SCENARIO:
Customer was blaming us (service provider) for their IP phones (Linksys 942 models) resetting, sometimes in the middle of a call dropping both the call and their "back of the phone" connected PC. Customer's IT support/VAR was not aggressive in resolving the issue (we suspected some kind of LAN issue) and so, to prove it wasn't us we stepped a little bit beyond what we normally do ourselves at the customer location. We dropped in a 3550 SMI switch, set up VLANs and trunked to their 1721 where all DHCP activity is now happening via two DHCP pools. Devices appear to be showing up in the correct VLAN and are pulling DHCP from the right pools. Could not get the Linksys phones to talk through the VLAN/NAT combination (Polycom worked ok it seemed) so we temporarily dropped them onto a public IP scheme which is working fine - we will fix this once everything else is stable. What is happening is that DNS resolution through NAT (and possibly other NAT translations) fails after several hours (or has twice). This is only affecting hosts/windows server on VLAN 1. Their Windows 2003 server acts as the DNS for their data network (it refers outside requests to ours). When this happens, customer's IT consultant can still remote terminal into their server (via static port mapping) but can't ping out of their network from it. Reloading the router restores service. Customer is also complaining that data transfer speeds are much slower between devices on their LAN (they pass around a lot of CAD files). I'm certain this must not be set up properly or we're missing something. any guidance is appreciated. RTP isn't breaking up so we didn't bother with priority queue settings on the switch. Error counts, drops and resets are ZERO on every single "show int" counters. I'd prefer not to go back to them and recommend the brute force fix of just physically separating the networks. ROUTER "SHOW VER" RELEVANT OUTPUT: (note: I've been thinking about downgrading to a stable 12.3 release we like - 12.4(1a) can't be good ?????) Router#show ver Cisco IOS Software, C1700 Software (C1700-IPBASE-M), Version 12.4(1a), RELEASE SOFTWARE (fc2) ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1) Router uptime is 5 hours, 34 minutes System returned to ROM by reload at 17:29:46 UTC Fri Jun 6 2008 System restarted at 17:32:00 UTC Fri Jun 6 2008 System image file is "flash:c1700-ipbase-mz.124-1a.bin" Cisco 1721 (MPC860P) processor (revision 0x500) with 58405K/7131K bytes of memory. Processor board ID FOC09246Q0T (879918233), with hardware revision 0000 MPC860P processor: part number 5, mask 2 1 Ethernet interface 1 FastEthernet interface 32K bytes of NVRAM. 32768K bytes of processor board System flash (Read/Write) ROUTER CONFIGURATION: version 12.4 ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! no ip dhcp use vrf connected no ip dhcp conflict logging ip dhcp excluded-address 10.0.0.254 ip dhcp excluded-address xx.xx.xx.97 ip dhcp excluded-address xx.xx.xx.98 ip dhcp excluded-address 10.0.0.1 10.0.0.10 ip dhcp excluded-address 10.0.0.100 10.0.0.110 ! ip dhcp pool phones network xx.xx.xx.96 255.255.255.224 default-router xx.xx.xx.97 dns-server xx.xx.xx.xx xx.xx.xx.xx option 66 ascii "xxxx.xxxxxxxxx.com" lease 30 ! ip dhcp pool data network 10.0.0.0 255.255.255.0 default-router 10.0.0.1 dns-server 10.0.0.100 [cust. Windows server] lease 30 ! ip name-server xx.xx.xx.xx ip name-server xx.xx.xx.xx ! class-map match-all smtp-filter match access-group 102 class-map match-all voip-sip match access-group 101 class-map match-all voip-rtp match access-group 100 ! ! policy-map voip class voip-rtp priority 960 class voip-sip bandwidth 56 class class-default fair-queue policy-map inbound class smtp-filter ! interface Ethernet0 ip address xx.xx.xx.238 255.255.255.252 ip nat outside load-interval 60 full-duplex no cdp enable service-policy input inbound service-policy output voip ! interface FastEthernet0 no ip address speed 100 full-duplex ! interface FastEthernet0.1 encapsulation dot1Q 1 native ip address 10.0.0.1 255.255.255.0 ip nat inside no snmp trap link-status ! interface FastEthernet0.2 encapsulation dot1Q 2 ip address xx.xx.xx.97 255.255.255.224 no snmp trap link-status ! ip classless ip route 0.0.0.0 0.0.0.0 xx.xx.xx.237 ! no ip http server ip nat inside source list 10 interface Ethernet0 overload ip nat inside source static tcp 10.0.0.100 25 interface Ethernet0 25 ip nat inside source static tcp 10.0.0.100 3389 interface Ethernet0 3389 ip nat inside source static tcp 10.0.0.100 443 interface Ethernet0 443 ip nat inside source static tcp 10.0.0.100 80 interface Ethernet0 80 ! access-list 10 permit 10.0.0.0 0.0.0.255 access-list 100 permit ip any any dscp ef access-list 101 permit ip any any dscp af31 access-list 102 permit tcp xx.xx.0.0 0.0.255.255 any eq smtp access-list 102 deny tcp any any eq smtp access-list 102 permit ip any any ! control-plane ! end CISCO 3550 SWITCH INFORMATION: SWITCH#show ver Cisco IOS Software, C3550 Software (C3550-IPBASE-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 30-Aug-05 13:14 by yenanh ROM: Bootstrap program is C3550 boot loader SWITCH uptime is 3 days, 1 hour, 33 minutes System returned to ROM by power-on System image file is "flash:c3550-ipbase-mz.122-25.SEB4/c3550-ipbase-mz.122-25.SEB4.bin" Cisco WS-C3550-24 (PowerPC) processor (revision R0) with 65526K/8192K bytes of memory. Processor board ID CAT0946N39P Last reset from warm-reset Running Layer2/3 Switching Image 384K bytes of flash-simulated NVRAM. CISCO 3550 SWITCH CONFIGURATION: version 12.2 mls qos ip subnet-zero ip name-server xx.xx.xx.xx ip name-server xx.xx.xx.xx ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode access switchport voice vlan 2 mls qos trust dscp spanning-tree portfast ! ! [ports 1-11 configured identically] ! interface FastEthernet0/12 description WINDOWS 2003 SERVER switchport mode access mls qos trust dscp spanning-tree portfast ! interface FastEthernet0/13 switchport mode access switchport voice vlan 2 mls qos trust dscp spanning-tree portfast ! ! [ports 13-23 configured identically] ! interface FastEthernet0/24 description UPLINK TO 1721 ROUTER switchport trunk encapsulation dot1q switchport mode trunk duplex full speed 100 ! interface Vlan1 ip address 10.0.0.254 255.255.255.0 ! interface Vlan2 ip address xx.xx.xx.98 255.255.255.224 ! ip classless ! control-plane ! _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
