Author Topic: More Cisco Config Help Please ?? (Read 5785 times)

BigSoy · **Reply #30 on:** November 24, 2006, 17:58:22 PM

Re:More Cisco Config Help Please ??

Reply #30 on: November 24, 2006, 17:58:22 PM

Hey, if my data gets where its going by carrier pigeon, smoke-signal, super-duper-ninja-lasers, phone, speech, net, whatever, Im happy

Mardoni · **Reply #31 on:** November 24, 2006, 18:01:43 PM

More Cisco Config Help Please ??

Reply #31 on: November 24, 2006, 18:01:43 PM

lol, doesnt say a lot for people like me who write network based software

*mutter*

Still its a learning curve and maybe one day Ill save someone from the perils of Cisco by saying "No, dont be a tool...get a DG834"

lol

Porch Monkey · **Reply #32 on:** November 28, 2006, 10:20:49 AM

More Cisco Config Help Please ??

Reply #32 on: November 28, 2006, 10:20:49 AM

Unfortunately its one of the problems that the logging on the Ciscos (unless you know the intricacies of the hidden debugs) arent as help ful as they could be. Still, better than a DG834 (but then you do need to use them more)

Right, Im off to re-engineer my datacentre for 4Gb internet load balancing...wish me luck.

cornet · **Reply #33 on:** December 01, 2006, 11:39:36 AM

More Cisco Config Help Please ??

Reply #33 on: December 01, 2006, 11:39:36 AM

Ciscos debugging is fun in general.

* Take 1 Cisco Router
* Make it talk BGP to somewhere else (e.g. tier 1 ISP)
* Stuff a reasonable amount of traffic through it
* Turn on debug

Now your task is to turn off debug in 30seconds or less

Good luck !

Cornet

Mardoni · **Reply #34 on:** December 01, 2006, 11:44:56 AM

More Cisco Config Help Please ??

Reply #34 on: December 01, 2006, 11:44:56 AM

tell me about it

I had trouble switching off debug on the WAN interface when it was just dealing with a pretty low amount of standard web traffic

Porch Monkey · **Reply #35 on:** December 01, 2006, 14:40:53 PM

More Cisco Config Help Please ??

Reply #35 on: December 01, 2006, 14:40:53 PM

The last command you type in before running any debug is undebug all

That way as soon as you hit enter on your debug you hit ctrl-P then hit enter.

And roberts your fathers brother

Mardoni · **Reply #36 on:** December 02, 2006, 12:09:14 PM

More Cisco Config Help Please ??

Reply #36 on: December 02, 2006, 12:09:14 PM

That is a quality tip

ion · **Reply #37 on:** December 07, 2006, 17:21:40 PM

More Cisco Config Help Please ??

Reply #37 on: December 07, 2006, 17:21:40 PM

Quote from: Porch Monkey

The last command you type in before running any debug is undebug all

That way as soon as you hit enter on your debug you hit ctrl-P then hit enter.

And roberts your fathers brother

Or use buffered logging and disable terminal/console monitor?

un a is usually sufficient if in a pickle

Mardoni · **Reply #38 on:** December 18, 2006, 17:15:25 PM

More Cisco Config Help Please ??

Reply #38 on: December 18, 2006, 17:15:25 PM

Anyone up for some advice on setting up QoS policing ?

I cannot determine whether I need to use NBAR or whether a plan ACL will do to identify the traffic. My other problem is that I am not at all sure how to mark the traffic once it is identified so that I can treat it properly.

What I am trying to do (OTT no doubt) is prioritise both in and out (as much as possible with in) so that I get something similar to this:

Xbox Live   [Highest - upto 2mbit if needed]

Skype      [All just below Live!, again upto 1mbit if needed]
PPTP / GRE

Everything else   [Standard, as it happens]

NNTP      [Lowest, takes what it can when it can]

Any pointers ? I think my main problem is that I cannot figure out how to uniquiely identify the traffic that falls into the different classes.

Mardoni · **Reply #39 on:** December 19, 2006, 18:18:23 PM

More Cisco Config Help Please ??

Reply #39 on: December 19, 2006, 18:18:23 PM

Ok, Ive come up with this and so far I think its ok. Is there anything painfully obvious that I could be doing better ?

...updated below...

Mardoni · **Reply #40 on:** December 20, 2006, 12:03:51 PM

More Cisco Config Help Please ??

Reply #40 on: December 20, 2006, 12:03:51 PM

Ok; Ive updated to this but I am getting an error that I dont fully understand:

Code: [Select]


! Skype Port(s) Maybe ?
ip nbar port-map custom-01 tcp 39183
ip nbar port-map custom-01 udp 39183
! Windows RDP
ip nbar port-map custom-02 tcp 3389
ip nbar port-map custom-02 udp 3389
! Customised PCAnywhere - Remove 5634 from Gnutella range
ip nbar port-map gnutella tcp 6346 6347 6348 6349 6455
ip nbar port-map pcanywhere tcp 5631 5632 5633 5634 5635 5636 65301
ip nbar port-map pcanywhere udp 22 5631 5632 5633 5634 5635 5636 65301
!
!
ip access-list extended VPNout
permit ip any host 81.149.1.165
permit gre any host 81.149.1.165
!
!
ip access-list extended IMSkype
permit tcp any eq 1863 any
permit udp any eq 1863 any
!
!
ip access-list extended gaming
remark Counter-Strike
permit tcp any any range 27030 27039
permit tcp any any range 27015 27020
permit udp any any range 27000 27015
permit udp any any eq 1200
remark Xbox Live
permit tcp any any eq 3074
permit udp any any eq 3074
permit tcp any any eq 88
!
!
class-map match-any vpnconx
match access-group name VPNout
!
!
class-map match-any VIPIM
match access-group name IMSkype
match protocol custom-01
!
!
class-map match-any RDProtocols
match protocol pcanywhere
match protocol custom-02
!
!
class-map match-any onlinegames
match access-group name gaming
!
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol imap
!
!
no policy-map 7sixQoS
policy-map 7sixQoS
class VIPIM
bandwidth percent 16
set dscp ef
!
class vpnconx
bandwidth percent 32
!
class RDProtocols
bandwidth remaining percent 50
!
class onlinegames
bandwidth remaining percent 70
set dscp ef
!
class WebEmail
bandwidth remaining percent 75
!
class class-default
fair-queue
random-detect
!
!
interface Ethernet0/0
bandwidth 400
ip nbar protocol-discovery
service-policy output 7sixQoS
!
!

Is giving me the error(s):

Quote

All classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units

I did want to specify actual kbits values for VIPIM and vpnconx but from that error msg I guessed that everything has to be in % or nothing ??

Mark · **Reply #41 on:** December 20, 2006, 14:36:32 PM

Re:More Cisco Config Help Please ??

Reply #41 on: December 20, 2006, 14:36:32 PM

class VIPIM
bandwidth percent 16
set dscp ef
!
class vpnconx
bandwidth percent 32
!
class RDProtocols
bandwidth remaining percent 50
!
class onlinegames
bandwidth remaining percent 70
set dscp ef
!
class WebEmail
bandwidth remaining percent 75
!
class class-default
fair-queue
random-detect

You are mixing types - explicit percentage with remaining - you cant do that !

M3ta7h3ad · **Reply #42 on:** December 20, 2006, 15:20:29 PM

More Cisco Config Help Please ??

Reply #42 on: December 20, 2006, 15:20:29 PM

Quote from: Nimrod

Ok; Ive updated to this but I am getting an error that I dont fully understand:

Code: [Select]
! Skype Port(s) Maybe ? ip nbar port-map custom-01 tcp 39183 ip nbar port-map custom-01 udp 39183 ! Windows RDP ip nbar port-map custom-02 tcp 3389 ip nbar port-map custom-02 udp 3389 ! Customised PCAnywhere - Remove 5634 from Gnutella range ip nbar port-map gnutella tcp 6346 6347 6348 6349 6455 ip nbar port-map pcanywhere tcp 5631 5632 5633 5634 5635 5636 65301 ip nbar port-map pcanywhere udp 22 5631 5632 5633 5634 5635 5636 65301 ! ! ip access-list extended VPNout permit ip any host 81.149.1.165 permit gre any host 81.149.1.165 ! ! ip access-list extended IMSkype permit tcp any eq 1863 any permit udp any eq 1863 any ! ! ip access-list extended gaming remark Counter-Strike permit tcp any any range 27030 27039 permit tcp any any range 27015 27020 permit udp any any range 27000 27015 permit udp any any eq 1200 remark Xbox Live permit tcp any any eq 3074 permit udp any any eq 3074 permit tcp any any eq 88 ! ! class-map match-any vpnconx match access-group name VPNout ! ! class-map match-any VIPIM match access-group name IMSkype match protocol custom-01 ! ! class-map match-any RDProtocols match protocol pcanywhere match protocol custom-02 ! ! class-map match-any onlinegames match access-group name gaming ! ! class-map match-any WebEmail match protocol http match protocol secure-http match protocol smtp match protocol pop3 match protocol imap ! ! no policy-map 7sixQoS policy-map 7sixQoS class VIPIM bandwidth percent 16 set dscp ef ! class vpnconx bandwidth percent 32 ! class RDProtocols bandwidth remaining percent 50 ! class onlinegames bandwidth remaining percent 70 set dscp ef ! class WebEmail bandwidth remaining percent 75 ! class class-default fair-queue random-detect ! ! interface Ethernet0/0 bandwidth 400 ip nbar protocol-discovery service-policy output 7sixQoS ! !

Is giving me the error(s):
Quote
All classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units

I did want to specify actual kbits values for VIPIM and vpnconx but from that error msg I guessed that everything has to be in % or nothing ??

youve two different percents...

your using remaining percent, and percent.

At least thats my guess.

Mardoni · **Reply #43 on:** December 21, 2006, 21:52:29 PM

More Cisco Config Help Please ??

Reply #43 on: December 21, 2006, 21:52:29 PM

Cheers Mark and spot on Meta

I am an ass-hat

M3ta7h3ad · **Reply #44 on:** December 22, 2006, 07:29:10 AM

More Cisco Config Help Please ??

Reply #44 on: December 22, 2006, 07:29:10 AM

lol didnt even notice mark posting

lol

News:

Author Topic: More Cisco Config Help Please ?? (Read 5785 times)