Cisco WAN :: ASR 1001 CBWFQ Not Supported On Subinterfaces And Efps
Mar 19, 2012
I have problems to configure CBWFQ on a ethernet sub-interface on a Cisco Router ASR 1001. Then I applied the policy in the physical interface but it should be is in the sub-interface. How can I configure CBWFQ on sub-interface in ASR 1001. (version 3.02).
Error Messages:
CBWFQ: Not supported on subinterfaces and efps
This the final output:
interface GigabitEthernet0/0/0
description Conexion WAN
bandwidth 153600
no ip address
load-interval 30
no negotiation auto
[code]....
View 2 Replies
ADVERTISEMENT
Sep 19, 2011
I have a 50 Mbps metro ethernet connection between our main office, and our collocation site, where we store web servers, DR equipment and VPN access gateways. I have two Cisco 3845 ISR's connected to the metro E circuit. The interfaces on each router are configured as 100/full as requested by my ISP. We are connected via ethernet to a fiber media converter.
As I understand, CBFWQ will not kick in until congestion occurs on an interface. I also understand that the bandwidth command on an interface is to provide bandwidth related information to upper level protocols (like EIGRP, etc).
My question is that since the interface where I have CBWFQ configured on is at 100 Mbps, but my circuit is at 50Mbps, how can I get my routers to kick CBWFQ in when traffic demand exceeds 50Mbps+? Does the bandwidth command on the interface control that as well?
View 6 Replies
View Related
May 6, 2012
i have 7206VXR with trunk interface toward customers, now i'm trying to configure CBWFQ on one of the sub-interfaces for specific customer,while trying to apply parent policy which includes child policy i'm getting the following message:Must remove traffic-shape configuration first.
here is the configured policy:
ip access-list extended ACL_TEST_SRV
permit ip any host 192.168.10.1
permit ip host 192.168.10.1 any
!
class-map CM_TEST_SRV
match access-group name ACL_TEST_SRV
[code]....
View 4 Replies
View Related
Jul 6, 2012
I have a C7200 router which does not support full feature CBWFQ. There are no option to configure following commands:
class-map match-any voice
match protocol rtp
match ip dscp ef
[Code].....
View 1 Replies
View Related
Jun 5, 2012
I am preparing configuration (currently in lab) for Per-Tunnel QoS in DMVPN on ASR 1002F for one of our customers, and I came across one issue. According to restrictions for this feature, I cannot apply per-tunnel QoS in conjunction with interface based QoS. This means, I can provide shaping with hierarchical CBWFQ for each spoke, but I cannot guarantee anything on physical interface! What if there are services in native MPLS? I am also unable give reservations for BGP which is used on PE-CE link! How about monitoring spoke PE-CE links natively? I can only apply policy-map with class-default on physical interface. When I add anything related to queuing for that class (or any other non-default class) I get the message:
R1(config- pmap)class routing
R1(config- pmap-c)#bandwidth 16
service-policy with queuing features on sessions is not allowed in conjunction with interface based
[Code] ........
View 8 Replies
View Related
Jan 11, 2012
CBWFQ kicks in when the interface becomes congested and there is no available space in the queue but I need to find a solution to the scenario below:Im using a Gigabit interface on the 3945 Router that connects to the ISP. The ISP limits bandwidth to 60Mb so I need to make sure when I reach the limit of the 60Mb the router starts using the BW percentages defined in the policy-map using classes. any kind of traffic go out as it wants but as soon as the 60Mb limit is reached, the priorities defined by the traffic classes will kick in just as if the interface ran out of queues (as CBWFQ usually works).
View 7 Replies
View Related
Sep 13, 2011
Does anyone know if it's possible to use a single interface on the ASA for both the failover interface and for stateful failover? Here's my situation.I'm looking to provision a pair of ASAs and I want to do stateful failover.The problem is that I need four interfaces (inside, outside, and two physical DMZ interfaces).I'm looking at either the 5520s or 5540s and these boxes need to run the IDS SSMs, so I can't use the 4-port expansion SSM.
I want to do stateful failover so I need two failover interfaces.What I'm wondering is if I can take one physical interface,run two subinterfaces on it, and then use those two subinterfaces for my failover and stateful failover interfaces.That would leave me with the four interfaces that I need for everything else
View 3 Replies
View Related
Jun 17, 2012
I have an ASA 5520 running 8.0(3) with two Subinterfaces configured like this:
=================================
interface GigabitEthernet0/1
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet0/1.72
description VLAN 72
[code]....
(notice that they have the same security-level)I need to control the traffic between them with ACLs so I in ASDM unchecked "enable traffic between two or more interfaces with same security level" and "enable traffic between two or more hosts connected to the same interface"Now I cannot ping from one Vlan to the other, as expected,,, but I tried many different ACLs and I cannot ping or telnet to the other side from either one.
View 9 Replies
View Related
May 2, 2012
i have a pix 525 running 8.0(4) and asdm 6.1(5)i have two ethernet interfaces, and two gb ethernet interfaces
i connected both gb ethernet interfaces to a switchport, configured as trunkcan't seem to activate subinterfaces on the gb interface on the pix 525.
View 7 Replies
View Related
Jul 3, 2012
I have two C4506 switches and I would like to create two L3 links between them by using only one physical link. I will then assign each L3 link to a different VRF.
I think I have two choices but I'm not sure however that the second one is possible...
---------------
1st choice: creating two VLANs and two SVIs on each switch
interface Vlan10
ip address 10.10.10.1 255.255.255.252
ip vrf forwarding vrf1
interface Vlan20
ip address 10.10.10.5 255.255.255..252
ip vrf forwarding vrf2(code)
View 1 Replies
View Related
Jan 30, 2013
i have a couple of ASA 5510 in Active/Failover configuration. Failover LAN is configured on management0/0 e the ASA are connected with a back-to-back direct cable.
ASA has an interface in access mode inside with standby ip address and show failover is compliant with expected result in show failover (Normal)
ASA-PRIMARY# sh failover Failover On Failover unit PrimaryFailover LAN Interface: LANfailover Management0/0 (up)Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 5 seconds, holdtime 25 secondsInterface Policy
[Code]....
View 2 Replies
View Related
Mar 31, 2011
I currently have an ASA 5520 in production without using subinterfaces. I have connected an interface on the ASA to a 4507, the 4507 contains SVIwhich perform the routing for our internal network. I have another ASA 5520 and I am playing around with a few new design scenarios. The problem I am currently having is with SubInterfaces on the inside of the network. I understand the subinterfaces on the outside network, I am using subinterfaces on the outside for dual homing ISPs.
I don't understand the multiple subinterfaces on the inside, for some reason I can't wrap my mind around using them. I have created a few and trunked a port from my 3560X to the ASA interface. Here is my design.
ASA 5520 Config(I realize that this isn't how it would look in CLI, I just don't remember all of the commands)
interface Gi 0/1
nameif Physical Interface
no ip address
interface Gi 0/1.10
nameif Prod_USERS
ip address 172.16.10.1 255.255.255.0
security-level 100
interface Gi 0/1.20
nameif Users
ip address 10.10.16.1 255.255.255.0
security-level 100
Alright so in this scenario I would have a trunk port from my 3560X connected to interface Gi 0/1 on the ASA. On the 3560X I would created the two VLANs (vlan 10 and vlan 20); I also created an SVI on the 3560X as follows.
3560X config
interface VLAN 10
description PROD_USERS
ip address 172.16.10.2 255.255.255.0
no shut
interface VLAN 20
description USER-NET
ip address 10.10.16.2 255.255.255.0
no shut
Now I create a default route on the 3560X as follows, "ip route 0.0.0.0 0.0.0.0 172.16.10.1". By doing this, I can only route my 172.16.10.0 network out to the internet, not the 10.10.16.0 network? I have to remove the default route above and add ip route 0.0.0.0 0.0.0.0 10.10.16.0 for clients on that network to browse out to the web.
So I am obviously missing something crucial here and I just can't wrap my head around this design scenerio for some reason. the topology necessary for this configuration to function correctly and how I can get both of my VLANs to function properly. I would like for the 3560X to route traffic internally until traffic needs to browse into the DMZ or out to the web, and at such time it should then use the firewall.
View 5 Replies
View Related
Feb 19, 2012
how to use Subinterfaces on an Etherchannel for a Lan Failover link?I successfully bundled e0/0-1 and e0/2-3 to 2 Port-Channels with a 3750X Stack - and was able to set my "nameifs" and "security level" on Port-Channel Subinterfaces like "Port-channel1.4" As a lan based failover link the subinterfaces seem to be unusable ....
View 1 Replies
View Related
May 29, 2011
I've been having a problem with my cisco routers (7600s) where sub-interfaces that we create for ldp tunnels are added automatically to the main ospf process as no passive when created. In order, here is how to reproduce the issue:
- Configure ospf process as "passive-interface default"
- Configure interfaces that have to be active as "no passive-interface blah"
- ospf works as expected.
- Create new sub- interface somewhere with encapsulation on a certain vlan for xconnect.
- New sub-interface gets added as "no passive-interface" in main ospf process.
- When adding a new port-channel interface, behavior is the same.
Is that normal for cisco, should I continue removing sub-interfaces manually every time from the ospf process?
View 4 Replies
View Related
Sep 14, 2012
I have set up a couple of vlans on a cisco 1721 router 4esw card using the vlan database and assigning an ip address of 192.168.1.x and 192.168.2.x for each vlan interface.Strangely enough connected computers can talk to the other vlan and I have not set any subinterfaces on the etherner0 (layer 3) and not even connected a cable.Is there any reason why this should happen since they should not talk to eachother being on seperate vlans.Doing a tracert shows that first the vlan ip address is hit and then straight to the target pc in the other vlan?
View 4 Replies
View Related
Apr 15, 2013
I've an ASR1001 with 15.1(2)S code on it connected to out ISP, we've been get some complaints about performance and I'm seeing drop on the output policy. Checking the bandwidth consumption we have plenty spare when drops are occuring, there's 300Mb/s. Details below, any suggestions gratefully received
The policy is to guarantee the following bandwidth:
Outbound policy:
class 1 => 50% guaranteed
class 2 => 8% guaranteed
class 3 => 1% guaranteed
class 4 => 5% guaranteed
class 5 => 1% guaranteed
class 6 => 5% guaranteed
class => 7% guaranteed
class 8 => 7% guaranteed
class default => not configured
config :
policy-map priority
class 1
priority percent 50
class 2
priority percent 8
class 3
priority percent 1
class 4(code)
View 9 Replies
View Related
May 15, 2012
I just would like to confirm if the ASR 1001 with IP Base license can support the normal BGP features such as remote-peering IPV4, Local-AS.
I am not looking for advanced features such as Route Reflectors, VPLS, L2 VPN, etc.
View 1 Replies
View Related
Dec 29, 2012
i have 1001 ASR which boots up ok but shows a warning "filesystem is not clean" and thereafter the image is validated well, it shows up the following two messages and just goes idle from there. [code]
View 6 Replies
View Related
Feb 20, 2011
We are going to purchase ASR 1001 with ipbase, BGP is our basic requirment if we purchase ipbase(SLASR1-IPB) it will support BGP.
ProductDescriptionASR1001Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/SASR1001-PWR-ACCisco ASR1001 AC Power SupplyCAB-IND-RAPower Cord India, Right AngleSASR1001UK9-32SCisco ASR 1001 IOS XE - ENCRYPTION UNIVERSALSLASR1-IPBCisco ASR 1000 IP BASE LicenseM-ASR1K-1001-4GBCisco ASR1001 4GB DRAM
View 3 Replies
View Related
Mar 4, 2012
is the ASR 1001 either with IDC OC3 or T3 support VPLS and what is the limitation, what is exactly support is it full functionality of VPLS?
View 4 Replies
View Related
Sep 3, 2012
I just need to start building the configuration of an ASR 1001 but I do not know how gigabitethernet interfaces are named on these routers? Are Gi0/0/X or Gi0/X ??
View 1 Replies
View Related
Apr 29, 2013
I am replacing my 2900 Internet router with a ASR 1001. I am really not doing anything to fancy on the configuration just routing traffic from the internal LAN to our ISP connection. With the new ASR 1001 there is a configuration for VRF Definition Mgmt-Intf do I do anything with this? There is also a interface for vrf forwarding. At this point we are just running IPv4. The plan was just to configure the GigabitEthernet interfaces but I wanted to make sure if I should try and configure VRF.
View 2 Replies
View Related
Mar 7, 2013
We have an existing WAN connection from a Cisco 2821 router to Time Warner with a single mode fiber connection using the following SFP:We have a ASR 1001 router configured to replace the 2821 router. When I connect the fiber into the ASR 1001 router the link does not come up. I have used the above SFP without success and the following SFP.I have seen Cisco documentation that only certain SFP modules are compatible with ASR router, but I believe the second SFP I listed is compatible. As a test, I connected my ASR router to a 3750 switch using long haul SFP modules on each end so I know the SFP module works. The only downside to this test is I only had a multi mode patch cable. Are there specific settings on the ASR interface that need to be set to allow this connection?
View 1 Replies
View Related
Jan 31, 2012
I have an issue with an ASR 1001. The problem occurs with MQC shaping applied to a gigabit interface in the outbound direction. The CIR of the provider we are using is 100Mb/sec, so we are shaping to that value. However when reported traffic levels are about 60Mb/sec, we see a steady increase in output drops. [code]
I have also tried increasing the hold queue, however this does not work with the drops. Increasing the shaping rate to 200Mb/sec gets rid of almost all the drops (not quite all!) but is not what we need. I think that we should see some drops when rates spike above 100mb, however the amount we are seeing seems excessive?
View 1 Replies
View Related
Jan 20, 2013
This would be the first time I will be working on NCS for a client. There is completely a new install and I was just doing my reading to get my head around the overall working of the product. I had a small Q in mind which I wanted to ask here, while going the config guide, i could not find the way to add a router to the NCS prime. W have ASR 1001 in use along with switches. I read in some forum that NCS supported routers but couldnt find the way in the config guide unless i am missing somewhere. The NCS version is 1.0
View 6 Replies
View Related
Aug 8, 2012
We have problem con EIGRP and two ASR 1001 in High Availability. ASR2 have received all route (100 route) from PE, but in ASR1 doesnt received all route (75 route) from PE or from other ASR02. All PE have all route. The ASR1 when modify or lost some route dont update to the ASA. see diagram.
View 5 Replies
View Related
Feb 5, 2012
I have a need to capture traffic on an ASR 1001 subinterface, but what I have found is that the Embedded Packet Capture feature is not supported on this platform. Are there any simple alternatives to capture egress traffic on a subinterface or am I SOL? This is a walk in the park on normal IOS routers...
View 1 Replies
View Related
Aug 14, 2011
We've recently bought a cisco asr 1001 Router and I have a number of interface slots. I want to populate these with fiber modules.
Which fiber modules are compatible? Are the regular SFPs ok to use or is there a special asr series of SFPs to use?
View 15 Replies
View Related
Jul 19, 2011
I'm trying to configure Tacacs on Cisco ASR1001, and the Tacacs server is Cisco ACS v3.3, the ACS won't pass the authentication, complaining bad request from NAS, key mismatch - which I compared millions of times on both ASR and ACS sides. [code]
View 2 Replies
View Related
Aug 31, 2011
A customer recently purchased an ASR 1001 under the impression it could replace their old 3662 router and ASA 5505. The ASA is configured for their SmartFilter proxy server (N2H2), and I am having a heck of a time finding any documention on how to configure this. I found the following: To use SmartFilter with Cisco IOS firewall, install the SmartFilter componentsand use the IFP plugin (off-box). To configure the Cisco IOS for SmartFilter,use the Cisco document Firewall N2H2 Support located on the Cisco Web site,[URL]Well, I found the Firewall N2H2 Support document [URL], but the ip inspect command doesn't seem to work on the ASR. Is there any way to make this work or does the ASA have to stay in line?...
View 3 Replies
View Related
May 29, 2012
How can i find the list of features supported in ASR for various license
1) IP Base
2) Advance IP Services
3) Advanced Enterprise Services.
View 1 Replies
View Related
Jan 31, 2013
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter :
sh policy-map interface gigabitEthernet 0/0/0 service instance 1
GigabitEthernet0/0/0: EFP 1
Service-policy input: MARKING-OTV
Class-map: Platforme_DC (match-any)
[code].....
View 9 Replies
View Related
Mar 6, 2013
My company has purchased a second ASA for fail over reasons and I'm needing to attach it to my core router (ASR 1001). Currently I'm running the connection between my ASA and my Core as a /19 ie. ASA-10.10.10.2/19 -- ASR-10.10.10.1/19. I know the 2nd interface on the ASR will need to be on a different network segment then the first connection (10.10.10.1/19). What would be the best way to segment this out with out breaking up my /19?
Run /30 segments for each interface? Use a VLan ?
I don't want to use up my Internet rout able IP's on /30 segments. Attached diagram.
View 1 Replies
View Related
