Cisco WAN :: AF41 Can Configure Two Priority Queues For Two Different Traffic
Jan 24, 2012
In QoS, voice traffic is usually marked EF and placed in a priority queue. But interactive video traffic, like VTC, should also receive priority treatment. Can I put both classes in their own priority queues in the same policy map? I thought there could only be one LLQ, but I'm not sure about it. An example of the config I'm thinking of is below. Voice would be marked EF, VTC would be marked AF41.
View 6 Replies
ADVERTISEMENT
Nov 29, 2011
As above, I got a problem with C3750e, ios c3750e-universalk9-mz.122-58.SE1.bin, when send AF41 traffic passing through it. My topolygy is as following
WAN link <----------> G0/0/2.100 - ASR1002 - G0/0/5 <---------> G1/0/1 - C3750e - G1/0/3 <--------> G0/0/1 - ASR1004
On this C3750e, I turned on mls qos, trust dscp on both G1/0/1 and G1/0/3 and no else is configured. ASR1002 G0/0/2.100, i applied the CB shaping fror AF41 traffic.
C3750e#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
C3750e#sh mls qos int g1/0/3
GigabitEthernet1/0/3
trust state: trust dscp
[code]....
Then, from ASR1004, i send ICMP traffic with TOS set to AF41 (136) and i found out that
1. The traffic is dropped on c3750e
sh mls qos int g1/0/3 statistics
GigabitEthernet1/0/3 (All statistics are in packets)
30 - 34 : 63 63 48 86 1534
2. The traffic never get hit into AF41 class in ASR1002 ? Why C3750e dropped this AF41 traffic? and what can I do to fix it?
View 1 Replies
View Related
Nov 29, 2011
We have 3 sets of applications. The first does not require much bandwidth but is very critical, the other two is more bandwidth consuming but less critical. I would like to know if it's possible to reflect this priorities on the router configuration. Is it possible to set the ports 10000, 10001 and 10002 of the external IP have higher priority to be handled, for example? Also, is it possible to limit the bandwidth that goes through a set of ports?
I must prevent the 2 sets of less critical applications to strugle the critical ones. What router can provide this capabilities? Is the 1921 able to do this job?
View 2 Replies
View Related
Mar 7, 2013
Trying to set-up a priority queue for Voice and Video traffic, below is the current ASA config. The WAN link is 6mb, trying to limit the Internet traffic to 4mb and save 2mb for the PQ, config belowTraffic just isn't hitting the PQ
priority-queue outside
queue-limit 512
tx-ring-limit 200
!
class-map Video
description Video
match dscp af31
[code]....
View 6 Replies
View Related
Nov 19, 2012
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 4 6 7
mls qos srr-queue output cos-map queue 2 threshold 2 3(code)
since cos 5 is mapped to dscp 46 then this traffic would go into the priority queue. is this correct ?
View 7 Replies
View Related
Dec 6, 2010
I'm trying to configure QoS on my 877 router to give priority to voice packets. However, when I do a show policy-map for WAN interface, all the classes show 0 bps. When I do a show int for the WAN interface, I get the correct bandwidth util.
This 877 is meant for a home network. I'm running a Cisco 7970 phone using phone-proxy back to my HQ. I'm also shaping the traffic.
Here is my config
Class Map match-any EF (id 1)
Match ip precedence 5
Class Map match-any class-default (id 0)
Match any
View 5 Replies
View Related
Nov 11, 2012
I need to confirm how many queues actually supports the switch SG500X?. In SG500X_data_sheet.pdf document (pg. 8) say they have 4 hardware queues (8 future) !
View 2 Replies
View Related
May 9, 2011
We have a business need that we have to set up a IPsec L2L tunnel (from multiple locations) to a business partner, we require that the connection can only be initiated from our side, not business partner side. I searched the web, one option is configure our side ASA to initate IKE only, this does not seem to meet our requirement, because once IPsec SA is up, IP layer traffic will flow freely in either direction; the other option people suggested is to use VPN filter in tunnel group policy, but the documention of how to use this vpn-filter to enforce one way traffic policy is not crystal clear to me; I actually configured reflexive ACL on core L3 switch before the traffic hits ASA to reflect/evalulate specific traffic to businness partner's LAN network, that worked well. However one of our branch office's core L3 switch is Cat4K which does not support reflexive ACL with the image it is currently running, so I am stuck again .
View 1 Replies
View Related
Apr 16, 2013
I have a firewall ASA 5520. In this time I have connected 3 networks (192.168.1.0 INSIDE, 192.168.2.0 INSIDE2, 10.0.1.0 OUTSIDE). I follow the article [URL] to configure my firewall, but the ASA no permit traffic (ip, udp, icmp, etc) between the networks.
The configuration that i have is:
ASA Version 8.2(1)
!
hostname Firewall
domain-name xxxxxx.com
[Code].....
View 1 Replies
View Related
Apr 26, 2012
My first time attempting this so excuse my wrong use of terms..i believe its load balancing...new company site is going to have 2 separate connections:
con 1: 15 up/2 down coax connection
con 2: 6 up/ 6 down dish
con 1 needs to simply have http and https traffic.
con 2 will have security surveillance, SNMP, and VoIP (PBX)
the hardware i know that will be at that location when i fly up there is a Sonicwall TZ210 and a 48-port Netgear gigabit...where do i start?
View 6 Replies
View Related
Aug 9, 2011
I have an application behind an ASA 5505 that needs to access a mysql database over the Internet. How do IO configure the ASA to allow this remote mysql connection?
View 1 Replies
View Related
Nov 14, 2011
I would like to properly configure my L3 to support iSCSi traffic. My L3 acts as an internal router between 4 different sub nets.
I have a iSCSi SAN on my network. A Windows server has Microsoft iSCSi initiators connecting to the SAN.
View 3 Replies
View Related
Mar 18, 2012
When trying to configure ERSPAN on a ASR1006, I'm not getting any traffic on the destination port. ERSPAN flavour is LOCAL SPAN, as described in:
[URL]
Configuration used, is the following:
monitor session 1 type erspan-source
no shut
source interface GigabitEthernet0/0/2
destination
erspan-id 10
ip address 10.10.10.1
[code].....
Apparently everything is configured in the proper way, however I’m not getting any traffic in the destination port. Also I’ve noticed the following in the details from ‘Session 1’:
Destination IP Address : 10.10.10.1
how to configure Local SPAN using ERSPAN?
View 2 Replies
View Related
Aug 11, 2010
I am trying to configure my ASA 7.2(4) to inspect SCCP traffic from a CUCM v7.I have been advised that the ASA device needs to support the version of Skinny I am running.What version of Skinny does ASA 7.2(4) support? How can I find out what version my phones are using?
View 3 Replies
View Related
Feb 16, 2012
I am looking for the way to define an idle timeout for specific flows on an ASA5580 by using Cisco security manager. For ex I needed to define a specific idle timeout for connections beetween specific devices (Devices in vlan1, Device2 in vlan2).To test it I did following changes by CLI and it works fine. access-list L1 extended permit ip <@IP1> <mask1> host <@IP2> class-map CM1 match access-list L1 policy-map PM1 class CM1 set connection timeout idle 02:00:00
I try do do the same configuration with CSM in order to be able to manage each changes only by using CSM.So I defined Access control list, Traffic flow and then I define timeout in CSM --> PIX/ASA/FWSM Platform --> Service Policy Rules --> IPS, QoS and Connections Rules -> connections settings -> Traffic flow idle time-out. The problem is that each time I deploy the configuration with CSM I loose the timeout config line which is the most important for my application..
View 2 Replies
View Related
Jan 27, 2013
I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?
View 2 Replies
View Related
Oct 30, 2012
I'm configuring CoPP for an ASR 1001 router with consolidated IOS XE Version: 03.07.01.S. And I'm trying to use 'DROP' command under policy map to drop.un wanted traffic. But the drop command is not listed.
[code]...
View 6 Replies
View Related
Aug 8, 2012
Multicasting. The configuration is I have a 6506 as my core switch receiving multicasts from an interface assigned to VLAN10. I have a monitor port setup with a PC running Observer which says multicasts are being received on the core switch. On a different interface on the core switch I have a 2960G switch connected to it and this interface is on VLAN 10. The 2960G switch has a workstation connected to it that needs to receive the multicasts. How do I configure the 6506 and/or the 2960G to process the multicast traffic?
View 0 Replies
View Related
Jan 1, 2013
I'm looking for a way to configure Cisco ACE4710 loadbalancer to bypass traffic that is initiated from server side to Internet?Are there any way to configure this, so that the loadbalancer will not maintain session for this bypass traffic to maximize throughput?
View 1 Replies
View Related
Apr 18, 2013
I have a an ASA 5520 connected to a Layer 3 (3750) switch (Inside) and a connection to a 2960 switch (Outside) to get to the internet. . I have created vlan interfaces on the 3750 switch and enabled ip routing on the switch to enable the vlans to communicate with each other.
Vlan Interfaces on the switch:
Vlan 100 172.17.1
Vlan 200 172.18.1
Vlan 300 192.168.3.1
I want the devices connected to the 3 vlans to be able to pass through the firewall and get out to the internet.I have connected the ASA to the 3750 by routed interfaces (10.10.10.1) --------- (10.10.10.2) and they are able to ping each other.I have also put a default route on the 3750 sending all traffic from the switch to the ASA inside interface (10.10.10.1)The issue that i am having is that the ASA also connects to a 2960 which has a connection to the Internet, and they are handing off an ethernet connection from the 2960 that sits in VLAN 55 (Vlan 55 is the Internet accessible vlan).How do I configure my ASA to send all traffic from my (3) vlans to the interfaces that connects to the 2960 switch?
View 21 Replies
View Related
Jun 20, 2011
is this possible to configure HTTP traffic to ISP2 and Static NAT to ISP1 on ASA5520?
View 2 Replies
View Related
Aug 20, 2012
I have the following setup: Private network <-> SW <-> CISCO VPN <-> ISP MODEM
I have configured VPN part and is working correctly. I have a computer in the private network at static address 192.168.1.100 and an application is running on it on 8100 tcp port for clients.
Now I need to connect from the Internet to the application on 192.168.1.100 on port 8100.
How to configure CISCO router to forward traffic coming in tcp port 8100 to machine 192.168.1.100?? ISP Modem is going to handover all the traffic to CISCO device.
View 8 Replies
View Related
Jun 11, 2012
We have configured ASA 5510. We have configure Ethernet 0/0 ( Outside ) connected with ADSL line and Ethernet 0/1 ( Inside ) Local LAN. we have configured NAT and all the traffic is passing through outside interface. Now we have connected ethernet 0/3 ( leasedline ) interface with static public IP. Now we want to allow SMTP traffic to pass through from this interface.
How to configure it if we want our local lan SMTP traffic sending through new leased line ( Static Public IP ).
View 2 Replies
View Related
Jul 7, 2012
How to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
View 4 Replies
View Related
Jul 25, 2011
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies
View Related
Feb 11, 2013
I just wonder if there is simply way on Cisco 800 to set bandwidth priority for internal IP address. Basically I have server and would like to make sure, whatever comes to it or goes out has the highest priority and users won’t kill bandwidth for the server connection.
View 7 Replies
View Related
Oct 25, 2012
I am fairly new to Cisco, but am trying to configure a 1921 router to give higher priority to SIP/VoIP traffic (Port 5060) than everything else.The connection is only 4Mb and is getting hit hard by video streaming, I don't want to block this, just make a lower priority.Any ideas where I am going wrong?My current config is as below.The IP addresses have been changed for security reasons, but in reality are both in the same range, i.e. are both external IPs, so I am not sure if this is causing the problem. Do I need NAT for QoS to work?
View 6 Replies
View Related
Jun 8, 2012
i've got two quastions about WLC's:
1)How or where i could read about access point join WLC controller in multicontroller network?
2)Is it possible and if yes how i could made such scenario: I've got existing netwirk with two wlc 4402, i want to join third wlc 5508 and new access points, but i need that new access point joins to wlc 5508 first,and if all licenses used,jins to wlc 4402 second. Or where i could read about it?
View 2 Replies
View Related
Jun 16, 2011
I want to configure QoS for voice traffic over a site-to-site VPN tunnel. I have a Cisco 851 router on the branch end and a Cisco 1800 router at the HQ. The setup is an Avaya Gateway located at the HQ and the idea is that the phones at the branch office are connected over the VPN tunnel to the gateway at the HQ.
I have a 1MB internet link at the HQ from a service provider and 256kbps internet link (from a different service provider) at the branch office. The branch office has just 3 users.
View 12 Replies
View Related
Feb 12, 2013
When I ping my video streaming host's IP address (the IP that they gave me where I can view my IP web camera's video stream), I get anywhere from 0% to 8% packet loss at various times of the day. They're claiming that there's no problem, that this is because this is a router and it's dropping ping packets due to "ping priority giving preference to more important network traffic."
View 7 Replies
View Related
Feb 27, 2013
New to the forum and not much Cisco IOS experience let alone on the security side of things. I know how to navigate the IOS and can do basic switching and routing just fine. My company currently has a DMVPN setup w/ about 10 tunnels going back to the hub. We have 4 more sites they want me to setup and I keep getting stuck at the crypto maps. I have been reading about VPN's, DMVPN's , etc. for days now but can't find any examples of how we are configured. The priority of our crypto maps start at 65536 and go up. Default max is 65335 from what I have read, and I cannot assign a priority that high statically. [code]
View 3 Replies
View Related
May 5, 2011
I've got a LAN with private IPs for the computers, and public, static IPs for the VoIP phones. They are a Hosted VoIP provider, and I want to give priority to the public IPs with my ESW-520-48P switch. How do I implement that in this switch?
I have no roles assigned on the ports and no VLANs setup either. I had tried segregating the VLANs first, but eliminated that route. It's all VLAN 1 now in the switch again. For some reason when I implemented VLAN 100 for voice, voice stopped working on the phones, but data was still fine.
View 1 Replies
View Related
Jun 13, 2013
I have a known working configuration with many sites and one operative center that receives all communications.The connection OF THE OLD SITE is here detailed:Now I need to integrate another site. The difference between the old site and the new site is the following:
-old site communicates with the operative center by means of the FE0/1 or by means of an HWIC4T serial interface.
old site automatically switches between the tunnel on the ethernet interface (FE0/1) and the serial channel giving priority to the ethernet tunnel.
-new site will communicate with the operative center by means of the FE0/1 or by means of a transceiver device connected on the FE0/0.
-both new site and old site have a LAN on the FE0/0 where data is generated and sent to the router to be dispached to the best available channel.
The connection of THE NEW SITE is here detailed: the old site was configured this way: [code]
the first line means that everything starting from the client directed to 192.169.0.2 it will be sent on the tunnel1.the second line tries to route the same packets on serial0/0/0 with low priority.On the New site i did the same:
i created the tunnel form my cisco 2811 to the operative center using the FE0/1, then i added the following:ip route 192.169.0.2 255.255.255.255 Tunnel1
This works as expected routing the packets to the operative center on the FE0/1.Now I miss the second part: route packets on the FE0/0 to the ip address 192.168.1.31 WITH LOW PRIORITY like i did on the old site.
I did some tries but no one solves. Which is, in your opinion, the right command to add on the cisco2811 in order to get the equivalent of what i did on the old site ( ip route 192.169.0.2 255.255.255.255 Serial0/0/0 10 ) ?
View 13 Replies
View Related
