Fórum Root.cz
		Hlavní témata => Sítě => Téma založeno: Janko Hrasko  26. 04. 2013, 17:28:02
		
			
			- 
				Na obycajnom cisco 800 routry sa pokusam rozbehat priority queing. Postupujem podla navodu, ale problem je v tom, ze priority queuing sa uplatnuje iba pre pakety, ktore z routra priamo odchadzaju(v linux terminologii chain Output) a nie pre pakety, ktore nim prechadzaju(chain Forward). 
 
 konfiguracia pre interfacie, na ktorom chcem, aby sa priority uplatnovali a z ktoreho mi odchadzaju pakety smerom von:
 
 interface FastEthernet4
 ip address 192.168.7.1 255.255.255.248
 ip flow ingress
 duplex auto
 speed auto
 priority-group 1
 konfiguracia front:
 priority-list 1 protocol ip high list 191
 priority-list 1 protocol ip normal list 193
 priority-list 1 protocol ip high list 91
 priority-list 1 default low
 a nakoniec ako urcujem, ktore pakety patria do ktorej fronty-je to cez cisco access-listy:
 access-list 191 permit tcp any any eq 22
 access-list 191 permit tcp any eq 22 any
 access-list 191 permit icmp any any echo
 access-list 191 permit icmp any any echo-reply
 access-list 191 permit udp host 192.168.0.245 eq 1498 any
 access-list 191 permit udp any host 192.168.0.245 eq 1498
 access-list 191 permit icmp any any
 access-list 193 permit tcp any eq 3389 any
 access-list 193 permit tcp any any eq 3389
 Na stroj, ktory lezi za interfacom Fa4 a na ktory by sa mala uplatnovat tato politika neustale pingam s tym, ze pakety prichadzaju na interface vlan1 a odchadzaju spominanym Fa4. Politika sa neuplatnuje, pretoze ked dam prikaz show access-list, tak vidim, ze pocitadla access-list 191 sa nezvacsuju. Akonahle ale pingnem tento stroj priamo z routra, tak sa citace zvysia o pocet pingov. To mi je ale na prd, ja potrebujem priority pre pakety, ktore routrom prechadzaju. Stretol sa uz niekto s tym? Alebo presnejsie, co robim nespravne?
 Dakujem za kazdu radu...
 
 
 
- 
				citacum ACL neni nutne verit uplne vsechno. imho se zvetsuji jak se to zrovna ciscu libi, treba kdyz jdou pakety pres procesor (tj. zapocitaji se ty lokalni). Jedina rozumna moznost jak to overit je to proste vyzkouset generovanim zateze na max s jednim prioritnim streamem a druhym neprioritnim. Pokud nebude prioritni vypadavat a neprioritni ano, tak to asi funguje.
			
- 
				Dakujem za odpoved. 
 To, ze sa nezvysuju citace znamena presne to, ze to bohuzial nefunguje :-( Ked pustim ping -f na testovaciu masinu a zaroven na nu vygenerujem obrovsky traffic, tak bohuzial zacne dochadzat k velkej stratovosti pingov, ktore maju najvyssiu prioritu. Ked spustim pingy priamo z routra, tak sa nestrati samozrejme ani jeden a k zvysovaniu citacov dochadza tak ako ma. Ako pisem, k prioritam dochadza iba ak su pakety vygenerovane priamo z routra a tie ktore nim iba prechadzaju sa to netyka. Fakt neviem co s tym...
- 
				a co říká show int fa4na řádcích
 Queueing strategy: ??
 Output queue:
?
 
 případně
 > show queueing interface fa4
 
- 
				Dakujem za odpoved. Vypisi ktore prikladam potvrdzuju iba to, co uz viem. Bohuzial, kde mam v konfiguracii chybu uz z toho zistit nedokazem...
 
 router#show interfaces fastEthernet 4
 FastEthernet4 is up, line protocol is up 
 Hardware is PQUICC_FEC, address is 0019.e872.b3df (bia 0019.e872.b3df)
 Internet address is 192.168.7.1/29
 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
 Keepalive set (10 sec)
 Full-duplex, 100Mb/s, 100BaseTX/FX
 ARP type: ARPA, ARP Timeout 04:00:00
 Last input 01:38:46, output 00:00:00, output hang never
 Last clearing of "show interface" counters 20:31:29
 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 Queueing strategy: priority-list 1
 Output queue (queue priority: size/max/drops):
 high: 0/20/0, medium: 0/40/0, normal: 0/60/0, low: 0/80/0
 5 minute input rate 7000 bits/sec, 7 packets/sec
 5 minute output rate 7000 bits/sec, 8 packets/sec
 6165575 packets input, 638681330 bytes
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog
 0 input packets with dribble condition detected
 6204284 packets output, 663715242 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collision, 0 deferred
 0 lost carrier, 0 no carrier
 0 output buffer failures, 0 output buffers swapped out
 Prikaz show queueing interface fastEthernet 4 zatial co na testovaci stroj neustale pingam zo stroja ktory je na vlan1
 Interface FastEthernet4 queueing strategy: priority
 
 Output queue utilization (queue/count)
 high/0 medium/0 normal/0 low/0
 Prikaz show queueing interface fastEthernet 4 zatial co urobim 5 pingov na testovaci stroj priamo z routra
 Interface FastEthernet4 queueing strategy: priority
 
 Output queue utilization (queue/count)
 high/5 medium/0 normal/0 low/0
 Zaroven vidim, ze sa zdvihli aj pocitadla na prislusnom access-liste, takze show access-lists
 Extended IP access list 191
 10 permit tcp any any eq 22
 20 permit tcp any eq 22 any
 30 permit icmp any any echo (5 matches)
 40 permit icmp any any echo-reply
 50 permit udp host 192.168.0.245 eq 1498 any
 60 permit udp any host 192.168.0.245 eq 1498
 70 permit icmp any any
 
 Pripajam vypis zo show running-config
 Building configuration...
 
 Current configuration : 6344 bytes
 !
 ! Last configuration change at 16:33:19 A Fri Apr 26 2013 by xxxx
 ! NVRAM config last updated at 16:38:48 A Fri Apr 26 2013 by xxxx
 !
 version 12.4
 no service pad
 service timestamps debug datetime msec
 service timestamps log datetime msec
 no service password-encryption
 no service dhcp
 !
 hostname router
 !
 boot-start-marker
 boot-end-marker
 !
 logging buffered 120000 debugging
 !
 no aaa new-model
 !
 resource policy
 !
 clock timezone A 2
 ip subnet-zero
 ip cef
 !
 !
 !
 !
 ip flow-cache entries 12000
 ip flow-cache timeout active 1
 no ip domain lookup
 ip domain name domena.cz
 !
 !
 crypto pki trustpoint TP-self-signed-1079832824
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1079832824
 revocation-check none
 rsakeypair TP-self-signed-1079832824
 !
 !
 crypto pki certificate chain TP-self-signed-1079832824
 certificate self-signed 01
 ....tu je certifikat....
 quit
 username xxxx privilege 15 secret 5 nejake_heslo.
 !
 !
 interface FastEthernet0
 !
 interface FastEthernet1
 !
 interface FastEthernet2
 !
 interface FastEthernet3
 !
 interface FastEthernet4
 ip address 192.168.7.1 255.255.255.248
 ip flow ingress
 duplex auto
 speed auto
 priority-group 1
 !
 interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.0.33 255.255.255.0
 no ip redirects
 ip tcp adjust-mss 1452
 !
 ip classless
 ip route 0.0.0.0 0.0.0.0 192.168.0.1
 ip route 172.32.1.0 255.255.255.0 Vlan1 192.168.0.239
 ip route 192.168.2.0 255.255.255.0 192.168.7.2
 ip route 192.168.7.8 255.255.255.248 192.168.7.2
 ip route 192.168.97.0 255.255.255.0 192.168.7.2
 ip route 192.168.221.0 255.255.255.0 192.168.0.239
 !
 ip flow-export version 9
 ip flow-export destination 192.168.0.1 9995
 !
 ip http server
 ip http access-class 23
 ip http authentication local
 ip http secure-server
 ip http timeout-policy idle 60 life 86400 requests 10000
 !
 access-list 23 permit 192.168.0.1
 access-list 23 permit 192.168.4.2
 access-list 23 permit 192.168.0.239
 access-list 23 permit 172.32.1.2
 access-list 23 permit 192.168.0.208
 access-list 23 permit 192.168.0.169
 access-list 91 permit 192.168.2.250
 access-list 191 permit tcp any any eq 22
 access-list 191 permit tcp any eq 22 any
 access-list 191 permit icmp any any echo
 access-list 191 permit icmp any any echo-reply
 access-list 191 permit udp host 192.168.0.245 eq 1498 any
 access-list 191 permit udp any host 192.168.0.245 eq 1498
 access-list 191 permit icmp any any
 access-list 193 permit tcp any eq 3389 any
 access-list 193 permit tcp any any eq 3389
 priority-list 1 protocol ip high list 191
 priority-list 1 protocol ip normal list 193
 priority-list 1 protocol ip high list 91
 priority-list 1 default low
 snmp-server community public RO
 no cdp run
 !
 !
 control-plane
 !
 banner login ^C
 -----------------------------------------------------------------------
 Cisco Router and Security Device Manager (SDM) is installed on this device.
 This feature requires the one-time use of the username "cisco"
 with the password "cisco". The default username and password have a privilege level of 15.
 
 Please change these publicly known initial credentials using SDM or the IOS CLI.
 Here are the Cisco IOS commands.
 
 username <myuser>  privilege 15 secret 0 <mypassword>
 no username cisco
 
 Replace <myuser> and <mypassword> with the username and password you want to use.
 
 For more information about SDM please follow the instructions in the QUICK START
 GUIDE for your router or go to http://www.cisco.com/go/sdm
 -----------------------------------------------------------------------
 ^C
 !
 line con 0
 login local
 no modem enable
 line aux 0
 line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
 !
 scheduler max-task-time 5000
 ntp clock-period 17175066
 ntp server 192.168.0.5
 end
 
 Takze vysledok je taky, ze PQ sa uplatnuje iba na pakety vychadzajuce priamo z routra. Na pakety prechadzajuce routrom sa to nevzatahuje. Overene nielen vypismi z konfiguracie routra, ale taktiez prakticky. Kde mam v konfiguracii chybu nemam sajnu. Budem rad za kazde nasmerovanie...
- 
				Nazdar, bude to zniet sialene, ale v praci sme mali IOS bug pri ktorom sa neuplatnoval QOS pri nastaveni auto speed a duplexu na interface. Bolo to pre vyssiu modelovu radu, ale mohlo by to pomoct. Nastav FastEthernet4 na duplex full, speed 100, wr me a reloadni. Ked to nezaberie, vyskusaj iny IOS, napriklad najnovsi c870-advipservicesk9-mz.124-24.T8.bin (alebo co to vlastne mas za router). Daj vediet ci pomohlo ;-)
			
- 
				Tak nastavenie rychlosti a duplexu na tvrdo a reload routra bohuzial nepomohlo. Stiahol som najnovsi software z netu, v pondelok porovnam md5sum a ked bude spravny podla cisca tak nahrajem a vyskusam ten novy software. Zatial dakujem za rady a napady, buduci tyzden sa ozvem, ci to pomohlo.
			
- 
				Tak som to samozrejme nevydrzal, urobil flash na tom routry a bohuzial nepomohlo  :'(
			
- 
				posli:
 
 show version
 show flash
 show running-config all
 
 show log nevypisuje volaco divne?
- 
				Další postup bych začal opuštěním konfigurace QoS přes "legacy CLI" a přepsal bych to do MQC:
 
 class-map PQ
 match access-group 191
 
 policy-map PQ
 class PQ
 priority percent 75
 
 interface FastEthernet4
 service-policy output PQ
 
- 
				takze, ideme postupne:
 
 show version
 Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
 Technical Support: http://www.cisco.com/techsupport
 Copyright (c) 1986-2012 by Cisco Systems, Inc.
 Compiled Sun 09-Sep-12 09:09 by prod_rel_team
 
 ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE
 
 router uptime is 2 hours, 22 minutes
 System returned to ROM by reload at 17:39:08 A Sat Apr 27 2013
 System restarted at 17:40:04 A Sat Apr 27 2013
 System image file is "flash:c870-advipservicesk9-mz.124-24.T8.bin"
 Last reload reason: Reload Command
 
 
 
 This product contains cryptographic features and is subject to United
 States and local country laws governing import, export, transfer and
 use. Delivery of Cisco cryptographic products does not imply
 third-party authority to import, export, distribute or use encryption.
 Importers, exporters, distributors and users are responsible for
 compliance with U.S. and local country laws. By using this product you
 agree to comply with applicable laws and regulations. If you are unable
 to comply with U.S. and local laws, return this product immediately.
 
 A summary of U.S. laws governing Cisco cryptographic products may be found at:
 http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
 
 If you require further assistance please contact us by sending email to
 export@cisco.com.
 
 Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
 Processor board ID FHK104519XV
 MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
 5 FastEthernet interfaces
 128K bytes of non-volatile configuration memory.
 28672K bytes of processor board System flash (Intel Strataflash)
 
 Configuration register is 0x2102
 
 show flash:
 28672K bytes of processor board System flash (Intel Strataflash)
 
 Directory of flash:/
 
 2  -rwx    21910432  Apr 27 2013 17:20:37 +02:00  c870-advipservicesk9-mz.124-24.T8.bin
 3  -rwx        2254   Mar 1 2002 02:03:27 +02:00  sdmconfig-8xx.cfg
 4  -rwx      833024   Mar 1 2002 02:03:43 +02:00  es.tar
 5  -rwx     1052160   Mar 1 2002 02:04:03 +02:00  common.tar
 6  -rwx        1038   Mar 1 2002 02:04:15 +02:00  home.shtml
 7  -rwx      102400   Mar 1 2002 02:04:29 +02:00  home.tar
 8  -rwx      491213   Mar 1 2002 02:04:45 +02:00  128MB.sdf
 9  -rwx         660   Aug 3 2012 13:15:34 +02:00  vlan.dat
 
 27611136 bytes total (3207168 bytes free)
 show run all
 Building configuration...
 
 Current configuration with default configurations exposed : 12525 bytes
 !
 version 12.4
 parser cache
 no service log backtrace
 no service config
 no service exec-callback
 no service nagle
 service slave-log
 no service slave-coredump
 no service pad to-xot
 no service pad from-xot
 no service pad cmns
 no service pad
 no service telnet-zeroidle
 no service tcp-keepalives-in
 no service tcp-keepalives-out
 service timestamps debug datetime msec
 service timestamps log datetime msec
 no service password-encryption
 no service exec-wait
 no service linenumber
 no service internal
 no service scripting
 no service compress-config
 service prompt config
 no service old-slip-prompts
 no service pt-vty-logging
 no service disable-ip-fast-frag
 no service sequence-numbers
 no service dhcp
 !
 hostname router
 !
 boot-start-marker
 boot system flash c870-advipservicesk9-mz.124-24.T8.bin
 boot-end-marker
 !
 logging exception 4096
 no logging count
 no logging message-counter log
 no logging message-counter debug
 logging message-counter syslog
 no logging snmp-authfail
 no logging userinfo
 logging buginf
 logging queue-limit 100
 logging queue-limit esm 0
 logging queue-limit trap 100
 logging buffered 120000
 no logging persistent
 logging rate-limit console 10 except errors
 logging console guaranteed
 logging console debugging
 logging monitor debugging
 logging on
 !
 no aaa new-model
 memory-size iomem 10
 clock timezone A 2
 errdisable detect cause all
 errdisable recovery interval 300
 !
 crypto pki trustpoint TP-self-signed-1079832824
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1079832824
 revocation-check none
 rsakeypair TP-self-signed-1079832824
 !
 !
 crypto pki certificate chain TP-self-signed-1079832824
 certificate self-signed 01
 tu je certifikat
 quit
 dot11 syslog
 dot11 activity-timeout unknown default 60
 dot11 activity-timeout client default 60
 dot11 activity-timeout repeater default 60
 dot11 activity-timeout workgroup-bridge default 60
 dot11 activity-timeout bridge default 60
 dot11 aaa csid default
 ip source-route
 ip icmp redirect subnet
 ip spd queue threshold minimum 73 maximum 74
 !
 !
 !
 !
 ip cef
 no ip domain lookup
 ip domain name domena.cz
 ip igmp snooping vlan 1
 ip igmp snooping vlan 1 mrouter learn pim-dvmrp
 ip igmp snooping vlan 2
 ip igmp snooping vlan 2 mrouter learn pim-dvmrp
 ip igmp snooping
 no ipv6 cef
 ipv6 dhcp ping packets 0
 !
 multilink bundle-name authenticated
 !
 cwmp agent
 no enable download
 no enable
 request outstanding 5
 parameter change notify interval 60
 session retry limit 11
 management server username 00000C-CISCO871%2dK9V03-FHK104519XV
 no management server password
 no management server url
 no provision code
 no connection request username
 no connection request password
 no wan ipaddress
 !
 !
 !
 file prompt alert
 emm clear 1b5b324a1b5b303b30480d
 vtp file flash:vlan.dat
 vtp mode server
 vtp version 1
 username xxxx privilege 15 secret 5 tajne_heslo.
 !
 no crypto isakmp diagnose error
 !
 !
 archive
 log config
 no record rc
 no logging enable
 logging size 100
 no notify syslog contenttype plaintext
 no notify syslog contenttype xml
 hidekeys
 no path
 no rollback filter adaptive
 rollback retry timeout 0
 scripting tcl low-memory 11758933
 scripting tcl trustpoint untrusted terminate
 no scripting tcl secure-mode
 !
 !
 ip ssh time-out 120
 ip ssh authentication-retries 3
 ip ssh break-string ~break
 ip ssh dh min size 1024
 !
 !
 interface FastEthernet0
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
 !
 interface FastEthernet1
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
 !
 interface FastEthernet2
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
 !
 interface FastEthernet3
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
 !
 interface FastEthernet4
 ip address 192.168.7.1 255.255.255.248
 ip redirects
 ip proxy-arp
 ip flow ingress
 speed 100
 full-duplex
 snmp trap link-status
 priority-group 1
 !
 interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.0.33 255.255.255.0
 no ip redirects
 ip proxy-arp
 ip tcp adjust-mss 1452
 autostate
 snmp trap link-status
 !
 ip classless
 ip forward-protocol nd
 ip route 0.0.0.0 0.0.0.0 192.168.0.1
 ip route 172.32.1.0 255.255.255.0 Vlan1 192.168.0.239
 ip route 192.168.2.0 255.255.255.0 192.168.7.2
 ip route 192.168.7.8 255.255.255.248 192.168.7.2
 ip route 192.168.97.0 255.255.255.0 192.168.7.2
 ip route 192.168.221.0 255.255.255.0 192.168.0.239
 ip http server
 ip http port 80
 ip http access-class 23
 ip http authentication local
 ip http secure-server
 ip http secure-port 443
 ip http secure-active-session-modules all
 ip http max-connections 5
 ip http timeout-policy idle 60 life 86400 requests 10000
 ip http active-session-modules all
 ip http digest algorithm md5
 ip http client cache memory pool 100
 ip http client cache memory file 2
 ip http client cache ager interval 5
 ip http client connection timeout 10
 ip http client connection retry 1
 ip http client connection idle timeout 30
 ip http client response timeout 30
 ip http path
 !
 ip flow-cache entries 12000
 ip flow-cache timeout active 1
 ip flow-export version 9
 ip flow-export destination 192.168.0.1 9995
 !
 ip rtcp report interval 5000
 ip rtcp sub-rtcp message-type 209
 !
 no ip sla logging traps
 logging history size 1
 logging history warnings
 logging trap informational
 logging delimiter tcp
 logging facility local7
 no logging source-interface
 access-list 23 permit 192.168.0.1
 access-list 23 permit 192.168.4.2
 access-list 23 permit 192.168.0.239
 access-list 23 permit 172.32.1.2
 access-list 23 permit 192.168.0.208
 access-list 23 permit 192.168.0.169
 access-list 91 permit 192.168.2.250
 access-list 191 permit tcp any any eq 22
 access-list 191 permit tcp any eq 22 any
 access-list 191 permit icmp any any echo
 access-list 191 permit icmp any any echo-reply
 access-list 191 permit udp host 192.168.0.245 eq 1498 any
 access-list 191 permit udp any host 192.168.0.245 eq 1498
 access-list 191 permit icmp any any
 access-list 193 permit tcp any eq 3389 any
 access-list 193 permit tcp any any eq 3389
 priority-list 1 protocol ip high list 191
 priority-list 1 protocol ip normal list 193
 priority-list 1 protocol ip high list 91
 priority-list 1 default low
 mac-address-table aging-time 300
 no cdp run
 
 !
 !
 !
 !
 snmp-server engineID local 8000000903000019E872B3D5
 snmp-server view *ilmi system included
 snmp-server view *ilmi atmForumUni included
 snmp-server view v1default iso included
 snmp-server view v1default internet.6.3.15 excluded
 snmp-server view v1default internet.6.3.16 excluded
 snmp-server view v1default internet.6.3.18 excluded
 snmp-server view v1default ciscoMgmt.394 excluded
 snmp-server view v1default ciscoMgmt.395 excluded
 snmp-server view v1default ciscoMgmt.399 excluded
 snmp-server view v1default ciscoMgmt.400 excluded
 snmp-server community public v1default RO
 snmp-server priority normal
 no snmp-server trap link ietf
 snmp-server trap authentication vrf
 snmp-server trap authentication acl-failure
 snmp-server trap authentication unknown-content
 snmp-server packetsize 1500
 snmp-server queue-limit notification-host 10
 snmp-server chassis-id FHK104519XV
 snmp-server inform retries 3 timeout 15 pending 25
 snmp mib nhrp
 snmp mib notification-log globalsize 500
 snmp mib notification-log globalageout 15
 snmp mib community-map  ILMI engineid 8000000903000019E872B3D5
 snmp mib community-map  public engineid 8000000903000019E872B3D5
 !
 control-plane
 !
 banner login ^C
 -----------------------------------------------------------------------
 Cisco Router and Security Device Manager (SDM) is installed on this device.
 This feature requires the one-time use of the username "cisco"
 with the password "cisco". The default username and password have a privilege level of 15.
 
 Please change these publicly known initial credentials using SDM or the IOS CLI.
 Here are the Cisco IOS commands.
 
 username <myuser>  privilege 15 secret 0 <mypassword>
 no username cisco
 
 Replace <myuser> and <mypassword> with the username and password you want to use.
 
 For more information about SDM please follow the instructions in the QUICK START
 GUIDE for your router or go to http://www.cisco.com/go/sdm
 -----------------------------------------------------------------------
 ^C
 alias exec h help
 alias exec lo logout
 alias exec p ping
 alias exec r resume
 alias exec s show
 alias exec u undebug
 alias exec un undebug
 alias exec w where
 default-value exec-character-bits 7
 default-value special-character-bits 7
 default-value data-character-bits 8
 !
 line con 0
 login local
 no modem enable
 line aux 0
 line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
 !
 scheduler max-task-time 5000
 scheduler allocate 100000 1000
 ntp server 192.168.0.110
 cns id hostname
 cns id hostname event
 cns id hostname image
 cns image retry 60
 netconf max-sessions 4
 netconf lock-time 10
 netconf max-message 0
 event manager scheduler script thread class default number 1
 event manager scheduler applet thread class default number 32
 event manager history size events 10
 event manager history size traps 10
 end
 
- 
				Sice ti to bude asi prd platne, ale skusil som si tvoj setup na mojom routri CISCO 871W (to iste co mas aj ty len s wifi kartou naviac), IOS pouzivam ten isty c870-advipservicesk9-mz.124-24.T8.bin a chova sa to rovnako. Pri nastaveni cez "novy" MQC standard (policy-map, class-map) vsetko chodi ako ma:
 
 access list:
 access-list 191 permit icmp any any echo
 
 mapy:
 class-map match-any COS1
 match access-group 191
 !
 !
 policy-map QOS-Map
 class COS1
 priority percent 20
 class class-default
 fair-queue
 
 nastavenie WAN portu:
 interface FastEthernet4
 bandwidth 25000
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
 no cdp enable
 service-policy output QOS-Map
 
 z notebooku na LAN som opingal 100 packetmi server na internete:
 cisco871w#sh policy-map interface FastEthernet4
 FastEthernet4
 
 Service-policy output: QOS-Map
 
 queue stats for all priority classes:
 Queueing
 queue limit 64 packets
 (queue depth/total drops/no-buffer drops) 0/0/0
 (pkts output/bytes output) 100/7400
 
 Class-map: COS1 (match-any)
 100 packets, 7400 bytes
 5 minute offered rate 0 bps, drop rate 0 bps
 Match: access-group 191
 100 packets, 7400 bytes
 5 minute rate 0 bps
 Priority: 20% (5000 kbps), burst bytes 125000, b/w exceed drops: 0
 
 chodi aj pocitadlo na access-liste:
 cisco871w#sh ip access-lists 191
 Extended IP access list 191
 10 permit icmp any any echo (100 matches)
 
 funguje to spravne aj pri pingani z routra:
 cisco871w#ping www.six.sk repeat 100
 
 Type escape sequence to abort.
 Sending 100, 100-byte ICMP Echos to 194.160.23.22, timeout is 2 seconds:
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 Success rate is 100 percent (100/100), round-trip min/avg/max = 8/12/29 ms
 cisco871w#sh ip access-lists 191
 Extended IP access list 191
 10 permit icmp any any echo (200 matches)
 zial, teba si neustale zvykat na "novu modu" ;-)...
 
- 
				Takze mi to nedalo a po asi dvojdnovom googlovani som na jednej FAQ cisco stranke nasiel toto:
 
  show queueing interface interface-number [vc [[vpi/] vci] - This displays the queueing statistics of an interface or a VC. Even when there is no congestion, you will still be able to see some hits here. The reason for this is that process switched packets are always counted regardless of congestion being present. Cisco Express Forwarding (CEF) and fast-switched packets are not being counted unless there is congestion. The legacy queueing mechanisms like Priority Queueing (PQ), Custom Queueing (CQ), and Weighted Fair Queueing (WFQ), will not provide classification statistics. Only modular Quality of Service Command Line Interface (MQC)-based features in images later than 12.0(5)T provide these statistics.  
 Takze, PQ, CQ a WFQ queing je prakticky na prd. Sice podla tejto hlasky by sme mali vidiet nejake statistiky vzdy, ale tychto queing strategii sa to netyka. Ze clovek neuvidi statistiky by az tak nevadilo, omnoho horise je, ze tieto quieing strategie sa nebudu uplatnovat ani v praxi, pokial nenastane congestion na danom interface-cize sa nebudu uplatnovat nikdy(to podporuju aj moje testy). poznamka-CEF je zapnute na kazdom routry. Na 100Mbit interfacy ktory je pripojeny k inej lokalite iba linkou cca 35Mbit nedojde ku congestion nikdy(100Mbit interface nevie, ze je pripojeny iba napr. 35Mbit linkou), takze sa nikdy neuplatnia ani tieto queing strategie. A ak budete mat linku vyssiu ako 100Mbit, tak si predsa kupite silnejsi router, aby ste zbytocne neplatili drahsie pripojenie. Tejto strategii od cisca v pripade tychto queing mechanizmov teda fakt nechapem.
 Co ale naserie omnoho viac je to, ze toto sa v dokumentacii nikde nedocitate!!! Keby to rovno napisali do dokumentacie, tak si clovek usetri nervy.
 
 Chcem sa podakovat vsetkym prispievatelom za ochotu pri rieseni tohoto problemu.
- 
				Ono je to celkem pochopitelné. PQ totiž řeší pouze priority při řazení na odvysílání, nikoliv shaping. V tomto smyslu má samozřejmě cisco pravdu a buďme rádi, že nemrší terminologii.
			
- 
				Dovolim si s vasim nazorom nesuhlasit  :) O mrsenie terminologie tu urcite nejde. Queing je samozrejme nieco urcite ine ako shaping, na tom sa zhodneme. Ale to, preco su urcite queing strategie potlacovane a dochadza k nim iba pri congestion(cize skoro nikdy) a k inym queing strategiam dochadza spravne - teda vzdy tak, ako chceme, podla konfiguracie, je mi zahadou. Vsimnite si totiz, ze v tom odstavci sa pise iba o niektorych queing strategiach, ostatne funguju vzdy a za kazdych okolnosti.
			
- 
				Všechny queueing mechanismy se zapojují až při congestion na rozhraní (plný Tx ring), bez výjimky. Citovaný text hovoří v této souvislosti pouze o hitech na counterech.
			
- 
				Tak ono na tom neni nic sloziteho, pokud se lisi interface CIR a MIR ( v nasem pripade CIR=35mbit/s , MIR=100mbit/s) a mame ethernet (neni zadny mechanizmus pro congestion notification ), tak je nutne pouzit H-QOS. Jednoduse definujeme shapper na 35/mbit/s a v ramci tohoto shaperu teprve definujeme obsluhu front.
 
 Treba takhle:
 
 policy-map PARENT
 class class-default
 shape average 35000000
 service-policy QUEUES
 
 Tomas
 
 
- 
				Takze to nakoniec nie je bug, ale feature? :-D
			
- 
				Presne ako pise Tomas. Queueing sa uplatni len v ramci congestion. Pokial potrebujete aby congestion bola pri nizsej rate ako line rate interfacu, tak shaping. 
			
- 
				
 Co ale naserie omnoho viac je to, ze toto sa v dokumentacii nikde nedocitate!!! Keby to rovno napisali do dokumentacie, tak si clovek usetri nervy.
 
 
 
 Reaguji v podobném tónu jak je psán ten příspěvek.
 Sice má dokumentace i implementace Cisco svá úskalí, ale zrovna tady ses trochu seknul.
 V dokumentaci to přeci vždycky píšou, namátkou 2. odstavec:
 http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/congstion_mgmt_oview_ps6350_TSD_Products_Configuration_Guide_Chapter.html
 
 To že nečteš overview aby jsi pochopil co nastavuješ není tak úplně problém Cisca. Problém Cisca je očividně v tom, že ti jejich zařízení dovolí nastavit věci o kterých nic nevíš :)
 
 
 
  Vsimnite si totiz, ze v tom odstavci sa pise iba o niektorych queing strategiach, ostatne funguju vzdy a za kazdych okolnosti.
 
 že by to souviselo s tím, že to jsou právě ty "legacy" technologie?