We have some ME3800MX router/switches running ME380x-UNIVERSALK9-M), Version 12.2(52)EY2. The Cisco website says:
The switch does not support these Cisco IOS router ACL-related features: # •Non-IP protocol ACLs (see Table 26-1) or bridge-group ACLs
how we would match ICMP traffic then?
I am struggling to find an SFP transceiver, single mode, that operates at 100Mbps in a 1000Mbps port in an ME3600 or ME3800.
View 5 Replies View RelatedI faced with issue on ME3800. [code] With that configuration there is no problem with DHCP Relay packets.But if I add on interface #xconnect 82.199.1 19.1 77 encapsulation mpls it will stop forward DHCP relay packets immediately. All other traffic transfers without problem.
View 2 Replies View RelatedI've Cisco7609-S with IOS 12.2(33)SRC2 met an issue is that "show ip route x.x.x.x" and "show ip cef x.x.x.x" shown next-hop is not actual switched next-hop.
For example, "show ip route 192.168.1.1" and "show ip cef 192.168.1.1" shown correct next-hop is 10.1.1.1, but the traffic destine to 192.168.1.1 actually not through 10.1.1.1, but always through the default route next-hop. Everything works normal after rebooted the router. Suppose it should caused by a bug? BTW, my Cisco7609 is runing BGP with ISP which received about 10K routes.
i want to ask , how to match youtube in my qos, i want to give youtube the best priority in the rush hour. currently im using an acl that match the ips of youtube but i think its not sufficeitt :
View 5 Replies View Relatedwe have bought 2911 router recently has to set up VOIP line seperately for the network we have two two broadband service provider:
1. how can i use 1 line as an active and other line as a failover(when 1 line is down other line should automatically bear the traffic).clear config will be useful. NATTING using MAtch address objects( roughly )
broadband service provider 1: 97.89.X.X 255.255.252.0
broadband service provider 2: 10.0.x.x 255.255.240.0
2. there are only 20 users to set up a voip line now. here we have telecom provider where they should route the traffic to make any international calls( say telecom public ip 200.200.109.110)from lan - wan everything is allowed from wan -lan we have to allow only telcom provider IP(200.200.109.110)
My Company use Core Sw 4507R-Sup 7L-E with Enterprise Services License. I has upgraded to use iOS cat4500e-universal.SPA.03.03.01.SG.151-1.SG1.bin
When I use match protocol in class-map, there are only about 10 protocols, and not have those ones I need. I intend to expand the list of protocols to do some Policy-map by loading PDLM. But 4507 is no longer support NBAR. So do we have another way to set Catalyst 4507R with Sup 7L-E recongnize more protocols in match protocol command?
When configuring QoS on 3750s/3560s, we're mapping packets to particular interface output queues with commands such as: [code] The command to see what's actually being enqueued, dropped, etc. is: [code]
Note that these queues are numbered 0 - 3, and not 1 - 4. We've been assuming that the first queue number in the "mls qos" (i.e., 1) command maps to the first queue (i.e., 0) in the "show mls qos" command.
Both regular IP traffic and ICMP traffic are passing through the source port. C6509 provides the option of filtering vlan traffic during monitoring. But I don't have vlan traffic.
qa-c6509-c(config)#monitor session 1 filter ? vlan SPAN filter VLAN
So I applied an access-list which only allows icmp traffic to be sent out of the monitoring port. But it does not work.
I would like to configure IP SLA with ICMP tracker. What is the minimum IOS & Feature required in cisco 1800 Router?
View 2 Replies View RelatedI ran autosecure on my 1841 routere and now I cant do ping or traceroutes. What should I do to enable the pings and traceroutes after auto secure is done.
View 1 Replies View RelatedAmazed I cannot find this in any documentation but I want to know the default aging timer for ICMP redirects on a 3750 switch running at layer 2.
View 10 Replies View RelatedI am experiencing inconsistent echo-replay from devices connected via VPC to Nexus 5500s while pinging from the Nexus exec prompt.
In some cases I receive normal response when pinging from one Nexus, but no response when pinging from the other switch. In other instance I receive normal response to one Nexus, and duplicate replays to the other. It looks like a VPC related bug. NXOS is 5.1.3.N2.1
5501# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=253 time=8.585 ms
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=9.227 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=1 ttl=253 time=1.011 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=253 time=8.097 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=9.429 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=3 ttl=253 time=18.195 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=253 time=8.807 ms(code)
I am in the process of installing a 3750x (IOS 12.2 (53r) SE2 IP Base) Cisco Catalyst switch in a new network of just 2 PC's (2 hosts, OS windows7 64Bits). I have enabled SVI interfaces with the both hosts installed in 2 different network segments. We then start connectivity test. The response time for the PING command between both hosts remain below 1 millisecond, whereas the response time between the hosts and their correspondent SVI interface is variable, and at all time is higher than 1 millisecond, sometimes it reaches 17 milliseconds. (Note that the switch CPU usage is only 8% at the time of testing) We have performed this same connectivity test changing the 3750x switches and in two different locations obtaining the same results.
View 2 Replies View RelatedI've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
When I send consecutive ping message I found always a missing of packets . Furthermore When I insert the "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.
I had setup a lan infrastructure with 5 3750 stack swithes. In these 3 of them are in one stack which is acting as access switch, 2 of them in another stack which is as core switch where all the SVI is configured. Now, when i tried to ping from our edge pc which is connected in access switch to default gaeway, which is configured in core switch, the ICMP is getting delayed . But when try to ping from the same edge pc to another user PC, it is getting less tahn 1 millisecond icmp replies.
why icmp is delaying to default gateway , but working with another edge to edge pcs without any delays?
Need to clarify if ip sla icmp echo operation is supported in catalyst 3kx switches (ip services)? on the configuration guide, commands are available, but on the feature navigator, i can't find the feature, only ip sla video operation. i don't have a device to test on here.
View 2 Replies View RelatedToday one of our 9 Cisco switches a "WS-C2950S" (we also got 2 other WS-C2950S on same network) stop responding icmp ping packages. When i tried to telnet the switch its network was unreachable but i was able to see its existance from other switches by "sh cdp neig". So i decided to fix the situation on a suitable night time work, checking by console cable or even rebooting the device.
Then i started to wonder... what this could possibly be about?We have like 40 clients behind that switch and there was no communication problem during the problem.
i am facing a problem when the client vlan is commmunicating with the default gateway on the core 3750-x.
ios in 3750-x core is 3750e-universalk9-mz.150-2.SE.bin. But, client to client communication is happening without any dealy and icmp is less than 1 ms always.
When try to ping default gateway of client vlan, it is getting delayed (variable icmp delays). Is this an ios bug?
I have a cisco 2811 router set up as a nat/firewall gateway for my network. I've configured it for CBAC on using ip inspect and an access list.What I want is to use audit-trail to record network traffic (which means sending syslog messages to a server) concerning established sessions from my own network to locations in the outside. If i configure this using ip inspect audit-trail and no ip inspect alert-off, the configuration looks like this: [code] which works just fine, but there is the matter of icmp packets.
Since i use polling software that needs to check some machines in the outside part of the network, it is only natural that several icmp sessions are established through the Inspection Rule per minute. The problem is that since these sessions are recorded along with everything else, my syslogs are flooded with these (since i am using logging trap informational) to the point that more messages are generated about icmp than all other traffic combined, especially in non-working hours.What I am asking is a way for the audit-trail to be selecively disabled for icmp, so that the outgoing (echo) &incoming (echo reply) sessions can be established without generating syslog messages.
I have made some test and i noticed that qos input policy does not classify the icmp packet based on their dscp.The "match dscp ef" or "match precedence 5" is not working only the "match protocol icmp" shows hits.
We need to classify the different icmp packets based on dscp ( TOS ) for measurement purpose.CISCO 7200, 12.4.25d and 12.4.20T have a same behavior.
I have two sites connected to each other using L2 MPLS/1Gbps "provided by the telecom", the link is configured as a 802.1q trunk and terminated on C3750 on both sites. Everything is working fine according to the below configuration. But i am facing QoS limitations on the number of queues, i checked cisco web site and found that the ME3600/3800 has HQoS which will give me advanced QoS features.I am thinking to migrate from the 3750 to ME3800, but i am new to metro switches. if i can apply the same below configuration on ME3800 except the QoS as i will replace it by MQC configuration? So can I consider that the ME3800 has all 3750 features plus MQC QoS?
!
!!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
[code]....
We have pair of Cisco Nexus 7018 with four eight port 10gig modules.I have created two VDC's with mixing 10gig ports from diffrent modules.Now we requied some one gig SFP ports and we are planning to buy 48 port 1gig sfp+ card.My question is can
1- Can I still mix and match 1gig and 10 gig ports in two different VDC's? (1-24 for VDC1 and 25-48 for VDC2)
2- All 48 port module hve to allocate to one VDC which alreday have all 10gig ports.
If I want to use the command match protocol xxxx when configuring traffic classification for QoS, is necessary to have the following licence?
-FLASR1-FPI-RTU
-Flexible Packet Inspection RTU Feature License for Cisco ASR 1000 Series.
I have a problem with latest Anyconnect Mobile clients, on any device(iPhone,PC..) I have this error message.Anyconnect cannot verify the VPN serverAll certificates(rootCA,userCER) - installed on client side, all of them are trusted.
View 1 Replies View RelatedI'm getting an "ACL does not match proxy IDs" error that I'm not able to troubleshoot, googled this with a lot of results, tried some; but nothing applied.I have setup 2 tunnels, 1/one from a pix 515e (office) to an ASA 5505 (hosted server) for my guys to access the hosted server2/A second one from the ASA 5505 to my client's firewall so that its equipments can reach the hosted server and from the hosted server reach the equipments.Both tunnels are working fine, my issue comes when I'm trying to join my clients equipments from my office, ie cascading the tunnels.
This is the first time I'm trying to cascade some tunnels, no issues with other vpns I have been building.I'm joining the configuration of the pix and the asa and an extract of the syslogs showing the error, any obvious error I haven't seen!
I am currently using a Cisco 1751 w/ 1-WIC-DUS-T1 to connect our branch locations via Frame Relay. I will be adding 2 new locations in about 2 months. What is the 1800 series match for the router I currently use and is there and performance advantages?
View 2 Replies View RelatedThis is happening to me to multiple computers on my domain. When it happens i can only log in as a local user or if I unplug the network cable, log in and then re-connect the networkThe time on all these machines is correct within at least 1 minute but still it's throwing off this error. When reading about this problem I see many fixes that all relate to how to sych the time on the PC.
View 1 Replies View RelatedData link-ARP,RARP, presentation-SSL,TSL,ASCII,JPG, Session layer-ASP(apple talk session protocol),SCP are these correct?can your provide 2 new protocols for each with the long name?
View 17 Replies View RelatedOn the laptop, the info bar is on the left side, the website tabs on the top, this shifts the other computers screenview down and to the right, it also cuts off the right side and bottom, with still leaving space on the right side and bottom. The pointer on the lap top does not line up with the desktop, because the screen is shifted, but only a portion of the screen is visible anyway. I used the same password and log in on both computers, don't know if they have to be different.There is full a screen option at the top right, but this causes the top tabs and info buttons on the left side to go black.
View 3 Replies View RelatedI live in a shared house, and I am the only one who has been experiencing issues connecting to the internet. I have to ask a housemate to reset the server, as this is the only thing that works.
When I am unable to connect, and I use command ipconfig, the following appears: Autoconfiguration IPv4 169.254.23.29 On the occasions when I am connected, the following appears in its place: IPv4 IP Address: 192.168.0.2
One tip that I came across was to check the box (Wireless Network properties, Connection tab) for "Connect even if the network is not broadcasting". I had hoped this simple solution would assist, but to no avail.
We have an HQ site with a 2811 (w/ADVSECURITYK9-M) acting as the firewall. We currently have 1 ASA5505 that has an established ipsec l2l VPN. I'm trying to connect a 2nd ASA, but I've noticed I can only add 1 cryptomap to the outside interface. A show ver shows 1 Virtual Private Network Module... Surely that doesn't mean only 1 VPN?Do I use one crypto map, and add a second 'set peer' & 'match address' inside the crypto map itself?
View 10 Replies View Relatedis it possible to construct the L7 HTTP class-map expression to match all URLs except one? I have 1 correct url, for example: /correcturl.* and want to redirect requests to all other possible URLs to this one, without the need to list them all in "possitive match" statements.
View 6 Replies View Related