Cisco 891 Networking | network-policy traffic shaping

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.01.06 12:53:49 =~=~=~=~=~=~=~=~=~=~=~=show runROUTER-253#show runBuilding configuration...Current configuration : 10641 bytes!! Last configuration change at 11:42:38 CDT Fri Oct 22 2021 by ithelp! NVRAM config last updated at 11:42:41 CDT Fri Oct 22 2021 by ithelp! NVRAM config last updated at 11:42:41 CDT Fri Oct 22 2021 by ithelpversion 15.2service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname ROUTER-253!boot-start-markerboot-end-marker!!logging buffered 51200 warningsenable password 7 !aaa new-model!!aaa authentication login default localaaa authentication ppp default localaaa authorization exec default local aaa authorization network default local !!!!!aaa session-id commonclock timezone CST -6 0clock summer-time CDT recurring!crypto pki trustpoint enrollment selfsigned subject-name cn= revocation-check none rsakeypair !!crypto pki certificate chain TP-self- certificate self-signed 01 quitip cef!!!!!!!!no ip domain lookupip domain name yourdomain.comip inspect name FW dnsip inspect name FW ftpip inspect name FW rtspip inspect name FW skinnyip inspect name FW esmtpip inspect name FW sqlnetip inspect name FW tftpip inspect name FW sipip inspect name FW xdmcpip inspect name FW pop3ip inspect name FW imapip inspect name FW h323ip inspect name FW ntpip inspect name FW isakmpno ipv6 cef!!!!!multilink bundle-name authenticated!!key chain EIGRP-KEY key 1 key-string 7 !!!!!license udi pid CISCO892-K9 sn !!!redundancy!!!crypto ikev2 keyring DMVPN-KEYRING-MPLS peer MPLS address pre-shared-key !!crypto ikev2 keyring DMVPN-KEYRING-INET peer ANY address pre-shared-key !!!crypto ikev2 profile DMVPN-IKE-PROFILE-MPLS match identity remote address authentication remote pre-share authentication local pre-share keyring local DMVPN-KEYRING-MPLS dpd 40 5 on-demand!crypto ikev2 profile DMVPN-IKE-PROFILE-INET match identity remote address 0.0.0.0 identity local address authentication remote pre-share authentication local pre-share keyring local DMVPN-KEYRING-INET dpd 40 5 on-demand!!!!class-map match-any SCAVENGER-DATA-OUT match dscp cs1 class-map match-all VOICE-SIGNALING-OUT match ip dscp cs3 af31 class-map match-all VOICE-AUDIO-OUT match ip dscp ef class-map match-all CRITICAL-DATA-OUT match ip dscp af21 class-map match-all NET-CTRL match ip dscp cs6 !policy-map WAN-QOS-OUT class VOICE-AUDIO-OUT priority percent 40 class NET-CTRL bandwidth remaining percent 5 class VOICE-SIGNALING-OUT bandwidth remaining percent 10 class CRITICAL-DATA-OUT bandwidth remaining percent 20 random-detect dscp-based class SCAVENGER-DATA-OUT bandwidth remaining percent 1 class class-default bandwidth remaining percent 20 random-detectpolicy-map MPLS-SHAPE-QOS-20M-OUT class class-default shape average 20000000 service-policy WAN-QOS-OUTpolicy-map INET-SHAPE-QOS-4M-OUT class class-default shape average 4000000 service-policy WAN-QOS-OUT!! crypto isakmp keepalive 30 5!crypto ipsec security-association replay window-size 1024!crypto ipsec transform-set AES256/SHA/TRANSPORT esp-aes 256 esp-sha-hmac mode transport!crypto ipsec profile DMVPN-IPSEC-PROFILE-INET set transform-set AES256/SHA/TRANSPORT set ikev2-profile DMVPN-IKE-PROFILE-INET!crypto ipsec profile DMVPN-IPSEC-PROFILE-MPLS set transform-set AES256/SHA/TRANSPORT set ikev2-profile DMVPN-IKE-PROFILE-MPLS!!!!!!!interface Loopback1 ip address ip pim sparse-mode hold-queue 1024 in hold-queue 1024 out!interface Tunnel101 description DMVPN: MPLS bandwidth 20000 ip address no ip redirects ip mtu 1400 ip pim dr-priority 0 ip pim nbma-mode ip pim sparse-mode ip nhrp authentication ip nhrp group 20M ip nhrp network-id 101 ip nhrp holdtime 600 ip nhrp nhs nbma multicast ip nhrp registration no-unique ip nhrp shortcut ip tcp adjust-mss 1360 load-interval 30 if-state nhrp cdp enable tunnel source FastEthernet8 tunnel mode gre multipoint tunnel key 101 tunnel protection ipsec profile DMVPN-IPSEC-PROFILE-MPLS shared!interface Tunnel201 description DMVPN: INET bandwidth 4000 bandwidth receive 60000 ip address no ip redirects ip mtu 1400 ip pim dr-priority 0 ip pim nbma-mode ip pim sparse-mode ip nhrp authentication ip nhrp group 60M ip nhrp network-id 201 ip nhrp holdtime 600 ip nhrp nhs nbma multicast ip nhrp registration no-unique ip nhrp shortcut ip tcp adjust-mss 1360 load-interval 30 delay 8000 if-state nhrp cdp enable tunnel source GigabitEthernet0 tunnel mode gre multipoint tunnel key 201 tunnel protection ipsec profile DMVPN-IPSEC-PROFILE-INET shared!interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop!interface FastEthernet0 no ip address!interface FastEthernet1 no ip address!interface FastEthernet2 no ip address!interface FastEthernet3 no ip address!interface FastEthernet4 no ip address!interface FastEthernet5 no ip address!interface FastEthernet6 no ip address!interface FastEthernet7 no ip address!interface FastEthernet8 description WAN: MPLS bandwidth 20000 ip address no ip redirects no ip unreachables no ip proxy-arp ip flow egress load-interval 30 duplex auto speed auto no cdp enable service-policy output MPLS-SHAPE-QOS-20M-OUT!interface GigabitEthernet0 description INTERNET: Charter Cable bandwidth 4000 bandwidth receive 60000 ip address dhcp hostname ip access-group in-from-world in ip nat outside ip inspect FW out ip virtual-reassembly in load-interval 30 duplex auto speed auto no cdp enable service-policy output INET-SHAPE-QOS-4M-OUT!interface Vlan1 description Inside ip address secondary ip address secondary ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452!!router eigrp DMVPN-EIGRP ! address-family ipv4 unicast autonomous-system 100 ! af-interface default passive-interface exit-af-interface ! af-interface Tunnel101 authentication mode md5 authentication key-chain EIGRP-KEY hello-interval 20 hold-time 60 no passive-interface exit-af-interface ! af-interface Tunnel201 authentication mode md5 authentication key-chain EIGRP-KEY hello-interval 20 hold-time 60 no passive-interface exit-af-interface ! topology base exit-af-topology network network network network eigrp router-id exit-address-family!ip forward-protocol ndip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000!!ip nat inside source route-map Internet interface GigabitEthernet0 overloadip route name MPLSip route 0.0.0.0 0.0.0.0 dhcp!ip access-list extended NATList deny deny deny deny deny permit ip any!access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit access-list 23 permit !route-map Internet permit 10 match ip address NATList!snmp-server group marcomon v3 auth read access snmp-server group marcomon-group v3 priv snmp-server community marcomon ROsnmp-server community snmp RO marcomon!!!!control-plane!!!!mgcp profile default!!!!!!line con 0line aux 0line vty 0 4 access-class 23 in privilege level 15 transport input telnet sshline vty 5 15 access-class 23 in privilege level 15 transport input telnet ssh!ntp server 172.22.255.1!endROUTER-253#

/r/networking Thread Parent