Cisco WAN :: Rate Limiting Configuration On Vlan Interface On 6509?
Feb 10, 2011
I have used the following basic configuration to do rate limiting on a vlan interface on a 6509:
access-list 100 permit ip any any
class-map match-all ratelimit
match access-group 100
policy-map ratelimit-10Mb
class ratelimit
police 10000000 428750 conform-action transmit exceed-action drop
[code]....
How do I combine the two correctly to give me a vlan port rate limited at 10Mb up and down, but still setting aside (dynamically) 2Mb for voice?
View 1 Replies
ADVERTISEMENT
Nov 14, 2011
I have a 2960 that I need to limit the uplink port to 50Mbps for 3 vlans and 350Mbps for another vlan. Would the following config achieve that or is this even possible for the 2960?
class-map match-any VLAN50-51-52
match vlan 50-52
class-map match-any VLAN53
[Code].....
View 1 Replies
View Related
Jun 8, 2013
How (and is) it possible to rate limit pps on an interface (physical/logical), on a 6509-E?The porpuse is to protect from attacks which lead to very high pps, bypassing traffic rate-limits, and effecting the device's performance
View 2 Replies
View Related
Aug 12, 2012
We have 6509 VSS with FWSM Module and we have created two context on it, one is INTERNALL CONTEXT othe is EXTERNALL Context? We have spanned various VLANS in switches and FWSM context level. All VLAN Gateways are configured in context level.
Activity description : We had planned migration of these devices into a new Datacenter, it was a planned activity. During migration of devices from one Dc to a new DC we broke the VSS and kept the primary running and removed the secondary switch and migrated this secondary to new DC and powered this device ON in the new DC and checked all the config was very much fine but this device was OFF network as secondary was brought to new DC just to limit the downtime during the primary switch movement.
During the activity ( Primary switch movement )We powered off the Primary switch and mean time before shifting into new Data center We had brought up secondary switch which was already existing in the DC was put live in the network and it was working fine without any issues.
Later we had moved Primary into new data center and tried to put into VSS with the secondary , during this period the secondary device into went into RECOVERY MODE and primary device was not responding and devices went off network and immediatly we removed the VSL link and brought up primary into production network without secondary online in the network ( Without VSS just stand alone switch ) network started working, but bringing up the primary we found that some of the VLANS in the FWSM was deleted and some VLAN had misconfiguration ( example : say original VLAN ip 10.200.112.1 has become 10.300.13.1 ) also some of the access list as well as SVI was deleted making configuration mismatch.
Wanted to know while syncronization b/n primary and secondary switch in VSS if we pull out VSL link would create this type of issues.
View 1 Replies
View Related
Feb 24, 2011
I have a 3825 with a 16 port etherswitch card installed that I'm trying to setup rate-limits on. Interface G0/0 is the connection to the outside world and int g0/1 has a couple of 2950 switches attached to it.
The etherswitch card, f1/0, f1,1 etc has corresponding vlans, 902, 903 etc each with an IP 10.110.1.x, 10.110.2.x and all part of access-group 111. The switches connect on sub-interfaces g0/1.101, g0/1.102 etc and have IP's 10.55.1.x, 10.55.2.x and part of access-group 101.
What i'm trying to achieve is that every port / IP that is on access-group 111 shares 3Mb of bandwidth in/out and access-group 101 shares a separate 3Mb of bandwidth in/out.
I've created two access-lists as follows;
access-list 101 permit ip 10.55.0.0 0.0.255.255 any
access-list 111 permit ip 10.110.0.0 0.0.255.255 any
And on int g0/0 I've created the following rate-limits;
rate-limit input access-group 101 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit input access-group 111 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit output access-group 101 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit output access-group 111 3072000 64000 64000 conform-action transmit exceed-action drop
Now instead of both access-groups having 3Mb each they all seem to be sharing 3Mb! I've tried class-maps and policy-maps but to no avail..
View 3 Replies
View Related
Aug 18, 2011
I have a router 3845 connected to a LAN and other routers and providing internet through a link on an ethernet interface
Gi0/0
LAN connection
GI0/1
WAN connection
fa0/0
Internet connection
View 9 Replies
View Related
Nov 8, 2011
I am looking for information on how to properly configure rate limits on a Cisco 2821 so that I can set different Service levels by IP address. For example I want to limit a block of IPs to 1 Mbps Down and 512 kbps Up. I am doing point to point networks from our router (ISR 2821) to another router that is assigned a static IP. The other router connects to our router through a Fast Ethernet port on a NM 16 port switch card. The routing end point for the network is on a VLAN interface. Currently we are using bonded T1's but are about to turn up a Metro-E circuit.
View 1 Replies
View Related
Mar 13, 2013
I have a 10Mbps connection link which I will like to reduce to 5Mbps on a 6509 switch as indicated in the config below. [code] After applying the service policy on the vlan interface, i got this "match vlan is not supported for this interface". I actually tried the rate limit command but I cant see the effect using the speedtest.
View 2 Replies
View Related
Jul 17, 2012
We have a guest wireless setup but I need to rate limit the users so no one hogs all the bandwidth. The WLC is connected into a 3750 which is doing all the routing between the vlans. I know I cannot shape the traffic on the 3750.
View 2 Replies
View Related
Mar 13, 2013
I have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
View 2 Replies
View Related
Jul 18, 2011
i have to restrict that router and switches shall join only given multicasts. Means if i change multicast in TVG430 from 239.0.96.1 to 233.0.96.1 than it shall be blocked.My TX rate i set to 20 Mbits on TVG430, i want to rate-limit it to 15 Mbits on switch on Ingress int gi 0/23 or egress gi 0/24 included are three show runs output.ip multicast rate-limit out group-list GROUP source-list SOURCE.
View 2 Replies
View Related
Oct 30, 2011
I am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full. So I downloaded some big files over this link and I'm able to see 30- 40Mbps or more. You can see from the show int - rate-limit command that parameters are never showing exceented so nothing has been dropped. [code]
View 3 Replies
View Related
Feb 5, 2012
I'm trying to limit the bandwidth on certain ports to 3Mbps and others 1Mbps for a project, however when I do a bandwidth test from a website the speed on the router doesn't seem to change it's as if the changes over telnet aren't actually affecting the swtich's qos settings. I have verified that the policy is attached to the interface and the settings are correct as well.
Router
Telnet address: 10.xxx.xx.xx
Password:
[Code].....
View 1 Replies
View Related
Aug 8, 2012
i have been facing strange issue on FWSM (6509 switch). we have created a vlan inteface for server farm on fwsm and its stop responding automatically and we need to give shut/ no shut command under that interface to back into normal .
View 11 Replies
View Related
Sep 11, 2012
We have a number of 6509s which generally have dhcp relay agents configured on the SVIs. The dhcp servers are centralised. Recently we've had one or two faults with misconfigured or faulty devices (blade server chassis and also printers) generating high volumes of dhcp discover packets and causing high cpu on the relevant 6500. I would like to rate limit these discover packets, which are layer 2 broadcasts. Storm control can't discriminate between different types of broadcasts and on a gig link would need to be set down at about 1% to have much effect on the problem. I've looked at CoPP and also mls hardware rate-limiting but as I understand it, these two features don't control broadcast traffic. I also looked at dhcp snooping but if an interface receives a high level of dhcp discover broadcasts, e.g. over 100pps, I don't want it to go error-disabled (as this would knock down the whole edge switch), just to drop the excess packets.
View 2 Replies
View Related
Jun 17, 2012
After a abrupt power cylce of 6509 switch, vlan configuration got missing. Switch has not crashed.
View 4 Replies
View Related
Jul 2, 2011
I have attached a pdf of an example of a FWSM configuration with shared interfaces. Now what I dont get is (please refer to the link) url...Is there any difference between the natting that they have done on page B-4 on Context A.as opposed to configuring a static NAT for processing traffic to correct context nat(inside,outside) 209.165.201.0 10.1.2.0.The other question is on page B-2 (diagram) Context A has a customer A network linked to the inside interface. Is it possible to put a default route towards that "Network 2" cloud and restrict traffic from the 6509 switch towards the context A?
View 5 Replies
View Related
Mar 27, 2012
how to perform UBRL User Based Rate Limiting on ASR1000 like we can do it on Catalyst6500?
View 3 Replies
View Related
Jan 27, 2011
I have three VLANS set up on my Catalyst 3560G switch. Each VLAN has its own subnet and I have enabled IP routing and set up my VLANS so that clients on VLANS 1 and 3 can get to VLAN 2 because they share a server located on VLAN 2. However, now they can also see and get to each others VLANS! How I can allow my clients on VLANS 1 and 3 access a server on VLAN 2 but not access the other VLANS? I don't want VLAN 1 to get to VLAN 3 or VLAN 3 to get to VLAN 1.
View 17 Replies
View Related
Mar 13, 2012
We have a new 100MB internet service, but we only pay for 10MB and above that is a per/MB fee and not cheap. I want to limit all traffic inbound and outbound only to use up to 10MB on the outside interface of our Cisco 3825.
View 9 Replies
View Related
Nov 26, 2012
How is it i can implement the command 'ip multicast rate-limit out group-list <access-list>' but i get the error "ip multicast rate-limit" command is not supported on 6509?
Is it an IOS limitation or a limitation of the switch series and subsequently can't be used at all?
View 2 Replies
View Related
Feb 24, 2011
I am not able to disable rate limit comand from Cisco 3700 series router. I have tried with no rate limit command in the interface .Command is taking but still the rate limit comman in the interface.
View 2 Replies
View Related
Dec 7, 2010
Recently I faced 1 issue in MLS 6509.MLS had all Gig modules in slots 6,7,8 taking System detected CRC error rate on port ASIC data bus exceed fatal threshold, ("System detected CRC error rate on port ASIC data bus exceed fatal threshold".) causing the module reset by the SUP. After this active SUP causing it to failover the standby. This process was continuing every few minutes resulting in the SUPs on MLS rolling.what could be the issue for Sup rolling reset?
View 1 Replies
View Related
Apr 14, 2013
I have a Cisco SG300 small business switch and 541 APs. There are 2 VLANs in our network. One must be limited by bandwidth. How to configure vlan rate-limiting on SG300? And describe CIR & CBS.
View 1 Replies
View Related
Jul 23, 2012
I am looking for the command of rate-limit on a sub-interface in cisco asr 1013.
Cisco IOS Software,
IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M),
Version 15.2(2)S, RELEASE SOFTWARE (fc1)
IOS XE Version: 03.06.00.S
If it is possible in Cisco asr 1013. If yes then what are the commands.
View 2 Replies
View Related
Oct 18, 2011
I've got Cisco 7609 with WS-X6708-10GE (8x10Ge)And one port (te9/4) from it have zero bit rate counters, but all the rest of it are very good.I can see traffic if read it by SNMP. [code]
View 1 Replies
View Related
Aug 15, 2012
We have an old 3725 router with a HSSI card connected to a DL3100, which in turn is connected to a subrate DS3 circuit. The plan is to replace the router with a new 2951 router and a NM-T3/E3 card.After the router was replaced, I configured the NM but the circuit remained dow/down. I'm sure it has to do with the fact that the DS3 circuit is channelized but I'm not sure how to configure this module to be channalized. Here is the configuration that I placed on the router: [code]
View 4 Replies
View Related
Mar 6, 2013
On my SUP-7E, when I issue a " show interface vlan X " I cannot see the expected input/rate reflecting the real rate (which should be very high).
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 4000 bits/sec, 2 packets/sec
(Under the physical interfaces it is ok)However on other SUP-IV I can see the real rate.
My questions are :
- Why the SUP-7E does not reflect the rate, whereas the SUP-IV does ?
- I have heard about the 'counter' command under the vlan interface to activate the rate counters. Is this command application has any side effect on the switch ?
View 2 Replies
View Related
Jul 17, 2012
I am position to migrate from CatOS 6509 switch to native IOS 6509 switch. long time ago, there was some site to convert automatically based on copy and paste onto the tool, but i can not find.
Does anybody know how to convert CatOS configuration to Native IOS configuration ? It is not IOS change, but it is configuration convert.
View 1 Replies
View Related
Aug 2, 2012
I'm using Pix 501 with firmware: Version 6.3(3)I have problem with Pix 501:
+ transfer rate data between interface outside and inside very slow, even between 2 interface inside.
+ I have test file transfer between 2 PC connect via interface inside.
+ Results transfer 1 file 1MB with total time 60s
I don't upgrade software current from 6.3(3) to 6.3(5) via TFTP. It's error Please see attach file.
View 2 Replies
View Related
Apr 12, 2012
I have an issue where our ASA 5520 is impacting upload (from LAN to internet) speed. We have a 100Mbps SDSL internet link and only see around 45-50 Mbps on the upload when going via the firewall, download is around 90+ Mbps so that is acceptable. I have tested a laptop connected directly to the internet router and that give near on the 100Mbps up and down speeds, but if I put that laptop on the LAN or directly onto the firewall interface I only see 90Mbps down and 45Mbps up. I have check that the interface speeds/duplex on the firewall, switch and laptop are correct and also checked there are no errors on the ports. I also turned off the IPS and that made no difference. In addition I have checked the CPU during download/upload (max): CPU utilization for 5 seconds = 9%; 1 minute: 3%; 5 minutes: 1%
In theory the 5520 should be able to cope with this throughput:
Cisco ASA 5500 Series Model/License: 5520
Maximum firewall throughput (Mbps): 450 Mbps
Maximum firewall connections: 280,000
[Code].....
View 1 Replies
View Related
Oct 24, 2012
I am doing some per-deployment testing with a ASA5585X and noticed that when I feed it a stream of SYN packets on the outside interface the measured traffic rate on the inside interface going out is about 10x the rate of the outside interface going in.
laptop --- ASA --- PC
I send 6k TCP SYN pkt at interface rate from the laptop targeted at PC. No packets are dropped by Ac Ls or policies and can be sniffed at the PC.
Show interface commands show:
sh int inside:
... ...
Traffic Statistics for "inside":
...
1 minute input rate 23 pkt/sec, 1303 bytes/sec
1 minute output rate 4454 pkt/sec, 820757 bytes/sec
sh int outside:
... ...
Traffic Statistics for "outside":
...
1 minute input rate 885 pkt/sec, 70847 bytes/sec
1 minute output rate 7 pkt/sec, 425 bytes/sec
I would expect that if 885 pkt/sec enter the firewall on the outside interface the same amount or less would exit it on the inside...? Why this is not the case? The packet rate is about 5x and the data rate is about 10x greater.
View 6 Replies
View Related
Nov 21, 2012
i'm going mad on following problem. I'm trying to get 2 networks seeing each other while one of the network is a non VLAN network and the other one is a VLAN network.They should use the same interface so i added VLAN e0/0.122 to the interface e0/0.Send a ping from my asa to both gw-IP's made me happy at first. In second in figured out that i cannot reach any client in the other network. For testing purpose i created an permit acl to any/any for both networks, but the packets still get dropped by the default implicit rule. (deny any/anyMaybe i'm to stupid for this
View 10 Replies
View Related
