Cisco :: Strip DSCP Tags At ISP Edge?
Oct 7, 2011My company's spent the last few weeks struggling with an issue with their VPN backups where select packets were being lost.
View 7 Replies
ADVERTISEMENT
Cisco :: Dscp-cos Or Cos-dscp Mapping In C892?
Apr 3, 2013How the dscp-cos or cos-dscp mapping takes place in c892 router? There is no command like "sh mls qos maps" in c892 like we have in c2951 or c3925.
View 3 Replies View RelatedCisco WAN :: Keep VLAN Tags Between 1921 Over T1?
Aug 8, 2012I am looking to transfer 3 VLANS (10, 20, and 30) over a T1 point to point using Cisco 1921 routers. I do not want to "Bridge" the connection, one location has a 10.1.0.0/16 subnet and the other location has a 10.2.0.0/16 subnet because we don't want to saturate the already slow link.
I tried the instructions here: [URL] With these routers couldn't I create the three VLAN's then tell the GigabitEthernet0/0 interface it's a trunk port? Or do I setup sub interfaces (.10, .20, and .30) for each vlan? I've tried all of the above and I can't get it to work. I can directly plug into the router and ping the other router on the other side of the T1 but I can get the info coming from my Dell PowerConnect 6248 (plugged into a trunk port) to go through to the router which is why I think it's a vlan issue.
Connecting TPLink Powerline Adapter To Power Strip?
Sep 28, 2012I will be purchasing the AV200 powerline kit from Tp-link and want to know whether there will be any issues in connected them through either a power strip or double adapter?
View 8 Replies View RelatedCisco AAA/Identity/Nac :: 1121 - Configuring ACS To Strip Domain From Request And Sending It To AD
Jul 24, 2011We are currently evaluating a ACS 1121 running 5.2, we are trying to configure this to Authenticate eap-peap requests.
Our users will be using credentials in a username@example.com format, if the server sees a request using username@anotherrealm.com then it would forward the request to a external proxy radius server, if the server saw a request for our domain it would strip off the @example.com part and authenticate against AD.
Im finding it hard locating documentation to tell the server if a request comes from a NAS using username@example.com then strip @example.com and authenticate username against AD.
Cisco WAN :: Community Tags Between EBGP AS200 / AS100?
Oct 10, 2012I would like to know how long a route would maintain its community tag when it traverses ***?Basically, a route is tagged 100:1000 when exiting AS100, and then accepted into AS200. AS200 will not modify the tag. Would AS200 export the route to AS300 with the same 100:1000 tag?
View 2 Replies View RelatedCisco Switching/Routing :: 802.1 Span And Wireshark To See P-bits And Vlan Tags
Dec 30, 2009I do not see 802.1Q tags nor do I see p-bits (COS) in my wireshark captures. My setup is not working and I have no way to verify (sniff) that the 6509 is setting the p-bits to 3. [code]
View 4 Replies View RelatedCisco WAN :: QoS DSCP EF With 3750-X
Sep 12, 2011I'm testing QoS with a 3750-X
I want to mark traffic in the 192.168.126.0/24 subnet with DSCP EF.
I've entered this command :
mls qos
class-map match-any class_126
match access-group 2
policy-map mark_dscp_126
[Code]....
Cisco WAN :: What Is TOS Value Equivalent To DSCP Value AF31
Dec 3, 2011I am wondering what is the TOS value equivalent to DSCP value AF31? I am wondering what is the TOS value equivalent to DSCP value AF31?I have tried to use the charts but I couldn’t understand how to convert it.
View 5 Replies View RelatedCisco WAN :: Which DSCP Marking To Use For Ex90s
May 17, 20111) which DSCP marking to use for ex90s(HD video)?
2) as a test we are planning do to deploy ex90 at few of locations. at location 1 we will do DSCP EF marking while at the other location we will do DSCP AF41 for video..assume, LOC1 calls LOC2: so, when video traffic from LOC1 arrives to LOC2 will it be marked as EF? and when traffic from LOC2 arrives LOC1 then traffic will be marked as AF41? if yes, then will there be any issue sometimes in case if we run out of bandwidth for EF?
Cisco WAN :: QoS (dscp-to-exp Mutation) On Sup-2T / Cat6500?
Nov 28, 2012I ran into interesting issue on Sup-2T. As you probably know, QoS CLI is changed on this new supervisor. I'm looking to translate incoming dscp-marked packets, into exp-marked on egress.Now, according to documentation - Catalyst 6500 Release 15.0SY Software Configuration Guide - this functionality is still called mutation-map and is configured under 'platform qos map exp-mutation'. The problem is quite simple – there is no 'platform qos map exp-mutation' on 2 different machines I checked upon. Here:
Some-6513(config)#platform qos ? 10g-only qos pure 10G mode aggregate-policer Named aggregate policer marking marking keyword
police police keyword protocol protocol keyword queueing-only queueing-only (no QoS rewrite, no policing) rewrite packet qos rewrite enable/disable statistics-export qos statistics data export
Cisco WAN :: 2951 For BGP At AS Edge?
Mar 6, 2012our customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
View 3 Replies View RelatedDSCP Domain Name And Password
Jul 26, 2012I work in a manufacturing firm where we have offices at 3 different places say A,B and C. Our ERP server is at our original unit A from where we accessed it at B and C through remote desktop application till now. But now we have hired cloud services to connect to our main ERP server. We are in the process of installing the cloud application on our server at B during which we are encountering a problem. The cloud service provider is asking for domain name and password for the DSCP server based at the orignal unit (A) which no one in the company seems to have any idea about. Our IT guy at A has resigned and has not been replaced. Our IT guy at B is inexperienced and just following the instructions of service provider who is stuck at DSCP domain name and ID. How can I know the domain name and password of DSCP server so that the process moves on?
View 5 Replies View RelatedCisco Wireless :: 4400 DSCP Mapping Toward 802.11e QoS
Aug 18, 2009According to product bulletin no 3209 for the Cisco 4400 series, the Access Point supports 802.11e WMM.
My question goes to DSCP mapping, according to IEEE and your bulletin the DSCP field in the IP header should be set to 46 (10110 00) for mapping to a 802.11 QoS voice priority 6/7.But my Wireshark trace revealed 4400N is mapping toward with 802.11 QoS is set to Priority 5 Video.
If I google DSCP mapping toward 802.11 QoS all IEEE documention I found says EF /Voice should have 46 or 101xxx in the DSCP IP field but running through Cisco and HP docs gives 46 or 48 as value, that is the correct value. [code]
Cisco Routers :: SRP521 DSCP Marking On QoS?
Jun 14, 2012I am running 1.1.24 and spa303 phones I have a qos policy setup to mark all packets
The following is my qos
information 192.168.1.15/24
makring enabled
cos/DSCO DSCO
Value 0xb8
On my upstream device I only allow traffic that is marked with this dscp value. No traffic is coming through. RTP traffic is marked because it comes off the phone marked but I would expect the qos Policy so mark everything going to that ip space to be marked.
Cisco WAN :: Can ASA5550 Act As A WAN Edge Router
Sep 15, 2011If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 3 Replies View RelatedCisco WAN :: Can ASA 5550 Act As Edge Router
Dec 18, 2011If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 9 Replies View RelatedCisco Switching/Routing :: 4500 Remarking Dscp Value 1 To 0
May 15, 2013I am getting a very strange problem where 4500 switch is remarking the packet with dscp 1 to 0.
Let me explaint the setup. I have two PCs connected on same switch but on different modules. PC1 is conencted to Gi4/19 and PC2 is connected to
Gi2/43. Both the ports has been configured to trust the dscp. Below are the configuration:
interface GigabitEthernet4/19
switchport access vlan 6
switchport mode access
[Code].....
Cisco WAN :: 3560 What Internal DSCP Setting Means
May 29, 2013The Cisco 3560 uses a relatively simple classification scheme, assuming you consider only what happens when the forwarding decision has been made. These switches make most internal QoS decisions based on an internal DSCP setting. The internal DSCP is determined when the frame is forwarded. What internal DSCP setting means?
View 5 Replies View RelatedCisco WAN :: Packet Generator For DSCP Marking 866Vae
Feb 20, 2011My new small router 866vae crashes and makes cold reboots every 20-30 minutes. I updated IOS, but it didn't work. The logs show texts like this:
Possible software fault. Upon reccurence,crashinfo, "show tech" and contact Cisco Technical Support. http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000!ip dns serverip nat inside source list 101 interface Dialer0 overload!dialer-list 1 protocol ip permitmac-address-table aging-time 15no cdp run!access-list 23 permit 192.168.1.0 0.0.0.255access-list 101 permit ip 192.168.1.0 0.0.0.255 anyaccess-list 111 permit udp any eq bootps any eq bootpcaccess-list 111 permit tcp any anyaccess-list 111 permit udp any anyaccess-list 111 permit icmp any any echo-replyaccess-list 111 permit icmp any any time-exceededaccess-list 111 permit icmp any any unreachableaccess-list 111 permit icmp any any administratively-prohibitedaccess-list 111 permit icmp any any echoaccess-list 111 permit gre any any!control-plane!!line con 0login localno modem enableline aux 0line vty 0 4access-class 23 inprivilege level 15login localtransport input telnet!scheduler allocate 60000 1000!end
Cisco Firewall :: Possible Limitation Of ASA 5505 DSCP Markings
Aug 19, 2012following about a limitation on the ASA5505.I have a client that has a number of branch offices on a Gen-I OneOffice network. For complex and political reasons, we can’t trust all nodes on that OneOffice network. We need to put a firewall at each branch office between their local network and the OneOffice router.
To avoid having to either readdress the OneOffice routers (politically difficult) or readdress each branch office (logistically difficult) we’ve suggested using a transparent mode ASA5505 firewall between each sites OneOffice router LAN switch.
Recently I’ve discovered the client is deploying Avaya VOIP phones into the offices using QOS/DSCP over the OneOffice network from Avaya units in some offices. I figured I’d need to trust DSCP on the way though the ASA and went about looking at how to achieve that.
I found the following document relating to configuring QOS on the ASA: url...
This suggests in the DSCP and Diffserv Preservation section that “DSCP markings are preserved on all traffic passing through the ASA.” However, in the Guidelines and Limitations section it suggests QOS isn’t supported in transparent mode.I’m a bit worried that the DSCP markings won’t pass through the ASA5505 in transparent mode.
Cisco Switching/Routing :: Dscp Marking In 2960S
Jul 21, 2012i did on cisco 2960S switch at user ingress interface. but the marking is not showing in show policy-map interface gig 1/0/10 interface and ACL is not showing any match.
I also had a config reference from 2960S cisco guide.
access-list 103 permit tcp any any eq 80
access-list 104 permit tcp any any eq 23
access-list 105 permit icmp host 172.24.68.4 any
class-map IN_HTTP
match access-group 103
class-map IN_TELNET
match access-group 104(code)
Cisco Firewall :: ASA 5510 With Edge Router That Does PBR?
Apr 9, 2011How to configure an Asa that will have a default gateway to an edge router that will be doing PBR? We would like Internet surfing to go out one ISP while internally hosted services in the Asa DMZ would go through the other ISP. configuration examples for both the edge router and the Asa?
View 3 Replies View RelatedCisco WAN :: Possible To Have 2621 As Edge Device Or Pix 515E
Nov 26, 2011I'm trying to figure out the best design for my network. I currently have a setup like this:Internet - Cable Modem - Pix 515E (doing NAT) - 2621 - Internal Network.Now, should I have the 2621 as my edge device or the Pix?
View 6 Replies View RelatedCisco :: 2504 WLC On Edge Network For Guest Wi-Fi?
Jan 21, 2013I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch. I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access. Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
Cisco WAN :: Replacing 6509s As Edge Routers?
Nov 19, 2012We have two 6509 will active/passive sup 720-3BXL cards in each and 1GB DRAM. Each handles full bgp routing table with 4-5 ISP(eBGP) connections. The problem we are facing is.. 6509 were meant for core/aggregation and seam to be wasted are edge devices. With each ISP added the DRAM creeps up to a point were is it 80% utilized.
I am looking to replace both 6509's with routers which were meant to work on the edge. As mentioned earlier, it will have 4-6 external bgp peers per router. Handle full bgp tables. Should be capable of policy based routing.
Cisco WAN :: IPS 4240 On Internet Edge With ASA 5520
Feb 20, 2012setup the Physical connectively of IPS 4240 on the Internet edge with the ASA 5520, how the topology will be
f this a good design with IPS Appliance at nternet Edge
Cisco WAN :: 3750 / EIGRP Stub At The Edge?
Apr 24, 2012I am looking to implement 25 Cisco 3750 switches with IPBASE image at the edge, across many cabinets. I understand I am limited to EIGRP Stub on the 3750 switches (with IPBase) and cannot acheive funding to upgrade to IPServices. Though I am not fully aware on the limitations, in terms of what I am trying to acheive.
Broadly speaking I want to install 2 x 3750 switches at the edge, with point-to-point links to two 6500 core switches (at the data centre) and then have HSRP interfaces on the 3750's, tracking the up links to the core switches. I am presuming this will be the best solution to ensure reliability.My 6500 switches run EIGRP and have many VLANs and other L3 networks advertised, which will need advertising to the 3750 switches. I would be looking to advertise two or three HSRP networks on the 3750 switches, up to the core switches.At the moment, the entire network is Layer 2 (VLANS + STP).
how to configure EIGRP across the 3750 switches and 6500 switches to allow for the 3750's to see the whole network and also advertise back up it's directly connected (HSRP) networks to the core. At the moment, after configuration, none of the switches see each other as EIGRP neighbours but can ping the L3 addresses on each end.
Cisco WAN :: 7204 - Edge Router Choice
Dec 22, 2011We are replacing a DS3 Internet connection with a 100 Mbps fastE connection from a Tier 1 Provider. I currently have a Cisco 7204VXR with 512 Mb DRAM and 128 Mb of Flash and two 10/100 ports that is connected to the DS3. I also have a 3845 with 1 Gb of DRAM and 256 Mb of Flash with two 10/100/1000 ports available.
We are currently running BGP, below is the summary
BGP table version is 88880414, main routing table version 88880414
379041 network entries using 44347797 bytes of memory
379043 path entries using 19710236 bytes of memory(code)
Cisco WAN :: Optimized Edge Routing With NAT 1841
Nov 15, 2005How to successfully implement OER w/ NAT? I will have an 1841 with the 4-port EtherSwitch module that will have 3 cable modems connected and utilizing cisco's OER to utilize all 3 links for outbound Internet traffic. However, I am concerned about NAT. The only other interface used on the 1841 will be the connection to the local LAN (inside). I'm thinking this will require a loopback, but I'm not finding anything on CCO to back me up. Is it possible to just let the CMs do NAT? 1 CM is a static IP and the 2 others are DHCP.
View 2 Replies View RelatedCisco WAN :: Use Router On Internet Edge Rather Than SG-300 Switch?
Aug 21, 2011Apart from the ability to participate in BGP, is there any reason you should use a router on an internet edge rather than the SG-300 switch?
View 4 Replies View RelatedCisco Switching/Routing :: Nexus 7000 QoS Marking For Both DSCP And COS
Jan 29, 2012I have a pair of Nexus 7K's running 5.1(3). I have a handful of edge devices that I need to mark ingress traffic, and need to mark both DSCP and CoS. Right now, I have a working config that marks DSCP appropriately.While that works dor DSCP, the MQC will not allow me to mark both DSCP and COS in the same class, and unlike IOS, it appears that Nexus does not have a default DSCP-to-COS mapping. My understanding is this can be solved using table maps, but I don't see how that can solve my problem in this specific scenario (it appears I can do marking or table-map mutation, but not both?). How I can accomplish both?
View 5 Replies View RelatedCisco WAN :: 3750G - Loss Of DSCP Marking When Routing Between VLANs
Jun 8, 2013I have a 3750G switch running 12.2(44)SE6 my customer has some Cisco EX90 and ex-Tandberg VC units connected to the switch in a dedicated VLAN 600. The switch is then connected to the WAN router which has its own VLAN 6
From sh mls qos interface x/x/x statistics I can see that the traffic is marked by the VC units as DSCP 34 however when I run this command on the interface to the CE router the marking has been lost.
Similarly in the opposite direction incoming from the CE router I can see the marking coming from across the MPLS ok but when I check the output to the VC unit the marking has been lost.
This would indicate that in the process of routing between VLAN's the DSCP marking has been lost.
how to correct this issue. Because my interfaces are in different VLAN's do I need to VLAN based QoS?