Cisco Switching/Routing :: C3750e Dropped AF41 Traffic In Ingress Interface?
Nov 29, 2011
As above, I got a problem with C3750e, ios c3750e-universalk9-mz.122-58.SE1.bin, when send AF41 traffic passing through it. My topolygy is as following
WAN link <----------> G0/0/2.100 - ASR1002 - G0/0/5 <---------> G1/0/1 - C3750e - G1/0/3 <--------> G0/0/1 - ASR1004
On this C3750e, I turned on mls qos, trust dscp on both G1/0/1 and G1/0/3 and no else is configured. ASR1002 G0/0/2.100, i applied the CB shaping fror AF41 traffic.
C3750e#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
C3750e#sh mls qos int g1/0/3
GigabitEthernet1/0/3
trust state: trust dscp
[code]....
Then, from ASR1004, i send ICMP traffic with TOS set to AF41 (136) and i found out that
1. The traffic is dropped on c3750e
sh mls qos int g1/0/3 statistics
GigabitEthernet1/0/3 (All statistics are in packets)
30 - 34 : 63 63 48 86 1534
2. The traffic never get hit into AF41 class in ASR1002 ? Why C3750e dropped this AF41 traffic? and what can I do to fix it?
View 1 Replies
ADVERTISEMENT
Jun 22, 2012
I have couple C2960G and C3750. Is there any way to filter (on ingress port) type of traffic? I would like to allow IP only, and discard (i.e.) IPX, or other garbage, that any device can produce.I have tried to find something about this, but only thing I have found is feature : protocol filter, which doesn't seems to be working on my hardware.
View 6 Replies
View Related
Jan 24, 2012
In QoS, voice traffic is usually marked EF and placed in a priority queue. But interactive video traffic, like VTC, should also receive priority treatment. Can I put both classes in their own priority queues in the same policy map? I thought there could only be one LLQ, but I'm not sure about it. An example of the config I'm thinking of is below. Voice would be marked EF, VTC would be marked AF41.
View 6 Replies
View Related
Oct 28, 2012
I'm currently configuring per port policing on a 3560 and want to limit inbound traffic to 750mbit:
mls qos
access-list 1 permit any
class SET_IF
match access-group 1
policy-map SET_QOS
class SET_IF
[code].....
When I test the setup with iperf I always get different results when I change the nummber of parallel connections.Isn't there a way to limit the throughput regardless of the number of conns (INGRESS!) like with srr-queue bandwith limit?
View 2 Replies
View Related
May 2, 2012
My question is about WS-C3750E-48TD-S and WS-C3750E-24TD-S Switches
What are the limitations of the mapping of VLANs on this device? Is it limited by number or by interface? Does the configuration of an interface has spread all interfaces ?
View 1 Replies
View Related
May 31, 2012
I have a C3750E-24TD-S on which I just loaded new firmware. When I boot up I see this:Loading "c3750e-universalk9-mz.150-1.SE2.bin"...c3750e-universalk9-mz.150-1.SE2.bin: no such device
Error loading "c3750e-universalk9-mz.150-1.SE2.bin"
Interrupt within 5 seconds to abort boot process. Loading "flash:/c3750e-universalk9-mz.150-1.SE2.bin".
View 13 Replies
View Related
Apr 20, 2013
I have two Switches which i need to put in a same stack - WS-C3750E-48TD and WS-C3750G-48TS . Possible to do so and also which IOS to put in both the switches as WS-C3750G-48TS is having lower RAM and flash.Whether can i put following IOS in these switches and connect them in a stack as i have read that IOS -- 15.0.1. SE are compatible with both the switches.
a . c3750e-ipbasek9-mz.150-1.SE.bin in switch - WS-C3750E-48TD
b. c3750-ipbasek9-mz.150-1.SE.bin in switch -- WS-C3750G-48TS
View 8 Replies
View Related
Feb 13, 2012
Is that possible add WS-C3750-48TS-E to ws-c3750e-48td stack?
View 4 Replies
View Related
Feb 21, 2013
I have a problem with Total Output Drops, it's increase and decreases on WS-C3750E-48TD-E.
SWCIACTCT05#sh int gi1/0/47 | i Total output drops:
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 6487344
SWCIACTCT05#sh int gi1/0/47 | i Total output drops:
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 6487344
SWCIACTCT05#sh int gi1/0/47 | i Total output drops:
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 6487344
[code]....
I checked and found two registered bug id: CSCtq86186 / CSCso81660.I would like to know what is the best IOS version to update my switch, IOS 15.0.2 SE2 or 12.2.58 SE2, by the way, my environment is very critical (data center) and the version 15.0.2 SE2 is very recent, but its stable ?In both versions the problem are fixed?
View 3 Replies
View Related
Dec 20, 2012
7x stack WS-C3750E-48TD-E orignal code 12.2.35...i wanted to get it to 15.0.1 so as a test i disconnected top switch (not the master ) and installed via archive download-sw /allow upgrade 15.0.1.tar. and it worked away fine...
so i moved onto the stack, issued the same command, image loaded rebooted and stack hung..Consoled in and switch was unable to boot..looping on trying to load flash. [code]
View 8 Replies
View Related
Feb 24, 2012
The top device of my network is cisco router 7609. There are two part subnet of my network, each part use same device type, same running-configs and same network topple: sw6506(to campus)--->sw3560(to buildings)<--->linksys sr324(to offices). IP addresses for manager vlan is 192.168.1.0/24.Suppose we name two part subnet as A and B. the problem is from 7609 I can telnet to every device of part A quickly, but when telnet to each sw3560 of part B,it responses very slowly. And only sw3560 of part B are response slowly, other devices of part B are ok.If I telnet to linksys sr324 first, then from linksys sr324 telnet to the current sw3560, it's ok.I try to capture packets of manage vlan, but there seems no strange things in it.No users of part B report problems, it seems the network is running well. Compare two sw6506s, the only diffirent thing is, there are "overrun" count at each interface in use of part B's sw6506. Each interface traffic is far less than it's capability, but it's "overun" count still increasing at working hours everyday.
View 1 Replies
View Related
Mar 9, 2012
Recently on two switches, both being same cisco WS-C3750E-24PD, running with same IOS c3750e-universalk9-mz.122-58.SE2.bin got noticed that the license state of one switch is showing incorrectly as shown below [code] I will not be able to execute any changes/modifications on switch as of now.
View 9 Replies
View Related
Feb 21, 2012
On a router I can use IP Accounting or Netflow to see what kind of traffic is moving over an interface. Are there any tools on a 3750 switch with a routed interface which would tell you who is hogging the bandwidth on that interface?
View 2 Replies
View Related
Mar 13, 2013
I have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
View 2 Replies
View Related
Aug 22, 2012
I have cisco WS-C2960S-48FPS-L stacked. Weekly twice, my PoE connections are dropped and when the device is restarted, everything starts working normal. This issue happens weekly once or twice. [code] I can see that there is a bug id : CSCtg86211 and no work around for it. Any updates received from Cisco TAC ?
View 7 Replies
View Related
Jun 7, 2011
I have 7200 Router some flows are not forwarded and when i check ""show ip cache flow"" output i found the destination interface is going to Null i checked the access-list it permits these flows.
View 3 Replies
View Related
Feb 1, 2011
So I have an asa 5505 running ipsec and anyconnect and it has been working great for months. I have not made any changes to the config, but suddenly all of my anyconnect traffic is being dropped. The vpn uses the same subnet as the LAN. I tried putting a rule in to allow all traffic from the LAN subnet on the outside interface. Now I just get the WEBVPN-SVC Action-Drop in packet tracer.
View 1 Replies
View Related
Oct 31, 2011
i am wanting to log dropped and oop packets on a c3825 isr with ios12.3(11)T3. on other routers(like a 2951 running 151-4.M2)i can state ip inspect log drop-pkt and it will log to buffer or syslog all dropped and oop packets. can i do this on this 3825 another way
View 1 Replies
View Related
Apr 9, 2012
I have a SG300-10 in layer 3 mode attached to a Fortinet firewall (FG). The Fortinet syslog is reporting repeated traffic violations with the following info:
src: << IP of the interface that the SG is attached to >>
dst: << IP of system connected to another interface within the same VLAN on the FG >>
src port: 0
dst port: 1281
service: 5/1/icmp
The traffic is dropped as it is not authorized traffic but I'm wondering what this is....Googling the dst port came up with "healthd" but not sure how that plays into this connection - does the SG use healthd? I have not found any system behind the SG that can be pinned as the source and the ACL/ACEs on the SG are very strict (only allows tcp port 443 from systems behind the SG)
View 2 Replies
View Related
Jul 30, 2012
I am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB. On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan. However, I then see no traffic from the phone on the switch. I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked. There is no static mac address table blocking configured on the switch.
Switch Version
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 50 WS-C2960-48TC-L 15.0(1)SE3 C2960-LANBASEK9-M
Port configuration
interface FastEthernet0/1
description "Standard user port"
[code].....
View 1 Replies
View Related
Jul 5, 2012
I believe i've enable jumbo frames on our Nexus 7010, one in each data-centre.
system jumbomtu 9216. Also on the interfaces mtu 9216. And can see MTU 9216 bytes, BW 20000000 Kbit, DLY 10 usec on the port-channel between them. Though when i ping between vlans at each site with large packets i get 30% drops and if i set the DF bit in IP header to yes - 100% loss.
8798 bytes from 10.200.12.2: icmp_seq=19 ttl=254 time=8.024 ms --- 10.200.12.2 ping statistics ---20 packets transmitted, 14 packets received, 30.00% packet loss
View 10 Replies
View Related
Dec 27, 2011
We are having some issues between our (2) Windows 2003 Storage servers and Windows 7 client machines. The issue that is occuring is that the users indicate they temporarily loose network connection to their mapped drives on these servers. This may happen several times a day. The regional manager wants to say it's a network issue but I believe it's something b/t the server and workstation.I like to know if there are some additional parameters, debugging or configuration that might be recommended to perform on our (4) Cisco 3750G-48port POE switches (stacked) that would determine that it's not a network issue. I do not see any errors or collisions on the ports that the servers are connected nor am I seeing much of anything wrong with the user ports. There are only 3 vlans at this office, vlan 30=users, vlan 20=servers, vlan 40=mgmt.
View 7 Replies
View Related
Mar 13, 2012
I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) xxx.xxx.83.253 (Unknown)
[code]....
View 7 Replies
View Related
Jul 7, 2011
I have two ethernet adaptors on my windows machine. OS is Win-XP.I am running ADSL broadband on LAN1 and on LAN2 I am accessing applications on our company's WAN. LAN1 is on 192.168.1.0/24 subnet and LAN2 is on 10.68.104.0/22 subnet.Accessing application through LAN2 involves DNS that is located distantly, therefore routers are also in picture.Problem is that while accessing the application that run on the network of LAN2, I have to disable LAN1. Otherwise the traffic goes on LAN1.
View 2 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
Nov 9, 2011
i have issues logging into one of our core switches.its a 6509 switch but i cannot log in remotely.when i try to console in on the console port, i cannot log in instead i get the above error message.I haven't rebooted yet but would it solve the problem as this switch is a production switch.
View 6 Replies
View Related
Mar 13, 2012
On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. Partial results of "show policy-map interface control-plane" not so long after clearing the counters : [code]
what traffic is dropped by the policy ? Is there any logging possible ?
View 2 Replies
View Related
Mar 26, 2012
We have an ASA that has 3 IPSEC VPN tunnels and standard interenet trafic coming in on Int E0/0 that I need to have go out Int E0/1. E0/1 is directly connected to a Steelhead Riverbed 2020. The Traffic will need to come back out of the Steelhead Riverbed 2020 and into the ASA to Int E0/2. From here it needs to go out either Int E0/3 which is connected to a Catalyst 3560 Switch or back out Int E0/0 though one of the VPN tunnels. I attached a PDF with a diagram if that works.
The reason we are doing this is we have Riverbed's at all our locations and they need to talk to each other to optimize traffic. Is this routing possible any other way than PBR (Policy Based Routing)? I am of the understanding that PBR is not supported on the ASA or PIX.
View 0 Replies
View Related
Apr 8, 2013
Initially we had a rv110w in place and had problems with the port forwarding stopping a few times a day so we replaced with with a RV180W. Now port forwarding appears to be staying up, however I have a new problem. We host a web page, for some reason when an internal user points the url to the web page it resolves to the web interface of the Router and not the expected web page. If you are outside of the network it resolves to the correct web page. I am not sure why this is happening as it didn't happen with the RV110W or the PIX before that.
View 2 Replies
View Related
Sep 17, 2011
I have two attachments that show my basic network layout. I can get from the VPN Cisco Client to Workstation 2 just fine with my current NAT rules in place. I can also get from Workstation 2 to Workstation 3 just fine. But I'm having issues when I try to get from the VPN client to Workstation 3... What would I need to do enable to get to Workstation 3 from the VPN client? IT seems very simple to me (just PAT that traffic as I do the traffic from Workstation 2 to Workstation 3) but that does not work.
View 10 Replies
View Related
May 1, 2012
I have a Cisco ASA 5505 and I have my internal and external interfaces configured but I currently cannot ping from the inside to an IP Address on the outside. I had this setup and working and I have another set of equirement that I am replacing that is working with my service provider so I know it is a configuration issue. When I ping 4.2.2.2 for example I get:
Destination host unreachable
Do I need to add a static route from my inside interface to my outside interfaces?
: Saved
:
ASA Version 8.2(5)
!
hostname pxasa
[Code].....
View 2 Replies
View Related
Oct 9, 2011
I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
Inside Interface Address: 132.147.162.14/255.255.0.0
Outside Interface Address: ISP provided IP address
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (132.147.162.14) so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp 132.147.162.14 255.255.0.0 any eq 80
Pix(config)#access-list outbound permit udp 132.147.162.14 255.255.0.0 any eq 53
Pix(config)#access-group outbound in interface inside
View 7 Replies
View Related
Apr 8, 2011
Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
2011-04-09 16:15:09 Local4.Info 172.16.1.68 %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE:68.22.26.66/4500 to inside:172.16.9.10/4410 duration 0:27:49 bytes 18653
View 1 Replies
View Related
