I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
[1] sh run | in mls
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL) The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume. The MPLS forwarding table is very small however. [code]
I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl" There aren't any ACL's applied to any of the interfaces, or policy-maps. The only ACL's in use are for SNMP, ntp, and VTY. These are very small any way. Interface Gi1/22, and 1/1 have tag switching enabled. [code]
The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer. The CPU utilisation seems fine, as is memory usage. CEF seems to be running okay. It's currently running [code] Are prefix lists part of TCAM? Is the router over-resourced holding a full bgp routing table?
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
I've got an issue with SNMP and netflow tools. They are displaying different data for the same (sub)interfaces.I've got metroethernet link which connects root A (Cisco 7606, 12.2(18)SXF8) and root B (Cisco 2811, 12.3(11)TS). MPLS is configured on the link (behind root B there is no more MPLS). I'm attaching root configurations (I've ommited parts of config).Interfaces are:
Root A - gi2/6.2144 Root B - fa0/1
I've configured SNMP and netflow on both devices. I'm using two SNMP tools (CA Spectrum and eHealth) and two netflow tools (CA NetQoS Reporter Analyzer and Fluke Networks NetFlow Tracker) to collect the data. SNMP tools show the same info for defined (sub)interface.Netflow tools also show the same info for defined (sub)interface. I'm attaching reports from one SNMP tool and one netflow tool for the same time period.
1. Looking at SNMP tool, it can be seen quite amount of that data in both in and out direction. 2. Looking at netflow tool, it can be seen quite amount of that data in out direction, while in direction shows small amount of data.
I'm aware that Cisco has difficulties with SNMP counters on subinterfaces. I'm also aware that MPLS netflow has its own difficulties.Root B netflow configuration is quite simple as it has just 2 interfaces to configure netflow on (Fa0/0 and Fa0/1). So I would guess SNMP and netflow data should match, but they don't. When you look at SNMP tool reports for roots A and B, it can be seen that traffic volume is practically mirrored.
I'd like to know what is "masks" in the output of show platform tcam utilization. What does 784 mean? What effect has the number of mask in the amount of supported unicast direct routes?
I'm having trouble comparing the capacity of theese two switches, regarding unicast directly-connected routes. I know the second switch has cpu utilization issues and ip unicast failed routes over 4096 arp entries. What would be the case for the first one?
Switch 1:
CAM Utilization for ASIC# 0 Max Used Masks/Values Masks/values
Unicast mac addresses: 784/6272 12/26 IPv4 IGMP groups + multicast routes: 144/1152 6/26 [Code]...
I've created a BVI2 where I bridged dot11 0.2 and vlan2 in order to have wired and wireless clients in the same vlan.Some wired client are not reachable from the lan. Wireless clients have no pbl in reaching each other.Monitoring a MAC address that is supposed to be behind the FA2 I have noticed that it moves to vlan2 when in fact it should be behind the FA2.Of course when "show mac-address-table" says it is behind Fa2 the ping to that MAC address works whereas when the TCAM reports it is behind vlan2 it doesn't. Once the MAC address is behind the vlan2 if I clear the mac-address-table and that mac-address is still put behinf Fa2 then the pings works again, sometime I have to perform twice the clear command before the MAC address goes back to the right location.I'd like to understand why the router moves that MAC address from Fa2 to vlan2 and that's the reason for my question in the subject.I don't have any problems for port Fa0 and Fa1."Show int fa2" doesn't show any problem/errors or the likes.BTW even if I force that MAC address to be statically behind FA2 the ping works fine but then stops and if I do "show mac-add" the static entry for it is still there... so looks like there us something that overrides that static entry. If clear everything and I have the mac-address be behind Fa2 then everything starts to work again. I used Fa3 instead of Fa2 and I get the same results.
I had a lot of problems with TCAM table in the past and made changes in SDM ended whit that. But now want to be proactive and anticipate the problems in my TCAM table.
If the my template is "default desktop" they support a number of indirect IPv4 routes of 2k. I wanna know automatically by my management tools if this number reaches 1.9k.
That way I can take corrective actions before the problems starts on my network.
we have a WS-X6K-SUP2-2GE running CATOS software, we are facing a TCAM exhaustion.I would like to know the following:
1. during an exhaustion, based on what ACLs will be kept in hardware or moved to software? the name or number gives any precedence to an ACL over another ACL?
2. If the TCAM's utilisation was on the limit and we increased ACEs to a specific ACL, all the ACL will be moved to software or only the new entries?
We have a 3750 stack with a mix of 3750G and 3750X switches. The current active template on the switch is desktop default and we are running EIGRP on the switch with large routing table so we get the TCAM error that a specific prefix cannot be programmed in TCAM memory so it will be software forwarded.%PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded
This error is quite frequent on a daily basis. My question is that will this error create a high CPU situation and affect traffic processing on the stack causing ESX Hosts to become unresponsive?
I am working on a QoS design which I hope to test at some point, but at this stage its from the books.My question is how to decide which queue and threshold to use for video traffic, then lower priority traffic.I understand the shaping and sharing commands, its the queuing and threshold bit I'm not clear on.The plan is to use the priority-queue for EF marked voice, this will be policed on ingress to provide an upper limit to EF traffic levels, then my second priority traffic will be video. Which queue will get serviced first once the priority queue is empty, and how do I decide which threshold to allocate my video traffic to? The document ion is not at all clear, I want to prioritse my traffic in the following order:
1 voice, use the priority queue 2 video, this to get serviced ahead of data, after voice. 3 interactive data 4 Bulk data 5 Best effort
So Q1 settings are ignored due to priority queue. Q2 gets 70%, Q3 25% etc.Is it as simple as putting video into Q2 T1, then interactive data into Q2 T2, will Q2T1 get a higher priority over Q2 T2 once the PQ is serviced?
I have a stack of 3750x switches running 15.0 (2) SE2 IOS. When I reload the switch stack, I am seeing the following message in the logs: IPv6 user port trust TCAM write failed.
One of my clients is using Cisco catalyst 2955 industrial switch.I am doing the configuration for them and come across one setting of FCS Error Hysterasis Threshold. I know FCS is Frame Check Sequence.
I do not understand is what is the meaning the setting of Hysteresis in term of percentage stand for what purpose?For example, the default is 10 percent. If I set the value to be lower 5% and what is the impact on that? Is this more stringent than default of 10% or less stringent than default of 10%?
I have two Cisco 7606 routers using BGP to connect our customers to the internet. Recently we added a new 1G circuit in addition to an existing 1G circuit and all traffic inbound is now on this new 1G circuit. We would like to shift some of the inbound traffic over to the other 7606. Our Tier provider has the same AS number for both paths. One path goes directly to New York and the other goes to Boston then New York.
I have made an etherchannel between 6509 and 7606 with two giga interfaces on eatch one to have more bandwidth (2Go), but the Etherchannel does not exceed 1 GB (Below is a capture for Etherchannel taken from Solarwinds).the both 6506 and 7606 use ws sup 720 3bxl
its a hardware problem or just not get power to module 1 for module WS-X6748-GE-TX? this is the capture from show module and sh log :
------------------ show module ------------------
Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx 5 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE xxx Mod MAC addresses Hw Fw Sw Status
Our router suddenly reloaded. Below are the crashinfo obtained:
1st crashinfo:
7606_Router#more sup-bootflash:crashinfo_20120604-02260500:00:05: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor 00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output. 00:00:05: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor 00:00:05: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output.
[code]....
We are running s72033-advipservicesk9_wan-mz.122-18.SXF9
I have my router 7606-S rebooted by itself. According to output of show version command it's rebooted by software bug.
================ Snipped from crashinfo file ================= Jan 14 05:33:50.822 GMT+7: %C7600_MEM_ECC-2-MBE: Multiple bit error detected at 0xC09F4D38 Jan 14 05:33:50.822 GMT+7: %C7600_MEM_ECC-3-SYNDROME_MBE: 8-bit Syndrome for the detected Multi-bit error: 0x0 05:33:50 GMT+7 Sat Jan 14 2012: Unexpected exception to CPU: vector 1500, PC = 0xB7922BC , LR = 0xB792250
==================== Show Version ====================== Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1) Technical Support: [URL] Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Thu 10-Feb-11 19:27 by prod_rel_team
ROM: System Bootstrap, Version 12.2(33r)SRD5, RELEASE SOFTWARE (fc1) BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1) [Code]...
I have a cisco 7606-S with dual RSP720-3CXL. Devices reloaded and now none of the RSPs are booting.When I have tried to take the console using only one RSP, card going to rommon mode after that it hangs. I guess its firmware is corrupted.
I have one Cisco 7606 and i need to install a WS-X6748-GE-TX with WS-F6700-DFC3CXL.When I install the WS-X6748-GE-TX the module is powered off with the following warning:
00:01:45: %C6KPWR-SP-4-UNSUPPORTED: unsupported module in slot 1, power not allowed: Unsupported baseboard/earl combination. [code]
I have a SR520 just deployed at a remote site with Internet Access.
Working Environment: Remote sites have SR520 with IPSEC VPN back to HQ and netflow v.5 works through the VPN back to our PRTG server.
Non-Working: I cannot get Netflow data to our PRTG with this first SR520 implemented with Zone Base Security. I am not able to get my netflow traffic out. VPN is up and running. Internet is a dialer0 interface. I have a Kron job that does the copy run to tftp backup daily to the same PRTG server and it works fine.
Both my source interface and address on the TFTP command and the netflow commands are the same interfaces (VLAN75) and IP. The Destination ip is the same too (through the VPN tunnel).
I am trying to figure out the Flexible Net-flow on Cat 4510R+E Switch running IOS-XE code. My Neflow flow software is manageengine 7.X. I am able to see the netflow interfaces but the traffic itself is not displayed. On the Switch I can see the netflow exporter statistics counter being incremented thereby confirming as being exported.
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
I have 4506 with below sup, my requirement is to enable netfolw , but as i came to know that it is not supported in this sup, is there any additional option which can be explored to get the netflow working without replacing sup.
Card Type Model -------------------------------------------------------------+----------------------- Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E
Ive tried to configure NetFlow on layer 2 without success. I configured the recondmonitorexporter like the configuration guide said. but still i dont receive any netflow traffic. I checked the firewall on the VM and it looks fine.
i have done the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.
To enable netflow export on ASR1001, do i need the firewall feaure license or not ?Docs are not really clear, NBAR requires FW license, but i am unsure about Netflow?
