cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
901
Views
0
Helpful
13
Replies

Help with Router Configurations

jprudencio7591
Level 1
Level 1

We recently upgraded our bandwidth from 30Mbps to 100Mbps from our ISP. Ever since then we have been having problems with bandwidth to our two branch sites. I had to struggle to get everything connecting at 100 Full Duplex, forcing some to take. We primarily struggle with upload speeds. I am new to this position and have inherited the configuration on the routers. We have two branch offices and a main branch which is configured in a standard hub and spoke topology. Branch 1 and 2 connect to the main branch and then out. I see that there was a policy-map put in place and the computers referenced in the policy seem to be having the most problem as those are our primary working computers that access an SQL database. As the day goes on the problems worsen. Can anyone suggest a configuration for the routers? I have worked with Cisco in the past but would consider myself somewhat of a newbie. I have uploaded the configurations of each router.

 

Thanks,

13 Replies 13

petenixon
Level 3
Level 3

Is it possible for you to remove the policy maps from the interfaces and re-test?

I'm not quite sure how to remove them. Could you guide me? I'm thinking that it would be

no service-policy qos

for each interface. Does that sound correct?

 

Thanks,

Use no service-policy output <name> under the interface configuration.

Hi again. I've just checked your attachments a little more closely. A lot of your interfaces are experiencing input errors. Specifically CCPL-NEWPORT fa0/0 interface:

2546727 input errors, 155903 CRC

Is it possible to see the output of a show interface of the switch trunk port? It looks like you may have a layer 1 problem.

Branch2 also has a number of input errors although not quite as extreme:

578 input errors, 0 CRC

Hey petenixon,

I was able to remove the service-policy from each of the interfaces and still the same problem. The switches are actually unmanaged so I cannot get any info on the switch trunk port. I just think that it's a duplex issue. The reason I say that is I should be able to set the router interfaces to auto negotiate and I would expect them to connect at 100 full duplex but they do not. They connect at 100 half duplex so I have to force them 100 full. If it can only negotiate a 100 half connection but I force it anyway I would assume I would get errors correct?

 

 

Is it possible for you to attach the output of a show log from the routers, and an updated show interfaces to use as a comparison?

If it were a duplex mismatch the collisions counter would increment but i'm not seeing that, only input and CRC errors. The interface will also default to 10/100 half if autonegotiation fails and the port is not gig ethernet. That could point to a problem with the unmanaged switches or possibly a cabling issue.

 

Hello,

I've uploaded the files you requested. The log files do show where I was toggling between auto and forced full duplex and speed settings and I have cleared the counters on the interfaces since my original post.

 

Thank you,

Can you tell me what kind of device connects to Main Branch Fa0/0 interface?

I would like to gain further understanding so I can work out what's causing the errors below (although I think this may be a congested link):

Main Branch#show  interfaces
FastEthernet0/0 is up, line protocol is up
     Description: Main Branch LAN
     rxload 66/255
     11749 input errors, 0 CRC, 0 frame, 0 overrun, 11749 ignored
     5479 unknown protocol drops

Hello,

"Main Branch LAN" would be connecting to an unmanaged switch (I think a Dell 2324)

 

Thanks,

Emmanuel Valdez
Level 3
Level 3

Hi,

Can you post your topology? Do you want to communicate the branches via VPN?

Regards.

I threw together a quick topology of the WAN. Let me know if you need more detail.

 

Thanks,

Forgot to add, I don't think it is necessary to communicate to the branches via VPN. 

Emmanuel Valdez
Level 3
Level 3

Hi,

I can see on your topology that your Branches are comunicated by your ISP and not by Internet, so you donĀ“t need VPN between them, the configuration that you only need is basic routing to reach the SQL databases.

First step is define the Network Segments in each branch, it depends on the quantity of users, I recommend one VLAN for management, one for users, one for voice, one for servers and one for guest, for this you need switches that support VLANĀ“s, minimum layer 2 VLANĀ“s.

Second is configure each router with the defined VLANĀ“s.

The last step is to route the SQL databases Network Segment to branches, for example into branch 1 you have to define one route to SQL, ip route x.x.x.x y.y.y.y.y z.z.z.z

Where x.x.x.x is the SQL segment.

             y.y.y.y is the network mask.

             z.z.z.z is the IP of the 2811 WAN interface that connect to the branch.

When you have your final scheme, you have to configure security, for example access via ssh, access restriccion by acl, line vty timeouts, etc.

Please let me know if you need anything else.

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco

Ā