How I can prioritize Web Ex, Skype and some two websites on Cisco equipment. My set up is such that my 512kbps link goes to a Cisco 1941 router>Cisco ASA 5505>Cisco Catalyst Switch 2960>Computer.I want to be able to prioritize this on my network and test that it actually works.
View 1 Replies
I have a new VOIP implementation using 2960 switches. I want to prioritize voice traffic. After creating VLAN 2 I did the following:
Per Cisco, I did the following on my up-link ports:
switch port trunk allowed vlan 1,2
switch port mode trunk
switch port nonegotiate
priority-queue out
mls qos trust cos
switchport trunk allowed vlan 1,2
switchport mode trunk
switchport nonegotiate
priority-queue out
mls qos trust cos
spanning-tree port fast trunk
spanning-tree bpduguard enable
On my ports where a VOIP phone was plugged in, I did the following:
switch port trunk allowed v lan 1,2switchport mode trunk switch port no negotiate priority-queue outmls qos trust cos spanning-tree port fast trunk spanning-tree bpduguard enable
How can I verify that my voice traffic is being prioritized?
I have a Cisco ASA 5520 (8.0) and I'm trying to figure out how to prioritize traffic to specific websites (by either domain names or IP addresses/ranges). This document [URL] has some great examples, but I'm not able to create a class-map that will match addresses. I'm not doing any other traffic manipulation on this ASA.
View 1 Replies View RelatedI have two goals on my Cisco 3750E -
* Limit bandwidth to match carrier provided bandwidth (10M ethernet port, but only 6M provisioned)
* Prioritize some traffic over others through the use of a priority queue.
I have come up with this design:
access-list 100 remark priority traffic
access-list 100 permit ip 10.1.1.0 0.0.3.255 any
access-list 100 permit ip any 10.1.1.0 0.0.3.255
[Code]....
How do I know? Is there a show command to show priority packets?
Am I right in assigning dscp 46 to this interesting traffic? That way it goes to queue 2?
Am I right in applying the priority-queue out command to the interface?
We also have voice traffic. But I think i can trust it to queue up into the router with trusted dscp
I have a device which will be sending voice and data packets and is able to mark the packets with DSCP values. Voice, 18 and Data 42.If this was a straight through network, I'd be clear on how to handle this, but.....I will be putting this traffic into a VLAN to isolate it from some other traffic on the network. What is the best way to prioritize this traffic inside the VLAN? Will the Cisco switch look at and respect the DSCP values inside the VLAN and prioritize accordingly inside the VLAN? Or, do I need to do some sort of DSCP to 802.1p mapping? Another option I would be fine with would be mapping the DSCP values for voice and data to two different VLANs and then giving the voice VLAN priority over the data VLAN .... I'm using 3750E switches.
View 7 Replies View RelatedI have a Nexus 5500 which is the core of our network and we have access layer switches uplinked to it. I know by default the qos markings will be trusted.
1. On a trunk uplink from an access layer switch to the Nexus, I have "mls qos trust dscp". Will the DSCP marking be preserved when it reaches the Nexus?
2. How do I do prioritization of voice traffic on an uplink on Nexus based on DSCP EF?
I have a LAN with Cisco 1941 as the only router with NAT that connects it to the internet, with a single public IP. There are many gamer users, and they complain that Call of Duty Modern Warfare 2 sees our network as "strict NAT", while for full gaming experience it needs "open NAT". After a small research I have found out that CoD needs certain port ranges to be forwarded to LAN IPs. Well, I know how to forward a range of ports to a single IP, but how is it possible to forward a port range for all the IPs in the LAN?
View 1 Replies View RelatedI have a 1941 Cisco router with WIC-!AM-V2 card that is uning pots( regural phone ) line for data traffic.the problem I am having is the line is establishing connection but it intermittently dropos.The router is configured to dial to Centraal office and I have more that 100 other locations with the same setup that are working fine. The only differene on htis one is it is going thru a PBX line.
View 1 Replies View RelatedI have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
I have a site to site vpn between a Cisco 1941 Router and a Watch guard XTM22 Router. The tunnel is up, and from the side with the Watch guard Router, I have full access to the LAN on the Cisco 1941 side.
However, I cannot access any of the devices on the LAN on the Watch guard side. If you had to guess, which router would you say is causing the problem? I really don't know where to start looking.
I am using Cisco 2960 access switches and dont have NTP server so i can manually set time on switches but problem raised when these switches restart they show their factory default time.
View 2 Replies View RelatedI have the following configurations for switch to switch connectivety. sh int sh config int
2960 will not take full duplex setting.
Core switch
WS-C4506 cat4000-i9s-mz.122-25.EWA10.bin
FastEthernet5/8 is up, line protocol is up (connected)
[Cdoe]....
I am working for a company based in Sydney Australia, the company recently open an office in London UK, therefore we are going to get leased lined based on MPLS.We were advised that Customer Edge router will be CISCO1941/K9. We want to our UK client to access our web-based applications via MPLS network instead of internet. The UK office is using BT Business ADSL with 5 Static IP address (please note the modem IP address is actually dynamic), we are going to get a Cisco 857/K9 router which will be used for the entry for the UK client to access the MPLS network. My question will be how do I configure the Cisco 857 router to allow one of the public ip to access the MPLS network. It appears that there are two options, and I am not sure if this is going to work or which one is working better. I have attached two diagrams for clarification of my case.
Option 1 Cisco WAN interface get Dynamic IP (PPPoA) from BT LAN Interface (4 Port) get the assigned 5 Static IP addresses One of the five IPs (217.xx.xx.169) will be assigned to the FE1 (Cisco 1941), any traffic to 217.xx.xx.169 will be routed to the WAN interface of Cisco 1941 to access Sydney service (located in Sydney LAN, mostly http and https traffic) One of the five IPs to 217.xx.xx.170 will be assigned to the WAN interface of Sonicwall Firewall Router which also serve as Internet Access Gateway for LAN users, All trafiic destined for Sydney LAN will be using FE0 (Cisco 1941) as gateway
Option 2Cisco WAN interface get Dynamic IP (PPPoA) from BT LAN Interface (4 Port) will get 192.168.0.1, Cisco 857 router will be the default gateway for LAN users, using one to many NAT, also one to one NAT, One of the five IPs (217.xx.xx.169) will be forwarded to the FE0 (Cisco 1941), any traffic to 217.xx.xx.169 will be routed to the WAN interface of Cisco 1941 to access Sydney service (located in Sydney LAN, mostly http and https traffic)
i have few catalyst switches (2960, 3750) and i can't upload to them any files by tftp from my laptop, but i can download from them, and this bug don't appears on two routers.I was change tftp server, type of connection (wifi, cable), turn off firewall on win7, but no dice.
View 2 Replies View RelatedI'm running PI 1.2.1.012 and I'm having issues populating client information. Most of my switches are 2960 series. Specifically I get a lot of MAC Address "Unknown" and nothing in the IP address field. I probably get about 25% of the correct MAC address and 10% of the IP addresses. I also run CiscoWorks Prime LMS 4.3.2. and the user tracking information is about 98% correct pertaining to MAC address and IP address. My other network management tools also are very accurate.
View 1 Replies View RelatedWe recently installed two 2960, both of them with this fw version:
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
The switches see very few traffic (under 40MB on all interfaces, summed, so far), however, I/O memory utilization is about 80% as can be seen from the show memory command:
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 2B89A18 73969000 27198964 46770036 45060368 29367536
I/O 6200000 14680064 12185292 2494772 2323116 2380896
Driver te 1A00000 1048576 44 1048532 1048532 1048532
The memory allocated is almost all Packet Data, by init, "sho memory io dead" returns zero, the memory usage seems constant, there are no errors on the log, the switches operate correctly, no packet has ever been dropped, CPU usage is about 4%.
Here I showed info for one switch, the other is in the same situation. I just want to know if this behavior is expected, I don't want to find out problems when the switches will be in production whit real traffic.
I just got PI1.3, I'm new with it, and I don't know how to add devices. I have an 4500-X, an 3850 and 12 pcs. 2960S.
I see that are some out-of-the-box templates, but when i try to deploy, for example "medianet perfom" in Devices box I got "no data available"
What I have to configure on switches?
I cannot telent to 1941 router from a Window 7 PC and I can a Window XP PC. Telnet is enabled on Win 7 PC. I upgraded 1941 to latest IOS.Compters running Windows XP can telnet to router and hit the internet. Computers running Windows 7 cannot hit the internet. I replaced the 1941 with a 1760 router and Win 7 computers can telnet to router and hit the internet. I used the same config from the 1941 on the 1760.
View 5 Replies View RelatedI have an IPSec tunnel configured on my Cisco 1941. The other device is an ZyXEL router.I can see the tunnel is up but there is no traffic.This comes out the show crypto ipsec sa
interface: Dialer1
Crypto map tag: CMAP_AVW, local addr 10.10.10.89
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0)
current_peer 20.20.20.161 port 500
[code]....
We need to give TCP 3389 & 3399 priority over all other traffic between a Cisco 1941 and 2951.What is needed to do this?
View 6 Replies View RelatedI need the temperature oid for cisco 1841 and 2960 switch.
View 1 Replies View RelatedWS-C2960G-24TC-L 12.2(25)SEE3 C2960-LANBASE-M
I would like to get the temperature status from this 2960 switch (and several other models. Normally this OID should be:.1.3.6.1.4.1.9.9.13.1.3.1.6 But it does not return anything.
The termperature status can be found from the command line by running:"sh env temp" This reports back ok, so I assume there is a temperate gauge in the switch.
This oid is part of the "CISCO-ENVMON-MIB" mib and accouding to the Cisco MIB selector it is supported on my switch and IOS - 12.2(25).
(Another thing I woudl like to monitor and should be supported is the fan status oid (.1.3.6.1.4.1.9.9.13.1.4.1.3). That doesn't return anything either.
What do I need to do to get the temperature environment status from SNMP query?
I have an 871 setup at home with a fairly basic configuration (NAT, Firewall, EasyVPN, Wireless). What I've noticed is that for traffic going from the WAN interface (FastEthernet4), it seems to be hitting the ACL in place for NAT. My config: [Code] .......
Where 76.22.98.39 is the dynamic IP address from the cable provider. If the traffic isn't passing through the router, why is it trying to NAT it?
IOS Version is 12.4(6)T9
There is a remote server that downloads info from a server here at HQ. When the dowloads start the rxload on the S0/0/0 interface jumps to 98 percent or so; rxload 250/255. I needed to limit the bandwidth utilization between the servers, so I added the below line to the LAN interface on the remote router.By adding the command, it reduced the download utilization -which is what I wanted.
access-list 185 permit ip host 10.6.27.1 any
!
int f0/0
traffic-shape group 185 10000 8000 8000 1000
Question:How would applying this to the LAN interface cause the download utilization (Coming from s0/0/0) to decrease?
I have started to notice an increase in traffic from all my LAN workstations to the multicast address of 224.0.1.20, all with the same destination port (79). IANA shows this address as reserved for "experimental testing". Are there any typical applications or protocols that use this multicast address? My first thought was malware running on the hosts but it's a little tricky to prove.
View 5 Replies View RelatedWe have a data center with servers set up for different projects, some servers from partner companies and several small LANs. The traffic between all those needs to be controlled and firewalled. The servers and LANs are divided into different subnets and VLANs. Physically, their traffic is aggregated on a couple of 4506 and then sent to a FreeBSD server, where the logical gateways are set up and traffic is filtered between them.The BSD server is dying and having it there is incorrect in the first place, so we are planning to replace it with two ASA (5520) in failover.The question that arises is how to correctly implement firewalling between VLANs. Originally we thought to set up the firewalls in transparent mode and logically terminate VLANs on a stack of 3750 switches behind them, but would that filter the traffic between the VLANs? Then we thought to perhaps terminate the VLANs on the ASAs, use routing mode, and do filtering there, as well. Or should we implement multiple contexts? We have about 20 VLANs and all of them differ in rules of what should go there. None of this can be concidered an "inside" - trusted - zone, nor "outside". Internet and external links are connected and filtered in a different place.
View 1 Replies View RelatedWe have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL.
See attached file
[code]...
My issue: I have installed a firewall within my network. Currently all my clients default gateway defaults to GW:192.168.1.1. I would like all my internet traffic to route to the firewall ip 192.168.1.30. My Primary switch ip is 192.168.1.10, which is a 3560G running 12.2(25)SEE2 IPBASE-M.
My main problem is, I do not have access to the gateway, so I am trying to route internet traffic from within my switch to the firewall. I have already tried Route-Map, but seems this version of the OS does not support. I have already tried Policy-Map, but same as above. I have also tried IP ROUT command, but it did not work either.
And remember, I would like to perform the routing from the switch, because I do not have access to the default gateway which is a router to perform forward internet traffic to the firewall.
One of our Cat5513 has been displaying a lot of the error message below:
%SYS-4-P2_WARN: 8/Invalid traffic from multicast source address 01:00:5a:52:4c:4d on port 8/58
The frequency of this is quite disturbing. What this error is about? Module no.8 is our Gigabit Ethernet WS-X5410. Can that multicast address be mapped to an IP address or unicast mac-addresS? How can i go about resolving this?
We are trying to install filter software at our main location and branches. The admin console has been installed at the main branch, but I need to allow access to ports 58000-58003 through our firewall in order to successfully install the software at our branches.
View 1 Replies View RelatedI have a 877W router and a ASA5505 firewall. If I purchase a Smartnet contract for 877W router, I take it this give me access to download newer IOS for router?
Does it also give me access to ASA5505 downloads? Or do I have to purchase a seperate Smartnet for it to access ASA downloads?
Is there a way to block lan to lan traffic (except lan to gateway/gateway to lan traffic of course) on a Cisco 2960?
View 9 Replies View RelatedI have 2 hosts, 1 plugged in fa 0/21 in VLAN 101 and another in fa 0/22 in VLAN 101 on our L2 Cisco 2960. If I try and transfer files from either host the gig 0/1 trunk port on the 2960 leading tot he 3750 fa 0/1 port hits 100mb (using a real time bandwidth monitor tool), but why? This VLAN is on the same switch, why does it go one way up the trunk to the L3 3750 switch? The L3 3750 is the VTP server and the 2960 is a client. I would of thought the traffic stays local. The 2 hosts don't even have a gateway set.To sum up the typology the 2960 and 3750 are trunked using a single cable. The 3750 hangs of a ASA firewall using SVIs.Here is whatthe traffic looks like when copying a file between hosts (2gb file).
3750 L3 Switch (VTP Server)
interface FastEthernet1/0/4
description Trunk to Cisco 2960 Gig 0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
[code]....
