Traffic Shape Group 101 500000
Apr 21, 2012what are the values of Bc and Be?interface fast 0/0 traffic-shape group 101 500000
View 11 Replies
ADVERTISEMENT
Cisco WAN :: Shape Output Traffic 2821
Mar 8, 2012I have a Cisco 2821 with ios Version 12.4(21). On that router I have a WAN link that is 550mbit dual. The interface is 1000FD so i need to shape my output traffic to max 550mbit - otherwise my ISP policing is dropping the traffic.
I've looked at this document url... and i'm trying to use this interface command:traffic-shape rate
But the router wont accept rate value 550000000 that should be 550mbit in bits/s
Is it not possible to shape the traffic to 550mbit on the 2821 router?
Cisco Firewall :: Can Traffic Shape To 200Mbps On ASA5510
May 30, 2012I have ASA5510. It's include security plus license.I want to traffic shape to 200Mbps. But , I checked a CCO.CCO said that a shaping limit is 154400000. "Enables traffic shaping, where the average rate argument sets the average rate of traffic in bits per second over a given fixed time period, between 64000 and 154400000. "It's mean shaping limit 154400000 ?Can I shape to 200Mbps ?
View 2 Replies View RelatedCisco Firewall :: ASA5520 8.0(2) Does Not Have Traffic Shape Feature
Dec 21, 2011Recently I want to apply traffic shape on my ASA5520, but after entering the configure mode of policy-map, I couldnot find the shape command.. If I type the command, the device would notify me that there is no such command.. My version is 8.0(2),PS. Police command is working fine...
View 5 Replies View RelatedCisco WAN :: Traffic Shape Per Policy (ASA5510 With 8.x Software)
Jun 25, 2012I have a asa 5510 with 8.x software and I want to reserve (i mean RESERVE not PRIORITIZE) traffic based on protocol, like if I have a 10Mbit I want to :
- give 3 Mb for smtp
- give 5 Mb to http/s whatever
- 2 Mb for other stuff.
Of course QOS won't do that, can you do that with ASA?
Cisco WAN :: Configured Policies To Shape Traffic On Interface Of 7206 Router?
May 1, 2012I have configured policies to shape the traffic on the interface of cisco 7206 router. Now my managemet wants to configure these policies on time based ie policy should be applicable during specified time period onle. Is it possible? if yes how to configure it?
View 11 Replies View RelatedCisco :: WLC 2125 Modify Heatmap Shape
Mar 20, 2011I am quite new to WCS and preparing a demo for a client. I am also using WLC2125 with LAP1252s for this setup. Is it possible to modify the shape of the heatmaps of the APs? I know how to regulate TX power of the radios and all works great but how can I controll RF leakage outside the perimiter of the building? Is it possible to controll the RF so that it will not be going outside and same time giving a good coverage inside?
View 1 Replies View RelatedCisco Firewall :: 5520 - ASA 8.6.1 Shape Command Invalid
Jul 9, 2012Tried setting up a Shape Policy and it states its invalid. Worked fine on my 5520, just curious to know why its coming as invalid now
ciscoasa(config-pmap-c)# shape
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config-pmap-c)# shape ?
ERROR: % Unrecognized command
Cisco WAN :: 3825 - What Does Shape Average Percent Mean In QoS Policy
Jan 3, 2010I am working at a client site that is an MPLS customer. The customer has an MPLS circuit that runs between their Main HQ and their Disaster Recovery site. I have been asked to analyze and report as well on the way the Qos Policy is written, and to provide any recommendations on how they can improve performance.There is a statement within the Qos Policy as it exists at each end on the 3825 routers. The statement is called "shape average percent". Here is the policy from one side:
policy-map QoS
class COS2_traffic
set dscp af31
shape average percent 12
bandwidth percent 13
[code]....
What does this statement mean and how is it different than the the "bandwidth percent" statement?
Cisco Switching/Routing :: Inexpensive 881 Switch That Can Shape?
May 15, 2013We currently "need" to shape certain services very specifically....we curently do this via routers for CE's (881's etc) i.e. 10Mb service, we need:
-class class-default
-shape average 9800000 40000 0
Some of our clients want to run firewalls as CE's that are unable to shape to this degree, so we are wanting to put an inexpensive switch in front of their CE to do the shaping for them(L2 - either per-port or per-vlan)...the ME3400 looks ok, but is quite expensive.
Cisco VPN :: ASA 8.4 LDAP Group To ASA Group Policy Mapping?
Jul 31, 2012I try to map LDAP Group to ASA Group policy following documentation:
[URL]
This is a config for ASA 8.0. I would have expected it to work on 8.4 as well but I do run into problems. The mapping as shown in LDAP Debug and ASA Log will actually happen but it is overwritten by the "GPnoAccess" Group Policy configured locally in the Tunnel Group. From earlier works with RADIUS I would have expected the user specific Attribute to be "stronger"?
ASA Log:
AAA retrieved user specific group policy (correct Policy) for user = XXX
AAA retrieved default group policy (GPnoAccess) for user = XXX
Cisco Switching/Routing :: Shape 3560 For 10Meg Metro-E Internet Connection
Nov 12, 2012I have been reading for awhile now on all the Cisco forums on the 3560 and shaping egress traffic but I wanted to verify my thoughts on this. I have 3560 that connects to the ISP that is policing at 10Megs, I want to shape my egress traffic going to the ISP, I do not want to provided QOS to any specific traffic type but only shape all traffic outbound. Will my config below shape "all" egress traffic going to the ISP on the 3560, on a port that is physically connect at 100Meg Full duplex?
int gi0/1
srr-queue bandwidth shape 40 40 40 40
I gathered these numbers using the formula of 100* 1/weight, which would equal 2.5 and if each queue has 2.5 meg that would = 10Meg. However another concern is that I don't think I have the full 100Meg on the interface to use (correct?)
Cisco AAA/Identity/Nac :: ACS 5.3 - How To Associate Identity Group With AD Group
May 1, 2012how to associate an AD group - which i have defined in users and identity stores/external identity stores/Active Directory/Directory attributes to associate with the relevant identity groups - Users and identity stores/identity groups Is there an example of this being done somewhere as i am having problems understanding how to do this from the user guide.All i want to do is associate identity groups with ad groups.
View 3 Replies View RelatedCisco WAN :: 2821 When Traffic Is Less Error Rate Is Low But With High Traffic It Is Increasing Drastically
Dec 11, 2010We have cisoc 2821 at one of branch and created five sub inetrfaces for different vlans.Output of Show interface shows very frequent increase in the input error count.I have changed the physical cable and switch port on the other side.But still error rate is increasing.When the traffic is less error rate is low but with high traffic it is increasing drastically.My router process is very less(4%) only.What could be possible reason. [code]
View 8 Replies View RelatedCisco Firewall :: ASA5550 - Implement Traffic Shaping / Policing Primarily For P2P Traffic?
Mar 10, 2011We are looking to implement traffic shaping/policing primarily for P2P traffic. As natively the ASA5550 is only capable of p2p inspection if the traffic is tunneled via port 80 is the AIP-SSM the way forward? We have 2 5550s in active/active failover config. As a side note we are also looking to implement an IDS/IPS system so could this module cover all?Is this module going to provide the desired outcome or is there another module/device out there better suited for this? I would prefer to use the ASA5550s as opposed to implementing another product if only that we can make use of the investment we already made on these devices.
View 1 Replies View RelatedCisco Firewall :: Traffic Limit For Internet Traffic Usig ASA 8.2
Nov 27, 2012I am testing limit bandwith using my ASA 8.2, i am trying to limit internet access for certains users , i order to save Bandwith for the important things but i can´t get any limitation
My configuration is the following, the acces list is just for my pc in order to test, and the service policy is applied to outside interface (called internet in my case) for incoming traffic
access-list Internet_mpc_1 extended permit ip host 172.16.127.70 any class-map Internet-class-TEST match access-list Internet_mpc_1 policy-map Internet-policy-web class Internet-class-TEST police output 1024000 1500
service-policy Internet-policy-web interface Internet
With show service policy i can´t see any activity on the policy , but if i do a similar configuration for inside interface outgoing traffic i can see packets allowed and dropped
Cisco Firewall :: ASA 5520 - Allow Traffic From DMZ To Internet And Block Traffic?
Apr 29, 2012I have an ASA 5520 with the below config
Gi0/0: outside (Internet)
Gi0/1: inside (Internal users)
Gi0/2: DMZ (web servers, ftp, Mail etc..)
I have a SMTP relay deployed on the DMZ for mailing. I have also a mail servers installed in the internal lan,
I want to allow trafic from dmz to reach internal lan, and i want normally also allow stmp relay from dmz to reach Internet.
How can i block trafic from DMZ to reach Internal Lan (instead of smtp) if the to allow trafic from dmz to internet i must put ANY in the policy?
For allowing trafic from DMZ to reach Internet, the policy must be DMZ -----> ANY ----->Services., this policy means DMZ can implicity reach Internal Lan?
Cisco LAN :: 2811 / Traffic-export Capturing Only Inbound Traffic?
Mar 19, 2013We have a Cisco 2811 running ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?
Cisco WAN :: 3750 ME Traffic Shaping Downstream Traffic
Aug 4, 2011I am trying to come up with the best way to traffic shape traffic with 3750 Me switches. the traffic will be coming from a 6504 Sup-7203b downstream and going out the wan. Core---L3---->6504--intvlan80--trunkport to--->3750Me---g/1/1/1-trunkport to---MetroE network--->int f0/0.80--branch router. The idea is to use the 3750 to traffic shape the traffic going towards the wan/branch to 500 to match the contracted rate and then to use qos on shaped rate. I tried to apply it to g1/1/1 using port based policies but it did not shape the traffic. I changed everything to IP interfaces and it worked. I need to break up the metroe into different vlans so I can bring branch offices in on different vlans.c
View 3 Replies View RelatedGet Rid Of Group Policy?
Feb 18, 2011dell 3000 xl os 149gb I set up a home office. to try to transfer files to my new one.oce i found out you can't do it. there was a group policy in place.how do i get rid of it. it's interfering with a lot of stuff, including my firewall. had to buy another.
View 3 Replies View RelatedCisco VPN :: AES 256 Which DH Group?
Jan 7, 2012I have been using aes 256 with dh group 2 and pfs group 2 for my site to site vpn tunnels.Now I am considering modifying the dh groups both for p1 and pfs to group 5 or keep it group 2.Is this a must to have dh group 5 with aes 256 or having dh group 2 with aes 256 is also common ?
View 1 Replies View RelatedHow To Disable Usb Using Group Policy
Feb 1, 2011how to disable usb using group policy
View 1 Replies View RelatedGroup Video Conferencing Over LAN?
Feb 28, 2011i want to establish a video conferencing system based using desktop computers so that at a time about 7-8 users are in a video conference simultaneosly. i have the media connectivity already established i.e on OFC. will i have to make a server.
View 5 Replies View RelatedCisco :: How To Add 4404 To Group
May 23, 2011We have two 4404's and WCS. The 4404's are almost maxed out. We have an addition 4404 which we would like to add to the group of 4404's
View 1 Replies View RelatedDeleting Port In EtherChannel Group?
Mar 24, 2011We have configuration of Etherchannel in Cisco 6509 connecting to Cisco 6513 switch, both running on CatOS. This is a group of 8 ports in 6509, due to some reasons one port in Etherchannel group went bad. I have disabled that bad port now. Now I have to delete that bad port from etherchannel group (First task) and add a new port to the group ( 2nd task). I have tried many cisco documents to completely delete the etherchannel port, but no use.
View 8 Replies View RelatedSharing :: DVD Movie On A Home-group?
May 22, 2011i have a desktop with a dvd drive in it. i would like to be able to watch a movie in the dvd drive on my laptop (ultraportable no drive) and i was thinking of sharing it with my homegroup or my network. i went in and shared my dvd drive with the network and i can see it on the laptop but when i click on the drive it just shows me the files on the movie disc. is there anyway i can watch the movie with vlc player or windows media player like that?
View 5 Replies View RelatedHow To Block Website Using Group Policy
Oct 4, 2011I want to block a website timely using group policy on window server 2008.
View 1 Replies View RelatedCisco AAA/Identity/Nac :: VPN Group Authorization With ACS 5.2
Apr 26, 2011I'm trying to set a VPN connection to a router using group authorization with the ACS 5.2 but cannot make it work. I configured everything based on the procedure used for ACS 4.2. I created a user that corresponds to the group name, used the password cisco and used all the requiered Cisco AV pairs in an authorization profile. (Based on document: [URL]
While testing with ACS 4.2 this works fine, I can see that the ACS returns the group attibutes correctly (here is a debug output)
Apr 9 16:16:59.256: RADIUS: Received from id 1645/22 192.168.1.212:1645, Access-Accept, len 203Apr 9 16:16:59.256: RADIUS: authenticator 02 07 F5 E6 46 78 73 CA - 46 6D 47 90 FE 92 38 9AApr 9 16:16:59.256: RADIUS: Vendor, Cisco [26] 30 Apr 9
[Code].....
Cisco VPN :: ASA 7.2(2) - No Translation Group Found?
Aug 1, 2010My remote VPN clients aren't able to do anything network wise once they have connected to the VPN. The ASA keeps coming up with "no translation group found" in the log.
Result of the command: "show running"
: Saved:ASA Version 7.2(2) !hostname ciscoasadomain-name office.propertyfinder.comenable password ######## encryptednamesdns-guard!interface GigabitEthernet0/0 description Office Network Interface nameif Office-LAN security-level 100 ip address 10.121.10.4 255.255.255.0 ospf cost 10!interface GigabitEthernet0/1 description 4Mbps BTNet Internet Connection nameif Internet-Primary security-level 0 ip address 213.121.253.33 255.255.255.248 ospf cost 10!interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address!interface GigabitEthernet0/3 description Office Wireless Interface nameif Office-Wireless security-level 10 ip address 172.16.0.1 255.255.255.0 ospf cost 10!interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ospf cost 10 management-only!passwd 2KFQnbNIdI.2KYOU encryptedboot system disk0:/asa722-k8.binftp mode passivedns domain-lookup Office-LANdns server-group DefaultDNS name-server 10.121.10.20 name-server 10.121.10.21 domain-name
[code]....
Cisco :: 7510 AP Group Not Working As Well
Sep 27, 2012I Have an issue about AP Group.On my scenario, I have one Flex WLC 7510 using software version 7.0.220, And all APs are 1131.I have some sites with H-Reap, where H-Reap is configured properly.The Access Points are set with AP Group. AP Group is configured properly too. Each AP Group was configured for one site and was configured 2 SSIDs in each AP Group. All sites has 2 differents SSIDs.During some basic tests, in one site with 9 APs, I saw:
1. When the Access Points are registred on WLC, all APs are working fine. All APs has its 2 SSID added on slot 0 (radio 0)
2. If I disable the link between WLC and Access Points, 7 Access Points delete SSIDs on your AP Groups and replace it with 16 SSIDs (SSIDs on Default Group configured on WLC)
Cisco :: LMS 4.1 No Group Selector Available In Best Practices
Feb 1, 2012with LMS 4.1 Reporting in several areas it is possible with selecting devices to use 'Group Selector' (e.g. Syslog Severity Level Summary Report).Group Selector dynamically chooses devices in selected Group at Report runtime to get the latest devices.Not all Reports in LMS 4.1 provide this Group Selector, e.g. Best Practices Deviations/Discrepancies.Is that a bug? As DCR changes often (add/delete) we urgently need to dynamically perform reports to latest DCR-Population.
View 1 Replies View RelatedCisco Firewall :: SSH Key Exchange DH Group 14?
May 29, 2013I am trying to issue command "ssh key-exchange group dhgroup14" on several of my ASA firewalls. The key-exchange command is failing on 3 of 4 ASA firewalls. According to Cisco documentation, this command was introducted in 8.4. My ASA's are running version 8.6.1.10, 9.1.1.8, 9.1.1.10 and 9.1.2. The command is available only with 9.1.2.
Example from one my ASA.
lbjinetfw# show version | in Version
Cisco Adaptive Security Appliance Software Version 8.6(1)10
Device Manager Version 7.1(2)
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
lbjinetfw# config t
lbjinetfw(config)# ssh
[code]....
Cisco :: LMS 4.0 - Job Scheduling And Device Group
Jan 24, 2012I scheduled a periodic job (for example the compliance check job) on week basis and I specified one user's device group for this job (for example the branch_routers group). All is working, but when new devices are added to this group (the branch_routers group), the scheduled job is not provided for these new devices. Is it the default behaviour? Can I change it?
View 1 Replies View Related