Cisco WAN :: 3800 - Nest QoS With Shaping - Getting Drops
May 4, 2012
I have a 3800 running 12.4 with a outbound shaped nest Qos tied to a subinterface G0/0.12 which is trunk downstream to a 3500. I am getting drops on the "sh policy-manager inter g0/0.12 so know that shaping which is 1.5mbps is dropping my packets. The 3500 looks clean
3800:
policy-map A
class-map A
bandwidth 30% etc..
[Code]....
the routing is that host goes up to the 3800 and out a wan link but if wan is down, it hairpins back down from 3800 to 3500 which has a backup link on one of the ports. when we test wan down, or even when it is up, I see shape dropping packets
View 4 Replies
ADVERTISEMENT
Nov 19, 2011
I have a client who has Cisco 3800 series routers in their data centre with which they have QoS/CoS policies implemented. They wish to further manage traffic by limiting outbound traffic to their branch sites in line with the network access bandwidth each site has available. Is this possible whilst leaving the QoS policies in place? If so how?
View 1 Replies
View Related
Dec 12, 2012
any luck getting Nest thermostats to stay connected on a cisco wireless network. We are running 5508s (ver 7.2.110.0) and the thermostats are connecting to a 3502. The WLAN is a locally switched FlexConnect SSID.
According to nest there are two potential issues - NAT timeout and wireless networks that do not play nicely with devices that sleep for long periods of time. I've configured static NAT translations for the Nests, so that shouldn't be an issue. Nest says "Nest uses Wi-Fi 'Power Save Mode' to allow it to sleep and charge its battery while remaining connected to the internet. Not all Wi-Fi routers support this feature or implement it correctly. When they don't, Nest will have difficulty sleeping and will restart in an attempt to reset its network connection. This may happen repeatedly if your Wi-Fi router is incompatible with the 'Power Save Mode' feature." I've tried increasing the DTIM timers to no avail.
View 3 Replies
View Related
Dec 11, 2012
Anyone having problems connecting N150 router to a 1st Generation Nest Thermostat? Nest support says it's a problem with them not conforming "to the TCP/IP specifications around Network Address Translation (NAT) timeouts and are disconnecting Nest too soon". Any way to work around this problem until/if a firmware update fixes it?
View 3 Replies
View Related
Sep 30, 2012
I'm trying to configure a Cisco 3800 with a WIC-2AM-V2 to do DDR. I've gotten it to work before, but it was a while and now the config doesn't seem to work. I'm using an Lo0 interface and ip unnumbered on the Dialer interface. Using debug dialer and debug ppp and see nothing at all trying to dial out.
##############################################################
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DDR
[code].....
View 1 Replies
View Related
Sep 1, 2011
I am trying to configure cisco 3800 as NTP server for all Juniper MX router clients. Purpose is to server the clock to all Juniper routers. But i m facing weird issue.. All Juniper routers are getting synch with Cisco 3800 but there is difference of 30 min between client and server time.
Cisco config
ntp authentication-key 100 md5 11201D00163B0C1E 7
ntp trusted-key 100
ntp source Loopback1
ntp master
end
View 5 Replies
View Related
Jun 12, 2011
I'm having a problem on which i cannot find an answer. I have a VPN router 3800 series (DMVPN) with 2 VRF on it, we also use dual Nat to reach our data center behind the 3800 series isr.
I created the Nat rules and the acl's , but the Nat is just not working, is there a special configuration needed for Nat and VRF's?
View 1 Replies
View Related
Mar 3, 2011
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
View 8 Replies
View Related
Sep 26, 2011
I was just configured a 3800 router with this command. I cannot get to the ROMMON mode anymore. Cisco says you should press Break key within 5 seconds after the image decompresses during the boot. But mine is ignoring it and going to load running config directly.
View 7 Replies
View Related
Jul 14, 2012
I need to upgrade compact flash memory card for a 3800 router. Basically i want to upgrade code on this router and the current flash size (64Mb) cannot hold new image. I wanted to check if i swap the old flash (64 Mb) with a new one 256 mb, i will loose vlan.dat file since it's stored in flash. Is there a way i can copy vlan.dat to new flash which has new code before i change the boot statements and reload the router?
View 1 Replies
View Related
Dec 22, 2010
I inherited a 3845 router. I am hopeful that I can use it for my home practice lab and connect it to a Cablevision (Optimum Online) Cable Modem. If it is possible what interface card/config I would need? It currently has a T3/E3 card with 2 coaxial connections (was used with a Cogent DS3 connection). I'm guessing I would need to replace it with an Ethernet one (?). Granted - I suspect it may cost a pretty penny, nonetheless I'd like to look into it.It also has 2 dual-port vwic2-2mft-t1/e1 card installed. I am an absolute beginner with Cisco and networking.
View 2 Replies
View Related
Dec 10, 2012
I am using a Cisco ME 3800 switch with 24 Gig and 2 Tengigabit interface. But after configuring the Tengig int with ip add and negotiation it is no know visible in the switch. Instead TenGig I am seeing two (Gi0/1 and G0/2). Not even showing the Tengig in the running config.
View 3 Replies
View Related
Jul 10, 2012
Is there a way to be able to check from one computer on a network to another computer on the same network when both have been set up with NAT?
For example, computer 10.0.0.10 cannot ping 10.0.0.20 because NAT has been set up. Port forwarding does not seem to be an answer. Is it possible for NATted computers to be able to ping each other or not?
View 1 Replies
View Related
Mar 2, 2011
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
The ASA is: Cisco Adaptive Security Appliance Software Version 8.2(2)Hardware:
ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz The router is:Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9_SNA-M), Version 12.4(20)YA3, RELEASE SOFTWARE (fc2) Router Config:!version 12.4!card type t1 0 0!no ip cef!ip multicast-routing no ipv6 cef!crypto isakmp policy 10 encr 3des authentication pre-share group 2crypto isakmp key xxxxxxx address nn.nn.12.130!crypto ipsec security-association lifetime seconds 86400!crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac !crypto map NOLA 11 ipsec-isakmp set peer nn.nn.12.130 set transform-set 3DES-SHA set pfs group2 match address VPN-ACL!controller T1 0/0/0 fdl both cablelength long 0db channel-group 1 timeslots 1-24!interface Loopback0 ip address 1.1.1.1 255.255.255.252 ip virtual-reassembly no ip route-cache crypto map NOLA!interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45!interface
[code]....
View 15 Replies
View Related
Jun 27, 2012
I have Cisco 3800 series router it needs user name and password to access through terminal I don't have the user name and password. Need To reset the password.
Terminal screen shot is attached here you can see that.
View 3 Replies
View Related
Feb 26, 2013
I have a working 3800 router which runs on bgp pretty well. Existing setup has 2 serial ports for the bgp and 1 gigabit port for the LAN.Now, i want to add another 3800 as a standby router making it clustered - ACTIVE/STANDBY via hsrp protocol.
1.) What are the implications in adding another 3800. Do i need to reconfigure the ip addresses on my serial? or just the LAN
2.) Are there any additional requirements like firmware versions etc?
View 1 Replies
View Related
Oct 24, 2011
We're having some numbers ported over to us and we'd like to verify that we are in fact receiving all of the numbers at our SIP gateway. Since we have been getting more and more activity on this router, I'm becoming more concerned about using certain debug's for fear that the router maxes out CPU and drops.
What the best debug command would give me this information with minimal impact on CPU? In the past I've used 'debug ccapi inout' and a couple of others similar to that. With so much activity though sometimes it bombs the router. Also I am logging to the console directly, maybe there is a better method with less CPU impact. I just don't want to have to go back and forth to look for stuff 50 times either if I write out to a file or something, it could work though I suppose.
View 1 Replies
View Related
Feb 6, 2013
I have two Cisco Routers 3800 series for my internet traffic (2 ISP). I configure HSRP on the interfaces gigabitethernet and at the main router I put the multilink interface to track. When the connection drops to the main router traffic does not switch on my second router.
View 1 Replies
View Related
Feb 3, 2011
I have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
View 4 Replies
View Related
Jan 17, 2013
I have a question about ACLs on Cisco 3800 router. I tried to configure extended IP access-list. However, I couldn't add more rules into some of the ACLs when the number of rules increase to about 120 rules. These extended IP access-lists are assigned to gigabit ethernet interface and sub-interface (VLAN interface).
Is this caused by some kind of maximum number of rules supported?
View 3 Replies
View Related
Jan 16, 2013
Need the clarity on IKE version 1 with aggressive mode, I assume this is used for remote site VPN and not for site to site VPN.
Correct me I am wrong and also share the inputs on this.
Also required the inputs for disabling in Cisco 3800 series router.
View 18 Replies
View Related
Mar 27, 2013
I wanted to configure failover internet between two routers Cisco 3800 Series. Each router is connected to an ISP. I have configured HSRP protocol on my interfaces and my HSRP configuration works well. I want to configure my routers to switch my internet traffic in case of failure. For example,if the first ISP internet connection fails, traffic will switch at the second ISP. I want to know how I should proceed to do this.
View 4 Replies
View Related
Mar 15, 2011
I am a traffic shaping newcomer and need some guidance as how to BEGIN to approach a problem with traffic. We have been rolling out Windows 7 at sites and the additional traffic it causes on installation is considerable as it has to request information from our central site to populate My Documents and Outlook mailboxes.This has caused some problems on sites as there traffic rates increase to the point that QoS is not sufficient to protect voice traffic and delays and one-way audio are being experienced.One question is this - is GTS a solution or is CBWFQ within GTS the solution or is something else preferable? The sites involved are data/voice with a variety of routers.Second question is this - if we have a remote site with a 3725 router as the WAN aggregator with one 4506/Sup IV and one Cat 3550-24-PWR the shaping should be best placed on the 3725, correct? Also, are there issues with shaping incoming/outgoing traffic as I seem to have read?FYI, the 3725 router has 12.4(8d) with IP VOICE/NO CRYPTO IOS version. The 4506 has 12.1(23)E4 with basic L3 feature set.
View 1 Replies
View Related
May 28, 2013
We are looking to implement a bandwidth policy for our Internet link. What i would like to know is if we use a policing policy, will the exceeded dropped packets be resubmitted from the source? Will the dropped packets be resubmitted? Are there any differences besides this when using either policing or shaping policies? Is one better than the other?
CISCO ASA 5510 IOS 8.2
View 3 Replies
View Related
May 29, 2013
I try to setup a basic GTS shaping on a cisco ISR G2 2900
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
Cisco CISCO2901/K9 (revision 1.0) with 1957856K/40960K bytes of memory.
ipbase ipbasek9 Permanent ipbasek9
the policy-map was applied to a svi interface (vlan interface)
And my problem is the shape isn't effective, in my attempt the max bw is 20Mb and I have gigabit interface
I know this kind of setup is classic and I see it working on older ios version 12.x
config:
interface VlanX
ip address X X
no ip redirects
[code].....
View 6 Replies
View Related
Sep 14, 2012
I have a Cisco3800 with IOS Version 12.3(14)T2 and I have an HWIC-1GE-SFP module inserted on it.
I need to know if there is a command to verify optical power level in this module inserted in the Cisco 3800 router?
Something similar to the following command that I can execute in an Cisco ASR9K:
show controllers Te0/0/0/1 phy | i Rx
View 4 Replies
View Related
Mar 11, 2007
I have a tunnel between a PIX 515E version 7.2(2)and a Cisco 3800 version 12.3(11r). There is a mismatch somewere in the configs but I cannot find it. I have included the configs and the syslog errors.
View 5 Replies
View Related
Jan 19, 2013
I'm setting up a IPSec Tunnel between 3800 and 2600 routers over the internet.
Do I need to create a tunnel interface as they suggest in this document? [URL]
I just watched a couple of you tube videos saying I don't need to do that...
View 8 Replies
View Related
May 22, 2012
I recently upgraded my AT&T dsl connection from 3.0Mbps to 18Mbps and I'm ready to fully optimize my network. Some bandwidth intensive programs, such as netflix and youtube, can hog all that bandwidth relatively quickly, so what I want to do is limit/reserve bandwidth to each individual computer on my network so online games and latency-oriented programs still function at an acceptable level. I have my connection running as follows: modem (controls dhcp) --> bridged connection server pc (2 nics) --> router --> every other device on the network. It all works beautifully except my router doesn't have QoS software on it therefore, I can't do the limiting there. Is there any way to use the server pc as a network shaping device, controlling downstream traffic? I've googled and come up with nothing definitive as people don't seem to do this very often.
View 4 Replies
View Related
Feb 6, 2011
I have a 3825 with a 1Gb fiber card at one of my sites. Our ISP and MPLS provider hand off a single gigabit fiber to us that contains 2 50MB EVC's.I need to apply QoS to one of the EVC's and shape them both to 50Mb to avoid upstream rate mismatch bottlenecks. Both of the EVC's generally only push 10Mb during business hours.When I run UDP stream tests (various rates from 500k-6m that are marked as AF41) to one of my other sites I am consistently getting about 2% packet loss, despite the fact the circuit isn't even close to 50% saturation. When I remove Shaping and QoS all together, the issue nearly clears itself up, except during peak hours and I get small bursts of packet loss, which is still unacceptable.When the pipe is at near zero utilization (after hours) there also is no packet loss with or with out the shaping/qos applied.
View 1 Replies
View Related
May 5, 2011
There is a remote server that downloads info from a server here at HQ. When the dowloads start the rxload on the S0/0/0 interface jumps to 98 percent or so; rxload 250/255. I needed to limit the bandwidth utilization between the servers, so I added the below line to the LAN interface on the remote router.By adding the command, it reduced the download utilization -which is what I wanted.
access-list 185 permit ip host 10.6.27.1 any
!
int f0/0
traffic-shape group 185 10000 8000 8000 1000
Question:How would applying this to the LAN interface cause the download utilization (Coming from s0/0/0) to decrease?
View 4 Replies
View Related
Mar 29, 2011
We have an ISP connection that is connected via an ethernet interface on a 5510 ASA. We are allotted 10Mbps. I have currently have the interface set to 10Mbps Full. However we want to upgrade the connection to 25Mbps. I know I can set the port speed to 100Mbps and then set a shape/police statement and shape down to 25Mbps.
Management wants to be able to call the ISP and arbitrarily adjust that speed up temporarily at any time without any user/admin intervention on our side. I can simply leave the port at 100Mbps i.e. no shape statement on my side however I will run into problems with large amounts drops, overruns, retransmissions, etc due to the ISP shaping the connection speed during normal operations. However they then could then adjust the speed at any time without needing me.
I do not know the best way to make this work. Is there some sort of dynamic/smart shaper in the ASA or another cisco device?
View 2 Replies
View Related
Feb 25, 2012
I want to take 100Mb incoming from a service provider and police it off into several VRFs for customers.One of these VRFs will be 30M.I further need to traffic shape this (30Mb) out to 40 x 0.75Mbps (burstable to 30M) customers.
I am using an ASR1001.
View 2 Replies
View Related
