Cisco Switches :: 2960 / Priority Queue Out Handling?
Mar 6, 2012
We're testing the reference system shown in the figure below. System Description Four 2960 switches are used for transport;Equipment 1 and Equipment 2 exchange packets for synchronization;To reach synchronization Equipment 1 and 2 must exchange data with a very low jitter. 2960 Configuration details Four our test puprose, we're using 100Mbit/s ports (22 and 23) as trunk.In order to obtain minimum jitter We performed these configurations:We Enabled QoS;We Marked Synchronization packets with CoS 7 and DSCP 63;We marked other kind of traffic inserted in different ports) with CoS 0;We set "trust DSCP" on trunk ports;On the trunk ports we mapped traffic with CoS 7/DSCP 63 (and only this) on output queue 1;We enabled the expedite queue (priority-queue out). QuestionWith these settings we aim at forcing our synchronization packtes to precede other kind of traffic and go from Equipment 1 to Equipment 2 with minimum jitter.Unfortunately we experienced high jitter when both synchronization packets and other traffic are sent through the systems.
I have a Cisco Catalyst 2960 with IOS Release12.2(53)SE (because of a contract I can not update it) -> the release notes for this version describe the following:
When auto-QoS is enabled on the switch, priority queuing is not enabled. Instead, the switch uses shaped round robin (SRR) as the queuing mechanism. The auto-QoS feature is designed on each platform based on the feature set and hardware limitations, and the queuing mechanism supported on each platform might be different. There is no workaround. (CSCee22591)
My config is as follows:
interface FastEthernet0/1 switchport access vlan 200 switchport mode access srr-queue bandwidth share 10 10 60 20 priority-queue out mls qos trust dscp auto qos voip trust no cdp enable network-policy 1 spanning-tree portfastMy question now is:When the priority queue is not enabled with auto-qos because of the software bug is it nevertheless enabled with the additional priority-queue out command?
After opening up Solarwinds NPM, I noticed that a few of my interfaces had lots of discards (who knows how long it's been sets the counters were reset)
interface GigabitEthernet1/0/25description Etherchannel to MamaCassswitchport trunk encapsulation dot1qswitchport mode trunkswitchport nonegotiatepriority-queue outchannel-group 4 mode on
interface GigabitEthernet2/0/25description Etherchannel to MamaCassswitchport trunk encapsulation dot1qswitchport mode trunkswitchport nonegotiatepriority-queue outchannel-group 4 mode on
interface Port-channel4switchport trunk encapsulation dot1qswitchport mode trunkswitchport nonegotiate,It looks as if priority-queue was configured outbound on these interfaces, could this be the cause of the transmit discards which are now up to 79,835, I just reset the counters on the interfaces a little while ago.
I'm not the best in the world when it comes to QoS, we do have some VoIP phones, but they are only a specific network, and do not travel outside, since there are used mainly for VoIP training. I do know both interfaces are running the default of FIFO.
Trying to set-up a priority queue for Voice and Video traffic, below is the current ASA config. The WAN link is 6mb, trying to limit the Internet traffic to 4mb and save 2mb for the PQ, config belowTraffic just isn't hitting the PQ
priority-queue outside queue-limit 512 tx-ring-limit 200 ! class-map Video description Video match dscp af31
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
I am trying to implement priority queuing (LLQ) on a pair of 10GE links between a 4507 with Sup6E and a 4948 which are configured as an etherchannel. I am unable to configure a priority queue on the 4507. I am running into the following issues:
I want to have a priority queue for voice traffic and specify minimum bandwidth for a critical application. If I configure a class with the priority command it will not let me use the bandwidth command on another class unless the priority class is policed. If I try it without the police command I get the message "bandwidth kbps/percent command cannot co-exist with strict priority in the same policy-map ". If I add a police statement to the priority class then I don't get this error.
When I try to apply the resulting service-policy to the physical interface it says "% A service-policy with non-queuing actions should be attached to the port-channel associated with this physical port" and does not add the command to the config.
If I try to associate the same policy-map to the port-channel rather than the physical interface it says "% A service-policy with queuing actions can be attached in output direction only on physical ports" and does not add the command to the config.
All of the other interfaces on the 4500 are working OK. The trunks have auto qos voip trust configured and access ports are marking the critical application traffic.
The 4507 is running 12.2(44)SG1 EnterpriseK9. I don't have the luxury to upgrade blindly to fix the problem unless I can identify a specific bug that is causing the problem.
I've got a LAN with private IPs for the computers, and public, static IPs for the VoIP phones. They are a Hosted VoIP provider, and I want to give priority to the public IPs with my ESW-520-48P switch. How do I implement that in this switch?
I have no roles assigned on the ports and no VLANs setup either. I had tried segregating the VLANs first, but eliminated that route. It's all VLAN 1 now in the switch again. For some reason when I implemented VLAN 100 for voice, voice stopped working on the phones, but data was still fine.
We currently have a site with a very simple topology that uses a 3750X switch stack for a collapsed core. Everyday, the users have a conference call and experience poor voice quality.Its not bad when users call from several conference phones, but when everyone calls in on individual phones, there is choppy and almost inaudible voice quality experienced. The voice traffic flow would be as follows: Phone <-> 3750 switch <-> Voice GW We have packet captures showing that RTP packet loss is occuring from the phone to the voice gateway, but none from the voice gateway to the phones. We also have drops in the output queues that match drops on the asics. I can reset the counters and they will be clear until the call, and then they increment significantly during the call. The voice gateway and phones are non-Cisco. The switch stack has 6 switches. We are trusting the DSCP settings on the phones. All the queue drops from the phones are usually in queues 0-3, but all drops on the voice gateway is in queue 0. Below are the QoS settings; they are mostly default and we have not changed any queuing, thresholds, or buffers. Should we specify larger buffers and threshold for a designated queue and send EF traffic to that queue?
MySwitch#sh mls qos QoS is enabled QoS ip packet dscp rewrite is disabled Typical Port GigabitEthernet1/0/4 trust state: trust dscp
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
I have a 2960S switch and nine (9) 300 switches. I have three VLANs configured on them, data, voice and management. Each 300 has unique data and ovice VLANs corresponding to their locations. All of the 300 switches connect to the 2960 in a hub and spoke network topology via 802.1q trunks. I can access devices between switches on the data and voice VLANs fine from any other switch. My issue is that from any 300 switch I can access the 2960 management VLAN interface without a problem, but I can not access the 300 switch management VLAN that I am connected to from the CLI. I do not use the GUI at all for management.
My current modem, the Arris DG860, when in router mode, handles uTorrents set to 1500 max connections fine, same with my FIOS Actiontec router at my work. However, I just bought a DLink DIR655 router (which I thought I researched properly to be great with torrents) and it crashes even with max connections set to 300 in my client.
Tempted to return the thing and get a better router, any great wireless router that has awesome range and can handle lots of torrenting?
I know that it's possible on the CSS to handle multiple incoming HTTP requests that terminate on the same IP address and port and balance them to various servers based on the url. For instance, I can set up URL at the same 192.168.35.12 address in DNS, and set up two different content rules:
content cats vip address 192.168.35.12 port 80 url "//www.cats.com/*" add server cats1 add server cats2 active
content dogs vip 192.168.35.12 port 80 url "//www.dogs.com/*" add server dogs1 add server dogs2 active.
Easy and straightforward.
But what if I want to add SSL handling for URl. I'm not sure how to create the ssl-proxy-list where one content rule (ip address/port) combination needs to pass through the ssl module and get matched with the proper ssl certificate.
Can this be done? Can one associate multiple certs and keys with a single ssl-server entry and a single ssl accelerator service? Or do I have to create multiple ssl-proxy-lists for cats and dogs and build multiple ssl services each referring to a unique ssl-proxy-list, and then use the url parameter in the https content rule to determine which ssl service (and therefore which key/cert pair) gets the traffic?
We have a Terminal Server through which everyone access their outlook. To avoid any impact on its performance, we have disabled the IE in it. Everyone access the terminal server using the Remote desktop.For the above mentioned setup, is there any way to make the weblinks in the remote machine to get open in the main machine? Main Machine or the Local Machine runs with Windows 7 OS.
I've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?
I'm living in a house with 6 people on 2 floors, and the router isn't handling all the traffic well. I have an extra router that might be able to serve as an wireless access point, but from what I've been told that wouldn't solve anything if the problem was that the first router doesn't have the capacity for that much traffic. It's a 50+ dollar wireless N router though and fairly new (forgot the model number)
I have an SSL VPN set up on my ASA 5520 with a self signed cert. When I run the AnyConnect install on my desktop machine I have click through a few windows to accept the certificate. When I connect through the mobile client on Android, the connection goes right through without a prompt to import/choose/download a certificate. I'm able to connect but I'm wondering if the phone has actually recieved a certificate. I'm in the 'Advanced Connection Editor' screen and the certificate setting says "Automatic".
I would like to as you that i have swiches 2960 (10Unit) and switches 3560 ( 3 unit) and router 2821 ( 1 unite) and AP( 10 unit).So do you know software can manage all those product? Like monitor switch up or down, manage configure, check performance.
Is it possible to run VTP V3 on 2950 and 2960 switches. If so what version of IOS supports V3? Our 2960s are running 12.2(25r)SEE1, and 2950s are running 12.1(22)EA4a. Neither of which supports v3.
1) What will be the extension of MIB file ? *.mib or *.my 2) I am running with 12.2(25)SEB IOS .Is thre any dependency with IOS for downloading MIB file. 3)I have 3560 switch and 2960 switch. Is thre any difference in the MIB file extension.
I have to setup my first flex stack and wanted to make sure I do it right. I have the physical aspect of the stack down. From what I gathered I have to setup the master switch as the highest priority and then provision the other two switches. But I have configs on the other two switches, do I have to delete them? And do I have to setup individual ips for the two slave switches, because from what I saw the master switch is the only one with an ip address? The master switch is a poe 2960S-48LPS and the two other switches are 2960G-48TD
We had a new building thats gone up and complete now and we're trying to get a ip phone working down that end of the school on a vlan. We seem to be having trouble with the VLAN going through on the 2960 switch but it works fine on our core 3560 switch.
There looks like a slight variation in the config of the switches, the 3560 switch supports the "switchport trunk encapsulation dot1q" command on the interface where as the 2960 doesn't support the "switchport trunk encapsulation dot1q". Is this why the vlan is working on the 3560 and not the 2960, or is it something else?
Both switches are using the 12.2 IOS
Heres the trunk port configured on the 3560 going down to the new building and connecting into the 2960 with a 1gbit fiber link
interface GigabitEthernet1/2 description 3560X Port UpLink as Trunk Mode switchport trunk encapsulation dot1q switchport mode trunk udld port storm-control broadcast level 60.00 spanning-tree guard root
Heres the trunk port configured on the 3560 going to a Linksys switch which then connects to the DHCP server (The other end of the 3560 is also configued as trunk)
interface GigabitEthernet0/6 description Edge Switch port for clients switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast
Heres the working vlan port on the 3560, the ip phone is able to get an ip and ring all other phones etc
interface GigabitEthernet0/7 description Edge Switch port for clients switchport access vlan 2 switchport mode access spanning-tree portfast
Ok now heres the config for the 2960
Heres the trunk port configured on the 2960 going back upto the 3560 switch
interface GigabitEthernet1/0/25 description Port UpLink as Trunk Mode switchport mode trunk udld port storm-control broadcast level 60.00
Heres the access port configured on the 2960 which isn't passing on vlan information. Is there another command i need to use to enable encapsulation as dot1q?
interface GigabitEthernet1/0/19 description Edge Switch port for clients switchport access vlan 2 switchport mode access spanning-tree portfast
I am unable to input the command "ip flow-cache timeout active 1" to my cisco 2960 and 4948 switches. But i am able to do so in my cisco 6500 series switch. Hence how do i enable netflow on both 2960 and 4948 devices?My 2960 and 4948 are L3 switches. What commands or additional hardware module are required.
We have 3 layer LAN architecture, layer 1 of 6500(IP routing), layer 2 of 4500(L2 switch only), layer 3 of 2960(L2 Switch)In a Single (2960 and 4500) Switch Port Avaya IP phone and PC are connected.Now, the requirement is that, Qos need to be configured for Voice traffic and Data traffic should be in default class of service.We plan to use COS value in Switch 4500 and 2960. We made a sample configuration as below
### For 4500 Switch class-map match-all VOIP-Access-2MB match cos 3 5 class-map match-all VOIP-Uplink-20MB match cos 3 5
[code].....
check these configurations are correct as per standard and if there is any other method of configuration?What need to be configured in L3 Switch(6500)??In 2960, it doesn't support ingress QoS, what impact it will make when compare to 4500? do users experiance any difference?
I have a 2960 and a 2811 with a hwic card I have one port set as 100 meg and another port set at 10 meg. Both are set to access mode. i need one port for failover (10 meg) . I can't do ether channel on the hwic. How do I prevent a loop when I connect my second connection. While having both connections up. Should I use bpdu guard? the goal is to have one port fail over if the 100 meg goes down. And I'm currently running ospf so it should take the faster connection.
I have a Catalyst 2960 switch (2960-8TC-L) and running Software version 12.2(53)SE1.I mange to configure SSH to the switch and add addition user as well.Now I need to configure this switch password less log in with public key SSH authentication.
I configured several Linux servers and Workstations for the public key SSH authentication.So far I could not figure out how to do this in CISCO switch. Following link {URL} how to do this.But ip ssh pub key- chain command never work showed invalid command.
Thinking of getting one of those 8-port 2960 for a CCNP study. Is the difference between the C2960-8TC-S and the C2960-8TC-L models in Hardware, or in IOS? or both? And if it's in IOS, is the S upgradable to L?
Company I work for just moved into a new location. We have two data closets which are patched as independent entities, with no Ethernet tie connection. These closets are roughly 100 feet apart.
There is a fiber connection that runs between both closets, that the previous tenant used to connect the switches. I have placed a Cisco 2960 switch in each location, and added one mini SFP gbic's to each switch. After attaching both sides, neither light up. I do a sh inter gig1/0/49 on each and shows 'down down' (not admin down).
What is the trick on getting these to communciate, do I need to configure these ports, and are they supposed to light up?
What I am trying to accomplish is to get the one closet that is completely cut off, communicating by logically stacking, or 'daisy chaining' via fiber.
I turned off the lights and popped the fiber out, and I do see a faint red light (I did not look straight into it), so I think the fiber is active.
I have 4506e core switch to which 10 other 2960 switches are connected.I want to upgrade thier IOS. how can upgrade it, can I upgrade it one by one or all at a time?
I am having a problem in connecting two Cisco 2960 Switches between two different buildings using Cisco WLC 2504 & 3 Wireless 1552S APs.
- One AP is directly connected to Switch - 1 where WLC is connected and serving as a RAP
- Another one is working as Mesh in the field.
- Third one is a Mesh Access Point wired to another Switch - 2. (Bridging is enabled)
All the APs, WLC & switches are in the same network 10.3.x.x subnet mask : 255.255.240.0?WLC is working with default management interface whereas switches are having VLAN1 configured as default VLAN.All the port for the switches are Trunk ports?Once i am trying to ping the RAP or any MAP from Switch - 1 I am sucessful but once i am pinging Switch - 2, its not replying. Similar is that case from Switch - 2 side.
