I have a 3560 switch where I have 4 ports connected, one is to our WAN provider - 10Mbps and the other three are connected to different customers who I want to get an equal share of the 10Mbps bandwidth.I'm fairly clued up about configuring modular QoS but I'm being thrown by the fact that you can't apply a service-policy outbound on the ethernet ports.
View 3 RepliesI am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full. So I downloaded some big files over this link and I'm able to see 30- 40Mbps or more. You can see from the show int - rate-limit command that parameters are never showing exceented so nothing has been dropped. [code]
View 3 Replies View Relatedi have to restrict that router and switches shall join only given multicasts. Means if i change multicast in TVG430 from 239.0.96.1 to 233.0.96.1 than it shall be blocked.My TX rate i set to 20 Mbits on TVG430, i want to rate-limit it to 15 Mbits on switch on Ingress int gi 0/23 or egress gi 0/24 included are three show runs output.ip multicast rate-limit out group-list GROUP source-list SOURCE.
View 2 Replies View RelatedNetwork settings. What I want to do is limit the rate that people can download files from my webserver remotely. LAN connections should still be able to transfer at full speed, but anything outside of the local network should be limited to 200Kbps per connection. Is that even possible? Can I limit the number of connections per client (probably by IP)?
If this can't be done at the OS level, is there any way I could script it using PHP? Maybe read X bytes into a file and then sleep...
I am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.
View 3 Replies View RelatedWe have a couple of switches with a L3 Vlan 238 interface which runs PIM SM and OSPF, and HSRP. We have connected to this same segment telemetry processors which have raw socket interfaces configured - which means it picks up all IP packets which hit the interface and forwards them along.So we dont want the processor to recevie any of the 224.x.x.x switch housekeeping traffic? is there anyway to prevent that ?
View 1 Replies View RelatedI have a Cisco 2801 with a 4 port Layer2 switch card installed (HWIC-4ESW).
How do I bridge Ethernet0/1 to the 4ESW so if you were to plug a computer into the 4ESW, it would be on the same network as Eth0/1? see my config below:
interface FastEthernet0/1
description Internal Interface
ip address 10.1.2.1 255.255.0.0
[Code].....
I am using Cisco 3560 as distrubution switch and want to limit port 445 traffic on 1 MB and applied rate limit statment on Gi0/1 port but switch unable to limit said traffic.rate-limit output access-group 120 1024000 128000 128000 conform-action transmit exceed-action drop.
View 25 Replies View RelatedAt one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out. At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch. I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this?
View 6 Replies View RelatedHow do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps.
View 19 Replies View RelatedWe are in the process of rolling out iPads to our offices. As part of this implementation, we need to print from the iPads to our network printers. Our network printers are mostly HP and Xerox and do not have native Apple AirPrint capabilities. As such, we have been using the FingerPrint software to share out the network printers as Apple AirPrint printers. We have a mixture of switches at our offices. Most offices utilize a 3550 PoE switch. In these offices the AirPrint traffic is being transferred successfully and everything works great. In the offices which are using 3560 PoE switches, the traffic is never seen at the iPads. We are using EnGenius EAP300 access points connected into the Cisco switches to provide wireless access to the iPads. Both 3550 and 3560 switches are running iOS 12.2(25). What might be stopping/blocking the AirPrint traffic on the 3560 switches?
View 3 Replies View RelatedI use WS-C3560G-24TS and try both ios 12.2.50.SE1 and 12.2.46.SE but problem the same. The config as following,
interface GigabitEthernet0/1
no switchport
ip address 1.1.1.2 255.255.255.0
[code].....
but I find the int g0/1 output traffic only can achieve about 500kbps then I try config below,
interface GigabitEthernet0/1
no switchport
[code]....
I find int g0/1 output traffic only can achieve about 5Mbps,but if I change "srr-queue bandwidth limit xx" command xx to 20-90,the int g0/1 can achieve normal traffic bps, for example,
interface GigabitEthernet0/1
no switchport
[code]...
the int g0/1 output can achieve 2Mbps that is correct,just only when limit set to 10%,the traffic only can achieve half of limit bandwidth.
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 4 6 7
mls qos srr-queue output cos-map queue 2 threshold 2 3(code)
since cos 5 is mapped to dscp 46 then this traffic would go into the priority queue. is this correct ?
We want to get L2 traffic amount (bit/byte) passing through a cisco switch (6500/3560 ...) for a specific VLAN. it can be via SNMP or CLI ...How can we do that?
note: there is no L3 interface on swtiches.
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
I have a 4500 and 6500 that I'd like to be able to limit the bandwidth of layer 2 switchports. So for instance I have all GB blades but certain servers I'd like only to have connections of about 5 Mb per second or 15 Mb per second etc.
View 1 Replies View RelatedI 3750 doesn't support "shape" command under policy map. How do I limit the bandwidth to 3 M? [code]
View 3 Replies View RelatedWe recently got a 1921 for our main office and we have a dedicated 15/15 connection. We're running on an 1871 right now that is not under my control so I can't even see it's running config. OK! So when I set my gateway to be the 1871, we can get our upload to over 6mbit (we have 8 branches, so won't ever get full 15 since they're using it too). With the gateway set as the 1921, it seems like we're stuck at 1.5. I haven't seen it go higher than that. I've looked over the config but can't see anything that would imply some kind of bandwidth limit but I have copied the config here.
Building configuration...
Current configuration : 6688 bytes
!
! Last configuration change at 10:59:47 PCTime Thu Nov 29 2012 by admin
! NVRAM config last updated at 10:04:31 PCTime Thu Nov 29 2012 by admin
! NVRAM config last updated at 10:04:31 PCTime Thu Nov 29 2012 by admin
version 15.1
[code]....
We have a guest wireless setup but I need to rate limit the users so no one hogs all the bandwidth. The WLC is connected into a 3750 which is doing all the routing between the vlans. I know I cannot shape the traffic on the 3750.
View 2 Replies View RelatedAny idea for limiting bandwidth on cisco 892F router? We have 2 VLANs through our LAN and one must be limited upto 1Mbps or 512Kbps.
View 2 Replies View RelatedI have a 2960 that I need to limit the uplink port to 50Mbps for 3 vlans and 350Mbps for another vlan. Would the following config achieve that or is this even possible for the 2960?
class-map match-any VLAN50-51-52
match vlan 50-52
class-map match-any VLAN53
[Code].....
I'm trying to limit the bandwidth on certain ports to 3Mbps and others 1Mbps for a project, however when I do a bandwidth test from a website the speed on the router doesn't seem to change it's as if the changes over telnet aren't actually affecting the swtich's qos settings. I have verified that the policy is attached to the interface and the settings are correct as well.
Router
Telnet address: 10.xxx.xx.xx
Password:
[Code].....
We have a number of 6509s which generally have dhcp relay agents configured on the SVIs. The dhcp servers are centralised. Recently we've had one or two faults with misconfigured or faulty devices (blade server chassis and also printers) generating high volumes of dhcp discover packets and causing high cpu on the relevant 6500. I would like to rate limit these discover packets, which are layer 2 broadcasts. Storm control can't discriminate between different types of broadcasts and on a gig link would need to be set down at about 1% to have much effect on the problem. I've looked at CoPP and also mls hardware rate-limiting but as I understand it, these two features don't control broadcast traffic. I also looked at dhcp snooping but if an interface receives a high level of dhcp discover broadcasts, e.g. over 100pps, I don't want it to go error-disabled (as this would knock down the whole edge switch), just to drop the excess packets.
View 2 Replies View Relatedhow to perform UBRL User Based Rate Limiting on ASR1000 like we can do it on Catalyst6500?
View 3 Replies View RelatedCisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies View RelatedThe last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B
Network A. 10.0.12.0/24
Network B 10.0.24.0/24
The configuration is
interface Vlan1
description Data VLAN
[Code].....
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
View 17 Replies View RelatedWe have two catalyst 3560 switches running c3560-ipbasek9-mz.122-58.SE2.bin They are connected using etherchannel using gi 0/21 - 24 interfaces.
on 3560-1 switch, there isn't any ip-default gateway or ip route configured. It only have 1 interface vlan configured.
on 3560-2 switch, there is ip default gateway configured along with 1 interface vlan.
What i dont understand here is that, i can reach out to other subnets from 3560-1 switch in which the routing is not enabled?
I have a 2504 WLC connected to a Catalyst 3560 which has multiple vlans and is connected to a 2800 series router. I know the catalyst is L3 but I am needing nat functions to get outside to the internet. From my 2800 series router I am able to ping out to the internet, also I am able to ping the vlan interfaces on the catalyst switch. Problem is from the catalyst switch I can ping the inside and outside address of the 2800 but I cannot get any further then that. I cannot ping the 2800 router gateway. Not sure what I am doing wrong as far as routing.
I've attached my 2800 and 3560 configs.