Hi,

I would like to implement simple QOS between two C881 Ethernet router.

There are a GRE over IPSec Tunnel between both and 2 vlans configured on it (data & voice).

The fa4 is connected to a modem, and a dialer is configured with the PPP account provided by the ISP.

The DSL line is a 30 Megas bits download and 2 Megas bits upload.

This is my config on one side (the other is the same with reversed) WITHOUT QOS CONFIG injected.

This config works fine.

!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname my_site
!
boot-start-marker
boot-end-marker
!
enable secret cisco
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.200.1
ip dhcp excluded-address 192.168.200.240
ip dhcp excluded-address 192.168.200.241
ip dhcp excluded-address 192.168.0.251
!
ip dhcp pool local_network
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8
!
ip dhcp pool Voice
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
!
!
ip cef
no ip domain lookup
ip domain name S1.lan
no ipv6 cef
!
!
vpdn enable
!
vpdn-group 1
!
!
!
username cisco privilege 15 secret cisco

!
!
ip ssh version 2
!
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key S1.key address IP_address_of_remote_site
!
!
crypto ipsec transform-set MYSET esp-des
!
crypto map MYMAP 1 ipsec-isakmp
set peer IP_address_of_remote_site
set transform-set MYSET
match address 100
!
!
!
!
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.252
keepalive 10 2
tunnel source Dialer0
tunnel destination IP_address_of_remote_site
!
interface FastEthernet0
description TOswitch
!
interface FastEthernet1
!
interface FastEthernet2
description ToPABX#1
switchport access vlan 2
!
interface FastEthernet3
description ToPABX#2
switchport access vlan 2
!
interface FastEthernet4
description WAN Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Vlan2
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description ISP
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname mypppaccount
ppp chap password myppppassword
ppp pap sent-username mypppaccount password myppppassword
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map MYMAP
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 150 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.123.0 255.255.255.0 172.16.1.1
ip route 192.168.223.0 255.255.255.0 172.16.1.1
!
access-list 100 permit gre host IP_address_of_my_site host IP_address_of_remote_site
access-list 150 permit ip 192.168.0.0 0.0.0.255 any
access-list 150 permit ip 192.168.200.0 0.0.0.255 any
no cdp run
!
!
!
!
snmp-server community public RO
!
control-plane
!
banner login ^C
########### !!!!!!!!!!!!!!!!!!!!!!!! ###########

     - Unauthorized access is prohibited -

################################################
^C
!
line con 0
logging synchronous
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
login local
transport input telnet ssh
!
scheduler max-task-time 50
end

I would like to make a priority during the congestion.

For testing, I make a call with a sip direct application (SJphone) between the 2 sites and I transfer a lot of Data with a FTP transfert!

I make this conf:

conf t
int dialer0
bandwidth 2000
ip nbar protocol-discovery

sh ip nbar protocol-discovery int dialer 0

                            Input                    Output
                            -----                    ------
   Protocol                 Packet Count             Packet Count
   ------------------------ ------------------------ ------------------------
   http                     40655                    20546
   ftp                      0                        15419
   ipsec                    12923                    0
   rtp                      0                        2112
   skype                    0                        501
   telnet                   0                        104
   gre                      0                        50
   snmp                     0                        50
   isakmp                   21                       0
   dns                      11                       0
   sip                      0                        4

A this point, I can view the voice & data trafic: OK

Now, I inject a QoS config:

conf t
class-map match-any VOIP-SIGNALING
match protocol sip
class-map match-any VOIP-RTP
match protocol rtp audio
match protocol skype
!
!
!
policy-map VOIPQOSout
class VOIP-RTP
    priority percent 20
class VOIP-SIGNALING
    bandwidth percent 5
class class-default
    fair-queue
!
!
!
interface dialer 0
service-policy output VOIPQOSout
!

The problem: When i inject this config, the int dialer0 goes down !

and when it goes up, no packets are classed by the policy (all packets are classed in the "class-default" class ).

Jul  9 13:18:04.318: %DIALER-6-UNBIND: Interface Vi3 unbound from profile Di0
Jul  9 13:18:04.338: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
Jul  9 13:18:05.306: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
Jul  9 13:18:05.330: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

sh policy-map interface dialer 0
Dialer0

  Service-policy output: VOIPQOSout

    Class-map: VOIP-RTP (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol rtp audio
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol skype
        0 packets, 0 bytes
        5 minute rate 0 bps
      Queueing
        Strict Priority
        Output Queue: Conversation 264
        Bandwidth 20 (%)
        Bandwidth 400 (kbps) Burst 10000 (Bytes)
        (pkts matched/bytes matched) 0/0
        (total drops/bytes drops) 0/0

    Class-map: VOIP-SIGNALING (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol sip
        0 packets, 0 bytes
        5 minute rate 0 bps
            Queueing
        Output Queue: Conversation 265
        Bandwidth 5 (%)
        Bandwidth 100 (kbps)Max Threshold 64 (packets)
        (pkts matched/bytes matched) 0/0
        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)
      938 packets, 488252 bytes
      5 minute offered rate 12000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 256
        (total queued/total drops/no-buffer drops) 0/0/0

Can you help me ?

is it a best qos config ?

Maybe the C881 is not compatible ?

a IOS bug ?

Thanks for helps !

class-default