Cisco WAN :: 7206 - Difference In LLQ Implementation Between GSR / IOS-XR
Mar 9, 2011
I have a problem in understanding how LLQ is implemented in different platforms of Cisco.QoS should kick in only when there is a congestion in the link irrespective of queueing / scheduling (LLQ and CBWFQ).But in certain platforms like GSR and IOS-XR, LLQ is confiugred only with priority and police command not with "prioirity percent <value>" command. In priority and police command since policer is used, LLQ is always on even there is no period of congestion. Of course with police you can re-mark the exceed traffic to different marking but thats not the requirement in my case.
In platforms like 7206, LLQ is configured with "prioirty percent <value>" which works ideally only when there is a period of congestion. When there is no congestion, LLQ class can use scanvenge other classes as well.Would like to know is there any specific reason why there is a difference in the implentation of LLQ between different platforms of Cisco.
View 1 Replies
ADVERTISEMENT
Dec 6, 2012
Just a few questions. We are looking to deploying Cisco ASA 5545 into a network. I have a couple of issues with designing the network correctly.
We need to be able to scale out to more hosts than a single VLAN, we would also be considering adding 4948E switch behind the ASA and potentially a stack in front.
The problems are:
1) If we have an outside stack of public 4948E (so we can connect some hosts outside the firewall, such as additional ASA's running in NAT mode) for VPN. Is this a reliable, recommended configuration? The reason being we need to have the ability to add other seperate ASA protected networks that we don't want going through the 5545 as it's going to quickly run it out of capacity. If I have the L3 switch stack in front I'm guessing we would have a small subnet to link upstream and then sub-subnetwork into two blocks, one on the inside interface and one on the L3 switch for the other hosts? Or would it be better to let the upstream provider do this, and then just get them to provide us with two smaller subnets rather than one big one? As below if we do L3 stack ourselves we would need to small subnets, one to communicate with upstream and one to link ASA subnets. This seems like a waste of IP's. I was wondering if I could use Internal IP space on the L3 > ASA link, but I thought that could be an issue for BOGONS list.
2) If I want to extend the inside network (Cisco ASA would not run NAT, just public IP's on the inside, routed to the outside interface of the ASA) there are two ways. Use the ASA to create subinterfaces/VLANs (but that would be routed via the ASA - may be a performance hit?) or use a L3 switch behind the ASA. How does one accomplish running L3 switch behind ASA properly?
View 5 Replies
View Related
Apr 4, 2011
I would like to have implementation of two ASA 5520 (in failover). Architecture Context
-The ASA are used as VPN concentrator only.In a first time ASA will be in charge to take in charge VPN IPSec Host-to-LAN connexion (with the IPSec VPN client) and I think VPN SSL anyconnect client will be setup in a near futur.
-We must define two categories of users (student and researcher), for each one we want define :
+ An IP address pool
+ ACL
+ Split Tunneling (only LAN traffic will go in the VPN tunnel)
-The ASA will perform authentification via RADIUS server (the radius server is linked with a LDAP server)
+ In the RADIUS server we want define the category of user (each one user is a student or a researcher)
-The VPN clients use the internal DNS to request LAN ressources.
-A timeout of the VPN if no traffic during 60 minutes
-The VPN user perform authentification with PSK (no certificate)
the RADIUS server software is IETF compatible (url...)The architecture is the following :
-One internet connexion
-A corporate firewall with 3 DMZ :
+ 1 DMZ Public ; which is connected the ASA "outside" interface (encrypted traffic)
+ 1 DMZ Private ; which is connected the ASA "inside" interface (uncrypted traffic)
+ 1 DMZ LAN ; there is some VLANs routed by 6500 routers.
-On the LAN there is the radius servers
-On the corporate firewall :
+The https and ipsec will be opened between the internet and the ASA
+The RADIUS traffic between ASA and the radius servers and the traffic between the pool VPN users and the LAN.
-What is the best solution to configure the ASA?
View 1 Replies
View Related
Dec 18, 2012
I need implementation of the AirCap 3602i wireless access points. Is there a way to manually configure a AirCap 3602i to function without a WAN controller?, I have an older 4402 WAN controller that will upgrade to 7.0.235 firmware, since the AIrCap 3602i requires 7.2.X firmware, is there a workaround for this.
View 23 Replies
View Related
Jun 2, 2011
How does the implementation of encryption wep wpa etc in hardware cisco wap4410N ?
View 1 Replies
View Related
Jun 5, 2011
I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.
We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.
Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.
View 3 Replies
View Related
Apr 17, 2012
Unfortunately I didn't discover any configuration switches concerning an IPv6 firewall! So the important question is: Is there any firewall implemented at all? And if so, does it confirm to RFC6092.
View 14 Replies
View Related
Mar 27, 2012
Just wanted to get a few answers in regards to VLAN implementation (thinking about doing this for a large network)...VLAN's always sound good on paper, but how hard/easy are they to implement to a live and running network?
1.) Have successfully implemented VLAN's into a production environment (e.g. placed servers, production, printers, etc. on separate VLAN's)?
2.) How much of a pain is it to do this? If you are on a 192.168.1.x subnet, do you have to re-IP all of your printers, switches, etc. This sounds like a lot of work – especially since re-IP’ing domain controllers is a royal pain.
3.) Have you seen much of a performance increase when implementing VLAN’s (i.e. chatty protocols and broadcasts?)
View 6 Replies
View Related
Sep 16, 2012
Nowadays my Company works with autonomous APs (AP1142 most of them.We have a WLC 5008 and I am working on the implementation project... So far so good.BUT, I have just realized that the Company didnt buy a second WLC (this project started 1 year ago and I wasnt an employee here yet...).If I transform all autonomous APs we have (around 25, locally and some of them remotes)... And then If I have a HW problem with our single WLC... those APs will continue working ?
View 4 Replies
View Related
Sep 17, 2011
I'm planning to separate voice and data traffic with two vlans. I have a COR switch catalyst 3750, a UC560 for VOIP with SIP trunk and SGE2000P as access switches. The thing is i had configured VLAN1 (data vlan) and VLAN8 (voice vlan), i've created the vlan 8 in the database on 3750 and let pass those vlans through a TRUNK port. In the SGE2000P configuration i've created the VLAN8 and the the ports as trunk for letting pass the two vlans for the PC and the IP phone. This works but some phones aren't registering, and for example i've unplugged a register phone and plug and doesn't registering anymore.
View 0 Replies
View Related
Nov 11, 2012
I'm looking to try and implement ipv6 HSRP on a series of IOS-XR Routers running 4.2.1 following on from successfully setting up IPv6 HSRP on a few cat6509s on VLAN Interfaces in other parts of the network. I have entered the "router hsrp" configuration menu and gone into the interface in question that I'm looking to setup with IPv6 HSRP. Unfortunately, there version 2 or address-family ipv6 commands are not available.
View 2 Replies
View Related
May 23, 2013
We are going to be expanding our Shoretel phone system in our HQ and I need to get QoS configured correctly. All of our offices are connected via MPLS and I need to make sure that we are sending QoS tagged traffic to our provider. The phones are tagged by the director, but there is other traffic for call control that needs to be tagged. I don't have access to our CPE router as it is managed by Sprint. The Sprint router is connected to our internal network. We have our data network running on (4) 3750x switches running 12.2(55) with IP feature set.
The problem is that many of these commands don't work on the 3750 (priority, bandwidth, match protocol, etc...) and the configuration assumes you are applying this to an outbound queue which is not supported on the 3750. I think I have to do this with policing, but I'm not sure what interfaces need to have this applied.
View 3 Replies
View Related
Jan 5, 2012
I am planning an implementation of VSS on our two 6509 switches, and would like some feedback on things to look out for, and any issues encountered by others that have done this already.
We have the 10Gig port installed on the Management blades, but not configured yet.
Main questions would be:
1: What kind of "down time" am I looking at for the migration? (Reboots, configuration reloads, etc.)
2: I will be saving the configurations on both devices before-hand, but how does the VSS migration "merge" the configurations of both devices?
3: L2 VLANS - we have some on one switch, others on the second switch. Will these be combined, or would this be a manual process?
Any other things of note that I should know about before planning this migration?
View 3 Replies
View Related
Dec 3, 2012
We are implementing a WLC infrastructure in our company following the below scenario:
- WLC 5508, OS 7.2
- APs AIR-LAP1142N-T-K9
- 3 Wlans (1Open w/ Web Auth, 1 WPA2 and 1 802.1x)
Issues:Everything seems to be fine, but some users loses connectivity (when connected to 802.1x network) at least 3 times by day.
- I cannot see anything at WLC logs concerning the association/deassociation of any of these users.
- Only strange line in the logs is "RADIUS server 172.21.44.50:1646 deactivated in global list" (authorization server config)
- Also I see some "Coverage hole pre alarm for client" but that doesn't look like a problem...
View 6 Replies
View Related
Sep 4, 2012
I'm in the process to install two 4948E switches. I will be configuring GLBP and wanted to get some guidelines on configuring GLBP and EIGRP:
- First question is like HSRP I'm configuring it on both swithches like this:
Switch 1:
interface vlan 5
ip address 10.1.5.249 255.255.255.0
glbp 5 ip 10.1.5.1
glbp 5 priority 110
glbp 5 preempt
glbp 5 authentication md5 key-string xxxxxx
[code]....
- Second question is about EIGRP, when I configure EIGRP on the main switch that is AVG with the following commands, will I also have to run the same commands on the second 4948 E too?
router eigrp 10
network 10.1.5.0 255.255.255.0
View 2 Replies
View Related
Apr 17, 2012
I need to implement LACP HP servers mostly DL 380 g7 with Intel based dual port with two types of Cisco equipment first scenario server connected to 3750x stack of 4 switch's .second scenario same server type connected to two Cisco Nexsus 5596 . My question regarding two type of connection.Is it possible to do active active ?Would it give fault tolerance ?With HP LACP implementation is there known issue or should i expect latency with such configuration?What is the maximal lag- channel group that is possible per type?
View 1 Replies
View Related
Jul 1, 2012
our company backbone is hp 5406, and desktop switches are hp 2510 currently we are working with ipv4.if we want to start use IPV6 for test environment, what’s things we need to enable in our backbone/regular switches.i mean for example if we want to set static IPV6 address for 2 servers and send ping between them, or even make new vlan with IVP6 subnet, and use it like regular vlan but with static ip's(until we got ipv6 dhcp).i have hp 5406 manual for IPV6 but i can't understand what i really need to do for start using IPV6.
View 5 Replies
View Related
Jun 8, 2011
I m planning to implement VSS in core but want some inputs on IOS as i have FWSM as a service module Core :- Ii am running 12.2(33)SXH2a on my Core 6509 and i checkd cisco sites and Fwsm release notes but it states only I-Train of IOS while mine is H-Train so can I directly upgrade to I-Train or I was thinking of SXH8b IOS.
View 2 Replies
View Related
May 16, 2013
I currently have ipV4 as the setting on my DIR-825. Other posts seem to want ipV6 which is more secure but is not possible with a DIR-825 Rev A1. I have two routers, a primary router (DIR-825 Rev B1) capable of ipV6 and a secondary router (DIR-825 Rev A1). If I implement ipV6 on the Rev B1 router but keep ipV4 on the secondary router, will this improve the security, or will it just mess things up so nothing works?Certain devices (cell phones and most Tablets) don't deal with ipV6 very well at all. The ones I have tested flat don't connect to the wireless network if the router is set at ipV6. Is ipV4 adequate for a Home/Small Business Network when trying to implement Remote Access and VPN?
View 2 Replies
View Related
Apr 26, 2011
Topologies in real time implementation compare and contrast each other?
View 3 Replies
View Related
Jun 11, 2012
One of my customer has raised a new requirement for implementation of short sequence number format support in PPP multilink header for Cisco MWR 2941 E1/T1 serial interface, whereas router is supporting long sequence number format.here is the output of "debug ppp negotiation" command:-Currently in the MWR debugging logs we can see that by default MWR is sending long sequence header format as below
*Mar 13 01:32:55.438: Se0/2:0 LCP: O CONFREQ [REQsent] id 238 len 25
*Mar 13 01:32:55.438: Se0/2:0 LCP: MagicNumber 0x26CDF693 (0x050626CDF693)
*Mar 13 01:32:55.438: Se0/2:0 LCP: MRRU 1500 (0x110405DC)
*Mar 13 01:32:55.438: Se0/2:0 LCP: EndpointDisc 2 16.16.16.11 (0x1307021010100B)
*Mar 13 01:32:55.438: Se0/2:0 LCP: MultilinkHdrFmt seq long classes 2 (0x1B040202)
While as per the requirement PPP multilink header should support short sequence.
MWR configuration:
controller E1 0/2
framing NO-CRC4
clock source line
channel-group 0 timeslots 1-31
[code]....
View 0 Replies
View Related
Feb 9, 2011
SSH is not working in Cisco 7206 VXR Router. I have configure
Hostname
Ip Domain name
Crypto key generate RSA
IN Line VTY 0 4
transport input preferred SHH
transport input telnet SHH
But stll it is not working. I am getting invalid crc recieved in packet.
Current IOS running is 12.3 (19) Enterprise 3des
View 3 Replies
View Related
May 12, 2011
I have two 7206 VXR routers with the VPN Service Adapter either side of a leased line (i.e. no provider between, pure layer two connectivity)A requirement is that traffic traversing the link is encrypted so I've configured an IPSec VPN between the two endpoints.During load testing we noticed a very severe performance hit when the VPN was enabled, disabling it again saw we were able to use almost 100% of the 1000Mbs line. The performance hit looks to be due to the increased MTU size when using IPSec, possible due to fragmentation.
I've read that the 7206 VXR can support 980Mbs (or there abouts) of throughput using AES providing the MTU size is 1400.Configuring this manually on each server in each data centre isn't feasible.As the link is effectively a point to point and we have control over the MTU size between the two routers, what options are available to increase the performance when the VPN is enabled?
View 1 Replies
View Related
Mar 2, 2011
I am attaching my current network topology, My problem is that i am having mpls & p2p link terminated on the 7206 router left side of diagram. now my problem is if i apply PBR on this 7206 router & tracer any host which are on right side of the diagram, it drops on IP 10.1.1.1..ideally it should go to my Core switch on right of the diagram.
View 8 Replies
View Related
Feb 24, 2011
I am having a Cisco 7406 VXR router. I want to know what is the max. MPLS link capacity that can be terminated on the link? We are planning to upgrade the MPLS link to 450 Mb..so was just wondering whether 7206 will support or not..
View 1 Replies
View Related
Mar 14, 2012
I need to upload IOS c7200-advipservicesk9-mz.124-15.T16.binin 7206 NPE 400 router , As per cisco recommendation router should have DRAM : 256 MB ; Flash : 64I think my router contain only DRAM= 128 MB but not sure.
how much DRAM & Flash it contains.
Router1#sh versionCisco Internetwork Operating System SoftwareIOS (tm) 7200 Software (C7200-IK9S-M), Version 12.3(1a), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2003 by cisco Systems, Inc.Compiled Thu 05-Jun-03 20:58 by dchihImage text-base: 0x60008954, data-base: 0x61E0C000
[Code].....
View 8 Replies
View Related
Mar 9, 2013
I'm getting below error on 7206VXR (NPE-G1) with IOS "c7200-js-mz.124-3i.bin".Attempt to use contiguous buffer as scattered.[code]
View 3 Replies
View Related
Mar 27, 2013
How can I enable Console port in 7206 vxr with NPE-G2 card installed, I need to use console from NPE G2 card.
The device turns on and status is also UP and I can also telnet to the device but I am not able to access the device through console port...
View 1 Replies
View Related
Oct 1, 2012
i did in past a lot of L2TP connection between two end point. in this case ans with 2911 series with ios 15 and DATA license Activated. the l2tp session does not establishe between a this 2911 and 7209. Attached is topology file and bellow the configuration of both router.
PE 2911
l2tp-class l2-dyn
authentication
password 123456
[Code]....
View 1 Replies
View Related
Mar 4, 2012
I have a lot of cisco 7206 vxr deviceses. I have a high cpu problem.I have a 7206 vxr g2. I used to use ebgp for three upstream carrier. I used to bgp full route table method. I have about 800 Mbps active traffics and behing the router about 1600 active customers.
How can I trouble shoot this high cpu problem?
#sh int gigabitEthernet 0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is MV64460 Internal MAC, address is 000c.cf1d.d01b (bia 000c.cf1d.d01b)
Description: ***** GW Interface *****
[Code]....
View 4 Replies
View Related
Apr 24, 2012
In Cisco 7206 VXR (NPE-G2) router , the CPU utilization is at an 80-90% always , but none of the process is consuming not more than 1%. In the show stacks output we are observing network interface interrupt is called very frequently. so what does network interface interrupt is about. Logs for the reference: show process CPU sorted
CPU utilization for five seconds: 88%/88%; one minute: 89%; five minutes: 89%
PID Runtime(uS) Invoked u Secs 5Sec 1Min 5Min TTY Process
1 0 72 0 0.00% 0.00% 0.00% 0 Chunk Manager
2 20020000 17159 1166 0.00% 0.02% 0.01% 0 Load Meter
[Code]...
View 11 Replies
View Related
Jan 18, 2012
I have a scenario with a Cisco 6506 and a 7206. The 6506 is running BGP and peers with our data center router. The 7206 is a stub router off the 6506 and is used as an edge router for customer T1 circuits. I want to use OSPF between the routers to exchange connected and static routes. The problem I have is that static BGP null routes on the 6506 are overriding the OSPF routes being received from the 7206. Example: The 6506 is advertising a class C network 192.168.1.0/24 to our data center. The 6506 does not utilize the 192.168.1.0/24 network. It is only used on the 7206 for customer T1 circuits and is carved up into /29 subnets. So the 6506 has a static route: ip route 192.168.1.0 255.255.255.0 null 0. Today the routing is accomplished with static routes on the 6506 for the 192.168.1.0 networks on the 7206. Using OSPF the 7206 advertises /29 links back to the 6506, but when I withdraw one of the /29 static routes from the 6506, the /24 null route takes precedence over the more specific /29 routes and the traffic is black-holed on the 6506. how can I get the OSPF routes to look preferable to the /24 null route on the 6506?
View 7 Replies
View Related
May 22, 2011
I would like to find out what the status is of the Cisco 7204 VXR and 7206 VXR routers?I understand they are EOLife and EOSale.Are they also EOSupport? we planning to upgrade 3 of them in our environment and management requires feedback around this.We thinking of going the ASR1000 route..
View 15 Replies
View Related
