<div><font size="2">Hi All,</font></div>
<div><font size="2">Bellow is the configuration of our one of the branch office VoIP router. I would like to share it with you guys and see whether someone can suggest me better VLAN, QoS configuration. Also, I have policy map 2MB spplied for FastEthernet 4 and Tunnel. Is this right?
</font></div>
<div><font size="2">I would greatly appreciate your comments.</font></div>
<div><font size="2"> </font></div>
<div><font size="2">Best regards,</font></div>
<div><font size="2">Manoj</font></div>
<div><font size="2"> </font></div>
<div>Building configuration...</div>
<div>
<p>Current configuration : 7520 bytes<br>!<br>version 12.4<br>no service pad<br>service timestamps debug datetime msec<br>service timestamps log datetime msec<br>no service password-encryption<br>!<br>hostname XXXXX_871
<br>!<br>boot-start-marker<br>boot-end-marker<br>!<br>logging buffered 51200 warnings<br>enable password xxxxxxxx<br>!<br>aaa new-model<br>!<br>!<br>!<br>aaa session-id common<br>!<br>resource policy<br>!<br>ip cef<br>!<br>
!<br>no ip dhcp use vrf connected<br>ip dhcp excluded-address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.1/" target="_blank">192.168.5.1</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.99/" target="_blank">
192.168.5.99</a><br>ip dhcp excluded-address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.151/" target="_blank">192.168.5.151 </a><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.254/" target="_blank">
192.168.5.254</a><br>ip dhcp excluded-address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.1/" target="_blank">172.198.10.1</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.99/" target="_blank">
172.198.10.99</a><br>ip dhcp excluded-address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.151/" target="_blank">172.198.10.151</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.254/" target="_blank">
172.198.10.254</a><br>!<br>ip dhcp pool VLAN10<br> network <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.0/" target="_blank">172.198.10.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">
255.255.255.0</a><br> default-router <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.1/" target="_blank">172.198.10.1</a> <br> domain-name <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://xxxx.com/" target="_blank">
xxxx.com</a><br> dns-server <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://211.129.14.134/" target="_blank">211.129.14.134</a> <br> lease 7<br>!<br>ip dhcp pool VLAN20<br> network <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.0/" target="_blank">
192.168.5.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">255.255.255.0</a><br> default-router <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.1/" target="_blank">
192.168.5.1</a> <br> domain-name <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://xxxx.com/" target="_blank">xxxx.com</a><br> dns-server <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://211.129.14.134/" target="_blank">
211.129.14.134</a> <br> option 150 ip <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.10/" target="_blank">172.16.0.10</a> <br> lease 7<br>!<br>!<br>no ip domain lookup<br>ip domain name
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://xxxx.com/" target="_blank">xxxx.com</a><br>!<br>!<br>crypto pki trustpoint TP-self-signed-1440134037<br> enrollment selfsigned<br> subject-name cn=IOS-Self-Signed-Certificate-1440134037
<br> revocation-check none<br> rsakeypair TP-self-signed-1440134037 <br>!<br>!<br>crypto pki certificate chain TP-self-signed-1440134037<br> certificate self-signed 01<br> 3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
<br> quit<br>username pbxl privilege 15 secret 5 $1$Ce8g$9S4kDri6Yyg2gBCVSS1LI0 <br>! <br>!<br>class-map match-any AutoQoS-VoIP-RTP-Trust<br> match ip dscp ef <br>class-map match-any AutoQoS-VoIP-Control-Trust<br>
match ip dscp cs3 <br> match ip dscp af31 <br>!<br>!<br>policy-map AutoQoS-Policy-Trust <br> class AutoQoS-VoIP-RTP-Trust<br> priority percent 70<br> class AutoQoS-VoIP-Control-Trust<br> bandwidth percent 5<br> class class-default
<br> fair-queue<br>policy-map Shape-2MB<br> class class-default<br> shape average 2000000 <br> service-policy AutoQoS-Policy-Trust<br>!<br>! <br>!<br>crypto isakmp policy 10<br> encr 3des<br> hash md5<br> authentication pre-share
<br> group 2<br>crypto isakmp key 6 xxxxxx address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.181.112.194/" target="_blank">210.181.112.194</a> no-xauth<br>!<br>!<br>crypto ipsec transform-set XXXLKAMIYA esp-3des esp-md5-hmac
<br>!<br>crypto ipsec profile GREPRO<br> set transform-set XXXLKAMIYA <br>!<br>!<br>!<br>!<br>!<br>interface Tunnel0<br> bandwidth 2000<br> ip address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.0.20.2/" target="_blank">
10.0.20.2</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">255.255.255.0</a><br> tunnel source Dialer0<br> tunnel destination <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.181.112.194/" target="_blank">
210.181.112.194</a> <br> tunnel mode ipsec ipv4<br> tunnel protection ipsec profile GREPRO<br> service-policy output Shape-2MB<br>!<br>interface FastEthernet0<br> description ********** PC/VoIP **********<br> switchport trunk native vlan 10
<br> switchport mode trunk<br> switchport voice vlan 20<br> auto qos voip trust <br> spanning-tree portfast<br> service-policy output AutoQoS-Policy-Trust<br>!<br>interface FastEthernet1<br> description ********** PC/VoIP **********
<br> switchport trunk native vlan 10<br> switchport mode trunk<br> switchport voice vlan 20<br> auto qos voip trust <br> spanning-tree portfast<br> service-policy output AutoQoS-Policy-Trust<br>!<br>interface FastEthernet2
<br> description ********** PC/VoIP **********<br> switchport trunk native vlan 10<br> switchport mode trunk<br> switchport voice vlan 20<br> auto qos voip trust <br> spanning-tree portfast<br> service-policy output AutoQoS-Policy-Trust
<br>!<br>interface FastEthernet3<br> description ********** PC/VoIP **********<br> switchport trunk native vlan 10<br> switchport mode trunk<br> switchport voice vlan 20<br> auto qos voip trust <br> spanning-tree portfast
<br> service-policy output AutoQoS-Policy-Trust<br>! <br>interface FastEthernet4<br> bandwidth 2000<br> no ip address<br> ip nat outside<br> ip virtual-reassembly<br> ip tcp adjust-mss 1452<br> duplex auto<br> speed auto
<br> pppoe enable<br> pppoe-client dial-pool-number 1<br> service-policy output Shape-2MB<br>!<br>interface Vlan1<br> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$<br> ip address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.1.1/" target="_blank">
172.198.1.1 </a><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">255.255.255.0</a><br>!<br>interface Vlan10<br> description Data Vlan 1<br> ip address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.1/" target="_blank">
172.198.10.1</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">255.255.255.0</a><br> ip nat inside<br> ip virtual-reassembly<br> ip tcp adjust-mss 1452<br>!<br>interface Vlan20
<br> description Voice Vlan 1<br> ip address <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.1/" target="_blank">192.168.5.1</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">
255.255.255.0 </a><br> ip nat inside<br> ip virtual-reassembly<br> ip tcp adjust-mss 1452<br>!<br>interface Dialer0<br> bandwidth 2000<br> ip address negotiated<br> ip mtu 1452<br> ip nat outside<br> ip virtual-reassembly
<br> encapsulation ppp <br> dialer pool 1<br> dialer-group 1<br> no cdp enable<br> ppp authentication chap pap callin<br> ppp chap hostname <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:xxxxxx8@ffa.xxx.xxx.com" target="_blank">
xxxxxx8@ffa.xxx.xxx.com</a><br> ppp chap password 0 xxxx93<br> ppp pap sent-username <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:xxxxxx8@ffa.xxx.xxx.com" target="_blank">xxxxxx8@ffa.xxx.xxx.com</a>
password 0 cyum93<br>!<br>ip route <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.0/" target="_blank">0.0.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.0/" target="_blank">
0.0.0.0</a> Dialer0<br>ip route <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> Tunnel0<br>!<br>!<br>ip http server<br>ip http access-class 23<br>ip http authentication local<br>ip http secure-server<br>ip http timeout-policy idle 60 life 86400 requests 10000 <br>ip nat inside source list 1 interface Dialer0 overload
<br>!<br>access-list 1 permit <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.5.0/" target="_blank">192.168.5.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.255/" target="_blank">
0.0.0.255</a><br>access-list 1 permit <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.198.10.0/" target="_blank">172.198.10.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.255/" target="_blank">
0.0.0.255</a><br>dialer-list 1 protocol ip permit<br>no cdp run<br>!<br>!<br>!<br>!<br>control-plane<br>!<br>rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS <br>rmon alarm 33333
cbQosCMDropBitRate.18.3164929 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS<br>rmon alarm 33334 cbQosCMDropBitRate.34.5364641 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
<br>rmon alarm 33335 cbQosCMDropBitRate.50.14618161 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS<br>rmon alarm 33336 cbQosCMDropBitRate.66.2065329 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
<br>banner login ^C<br>-----------------------------------------------------------------------<br>Cisco Router and Security Device Manager (SDM) is installed on this device. <br>This feature requires the one-time use of the username "cisco"
<br>with the password "cisco". The default username and password have a privilege level of 15.</p>
<p>Please change these publicly known initial credentials using SDM or the IOS CLI. <br>Here are the Cisco IOS commands.<br> <br>username <myuser> privilege 15 secret 0 <mypassword><br>no username cisco
</p>
<p>Replace <myuser> and <mypassword> with the username and password you want to use. </p>
<p>For more information about SDM please follow the instructions in the QUICK START <br>GUIDE for your router or go to <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.cisco.com/go/sdm" target="_blank">
http://www.cisco.com/go/sdm</a> <br>----------------------------------------------------------------------- <br>^C<br>!<br>line con 0<br> no modem enable<br>line aux 0<br>line vty 0 4<br> length 0<br> transport input telnet ssh
<br>!<br>scheduler max-task-time 5000<br>end</p>
<p> </p></div>