When mutiple Policy based routing configured on 7600 routers, did the router performace degraded with the number of policy based routing rules?Also, did 7600 running 12.x use per-flow based routing or per packet based routing?
View 1 Repliestoday i installed new router 7600 , but im facing some thing the cpu is increasing and it reached 50 % and still increasing as the bw dissipated is increasing .im applying ip policy which set next hop for many internet source my question is , how to know the cu percentage which is used by this ip policy , also , how to know the percentage by access-list ??
View 4 Replies View Related1)For 3650X I found some contradiction in the Q&A about feature set LAN Base vs IP Base:
LAN Base: Can I do static IP routing ?
LAN Base: SVI => is this for intervlan routing ?
2)For 2960, there are 2 flavors (LAN lite and LAN BASE) Q: Can I do static routing on one of these flavors ?
I have a WS-C3750X-12S-S (IP Services) that I THINK I'd like to downgrade to LAN Base so I can stack it with a WS-C3750X-48T-L that is already LAN Base..
View 4 Replies View Relatedcan we upgrade 2960 switch from Lanbase IOS to IPbase
View 4 Replies View RelatedI want to ask about cisco 7600 model is it a switch or router or layer3 switch or Multilayer switch ?
here is the sh version :
===================================
Gateway7600#sh version
Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-ADVENTERPRISEK9-M), Version 15.2(1)S, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Sun 27-Nov-11 15:27 by prod_rel_team
[code]....
I have a stack of 2 x 3750X switches these are running 12.2(55)SE5. I needed to add some static IP routes and found that the ‘ip routing’ command is not supported. I came across a document that stated “On switches running the LAN base feature, static routing on VLANs is supported only with Cisco IOS Release 12.2(58)SE and later.” So I have upgraded to 12.2(58)SE2, but ‘ip routing’ is still not a valid command.
The release notes state:“On the Cisco Catalyst 3560-X and 3750-X Series, it adds support for 16 static IPv4 routes in the LAN Base image.”
I have read other posts that talk about running the ‘sdm prefer routing’ command which I have done, but I am still unable to add any routes or run the ‘ip routing’ command.
We have purchased a number of 2911 routers.We got Base & security license as we wanted to enable encryption. However we probably wont use the security.We are replacing 2811 routers.Unfortunately the 2811 routers have FXS ports with 2 - 4 POTS handsets - I completely forgot about these ports when I was ordering.Now I have VIC3-FXS cards which are ok in the 2911 but unfortunately I cant get them to work.I am missing PVDMs (well adapters anyway), and even if I got them the router wont take any commands relating to voice due to the license.Is is possible to 'rehost' the security and turn it into a UC ?I am new to these 2911 and Licensing.
View 1 Replies View RelatedI have a new 861 router which I have connected to my home broadband cable modem. Got it all working okay and I have access to the Internet but its not as fast as it is if I connect my laptop to the modem.
My Internet is 60mb (was 100 but I downgraded). When I cannot my laptop directly to the cable modem, I get 60mb download speed on speedtest.net If I connect the router's WAN port back to the modem then I roughly get about 40mb, sometimes even 50.
I do not have any IOS firewall configured on the router, just basic ACLs to stop SSH and TELNET from public networks. If I do enable firewall then my Internet connection halves itself. I have read around that this is the case with ios firewalls on these small routers so I've disabled the firewall but I still don't know why I cannot get full Internet speed.
we are using 7609 router. it forwarding traffic to wards my firewall which was not allowd in my router. when ever im checking for routes in router using show ip route x.x.x.x its showing SUBNET IS NOT IN TABLE, but in workmy firewall dropped connection i can able to see that networks.
View 2 Replies View RelatedCisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies View RelatedIf client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
View 5 Replies View RelatedIn our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
View 10 Replies View RelatedI have problem while implementing policy based routing with a firewall. Let me explain in detail.
I have 2 remote site(Site A-small , Site B - Big) , Site B is connected with HQ with Tunnels 1 and 2 , Site B and Site A is connected with Tunnel 9941.
What I want is: Scenirio for Communication :
1)Site A--------->VPN Router Site B-----------> FW-------------->VPN Router Site B------------------>Central Site
2)Central Site--------->VPN Router Site B-----------> FW---------->VPN Router Site B-------------->Site A
3)Site B--------->FW-------------------->VPN Router Site B------>Central Site
4)Central Site--------->VPN Router Site B-------------------->FW------>Site B
5)Site A--------->VPN Router Site B-----------> Site B(no firewall)
6)Site B--------->VPN Router Site B-----------> Site A(no firewall)
Tunnel 1: 10.13.199.1-2
Tunnel 2: 10.13.199.1-2
Tunnel9941: 172.22.99.1-2
Site A LAN- 10.99.41.0/24
Site B LAN- 10.99.0.0/16
Central LAN - 10.18.0.0/16
I am having a problem with PBR done on a 7604-S router - It seems like it is not done in harware. I have an Iperf client and an Iperf server, and would like to test the performance of 7600 router for PBR, supervisor is RSP720-3C-G and used interface card is 7600-ES20-GE3C ESM20G.
I have read numerous discussions about PBR that is supposed to happen in hardware when you use it with matching access-list and set ip next-hop.Although, when I start the iperf, the 7600 cpu is hitting the 80-90 % boundary, and transfer bandwidth can't go over 120-130 Mbit/s.The IP Policy is applied on an interface part of vrf ONE maybe this is casing the problem... ?
The diagram and configuration follows:
Configuration:
c7604#sh run
boot system flash disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin
!
ip vrf one
[Code]...
I want to send a particular data stream (source-A destination-B) through only one of two WAN routers to a remote site. The remote site also has two WAN routers. Traffic from source-A will travel through a core and distribution layer of 6500 L3 switches, running 12.2(33)SXH8, to the WAN routers which are two ASR1006s. The remote end is the same - two ASR1006 WAN routers to 6500 distribution and Core L3 switches. All 6500s are L3 uplinked to each other and to the WAN routers. All traffic from the local site to the remote site routes throuh only one of the two WAN routers. I want to move only traffic from source-A to source-B to the second WAN router to the remote site.
Would it be best to use policy-based routing or an offset list of some sort to accomplish this? I've done PBR before where you just hand off traffic described in an ACL to a particular outbound port and basically hand carry the traffic to a point in the network where EIGRP prefers the route you want.
I've been implementing a setup where a remote office has a Cisco 1900 router. There are 2 GRE/ IP SEC tunnels to the headquarters, 1 over public internet, 1 over a private cloud. Because of some MTU issues we have to clear the DF bit for some of the traffic, but we also want to use PBR to send https traffic over the "public internet" tunnel and the rest of the traffic over the "private cloud" tunnel. I'm able to clear the DF bit and to do the PBR with route-maps, but I'm not able to implement both functionality at the same time.
View 1 Replies View RelatedWe have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies View RelatedI have 2 ISP connected to Router A and Router B.Both the routers are connected to the core 3750 switch.. I want to send the traffic from the switch that goes to router A to router B..[code]
View 10 Replies View RelatedI need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies View Relatedhow can I clear the counters of the policy-map statistics in an 7600 and the 1841 router?
View 6 Replies View RelatedI have Cisco 7609 router and we have observed that router is rebooted due to the following error ;SLOT 3: Apr 13 16:06:26.621: %CARDMGR-2-ESF_DEV_ERROR: An error has occurred on Egress ESF Engine: Control Store Parity Error SLOT 3: Apr 13,Slot -3 we have SIP-400 card. We would like to know if there is any MIB which can monitir such reboots.
View 1 Replies View RelatedI am trying to bridge the traffic(including different vlan traffic) from rtrA to rtrB using "bridge-group" functionality.I achived the same using a 7200 using the below configuration. [code] When I tried the same using 7600 router ping failed between rtrA and rtrB. Then from the documents it seems "bridge irb" is not supported in 7600.Is there any other way we can achieve the same fuctionality ( eg: using switchport also fine) ?
View 3 Replies View Relatedi try newest ios 15.1(3)S0a and 12.2(33)SRE
in both case some times i obtain lowing traffic on interface and highest cpu - to 100%
after clear cef linicard i obtain growing traffic and cpu 0%
#sh proc cpu s
CPU utilization for five seconds: 87%/83%; one minute: 91%; five minutes: 96%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
7 1711512 87883 19474 4.06% 0.84% 0.89% 0 Check heaps
[Code].....
I´m looking for an IOS on a 7609 SUP720/MSF3 that supports the NAT-PT feature (IPv4 to IPv6 translation). I searched on the Cisco Feature Navigator but the tool didn´t show up any IOS for the 760x platforms. I only got the feature "NAT-PT: Support for Overload (PAT)" with IOS 15.xS train.
View 2 Replies View Relatedi have cisco 7600 router , here is show run : Gateway7600#sh run Building configuration...
Current configuration : 4787 bytes
!
! Last configuration change at 09:08:04 UTC Sat Apr 20 2013 by xxxx
!
version 15.2
service timestamps debug datetime msec
[Code]....
I have Cisco 7606 and wanted to test whether Cisco can drop frames due to invalid v lan ether type . i have configured the ports as
interface GigabitEthernet5/1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet5/2
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
I have configured port also with encapsulation trunk dot1q ether type 88a8. i injected traffic with v lan ether type 0x8100. I expected to see drop traffic , however traffic passed in port to port.
I would like more information of performance to 7600 router with the SP-720, how many sessions full bgp routing it supports? I have 4 links 1 GB and a throughput of 900 MB.
View 4 Replies View RelatedWe will deploy several 4507 with 2xsup7 as a L2 access switches for our office.Does LAN_Base IOS version support SSO or we need purchase IP_Base IOS (L3)?
View 1 Replies View Related