QoS+VoIP on a Cisco - queuing God Bless You!!
I was getting ready to post a question looking for a way to assign priority queueing to my 1720, having tried and failed (now I see why!).
Thank you for doing -- and DOCUMENTING -- the legwork for all to benefit. | |
|
| | paarlberg
join:2000-07-28
Lilburn, GA
| Re: [Config] QoS+VoIP on a Cisco - queuing Here is what I used on my 2621 to add QoS for H.323 and 3Com NBX pbx and phones. The "match ip dscp 46" was for the 3Com NBX portion.
**********************************************
ip cef
class-map match-any VOICE
match protocol rtp
match ip dscp 46
exit
policy-map QOS-RTP
class VOICE
priority percent 50
exit
**********************************************
Then you must apply to each interface that you want it to use..
**********************************************
interface
service-policy output QOS-RTP
**********************************************
You can also set priority by max bandwidth instead of percent (128k in the example below). Would recommend percent on ADSL and bandwidth for ethernet or high-speed serial. If you use both create a new policy-map for that.. QOS-RTP-DSL and QOS-RTP-ETH, or something like that..
**********************************************
priority bandwidth 128
********************************************** | |
|
vonsen
Just Because
Premium
join:2005-01-06
| Re: [Config] QoS+VoIP on a Cisco - sample config I thank you. My cisco thanks you.
--
Email these Lingo executives about the misrepresented 18% hike: psingh@primustel.com,nhazard@primustel.com,tkloster@primustel.com,jdepodesta@primustel.com,t book@primustel.com,smcintyre@primustel.com,anayar@primustel.com,tlawson@primustel.com,mguirg is@primustel.com,jmelick@primustel.com,jrosenblatt@primustel.com,ghicks@primustel.com,mmagil l@primustel.com | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
3 edits | [Config] QoS+VoIP on a Cisco - Add-ons
The 2 aliases below show you all stats of your upload traffic, and all stats of the queuing (how many packets dropped by the queuing engine, etc...)
alias exec out show policy-map interface Ethernet0 *
| exclude 0/0 0/0 0/0
alias exec in show policy-map interface Ethernet1
(*) WARNING 1 long line(s) split
now from the console just type "out" or "in" to get your stats. If there is a lazy way to do things, it is my duty to find it :D
EDIT watch out for the line break in the exemple above, the "alias exec out" line ends after the last "0/0" and there is no "*" in the final line. It should be
"alias exec out show policy-map interface Ethernet0 | exclude 0/0 0/0 0/0" | |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [Config] QoS+VoIP on a Cisco - sample config How did your ADT alarm like using VoIP to call out or did it even work at all? Most VoIP gateways and Cisco IOS have the ability to disable modems and faxes from working. Not to mention, a VoIP line is more likely to get squirrely and easily hose up modem negotiation. Just curious to hear your experience with it.
--
Ignorance is temporary...stupidity lasts forever! | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains | Got lazy, haven't done the wiring yet  | |
|
| BigBlockChev
join:2004-09-18 | Re: [Config] QoS+VoIP on a Cisco - sample config What version / level of IOS do you need to support these neat QoS features? (I'm a Cisco dinosaur, the last version I used was 11.2 on a 4500M). I'm interested in getting a used 2621 for home office use though. | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
| It runs on almost any platform, except the 800 series.
I think the 800
a) doesn't support named access-lists (which isn't a blocking point just very annoying to troubleshoot all those ACLs if they only have numbers)
b) doesn't support policy nesting... Can't call a policy map from within another policy map. There may be a workaround (like including all in 1 policy, but I haven't tried it, cause I don't have a 800 handy
I am using 12.2.24 on a 4700, but I think it runs on 12.1 IOSes. You just need an IP Plus version, no need for enterprise IOS | |
|
| ugalosh
join:2002-12-07
Baltimore, MD
| Re: [Config] QoS+VoIP on a Cisco - sample config The posts above all contain:
"EDIT: made a simpler version using precedence instead of DSCP"
Is that the version posted? Kinda new at this and trying comprehend it all. Working to try find a version of ios for my 2600 that has the 'police' command in policy-map, with very little success.
Thanks,
Uga. | |
|
| |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [Config] QoS+VoIP on a Cisco - sample config I believe that the police command under policy-maps was included in a later 12.2T train code or 12.3.
Otherwise you can use cascaded rate-limit commands to do the same thing. When you set a rate-limit and an exceed-action of drop, anything beyond the threshold gets policed automatically.
--
Ignorance is temporary...stupidity lasts forever! | |
|
| | |
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
| Re: [Config] QoS+VoIP on a Cisco - sample config said by rolande  :I believe that the police command under policy-maps was included in a later 12.2T train code or 12.3. Otherwise you can use cascaded rate-limit commands to do the same thing. When you set a rate-limit and an exceed-action of drop, anything beyond the threshold gets policed automatically. True... However, there's 2 differences between police and rate-limit on an interface
1) rate-limit on an interface needs an ACL. In my case, I have 1 ACL per type of traffic, then I bundled all the ACLs in a class-map. It makes it a LOT easier to move one traffic between classes, or to add a new type of traffic to a class
2) the police statements are not here to drop the traffic, but to recolor it. Then the queueing engine (WRED) treats traffic that's exceeding its bandwidth more aggresively.
If you dropped anything above a specific bandwidth, then you'd waste the bandwidth assigned to classes not in use.
In my case, I wanted to reserve 72 Kbps to VoIP, but the remaining 171Kbps to be shared between 3 classes of data traffic. That means that if I am not sending anything that gets colored as HI or MED class, the LO class uses all the 171 Kbps bandwidth. But most of its traffic is colored with precedence 1 instead or precedence 2 (only 43Kbps get colored with precedence 2)
So the WRED queueing engine is more aggressive towards precedence 1 than precedence 2 (cause I configured it like that). Then if I start sending say some MED traffic. It gets colored as Prec. 4 up to 43Kbps and Prec 3 above...
So in the end, the WRED sends packets out in the order of precedence 4, 2, then 3, then 1... Meaning it's very likely the exceeding prec. 1 traffic will be dropped by WRED, and some of the Prec. 3 as well.
I'm not sure I'm making this very clear. I know it's a weird concept... Let me know if more info is needed, or if I'm the only one to understand my post  | |
|
| | | | Brandonv7
join:2000-09-14
Minneapolis, MN
clubs:
| Re: [Config] QoS+VoIP on a Cisco - sample config You don't have to have an ACL to use the basic Rate-Limit command, do you? I read it as you only use an ACL if you want to rate limit just some of the traffic through that interface?
--
"Rose Tints My World To Keep Me Safe From My Trouble And Pain"Take a trip down the River Roads!! | |
|
| | | | |
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains | Re: [Config] QoS+VoIP on a Cisco - sample config I believe this is correct.
But you can also attach a access-list, and use it to color inbound traffic by using set-prec-transmit as your conform and exceed actions. | |
|
| | | | | |
| | | | | | Brandonv7
join:2000-09-14
Minneapolis, MN
clubs:
| Re: [Config] QoS+VoIP on a Cisco - sample config But that would only if you want to prioritize different kinds of traffic as it does in this voip config. The rate limit command itself doesn't require an ACL thought. That is what i was trying to clarify for a problem i am working on..
--
"Rose Tints My World To Keep Me Safe From My Trouble And Pain"Take a trip down the River Roads!! | |
|
| | | | | | |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [Config] QoS+VoIP on a Cisco - sample config Yes. Again, my first statement was that you were correct in your assumption. Without an ACL, the rate-limit command applies to all traffic going in and/or out of an interface depending on the direction it is applied or if it is applied in both directions.
--
Ignorance is temporary...stupidity lasts forever! | |
|
| |
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit | said by ugalosh :The posts above all contain: "EDIT: made a simpler version using precedence instead of DSCP" Is that the version posted? Kinda new at this and trying comprehend it all. Working to try find a version of ios for my 2600 that has the 'police' command in policy-map, with very little success. Yes, I was using DSCP in the past, but found out precedence works just as well, and precedence numbers are easier to follow than DSCP ones
police statements work on any 2600/3600/3700/4500 with a 12.2.24 IOS (IP PLUS versions, the ones with "-is-" in the name)
I think you also have to turn "ip cef" on before you can access the police statement
I think it works on 1720s too, but almost sure that policy nesting doesn't work on 800 chassis | |
|
| 
harlen
| LilYoda writes: but I haven't tried it, cause I don't have a 800 handy
Want access to play with one?
I'll be trying out your config examples on the weekend on my 827. Running c820-k9osy6-mz.123-9.bin | |
|
| |
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit | Re: [Config] QoS+VoIP on a Cisco - sample configI'm working on a house renovation this week-end, so I won't be able to help
As far as I remember, the 800 series does not allow for one policy-map to call another policy map (aka policy nesting)
I am not sure either if it supports named ACLs now. If it still doesn't, the config might be a LOT nastier to troubleshoot :)
So you could probably still get away with it by using one single policy map like
policy-map Packet-Queueing
class VoIP-Class-Outbound
priority 72
class Hi-Class-Outbound
bandwidth remaining percent 50
random-detect prec-based
random-detect exponential-weighting-constant 8
random-detect precedence 6 20 60 20
random-detect precedence 5 6 15 6
class Med-Class-Outbound
bandwidth remaining percent 25
random-detect prec-based
random-detect exponential-weighting-constant 8
random-detect precedence 4 15 30 15
random-detect precedence 3 1 15 3
class Lo-Class-Outbound
bandwidth remaining percent 25
random-detect prec-based
random-detect exponential-weighting-constant 3
random-detect precedence 2 15 30 15
random-detect precedence 1 1 15 3
If it doesn't work, I could look into it and work with you some time next week :) | |
|
Innuendo
Premium
join:2002-12-20 | LilYoda,
Thanks for sharing your hard work here for all to benefit.
This, IMHO, should be submitted as a FAQ so your hard work can benefit people in the future without danger of it getting buried in the sands of time. | |
|
smp606
join:2002-01-16
PA | Very nice write-up! | |
|
ultatryon
join:2002-04-10
Waterford, CT
| I just made a derivitive configuration based on this information on a 1720 w/ a WIC-1ENET running 12.2(4)YA6 (Feature Set K9O3SY7)
So, I can definately vouch that it runs on a 1720 
Oh, and to bump this back to the top | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains | w0000t | |
|
plm2005
join:2005-03-25
Bulgaria
| Hi LilYoda,
I have some questions on how to customize your brilliant QoS config file. On what email can I contact you?
I have cisco 1712 and a VPN site-to-site.
It is configured directly on the WAN interface and I am wondering how to give priority to the IPsec traffic.
I also want to give priority to Skype and tried something with UDP port, but not quite sure if it works. I am using NBAR and this is not working as expected.
You configuration seems much better. | |
|
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
| Re: [Config] QoS+VoIP on a Cisco - sample config I wanted to use NBAR, but it isn't supported on my 4700 
For the Skype and IPSec traffic, I already have the ACLs built, however I locked myself out of my router yesterday, in a daring attempt to improve my tacacs config *sigh*
So you'll have to wait till I get back home and can break into the router through the console port, which should be some time next week | |
|
| |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs: | Re: [Config] QoS+VoIP on a Cisco - sample config What TACACS server do you use? I am contemplating setting one up on my Linux server for my terminal server on my lab rack. Got any good suggestions? Thanks!
--
Ignorance is temporary...stupidity lasts forever! | |
|
| | plm2005
join:2005-03-25
Bulgaria
| NBAR was real disaster. My router crashed two times after I configured something with NBAR. I just got 2 memory crashes so I removed this shit.
I will wait for the ACLs.
I hope I will manage it.
I have some problems with Microsoft FRS now, so it took my time during the weekend. | |
|
| | |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [Config] QoS+VoIP on a Cisco - sample config Did you globally enable 'ip cef' before enabling NBAR protocol matching? Depending on what you were using NBAR for, a 1712 is kind of a small router if you were doing too much with it. You could easily kill the memory or CPU.
Did you get log msgs or traceback msgs on console? Did the router crash or just log malloc messages?
--
Ignorance is temporary...stupidity lasts forever! | |
|
| | | | plm2005
join:2005-03-25
Bulgaria | Re: [Config] QoS+VoIP on a Cisco - sample config yes I have ip cef, but NBAR is not for me.
I had big crash files.
It happened in the past, because of memory bugs, but the new IOS has other much worse bugs so I will stay with the current IOS for now. | |
|
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
1 edit | linux debian + tac_plus, works like a charm
(except when you're a numb nuts like me and mess up the key on the router )
I got the latest version of tac_plus recently for my work lab, so that I could give different rights based on the source IP. I'll post the version here when I get back to work on monday | |
|
|
|
|
