|
inignot posted:EIGRP will do unequal cost load balancing. Sorry, I should have been more specific.. I know EIGRP can do unequal cost load-balancing. What I am wondering is if I can do it over two multilinks. I've never tried it and wanted some feedback. If it doesn't work I am not going to bother migrating both multilinks into one router. I would rather have two routers each with a multilink for fail-over purposes.
|
# ? Feb 6, 2009 14:26 |
|
|
# ? Apr 23, 2024 23:36 |
|
BoNNo530 posted:Sorry, I should have been more specific.. I know EIGRP can do unequal cost load-balancing. What I am wondering is if I can do it over two multilinks. I've never tried it and wanted some feedback. If it doesn't work I am not going to bother migrating both multilinks into one router. I would rather have two routers each with a multilink for fail-over purposes. I don't see why not. Multilink PPP results in a logical interface, you can put whatever bandwidth value on it you want & tune EIGRP as needed. Set it up in GNS3 and see what happens.
|
# ? Feb 9, 2009 19:18 |
|
QoS is hard, and I'm practicing, but I have some questions. I have an 851w for an internet router. I can't do custom QoS on it (Software image doesn't support it because Cisco wants you to buy an 871 for that), but I know that it supports QoS from say a Cisco IP Phone or something like that. However I can't define Class-maps or Policy-maps on it. I do have a 3560G switch though, and it does support full QoS etc. So what I want to do is prioritize all traffic over bittorrent traffic. I'm thinking that because the port is 100Mb to the router and my internet connection is around 6mb down and 512kb up that I can simulate congestion on that link by limiting the bandwidth of the switchport. Not sure if I can make it only limit the upload though. The problem with bittorrent is saturating the upstream. The downstream rarely gets overwhelmed, but I know the 512up gets obliterated pretty good. I also know that I can limit my upload via the bittorrent client, but I'd rather have a more flexible solution so that during the day when no one is home we can get our full 40K up. So does someone know how to make this work? If I can just figure out how to make the 851 think I've got some Cisco IP Phones connected or some otherway of enabling QoS that will help a lot too. Any ideas?
|
# ? Feb 11, 2009 00:18 |
|
If CBWFQ is not enabled in your image, how about Priority Queuing? Basically you want to tag the traffic inbound from the lan (and on the switch if you run dot1q between switch and router) and apply the policy on your wan interface. If you can't classify the traffic (no CBWFQ) with layer 2 or 3 QoS bits you want to downgrade, you can still use access lists. Make an access list with all the traffic you want to give priority to like esp, or whatever your IP phone is using to get to the server, web surfing, etc. By default the traffic not classified in that list will get the normal queue. You get 4 queues; High, Medium, Normal, Low 3660-1#sh queueing interface serial 3/0 Interface Serial3/0 queueing strategy: priority Output queue utilization (queue/count) high/350169 medium/0 normal/19073366 low/0 This is some T1 that is doing a simple queue to make sure some guy's IP phone calls aren't lovely when others are banging away at the circuit grabbing source code or something not as time sensitive. If the router says it supports QoS, I would assume that it will read various QoS settings (layer 2 802.1q cos tags, layer 3 IP Precedence and DSCP bits), and 'trust' the value. Not sure how it would act on it if its crippled. Maybe there is a default config and you cant touch it? e: In a perfect world, your IP phone would hit the switchport on a dot1q trunk. The phone is probably throwing out dot1q cos 5 tags if you set it to trunk. If it is coming out with a cos of 1 you can just change the tag right there to a 5 on ingress. The PC is on another switchport, banging away at a cos of 1. When the IP phone frame exits the switch into the router once again they agree on the cos5 for the ethernet frame that contains the voice stream. The router sees the cos5 tag, checks it's queuing strategy and policy and sticks it in the high priority queue like the guy's vpn in the example above. For traffic coming within a node, just classify it in an access list by inclusion or exclusion upstream. e2: Not sure why I thought the guy had DSL. See if you can do show commands against the default global policy. Herv fucked around with this message at 01:41 on Feb 11, 2009 |
# ? Feb 11, 2009 00:46 |
|
Correct me if I'm wrong, but he doesn't have a Cisco IP Phone. He has a 3560G, a PC, and a 851.
|
# ? Feb 11, 2009 06:29 |
|
jwh posted:Correct me if I'm wrong, but he doesn't have a Cisco IP Phone. He has a 3560G, a PC, and a 851. Yep you are right, my post was pretty cluttered. I had thought he was eventually going to get one in, but wanted to fake out the 851 since apparently the product lit says it can support some basic QoS. The 'IP Phone' here is the end station what he is trying to tag with Precedence ToS and DSCP Values to fake out the 851. I could have been more clear but thats what I get for trying to make an all in one QoS post. I still find it sad that they crippled the 851 like that. You can get a 2621 doing everything (DMVPN, AES192, OSPF, NAT/PAT, RAS VPN, CBWFQ/PQ on a FiOS 20/5 @ 30 percent on the CPU while encrypting an IP phone conference hosting 5 callers) except the wireless for 50 bucks, how lovely. I just checked an 871 (c870-advipservicesk9-mz.124-22.T.bin) and was able to set up a quick class and policy map, and give it priority. Looking at the images for the 851 (c850-advsecurityk9-mz.124-15.T8.bin) you would think some of the same features were available. I don't have one, I can't check. Must be the ip in the file name. I thought the image features were the 'k9-mz' part of the filename, but haven't looked it up in ages. My asa 5505 is crippled unless I want to buy an upgrade license, this must be some new thing. I thought that Failover and Physical interface count were the limiting factors. I have an 871, but it has no PoE for my IP Phone. I just cant win. It's very important that my office extension is available with all features like hosting conferences. It's the easiest way to sham it and work in your PJ's. My home office chair is more comfortable, nobody can hear the difference. The IP Phone in a Perfect World example using the Queuing was more of a general outbound QoS situation in one of the trickier situations with end to end priority. I didn't even cover pulling inbound traffic off the wan circuit, marking it up and sending it out to beat up all the other ethernet frames in the layer 2 switch yard. e: Added part to ios images. Herv fucked around with this message at 08:55 on Feb 11, 2009 |
# ? Feb 11, 2009 08:25 |
|
Yea. I'm not to familiar with setting up QoS for an IP Phone via the 851. Also I don't KNOW that it supports QoS, but I assume it does because of all the literature. The 851 does have some options as far as QoS is concerned, but all the commands are different. I'm not sure how to setup PQ because none of the standard commands work to enable it. Also ironically enough, when I googled for 851 QoS, it brought me to this thread on page 3, where I'm asking the same question. With my better experience and overall knowledge I'm able to understand better the solutions that were presented to me, or rather understand why they won't work on my router. I wonder if I could talk to one of my IOS programmer buddies and get him to compile me a special advanced IP services 851 image, it would be trivial to do since the 851 and 871 are basically the same...probably a pipe dream. Anyway, I think I'm going to adopt this as a long(er) term project. Because I know its possible to do somehow, but the device is so small scale that none of the technical aptitude at Cisco has much interest in it. So I'll be mostly on my own.... Also the K9-mz has to do with basic security features. The IOS I need is an "Advanced ip services" image. That image contains all the fun stuff like IPV6 routing, ISIS, BGP, EIGRP, OSPF, QOS etc. Basically if you are doing any kind of ISP interaction that is beyond a simple point to point or static route you probably need Advanced IP Services. Advanced Enterprise Services would work as well. e: I wonder if I could find a "voice" image for this thing, and if that would have the QoS stuff that I need...hmm. ate shit on live tv fucked around with this message at 09:07 on Feb 11, 2009 |
# ? Feb 11, 2009 09:00 |
|
Oh cool, thanks I didn't know that. Here's a quick and dirty PQ setup, and it will do what you need on the uplink to push ahead of any BT or otherwise unspecified traffic. interface Serial3/0 ip address 151.204.xxx.xxx 255.255.255.252 no ip redirects no ip unreachables ip nbar protocol-discovery ip route-cache flow priority-group 1 access-list 120 permit <my important data e.g. TCP> any any eq <my important port> priority-list 1 protocol ip high list 120 I usually max the memory on everything, makes it safe to deepen the queues. priority-list 1 queue-limit 32767 32767 32767 32767 Each queue will hold 32k packets, if you have enough packet memory. One warning of course is that traffic in a lower queue will not go out until a higher queue is empty. You can/will drop traffic if you try to queue more than the max 32k packets, the show commands will see if it is happening. I didn't make the product, I only use it. Hope it works! e: I just have normal access to images, and couldn't find anything but the same advanced services in 12.4 or 12.3. The old IOS image site just lists one image set for the 851. By standard commands, I figured you were talking about the lack of CBWFQ commands from before. Herv fucked around with this message at 09:41 on Feb 11, 2009 |
# ? Feb 11, 2009 09:36 |
|
Powercrazy posted:Also ironically enough, when I googled for 851 QoS, it brought me to this thread on page 3, where I'm asking the same question. With my better experience and overall knowledge I'm able to understand better the solutions that were presented to me, or rather understand why they won't work on my router. Jesus, and yeah I answered back then too, early 07, this thread really is toddler age now. Sorry for pushing the PQ on yah 2 times.
|
# ? Feb 11, 2009 15:51 |
|
Powercrazy posted:Yea. I'm not to familiar with setting up QoS for an IP Phone via the 851. Also I don't KNOW that it supports QoS, but I assume it does because of all the literature. Powercrazy posted:Also ironically enough, when I googled for 851 QoS, it brought me to this thread on page 3, where I'm asking the same question.
|
# ? Feb 11, 2009 17:10 |
|
I'm finally getting around to working towards my CCNA and could use a physical lab over this emulated poo poo. I've looked at https://www.ciscokits.com and I have an idea of what I'll need. I figured I'd check in here and see if anyone has any specific recommendations. I'd need a minimal setup; 2 routers, 1 switch (or two). My biggest concern is cost, naturally I would like to keep it as cheap as I can. I have no problem Ebay shopping and hunting and pecking to pick up the equipment. Any recommendations on equipment? I already have a 2501 router.
|
# ? Feb 11, 2009 20:05 |
|
2 2600 routers and 2 2900 switchs with maybe a 2500 router for a console server is all you need for the CCNA. But honestly you don't even need that, just use Dynamips or something. The CCNA can be passed even without even passing the sims.
|
# ? Feb 11, 2009 20:25 |
|
Powercrazy posted:2 2600 routers and 2 2900 switchs with maybe a 2500 router for a console server is all you need for the CCNA. This isn't true anymore. The new CCNA exam is a bit tougher then it was before, and if you can't do labs, you will fail. I just took it a couple weeks ago, and there were multiple lab questions where you have to find out what is wrong and setup/fix routing.
|
# ? Feb 11, 2009 20:28 |
|
How do you guys work your vlans in regards to servers? Do you have dedicated server vlan(s)? Do you let your server talk outside of their vlan unabated or even get out to the internet unabated?
|
# ? Feb 11, 2009 20:41 |
|
InferiorWang posted:How do you guys work your vlans in regards to servers? Do you have dedicated server vlan(s)? Do you let your server talk outside of their vlan unabated or even get out to the internet unabated? With the exception of VLANs dedicated to backup and SAN storage, servers are given their own unrestricted VLAN that is routable by most internal devices. This is of course for truly internal servers, ones living in a DMZ and public-facing have their access severely restricted inbound/outbound. We typically have the gateway for the DMZ'd servers' VLAN residing on a firewall for more granular control.
|
# ? Feb 11, 2009 20:57 |
|
InferiorWang posted:How do you guys work your vlans in regards to servers? Do you have dedicated server vlan(s)? Do you let your server talk outside of their vlan unabated or even get out to the internet unabated? Multiple server zones (production, dev, dmz, etc etc etc) all with their own vlans and FWSM controlling access between each. Default rule is all is denied inbound and outbound unless permitted.
|
# ? Feb 11, 2009 22:19 |
|
routenull0 posted:Multiple server zones (production, dev, dmz, etc etc etc) all with their own vlans and FWSM controlling access between each. Do you do pVLAN's on each of the VLAN's?
|
# ? Feb 11, 2009 23:14 |
|
Boner Wad posted:Do you do pVLAN's on each of the VLAN's? No, hosts in the vlan can talk to each other if the hosts themselves allow it via iptables or the like.
|
# ? Feb 12, 2009 02:39 |
|
Whats the point of Vlans? Just run layer 3 everywhere.
|
# ? Feb 12, 2009 05:10 |
|
Powercrazy posted:Whats the point of Vlans? Just run layer 3 everywhere. What?
|
# ? Feb 12, 2009 16:01 |
|
InferiorWang posted:What? I was confused as well.
|
# ? Feb 12, 2009 17:20 |
|
What's to not understand? code:
|
# ? Feb 12, 2009 17:30 |
|
bort posted:What's to not understand? Awesome. My network is much faster now. I should probably run layer 3 on my VWICs too.
|
# ? Feb 12, 2009 18:41 |
|
bort posted:What's to not understand? Wow, I guess that is one way to put it. e: Meh. Herv fucked around with this message at 20:04 on Feb 12, 2009 |
# ? Feb 12, 2009 19:50 |
|
InferiorWang posted:What? haha Well as I think about it a little more, there are several good reasons to have vlans depending on your topology, so never mind
|
# ? Feb 12, 2009 20:43 |
|
bort posted:What's to not understand? Is it possible to propagate that through VTP? Don't want to have to go to every switch if I don't have to.
|
# ? Feb 12, 2009 20:55 |
|
Using a WLAN 4400 series controller, what's the difference between using a GUEST-LAN WLAN and a normal WLAN? I'm under the impression that for the GUEST-LAN I'll still have to build the ACLs for the VLAN just as I would with a normal WLAN? Is it just a matter of having the web authentication presented?
|
# ? Feb 13, 2009 21:58 |
|
InferiorWang posted:Using a WLAN 4400 series controller, what's the difference between using a GUEST-LAN WLAN and a normal WLAN? I'm under the impression that for the GUEST-LAN I'll still have to build the ACLs for the VLAN just as I would with a normal WLAN? Is it just a matter of having the web authentication presented? Guest LAN is for making a cable based webauth.
|
# ? Feb 13, 2009 22:16 |
|
Hrm, does this look like a memory misconfiguration, bad system (packet) memory, or one of the interfaces has bad memory? I am voting for bad system memory but does anyone else have an idea here?Router Burn Victim posted:
The unit has 256mb of memory, with 20 percent to packet memory. Here's the show mem: Router Burn Victim posted:
History of this 3660 was a serious building cooling system failure. Was 130 F in the telco room we were told. I told the boss all bets are off on this unit 6 months ago when it happened. The unit was put together from spare parts 6 years ago and had uptimes of over a year here and there. What a way to die for the old soldier. I already started hoarding the parts for a new one, but hey there might not be anything wrong with the existing router and I am just a dumbass.
|
# ? Feb 16, 2009 03:47 |
|
Herv posted:Hrm, does this look like a memory misconfiguration, bad system (packet) memory, or one of the interfaces has bad memory? I am voting for bad system memory but does anyone else have an idea here? I wouldn't hold a door open with a 3660 router. We deployed so many that went bad, that Cisco ended up buying them back from us when they admitted the platform was terrible. code:
|
# ? Feb 16, 2009 04:54 |
|
routenull0 posted:I wouldn't hold a door open with a 3660 router. We deployed so many that went bad, that Cisco ended up buying them back from us when they admitted the platform was terrible. Its running a pretty recent version of 12.4 3660-3#sh ver Cisco IOS Software, 3600 Software (C3660-JK9O3S-M), Version 12.4(15)T8, RELEASE SOFTWARE (fc3) Now I really want to dump that sucker. Thanks Oh do you have a link to that documentation in case i have to poke around some more?
|
# ? Feb 16, 2009 05:08 |
|
Herv posted:Its running a pretty recent version of 12.4 I just dumped your error out put in the tool on cisco's site, just login with your CCO.
|
# ? Feb 16, 2009 05:09 |
|
routenull0 posted:I just dumped your error out put in the tool on cisco's site, just login with your CCO. Cool thanks, I am missing a good amount of things like that. Gotta try to get onboard again. Thinking about it, I guess the only way you will get a good 3660 is if you use all known good parts hehe.
|
# ? Feb 16, 2009 05:15 |
|
Herv posted:Cisco IOS Software, 3600 Software (C3660-JK9O3S-M), Version 12.4(15)T8, RELEASE SOFTWARE (fc3) Have you seen similar behavior outside the T train? T train is the pain train.
|
# ? Feb 16, 2009 07:22 |
|
jwh posted:Have you seen similar behavior outside the T train? T train is the pain train. You know I haven't seen this with another image. I think it's been in for a few months though. The problems have shown up rather recently. I looked in the tftp server and this was up there, looks to be recent. I slapped it into the poor thing, let's see how the week goes! 3660-3#sh ver Cisco IOS Software, 3600 Software (C3660-JK9O3S-M), Version 12.4(23), RELEASE SOFTWARE (fc1) Compiled Sun 09-Nov-08 00:28 by prod_rel_team In the area of memory management here's the split: Cisco 3660 (R527x) processor (revision 1.0) with 209920K/52224K bytes of memory. Processor board ID JAB042088J1 R527x CPU at 225MHz, Implementation 40, Rev 10.0, 2048KB L2 Cache The image calls for 128mb, and theres just under 52mb for packet memory so I would think I am not blowing out the router queues. Thanks for the suggestion, I was figuring it was hardware related considering the serious cooking it took, but hey who knows! Stay tuned packet slinging fans.
|
# ? Feb 16, 2009 08:41 |
|
My wife sent this to me on Valentines day and I laughed. http://www.youtube.com/watch?v=3pffeMdDSoY
|
# ? Feb 16, 2009 23:27 |
|
Paul Boz_ posted:My wife sent this to me on Valentines day and I laughed. That's funny. Does anyone know of ASR9000s in production? I haven't heard anything, even on the lists. But then again, I don't typically deal with anything larger than a 6500.
|
# ? Feb 17, 2009 00:12 |
|
jwh posted:Have you seen similar behavior outside the T train? T train is the pain train. 12.4(15)T8 is allegedly decent, at least compared to other 12.4T's- It's 12.5. I'm surprized a 3600 can run that at all. 3620 ended at 12.3, 3640 at 12.4, and looks like 3660 at 12.5.
|
# ? Feb 17, 2009 00:51 |
|
jwh posted:That's funny. They only just launched and I'm sure FCS is missing all sorts of features people want (like channelized SONET cards which are still missing from the other ASRs afaik). Our 7600s should finally start to shape up into being nice channelized DS1 boxes once SRD comes out with some PPP fixes we've been waiting on (think it's coming out in the next 2 weeks).
|
# ? Feb 17, 2009 04:43 |
|
|
# ? Apr 23, 2024 23:36 |
|
falz posted:12.4(15)T8 is allegedly decent, at least compared to other 12.4T's- It's 12.5. I'm surprized a 3600 can run that at all. 3620 ended at 12.3, 3640 at 12.4, and looks like 3660 at 12.5. This scares me.
|
# ? Feb 17, 2009 09:42 |