Cisco WAN :: 1941 / Cannot Apply Service Policy On Multiple Serial Ports

Jul 18, 2011

I've run a across a strange issue that I've not encountered before and after the things I've tried am beginning to think it's a limitation of the router itself.  What I have are 3 Cisco 1941 routers that are all endpoints for a customer's MPLS network. STL is the headquarters and both remote offices have a link back this router.  Each of the remote locations only have 1 serial interface.  It is a flat network with few routes and a small shoretel voip system running across it.  Each router is running C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M5, RELEASE SOFTWARE (fc2).
 
QoS is configured as follows on each router:
 
class-map match-any AutoQoS-VoIP-Remark
match ip dscp ef
match ip dscp cs3
match ip dscp af31
class-map match-any AutoQoS-VoIP-Control-UnTrust
match access-group name AutoQoS-VoIP-Control
class-map match-any AutoQoS-VoIP-RTP-UnTrust

[code]....
 
If I try to apply the policy map to serial0/0/0, I get the following error: 
 
% policy map utoQos-Policy-Untrust not configured
 
I've tried to create a different policy map with the same settings and get the same error.  We thought that when it was first set up, each interface belonged to the same network, so we separated things out (hence the .252 mask).  I'm not sure what else to try and I'm hoping its something painfully simple that I'm missing. 

View 2 Replies


ADVERTISEMENT

Cisco Switching/Routing :: 3640 Can't Apply Service-policy?

Mar 21, 2013

I got this 3640, trying to apply a service-policy (output and input), but seems like I do it something wrong...because he only apply the output policy... here the config, I already try to config the service police inside the fa0/0, but is not showed at all, he only show the output, its like I never apply that

View 1 Replies View Related

Cisco Switching/Routing :: 7604 WS-X6724-SFP - Can Apply Service Policy To Dot1q Main Port

Jul 9, 2012

Example config

int g2/24
service-policy output test
 #and/OR 
int g2/24.10
encap dot1q 10
ip address 10.1.1.1 255.255.255.0
service-policy output test

View 5 Replies View Related

Cisco Routers :: RV180 / Setup Custom Service That Contains Both Multiple Disjoint Ports?

Jul 11, 2012

I have an rv180 and I'm trying to setup a custom service that contains both multiple disjoint ports (some UDP some TCP), as well as a TCP port range. This has lead me to a couple of questions.1) Is it even possible to have a single custom service with disjoint ports? Is it just going to be necessary to define multiple partial services for this?2) Is it possible to forward a range of ports? It's clear how to define a service with a port range, but the port forwarding table interface only allows me to select one LAN-side port for any service. Is there a secret notation that I need to do here that will just forward to the same LAN-side port as the WAN-side port---effectively one-to-one NAT forwarding, but just for the selected service?

View 8 Replies View Related

Cisco Application :: ACE 20 Service-policy Out Of Service / Still Able To Connect To VIP

Feb 28, 2012

We have a situation where services are stopped on the real servers. The probes fail and we confirm the services are not running on the server. We cannot access the ports from the ACE directly. We can still however acces the VIP on the TCP port (L4 VIP class-map). So we can still telnet to the VIP on the port from thr Client side of the network.This is on ACE 20 Modules deployed in Routed mode. The version of software is A2(3.3).
 
Tried removing multi-match and loadbalance policies as well as class-map and re-applying then re-appyling the service policy to interface. Same behavior,This is a problem at another level as some services are being monitored by GSS via TCP keep-Alive and this obviuosly causes a problem as the service then never goes off-line.

View 10 Replies View Related

Cisco Firewall :: 5520 Why Does Dynamic Policy NAT Rule Apply

Jun 4, 2013

we have a nat exemption rule for 10.0.0.0/8 to w.x.y.z followed by some static nat rules and then dynamic policy nat rule for 10.0.0.0/8 to w.x.y.z natting to IP a.b.c.d.When I do a packet trace from 10.10.10.10 to w.x.y.z, it shows the packet first matching against the nat exemption rule, and then immediately afterwards it matches the dynamic policy NAT rule. The static nat rules are being successfully bypassed (which is what I want), but why does the dynamic policy nat rule apply if an exempt rule has been hit already? An actual test between the IPs above reflects the result of the packet tracer as well (IP a.b.c.d is seen on server w.x.y.z).We are running the following software on an ASA5520.

View 7 Replies View Related

Cisco WAN :: Cannot Apply Policy Route-map To VLAN Interface 3560G

May 1, 2013

I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.

View 4 Replies View Related

Cisco :: When Trying To Apply An IPv6 Access - List To DAP Policy Is Pretty Vague

May 19, 2011

Unfortunately it's not particularly obvious as the error that's thrown when trying to apply an IPv6 access-list to a DAP policy is pretty vague:

View 2 Replies View Related

Cisco Switching/Routing :: Unable To Apply IP Policy Route-Map To VLan 4 In C-3750

Apr 22, 2012

Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , below is the configuration.
 
In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .
  
sh boot
coreswitch#sh boot
BOOT path-list      : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin

[Code].....

View 9 Replies View Related

Cisco Application :: Apply Policy Only On Specific Subnet / Port 443 Traffic Can Be Redirect And Rest

Feb 16, 2012

I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet 192.168.80.0/24..Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
 
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.

View 8 Replies View Related

AAA/Identity/Nac :: 7206VXR - Apply Specific Service Policies Per PPPOE - User

Jun 3, 2011

We are trying to apply specific service policies per PPPOE-User.
 
Our BRAS is a Cisco 7206VXR , running c7200-spservicesk9-mz.122-33.SRE3.bin
 
When we try an very easy service policy as following the policy is well applied:
 
Code...

View 0 Replies View Related

Cisco VPN :: 1941 Crypto Isakmp Policy Command Missing

Apr 19, 2011

I have been looking around and I can not find the " crypto isakmp policy " command on this Cisco Router 1941.  I just wanted to setup a regular IPSEC Lan to Lan tunnel and surprise, the command is not there.  Do I have the wrong IOS? I thought that a K9 image would do the trick. [code]

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 - Can't Delete Service Policy

Oct 23, 2011

We are evaluating Cisco ACS 5.2 and I can not delete a service policy that was created.  The message we receive is " the item that you are trying to delete is being referenced by other items". I am new to ACS, but I did go through each tab in the manager multiple times.

View 5 Replies View Related

Cisco WAN :: 870 Applied ATM Service-policy Output

Nov 30, 2011

I encountered this problem with cisco 870 atm interface. I applied service-policy output, its being accepted but when you do a show run interface, it's not there.

View 5 Replies View Related

Diagnostic Policy Service Cannot Start

Apr 8, 2011

I am Using Windows 7 32-Bit, and my Network usually works fine, and my internet has been working fine up until recently. However about a month (maybe more) I noticed a problem that kept cutting me off occasionally and said Diagnostic Policy was not started, I troubleshooted it and it was fine. Much more recently this has been happening more frequently and troubleshooting it doesn't solve the problem. I can get online for 10-15 Mins then I am cut off again. Restarting the computer often fixes it but not always. I went to Services and found the Diagnostic Policy Service is not running, I press start and receive this error message.

The Diagnostic Policy Service service on local computer started and then stopped. Some services stop automatically if they are not in use by services or programs.I am quite sure my loss of Internet is due to this as this is a network related service and what the troubleshooter always finds to be the problem. Other Computer/Devices in the house connect to the internet fine with no loss of connection so it has nothing to do with that. I have tried various fixes like uninstalling network adapter drivers, and checking permissions in Registry but it has not worked.

View 4 Replies View Related

Cisco :: Possible To Have Service Policy On Layer 2 Uplinks To Routers

Jan 10, 2013

I have the following scenario: Pair of Cisco 887VA routers acting as Layer 3 for Voice/Data VLANs with a pair of 2960 LAN Base switches acting as Cores and possibly then 2960 LAN Lites hanging off them as access switches. Our Service Provider has provided an example config where the class-maps match based on dscp values for the QOS policy applied to the DSL circuits. We can obviously trust the attached phones but I want to be able to mark data traffic on my core switches based on destination IP/port to allow application definition. My major question is can I have a service policy on my Layer 2 uplinks to the routers where the linked classes setting dscp vlaues are based on class-maps matching on the contents of IP access lists based while at the same time not remarking the EF marked packets from the phones?

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Cannot Work With Two Service Policy Rules

Feb 21, 2013

I have an issue about ACS v5.3 Appliance.I have an ACS v 5.3 wo authenticate wireless users, together with a cisco wlc. One profile is to corporate users and the second profile is to guest.
 
The corporate users should authenticate with Active Directory and the guest with WLC. Guest users should authenticate with the ACS Local Database. I have configurate two service selection policy that match with protocol Radius. The first rule is to users of Active Directory and the second is to users in
 
the Local Database of ACS.When i try to authenticate users with active directory is OK, but when try to authenticate users with Local Database (Guest Portal) the ACS try to find the
 
the internal user in the Active Directory, because math the first rule, and the second profile can not authenticate.When I change the order, first the Rule of internal users and second the rule of users of Active Directory, the internal users can authenticate in to ACS, but
 
the users in the Active Directory can not authenticate.I think my ACS only authenticate the first rule of radius to Active Directory, no two rules of radius in the same time. Or maybe exists an issue in OS of the ACS.The authentication by separately is OK.

View 5 Replies View Related

Cisco WAN :: 2951 - Using CCP To Create Service To Be Used In Zone Policy

Jan 16, 2012

Configuring Cisco 2951 router using Cisco Configuration Professional. I have created a zone based firewall on the router and have created a zone policy for network traffic between two LANs or two zones. I need a create a rule for new traffic that should allow a custom user defined service to flow between the two zones associated with with two LANs.

The problem is How do I created a custom service that I can use for the new traffic rule? I created a network service object as shown in the screenshot below:However, when I am adding the new rule, this service object does not appear in the user defined service in the protocols tree box as shown in the screenshot below:
 
What is the proper way to create a custom user defined service? I was not able to create it using Class map by the way because again I did not find the service object group in the user defined service when creating a class map.

View 2 Replies View Related

Cisco WAN :: 7609-S Service Policy Output Command Not Supported?

Sep 26, 2012

I am facing issue while configuring service-policy output command in Cisco 7609-S router with c7600s72033-adventerprisek9-mz.122-33.SRE2.bin IOS. However, in the same series router having IOS c7600s72033-adventerprisek9-mz.122-33.SRC6.bin is supported service-policy output.Both the switch have WS-SUP720-3BXL  SUP.

View 2 Replies View Related

Cisco WAN :: 2801 Removes Service-policy Output From Tunnel

Jun 6, 2011

I run 2801 with 124-24.T3 and I have following problem: router is connected to internet over pppoe and ISP once per day breaks this link. so I get:
 
Jun  7 19:31:56.639 MSK: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
Jun  7 19:31:56.663 MSK: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
 
and I also have tunnel interface which endpoint is accessible over internet.
so I get:
 
Jun  7 19:31:56.679 MSK: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel1 68844500 - looped chain attempting to stack
Jun  7 19:31:57.635 MSK: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
Jun  7 19:31:59.199 MSK: %TUN-5-RECURDOWN: Tunnel1 temporarily disabled due to recursive routing
 
this is not a problem, problem is that router when interface goes down removes service-policy output  from it, so I receive such message every day from runcid:
 
ip ospf cost 1
ip ospf mtu-ignore
tunnel source Loopback1
tunnel destination 192.168.200.199
-  service-policy output tunnel_mpr_gre 
and have to restore policy manually.

View 1 Replies View Related

Cisco WAN :: 887VA ADSL - Service Policy Brings Down Link?

Aug 7, 2012

Have installed an 887VA on the end of a ADSL connection. The provider has specified EF 150 on the link. The router is configured using a Virtual Template.
 
If the Virtual Template has a service policy applied, we don't have connectivity to their main site - although the CD and PPP lights are lit. As soon as the service policy is removed, we have connectivity.
 
We've had three sites with the same problem. Two of the sites don't have QoS specified on the link but had the same problem if the service policy was applied.
 
Hardware - CISCO887VA-SEC-K9
Software - 15.1(4)M4
 
=== config snippets
 
class-map match-all Voicematch access-group 10
  policy-map Dscpclass Voice  priority 150class class-default
 interface ATM0
bandwidth 1143
bandwidth receive 12334

[code]....

View 3 Replies View Related

Cisco WAN :: Port Adapter With Synchronous / Asynchronous Serial Ports For 7200

Jun 19, 2011

Is there a Port Adapter (PA) with Synchronous/Asynchronous Serial Ports, for Cisco 7200?

View 1 Replies View Related

Cisco Switching/Routing :: Cat 2960 - Map / Service-Policy Input Is Not Working

Nov 10, 2011

I have some trouble with that policy-map on my 2960 or 3560 switches with LAN base 12.2(53)SE2. I want to use that feature to catch video traffic from webcams in laptops  which can't send dscp values out of the box. This is my test config to check if the function is working: catch every traffic from my workstation for testing, access-list 101 permit ip any any, class-map match-all CL_TEST

1. I can't see any counters with the command "sh policy-map interface  FastEthernet 0/1". Cisco tells that this command is not possible. But how I can see if the policy is working correct?
2. When I did the configuration I can't see any packets with dscp af41 on the out going interface on the switch with "sh mls qos int gi0/1 statistic" as I expected. After reloading the switch I see the pakets with af41. Okay for that moment. But.After that I changed something in the policy-map. Only "set ip dscp ef" for a second test.

Generating some traffic I see only packets with af41 as before I changed the policy-map. No traffic with ef on the outgoing interface.

View 4 Replies View Related

Cisco Firewall :: ASA5510 Delete Default Service Policy Rules?

Jan 7, 2013

We have a problem with some websites being blocked every now and then. Everyone inside can access this external website for weeks, and then suddenly it's not available for a few hours, and then it comes back. All without me making any changes to the firewall, ASA5510. The external website that has nothing to do with us can be accessed from anywhere outside our network, example on my iphone through Verizon.
 
We have not set up any rules about blocking websites, all I found was the Default Service Policy. After backing up and then deleting the rule we are able to access all sites.

View 2 Replies View Related

Cisco Switching/Routing :: WS6724-SFP / Flapping Interfaces With Service Policy

Jun 2, 2013

i just configured a C6K VSS with Sup2T, 15.1SY IOS software and a WS6724-SFP module with the follwing cos config:
 
auto qos default 
table-map cos-discard-class-map
map from  0 to 0
map from  1 to 8
map from  2 to 16

[code]....
 
After applying the service policy to one interfac of the WS6724-SFP module the policy is deployed to all interfaces of the module. So far it should be ok but after a short time all interface of the module begin to go down an up and down and up ... flapping.

View 1 Replies View Related

Cisco Firewall :: Negative Counters In ASA 5510 (show Service-policy)

Feb 7, 2012

In my Cisco ASA 5510 in release 8.2, I have an extrage behavior in the output of "show service-police" command. The issue is that I create a class-map to limit trafic in one of ASA interfaces and I applied in a service policy. This is the configuration: 
 
access-list ACL-Limitada extended permit ip host srv-proxy any
access-list ACL-Limitada extended permit ip any host srv-proxy
access-list ACL-Limitada extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp-data
access-list ACL-Limitada extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp
access-list ACL-Limitada extended permit tcp any 192.168.10.0 255.255.255.0 eq ftp-data
access-list ACL-Limitada extended permit tcp any 192.168.10.0 255.255.255.0 eq ftp

[code]...

View 1 Replies View Related

Cisco Switching/Routing :: 3750 - Use MLS QoS Trust DSCP With Service-policy?

Dec 24, 2012

i would like to know the possibility to use mls qos trust dscp with service-policy in the IOS ver.12.2(25)SEE2.The specific version is not possible to configure like below.
 
Cat3750(config-if)#do sh run int f1/0/1
Building configuration...
 
[code]....

View 8 Replies View Related

Cisco Switching/Routing :: 3750 Service Policy Output Not Supported

Jan 26, 2009

I have a 3750 switch (c3750-ipbasek9-mz.122-46.SE.bin) were i want to add bandwitdh limit pr. interface, doing the following:
 
ip access-list extended customer_A
permit ip any any 
class-map match-all BW_10Mbps

[Code]....
 
When i trie to apply the "service-policy output 10 Mbps" to the interface, it says the service-policy output is not supported on the switch. Is this a software related isue ?

View 4 Replies View Related

Cisco Switching/Routing :: Service Policy Input Not Working 6509 VSS

Jan 6, 2013

interface Vlan24
description Internal Wireless Internet
ip address 10.x.0.1 255.255.254.0

[Code]....

So, I am trying to limit the bandwidth used by this vlan. The service-policy output statement works, the service-policy input statement does not. My test is to get on that vlan and go to speedtest.net. My download speeds are about 3.5Mb/s, my upload speeds are about 20Mb/s.
 
it has something to do with this:
 
sh mls qos ip
QoS Summary [IPv4]:  (* - shared aggregates, Mod - switch module Sid - Switch Id)
Int  Sid Mod Dir  Class-map DSCP  Agg  Trust Fl   AgForward-By   AgPoliced-By

[Code].....

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Assign QoS Service Policy Via RADIUS To Catalyst 45k / 3750?

May 4, 2011

is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?
 
in detail, we would like to assign this policy
 
policy-map SET_EF     class class-default       set dscp ef
 
to an interface. All traffic should be marked with a defined DSCP value.
 
This works find when doing it statically with
 
interface FastEthernet2/1         service-policy input SET_EF
 
but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.
 
we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k [URL]
 
unfortunately this seems to not work on Catalyst 45k and 37k.
 
In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.
 
it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)
 
4503-E#sh aaa attributes         AAA ATTRIBUTE LIST:        Type=1     Name=disc-cause-ext                 Format=Enum        Type=2     Name=Acct-Status-Type               Format=Enum

[Code]......

View 1 Replies View Related

Cisco WAN :: Unable To Configure Service Policy Output Command In 2921 Router

Apr 25, 2011

I am not able to configure Service policy output command in Cisco 2921 router.While configuring I am getting below error.Same config is working fine in Cisco 3845  router.I am suspectting the problem with license in IOS.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 / Blocking / Shunning Hosts With Service Policy Rules?

Dec 20, 2012

I have an ASA 5510 deployed and we are getting a tonne of port scanning traffic (who isn't these days) and ping traffic.The threat scanning thresholds seem a bit too high and was wondering if there is a way to use a Service Policy Rule to perform a Shun/Block of the hosts rather than the firewall simply blocking the request via the ACL and sending a reply.
 
In other words, if I do nothing, I know the ACL is protecting the resources but it is still replying to the client connection. I want the end result to be the same as a "Shun" where the connection is dropped and no reply is sent. how to employ Service Policy Rules to thwart Port Scanning and/or IP Spoofing? 

View 2 Replies View Related

Cisco WAN :: Connectivity Between 1941 Gigabit Ports?

Jul 30, 2010

The problem I have run into is that I am not getting any connectivity between my two gigabit ports on the 1941. I have  ge0/0 setup as my internal network and is running dhcp, ge0/1 is the connection to the modem. I can't figure out how to configure the connections so my internal traffic on ge0/0 routes out through ge0/1.
 
Here is my config:
Using 4312 out of 262136 bytes
!

[Code].....

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved