Cisco WAN :: 4900 - Outbound QOS Police Configuration
Jan 12, 2011
I need to attach a QOS policy to a layer 2 WAN interface between two sites. This is actually an extended LAN circuit with 500Mb/s of allocated bandwidth. The interfaces are Gigabit so I want to make sure I don't attempt to transmit traffic faster than 500Mb/s. What is the best way to implement an outbound QOS policy that sets the minimum and maximum speed to be the same? This policy will be implemented on a 4900M with the 20 port GigE module
View 3 Replies
ADVERTISEMENT
Sep 16, 2012
i have configured SPAN on cisco 4900 series switches its a Loacal SPAN . as there is only commnads to complete this activity but hard luck its not working.
View 5 Replies
View Related
May 9, 2013
How to migrate the following config from a CSM to and ACE20 module.
Currently we have a CSM configured as below:- 452 Client and 453 Server sharing the same Public vlan.
We require outbound access from groups of internal individual servers to external addresses.
CSM config
module ContentSwitchingModule 8
vlan 452 client
ip address 10.206.135.252 255.255.252.0
[Code].....
View 7 Replies
View Related
Dec 26, 2011
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers
Final config on ASA5505
host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......
View 3 Replies
View Related
Apr 8, 2013
Setup:
Cisco 886VA-K9
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
This router has two VLAN's on one Ehternet interface
VLAN1: data
VLAN2: voice
The WAN connection is a regular DSL line with PPP.
Modem FW Version: 120306_1254-4.02L.03.B2pvC035j.d23j
Modem PHY Version: B2pvC035j.d23j
Output of show interface brief:
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM up up
BRI0 unassigned YES NVRAM administratively down down
BRI0:1 unassigned YES unset administratively down down
[code]....
We all know you can't manage data traffic on the internet since your not in control of both sides of the link. So only queuing would not be a good practice IMHO. I was thinking on just rate-limit or police data-traffic so Voice always has bandwidth available when needed. I've did tried to rate-limit on the ATM0 interface, but no luck. Voice was still very bad.
My question is: where to rate-limit the data traffic? On the VLAN interface, the ATM interface, DIALER interface?
View 7 Replies
View Related
Mar 23, 2011
I have two questions about ZBF on ASR1000 with Firewall and Flexible Packet Inspection license:
1 is IPv6 supported?
2 can I use police action in an inspect rule? I want to limit some protocols to low bandwidth. There is no police command in ZBF policy map.
View 7 Replies
View Related
Nov 13, 2011
How the police flow command ( see below) works only in the 6500's platform? Can it apply in 3745 router?
View 2 Replies
View Related
Dec 27, 2011
Im having problem configuring policies for limiting traffic on subinterfaces on cisco Router 7606-S. I have configured:
[code]...
So for egressQOS , i want to configure with police, not shape (for the memory reason).
View 4 Replies
View Related
Aug 20, 2012
I have a C3825, and have been using standard ACLs and a PBR to route certain HTTP traffic via an alternative default gateway:
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
This is working absolutely fine, and as expected, all traffic matching the ACL is being sent to x.x.x.x However, we have recently expanded our network, and I am now receiving various networks via BGP from various sources. All BGP incoming via iBGP is tagged in communities:
Community (expanded) access list 100
permit 37xxx:100
Community (expanded) access list 200
permit 37xxx:200
Community (expanded) access list 300
permit 37xxx:300
[code].....
All communities are also matching prefixes when executing either 'sh ip bgp community 37xxx:100' or 'sh ip bgp community-list 100' What I am trying to achieve, is create an EXCEPTION for the policy route. Traffic matching the community lists, must be forwarded based on the routers routing table, whilst traffic maching the ACL, must be sent via the policy route...
route-map RTRMAP-OfficeLAN permit 5
match community 100 200 300 400 500
!
route-map RTRMAP-OfficeLAN permit 10
match ip address RTRMAP-OfficeLAN-toADSL
set ip next-hop x.x.x.x
My logic dictates to me that the above should work, but looking at the route-map, I get matches on seq 5 and pacets are exiting the route-map as expected (first matched). However no traffic that does NOT match community 100,200,300,400 or 500 and that DOES match the RTRMAP-OfficeLAN-toADSL never matches.
The counters on the route-map for seq 5 is increasing, but no counters are increasing at seq 10.. It's almost as if seq 5 is matching all traffic.
View 1 Replies
View Related
Sep 12, 2011
I need to know if Cisco Works LMS 3.1 can support 4900 switches series or not?
View 2 Replies
View Related
Jan 23, 2012
Planning to implement HSRP in layer 3 switch.
We have two numbers of Cisco 4900 ME Switches. Basically want LAN failover from these devices. There are about 400 users in our network. I have attached rough network topology for your reference(I am not good at Microsoft Visio). Need to know implementation of the HSRP in these switches. Two distribution switches(Cisco 4900 ME Switches) are connected to 4 Access switches and these are connected to the LAN.
View 2 Replies
View Related
Aug 28, 2012
VLAN MAC address filter does not seem to be working on my 4900 switch. However the same config works fine when tested on my 3750 & 3560 switches.
Since user from different VLANs requires to be blocked, Unicast MAC address filter will not be feasible solution. VACL did not work on my 4506 switch too. K
Below is the config done on 4900 switch
mac access-list extended ABCpermit host 0003.0de9.d5ea anyexit
!
vlan access-map drop-mac 10
[Code]......
View 2 Replies
View Related
Feb 9, 2012
We need to connect several DSLAMs on the 4900 switch, every DSLAM has 4 VLANs configured (VOIP service, MGMT, ADSL Private, ADSL Public), and sends the traffic for each service tagged with appropriate VLAN id according to the table:
VOIP: 608
MGMT: 594
ADSL PRIVATE: 2900
ADSL PUBLIC: 2930
On the DSLAM side it is very simple configuration, just a normal trunk with 4 VLANs transversing the link. On the 4900 I need to isolate the traffic for ADSL PRIVATE & PUBLIC service so DSLAMs connected to the same switch do not have L2 connectivity between them. For VOIP and MGMT they must communicate with each other. DSLAM acts also as a VOIP GW so it must communicate with other DSLAMs for VOIP service. Also VLAN 200 is configured on ME 4900 for switch management traffic.
This 4900 Switch connects to MPLS PE router, which offers L3 VPN service for VOIP & MGMT service, and L2 VPN for ADSL service (PPPoE traffic to BRAS). Fortunately we have ES+ linecard to support many ethernet features. I tried this config:
1) VOIP, DSLAM-MGMT, MPLS-MGMT configured as normal VLANs
2) ADSL PUBLIC & PRIVATE configured as isolated secondary VLANs, primary VLAN for ADSL PRIVATE is 2008, for PUBLIC 2308
3) Configure DSLAM facing ports on ME 4900 as private-vlan trunks
4) Configure ME 4900 uplink port to MPLS PE as a private-vlan promiscous trunk
5) Configure ethernet services on MPLS PE for each tag that comes from ME 4900 (ES+ cards are awesome, i love them:D )
6) Apply L3 VPN service for VOIP and DSLAM-MGMT, and L2 VPN for ADSL service.
But at least this last command should list on spanning tree forwarding state also the ADSL VLANs or not?
Here is the output of the show interface switchport.
View 1 Replies
View Related
Mar 23, 2012
we got a dark fiber betwwen two sites away from each other 30 Km,i need to connect this sites acts as backup dc to main dc in main site using cisco 4900 Switches in BK-DC anf 6513 in the main site,how can i verfiy if this fiber oparates as L2 and i can extend vlan servers,is it via "sh cdp neigh" and "sh vlan br"?
View 2 Replies
View Related
Jul 30, 2012
When I insert the TwinGig Converter in a Catalyst 4900M you get the following error message: Failed to read transceiver serial eeprom on port Te2/1, try reinserting.This error is probably because the device expects 10Gig transceivers to be connected to the device not 1Gig.I used the TwinGig 4 module and 8 SFP ports are connected. But when i type in the the "hw-module module <slot> port-group <group> select gigabitethernet" the command is not available. [code]
View 1 Replies
View Related
Oct 2, 2003
I have at the core a CISCO 4503 and need to connect various 3COM 3300/4400/4900 access switches thru fiber. The problem is that the Cisco core 4503 switch fails to recognize only the 4900 3com switches ie the link status shows down. The fiber multitude link is tested and OK.The modules on both the switches ie 1000baseSX are also tested and ok.
The Cisco switch has a 6port gb ic with 1000baseSX moules and the 3COM 4900 has a 4-port 1000baseSX module.
View 3 Replies
View Related
Jun 17, 2012
I am having problems configuring a 4900. I have entered the following commands:
hw-module module 2 port-group 1 select gigabitethernet
hw-module module 2 port-group 2 select gigabitethernet
hw-module module 2 port-group 3 select gigabitethernet
hw-module module 2 port-group 4 select gigabitethernet
However no matter what I try, it never sees the GLC-SX gbics I have in the TwinGig converter.
PERSW001#sh interfaces status mod 2
Port Name Status Vlan Duplex Speed Type
Te2/1 inactive 1 full 10G No X2
Te2/2 inactive 1 full 10G No X2
Te2/3 inactive 1 full 10G No X2
[code]....
View 8 Replies
View Related
Jan 24, 2012
At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies
View Related
Feb 16, 2013
Region : Hongkong
Model : TL-WDR4900
Hardware Version : V1
Firmware Version : 3.14.0 Build 130206 Rel.34701n
ISP : PCCW Netvigator
I have bought tp-link wdr-4900 for several days and encounter the following problems
1) nfs is not work, whenever I set up the nfs server (using hanewin nfs server), the media player fails to read the media file. (Problem does not appear for the previous ASUS n56u)
2) When there is large traffic rate (e.g. BitTorrent), the whole machine is very unstable, LAN and Wireless dies (SSID disappears, and LAN appears "ERR Connection" and "DNS not respond"), give me a feeling that the router cannot handle high traffic rate and the whole machine slows down and fails.
View 14 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
Mar 19, 2013
I have peculiar challenge ahead of me and would like to get new perspectives.
The objective is to route specific VLAN traffic and the caveat is that I have multiple VLANs with the same network address.
For example:
VLAN100 10.10.10.0/28 VLAN101 10.10.11.0/28 VLAN102 10.10.12.0/28
VLAN103 10.10.12.0/28
VLAN104 10.10.11.0/28
I need traffic going from VLAN100 with a destination of 10.10.11.0 forwarded to VLAN101 and NOT VLAN104.
This task is currently being completed by a multi context firewall and we're trying to decommission the asset.
View 5 Replies
View Related
Dec 6, 2012
I have two ISP, I want to divide Inbound to ISP1 and Outbound to ISP2.
View 3 Replies
View Related
Feb 28, 2011
We're running 8.3(2) in the ASA5540. Users all over our enterprise connect to a business partner's application through the ASA/VPN. We have a class-b address space, and since the users are spread out all over the place, I have the entire class-b space as the local object in the ACL that allows traffic through the VPN tunnel.
The business partner has concerns that our entire address space is available to access the VPN tunnel. So I thought, to alleviate their concerns, to PAT all of our connections outbound to a single IP address.
How is this done in 8.3(2)? We use ASDM to configure the 5540. For example, say our class-b is 159.12.0.0 and the PAT'd IP address will be 199.30.36.6.
View 5 Replies
View Related
May 27, 2013
I've got an 887M router which will be configured with two linke - one ADSL, one 3G - both of which will have (obviously) a separately suppplied IP address from the different ISP's being used. The 3G is a backup - plain and simple - for use only when the DSL service flakes out (which it does often)
Routing is pretty simple - I'll either do soemthing with a bit of PBR, or a simple weighted static, but the NAT has me scratching my head a little.
Can I have two outbound NAT pools (ip nat outside) for each interface which will be used ONLY for traffic going out the interface concerned?
For example, I have one for the primary link
ip nat inside source list 2 interface Dialer1 overload
Can I do the same for the second dialer interface like this
ip nat inside source list 2 interface Dialer2 overload
and have them automatically switch to using the dialer 2 IP for the outbound NAT if the dialer 1 link fails?
I don't think I've ever come across this before, so I'm not sure if it can even be done.
View 1 Replies
View Related
Aug 10, 2011
For about the past 2 or 3 months, I have been experiencing outbound packet loss at about the same time every evening. That timeframe is about 7 PM - 10 PM. This is most noticeable on Teamspeak 3 because of the voice disruption that other users report to me.
View 1 Replies
View Related
Oct 21, 2011
Both of these ISDNs are up, this gives us 4 channels. Someone said they recieved a busy tone when they attempted to dial out. I looked over the system and seen there are two outbound pots dial-peers. Each dial-peer references one of the BRI ports. The preferences are the same on each dial-peer. I think what is happening is that the system is randomly selecting one of the dial-peers due to the preference, even if both channels of the BRI are in use. How does the system know if that port has both channels in use? I've not used ISDN before, so tried to enter the B-channel sub interface and the system (UC500) tells me I cannot do this. I was thinking about adding each channel into a trunk group and then referencing the trunk group in the dial-peer. I can obviously add both BRI's into one trunk group.
View 2 Replies
View Related
Jan 9, 2012
I just migrated our office network router to a RV082. While configuring it, I came across three problems:
(1) From our ISP we have four public IP addresses which I want to make use of for outbound traffic. With the previous router we used we could configure LAN IPs(ranges) to map to static public IPs. Does RV082 support this? I could not find an option for that at the web-interface. From what I understand the 1-1 NATing only goes both incoming and outgoign ways and actually is 1-1 and not the many-to-one I am looking for.
(2) How is it possible to configure incoming port forwards to use a specific WAN interface? Will it always be the primary WAN interface?
(3) Does the telnet access provide more configuration options? I could not log in to it with the same user credentials as with the web-interface.
Serial Number : NKS1532xxxxFirmware Version : v4.0.4.02-tm (Jul 4 2011 13:30:56)PID VID : RV082 V03Firmware MD5 Checksum : 1f84d8d0a2a8b99f9bfa4409e64547aaLANWorking Mode : Gateway
View 0 Replies
View Related
Sep 20, 2012
I multi homed to dual ISPs using a single 6509e. Currently, I am only receiving a default from wash ISP and marking one with a higher local pref. most of my traffic flow is inbound, so this config meets my need. The issue I have: if either ISP has has an outage upstream from my directly connected peer, my router does not detect that and continues to send traffic out thru that provider only to be black holed. My 6509 will only support 256k routes, so full route tables isn't an option. I could receive partials from each ISP. Is there any other method to detecting this upstream ISP issue and then adjusting my local pref on my default to use the alternate provider path?
View 3 Replies
View Related
Mar 31, 2011
I have a Cisco 877 on an ADSL connection. QoS isn't doing the trick -- I need to reserve 200 meg or so of my outbound (upstream) bandwidth for VoIP to end complaints about voice quality. Any example of how to classify SIP, RTP, IAX, and Skype traffic and put a rate limit on anything that doesn't fall into that category? The VoIP phones also are in their own IP range on the LAN side if that would make things easier...or I could even connect them into a specific port on the internal switch in the router.
View 9 Replies
View Related
Mar 4, 2013
I multi homed to dual ISPs using a single 6509e. Currently, I am only receiving a default from wash ISP and marking one with a higher local pref. most of my traffic flow is inbound, so this config meets my need. The issue I have: if either ISP has has an outage upstream from my directly connected peer, my router does not detect that and continues to send traffic out thru that provider only to be black holed. My 6509 will only support 256k routes, so full route tables isn't an option. I could receive partials from each ISP. Is there any other method to detecting this upstream ISP issue and then adjusting my local pref on my default to use the alternate provider path?
View 3 Replies
View Related
Apr 10, 2013
How can I filter outbound sys log messages, so they include only configuration changes messages..
On Cisco 2900 I used:
logging discriminator CFG LOG msg- body includes "PARSER" | "CONFIG"
logging host x.x.x.x discriminator CFG LOG
logging x.x.x.x
How can I do the same on 4507? This feature on Cisco routers is called "Reliable Delivery and Filtering for Sys log" and is available for 12.4(11)T and 12.2(33)SRB (7600) . I am running Version 12.2(25)EWA6 on my Catalyst, so it is not available.
The software I am using is a simple solar winds sys log server.
View 2 Replies
View Related
Oct 5, 2011
I'm having some issues getting ActiveFTP to pass through an ASA 5505, I finally found out when I tested the FTP via cmd on windows(after the major hassle of getting credentials out of the software co) that it does open the connection on the control port, but whenever I try to send/recieve data the connection is dropped, for troubleshooting purposes I've even gone as far as opening up all ports 1-65535 with an acl to no avail, I believe the FTP traffic is encrypted with SSL(can't get a solid Y/N from the company).
View 1 Replies
View Related
Mar 30, 2011
Below is the interesting part of my config. I have static NAT configured and working inbound for the Exchange Server and the Barracuda, however outbound traffic from those hosts comes out as the interface IP. Thoughts? I've tried a number of things (outside, inside), etc.
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network DSN-EXCH01
host 10.250.231.51
object network MAIL-IN
host 10.250.231.50(code)
View 3 Replies
View Related
