troubleshooting Question

qos on a 2621XM with a NM 16 ESW

Avatar of Jim Barber
Jim BarberFlag for United States of America asked on
RoutersVoice Over IPIP Telephony
6 Comments1 Solution977 ViewsLast Modified:
I have an issue with a 2621XM with a NM 16 ESW.  No matter how I slice it I can not get QoS to work properly.  If I pass any data what so ever the voice streams get choppy and break up.  It does not seem to me to be marking, honoring the Voice tags.  Will you please look this over and give me a hand.

Here is my sanitized config
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2621XM
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
enable secret 5 (Removed)
enable password 7 (Removed)
!
no aaa new-model
memory-size iomem 20
wrr-queue bandwidth 1 16 64 255
no network-clock-participate slot 1 
no network-clock-participate wic 0 
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address XXX.28.1.1
ip dhcp excluded-address XXX.28.2.1
ip dhcp excluded-address XXX.28.2.10
ip dhcp excluded-address XXX.28.2.11
ip dhcp excluded-address XXX.28.2.254
ip dhcp excluded-address XXX.28.3.1
ip dhcp excluded-address XXX.28.3.254
!
ip dhcp pool vlan10
   network XXX.28.1.0 255.255.255.0
   dns-server XXX.20.0.2 XXX.20.0.14 YYY.142.136.85 YYY.142.182.250 4.2.2.2 
   default-router XXX.28.1.1 
!
ip dhcp pool vlan20
   network XXX.28.2.0 255.255.255.0
   default-router XXX.28.2.1 
   dns-server XXX.20.0.2 XXX.20.0.14 
   option 5 ip XXX.20.0.2 XXX.20.0.14 
   domain-name krpcomm.com
   option 160 ascii "http://XXX.23.0.7:8088"
   option 66 ascii "http://XXX.23.0.7:8088"
!
ip dhcp pool vlan30
   network XXX.28.3.0 255.255.255.0
   default-router XXX.28.3.1 
   dns-server XXX.20.0.2 XXX.20.0.14 4.2.2.2 4.2.2.1 
   option 160 ascii "http://XXX.28.3.254:8088"
   option 66 ascii "http://XXX.28.3.254:8088"
!
!
no ip domain lookup
ip domain name krpcomm.com
ip name-server 4.2.2.2
ip name-server 4.2.2.1
ip name-server YYY.142.136.85
ip name-server YYY.142.182.250
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip sla monitor 100
 type echo protocol ipIcmpEcho 4.2.2.1 source-interface FastEthernet0/0
 timeout 2000
 threshold 2000
 frequency 3
ip sla monitor schedule 100 life forever start-time now
ip sla monitor 200
 type echo protocol ipIcmpEcho 4.2.2.2 source-interface FastEthernet0/1
 timeout 2000
 threshold 2000
 frequency 3
ip sla monitor schedule 200 life forever start-time now
!
!
!
mls qos map cos-dscp 0 8 16 24 34 46 48 56
!
password encryption aes
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TRUSTPOINT-SELF-SIGNED
 enrollment selfsigned
 serial-number
 subject-name cn=TRUSTPOINT-SELF-SIGNED
 revocation-check none
 rsakeypair TRUSTPOINT-SELF-SIGNED
!
!
crypto pki certificate chain TRUSTPOINT-SELF-SIGNED
 certificate self-signed 01 nvram:(Removed).cer
username jim privilege 15 password 7 (Removed)
!
!
!
track 100 rtr 100 reachability
 delay down 6 up 18
!
track 200 rtr 200 reachability
 delay down 6 up 18
!
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3 
 match ip dscp af31 
!
!
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5
 class class-default
  fair-queue
!
! 
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key (Removed) address YYY.90.165.60 no-xauth
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac 
!
crypto map KRP_CRYPTO_MAP 10 ipsec-isakmp 
 set peer YYY.90.165.60
 set security-association lifetime seconds 28800
 set transform-set ESP-3DES-SHA 
 match address 150
 qos pre-classify
!
!
!
!
interface Loopback0
 no ip address
!
interface FastEthernet0/0
 description Internet Connection to ComCast
 ip address VVV.10.106.41 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 auto qos voip trust 
 no cdp enable
 no mop enabled
 crypto map KRP_CRYPTO_MAP
 service-policy output AutoQoS-Policy-Trust
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 description Internet Connection Century-Tel
 ip address TTT.118.19.206 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 auto qos voip trust 
 no cdp enable
 no mop enabled
 crypto map KRP_CRYPTO_MAP
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet1/0
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 auto discovery qos 
 spanning-tree portfast
!
interface FastEthernet1/1
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/2
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/3
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/4
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/5
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/6
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/7
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 auto discovery qos 
 spanning-tree portfast
!
interface FastEthernet1/8
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/9
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/10
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/11
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/12
 switchport access vlan 20
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/13
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 20
 switchport priority extend cos 0
 switchport priority override
 duplex full
 speed 100
 mls qos cos override
 spanning-tree portfast
!
interface FastEthernet1/14
 switchport access vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface FastEthernet1/15
 switchport access vlan 10
 switchport voice vlan 20
 duplex full
 speed 100
 mls qos trust dscp
 spanning-tree portfast
!
interface Vlan1
 description default lan do not use
 ip address KKK.1.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 auto discovery qos 
!
interface Vlan2
 no ip address
!
interface Vlan10
 description DATA VLAN
 ip address XXX.28.1.1 255.255.255.0
 ip nat inside
 ip nat enable
 ip virtual-reassembly
!
interface Vlan20
 ip dhcp relay information trusted
 ip address XXX.28.2.1 255.255.255.0
 ip nbar protocol-discovery
 ip nat inside
 ip virtual-reassembly
 auto qos voip trust 
 service-policy output AutoQoS-Policy-Trust
!
interface Vlan30
 ip address XXX.28.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
router eigrp 100
 auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 TTT.10.106.46 10 track 100
ip route 0.0.0.0 0.0.0.0 VVV.118.19.205 11 track 200
ip route 4.2.2.1 255.255.255.255 TTT.10.106.46
ip route 4.2.2.2 255.255.255.255 VVV.118.19.205
ip route XXX.20.0.0 255.255.255.0 XXX.20.0.1
!
!
no ip http server
no ip http secure-server
ip nat pool comcast_ip_addresses TTT.10.106.42 TTT.10.106.45 netmask 255.255.255.248
ip nat inside source route-map CenturyTel interface FastEthernet0/1 overload
ip nat inside source route-map ComCast interface FastEthernet0/0 overload
ip nat inside source static tcp XXX.28.3.254 34341 173.10.106.41 34341 extendable
!
access-list 100 remark These are inclusive wildcard masks
access-list 100 deny   ip XXX.28.0.0 0.0.3.255 XXX.20.0.0 0.3.255.255
access-list 100 deny   ip XXX.28.0.0 0.0.3.255 XXX.24.0.0 0.3.255.255
access-list 100 permit ip XXX.28.0.0 0.0.3.255 any
access-list 150 remark These are inclusive wildcard masks
access-list 150 permit ip XXX.28.0.0 0.0.3.255 XXX.20.0.0 0.3.255.255
access-list 150 permit ip XXX.28.0.0 0.0.3.255 XXX.24.0.0 0.3.255.255
!
route-map CenturyTel permit 20
 match ip address 100
 match interface FastEthernet0/1
!
route-map ComCast permit 10
 match ip address 100
 match interface FastEthernet0/0
!
!
!
control-plane
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS
rmon alarm 33334 cbQosCMDropBitRate.1587.1589 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33335 cbQosCMDropBitRate.1623.1625 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33336 cbQosCMDropBitRate.1659.1661 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
!
!
!
!
!
!
!
!
banner motd T
WARNING: This device belongs to Company Nmae.

To protect the system from unauthorized use and to ensure that the system is functioning properly, activities on this system are monitored and recorded and subject to audit. Use of this system is expressed consent to such monitoring and recording. 

Any unauthorized access or use of this System is prohibited and is subject to criminal and civil penalties. 

!
line con 0
 privilege level 15
 speed 115200
line aux 0
line vty 0 4
 privilege level 15
 password 7 (Removed)
 login local
 length 0
 transport input telnet ssh
line vty 5 15
 privilege level 15
 password 7 (Removed)
 login
!
!
end
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros