Cisco WAN T1 QoS and VLANs

hypknight
hypknight used Ask the Experts™
on
Hi Guys,
   I have a pair of sites connected with a point-to-point T1 terminated into a pair of Cisco Routers. I'm looking to incorporate VLANS and QoS across this link. Can anyone give me an example of how to implement VLANS across a private T1 link, and then how to prioritize traffic from a particular host over all others?

  I'll gladly give any other information you may need to answer the question should you require more. I just didn't want to clutter the question with pointless information.

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Don JohnstonInstructor
Top Expert 2015

Commented:
>Can anyone give me an example of how to implement VLANS across a private T1 link,

Nope.

VLAN = virtual LOCAL AREA NETWORK. A T1 circuit is a WAN link. VLAN's and T1's are like water and oil. They just don't mix. ;-)


Author

Commented:
then why can i do them across VPN links? I'm certain that I've seen it done.

Author

Commented:
or better yet, what's the best method of doing QoS for certain traffic over a VPN link?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Sorry, disconnect between brain and fingers... QoS across a T1 link... I KNOW that can be done...

Author

Commented:
As a side note, I need to do it WITHOUT CEF (because one of the routers is non-Cisco). So to explain, I have a connection between serveral sites some sites are connected with Cisco Routers others are connected with HP routers. I need to classify certain traffic coming from a certain IP range (VoIP Traffic) as a higher priority than the rest of the traffic across the T1s.

What do you Experts think is the best solution?

Thanks!

Commented:
@Donjohnston: If your T1 is connected to the Internet you cannot, but like the OP said, it's a point-to-point link, so I don't see why not (much like a VPN)

What routers do you have?


For the QoS config, you could have something like:


!ACL FOR QOS:
ip access-list extended QOSHOST
 
!HOST(S) ALLOWED TO BENEFIR FROM QOS:
 permit tcp 10.1.1.1 255.255.255.0 any
 permit ip 10.1.1.1 255.255.255.0 any
	
!CLASSMAP STATEMENT - ANY NAME
class-map match-any MYQOS
 
!MATCH STATEMENT - MATCHES ACL FROM ABOVE
match access-group name QOSHOST
	
!POLICYMAP NAME
policy-map QOSMAPNAME
!WATCH OUT FOR QOSHOST TRAFFIC
 class QOSHOST
!HOW MUCH BANDWIDTH YOU WANT TO ASSIGN TO QOSHOST ACL
!PLAY AROUND WITH THE BELOW COMMAND, SPECIFY HOW MUCH/WHAT BANDWIDTH TO ASSIGN. BELOW ASSIGNS THE REMAINING 30% OF BANDWIDTH
  bandwidth remaining percent 30
!TRAFFIC THAT WAS NOT DEFINED WILL BE QUEUED AS NORMAL
class class-default
 fair-queue	
 
!SPECIFY WHAT INTERFACE TO USE FOR QOS (WAN INTERFACE)
interface s0/0
!TELL THE ROUTER WHAT BANDWIDTH YOU HAVE (IN KILOBITS). BELOW = 3Mbps
bandwidith 3000
!ENABLE NBAR PROTOCOL TO RECOGNIZE TRAFFIC (MAY NOT BE REQUIRED IF NO SETTING PROTOCOL-BASED QOS)
 ip nbar protocol-discovery	
!APPLY THE POLICYMAP FROM ABOVE TO THE INTERFACE
 service-policy output QOSMAPNAME

Open in new window

Author

Commented:
@ddiazp: Thanks so much for your awesome reply! We'll go with the most difficult case here:

Two HP Routers (7102dl) each with a T1 Interface Card (J8451A). These are connected by a private point-to-point.

Each of the routers has several VLANs on it. Each of these VLANs needs to be able to talk to eachother, and also VLANs at the neighboring site (through the point-to-point). I understand the QoS bit of it now I think, but what would be the best way to route between the sites and maintain the integrity of the VLAN segregation as well as the QoS?

So if i have at site A:

VLAN 100: 172.16.1.0
VLAN 200: 172.16.96.0
VLAN 300: 172.16.154.0
VLAN 150: 172.16.186.0

and at site B:
VLAN 101: 172.16.32.0
VLAN 201: 172.16.128.0
VLAN 150: 172.16.186.0

VLAN 100 needs to be routable to VLAN 300 and VLAN 101 (but not 200); VLAN 201 needs to be routable to 101 and 200 (but not 101 and 300).

What would be the best method to accomplish this (while preserving that  VLAN150 resides in both locations and maintains QoS on the private link).

Thanks!

Commented:
The qos config works on top of the vlans so you wanna get those configured first. I'm on my iPhone, I'll type on someconfig from my desktop later.

Basically configure all vlans whichever way you want (router on a stick seems best) and a trunk between routers.

To control intervlan access you can throw in access lists and applied them with the access-group command.

Once you have that configured, place the qos in.

Like I said before, I'll type in some config in a while or you can google vlan config

the qos I posted works on cisco routers, not on HP.
Commented:
I don't see the point of having the same vlan (150) separated by a WAN connection, the Router won't forward broadcasts sent on that subnet through the WAN, and it will cause problems routing for hosts on the other side within the same vlan..

However, I'd try something like this:



Site A:

interface <t1 int>
encapsulation 802.1q
interface <t1 int>.100
ip address 172.16.1.1 /24
vlan-id 100
interface <t1 int>.200
ip address 172.16.154.1 /24
vlan-id 200
interface <t1 int>.300
ip address 172.16.96.1 /24
vlan-id 300
interface <t1 int>.150
ip address 172.16.186.1 /24
vlan-id 150
route add net 172.16.32.0 255.255.255.0 gateway <SITE B WAN IP>
route add net 172.16.128.0 255.255.255.0 gateway <SITE B WAN IP>
ip access-list extended "101"
deny ip 172.16.1.0 0.0.0.255 172.16.96.0 0.0.0.255
permit ip any any
permit tcp any any
exit
ip access-list extended "102"
deny ip 172.16.96.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip any any
permit tcp any any
exit
vlan 100 ip access-group 101 out
vlan 100 ip access-group 102 in


Site B:

interface <t1 int>
encapsulation 802.1q
interface <t1 int>.101
ip address 172.16.32.1 /24
vlan-id 101
interface <t1 int>.201
ip address 172.16.128.1 /24
vlan-id 201
interface <t1 int>.150
ip address 172.16.186.2 /24
vlan-id 150
route add net 172.16.1.0 255.255.255.0 gateway <SITE A WAN IP>
route add net 172.16.96.0 255.255.255.0 gateway <SITE A WAN IP>
route add net 172.16.54.0 255.255.255.0 gateway <SITE A WAN IP>
ip access-list extended "101"
deny ip 172.16.128.0 0.0.0.255 172.16.32.0 0.0.0.255
deny ip 172.16.128.0 0.0.0.255 172.16.154.0 0.0.0.255
permit ip any any
permit tcp any any
exit
ip access-list extended "102"
deny ip 172.16.32.0 0.0.0.255 172.16.128.0 0.0.0.255
deny ip 172.16.154.0 0.0.0.255 172.16.128.0 0.0.0.255
permit ip any any
permit tcp any any
exit
vlan 201 ip access-group 101 out
vlan 201 ip access-group 102 int



If you're using the Router as DHCP, keep in mind you need to create a dhcp pool for each VLAN (don't overlap addresses on VLAN150 within the 2 sites). The Router will detect all vlans as 'directly connected' networks and do intra-vlan routing.

Although not very relevant in this case, you may want to re-think your addressing scheme so you can summarize the routes.

Commented:
Woops, I put <t1 int> where it should actually be your LAN fastethernet/ethernet or whatever interface.. your t1 interface shouldn't have any encapsulation or subinterfaces.

Author

Commented:
Hey there,
Yes, the addresses were fictitious, purely a sample. So, on eth0/2 I'm doing 802.1Q trunking down to the core switch at each site and have the sub-interfaces built accordingly, by reading above, I need to create sub-interfaces on the T1 interface as well to have them traverse the T1? Does this affect the PPP link?

Author

Commented:
Also, does putting sub-interfaces on the T1 interface maintain tagging when on "VLAN150" in site B and transmitting into VLAN150 in Site A across the point-to-point?

Commented:
Only subinterface on WAN link is for tagging. I mistakenly put <t1 int> but I meant eth0/2 on the previous config.

I'm not sure on HP routers, but on Cisco routers you would say (assuming native vlan is 1 as default)::

Interface <t1>.1
encapsulation dot1q native 1
ip address x.x.x.x y.y.y.y

I think on HP routers you could just say:

interface <t1 int>.1
encapsulation 802.1q [native]
vlan-id 1

Need to specify tagging on the interface so that it will understand tagged packets.


Also, you'll need to configure the Switches connected to the Routers with VLANs and VLAN ports (switchport mode access, switchport access vlan X. on cisco switches)

Author

Commented:
So another question for you. Does every router in the infrastructure need to have an IP address in every VLAN in use?

So for instance:

Site A uses VLANs:    1,2,3,4
Site B uses VLANs:    5,6,7,8
Site C uses VLANs:    9,10

Does site's eth 0/2 have to have sub-interfaces with IP addresses in EVERY VLAN (1-10) to properly route?

Commented:
No, you'll need to enter static routes if you don't have a routing protocol in place

Author

Commented:
Yup, we're running OSPF. I just wanted to make sure that I didn't have to have a subinterface on every switch that routes along the way.

Author

Commented:
So I think we're getting close here... THANK YOU SO MUCH for all of your help. As it sits right now, I have one of the sites where there are only 2 VLANS (Data and Voice). I'm being asked to tag all traffic in and out of Eth 0/1 on that router as VOICE and all data in and out of Eth 0/2 on that router as DATA so that tagging doesn't need to be done on the infrastructure below.

Do you know if this can be accomplished, and if so, how?

Author

Commented:
I think I answered my own question about tagging on the router interface. It can't be done on the router end, has to be done in the switch.

THANKS SOO MUCH for your help. I'll be opening another question in a related topic soon I'm sure, and I'd LOVE your help on that as well!

Full points, well deserved!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial