cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6763
Views
50
Helpful
28
Replies
johnny_5
Beginner

Cisco 1921 Router LAN config

Hi there - I have been asked to configure a new out of the box 1921 series Router for internet access.Basically our company has to provide Internet access to an office area with 8-10 IP Phones,Wireless & Internet set up. I have configured the Router to what I think would work best. . I have a Cisco E1200 ready to go for the Wifi side of things. This office area is not part of our network.

Bottom line is that they need their IP phones  and Wifi

to work

My question is...Is there anything else I would need to add to the config for the phones to work better(no drops). Any help would be appreciated.

ISP > Router WAN > Router LAN > Cisco 2900XL Switch

ISP: 12.16.xxx.xx 255.255.255.248

LAN: 192.168.1.0 255.255.255.0

Building configuration...

Current configuration : 1648 bytes

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NEX_Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 wv8gUHK2fGNWeZuTKMRv7NWW3pQQ/a3WIwDP/OW0WIY

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone CDT -6 0

clock summer-time CDT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool Nexxxxx

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 208.67.222.222

lease 7

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FTX17318328

!

!

username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Nexxxx LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description WAN side of Router

ip address 12.16.xxx.xx 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx

!

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 240 0

password 7 0010160709480A1200

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 051F030E2C5F4F1D16

logging synchronous

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

2 ACCEPTED SOLUTIONS

Accepted Solutions

Yep. They look to be up waiting for a connection. Once you get it connected, the default route will show up in your routing table.

You're welcome!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

Getting into voip is going to probably make you want to move to vlans. Vlan 30 doesn't need to be in the ssid area on the AP since you're not using it any longer.

Fair warning though. Since you have all of this working, it's all going to change when you move to vlans. There are no drawbacks to running it this way because this is the preferred method. I've seen people put addresses on the radio, ethernet, and bvi which isn't necessary. The AP bridges the two interfaces together so you can use one address. Cisco recommends not to put a separate address on each interface.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

28 REPLIES 28
John Blakley
Advisor

The first thing that jumps out is that you have nat configured on the interfaces, but you don't have nat actually configured so internet access wouldn't work if this device is supposed to do natting. If not, then you need to remove "ip nat inside/outside" from the interfaces. If it is to do natting, you'll need to finish the config:

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 100 interface g0/1 overload

As far as phones, are they hosted or internal only? You don't have an LLQ configured for the phones, but going over the internet isn't going to be easy to control if it's needed. You would be better off with a tunnel, but they may not offer that. To create a class, you'd do something like the following:

class-map Voice

match dscp ef      <---- Assuming phones are marking with dscp 46 and mls qos is not configured on the LAN switch

policy-map Output

class Voice

priority 512

class class-default

bandwidth 512

fair-queue

int g0/1

service-policy output Output

There are many different options that you can do for voice, but in reality once it hits the internet (without an agreement from the provider), your EF tag will generally be stripped. This policy would help get it out of the router first during congestion, but there's still no guarantee that you won't be dropped later down the line.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

John,

Thanks for the quick reply. The phones are been hosted by a 3rd party VOIP vender - basically they were informed that all they needed to do was plug in the phone (internet access)and they could register them via MAC address.

The WAN IP address is one of 4 IP addresses that we own - we allocated this office one of these IP's.

I will add your config and test it.Again thanks for your help.

John, I forgot to ask...with the maximum number of phones been 10, would QoS - LLQ be required. We have a 10M Fiberline coming into the building - would we have issues with bandwidth with internet access for users  via ethernet or WiFi plus the 10 IP phones?

Thanks again

QoS only kicks in when there's congestion on the interface. You would probably still want to configure it because if it's ever needed, it will be there. If it's not needed, it'll never go into effect so it doesn't hurt anything having it applied. You may never use it though.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

You do need QOS because voice quality is as much about priority queue as it is bandwidth. If there is any buffering at all, you probably want voice to be "next". That's what keeps the audible clicks and pops minimized.

Sent from Cisco Technical Support iPad App

johnny_5
Beginner

Thank you guys,you have givin me alot to think about. I'd rather have something like this set than having to re-visit a quality issue later down the road.

John: can I just add your config into my config assuming that these are standard Polycom phones requiring only "Internet access"by the 3rd party hosting company? I dont believe MLS QOS was configured on the switch but I will check the Runing-conifg.

As far as phones, are they hosted or internal only? You don't have an  LLQ configured for the phones, but going over the internet isn't going  to be easy to control if it's needed. You would be better off with a  tunnel, but they may not offer that. To create a class, you'd do  something like the following:

class-map Voice

match dscp ef      <---- Assuming phones are marking with dscp 46 and mls qos is not configured on the LAN switch

policy-map Output

class Voice

priority 512

class class-default

bandwidth 512

fair-queue

int g0/1

service-policy output Output

Sure you can. To explain the config further, I didn't realize you had 10Mb to begin with so I was minimal with it.

Class map Voice creates the class map to match on the marking that the phones are probably doing. The reason I brought up mls is because if it's enabled on a switch and not configured, the switch will set the marking back to default and you would never see this marking at the router unless you trusted the marking at the switch. Without mls configured or enabled on the switch, the switch won't tamper with the marking that the phone sends, so you should see the marking at the router.

class Voice under the policy map tells it to take 512k off the top immediately when it sees a packet marked with dscp 46 (ef) and reserve it. This creates an LLQ and is service immediately before anything else, but it's also policed at this rate as well so it can't starve the other queues.

class-default is a class that's there by default, but it's not seen unless configured. What you're telling this class is that you want to reserve a minimum amount of bandwidth (512k) and use fair queueing which enables flow based fair queueing.

All of these are configurable. Anything that doesn't match your Voice class will fall into the class-default queue. You can modify the bandwidth values by putting whatever you want in there. For a 10Mb circuit, you may choose to set aside 8Mb for the class-default class, or you may leave class default where it is and add other classes.

Many people, including myself, have a High, Med, Low class, or some ISPs use a Gold, Silver, Bronze class. My classes are configured for voice in High, Business apps in Med, and general web browsing and FTP in the Low class. Depending on what you do with the classes, you can shape/police traffic based on the type of traffic it is. I can police users to 512k of bandwidth only for Web but give them 5Mb for Business class applications. When there's nothing going on in the Medium class, the Low class can use all of the bandwidth it needs.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Thank you John, I will add that to the config. I also noticed that when I added the statement:

ip route 0.0.0.0 0.0.0.0 12.161xx.xx and

ip route 0.0.0.0 0.0.0.0 ge0/1

The Gateway of last resort of is not set when I do a "show IP route". I added the second statement to the original config just in case. This a stub router- with no other way out, is it normal not to have it shown until I actually connect the router? I cant figure why it wont show up in the config!?

Make sure that you have ip routing enabled "ip routing" and then try the default route again. It's not normal for you to set this and it not show up unless you have routing turned off.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

John - I had IP routing enabled. RIP V2 is running but I still cant see gateway of last resort. Is there something configured by default on the router? I have posted my config again with the QoS...I've been trying to figure this out! Thank you!

Building configuration...

Current configuration : 1976 bytes

!

! Last configuration change at 08:14:13 CDT Mon Sep 9 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NEX_Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 wv8gUHK2fGNWeZuTKMRv7NWW3pQQ/a3WIwDP/OW0WIY

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone CDT -6 0

clock summer-time CDT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 10.25.131.1

!

ip dhcp pool Nex

import all

network 10.25.131.0 255.255.255.0

default-router 10.25.131.1

dns-server 208.67.222.222

lease 7

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FTX17318328

!

!

username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Nex LAN

ip address 10.25.131.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description WAN side of Router

ip address 12.16.xxx.xx 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

router rip

network 10.0.0.0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

ip route 0.0.0.0 0.0.0.0 12.16.xxx.xx

!

access-list 100 permit ip 10.25.131.0 0.0.0.255 any

!

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 240 0

password 7 0010160709480A1200

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 051F030E2C5F4F1D16

logging synchronous

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

If the wan interface isn't up at the time of you installing the default route, it won't show up in the routing table. Is the circuit up and functional?

I would remove this:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

Let me show you what I mean:

R2(config-if)#do sh run | i ip route

ip route 0.0.0.0 0.0.0.0 12.15.15.1  <--- Here's the route

R2(config-if)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 12.15.15.1 to network 0.0.0.0   <-- installed in the routing table

     12.0.0.0/24 is subnetted, 1 subnets

C       12.15.15.0 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 12.15.15.1

R2(config-if)#shut <--- I shut fa0/0

R2(config-if)#

*Mar  1 00:03:46.231: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

*Mar  1 00:03:47.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

R2(config-if)#do sh run | i ip route

ip route 0.0.0.0 0.0.0.0 12.15.15.1 <---- route is still here, but now "not set" below

R2(config-if)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set < --- "not set" because the interface leading to the next hop is down.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

John,

The unit is being configured on my desk - sorry I should have informed you of that. I havent gotten to install/plug in the unit just yet until the config is correct!

The interfaces should be up once I plug them in correct. Down Down is a phyiscal issue i.e cable unplugged. I have removed the statement 0.0.0.0 0.0.0.0 ge0/1 and left the the default as 0.0.0.0 0.0.0.0 12.198.xxx.xx

Thank you for all your help once again!

NEX_Router#show ip int brief

Interface                  IP-Address      OK? Method Status                Prot                                    ocol

Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down                                   

GigabitEthernet0/0         10.25.131.1     YES NVRAM  down                  down                                   

GigabitEthernet0/1         12.16.xxx.xx    YES NVRAM  down                  down                                   

NVI0                       unassigned      YES unset  administratively down down      

Yep. They look to be up waiting for a connection. Once you get it connected, the default route will show up in your routing table.

You're welcome!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John - I connected everything and it worked great, thank you for your help once again!

I now find myself adding a Cisco 1242 AP to the switch that for wifi access.

I have the router to router to configuration set up - I can  get to the internet. The router is configured with the DHCP pool, I am  getting an IP address from this range.I  have created a VLAN 100 on the switch which I have dedicated a few ports  too. I only have one VLAN so I didn't enable trunking just access on  the VLAN. I have the SSID and VLAN set up on the AP through the web  interface.

Switch 2900XL 24 ports
VLAN 100:::Ports FA0/4-0/24

Router:::FA0/24

AP:::FA0/23

The  problem is I can't get out to the internet using wireless. I can ping  the AP's IP address from the network, I can also ping the Default  gateway. I can't get an IP address though from the DHCP pool of the  Router.

I guessing I need to do more configuring from the console on the AP itself or maybe the router -

Some forums suggest using sub-interfaces on the router...Assigning the Sub interface to the VLAN.

If I have the VLAN setup do I need to establish a new dhcp pool on the Router for the AP to give out ips?

Would you have any quick thoughts!?

Thank you