Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco IOS config to manage newly installed T1

Posted on 2008-10-15
14
Medium Priority
?
1,231 Views
Last Modified: 2012-05-05
I currently work at a recreational facility that houses a ~25 PC lab, WiFi access, wired laptop docking stations, as well as Xbox Live! (online) gaming.

Recently we upgraded our internet connection to a T1. Physical config of the network is as follows.

T1 --> 2811 Router -- fa0/0  --> Windows Server 2003 (running Websense) --> Cisco 2950 (VLan 1) -- > Computer lab, WiFi, Docking stations

fa0/1 ---> Cisco 2950 (Vlan 2) --> Xbox online gaming

Cisco router/switch config is pretty basic. Just NAT/DHCP to get clients connected and online.

Websense on the Windows Server is primarily setup to block p2p/bittorent activity.

PROBLEM:

When the number of users increases, network performance suffers. Loading web pages takes a considerable amount of time, online gaming is impossible due to lag/high latency.

QUESTION:

Is there additional configuration(s) that can be done to the Cisco equipment to better manage network traffic, thus increasing performance under load? From what I've read some sort of QoS/packet prioritization for UTP online gaming packets needs to be implemented as well.

My knowledge of the Cisco IOS is limited. We have purchased Smartnet, but unfortunately have had limited success. Originally we were told the issue is because we don't have a gigabit switch. Secondly, we were told a T1 isn't sufficient for our needs. My hope is that this isn't the case.

I'll attach the config in a couple minutes,  just need to make it over to that facility.

Thanks for the help!
Beeman#sh run
Building configuration...
 
Current configuration : 1812 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Beeman
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$tN1J$PDJ/70vIMMNLKtRT6krFy.
!
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
ip dhcp pool BEEMAN
   network 172.25.1.0 255.255.255.0
   default-router 172.25.1.1
   dns-server 72.235.80.12 72.235.80.4
!
ip dhcp pool SERVER3
   host 172.25.1.5 255.255.255.0
   client-identifier 0100.173f.ce07.1c
   default-router 172.25.1.1
   dns-server 72.235.80.12 72.235.80.4
!
ip dhcp pool gaming
   network 172.25.2.0 255.255.255.0
   default-router 172.25.2.1
   dns-server 72.235.80.12 72.235.80.4
!
!
ip name-server 72.253.80.12
ip name-server 72.253.80.4
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 172.25.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.25.2.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address XXXXXXXXXXXXXX 255.255.255.248
 ip nat outside
 encapsulation ppp
 custom-queue-list 1
 service-module t1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip dns server
ip http server
ip nat inside source list 191 interface Serial0/0/0 overload
!
!
access-list 191 permit ip 172.25.1.0 0.0.0.255 any
access-list 191 permit ip 172.25.2.0 0.0.0.255 any
queue-list 1 protocol ip 1 udp 88
queue-list 1 protocol ip 1 udp 3074
queue-list 1 protocol ip 1 tcp 3074
queue-list 1 default 3
queue-list 1 queue 1 byte-count 19300
queue-list 1 queue 2 byte-count 19300
queue-list 1 queue 3 byte-count 19300
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
!
end

Open in new window

0
Comment
Question by:thorpez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +1
14 Comments
 
LVL 13

Expert Comment

by:kdearing
ID: 22725364
I think your latency problem is the server.
As you have it set up, everything goes through it.
0
 
LVL 10

Assisted Solution

by:cstosgale
cstosgale earned 225 total points
ID: 22726162
Ok,

a couple of points. If all you want to do is block p2p, you can do this on the cisco router and take the server out of the equation. The cisco can detect p2p traffic such as kazaa and block it. Also, the simplest way to control this is to use an access list on the inside interface of the router to only allow the traffic you want. Something I noticed is there is some custom queuing configured on the router. This is very old qos technology and I would recommend removing it. If you want to prioritise certain types of traffic, use the modular qos interface (mqc). This is done by classifying traffic into classes, then saying how you want to deal with that traffic.

However, fundamentally you may well be struggling with a T1. Depending on where you are, you should be able to pick up a pretty cheap ADSL line they may be able to provide more bandwith.

The first thing i'd do is remove the custom queueing and ensure that fair queuing is enabled:-


interface Serial0/0/0
no custom-queue-list 1
fair-queue

Fair queueing will balance the traffic between different traffic flows, preventing a single flow from taking all the bandwith.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 22726197
First place to look will be error counters on the T1 serial interface.
Use "show interface serial 0/0/0" and look for increasing error counters. All zeros is good.
Next place to look is interface utilization. Once you hit about 70% on a serial interface, it is all downhill from there. There is inherent serialization delay on T1's.

Think of it this way. The speed limit on the highway is 1.5MBH, but the on-ramp can only handle one lane of packets. Sure they can go fast once they get on, but there's going to be a bottleneck getting on to start with. You've got 100Mb traffic all trying to get down to the 1Mb pipe.

Compare to something like a T3 that has a 20-lane wide on-ramp with 45MBH speed limit. A whole lot more packets can get on and get moving a lot faster.
Or another Ethernet connection with 1000MPH and 1000 lanes. Zero delay.

You've got 5000 packets going 100MBH hitting that one-lane highway onramp to the 1.5Mb T1.
Your custom queueing will only affect how packets get prioritized to get through that 1 lane onramp.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:thorpez
ID: 22727252
A couple clarifications

The Windows server integration is primarily for AD/Group Policy for all the lab computers. I previously had the server as just another device connected to the 2950, but as far as I could determine, internet has to run through a computer monitoring activity for Websense to work. Is this true?

Everything is not running through the Win server, gaming is separated.

How do I block all p2p (ie. limewire) and bittorrent applications on the Cisco router? This isn't simply port based is it?

@ Irmoore,

Bottom line our internet connection is insufficient?

I'll run sh int serial0/0/0 and post results tomorrow.

Thanks for the help guys
0
 
LVL 13

Assisted Solution

by:kdearing
kdearing earned 225 total points
ID: 22727533
In a business environment, a T1 for <30 users is good.
However, in a 'recreational facility' with gaming, all bets are off.
You'll probably have to monitor your bandwidth usage to get a better idea of what's going on.

Use something like WireShark to capture all traffic during peak times.
0
 

Author Comment

by:thorpez
ID: 22728073
Tried running Wireshark. Set it up to end capture after 12 hours. Needless to say, the thing was frozen when I came in the next day. Any way to have the program intermittently monitor? or start and end at certain hours?

0
 
LVL 13

Assisted Solution

by:kdearing
kdearing earned 225 total points
ID: 22731116
0
 

Author Comment

by:thorpez
ID: 22734526
Alright I updated my config. Below is the new confit + showing serial interface. Looks like quite a few dropped packets? Anything else this data shows?

I'll take a look at NetFlow and see if I can set it up. What will we be able to do with data collected?

Thanks,
Zach

Beeman#sh run
Building configuration...
 
Current configuration : 1560 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Beeman
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$tN1J$PDJ/70vIMMNLKtRT6krFy.
!
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
ip dhcp pool BEEMAN
   network 172.25.1.0 255.255.255.0
   default-router 172.25.1.1
   dns-server 72.235.80.12 72.235.80.4
!
ip dhcp pool SERVER3
   host 172.25.1.5 255.255.255.0
   client-identifier 0100.173f.ce07.1c
   default-router 172.25.1.1
   dns-server 72.235.80.12 72.235.80.4
!
ip dhcp pool gaming
   network 172.25.2.0 255.255.255.0
   default-router 172.25.2.1
   dns-server 72.235.80.12 72.235.80.4
!
!
ip name-server 72.253.80.12
ip name-server 72.253.80.4
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 172.25.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.25.2.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 72.253.72.82 255.255.255.248
 ip nat outside
 encapsulation ppp
 fair-queue
 fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip dns server
ip http server
ip nat inside source list 191 interface Serial0/0/0 overload
!
!
access-list 191 permit ip 172.25.1.0 0.0.0.255 any
access-list 191 permit ip 172.25.2.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
!
end
 
Beeman#
Beeman#sh int se0/0/0
Serial0/0/0 is up, line protocol is up
  Hardware is GT96K with integrated T1 CSU/DSU
  Internet address is 72.253.72.82/29
  MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 9/255
  Encapsulation PPP, LCP Open
  Listen: CDPCP
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:09, output 00:00:09, output hang never
  Last clearing of "show interface" counters 4w3d
  Input queue: 0/75/56/0 (size/max/drops/flushes); Total output drops: 38092
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/18819 (size/max total/threshold/drops)
     Conversations  0/12/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1152 kilobits/sec
  5 minute input rate 56000 bits/sec, 5 packets/sec
  5 minute output rate 10000 bits/sec, 3 packets/sec
     154075314 packets input, 3510277551 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     109655563 packets output, 752522951 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 output buffer failures, 0 output buffers swapped out
     1 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Open in new window

0
 
LVL 13

Assisted Solution

by:kdearing
kdearing earned 225 total points
ID: 22734754
With NetFlow, you can monitor: source, destination, protocol, application, etc.
Basically full traffic analysis.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22734813
Error counters are not a problem. Dropped packets are from the queue
Try disabling fair-queue on the serial interface

0
 

Author Comment

by:thorpez
ID: 22735477
How do you reset those stats?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22735857
clear counter serial 0/0/0

0
 

Author Comment

by:thorpez
ID: 22761117
Here's an updated show of the serial interface. This is from over the weekend. 508 output drops. That's not too bad is it?
Beeman#sh int se0/0/0
Serial0/0/0 is up, line protocol is up
  Hardware is GT96K with integrated T1 CSU/DSU
  Internet address is 72.253.72.82/29
  MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Listen: CDPCP
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:03, output 00:00:03, output hang never
  Last clearing of "show interface" counters 2d23h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 508
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/508 (size/max total/threshold/drops)
     Conversations  0/101/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1152 kilobits/sec
  5 minute input rate 1000 bits/sec, 1 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
     14096794 packets input, 4208991668 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     9538856 packets output, 995083118 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
 
Beeman#

Open in new window

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22761325
As a ratio to the number of packets output the small number of drops is insignificant. More indicative of problems would be CRC or frame errors. It appears that the T1 line is as efficient as it can be. There's just so much data you can push/pull down a 1.5M pipe.

Since this is an Internet connection, there is no QoS available to prioritize traffic once it leaves your router, or as it comes in. The best you could hope for is to set priority queues to decide the order in which it leaves your router. But remember, QoS and queueing means to give priority to some traffic, to the detrement of all other traffic. You have to very carefully decide what traffic you don't care about and what you want to give priority to.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question