11-24-2014 01:42 PM - edited 03-05-2019 12:13 AM
Existing network, 2 data vlans(A & B), 2 voice vlans...dual circuits (MPLS/Internet).. just upgraded internet circuit from 4m to 50m. Speedtests from vlan A are OK (47down/47up), however any machine on vlan B are incorrect (3down/17up).. ISP router duplex/speed is set to auto/auto as well as my side. I have QOS policies setup but only on the MPLS route which is not having an issue.. traceroutes show all traffic taking correct route. What would it be? Cisco 2911 Version 15.0(1)M5, RELEASE SOFTWARE (fc2)
11-25-2014 01:38 AM
Please provide configuration of your 2951 and how the devices in vlan A and vlan B (you were using for tests) are connected to the router.
Have you tried to run test on a single laptop connected to single switch's port, but putting it into different VLANs (by soft configuration)?
11-25-2014 06:47 AM
here is the switch router config. we are using this for layer 3 connectivity. Yes, I have tested with a single laptop.. thats how I was able to isolate to just "VLAN B"
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
logging monitor informational
enable secret 5 xxx
!
aaa new-model
!
!
aaa group server tacacs+ TACACS-1
server-private xxx key 7 xxx
ip tacacs source-interface GigabitEthernet0/0
!
aaa authentication login default group TACACS-1 line
aaa authentication enable default enable
aaa accounting exec default
action-type start-stop
group TACACS-1
!
aaa accounting commands 1 default
action-type start-stop
group TACACS-1
!
aaa accounting commands 15 default
action-type start-stop
group TACACS-1
!
aaa accounting network default
action-type start-stop
group TACACS-1
!
aaa accounting system default
action-type start-stop
group TACACS-1
!
!
!
!
!
!
aaa session-id common
!
!
!
memory-size iomem 25
!
no ipv6 cef
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip vrf vpn-vrf
rd 36:36
!
!
!
no ip bootp server
no ip domain lookup
ip domain name xxx.com
ip name-server xxx
ip name-server xxx
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2911/K9 sn xxx
license accept end user agreement
license boot module c2900 technology-package securityk9
!
!
!
redundancy
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
track 1 ip sla 1 reachability
delay down 15 up 10
!
track 2 ip sla 2 reachability
delay down 15 up 10
!
track 3 ip sla 3 reachability
delay down 15 up 10
!
track 4 ip sla 4 reachability
delay down 15 up 10
!
class-map match-any Critical-Traffic-Class
match access-group name Critical-Traffic
match access-group name Voice-Signaling
class-map match-any xxx-Traffic-Class
match access-group name xxx-Traffic
match protocol telnet
match protocol ssh
class-map match-any BGP
match protocol bgp
class-map match-any Voice-Media-Class
match access-group name Voice-Media
class-map match-any Scavenger
match protocol http url "*youtube*"
match protocol http url "*espn*"
class-map match-any COS1
match ip dscp ef
match access-group name RT_Media
!
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
policy-map AVPN-QOS-MAP
class Voice-Media-Class
priority percent 30
set dscp ef
class Critical-Traffic-Class
bandwidth remaining percent 50
set dscp af31
service-policy MARK-BGP
class xxx-Traffic-Class
bandwidth remaining percent 15
set dscp af21
class Scavenger
bandwidth remaining percent 5
set ip dscp af11
class class-default
bandwidth remaining percent 5
set ip dscp default
policy-map AVPN-SHAPING
class class-default
shape average 4000000
service-policy AVPN-QOS-MAP
!
!
crypto keyring dmvpn_keyring vrf vpn-vrf
pre-shared-key address 0.0.0.0 0.0.0.0 key xxx
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set AES-SHA
!
!
!
!
!
!
interface Loopback0
ip address xxx 255.255.255.255
!
!
interface Loopback200
description AVPN Policy Routing
ip address xxx 255.255.255.255
!
!
interface Loopback253
description DMVPN Policy Routing IP
ip address xxx 255.255.255.255
!
!
interface Tunnel1
description xx DMVPN
ip address xxx 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication xx*dmvpn
ip nhrp map multicast dynamic
ip nhrp map multicast xxx
ip nhrp map xxx xxx
ip nhrp network-id 250
ip nhrp holdtime 120
ip nhrp nhs xxx
ip nhrp shortcut
ip tcp adjust-mss 1396
qos pre-classify
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 250
tunnel vrf vpn-vrf
tunnel protection ipsec profile DMVPN shared
!
!
interface Tunnel2
description xxx DMVPN
ip address xxx 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication xx*dmvpn
ip nhrp map multicast dynamic
ip nhrp map multicast xxx
ip nhrp map xxx xxx
ip nhrp network-id 251
ip nhrp holdtime 120
ip nhrp nhs 10.100.251.1
ip nhrp shortcut
ip tcp adjust-mss 1396
qos pre-classify
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 251
tunnel vrf vpn-vrf
tunnel protection ipsec profile DMVPN shared
!
!
interface GigabitEthernet0/0
ip address xxx 255.255.255.0
ip flow egress
ip policy route-map POLICY-ROUTING
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
description ** Internet Windstream 50M **
bandwidth 50000
ip vrf forwarding vpn-vrf
ip address xxx 255.255.255.252
ip access-group internet-in in
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no mop enabled
!
!
interface GigabitEthernet0/2
no ip address
duplex full
speed 100
!
max-reserved-bandwidth 100
!
interface GigabitEthernet0/2.947
description ** AT&T AVPN 4M **
bandwidth 4000
encapsulation dot1Q 947
ip address xxx 255.255.255.252
service-policy output AVPN-SHAPING
!
!
router eigrp 100
distribute-list route-map EIGRP->DMVPN out Tunnel1
distribute-list route-map EIGRP->DMVPN out Tunnel2
network xxx 0.0.0.0
network xxx 0.0.0.0
network xxx 0.0.0.0
network xxx 0.0.0.0
network xxx
network xxx
network xxx
network xxx
redistribute eigrp 1 metric 100 10 255 1 1500
passive-interface default
no passive-interface Tunnel1
no passive-interface Tunnel2
eigrp router-id xxx
!
!
router eigrp 1
network xxx 0.0.0.0
passive-interface default
no passive-interface GigabitEthernet0/0
!
router bgp 65036
bgp router-id 10.0.36.1
bgp log-neighbor-changes
neighbor xxx remote-as 13979
neighbor xxx description AT&T AVPN
!
address-family ipv4
no synchronization
network xxx mask 255.255.255.255
network xxx mask 255.255.255.255
network xxx
network xxx
network xxx
network xxx
neighbor xxx activate
neighbor xxx soft-reconfiguration inbound
neighbor xxx route-map AVPN-IN-RM in
neighbor xxx route-map AVPN-OUT-RM out
no auto-summary
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip flow-top-talkers
top 20
sort-by bytes
!
ip route vrf vpn-vrf 0.0.0.0 0.0.0.0 xxx
!
ip access-list extended Critical-Traffic
remark >>Critical Traffic<<
permit ip any xxx 0.0.0.255
ip access-list extended xx-Traffic
permit ip any xxx 0.255.255.255
permit ip any xxx 0.0.255.255
ip access-list extended TO-DMVPN-REMOTES
permit ip xxx 0.0.1.255 192.168.0.0 0.0.255.255
permit ip xxx0.0.1.255 192.168.0.0 0.0.255.255
ip access-list extended Voice-Media
remark >> Avaya RTP Traffic <<
permit udp any range 2048 5999 any range 2048 5999
remark >> IPT RTP Traffic <<
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended Voice-Signaling
remark >> permit Avaya & H.323 <<
permit tcp any eq 1720 any
permit tcp any any eq 1720
permit tcp any eq 1719 any
permit tcp any any eq 1719
ip access-list extended internet-in
permit icmp host xxx any echo
permit gre any any
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit tcp host xxx any eq 22
permit tcp host xxx any eq 22
deny ip any any
!
!
ip prefix-list AVPN-IN seq 5 permit xxx le 32
ip prefix-list AVPN-IN seq 10 permit xxx
ip prefix-list AVPN-IN seq 15 permit xxx
ip prefix-list AVPN-IN seq 20 permit xxx
ip prefix-list AVPN-IN seq 25 permit xxx
ip prefix-list AVPN-IN seq 30 permit xxx
!
ip prefix-list AVPN-OUT seq 5 permit xxx
ip prefix-list AVPN-OUT seq 10 permit xxx
ip prefix-list AVPN-OUT seq 15 permit xxx
ip prefix-list AVPN-OUT seq 20 permit xxx
ip prefix-list AVPN-OUT seq 25 permit xxx
ip prefix-list AVPN-OUT seq 30 permit xxx
!
ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list Local-Nets seq 5 permit xxx
ip prefix-list Local-Nets seq 10 permit xxx
ip prefix-list Local-Nets seq 15 permit xxx
ip prefix-list Local-Nets seq 20 permit xxx
!
ip prefix-list Local-Nets->DMVPN seq 5 permit xxx
ip prefix-list Local-Nets->DMVPN seq 10 permit xxx
ip prefix-list Local-Nets->DMVPN seq 15 permit xxx
ip prefix-list Local-Nets->DMVPN seq 20 permit xxx
ip prefix-list Local-Nets->DMVPN seq 25 permit xxx
ip prefix-list Local-Nets->DMVPN seq 30 permit xxx
ip sla 1
icmp-echo xxx source-interface Loopback200
threshold 100
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 1.1.253.1 source-interface Loopback253
threshold 100
frequency 5
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 1.1.253.2 source-interface Loopback253
threshold 100
frequency 5
ip sla schedule 3 life forever start-time now
ip sla 4
icmp-echo 172.16.200.2 source-interface Loopback200
threshold 100
frequency 5
ip sla schedule 4 life forever start-time now
logging trap warnings
logging origin-id hostname
logging source-interface Loopback0
logging xxx
logging xxx
access-list 10 permit xxx
access-list 10 permit xxx
access-list 10 permit xxx
access-list 10 permit xxx
!
!
!
!
route-map AVPN-IN-RM deny 10
match ip address prefix-list DEFAULT-ROUTE
!
route-map AVPN-IN-RM permit 20
match ip address prefix-list AVPN-IN
!
route-map EIGRP->DMVPN permit 10
match ip address prefix-list Local-Nets->DMVPN
!
route-map AVPN-OUT-RM permit 10
match ip address prefix-list AVPN-OUT
!
route-map deny-all deny 10
!
route-map POLICY-ROUTING deny 5
match ip address TO-DMVPN-REMOTES
!
route-map POLICY-ROUTING permit 10
match ip address Critical-Traffic
set ip next-hop verify-availability xxx track 1
set ip next-hop verify-availability xxx 2 track 2
set ip next-hop verify-availability xxx 3 track 4
!
route-map POLICY-ROUTING permit 20
match ip address xxx-Traffic
set ip next-hop verify-availability xxx track 2
set ip next-hop verify-availability xxx track 3
!
route-map POLICY-ROUTING permit 30
set ip next-hop verify-availability xxx 1 track 3
set ip next-hop verify-availability xxx 2 track 2
!
!
snmp-server community xxx RW
snmp-server community vector RO
snmp-server trap link ietf
snmp-server location xxx
snmp-server contact xxx IM
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps envmon
snmp-server enable traps bgp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps ipsla
snmp-server host xxx vector
!
control-plane
!
!
banner login ^C
******************* WARNING ********************
* *
* You have accessed a private computer system. *
* Unauthorized access or use of this system is *
* strictly prohibited and may be subject to *
* criminal and/or civil penalties. *
* *
* Violators will be prosecuted to the fullest *
* extent of the law. *
* *
************************************************
************************************************
^C
!
line con 0
line aux 0
line vty 0 4
session-timeout 15
exec-timeout 15 0
privilege level 15
password 7 xxx
transport preferred telnet
transport input telnet ssh
transport output telnet ssh
line vty 5 15
session-timeout 15
exec-timeout 15 0
privilege level 15
password 7 xxx
transport preferred telnet
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide