We have the problem that MPLS labeled packets are not being processed on EHWIC-1GE-SFP-CU if L3PDU + Shim-Header exceeds 1500 bytes.When we move the config exactly to the on-board Interface Gi0/0 it works with put any problems. [code]
View 1 RepliesI am implementing traffic export on the WAN interface of my 3725 router. I use a dialer interface for PPPoE which is applied to the Fa0/0 interface. This dialer WAN interface has Zone Based Firewall, NAT Outside, ACLs applied to it, as well as IP Traffic Export for an IPS. In what order would each of these items process a packet? In other words, is the order something like ZBF, ACL, IP Traffic Export, then NAT? How would QoS fit into something like this as well? I am asking because I am wondering how much processing the packets receive before they are mirrored over to my IPS.
View 1 Replies View Relatedi'm working on a QoS troubleshooting issue, I want to know the order how the QoS ACLs will be getting processed.For example I have configured the ACLs AF11, AF12 and AF13, in what order switch will process the ACL? does it in a ascending order fashion?
View 1 Replies View RelatedI have installed a EHWIC-4ESG card into my 2911 router running IOS Ver 15.1(4)M2. When I do a show diag, I can see the card, but I get the following line "Could not get card instance pa_bay=0 slot=0." Am I missing a step, do I have change something, is it not compatible (all that I have read, states that is)
View 3 Replies View RelatedHow I configurate EHWIC-3G-HSPA+7 card on 2911.
View 3 Replies View RelatedAny configuration guide for EHWIC-4ESW card. Also the difference in configuration between EHWIC-4ESWG and HWIC-4ESW if any?
View 1 Replies View RelatedI am having trouble setting up a EHWIC-VA-DSL-A= card on my cisco 2811 running the following the following:c2800nm-adventerprosek9-mz.151-4.M2.bin and C2800NM_RM2.srec.124-13r.T11
My hardware supplier tells me its the right adsl card (have 1 existing working card not the same) but the card will not detect on the system to be configured.is this the right card? am I missing something?
Can you configure a Cisco 1941 to use an 8 port EHWic module and the 2 onboard GE ports in a single LAN?
I've discovered you can't have the on GE ports associated with a VLan, and I'm when I've previously researched for a solution, bridging was mentioned but I cannot seem to get it to work (or completely understand it)The reason I would like to use all 10 ports on for the LAN is becuase I have 10 devices I need to connect to the 1941?
Can the new Cat 3850 run MPLS ?
View 4 Replies View RelatedI have two Motorola MC9090's that will no longer connect through my MPLS back to coperate. They both stopped working at the exact same time yesterday.
They connect to a Cisco WAP321 that is connected to a Catylist 3750 that is connected to a Cisco 1921.
Each device can ping anything on that network. Both the switch and the router can ping the devices.
But if I try to ping a device on the coperate network the devices timeout.
The PC's connected to the switch via CAT5 have no issues connecting back to coperate (RDP to server)
I'm going to start the evaluation of implementing the virtualization of our campus LAN using MPLS.We'll get many inter-VLAN routing domains per VRF on the same LAN infrastructure.The LAN infrastructure is based on C6500 implementing VSS.Do you have experience with this kind of setup?Any known/faced issue that might prevent the setup of MPLS on VSS enabled C6500?
View 4 Replies View RelatedDoes 2650 and 2620 support MPLS ? If yes what IOS version should i download?
View 10 Replies View RelatedI have a 2921 router and want to use mpls feature. Right Now we are using c2900-universalk9-mz.SPA.151-4.M1 image but mpls static cross connect” is not working with this image. And will this image(c2900-universalk9-mz.SSA) be worked?
View 2 Replies View RelatedI've studied and labeled out MPLS and MPLS VPNs several times. The situation I'm presented with is a little different from most of the case studies I've seen in my MPLS books. I've attached a diagram.
We have a IPsec site to site tunnel from our main HQ router to a Cisco ASA 5510 in the core network in the colo. This allows our HQ office to reach the private sub nets in our core without using a Cisco VPN client. The problem we are running into is that this seems to be putting undue strain on the Cisco 2811. I feel like the 2811 should be able to handle it but doing any kind of upload or download through the tunnel spikes the CPU/Interrupts and makes the router CLI basically stop responding until the traffic transfer is stopped or completed. During this time, certain Cisco SCCP phones on our Broad works platform cycle while the SIP phones on the same platform are OK. We are trying to alleviate the load on the 2811 by setting up a VRF from the HQ network to the private VRF used in the Core for private sub net communication. The problem I'm having is the the HQ also has some public traffic that I do not want to include in the VRFs and would like to have it travel through the P2P circuit we have and access the internet or other public devices through the core public IP Internet routing table.
The flow would be this:
-going to a public address use the public internet routing table
-going to private address in the 10.x.x.x or 172.x.x.x - use VRF to core Private network.
This is a little different of a set up from most of the VRF VPN examples I've seen. Most of those the CE devices is completely private. This is not the case at our HQ.
I need to confirm internet access from remote network through MPLS cloud to another site. Let me explain. We have a MPLS network with Wind stream as listed in the visio drawing; site 1 has internet access through the Time-Warner cloud for all users. Site2 has internet access through the Wind stream MPLS router. Site three has no internet access, and only has LAN access layer2 through Windstream routers to Site1 for networks 192.168.0.0/24, 10.1.1.x/24. My question is can we give everyone at Site 3 internet access through the MPLS network down into Site 1 using the Time-Warner ISP cloud.
I placed routes on the Site 3 3750 stack IP route 192.168.50.x 255.255.255.0 to the interface of the MPLS router at site3, then at site 1 we have IP route 192.168.50.x 255.255.255.0 to the MPLS interface, and able to ping all anything on the 192.168.50.0 network. I added the IP route 0.0.0.0 0.0.0.0 192.168.50.x the MPLS router interface, we do not have internet access at Site 3 using Site 1 network.
I confirmed at Site 1 from the Cisco 3750 switch we can ping 4.2.2.2 = Google. How to confirm this will work and what’s required to complete this connection to give everyone at site 3 internet access through Site 1 Time-Warner.
I thought I saw a post/question in regards to "how to" configure a Broadband backup for a MPLS circuit.. What I am trying to do is use a cable/dsl/ broadband (secondary) connection as a backup to a MPLS circuit (primary). I have EIGRP and BGP configured on both the branch endpoint and the tunnel headend. The tunnel is used by the interface that connects to the secondary circuit. The branch location router is a 1841 and the "headend" tunnel router is a 3825. I am wondering about the configuration/syntax of a "weight" or static route that can be used to have data flow over the tunnel when the MPLS circuit goes down - and then switch back to the MPLS circuit when it comes back on line.
View 1 Replies View RelatedWe are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers. We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain, the point to point links alone just to get one additional VRF on each floor required far too many Vlans.As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
View 2 Replies View RelatedWe have a customer who uses about 20 x c2960's switches for access layer and 2 x c3560e for distribution layer. C2960's uses C2960-LANLITEK9-M , Version 12.2(58)SE1. Everything was working fine. Now we got information, that sometimes there are problems with connectivity. Customer tries to reach internet.
SW11#sh int fa0/18
FastEthernet0/18 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.806a.4412 (bia e8ba.806a.4412)
[Code].....
I am seeing packets being ignored on GigabitEthernet0/0, but can't find any reason what the reason can be for that. So far calculated that about 3% of the traffic is being ignored. If it was caused by shortage of input buffers, I would expect to see increasing counters somewhere at no_buffer, but that is not the case. The average txload and rxload on the router is low all times.
#sh int g0/0GigabitEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is 0012.7f8a.8008 (bia 0012.7f8a.8008) Description: ;Link to NORISMP998 G5/2 Internet address is 151.175.19.102/30 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 2/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX output flow-control is XON, input flow-control is XON ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 8w2d Input queue: 0/75/522186/1117 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 11667000 bits/sec, 2319 packets/sec 5 minute output rate 9377000
[code]....
We have a 3750x 24s acting as a root switch for about 10 other 3750x's. Everything else seems fine, but the device stopped forwarding packets to the applied static route. [code]
View 3 Replies View Relatedrouter 7200 (12.2(33)SRE1)
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
[code]...
I have a stack of 2 C3750-switches (WS-C3750G-24TS-1U) with IPBASE-firmware (12.2(52)SE).
When I ping to a machine (in this case a virtual one), the replies are always received on the port where the machine is connected, but on the port-channel connecting to the stack of the 'pinging device' the reply comes only for certain initiators, and not for all.
Setting:
Gi1/0/6: Device/Server I want to connect too ; defined as access port
Gi1/0/25 + Gi2/0/25, as Port-Channel 1: The location of the devices I connect (read as: the uplink to the stack of the PC's), defined for Dot1Q-trunking
Monitoring setup: Source ports: Both: Gi 1/0/6, Po1 (or Po1 replaced by both interfaces)
For the machines which can ping the server I see 2 echo (ping) requests, followed by 2 echo (ping) replies ... So once seen on the Po1, and once seen on the interface Gi1/0/6.
However for other machines, the 2nd reply is missing ; which must be caused by the dropping of these packets in the switch. At least, I my opinion this must be the reason... But I can't see any (change of) output drops at int Po1, nor at Gi1/0/6. The CPU doesn't seem to have high usage, and even then, I don't think the error would be constant, as it's always failing for some PC's, and never for others... (at least for a certain time, a few hours it can be constant, the problem dissapears from time to time).
From everything I read it seems like DFC is for forwarding packets. When I hear packets I think of layer3. If my 6500s are just being used as a big layer2 only switch do I need a DFC? I am being told the 6500 looks at the layer 2 frame and the layer 3 patch header information before forwarding the frame. How true is this?
View 1 Replies View RelatedMy C6500 is having relatively high CPU (no spikes, but constantly)
I'm under the impression that cef is causing this problem because alot of packets are being processed or send to/from the CPU. [code]
I did a netdr and I can see that the majority of packets going to the CPU are packets for which I have an entry in the CEF table.What can be a reason why those packets don't get hardware switches?I'm running Version 12.2(33)SXH5 - Sup720-10G.
I am having trouble with my Cisco SG300 switch big time. I have two servers with IP addresses 10.17.0.11 and 10.17.0.29 sitting on the same switch which is a Cisco SG300. I initiate a file transfer from 10.17.0.11 to 10.17.0.29. I could see lots of Dup Acks and retransmissions which means something is wrong in the connection. Further, I could see the session initiation a bit bizarre. I could see two SYN packets sent from 10.17.0.11 to 10.17.0.29 and also two SYN ACK packets returned by 10.17.0.29. The switch forms part of a network but since both the servers are sitting on the same switch I suppose the rest of the network doesn't come into play when one server talks to the other.
See also the number of Dup Acks and retransmissions. The two switch ports connecting the servers have speed and duplex set to auto negotiate, flow control is enabled. What could cause this sort of problem?Could it be any setting on the switch or the servers' NICs?Or could it be a bad switch that causes this?
i have several cisco 6500 switches, and user switched connected to them.in my example i have a global service vlan, where some access ports are directly connected on the 6500, and this vlan is also allowed on the trunks to the access switch.
now i am connected with ma laptop on a access switch, where my port is in the same vlan. when i do a show mac address-table on my access port, i can see my own mac-address, nothing else.when i start wireshark to see the traffic, all i should see is traffic from or to my MAC, or broadcasts/multicasts.
But i can see other unicast traffic with different source/destination mac than mine.It seem slike these packets get broadcasted over the whole VLAN, but its no broadcast MAC nor IP.
i am wanting to log dropped and oop packets on a c3825 isr with ios12.3(11)T3. on other routers(like a 2951 running 151-4.M2)i can state ip inspect log drop-pkt and it will log to buffer or syslog all dropped and oop packets. can i do this on this 3825 another way
View 1 Replies View Relatedon some of our ports on Nexu 5000 and on the connected FEX we can see a lot of Jumbo Packets though there is not enableed any JumboFrame on the Switch, all Interface and system MTU is set to 1500.
DBE-LINZ-XX41# sh int Eth113/1/27
Ethernet113/1/27 is up
Hardware: 100/1000 Ethernet, address: d0d0.fd1b.b69c (bia d0d0.fd1b.b69c)
[Code]....
I have a requirement to monitor downstream data feed from a remote site and feed it to multiple destination devices for recording. The source data will be fed into a port on a Cisco 2960G switch then, using the monitor function, be forwarded to multiple interfaces. This works fine for normal Etherent II traffic. We tried a test using a device that generates IEEE 802.3 Raw packets ('type' field is used as a 'length' field) but found that while the traffic appeared to be accepted by the input port with no errors it was not forwarded to the destination ports, even when using the monitor function. I did try the 'encapsulation replicate' feature with no luck. It does not forward these packets even if I set all the ports into a common VLAN and let the switch just perform a normal switch function (non monitor).
if it is possible to get the IEEE 802.3 raw packets to pass through the switch and if it is, how to or what I need to do to make it work?
I have a switch that I have configured for jumbo packets, but they don't seem to be functioning. I have set system mtu jumbo 9000. The hosts are connected via 2x EtherChannel links. The hosts are jumbo frame enabled, and can ping their own local address using jumbo packets & do-not-fragment flags on the pings. They cannot, however, ping each other or the switch that way - it always says that the packet requires fragmentation. I know the attached machines (they're all VMs) and virtual switches support jumbos because I can ping within the virtual interfaces of the VMs. It's just traffic that goes over the switch that fragments.The switch is a WS-2960G-48TC. Here are the various outputs, with a section of config at the end.
hrnacancwtdevs3#show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
System Alternate MTU size is 1500 bytes
Routing MTU size is 1500 bytes
[code]....
SG-300 52 native VLAN blocking network packets
View 3 Replies View RelatedI have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) xxx.xxx.83.253 (Unknown)
[code]....
why the QoS deployment causes ports on 2960 switches to drop packets although there is no bandwidth contension? (output bit/second of the interface)packet drops at threshold 1, queue 2 ( queue 3 in config)
We are using Catalyst 2960 switches and are experiencing issues with QoS. After the QoS, we experience a lot of packet drops and it make the network slow. It appears that the slow performance relates to the egress queuing of each port.
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5
WS-C2960-48TT-L
switch_06#show inter fa0/1 | in drops|queue|output
input flow-control is off, output flow-control is unsupported
Last input never, output 00:00:01, output hang never
[Code].....