I want to mark traffic on Cisco 3020 switch entering to interface gigabitEthernet 0/1 ingress direction with DSCP values. interface gigabitEthernet 0/1 is in access mode and in vlan 10.
This is my config:
access-list 1 permit host 10.10.1.1
class-map match-all ipclass1
match access-group 1
[Code].....
I have a Cisco 3725 router with IOS version "Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(12)". And this router is serving as a CE route for our MPLS connection to the service Provider. We do also have multiple VRFs ( around 10) and the WAN interface is DS3. So we created point-to-point subinterfaces and we put them in different vrfs. We have now transitioned to a new ISP and the ISP requested us to mark all of our outgoing traffics with DSCP AF31. So I have created the following policy-map
policy-map TRAFFIC-OUT-WAN-AF31
class TRAFFIC-OUT-WAN
set ip dscp af31
class-map match-any TRAFFIC-OUT-WAN
match any
Now we do have multiple GRE tunnel interfaces sourced from one of the WAN subinterface ( which is a member of VRF A). So the moment I applied the the policy-map on this WAN sub-interface (using the syntax "service-policy out TRAFFIC-OUT-WAN-AF31"), most of the GRE tunnels went down. And there is eBGP running on top of these GRE tunnels.
in switch 2960s ( c2960s-universalk9-mz.122-55.SE5 ) , i want to marking the traffic between two hosts (Data replication), i choose to use " mac access-list" to classify my trafic before apply the policy marking . but did'nt work . c
! my mac ACL
mac access-list extended test
permit host 000a.1a41.aa52 host 000a.1a41.1bc2
!
class-map match-all test
match access-group name test
[code]....
I try to connect a cisco blade switch 3020 to Nexus 2232 with etherchannel, but when I connect the second link a obtain flapping on vlans. [code] why the vlans are flapping ? it's something wrong on the config ? [code]
View 7 Replies View Relatedi'm doing B.E., final year.My project is IP TRACEBACK.so we hav to mark packets in router.Is it possibe to mark packet in cisco packet tracer?
View 1 Replies View Related1) which DSCP marking to use for ex90s(HD video)?
2) as a test we are planning do to deploy ex90 at few of locations. at location 1 we will do DSCP EF marking while at the other location we will do DSCP AF41 for video..assume, LOC1 calls LOC2: so, when video traffic from LOC1 arrives to LOC2 will it be marked as EF? and when traffic from LOC2 arrives LOC1 then traffic will be marked as AF41? if yes, then will there be any issue sometimes in case if we run out of bandwidth for EF?
I have a weird issue with a QOS policy that I have implemented. Details are below.
This is basically the policy I have created. It is running on a Cisco 877 router (running Advance IP Services 12.4). The internet connection is an Internode ADSL service.
class-map match-any VOIP
match access-group name VOICE-OUT
!
!
[Code]....
We have subscribed for MPLS links from Service provider we have a DC where the core connectivity is 90 MB and Remote branch location Connectivity is 64 Kbps. We are in process of enabling QOS for our links with co-ordination with Service provider ; as per our finding the branches have more RX traffic (downloading) so after discussion with provider we were advised to mark traffic from the core end and give it to the provider.The provider at its PE will honor the marking and set some B/W percentages and prioroty based on the DSCP marking values.
We need to mark this traffic so it is feasible to mark the traffic at the core DC router which has the below H/W details,Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36161439
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
or is it feasible to mark the traffic at the core switch.
Client: CISCO VPN Client
VPN server: Cisco Concentrator 3020 OS v 4.7
I want to get away from configuring split tunneling for security reasons. With Split tunneling and I am able to specify to which subnets the clients have access to. I do it defining "Network Lists"
When I modify the group and select "tunnel everything" under "client config" tab, the users then can access all subnets in the LAN. When I select this option the "Split tunneling network list" is grayed out
End goal is to make all traffic go thru the tunnel but be able to resctrict access to speficic subnets.
I am running 1.1.24 and spa303 phones I have a qos policy setup to mark all packets
The following is my qos
information 192.168.1.15/24
makring enabled
cos/DSCO DSCO
Value 0xb8
On my upstream device I only allow traffic that is marked with this dscp value. No traffic is coming through. RTP traffic is marked because it comes off the phone marked but I would expect the qos Policy so mark everything going to that ip space to be marked.
My new small router 866vae crashes and makes cold reboots every 20-30 minutes. I updated IOS, but it didn't work. The logs show texts like this:
Possible software fault. Upon reccurence,crashinfo, "show tech" and contact Cisco Technical Support. http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000!ip dns serverip nat inside source list 101 interface Dialer0 overload!dialer-list 1 protocol ip permitmac-address-table aging-time 15no cdp run!access-list 23 permit 192.168.1.0 0.0.0.255access-list 101 permit ip 192.168.1.0 0.0.0.255 anyaccess-list 111 permit udp any eq bootps any eq bootpcaccess-list 111 permit tcp any anyaccess-list 111 permit udp any anyaccess-list 111 permit icmp any any echo-replyaccess-list 111 permit icmp any any time-exceededaccess-list 111 permit icmp any any unreachableaccess-list 111 permit icmp any any administratively-prohibitedaccess-list 111 permit icmp any any echoaccess-list 111 permit gre any any!control-plane!!line con 0login localno modem enableline aux 0line vty 0 4access-class 23 inprivilege level 15login localtransport input telnet!scheduler allocate 60000 1000!end
i did on cisco 2960S switch at user ingress interface. but the marking is not showing in show policy-map interface gig 1/0/10 interface and ACL is not showing any match.
I also had a config reference from 2960S cisco guide.
access-list 103 permit tcp any any eq 80
access-list 104 permit tcp any any eq 23
access-list 105 permit icmp host 172.24.68.4 any
class-map IN_HTTP
match access-group 103
class-map IN_TELNET
match access-group 104(code)
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP"We are building HA (High Availability) Databases infrastructure.Currently, there are two nodes(hosts- servers) and two above switch for HA.Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication.So my question is: Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?If 'yes', how can we configure the switch for Multicasting ?Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
View 1 Replies View RelatedWe have 12 Catalyst Blade Switches 3020 for HP running IOS Version 12.2(55)SE. In the configuration of these switches I see the statement shown below.
no spanning-tree vlan 34,45-55,70,600,643,840,843-850
The 12 blade switches are configured as VTP clients and running VTP V2. I did not configure the statement shown above. It appered by itself. And even if I delete it, it will reapper. (The blade switches are interconnected to two 6509s. The two 6509s are the STP root and VTP bridges. I configure Vlans and STP on the 6509s).
why the statement above appers on the blade switches 3020s?
I mean I use other Cisco switches such as 3750s and 3560s and I have never seen the statement above appear by itself.
Region : Others
Model : TL-MR3020
Hardware Version : V1
Firmware Version : 3.14.2 Build 120817 Rel.55520n
ISP : LMT
Recently got a new USB dongle - Huawei e392. Initially it worked fine, had no problems, but then suddenly it stopped connecting. I tried everything, forcing 3g, forcing 4g, re-upgrading firmware and uploading a .bin file, nothing works.
It just tries to connect, gets disconnected, and unplugs the USB modem, then does it over and over again.
Here's the log.
1st day 00:00:21 DHCP NOTICE DHCPS:Recv REQUEST from 00:25:22:CE:0D:73
1st day 00:00:23 DHCP NOTICE DHCPS:Send ACK to 192.168.1.100
1st day 00:00:27 DHCP NOTICE DHCPS:Recv INFORM from 00:25:22:CE:0D:73
1st day 00:01:10 3G/4G NOTICE handle_card start
1st day 00:01:10 3G/4G INFO LTE MODEM = 0, status = 1, targetVendorID = 0x0, targetProductID = 0x0
[Code] .......
anyway to implement priority marking on the voice packets on the IP communcicator which installed in a laptop (running Data VLAN in the switch)?
View 1 Replies View RelatedI have a pair of Nexus 7K's running 5.1(3). I have a handful of edge devices that I need to mark ingress traffic, and need to mark both DSCP and CoS. Right now, I have a working config that marks DSCP appropriately.While that works dor DSCP, the MQC will not allow me to mark both DSCP and COS in the same class, and unlike IOS, it appears that Nexus does not have a default DSCP-to-COS mapping. My understanding is this can be solved using table maps, but I don't see how that can solve my problem in this specific scenario (it appears I can do marking or table-map mutation, but not both?). How I can accomplish both?
View 5 Replies View RelatedI have a 3750G switch running 12.2(44)SE6 my customer has some Cisco EX90 and ex-Tandberg VC units connected to the switch in a dedicated VLAN 600. The switch is then connected to the WAN router which has its own VLAN 6
From sh mls qos interface x/x/x statistics I can see that the traffic is marked by the VC units as DSCP 34 however when I run this command on the interface to the CE router the marking has been lost.
Similarly in the opposite direction incoming from the CE router I can see the marking coming from across the MPLS ok but when I check the output to the VC unit the marking has been lost.
This would indicate that in the process of routing between VLAN's the DSCP marking has been lost.
how to correct this issue. Because my interfaces are in different VLAN's do I need to VLAN based QoS?
IGMP Snooping configuration for Multicasting on Cisco Catalyst 3020 Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure.Currently, there are two nodes(hosts- servers) and two above switch for HA.Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication. Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?, If 'yes', how can we configure the switch for Multicasting ?
View 1 Replies View RelatedIGMP Snooping configuration for Multicasting on Cisco Catalyst 3020
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure. Currently, there are two nodes(hosts- servers) and two above switch for HA.
Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication. So my question is:
Q1> Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?
Q2> If 'yes', how can we configure the switch for Multicasting ?
Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
I am looking for some troubleshooting for some Cisco blade switches that are running high CPU. I have two 3020 blade switches in an HP chassis that each have two 1G links port channeled a pair of Nexus 5548s. Spanning tree has been constantly running about 35% of CPU for the last couple of weeks causing management SVI latency and CLI lag. The Port channel is the root port and the switches have no other connections.
Here are the things I have tried in troubleshooting the issue.
-Remove links from port channel so that one is forwarding and one is blocking -Removed the blocking link so that the switch only has one uplink. -Converted from pvst to rstp -Entered no spanning tree vlan <all vlans> so when you do show spanning tree there are no instances of spanning tree-Connected the single uplink to a different switch
Nothing has changed the continuous high spanning tree utilization of about 35%.
The 3020 switches server interfaces are configured as trunks for ESX running on the blades. It seems the only possible loop that could be causing this issue is on the ESX virtual switches, but I am not sure how that is possible. I say this because I have another pair of 3120s that have the exact same problem! However they were working fine (CPU normal) until the enclosure was populated and began switching traffic. After they began carrying a medium/heavy network switching load, the 3120s are running at a constant 56% spanning tree CPU utilization!
Currently we have a CISCO 3020 VPN Concentrator to terminate Lan-to-Lan tunnels and have our mobile workers connect via CISCO VPN client (300 users-employees and contractors-). Since this device is coming to an EOL this year we purchased a CISCO 5520 (below are the current licenses on it)
The licensing seems rather complicated, therefore this is my question:
- What VPN solution do you recommend for our users and contractors? it is my understanding the CISCO VPN client does not work with ASA 5500 series devices
- Is there a license needed to deploy VPN solutions for our remote users(employees/contractors)?
I am working with a strange problem at the minute with HP's NIC Teaming with Transmision Load Balancing.We have a HP blade system the Server is connected to 2 cisco 3020's and then those 2 switches are connected to a 3750 Stack consisting of 2 Members.
Theres an LACP ether channel consisting of 4 Gigabit Ethernet Ports to each 3020 from the 3750 Stack.They both have exactly the same configuration and all ports are up and the channel looks healthy.
When setting the Preference order on the server if I set the NIC connected to the 1st Cisco 3020 as primary i.e. Tx/Rx then everything is fine.If I set the NIC Connected to the 2nd Cisco 3020 as primary then all seems fine i.e. I can ping it, it can access services outside its own vlan and the internet. It cannot however ping anything connected to the same subnet and VLAN on the 3750 Stack.
Doing a packet capture on a server connected to the VLAN on the 3750 stack I can see the Echo Requests coming in and the server sending an echo Reply but the echo reply never gets back to the server with the teamed NICs.
I did a Layer 2 traceroute and all looked fine, all the MAC Tables were good.I thought maybe it was a layer 2 loop causing the problems but I have checked and re-checked STP and can't find any problems. STP has picked up one intentional loop and blocked it.
I've raised a ticket with HP to see if they can point me in the right direction but I don't think it is a problem with there Drivers. It definately seems like a networking problem.
when using egress netflow (v9) and output marking.
The topologie : Server <-----> R1 1>-----<1 R2 2>----<2 R3
R2 is a 7200 with c7200p-adventerprisek9-mz.124-15.T11.bin What I'm doing :- R2 forwards ping packets from Server to R3. When they arrive on R2, icmp packets are marked with CS3
- I change the DSCP to CS4 on R2 before forwarding packet to R3. I'm using for that an output service-policy on the R2-2 interface like this : interface ATM2/0.36 point-to-point
ip address 192.168.1.1 255.255.255.252
ip flow ingress
ip flow egress
[Code]....
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure.Currently, there are two nodes(hosts- servers) and two above switch for HA.
Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication.So my question is:
Q1> Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?
Q2> If 'yes', how can we configure the switch for Multicasting ?
Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
I have some client with Anyconnect 3.0 configured .I want that all traffic (vs. LAN and vs. Internet) is tunnled in the SSL VPN. On the ASA i configured a route that all traffico tunnled goes to Switch 3750. route inside 0.0.0.0 0.0.0.0 192.168.80.229 tunneled The switch ahve this configurtion for the routing
ip default-gateway 192.168.80.228
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.80.228
But if i have a pc that have default gw the switch ip 192.168.80.229 all works fine, but the client vpn have a problem that can't go to internet.I attach a schema and a configuration.If i try to navigate only through the ASA with the client VPN all works. But if i try to tunnle the von traffic to the switch and come back to the and then to internet all stop to works.
i have a core switch of 4500 series. some system are generating the traffic Extra LAN traffic. how i can monitor on switch that which system is generating the traffic,
View 1 Replies View RelatedI have an Cisco ME3400-24TS-A Switch with is not behaving normal.
I have already erased its flash, uploaded new IOS but could not fix the issue. However it boots normally and pass all tests show in boot process. Issue is this the i cant access or ping the computers attached to its ports from one to other.
However i can ping the switch vlan 1 IP from all computers attached to it.
When i tried Debug All Command, its shows the following:
debug all
This may severely impact network performance. Continue? (yes/[no]): yes
All possible debugging has been turned on
Switch#
*Mar 1 00:03:41.467: special_oce_change_vectors: select debug vectors
[Code]....
How do I monitor the traffic passing each individual ports on a Cisco SLM2048 Gigabit smart switch.This switch is the core where other switches connects to.I wanted to know which ports carries the most traffic and probably apply some changes.
View 1 Replies View RelatedI have a small problem and I'm a bit confused, Cisco suggested that you should mark traffic as close to the end devices as possible. So I wanted to try marking the traffic coming from S1 to R1, S2 to R2, and S3 to R3 on Switch 2 (Cisco Catalyst 2960) with the following config:
[code]...
I have a L3 core switch with multiple VLANs setup. Is there a way to place an IPS so as to monitor the traffic passing between, lets say, VLANS 1-3 and VLANs 4-10?
View 19 Replies View RelatedI just purchased a new SF-300 managed switch for the purpose of using it on the DMZ, so we can mirror the internet port and monitor traffic for my company. I have set it up from the web interface to miror port 1 to port 2 and that's pretty much it. I decided to test it before putting it in production, by hooking it up to one of my core network switches, connecting a laptop to it and trying to get online. It doesn't even connect to my DHCP server to get an IP address. If I put the laptop back on the same subnet as the switch management IP, I can still connect to the switches web interface. Isn't the basic functionality of a switch to pass traffic?
I should also mention that I'm not a network engineer, so there might just be something I'm missing with regard to a default setting that needs to be switched off?
I have a setup where two servers are on the same network are plugged into a L3 switch. Off that switch there is a WAN Optimizer device which is inline going to the MPLS cloud. Also off that switch is an ASA firewall which leads to the Internet for the location. When the two servers communicate with each other i would think the traffic would only go through the L3 switch between the two servers. I am seeing traffic between these two servers hitting the WAN optimizer for some reason. I would think being that these two servers are on the same network the traffic between them would stay at Layer 2. routing is enabled on the switch because of other vlans on the network. What would cause the traffic between the two servers to leave the switch and go up to the optimizer? Below is a diagram that shows the basic setup.
View 6 Replies View Related