I set globally the QOS on my infrastructure and I want to monitor graphically the usage of each classes.I'd like to do that on my COREs Switchs which are Catalyst C6509.I can achieve that in command line, but it's not user friendly and it's not possible to have daily/hourly graphs.
So the idea is to find the value in the MIBS and put it in MRTG graphs.The only problem is that I cannot find it in the MIBS.
There around 70 remote sites and head end is of 200 Mbps MPLS WAN link..
Platform: 7206VXR, IOS: 12.4(15)T7
The QOS configuration at present is attached..
At the head end, we would like to shape based on remote sites bandwidth. Having said that, how many classes should I create to achieve this? Is there any other simplified way of achieving this ?
Remote Site MPLS bandwidth
No. of remote sites
64 kbps
3
128 kbps
3
[code]...
I'm trying to configure a zone-based firewall on an SR520 and am confused about the 'not' criterion. The 'zone-design-guide' says (my stress): Class- maps define the traffic that the firewall selects for policy application. Layer 4 class-maps sort the traffic based on these criteria listed here. These criteria are specified using the match.where my intention is to let only LAN hosts with IPs in the range 192.168.1.1 to 192.168.1.7 out through the firewall. There may be an easier way of doing this which I'd be pleased to hear about. But, even if there is, I'd also be interested to know what I'm doing wrong in the above.
View 0 Replies View RelatedI was looking at a problem where a traffic from certain sites have a restricted bandwidth, an ongoing problem for a year or so, apparently this throughput never exceeds around 25Mbps. My customer describes a situation where the end to end utilisation rises, eventually flat-lining at around 25Mbps. how many extra systems come on line, this traffic never exceeds this rate, and end users complain of poor responses.
During my investigation I found that one of the switches (Cat 6509) in the traffic path has a policer configured on a vlan interface, the policer has 3 sections for different traffic based on DSCP markers, and a default (unconfigured) class-default. Various people have had a poke about with this config over the years, with the result that all the traffic has the CoS and DSCP tags set to 0. All this traffic is hitting the class-default in the policer.The link that this traffic hits the Cat 6509 on is a 100Mbps link.
If I was designing this from scratch I'd probably configure a rate for the class-default.my question is, in the case where no specific configuration has been entered for the class-default, how much bandwidth is allocated to this class?
I would like to make a monitoring system of my network based on Zabbix . I would like to use SNMP protocol with the Cisco RV180W but in that case, i need its MIB table to generate appropriate OID for CPU and memory using and network information. Where i can find this kind of information ?
View 1 Replies View RelatedI have two 6509E's configured with VSS. In this configuration, is it possible to monitor the CPU and memory of each switch independently using SNMP?
View 1 Replies View RelatedI have been searching the message boards and wasn't having much luck. I am running some monitoring sessions on my 6509 and on the VLAN I am monitoring, I am experiencing a really large packet loss. If we hook up a laptop to the destination port and run wireshark we are seeing between 80% and 90% packet loss. I dont see the packet loss on the show port command, but I do on the show int vlan command.
The config is as follows:
Session 2
---------
Type : Local Session
Source VLANs :
RX Only : 500
[Code].....
I was doing some reading on Egress vs Ingress and I am wondering if the Egress SPAN replication state could be causing the packet loss that we are seeing or does the ingress & learn command override that?
I want to give limited access to our first level support so that they can execute certain basic commands like, port vlan change, access port shut/no-shut on Cisco 6509 and 3750E switches IOS based. I want to restrict them to only few options so they can not make changes to uplink (TenGig) ports and can not issue reload command etc. We do not have TACACS. What is the best way to achieve this?
View 2 Replies View RelatedI'm currently in the process of evaluating potential equipment options for a Core Router/Switch that will be running BGP with several Tier 1 ISP's, the table download from each ISP will be full (300,000+ Routes). I was looking at a 6509-E with dual SUP720-3BXL supervisors but after reading the below link I'm a little concerned by the maximum routes table: [URL]
Do I have to go to the VS based 720 supervisor as a minimum to support full BGP on a 6509-E? Does any experience of the above switch + supervisor combination under a full BGP table, how well does it work? I'm looking at long term using this as a consolidated core (i.e. a VRF for the Global Internet routing table + a VRF for internal data center traffic, plus maybe some more shared VRF's).
Would I be better keeping a Core switch by itself and just buying edge routers to run BGP?
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies View RelatedI need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies View RelatedHow do I...add a dos based computer to a network running windows 2003
View 1 Replies View Relatedcan i use both class B and class C at the same time?If so, what should i do with class B? and with the other Class C?i got 500 computer into 5 segments
View 2 Replies View RelatedI need to provide logical addressing this network using class C but I have been given no address to start with, only the network diagram:
[URL]
How do I even start this? How do I know which address to use?
I've noticed a Class A IP address on our Class C network. What does this mean and how can I determine what's causing this? I've can ping and tracert which gives 10.44.10.34 and 10.44.10.33. The DHCP Scope on the DC is 192.168.3.1 - 3.200.
View 1 Replies View RelatedWhy my 857 adv security don't have class-map and policy map command ? now i wanna use traffic shaping on this but when i use command class-map it doesn't have. [code]
View 3 Replies View RelatedI am looking a old exercise I did last year about subnetting and I am wondering if is possible to subnet:
198.18.9.1 /22
I wrote down, last year, that:
16 bit are assigned to network
6 to subnet
10 to hosts
when actually I see a class C ip address with 10 bit assigned to hosts. So, how many bit do I have for network, subnet and hosts?
I am trying to configure QoS on my Cisco 851w router using the class-map command.However it won't accept the class-map command.The router is running cisco IOS version 12.4(15)T10 "C850-advsecurityk9-mz.124-15.T10.bin".
View 3 Replies View RelatedI have tried multiple IOS for the 2821, including service provider, and advanced enterprise, and none of them have the pseudowire-class command.I have compared the features to the ones that do have the pseudowire-class command on the 6500 series and cannot figure out what I am missing.Is that command not supported on the 2821?
View 7 Replies View RelatedI read in the RV082 user manual can I configure a Ip address class C in the LAN interfaces.I need to know if the router support a class B addressing.
View 1 Replies View Relatedi want 192.168.0.1 with mask 255.255.255.0 class network to communicate with 10.7.27.1 with 255.255.255.128 mask to have the same gateway
View 2 Replies View Relatedwhy do class D doesn't have subnetmask
View 1 Replies View RelatedI'm currently looking at doing some re-design work for a platform we manage on the ACE.I want to be able to run a single VIP and only do a sticky session based around specific URL's not all. I've got the following configuration to apply a sticky session to a URL. [code]Notice, under the Policy-map type loadbalance http first-match WEB-POLICY-L7 i have two class statements, one that matches the URL L7 policy and applies a sticky farm and the second class falls into the default.Am i right in saying with this configuration, any http traffic hitting the VIP 192.168.1.1 that does NOT match /urltobedefined.co.uk/test sticky sessions are NOT applied. But traffic hitting 192.168.1.1 that does match /urltobedefined.co.uk/test will apply the sticky policy?
View 2 Replies View RelatedI was under the impression that all Cisco ASA firewalls shipped with a default inspection policy.
Example
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
[Code]......
can I build this myself? Why is it missing (I have two other ASA 5505s here that also do not have it). What would I do to rebuild it?
I have a request for blocking urls using a class map. I have made this work with HTTP, however it does not work for https. This is a 2851 router with IOS Version 12.4(15)T7. I see i could use the command "match protocol secure-https" however this does not let me specify any specific urls.
Does a new IOS version will support what I'm trying to do? Or if there is another way?
I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part.
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Guest VLAN has access to 2 IP's in Data for printing. Cisco871#sh run
Building configuration...
Current configuration : 8005 bytes
!
version 12.4
no service pad
[Code].....
how to subnet a class B IP address?I have a homework, I don't know how to subnet a class B.
View 2 Replies View RelatedI really need understanding some of the logic behind the default ZBFW settings on my Cisco 881W courtesy of Cisco Configuration Professional. Here are my two questions:
1.) What is the purpose and logic behind consolidating the first class-map (ccp-cls-insp-traffic) in to the second Class-Map (ccp-insp-traffic) as follows?
Code ....
2.) What is the purpose and logic of Policy-Map ccp-inspect is trying to drop traffic from ccp-invalid-src, which is filtering based on ACL 100:
policy-map type inspect ccp-inspectclass type inspect ccp-invalid-src drop logclass type inspect ccp-insp-traffic inspectclass type inspect ccp-protocol-httpclass class-default drop.
Code ....
I tried to put QoS in a WS-C3560CG-8TC-S version 12.2(55)EX2.It shows 0 traffic in class-map. Here is the config My question is why I can not see the traffic via class-map?it should in the default Q if incorrect mark.I erased the config and config with the autoQoS, shows the same result.
class-map match-any VoIP description Voice IP Phone RTPmatch access-group 157
class-map match-any WEB description Internal Web, SSL Web, DNS query, Pinnaclematch access-group 153
!
policy-map QOSMARK
class VoIP set dscp ef
class WEB set dscp cs3
class class-default set dscp default
[code].....
I am carving up an internet Class C for customer. This class C is used by 3 distinct QA, Corporate and Production firewalls. I want to carve up IP space so there is a /26 for each environment. The issue I have is the firewalls may need communication with each other via the public IP space. Currently I don’t have any L3 switches in between the firewalls and the edge internet router. So with subnetting, it would seem I need to push everything through the internet router for the intra-firewall communication.I would rather not push this traffic through the edge router, so I came up with an idea to allocate all firewall outside interface IP’s in the 4th (last remaining) /26. That way, I can allow firewalls to communicate over the primary interface IP’s, which will all be in the same subnet – without going through a routing “engine”/device.
For the actual environment subnets (NAT's on respective firewalls), I create a static route on the edge router pointing to each of the firewall’s primary IP’s for the respective environment routes (the first 3 - /26’s).This is still a beta design, but I have done this before on small scale when ISP gave me 2 subnets for example, assuming I was going to put a router in between the customer firewall and ISP. I would use the “routed subnet” on the ASA interface, and then pull the NAT’s from the other subnet. The ISP would have to add a static route directing the NAT subnet to the “routed subnet” correct IP - which would be the firewall outside interface primary IP.I recently found out that with ASA OS 8.4.3 and up, ASA will not proxy arp for IP’s not in its local interface subnet. This means the ISP/router will have to assign static ARP entries on the edge router. This can get messy after the first few NAT entries. So I am debating the design now. I think this kind of stuff going forward won’t be worthwhile with newer ASA 8.4.3 code.
How to communicate between different ASA’s, while still carving up the Class C into usable smaller subnets? The primary reason for doing this in the first place is to support routing on the edge router. I am thinking it might be time to ask for another Class C to do the routing functions, and keep the firewalls all at Layer 2 in one /24 - Class C?
ACS 5.3 always sends the class=cacs:xyz attribute in an authentication response. How can I suppress that behaviour? The Cisco Email Security Appliance doesn't support multiple class attributes (defect 49096) and even treats guest users as administrators.
View 2 Replies View RelatedConnecting Avaya 9611G IEEE class 1 devices to a Cat2960s. How ever some of the phone are registering as class 3 devices no matter what interface the phone is connected to. Typical port config is as follows:
interface GigabitEthernet1/0/2
switchport access vlan 25
switchport mode access
switchport nonegotiate
switchport voice vlan 22
srr-queue bandwidth share 1 30 35 5
[code]....
