09-06-2013 08:00 AM - edited 03-03-2019 07:10 AM
Hi there - I have been asked to configure a new out of the box 1921 series Router for internet access.Basically our company has to provide Internet access to an office area with 8-10 IP Phones,Wireless & Internet set up. I have configured the Router to what I think would work best. . I have a Cisco E1200 ready to go for the Wifi side of things. This office area is not part of our network.
Bottom line is that they need their IP phones and Wifi
to work
My question is...Is there anything else I would need to add to the config for the phones to work better(no drops). Any help would be appreciated.
ISP > Router WAN > Router LAN > Cisco 2900XL Switch
ISP: 12.16.xxx.xx 255.255.255.248
LAN: 192.168.1.0 255.255.255.0
Building configuration...
Current configuration : 1648 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NEX_Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 wv8gUHK2fGNWeZuTKMRv7NWW3pQQ/a3WIwDP/OW0WIY
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
!
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool Nexxxxx
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 208.67.222.222
lease 7
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FTX17318328
!
!
username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Nexxxx LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description WAN side of Router
ip address 12.16.xxx.xx 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 240 0
password 7 0010160709480A1200
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 051F030E2C5F4F1D16
logging synchronous
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Solved! Go to Solution.
09-09-2013 08:01 AM
Yep. They look to be up waiting for a connection. Once you get it connected, the default route will show up in your routing table.
You're welcome!
HTH,
John
*** Please rate all useful posts ***
09-10-2013 12:58 PM
Getting into voip is going to probably make you want to move to vlans. Vlan 30 doesn't need to be in the ssid area on the AP since you're not using it any longer.
Fair warning though. Since you have all of this working, it's all going to change when you move to vlans. There are no drawbacks to running it this way because this is the preferred method. I've seen people put addresses on the radio, ethernet, and bvi which isn't necessary. The AP bridges the two interfaces together so you can use one address. Cisco recommends not to put a separate address on each interface.
HTH,
John
*** Please rate all useful posts ***
09-06-2013 09:08 AM
The first thing that jumps out is that you have nat configured on the interfaces, but you don't have nat actually configured so internet access wouldn't work if this device is supposed to do natting. If not, then you need to remove "ip nat inside/outside" from the interfaces. If it is to do natting, you'll need to finish the config:
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 100 interface g0/1 overload
As far as phones, are they hosted or internal only? You don't have an LLQ configured for the phones, but going over the internet isn't going to be easy to control if it's needed. You would be better off with a tunnel, but they may not offer that. To create a class, you'd do something like the following:
class-map Voice
match dscp ef <---- Assuming phones are marking with dscp 46 and mls qos is not configured on the LAN switch
policy-map Output
class Voice
priority 512
class class-default
bandwidth 512
fair-queue
int g0/1
service-policy output Output
There are many different options that you can do for voice, but in reality once it hits the internet (without an agreement from the provider), your EF tag will generally be stripped. This policy would help get it out of the router first during congestion, but there's still no guarantee that you won't be dropped later down the line.
HTH,
John
*** Please rate all useful posts ***
09-06-2013 09:19 AM
John,
Thanks for the quick reply. The phones are been hosted by a 3rd party VOIP vender - basically they were informed that all they needed to do was plug in the phone (internet access)and they could register them via MAC address.
The WAN IP address is one of 4 IP addresses that we own - we allocated this office one of these IP's.
I will add your config and test it.Again thanks for your help.
09-06-2013 10:16 AM
John, I forgot to ask...with the maximum number of phones been 10, would QoS - LLQ be required. We have a 10M Fiberline coming into the building - would we have issues with bandwidth with internet access for users via ethernet or WiFi plus the 10 IP phones?
Thanks again
09-06-2013 06:20 PM
QoS only kicks in when there's congestion on the interface. You would probably still want to configure it because if it's ever needed, it will be there. If it's not needed, it'll never go into effect so it doesn't hurt anything having it applied. You may never use it though.
HTH,
John
*** Please rate all useful posts ***
09-07-2013 07:12 AM
You do need QOS because voice quality is as much about priority queue as it is bandwidth. If there is any buffering at all, you probably want voice to be "next". That's what keeps the audible clicks and pops minimized.
Sent from Cisco Technical Support iPad App
09-07-2013 11:38 AM
Thank you guys,you have givin me alot to think about. I'd rather have something like this set than having to re-visit a quality issue later down the road.
John: can I just add your config into my config assuming that these are standard Polycom phones requiring only "Internet access"by the 3rd party hosting company? I dont believe MLS QOS was configured on the switch but I will check the Runing-conifg.
As far as phones, are they hosted or internal only? You don't have an LLQ configured for the phones, but going over the internet isn't going to be easy to control if it's needed. You would be better off with a tunnel, but they may not offer that. To create a class, you'd do something like the following:
class-map Voice
match dscp ef <---- Assuming phones are marking with dscp 46 and mls qos is not configured on the LAN switch
policy-map Output
class Voice
priority 512
class class-default
bandwidth 512
fair-queue
int g0/1
service-policy output Output
09-07-2013 12:19 PM
Sure you can. To explain the config further, I didn't realize you had 10Mb to begin with so I was minimal with it.
Class map Voice creates the class map to match on the marking that the phones are probably doing. The reason I brought up mls is because if it's enabled on a switch and not configured, the switch will set the marking back to default and you would never see this marking at the router unless you trusted the marking at the switch. Without mls configured or enabled on the switch, the switch won't tamper with the marking that the phone sends, so you should see the marking at the router.
class Voice under the policy map tells it to take 512k off the top immediately when it sees a packet marked with dscp 46 (ef) and reserve it. This creates an LLQ and is service immediately before anything else, but it's also policed at this rate as well so it can't starve the other queues.
class-default is a class that's there by default, but it's not seen unless configured. What you're telling this class is that you want to reserve a minimum amount of bandwidth (512k) and use fair queueing which enables flow based fair queueing.
All of these are configurable. Anything that doesn't match your Voice class will fall into the class-default queue. You can modify the bandwidth values by putting whatever you want in there. For a 10Mb circuit, you may choose to set aside 8Mb for the class-default class, or you may leave class default where it is and add other classes.
Many people, including myself, have a High, Med, Low class, or some ISPs use a Gold, Silver, Bronze class. My classes are configured for voice in High, Business apps in Med, and general web browsing and FTP in the Low class. Depending on what you do with the classes, you can shape/police traffic based on the type of traffic it is. I can police users to 512k of bandwidth only for Web but give them 5Mb for Business class applications. When there's nothing going on in the Medium class, the Low class can use all of the bandwidth it needs.
HTH,
John
*** Please rate all useful posts ***
09-08-2013 04:33 AM
Thank you John, I will add that to the config. I also noticed that when I added the statement:
ip route 0.0.0.0 0.0.0.0 12.161xx.xx and
ip route 0.0.0.0 0.0.0.0 ge0/1
The Gateway of last resort of is not set when I do a "show IP route". I added the second statement to the original config just in case. This a stub router- with no other way out, is it normal not to have it shown until I actually connect the router? I cant figure why it wont show up in the config!?
09-08-2013 05:06 AM
Make sure that you have ip routing enabled "ip routing" and then try the default route again. It's not normal for you to set this and it not show up unless you have routing turned off.
HTH,
John
*** Please rate all useful posts ***
09-09-2013 06:25 AM
John - I had IP routing enabled. RIP V2 is running but I still cant see gateway of last resort. Is there something configured by default on the router? I have posted my config again with the QoS...I've been trying to figure this out! Thank you!
Building configuration...
Current configuration : 1976 bytes
!
! Last configuration change at 08:14:13 CDT Mon Sep 9 2013
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NEX_Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 wv8gUHK2fGNWeZuTKMRv7NWW3pQQ/a3WIwDP/OW0WIY
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
!
ip cef
!
!
!
ip dhcp excluded-address 10.25.131.1
!
ip dhcp pool Nex
import all
network 10.25.131.0 255.255.255.0
default-router 10.25.131.1
dns-server 208.67.222.222
lease 7
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FTX17318328
!
!
username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Nex LAN
ip address 10.25.131.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description WAN side of Router
ip address 12.16.xxx.xx 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
router rip
network 10.0.0.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx
!
access-list 100 permit ip 10.25.131.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 240 0
password 7 0010160709480A1200
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 051F030E2C5F4F1D16
logging synchronous
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
09-09-2013 06:42 AM
If the wan interface isn't up at the time of you installing the default route, it won't show up in the routing table. Is the circuit up and functional?
I would remove this:
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
Let me show you what I mean:
R2(config-if)#do sh run | i ip route
ip route 0.0.0.0 0.0.0.0 12.15.15.1 <--- Here's the route
R2(config-if)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 12.15.15.1 to network 0.0.0.0 <-- installed in the routing table
12.0.0.0/24 is subnetted, 1 subnets
C 12.15.15.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 12.15.15.1
R2(config-if)#shut <--- I shut fa0/0
R2(config-if)#
*Mar 1 00:03:46.231: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:03:47.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R2(config-if)#do sh run | i ip route
ip route 0.0.0.0 0.0.0.0 12.15.15.1 <---- route is still here, but now "not set" below
R2(config-if)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set < --- "not set" because the interface leading to the next hop is down.
HTH,
John
*** Please rate all useful posts ***
09-09-2013 07:49 AM
John,
The unit is being configured on my desk - sorry I should have informed you of that. I havent gotten to install/plug in the unit just yet until the config is correct!
The interfaces should be up once I plug them in correct. Down Down is a phyiscal issue i.e cable unplugged. I have removed the statement 0.0.0.0 0.0.0.0 ge0/1 and left the the default as 0.0.0.0 0.0.0.0 12.198.xxx.xx
Thank you for all your help once again!
NEX_Router#show ip int brief
Interface IP-Address OK? Method Status Prot ocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.25.131.1 YES NVRAM down down
GigabitEthernet0/1 12.16.xxx.xx YES NVRAM down down
NVI0 unassigned YES unset administratively down down
09-09-2013 08:01 AM
Yep. They look to be up waiting for a connection. Once you get it connected, the default route will show up in your routing table.
You're welcome!
HTH,
John
*** Please rate all useful posts ***
09-09-2013 06:21 PM
John - I connected everything and it worked great, thank you for your help once again!
I now find myself adding a Cisco 1242 AP to the switch that for wifi access.
I have the router to router to configuration set up - I can get to the internet. The router is configured with the DHCP pool, I am getting an IP address from this range.I have created a VLAN 100 on the switch which I have dedicated a few ports too. I only have one VLAN so I didn't enable trunking just access on the VLAN. I have the SSID and VLAN set up on the AP through the web interface.
Switch 2900XL 24 ports
VLAN 100:::Ports FA0/4-0/24
Router:::FA0/24
AP:::FA0/23
The problem is I can't get out to the internet using wireless. I can ping the AP's IP address from the network, I can also ping the Default gateway. I can't get an IP address though from the DHCP pool of the Router.
I guessing I need to do more configuring from the console on the AP itself or maybe the router -
Some forums suggest using sub-interfaces on the router...Assigning the Sub interface to the VLAN.
If I have the VLAN setup do I need to establish a new dhcp pool on the Router for the AP to give out ips?
Would you have any quick thoughts!?
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide