Cisco Switching/Routing :: 3945E - Bandwidth Percentage For Nested Policy Maps
Jul 15, 2012
I'm trying wrap my head around bandwidth guarantee for nested maps. I tried adding a new class to two of my policy-maps today, and got this error: 3945E-1(config-pmap-c)#bandwidth 3000 Insufficient bandwidth 3000 kbps for the bandwidth guarantee
I'm not sure how it knows that with the nested maps and how it's computed. I have a 100mb WAN connectin going to 19 branches. I have a class-map that identifies traffic to the individual branch and within that class, a policy-map is applied to prioritize voice over video etc.
Here's the QoS setup:
class-map Branch1-Policy
match access-group branch-1-acl
*
*
[code]....
I was adding the Video-Conf class to both Traffic-6calls and Traffic-10calls when I got the above error. How would that percentage be calculated? I know by default i can only reserve up to 75% of interface bandwidth. The platform is 3945E running 15.1(3)
View 1 Replies
ADVERTISEMENT
Jul 18, 2011
I have a requirement to provide stats on a per-department, per-destination basis between sites. If I take Voice as an example I have 5 child classes referring to the 5 departments each matching EF and a particular access-list that matches the department's subnet. I tie these 5 child classes into a parent Voice class-map.
Now when I issue a "show policy-map interface" command I see stats for the parent class-map only whereas I would expect to see a breakdown for each of the child classes which is what is required.
I am doing this on an ASR1002 running 3.2.2.
View 1 Replies
View Related
Sep 6, 2012
Im having a (from google-fu) seemingly unique issue with load balancing. So for background, I am running the ACE 4710 device in "on a stick" mode, so I am using NAT and all that good stuff. I am also utilizing class maps and host header matching so I can save on IP space. [code]
Basically, as soon as I add that ACL_CLASS_beta.mainsite.com class map, all I get back from the ACE is RST packets and it comes back with an L7 LB Policy Miss.
It SEEMS like it should work, but it doesnt seem to like matching on those source addresses at all.
View 1 Replies
View Related
Jan 16, 2012
I'm trying to configure a zone-based firewall on an SR520 and am confused about the 'not' criterion. The 'zone-design-guide' says (my stress): Class- maps define the traffic that the firewall selects for policy application. Layer 4 class-maps sort the traffic based on these criteria listed here. These criteria are specified using the match.where my intention is to let only LAN hosts with IPs in the range 192.168.1.1 to 192.168.1.7 out through the firewall. There may be an easier way of doing this which I'd be pleased to hear about. But, even if there is, I'd also be interested to know what I'm doing wrong in the above.
View 0 Replies
View Related
Feb 16, 2012
I have a 3750 switch and I am trying to configure PBR (route-maps) in it.But when I try to apply the policy to a vlan interface the policy does not show in the interface.So I can not use PBR to choose my default gateway!Question: Does PBR work in a 3750 switch? Can PBR be configured in a vlan interface? There is any problem with the IOS that I do not know?
View 5 Replies
View Related
Feb 6, 2013
I have a Cisco 3750 stack with 5 members.
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 24 WS-C3750G-24T 12.2(55)SE6 C3750-IPSERVICESK9-M
2 24 WS-C3750G-24T 12.2(55)SE6 C3750-IPSERVICESK9-M
* 3 24 WS-C3750G-24T 12.2(55)SE6 C3750-IPSERVICESK9-M
4 52 WS-C3750G-48TS 12.2(55)SE6 C3750-IPSERVICESK9-M
5 52 WS-C3750G-48TS 12.2(55)SE6 C3750-IPSERVICESK9-M
I have recently set the sdm prefer template to routing to allow route-maps and rebooted the stack:
3750GCORE#show sdm preferThe current template is "desktop routing" template.The selected template optimizes the resources inthe switch to support this level of features for8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K number of IPv4 IGMP groups + multicast routes: 1K number of IPv4 unicast routes: 11K number of directly-connected IPv4 hosts: 3K number of indirect IPv4 routes: 8K number of IPv4 policy based routing aces: 0.5K number of IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 1K
I still cannot apply a route map to a vlan interface however:
I have preconfigured the route map as per below to take traffic from one particular client and pass it to the inside interface of our ASA firewall:(yes i know 192.9.0.0 is a public network, its an inherited problem that is in process of being remedied!)
ip access-list extended TEST
permit ip host 192.9.216.234 any
permit icmp host 192.9.216.234 any
permit tcp host 192.9.216.234 any
route-map TEST_MAP permit 9
match ip address TEST
set ip default next-hop 192.9.201.10
When i do the following I get this error from debug:
3750GCORE#config t
Enter configuration commands, one per line. End with CNTL/Z.
3750GCORE(config)#int vlan 216
3750GCORE(config-if)#ip policy route-map TEST_MAP
3750GCORE(config-if)#
007804: Feb 8 03:16:55: %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map TEST_MAP not supported for Policy-Based Routing
when I show the running config, the route-map is not there.3750GCORE#show running-config int vlan 216Building configuration...Current configuration : 205 bytes!interface Vlan216
no ip redirectsip directed-broadcast 101end
why TEST_MAP is not supported?
View 2 Replies
View Related
Dec 1, 2011
I have a question concerning about how many ospf and bgp route entries does 3945E isr g2 router support?
View 6 Replies
View Related
Feb 12, 2012
i want to create a trunk between 4507 & 3945E router & route two vlans from router 3945E
4507# vlan 99 & 51
# int vlan 99
# ip add 10.22.100.1/24
#int vlan 51
# ip add 10.22.103.1/24
[code].....
4507 version : IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)
3945E: 15.1(2)T4 what I am missing?
View 3 Replies
View Related
Jan 3, 2013
I've done a similar solution before where I put bandwidth inherit on the Dialer interface of the CPE and it inherited the ATM interface speed (the upload sync rate) and prevented the CPE from maxing out and hitting hardware queuing in the DSLAM. I can't seem to find a way to do this downstream from our ASR1K to the customer though.
Platform is ASR1001 with IOS 3.7.2 or 15.2(4)S
Problem description:We have many xDSL users (ADSL2+ and VDSL2). They all sync at different speeds depending on how far they are from the DSLAM.
Example:
Customer A might be connected at 40000kbps/10000kbps (VDSL2)
Customer B might be connected at 5000kbps/600kbps (ADSL)
When they connect and the PPPoE session comes up, the bandwidth on the Virtual Access Interface is equal to the customer's downstream sync rate, so Customer A's virtual access interface, Virtual-Access 2.13 will say 40000kbps, and Customer B's virtual access interface Virtual-Access 2.39 will say 5000kbps.Using RADIUS, we apply a sub-qos-policy-out to the PPPoE session.I want to shape the customer to 80% of their sync rate so that we do not hit interface congestion in the DSL network which makes VoIP perform poorly.I cannot use an absolute value for the shape, because the sync rate varies for each customer.The problem I have is at present the policy-map is using the interface bandwidth of Gi0/0/1 (1Gbit) instead of the bandwidth of the Virtual Access Interface. Therefore the customer is being limited to 800Mbit which means the QoS policy will never take effect.
RADIUS Config Below:
cisco-avpair += ip:sub-qos-policy-out=QOS-POLICY-OUT-PARENT-DSL
Class Maps
class-map match-any QOS-CLASS-VOIP-RTP-DSL
match protocol rtp audio
match access-group name QOS-VOIP-RTP
class-map match-any QOS-CLASS-VIDEO-RTP-DSL
[code].....
View 5 Replies
View Related
Jul 27, 2011
We have a Service Policy rule setup on our 5510 for SMTP traffic.
Problem is, this week someone sent a larger email 20+mb to dozens of recipeints and the outside interface was hitting 10mb, which is not what I would have expected with this rule in place, so I'm questioning the configuration. We know it was email because I disabled the server that receices our outbound mail to apply a signature and the traffic dropped immediately.
View 2 Replies
View Related
Apr 19, 2012
Cisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies
View Related
Mar 6, 2012
When mutiple Policy based routing configured on 7600 routers, did the router performace degraded with the number of policy based routing rules?Also, did 7600 running 12.x use per-flow based routing or per packet based routing?
View 1 Replies
View Related
Feb 26, 2012
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
View 3 Replies
View Related
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Oct 17, 2011
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
View 5 Replies
View Related
Jan 28, 2013
In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
View 16 Replies
View Related
Apr 17, 2012
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
View 16 Replies
View Related
Sep 5, 2012
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
View 10 Replies
View Related
May 10, 2012
I have problem while implementing policy based routing with a firewall. Let me explain in detail.
I have 2 remote site(Site A-small , Site B - Big) , Site B is connected with HQ with Tunnels 1 and 2 , Site B and Site A is connected with Tunnel 9941.
What I want is: Scenirio for Communication :
1)Site A--------->VPN Router Site B-----------> FW-------------->VPN Router Site B------------------>Central Site
2)Central Site--------->VPN Router Site B-----------> FW---------->VPN Router Site B-------------->Site A
3)Site B--------->FW-------------------->VPN Router Site B------>Central Site
4)Central Site--------->VPN Router Site B-------------------->FW------>Site B
5)Site A--------->VPN Router Site B-----------> Site B(no firewall)
6)Site B--------->VPN Router Site B-----------> Site A(no firewall)
Tunnel 1: 10.13.199.1-2
Tunnel 2: 10.13.199.1-2
Tunnel9941: 172.22.99.1-2
Site A LAN- 10.99.41.0/24
Site B LAN- 10.99.0.0/16
Central LAN - 10.18.0.0/16
View 4 Replies
View Related
Mar 11, 2012
I am having a problem with PBR done on a 7604-S router - It seems like it is not done in harware. I have an Iperf client and an Iperf server, and would like to test the performance of 7600 router for PBR, supervisor is RSP720-3C-G and used interface card is 7600-ES20-GE3C ESM20G.
I have read numerous discussions about PBR that is supposed to happen in hardware when you use it with matching access-list and set ip next-hop.Although, when I start the iperf, the 7600 cpu is hitting the 80-90 % boundary, and transfer bandwidth can't go over 120-130 Mbit/s.The IP Policy is applied on an interface part of vrf ONE maybe this is casing the problem... ?
The diagram and configuration follows:
Configuration:
c7604#sh run
boot system flash disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin
!
ip vrf one
[Code]...
View 8 Replies
View Related
May 23, 2012
I want to send a particular data stream (source-A destination-B) through only one of two WAN routers to a remote site. The remote site also has two WAN routers. Traffic from source-A will travel through a core and distribution layer of 6500 L3 switches, running 12.2(33)SXH8, to the WAN routers which are two ASR1006s. The remote end is the same - two ASR1006 WAN routers to 6500 distribution and Core L3 switches. All 6500s are L3 uplinked to each other and to the WAN routers. All traffic from the local site to the remote site routes throuh only one of the two WAN routers. I want to move only traffic from source-A to source-B to the second WAN router to the remote site.
Would it be best to use policy-based routing or an offset list of some sort to accomplish this? I've done PBR before where you just hand off traffic described in an ACL to a particular outbound port and basically hand carry the traffic to a point in the network where EIGRP prefers the route you want.
View 4 Replies
View Related
Jan 8, 2012
I've been implementing a setup where a remote office has a Cisco 1900 router. There are 2 GRE/ IP SEC tunnels to the headquarters, 1 over public internet, 1 over a private cloud. Because of some MTU issues we have to clear the DF bit for some of the traffic, but we also want to use PBR to send https traffic over the "public internet" tunnel and the rest of the traffic over the "private cloud" tunnel. I'm able to clear the DF bit and to do the PBR with route-maps, but I'm not able to implement both functionality at the same time.
View 1 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Dec 2, 2012
I have 2 ISP connected to Router A and Router B.Both the routers are connected to the core 3750 switch.. I want to send the traffic from the switch that goes to router A to router B..[code]
View 10 Replies
View Related
Mar 6, 2012
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies
View Related
Nov 18, 2008
I have a 3750g on which I am trying to configure the ip policy route-map command on each of the vlan interfaces. However after entering the command it does not appear. I'm not sure what to do at this point. I have changed the SDM template to routing and I am running the IPServices image.
View 2 Replies
View Related
Sep 27, 2012
We have a metro Ethernet service, basically our WAN connection, that we use to connect 4 sites. This MOE service has a CIR of 200 Mbps, connected to a port on a 3550-12T running Version 12.1(22)EA5 at 1000 Mbps. We are exceeding our CIR at times during the day for short bursts which is causing the MOE switch to drop packets, which I suspect I am seeing manifest itself in some choppy VoIP conversations and dropped ICMP packets from our network monitoring software. I implemented policy maps to apply an outbound service policy to the interface connected to the MOE service, but I am not seeing any matches to the access lists or the service policy. I’m not sure if I am missing something or perhaps the IOS is not capable?
Below is the config for the service policy and some command output. Notice that there are hits on a statndard access list that is used for other purposes, but the extended access lists used for the class maps have no matches.
!
class-map match-all REALTIME
match access-group name REALTIME
[Code].....
View 4 Replies
View Related
Jun 10, 2010
I try to enter the command "ip policy route-map" on 3750's interface. But the command doesn't appear. Why? Whereas I see several times that this command is possible on this switch. What I have to do to enter this command?
View 3 Replies
View Related
Jun 9, 2013
ON switch 6500 i have configured an interface vlan x and applied policies on inboud and outbound directions as per below: [code] But the problem i am facing is that the policy outbound works ok , but the policy inbound doesnt work at all. specifically it doesnt match anything. [code]
View 1 Replies
View Related
Apr 22, 2012
i have a Layer3 Switch Cisco WS-c3750G -24T , initially i have a IOS version c3750-Ipbase , recentely i have upgraded my IOS to c3750-Ipservices-M to enable to PBR for my network , i have created all the acl and tried to give the route-map with PBR , the command was initiallying but i am not able to see the applied route-map in my policy route , i have gone through the blog and enabled SDM prefer routing , but no luck .
View 1 Replies
View Related
Jul 24, 2012
I'm unable to apply a policing limit in a switchport of the CISCO861 router. This is my configuration:interface FastEthernet0, service-policy input wired-input,service-policy output wired-output end.
View 3 Replies
View Related
Mar 21, 2013
I got this 3640, trying to apply a service-policy (output and input), but seems like I do it something wrong...because he only apply the output policy... here the config, I already try to config the service police inside the fa0/0, but is not showed at all, he only show the output, its like I never apply that
View 1 Replies
View Related
Feb 18, 2012
I am trying to do policy on the interfaces of my switch WS-4507R, below the configuration I used to shap the traffic to 1 Mbps. However, when I tested it the traffic excceded the 1 Mbps.
class-map match-all 1MB
match access-group name 1MB
!
policy-map 1MB
class 1MB
[code]...
how I can restrict my bandwidth on the interface on 1 Mbps.
View 2 Replies
View Related
