But they didn’t teach me that in WOBC! – Comments in configs

There are a few things that are in WIN-T that are not explained in school. You either find yourself figuring it out or being told by another Warrant. This article is focusing specifically on PM provided configurations and using QoS.

How many of you have noticed that there are configurations available for all your equipment in TXT format? How many of you use them to blow in configurations when replacing gear from your spares? How many of you have read all the comments?

I spent a few years as a Team Lead for the FORSCOM Mission Command Assessment Team and had the privilege of serving as a Guest OC/T at both NTC and JRTC.  During my encounters with my fellow Warrants, I spent time going over configurations of the routers, switches and ASAs of both enclaves and discovered that many did not know how to configure QoS, how our system policy routes, how the PEP functions, and what OSPF cost to use when switching between transmission mediums.

Here are some comments (i.e. not blown in from a copy/paste operation) from a JNN NT2R configuration document:

You can see what information is given here. Some of the code tells you how to connect to the hub TACACS (or if you’re lucky, your own) server. One you’re all familiar with to generate crypto keys. The others tell you what interface to apply a QoS policy to and my favorite, the last which tells you to set the actual bandwidth on the serial interface (FDMA modem bandwidth, HCLOS bandwidth, etc) as well as what was mentioned in a previous article, what OSPF cost to use on the link.

More examples are found in the ST2R configuration but my favorite is the access lists:

You notice that there is nothing entered for VLANs 70,71, and 73. That is for the Net Tech to do. There’s more in the access-lists for QoS and there are more ways to skin a cat.

In the txt document for the QOS categories, they instruct you to configure by IP of the host or network and know that this is all blank from the get-go! You have to do this for it to work at all:

You can get more granular since you know that one box can be using several protocols that require different treatment. CPoF co-motion ports, mIRC, web browsing and Ventrilo are great examples and besides you may be running Ventrilo on several machines and want to be able to add it to any box without changing QoS configuration in the router each time…

When you get the itch to tweak your QOS so you don’t have to turn of NIPR during a CUB (my personal pet peeve), try this instead of using IPs:

Figure out what ports and protocols your systems are using and ask your local FSR for a copy of the current WIN-T QOS configuration guide for your lot of WIN-T.  Here’s a hint: go into the contexts of your ASA and print out the configurations. They show all the allowed ports.

The only router I found that did not need configurations was the AES router in the STT unless we needed to adjust the bandwidth statement on the tunnel interface due to a smaller TDMA mesh (less than 5 Msps), but I can write more about QoS, shaping and NetFlow in another submission to the Signal Chief.

Thanks to CW3 James Hilyard for the default router configuration examples. What I had was a few years old.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">