Cisco Infrastructure :: Auto Qos Voip Trust On 3560X
Jan 25, 2013
I applied command "auto qos voip trust" to the uplink interface. But I found that the interface shown command "auto qos trust" was applied when i show running-config. Could the command "auto qos voip trust" show in the configuration after i applied? If not, how can i check the interface that applied "auto qos voip trust"?
I am wondering if having a Nexus 7K is mandatory to implement SGACLs within a TrustSec Infrastructure deployment or having a Nexus 5500 could be enough?
We have a few voip phones, with the voip server in the building. The hard phones have been trouble, with dropouts and occasional bad quality phone calls. The sip provider is absolutely hopeless. The modem router is a DG834Gv5 with fw V1.6.00.33. There is no option in the router interface to edit QoS settings. How can I improve our voip system? have an iphone connected to a handset or something, could that? We are using an iPECS-50A voip server and iPECS LIP-8012D phones.
My second question is in regards to auto attendants. I need to edit auto attendant settings. I assume this is done using the VOIP server. When the IP address is entered, I get a station program option and Admin & Maintenance. Where would I find auto attendant?
We just got many 3560x switches for a project. Curiously and in a very rate event (at least for me ) 4 of them died after workijg normally. 3 for some days and the last one for 3 weeks.Power supplies are ok and light up, they work on other switches, fans dont start kn the damagdd switch but work in ither switches.Syslog server doesnt show anything. It just goes puff. They are brand new switches biught one month ago from official channek distributor.
I have a 4510R-E chassis with SUP7-E running IOS XE version 3.01.01.SG. I am unable to create a port-channel and apply auto-qos for VOIP.If I configure auto-qos on the physical interfaces, I get this message when I try adding them to the port channel:
"The attached policymap is not suitable for member either due to non-queuing actions or due to type of classmap filters."
Auto-qos is not an available command in the port-channel interface configuration, but if I try adding the service policies that were created by auto-qos to the port channel manually, it lets me apply the input policy but on the output policy I get this message:
"A service-policy with queuing actions can be attached in output direction only on physical ports."
With the input policy applied to the port-channel interface, I tried addign the output policy to the physical ports and I got this message:
"A service-policy with non-queuing actions should be attached to the port-channel associated with this physical port."
Is there a way to get the auot-qos policies applied to the port-channel properly?
recommend a cisco core switch and access switches in IPTV network infrastructure?I was ask to implement a network for IPTV system but i don't have idea what will be the model i will use.
We are trying to set up ACS 5.2 in our multi-forest AD environment. As part of our evaluation we set up an Active Directory External Identity Store to a domain (a.b.edu). It connects properly and I can see the directory groups in the that tab when we Select. This domain (a.b.edu) has a two way trust with another domain in another forest (x.y.b.edu). However, I do not see the groups in that domain and I cannot seem to manually add those groups using the Add on the free text Group Name.
The documentation is not clear on this point: Page 8-41 and 8-42 of the "User Guide for the Cisco Secure Access Control System 5.2) says: "The External User Groups dialog box appears displaying a list of AD groups in the domain, as well as other trusted domains in the same forest." This implies to me that it cannot cross forests even though a trust is set up. This seems to be what is happening.
I have a question which i am unsure of, on the 6500 i know i can set mls qos trust to cos or dscp since I don't have any trunks configured on that switch that i want to trust cos most of my ports trust dscp instead. The question is will packets coming in or going out at L3 with the TOS bits set get placed in the correct in/out queue. For example if a packet comes in on a port with a mls qos trust dscp and has the TOS set to XX will this XX get mapped to the correct COS value based on the default dscp to cos map and end up going out the correct queue which handles that specific COS number?
I mainly asked this because i saw the following on the cisco site and again i am suing dscp trust and not cos.
Weighted Round Robin (WRR), Deficit Weighted Round Robin (DWRR) and Shaped Round Robin (SRR). WRED and all the Round Robin scheduling options use the priority tag (CoS) inside an Ethernet frame to provide enhanced buffer management and outbound scheduling.
I have a problem with the command mls qos trust dscp, I used the ios c2800nm-ipvoice_ivs-mz.124-25f.bin but i can not enable dont show me the complete command in the interface Ethernet o Giga. I want to configuring mls qos trust dscp.
I want to know what the default behavior about the command 'mls qos trust dscp' under router platform interface. the router is ASR1000 series.we don't need to put above command line to trust dscp in case of router? otherwise, we have to add it as welll as like switch platform.
I am reading through a QOS Document and they want me to trust the DSCP value from an IP phone (Siemens) but UN trust the PC DSCP value. How can I trust one thing but not the other? I am using a 2960 Cisco switch with IP base IOS.
i have Catalyst2950SI with iOS12.1, connect a wifi-access-point to f1/1(dot1q trunk port),and connect another L2SW to f1/2(dot1q trunk port),and IP phone, MobileCamera connects to wifi-access-point,IP phone has dscp=40 value on its own packet,but MobileCamera doesn't have any dscp value or cos.now, i wanna do QoS by that dscp, So i type as below,
I have a computer connected to a domain trying to login and I got this error message "the trust relationship between this workstation and the primary domain failed"
Then I tried to login as local Administrator and after trying a few passswords get this error. Your account has been disabled.. please see your system administrator
We have QoS configured throughout the company, but the standard config we have applied across the 3750 switches only includes the below: We have IP phones (not cisco) attached that are marking with EF, and the PC is an untrusted end device (so needs to be by default marked as zero).Is the above enough to trust VOIP DSCP EF without resetting it to DSCP 0, or do I also need to add a trust line (i.e.: mls qos trust dscp)?
i would like to know the possibility to use mls qos trust dscp with service-policy in the IOS ver.12.2(25)SEE2.The specific version is not possible to configure like below.
Cat3750(config-if)#do sh run int f1/0/1 Building configuration...
When attempting to log in to a computer (running Windows 7 Professional) here at the office using the network administrator account, I get the error message: "The trust relationship between this workstation and the primary domain failed." I wasn't here when this laptop was set up, and so I don't know if any local user accounts were made or what their passwords would be if they were there, so I can't think of any way to log in to the machine and disconnect/reconnect to the domain which is really my only idea on how to fix it. Finding out what would cause this to suddenly start happening would also be nice, but mostly I just need to figure out how to get reconnected so I can get this back up and running.
I have some 2960 switches with Lan Lite ios in my infrastructure.And I try to configure them to support "trust device cisco-phone" and "switchport priority extend cos 0" on ports with cisco phones.But LAN Lite image does not support "mls qos trust device cisco-phone".can I use any workaround to trust cos of cisco phone and to remark PC traffic with cos 0?
I've just been testing QOS on 3560 with version 15.0(1) and it seems the the default qos trust behavior on access ports has changed. By default the trust state of a port is not to trust anything, however rather than rewriting the DSCP value of the incoming packets and settign it to 0 the switch now seems to leave the DSCP value unchanged.
SW04-C3560(config)# do sh mls qos int g0/2 GigabitEthernet0/2 trust state: not trusted trust mode: not trusted trust enabled flag: ena [Code]......
I have two Cisco 3560x switches running IPBase on different sites joined by a 1gbps connection with routed ports. I have video data totalling 80mbps in site A that is crucial to arrive at Site B regardless of any other traffic on the network.
What I would ideally like to do is reserve 100mbps on the link from A->B which is only allowed to be used for this traffic. The traffic starts in a subnet of its own and finishes in a subnet of its own (i.e. only the video traffic is in the VLAN on each switch with data and voice in different subnets).
I have Cisco Prime 4.2 and several 3560X switches. I want to enable energywise on then but after doing the Readiness Assessment they apper like "Hardware not Capable". As far as I know the 3560X do support energywise.
I'm planning to use 2 3560X (access switch) on two different locations connected over two 2921 routers in small ring. 3560Xs are directly connected via fiber. Each 3560X is conected to its own 2921, and 2921s are connected together with GRE over IPSec. So they are creating ring.I'm planning to use small area 0 in this scenario. There are less then 200 routes in the network. Will 12.2(55) IP Base on 3560X support this scenario or I will need IP Services image? "OSPF for routed access" is still little vague to me, there are only tipical case study scenarios.
I have a WS-C3560X-24P with this SW version 12.2(55)SE1. It has several L3 Vlan interfaces.How do I enable it to send Netflow traps?It does not support the ip flow-export commands.
I have an existing ASA Firewall that is configured with an inside interface and an outside interface - communications is working fine in this configuration.I am trying to add a DMZ interface that will be connected to a 3560x switch - the new ASA and Switch configuration are below. [code] I cannot ping from a computer on the LAN (10.10.10.3) to the IP address of the DMZ Switch on VLAN 510 (10.50.10.1).I can, however, ping from the DMZ Switch (10.50.10.1) to the workstation on the LAN (10.10.10.3)
I unpacked a new 3560x and went to put our standard code version on it c3560e-ipbasek9-mz.122-53.SE2. Everything seemed to upgraded fine but it won't boot to a console prompt. It seems like it loads the IOS image fine but can't get passed the Front-end Microcode IMG MGR: Programming device 0. [code]
We have a small site that has an Avaya voice switch connected to a c3560x switch.The avaya tech told us to set this on our ports to which the phone and the desktop are connected.
I have seen a similar post here from last year about a 10/half connection, but this is different. I have a provider using a 2950 switch (they left CDP on so we can see it). And we have to be set to 10/full to make this connection (as you know 10/half connected here would be or is horrible). I have had this connection running on my 2921 router w/o issue but when I connect it to my 3560X, then I get no link light (shows down/down, not connected).
What else to know about what has been tried: Connecting link to switch with switch set to auto/auto (sp/dup). Speed is 10 (as it should be) but of course w/o the other side pulsing the voltage to know what to auto to, it defaults to half so this is unacceptabel, but, I do get a link light and can pass traffic, it's just a horrible experience.
Also tried the same setting speed and duplex vs. auto disco speed and duplex on other ports of the switch, no difference, same results. Also different patch cables, same results.
My current work around is to connect the providers 2950 (10/full) to my 2921 router @ (10/full) with a BVI to another port on the router which continues on to my 3560X at 1G/full. And this works just fine. Here's more info from my 3560X and the providers 2950:
In one of my client location I have deployed one Cisco 3560X (core switch) and one SG-200-18 (access switch). I’ve configured three vlans (vlan 2, vlan 3 and management vlan 1), relevant trunking and I’ve connected two pc to the access switch to vlan 2 and 3 respectively. So far everything (including inter-vlan communication) works fine, except that I couldn’t reach the vlan 1 (management vlan) devices (access switch and core switch) from any pc which is connected to either vlan 2 or 3.
I’ve configured the “port VLAN membership” settings in SG-300 as follows,
Interface mode Administrative vlans Operational vlans GE 2 Access 2UP
If the 3560 or 3750 "X" series support GRE.I am pretty certain the older 3750-E does not support GRE (both in hardware and software)Was hoping the new super duper X series do. If not, it could get expensive
I have a 3560X switch with interfaces 36-48 on the same LAN. All interfaces are switchports. Hosts on 38, 39 and 40 are multicast senders: all sending to the same single multicast address. Hosts on 36 and 37 are receivers, having joined that multicast group. I created an SVI for the LAN and put it in ip pim passive. (That is the only PIM mode allowed for an SVI with my IOS.) Show ip igmp snooping groups shows that 36 and 37 are the only interfaces in this group. I attach a laptop to interface 42 and Wireshark, and the laptop is receiving the multicast traffic. The laptop does not join the group. I expect it would not see the traffic.
My entire switching network is enabled RSTP and I have purchased a new cisco 3560X series switch and I have not found RSTP feature in my switch.Is it available if I change the image? will cisco switches supports RSTP?
last week we have changed the connection of small town from licensed radio to direct fiber with clasic 1gig sfp.After that we have connected the new fiber , we can see 5 min outages of customer internet connection. If we are conncted on the same subnet anywhere on network, we can ping the customer all the time. But if we try to ping the customers public IP it is each 5 min for 5 min unreachable. I have tryed to sho logg in all switches but there are no mesasages. I just see, when comunication have lost, the MAC and IP of customer will disapear from routers ARP tabbel. What is going on?When i enter sho mac address-table i can see customers MAC address in all switches. There are exactly 5 min outages. 5min it runs ok, 5 min outage and it repeats agan.
I looks like the swith blocks the ARP packets from customers to their default gateway.The routers are connected to catalyst 3560x lan base ios, This switch is connected to another 3560x lan base ios and it is connected with fiber to ME3400 where are customers connected.