Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 550
  • Last Modified:

Need assistance with hardware options for a Cisco 2620XM router

I have a customer with three office locations. All three locations are connected with two T1s. I originally set this up with Cisco 1720 routers at each location. I have since replaced two of the routers with Cisco 2620XM routers, because this client has some IP-based phones that need QOS capability.

Location 1 - Cisco 1720; has 1 serial WIC connecting to Location 2 and an ethernet WIC for an inbound VPN to an internal VPN concentrator

Location 2 - Cisco 2620XM (formally a Cisco 1720); has 1 serial WIC connection to Location 1 and DSU WIC connecting to Location 3.

Location 3 - Cisco 2620XM (formally a Cisco 1720); has 1 DSU WIC connecting to Location 2.

Each location has its own network - Location 1 - 192.168.0.0; Location 2 - 192.168.1.0; Location 3 - 192.168.2.0

There is a PIX firewall at Location 1 that supplies Internet access to all locations

The T1 that runs between Location 1 and Location 2 is provisioned for voice and data; I don't know the exact amount, but I would say data is no more than 50%.

As you can imagine, the T1 between Location 1 and Location 2 is getting quite slow, with all of the Internet and data traffic. The phone guys for them setup a phone server at Location 2 and it connects to IP-based phones at Location 3. That is when I upgraded the old Cisco 1720 routers with the Cisco 2620XM routers at Location 2 and Location 3.

Now they want to add an additional T1 between Location 1 and Location 2 and move the data to it to increase performance, but they also want to add about 6 more IP phones to Location 1 that will connect to Location 2's phone server.

I have ordered another Cisco 2620XM router for Location 1, and plan on moving the WICs and configs to the new router.

The phone guys want to have the QOS capability through the new router, but I will only have 2 WIC slots in that router (and still will only have 2 after upgrading) and they are both being used.

The grand plan is to put the phone network on its own IP block (192.168.5.0) to get it by itself. But the phone guys want to have it accessible by the other networks and also have the QOS capability of the router.

It looks to me like I have to run both T1s and the VPN connection into the new router at Location 1, and all three T1s into the router at Location 2, but that would require 3 WIC cards, at Location 1 and Location 2.  I only have 2 WIC slots. I know there are expansion options to give me more slots and stuff, but I am clueless to what I actually can use or need.

Can anyone tell me how I can do this? What parts do I need?

If you need a detailed drawing of this, I can give it a try and upload something.

Thanks in advance...
0
grberk
Asked:
grberk
  • 9
  • 4
  • 2
  • +1
2 Solutions
 
lrmooreCommented:
A drawing would really help
Consider using MPLS instead of multiple p2p T1's.
You can get 2xT1 at central site and 1xT1 at each of the other sites.
Classify the voip traffic using diffserv and MPLS cloud will carry it end-end as priority traffic
Done.
How do you classify the voip traffic? Simple access-lists. Any traffic to/from the IP address of the PBX is priority. Period.
Done.

Example:

access-list 101 permit ip host a.b.c.d any <== call setup
access-list 101 permit ip host a.b.c.e any <== voip packets

{ reverse the acl for each remote }
{ access-list 101 permit ip any host a.b.c.e
{ access-list 101 permit ip any host a.b.c.e

class-map match-all HI
 match access-group 101
!
policy-map MPLSCOS
!
 class HI
  bandwidth remaining percent 60
  set ip dscp af31
!
 class class-default
  bandwidth remaining percent 40
  set ip dscp default
!
interface serial 0/1
 max-reserved-bandwidth 100
 service-policy output MPLSCOS

DONE!
0
 
grberkAuthor Commented:
I don't know if this makes any difference or not, but the T1s are not on the Internet. They are internal.

Does that change anything you just said? I'll get a diagram together tonight and upload it.
0
 
lrmooreCommented:
Does not change a thing. MPLS does not touch the internet.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
grberkAuthor Commented:
OK. I have created a graphic.

http://flickr.com/photo_zoom.gne?id=145329183&size=o

Here are the router configs:

Location 1
--------------
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname zzzzz
!
enable secret 5 $1$2Q8m$nGD8uFY3IWdZn0PbdQvK00
enable password xxxxxxx
!
ip subnet-zero
ip host ZZZZZZ 192.168.0.10
ip host zzzzzz 172.16.0.2 192.168.1.1 172.16.1.1
ip host ZZZZZZ 172.16.1.2 192.168.2.1
!
!
!
!
interface Ethernet0
 ip address 192.168.224.1 255.255.255.0
 ip nat outside
 half-duplex
!
interface FastEthernet0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 speed auto
 half-duplex
!
interface Serial0
 ip address 172.16.0.1 255.255.255.0
 no fair-queue
!
ip nat inside source static 192.168.0.21 192.168.224.21
ip nat inside source static 192.168.0.30 192.168.224.30
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.10
ip route xx.xx.xx.xx 255.255.255.192 192.168.224.2
ip route 172.16.1.0 255.255.255.0 Serial0
ip route 192.168.1.0 255.255.255.0 Serial0
ip route 192.168.2.0 255.255.255.0 Serial0
no ip http server
!
!
!
line con 0
 exec-timeout 5 0
 logging synchronous
line aux 0
line vty 0 4
 password xxxxxxx
 login
!
end


Location 2
--------------
Current configuration : 1001 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname zzzzzzz
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$4gzB$x3JUQNROwIT3abenpmN360
enable password xxxxxxx
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip host xxxxxxx 172.16.1.2 192.168.2.1
ip host xxxxxxx 192.168.0.1 172.16.0.1
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 speed auto
 half-duplex
 no mop enabled
!
interface Serial0/0
 ip address 172.16.0.2 255.255.255.0
 no fair-queue
!
interface Serial0/1
 ip address 172.16.1.1 255.255.255.0
 no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 192.168.0.0 255.255.255.0 Serial0/0
ip route 192.168.2.0 255.255.255.0 Serial0/1
no ip http server
!
!
line con 0
 exec-timeout 5 0
 logging synchronous
line aux 0
line vty 0 4
 password zzzzzzz
 login
!
!
!
end


Location 3
--------------
Current configuration : 1213 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname zzzzz
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$p9sj$vohlqmKnsc.alsmp8SC17/
enable password zzzzzzz
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.199
!
ip dhcp pool 1
   network 192.168.2.0 255.255.255.0
   domain-name zzzzzzzzzzzzzzz
   default-router 192.168.2.1
   dns-server 192.168.1.2 XX.XX.XX.XX
!
ip host zzzzzzz 172.16.0.1 192.168.0.1
ip host ZZZZZZZ 172.16.0.2 192.168.1.1 172.16.1.1
ip host ZZZZZZZ 192.168.0.10
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.2.1 255.255.255.0
 speed auto
 half-duplex
 no mop enabled
!
interface Serial0/0
 ip address 172.16.1.2 255.255.255.0
 no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 172.16.0.0 255.255.255.0 Serial0/0
ip route 192.168.0.0 255.255.255.0 Serial0/0
ip route 192.168.1.0 255.255.255.0 Serial0/0
no ip http server
!
!
line con 0
 exec-timeout 5 0
 logging synchronous
line aux 0
line vty 0 4
 password ZZZZZZZ
 login
!
!
!
end
0
 
grberkAuthor Commented:
This whole thing makes my head hurt. I don't know enough about routers. I rarely ever have to mess with them. I got these all working a few years ago. These might not be set exactly as they should be, but they work.

The new T1 (T1#3) will be added to the routers connecting Location 1 and Location 2. The phone guys are really confusing me because it seems as if they want to move the IP phones and the data to that T1 (T1#3), and I don't know what they plan on doing with the other T1 (T1#1). I guess they are going to provision it all the way for their regular phones.

The VPN concentrator and 192.168.224.0 network has nothing to do with anything I do or support. I just have it in there so you can see that it is doing some NAT translation to keep the vpn users islolated on their own network. These people come in from the Internet for remote transcription support.

Anything you can do with this, please explain...

Thanks again.
0
 
grberkAuthor Commented:
One other thing. The phone guys expressed an interest in setting up the phone server and IP phones on a network that is not the same as the data, but it needs to be accessible and routable so they can send notifications to a mail server at Location 1. I don't know how I should even go about doing this as the phones and phone server are at three physically different locations with different IP addresses now.
0
 
grberkAuthor Commented:
Hello? Anyone out there? I really need some assistance with this as soon as possible. The techs want to get this T1 running this weekend. Any assistance would be greatly appreciated.
0
 
nodiscoCommented:
hi grberk

A quick response to you would be to get a 2-port T1 card as in http://www.cisco.com/en/US/products/hw/routers/ps259/products_data_sheet09186a0080091b9c.html

But I think its important to look at the bigger picture here.  Your issues with your network right now are:
Not enough ports on your routers for the T1s needed
Unmeshed network - causing all traffic from location 3 to internet and location 1 going via the location1>2 T1
Phone guys wanting QOS features and new subnet for phones and all from location 2
Phone guys wanting the new subnet to be routable re mail server notifications.

Although it may be pressing to get a solution in place here, I would agree with Lrmoore re the suggestion to use MPLS as your solution.  
Example:

                                       Internet
                                          |
                                        PIX              
                                          |
                               -----Location 1----
                              |                        |
                              |     MPLS           |
                      Location 2-------------Location 3
                             
With MPLS, all of your WAN is fully meshed - so any locations, including future offices are meshed so that traffic from location 3 to 1 goes exactly that route and doesn't touch location 2 - or vice versa.  You can setup multiple internet T1s at your location 1 and setup a multiple default route for all 0.0.0.0 traffic into MPLS - this will then be advertised into a routing protocol, BGP for example and show all branch offices how to get internet - via a direct connection to location 1, no other offices in between to suffer the extra traffic.
MPLS is made for QOS and is very popular with Voip deployments for this reason.
Different phone systems subnets can easily be handled by a layer 3 device routing them at location 2 and advertisement into a routing protocol like BGP to all other offices.
Your existing routers would not need to be changed (you may need ios upgrades) and different T1 cards (depending on MPLS vendor and PTT circuit endpoint) but ultimately all equipment should be fine as is.  
You won't need to change your current ip ranges at any offices.
For all of these reasons, I would solidly investigate an MPLS solution as you are a perfect candidate for it - and you may find yourself in trouble again if the 2 T1s are not enough or are not managed correctly per QOS.

Hope this helps
0
 
grberkAuthor Commented:
I can see that what you say is true. However, I am not well-versed with routers and routing protocols. I mess with routers like once a year at the most, so whenever I need to do anything, it takes me forever. In this situation, I wouldn't care that it's going to take a while for me to get this going, but the phone techs are breathing down my neck to have this all working by this weekend.

I haven't a clue what to configure in here to get it going. I already have a Cisco 2620 that was ordered, so I am going to put it in anyway, just to have all of the routers the same.

Can anyone give me assistance on what to put in the configs? I have them all posted in an earlier post. I am increasing the points to 500 if you can get me going...
0
 
mikebernhardtCommented:
I would add a nother T1 between location 3 and location 1. that would give you a full mesh, and relieve the 1-2 T1 of location 3 traffic. I think the MPLS idea is good but if you're not comfortable with routers then the additional T1 is simpler to understand. If you use EIGRP instead of static routes then this also gives you the advantage of a failover path for all traffic should any of the T1s fail.

As you need to get something going this weekend, here are my suggestions:
1. forget segmenting the phones onto a separate subnet for now, do that later. It isn't necessary to get things going.
2. Set up a simple priority queue on your T1s so that VoIP will always be serviced first. It's not perfect but it will helpa lot for now.

To do that, verify with your phone guys ALL the ports that are used. To borrow from lrmoore earlier, an example access list at location 1 would be:
access-list 101 permit udp host a.b.c.d any eq 66666
access-list 101 permit tcp host a.b.c.d any eq 55555
access-list 101 permit udp host a.b.c.e gt 16384 any

where the host addresses are the phone servers. At locations 2 and 3, set up the opposite:
access-list 101 permit udp any eq 66666 host a.b.c.d
access-list 101 permit tcp any eq 55555 host a.b.c.d
access-list 101 permit udp any host a.b.c.e gt 16384

The idea is to list the ports used along with the server address(es) at location 1 to create a list that only matches VoIP-related traffic. Any phones anywhere will match without having to list them. Now create your queue at all 3 locations:

priority-list 1 protocol ip high list 101
priority-list 1 protocol ip normal

Now on all of the serial interfaces, add this:
priority-group 1

That will make every serial interface process VoIP traffic first.
0
 
grberkAuthor Commented:
I am closing this question since no one offered any concrete examples of what I should do. I supplied everything I had... All the configs, graphics.

Thanks anyway...
0
 
mikebernhardtCommented:
Ummm, I think lrmoore and I gave you VERY concrete examples of what to do. Whether they helped you or not, we can't know without feedback. This is the first we've heard from you in 2 weeks.
0
 
grberkAuthor Commented:
I stated in my posts that I didn't know much about this stuff. That is why I posted to the forum. In my other posts for PIX support, I have uploaded my configs, and everyone always showed me very detailed code I could utilize, usually integrated with mine.

I uploaded a graphic that clearly showed that the T1s are point-to-point, not any type of mesh network.

Telling me to add a T1 (when I cannot, it's not my network - it's a client's) and telling me to use a particular protocol (which seems to be useless in a point-to-point scenario) is useless to me if I have no idea how to even begin implementing it. Therefore, this question no longer needs a solution. I am just going to use an old router for the other T1.

I figured for 500 points, I could get a little more assistance...
0
 
mikebernhardtCommented:
>As you need to get something going this weekend, here are my suggestions:
>access-list 101, etc.
>priority-group 1, etc.

My earlier post gave you explicit instructions on how to configure some QOS on your routers to comply with your phone vendor's requirements quickly.

>To do that, verify with your phone guys ALL the ports that are used.
I suggested that you talk to your phone vendor to verify exactly what ports they needed. If you'd done that and come back here, we could have made the access-list something you could cut and paste into your routers.

>Now they want to add an additional T1 between Location 1 and Location 2...
The T1 and EIGPs suggestions were long-term suggestions for optimization, not immediate solutions. The T1 suggestion in particular was in response to your note that they wanted to add an additional T1 already. If you are going to add one anyway, you might as well optimize the usage of it.
0
 
grberkAuthor Commented:
At first, I wasn't really looking for what QOS and configs to use. I wanted to know what parts I should get.

My original post:
< It looks to me like I have to run both T1s and the VPN connection into the new router at Location 1, and all three T1s into the router at Location 2, but that would < < require 3 WIC cards, at Location 1 and Location 2.  I only have 2 WIC slots. I know there are expansion options to give me more slots and stuff, but I am clueless to < what I actually can use or need.

< Can anyone tell me how I can do this? What parts do I need?

I needed help with parts... I didn't know that a Cisco 2620XM router didn't support the network module that I ordered. Had to send it back...

Look guys, just forget this one. I am just going to run the phones on their own T1 on the old routers that I already have. There is not going to be any need for any QOS because all that will be on there will be voice - no data.

For the record... I hate Cisco for support. They structure their whole website for people that have complete understanding and knowledge for the parts and stuff. I hate having to find information about any products I have no knowledge of. They suck for this. That is why I came to the forum. As it stands now, I need to setup a new support contract for a router that is out of warranty just so I can download an IOS upgrade. That is crap...
0
 
mikebernhardtCommented:
I guess it wasn't clear to me exactly what you needed help with, it sounded like it was config help. Sorry you didn't get the help you needed!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 9
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now