I want to see net flow data.I have configured this command on the c6500.but I can to see data only below...How can I configration ip cache flow on the C6500? what is the problem?
int gi4/31
ip add x.x.x.x
ip route-cache flow
c6500# show ip cache flow
Displaying software-switched flow entries on the MSFC in Module 5:
[code].....
On my 1841 when i enter the "ip flow-cache timeout active 2" command it accepts this command with no errors. But when i look at my running-config this does not list.I did the same thing on my 2811's and 3745 and it shows up in the running-config. Should I assume if it doesnt' show up in my config file than it is not applied? How can I verify that it is or isn't?
View 1 Replies View RelatedI have a Cisco 2621XM router with two ethernet interfaces that sits before a vendor supplied VPN router. I need to see the IP traffic incoming to my router from the WAN side (fasteth0/1 below). I setup ip cef, and ip flow ingress on the interface. However -- it seems that what I see when I use "ip cache flow" command doesn't have a very long history or life. What commands am I missing so that I can see a summary of the stats over say the last 5, 10 or 15 minutes? Is this the best config that can be used for this, or can I create a more summarized report just using the router HW and IOS? Basic current configuration:version 12.3service timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname Littleboy!ip subnet-zeroip cef table event-log size 1024ip cefip cef accounting per-prefix non-recursive prefix-lengthip cef traffic-statistics load-interval 180!ip flow-cache entries 2048ip flow-cache timeout inactive 60!interface FastEthernet0/1 description Littleboy to vpn-wan ip address 10.1.0.1 255.255.255.252 ip flow ingress?
View 5 Replies View RelatedEver since we switched to ASR1004 running XE15.1(2)S1, we have seen that the output of "show ip cache flow" stalls and is super slow to complete. We have a few interfaces with "ip flow ingress" defined. What can be causing this slowness? Any recommendations of commands to speed up the output?
View 1 Replies View RelatedHow to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
I'm going to start the evaluation of implementing the virtualization of our campus LAN using MPLS.We'll get many inter-VLAN routing domains per VRF on the same LAN infrastructure.The LAN infrastructure is based on C6500 implementing VSS.Do you have experience with this kind of setup?Any known/faced issue that might prevent the setup of MPLS on VSS enabled C6500?
View 4 Replies View Relatedhow is calculated heat dissipation of ethernet modules for c6500? For example, heat dissipation of WS-X6908-10G-2T - 2083.32 BTU/hour.. This heat dissipation of the empty module, without transceivers? Or including all installed transceivers?
View 3 Replies View RelatedMy C6500 is having relatively high CPU (no spikes, but constantly)
I'm under the impression that cef is causing this problem because alot of packets are being processed or send to/from the CPU. [code]
I did a netdr and I can see that the majority of packets going to the CPU are packets for which I have an entry in the CEF table.What can be a reason why those packets don't get hardware switches?I'm running Version 12.2(33)SXH5 - Sup720-10G.
there is something I find strange on C6500 about QoS: C6500 derive an internal DSCP value for it's internal use, but when configuring the qos mapping on output interfaces, only a cos value (I guess, an internal cos value) can be used. Is it a misunderstanding from me, or is it really illogic?
View 2 Replies View RelatedFor C6500 chassis, sup-fould like to know the dirrerence between supervisor engiene 720 sup-bootflash and sup-bootdisk?
View 3 Replies View RelatedTrying to migrate the config run on IOS 12.1 to 12.2 ?It seems there's no snmop traps isdn command support on 12.2.
where i can enable trap on ISDN over IOS 12.2 (33) sxj1 running on C6500 chassis?
I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.I looked at several methos like service policy or vlan filter, but no solution for the moment.
We have a 3750x switch with some issues on the arp. Our servers become unreachable for some time, buy when I clear the arp cache, I am able to ping the server again. I have tried adjusting the arp timeout but I don't think doing so would be the permanent solution.
View 9 Replies View Relatedi have the topology :=========want to mention that im using port address translation on the router & not sure if it is making a conflict .
here is the config below :
why the cache is not working ?i mean that i tried going to internet with source ips of the subnet 10.20.30 , but i seems went to internet without any precedence of cahce server
[code]...
Struggling to find any documentation that states both "ip accounting & netflow" are supported on the new ME3600 switches. I have tried both a 12 and 15 release of software. Netflow produces no data what so ever, ip accounting only produces data (of the global network) when configured on my uplink (running MP-BGP network) unable to get specific data for user networks in seperate VRFs. Is this a case of the commands being there but not being supported?
View 0 Replies View RelatedTrying to configure netflow on a 3750-X. I'm sort of copying my config from a router but, it seemd that the commandes below don't work.
Is there different set of commands to configure the source and destination.
ip flow-export source Tunnel0
ip flow-export destination 172.20.X.X 9995
I met a strange problem after enabling flow-control in 2960s.my enviroment,
- 2 cisco 2960s 24ts-l have been created a stack
- IOS is 12.2(58)se2
- all ports have been enabled flowcontrol receive dersied
via show flowcontrol, I can see each Gigabyte Port have been enabled "flowcontrol receive desired" but, when I do the following tests
- connect equallogic ps4000xv to the port 21, I found the status of port is "input flow-control is off"
- connect one server with Broadcom Gigabyte Network adapter, which has been enable TX ON RX ON, or Auto, the status of the port is still "input flow-control is off"
I guess, the port status should be ""input flow-control is on". Test them with another port, I got the same result. why?
I am really new to Cisco and having a hard time with my Cisco 2800 series.
I have two sites connected with each other Site A and Site B (Using the same Cisco 2800). Now site A can connect to site B on the Cisco and the internal network, but site B can only see the Cisco and not the internal network of site A. So all the traffic is coming in to site B but can't break out of site B. I have tried everything I can think of but again my knowledge of Cisco is not good at all.
I'm receiving multicast traffic (400Mbps) on port 9/38 and sending it out on port gi9/48. I'm trying to achieve that traffic will stay within the card without using the switchfabric,
View 2 Replies View RelatedDoes the Cisco WS-C3560X-24P-S switch supports ip flow export?
View 1 Replies View RelatedWe have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
VLAN 10 - Servers Vlan
VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote sites and vice versa
I configured the netflow source VLAN 11 although I am not collecing any netflow from it.Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10. [code]
how to configure WRT54GC compact Router if the data should be configured to flow from PC1 through Switch to Router and then to PC2 back through Switch in the following configuration?
(PC1) -------------------(SW)--------------------(Router)
HD: 10.14.40.10/16 |
G/W: 10.14.40.1 |
[Code]....
That's, the data flow is PC1 -> SW -> Router -> SW -> PC2. I think that Router has to have both routing of 10.14.40.1 & 10.14.50.1, but how should I configure the router?
I am looking for the way to define an idle timeout for specific flows on an ASA5580 by using Cisco security manager. For ex I needed to define a specific idle timeout for connections beetween specific devices (Devices in vlan1, Device2 in vlan2).To test it I did following changes by CLI and it works fine. access-list L1 extended permit ip <@IP1> <mask1> host <@IP2> class-map CM1 match access-list L1 policy-map PM1 class CM1 set connection timeout idle 02:00:00
I try do do the same configuration with CSM in order to be able to manage each changes only by using CSM.So I defined Access control list, Traffic flow and then I define timeout in CSM --> PIX/ASA/FWSM Platform --> Service Policy Rules --> IPS, QoS and Connections Rules -> connections settings -> Traffic flow idle time-out. The problem is that each time I deploy the configuration with CSM I loose the timeout config line which is the most important for my application..
I have lets say a /24 directly connected via a vlan on a C6500 in the network.I'm trying to migrate some servers/devices away from it , however I need to move parts of it away bit by bit ( For example a /32 or a /30 that make up the /24 )Ive tried a direct ip route x.x.x.x 255.255.255.255 y.y.y.y and even a ip route x.x.x.x 255.255.255.255 y.y.y.y 1
Yet it still prefers the directly connected range ( as I pretty much expected. )
Is there any way I get it to prefer a static route over a directly connected?
I use 3 interfaces on an ASA 5510. First interface is Lan, Second interface is Outside, Third interface is ADSL The Outside interface is used for VPN L2L and smtp traffic. (Leased line on router managed by ISP)The Adsl interface is used for Http traffic. (Adsl Cisco router) I use this configuration found on another forum subjet for routing.route outside 0.0.0.0 0.0.0.0 x.x.x.x 1route adsl 0.0.0.0 0.0.0.0 y.y.y.y 2 nat (inside) 1 0 0global (outside) 1 interfaceglobal (Adsl) 1 interface static (Adsl,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0 The problem is now I have an www intranet server on the VPN remote site. How i can exempt the http traffic to the intranet server routed through Adsl interface?
View 7 Replies View Relatedupgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies View RelatedIn our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
The layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.
how do i configure the new asa 5505 to be as a router as shown in the diagram note: the isps' routers placed in head office. but i cannot change the configurations of the isp's routers.
View 9 Replies View Relatedi try to configure DNS on cisco 800 , it's worked , but after 24 hours the command ip domain-lookup change to disable, and it stop work
i'm not understanding why it's happen ,
that's the configuration
ip domain name XXXXXX.CC.CC
ip host XXX-RR-FF.com 2.2.2.2
ip name-server 1.1.1.1
[Code]....
If I have an ASA 5520 with an INSIDE interface, a DMZ interface and a WAN interface what would be the best way to configure NAT? If I configure nat-control and a nat (inside) 1 0.0.0.0 0.0.0.0 this will configure everything to be NAT'd when passing from the INSIDE interface out.My question is what about the devices I want to access in the DMZ from the inside for management etc? I'm guessing the ASA isn't smart enough to realise you're accessing hosts in it's DMZ interface so do you have to configure a nat 0 rule for every subnet within the DMZ you want to access or is there an easier way to do it? It's worth noting that the same devices will be accessing the OUTSIDE network and the DMZ network from the INSIDE network.
View 6 Replies View RelatedI have a customer who is on thr 192.168.254.x subnet and is using a Cisco 881 as their gateway.
They wish to create a second VLAN for the 192.168.253.x subnet.
The Cisco has Dialer0 configured for an ADSL connection.
I have partly configured the router but need some info regarding router a device on the 192.168.253.x subnet to the internet.
configure routing to the internet on the new VLAN and assist in setting up a DHCP server on that vlan. I have attached a copy of the current config.
I configured following command to implement QoS on Cisco 3560.
class-map match-any IND
match access-group name Lync
policy-map LyncAV
class IND
set ip precedence 4
[code]....
how to apply this QoS on interface?
