Can't set service policy

Similar Messages

• Can't apply service-policy to atm int?

  Attempted to apply service-policy output MPLS-EGRESS to ATM Int:
  class-map match-any GOLD
  match mpls experimental topmost 5
  match ip precedence 5
  class-map match-any BRONZE
  match mpls experimental topmost 3
  match ip precedence 3
  class-map match-any SILVER
  match mpls experimental topmost 4
  match ip precedence 4
  policy-map MPLS-EGRESS
  class GOLD
  priority percent 5
  set mpls experimental topmost 5
  class SILVER
  bandwidth percent 10
  random-detect
  set mpls experimental topmost 4
  class BRONZE
  bandwidth percent 20
  random-detect
  set mpls experimental topmost 3
  class class-default
  set mpls experimental topmost 0
  fair-queue
  random-detect
  interface ATM4/0.102 point-to-point
  description TRUNK LINK TO PE_B
  bandwidth 16000
  ip address xxx.xxx.xxx.xxx 255.255.255.252
  no ip redirects
  no ip proxy-arp
  ip ospf message-digest-key xxx
  no snmp trap link-status
  mpls ip
  pvc PE_B 10/102
  tx-ring-limit 3
  oam-pvc manage
  encapsulation aal5snap
  service-policy output MPLS-EGRESS
  And it *appears* to apply without error, but logs show:
  Jul 28 09:34:32.550 aest: %SCHED-3-SEMLOCKED: Virtual Exec attempted to lock a semaphore, already locked by itself -Traceback= 0x61317864 0x62658A88 0x620F0A4C 0x60DD3668 0x60DD5648 0x6135ABD8 0x61379744 0x62644508 0x626444EC
  Jul 28 09:34:33.870 aest: I/f ATM4/0.102 VC 10/102 class GOLD requested bandwidth 0 (kbps), available only 0 (kbps)
  And ATM4/0.102 does not include the service-policy output MPLS-EGRESS when I do a show run nor when I do a sho policy-map interface?

  Resolved my own issue - I needed:
  vbr-nrt 32000 16000
  under the atm sub int...

• Can i set the policy in code not in a policy file

  normally starting rmi client with a policy file. and start the client with such JVM parameters: java.security.policy and java.rmi.codebase.
  But in jsp how can i specify these JVM parameters.Or can i make the policy in code not in
  a file.

  You can specifiy inline with code otherwise malicious code would use it the grant all permissions before it wrecks havoc on the system.
  When your Servlet engine starts (Tomcat, JBoss, depends on which you are using) there will either be an option to pass in additional policy file, or a policy file will exist inthe servlet engine directory path for you to edit and add your entries to.

• How can I set service preferences with Safari 5.0.5 and os 10.6.8?  Was working fine until combined update install.

  My service preferences won't set after installing combined update earlier this week and the security 2012-4 update that caused so much problem with mail. Is there a list of changes that was  made in safari with this latest update, because the bookmarking isn't working the same and the readling list page is  gone?

  because the bookmarking isn't working and the same and the reading list page is gone?
  Your profile indicates you have v10.7.2 installed yet your topic refers to v10.6.8 (Snow Leopard).
  Try this...
  Open System Preferences > iCloud
  Deselect the box next to Safari then reselect it.
  Give iCloud a few minutes to re sync your bookmarks and reading list.
  Safari 5.0.5 is an outdated version. You need to update Safari.
  Click your Apple menu icon top left in your screen. From the drop down menu click Software Update...
  Restart your Mac after the updates are installed.

• OIM-How can i set a password policy which does not contain any space?

  How can i set a password policy which does not contain any space?
  I put space at Characters not allowed but it is not working.
  Can anyone help me out?

  You can go to Settings>Messages and turn off Messages. Then go to Settings>General>Restrictions and turn on the the Restriction that prevent changing accounts.
  I just verified that it works.

• ICloud says there is server error when I try sign in on Windows Vista x32 service pack 2. Can't set it up on my PC any ideas?

  iCloud says "you can't sing in because of a server error" running Windows Vista x32 service pack 2. Can't set it up on my PC any ideas?

  I have used the solution below to fix mine and others that have run into this issue.
  Start --> Programs --> Accessories (Right Click on Command Prompt) --> Run as Administrator
  then type in:  "Netsh winsock reset"  (-without the quotes-)
  Hit enter, restart PC, iCloud For PC should now connect without any server errors
  (This solutions will work in some instances when trying to fix errors associated when you are unable to connect to iTunes also.)

• Can not set remote error true in reporting service's properties's advanced

  can not set remote error true in reporting service's properties's advanced
  美斯: 唔理幾多個皇上啦, 個波呢家係皇上果度!!!

  Hello,
  Based on the limited information, I am not very clearly about you issue. In order to solve the problem more efficiently, I need to clarify some information. Are you get some error messages when you set EnableRemoteErrors to true? Or do you mean that it doesn’t
  throw error message to us, but the property is useless? And could you tell me the edition of your SQL Server?
  It is benefit for us to do further analysis. Thank you for your understanding. 
  The following document may help you:
  http://technet.microsoft.com/en-us/library/aa337165(v=sql.110).aspx
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• HT3529 I have two older iPhones (3g, 3gs) that I've given to my granddaughters. The phones don't have phone service so they're using them like an iPod touch. Can I set up Message on these phones without a phone number for them or data plan?

  I have two older iPhones (3g, 3gs) that I've given to my granddaughters. The phones don't have phone service so they're using them like an iPod touch. Can I set up Messages for them on these phones without a phone number or data plan using only Wi-Fi?

  Yes you can. Just make sure you have iMesages on. You will need to go into Settings>Messages and turn it on and log in to their Apple IDs. I was having some activation issues when I first got my iPhone 4S [it was the carrier's fault, not the iPhone's] and I was using iMessages with my Apple ID to text my friends who had iPhones. I of course had to be connected to Wi-Fi for it to work. Hope that helps.
  You could also have them download a texting app and they could use that on Wi-Fi. There are many free ones out there. I personally enjoy Text Now. Gives you your own phone number so others can text you too, not just iDevices.

• 2 New Ipads (Retina and Mini)(New to Apple) How do I share purchased apps, but others have each act independently? Mini is for the Wife the Ipad4? is for me. I want to use mine at work, etc. She's home with the kids. Can we set them up seperate, but share

  2 New Ipads (Retina and Mini)(New to Apple) How do I share purchased apps, but others have each act independently? Mini is for the Wife the Ipad4? is for me. I want to use mine at work, etc. She's home with the kids. Can we set them up seperate, but share
  --break--
  So we are entirely new to Apple products. I'm an IT guy, but have always been a windows user.
  So the Ipad with Retina Display is to be mine (and will use it at work for notes, organization, etc)
  The MINI is for the wife.
  But, are we allowed and can we.. buy an app and share that app between both devices? IE. Can I buy a copy of Angry Birds for the House and both Ipad's use that single purchase? and if so, can we still run the Ipads seperate other than to share the apps purchased. IE my facebook and email set up on mine and hers on her ipad mini?
  When I finally find a note taking app I like, can I share it on her ipad, without her having all my work files, etc?
  Thanks for helping out the apple noob. Hoping for a great experience, and anticipate droping $100 in apps the first day.. just don't want to do that twice. If this is against the usage policy, thats unfortunate but good to know. (I mean we can share stuff on PC as long as its in the same household)
  thanks again (explanations or links are fine)

  There are a number of Apple services: iMessage, FaceTime, iCloud, Game center, Find My iPad, etc.
  Now, to share apps, music and books you need to have the same Apple ID:
  iPad's Settings > iTunes & App Stores > Apple ID > Your purchasing Apple ID.
  For the other service, your wife should have her own Apple ID.
  All she needs is a valid e-mail address, apply Apple ID below:
  https://appleid.apple.com
  Here's a limk with useful tips: Note: It's also valid in IOS 6
  iOS 5 & iCloud Tips: Sharing an Apple ID With Your Family

• Policy map/ class map/ service policy for IOS xr

  Hi,
  I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
  I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
  the IOS xr version we are using is 4.3.4
  I was hoping someone could help me out by giving me a configuration example I could follow.
  Thank you.

  for instance like this:
  policy-map police-in
  class class-default
  police rate 10 mpbs <optionally set burst>
  policy-map shape-out-parent
  class class-default
  shape 10 mpbs <optional burst config>
  service-policy shape-out-child
  policy-map shape-out-child
  class class-default
  queue-limit 10 packets
  int g 0/0/0/0
  service-policy police-in in
  service-policy shape-out-parent out
  also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
  and the support forum article of "asr9000 quality of service architecture"
  xander

• Fundamental ACL & Service Policy related questions

  Hi All,
  apologies in advance for seemingly stupid questions but I was forced to ask them as I have ALWAYS had great difficulty in using debug on Cisco platforms. Nothing ever shows up when I set up debug despite configuring "logging console" and setting the level to 7 etc. I have no clue why that is and if it's because all debugging messages go to the debug log instead of being prnted on the console, or what it is...I just don't get it. When I'm saying logging console...please print it on the console! Anyway, that rant aside...
  I have a VERY simple topology like so
                                                                                      A few servers in this VLAN
  ISP <---> 3560G (Physical Routed Port) <--> SVI (VLAN)
                                                                                      ASA5520 <--> Internal VLAN
  With regards to ACLs and their direction, when an ACL is applied to a physical port (or in cases where QoS is enabled and a service-policy) is applied to either a routed physical port on the 3560, saying that the policy is applied in the "in" direction (or 'input' in case of service-policy) does that mean 'inbound' in either direction? As in IF that routed port is my direct connection to the ISP, and I set up "ip access-group myacl in" (or service-policy input myPolicymap) ...will that be applicable if the traffic enters that port from the ISP side OR from the internal network side, or "IN" for it is always JUST the ISP side because it's assuming that all traffic generated from inside the network going out to the Internet is implcitly allowed UNLESS an ACL somewhere in the network restricts that?
  then, in case of an SVI...I believe just like the physical routed port, I can ONLY implement an "Inbound" ACL on this as well. So when I implement either a Heirarchical policy-map or just an access-group "in", then what is "IN" ...traffic entering this VLAN from the internal network and those public servers going out to the Internet AND Traffic entering this VLAN from the ISP/Internet via the physical routed Port OR is it JUST the latter, or is it just the former?
  Now Lastly, when I have the physical ports to which the ASA and each of those physical servers are connected to sitting on the public VLAN, if I apply port-based ACLs or service-policies to them, then again, what direction is the "IN" ACL applied? Both? i.e. traffic coming into it from the public servers and the Internal network through the ASA, and the Internet OR just the traffic coming into it from the Internet, but the traffic going out from the servers to the Internet is not subjected to this ACL or service-policy
  Again, very sorry for a dumb question but I'm seeing bizzare things in my network so was just wondering before I decide on what kind of security I want to plan/design
  Thanks in advance

  The mystical difference between debug output going to the console versus showing up in syslog is "logging debug-trace".  On goes to syslog, "no logging debug-trace" goes to console.  I've been bit by this one myself.
  ACLs on physical ports have directionality like the cable plug: "in" is from the cable entering into the switch or firewall, "out" is leaving the device to run along the cable to somewhere else.  On Catalyst switches port ACLs are inbound (receiving packets) only.  Obviously, on directly connected devices, one devices out is the other devices in.
  ACLs on SVI's depend on whether your are running a base image or services image; services images can do IPv4 and IPv6 in both directions.  However, port ACL's trump routed ACL's; if both exist, the port ACL is the only one applied.  I think if a directly connected port has no port ACL, no ACL is applied at all; routed ACL's on SVI's only apply to transitions between VLANs inside the switch, not to traffic entering physical ports.
  -- Jim Leinweber, WI State Lab of Hygiene

• FMW11g WSM , Can't set keystore.recipient.alias in ADF Connections

  Hi.
  I added a wsm server policy on a composite service. this works fine. And as client I have a ws datacontrol in an ADF application.
  I can deploy this ADF application to WSL and change the ADF connections in the Enterprise manager. When I select the connection and do Edit Web Service, select the wsm client policy I can't set keystore.recipient.alias. when I put in a new value and do apply nothing happens. and it holds the default value ( orakey ).
  Hope someone can help me with this
  thanks Edwin

  I found it ,
  it is a read only repos, so I can override this property in the datacontrol ( define security settings ) of the adf application
  thanks

• ADSL QOS service policy

  My ISP has said they will set up their side to give 50% policed real time traffic and 30% for our application traffic burstable then 5% anything else burstable.  The QOS below is my attempt to do this but I was advised that to apply it to the Dialer 1 interface I hade to create a second policy-map (ADSLOut) which had the class-default and the child policy (QOSADSL) within that.
  When I did this I can't apply it to the Dialer 1 interface but if I use the child policy then it will allow me to apply that, will this work the same way.
  class-map match-all RealTime
   match ip dscp ef
  class-map match-all General
   match any
  class-map match-any Application
   match ip dscp cs3
   match ip dscp af41
  policy-map QOSADSL
   class RealTime
    bandwidth percent 50
   class Application
    priority percent 30
   class General
    priority percent 5
   class class-default
    shape peak percent 85
  policy-map ADSLOut
   class class-default
     service-policy QOSADSL
  interface Dialer1
  <Snipped>
   bandwidth 1240
   ip nbar protocol-discovery
   ip flow ingress
   ip flow egress
   load-interval 30
   tx-ring-limit 3
   tx-queue-limit 3
   service-policy output QOSADSL
  or
  service-policy output ADSLOut

  Hi @scotlandvisit,
  My first opinion is a recomendation: in the policy-map, when you're configuring LLQ use the priority command for delay-sensitive traffic (Voice) and the bandwidth command for the rest. This is because the priority command is used to indentify a class as a "strict priority class" which in my opinion should be the voice traffic and the bandwidth command is used to allocate bandwidth to nonpriority classes.
  The interface is not letting you apply the service-policy because you have to configure shaping inside the class-default of the parent policy-map. This shape is going to be the value in bps that you want to assing to the traffic classes that you've configured. For example, let's say that you want to allocate 1Mbps for all the classes.
  policy-map QOSADSL
   class RealTime
    priority percent 50
   class Application
    bandwidth percent 30
   class General
    bandwidth percent 5
   class class-default
    shape peak percent 85
  policy-map ADSLOut
   class class-default
    shape average 1000000
    service-policy QOSADSL
  interface Dialer1
   service-policy output ADSLOut
  Try this configuration and let me know.
  HTH.
  Rgrds,
  Martin, IT Specialist

• Assign QoS Service Policy via RADIUS to Catalyst 45k/37k?

  hi,
  is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?
  in detail, we would like to assign this policy
      policy-map SET_EF
       class class-default
         set dscp ef
  to an interface. All traffic should be marked with a defined DSCP value.
  This works find when doing it statically with
      interface FastEthernet2/1
           service-policy input SET_EF
  but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for
  that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.
  we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k (http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1926523)
  unfortunately this seems to not work on Catalyst 45k and 37k.
  In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.
  it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)
      4503-E#sh aaa attributes
      AAA ATTRIBUTE LIST:
          Type=1     Name=disc-cause-ext                 Format=Enum
          Type=2     Name=Acct-Status-Type               Format=Enum
      <snip>
          Type=345   Name=sub-policy-In                  Format=String
          Type=346   Name=sub-qos-policy-in              Format=String
          Type=347   Name=sub-policy-Out                 Format=String
          Type=348   Name=sub-qos-policy-out             Format=String
  any input is welcome :-))
  best reagrds

  additionally to this discussion, i've just opened a service request with TAC.
  unfortunately the engineer told me that by now per-User QoS is definitely no supported on this two plattforms but it's listed on the roadmap and will be possibly availabe mid 2012......

• High current conns in service policy.

  Hi,
  We have the following policy on a firewall to limit the maximum number of connections:
  policy-map global_policy
  class HTTP
    set connection conn-max 2250 embryonic-conn-max 100 per-client-max 20 per-client-embryonic-max 5
    set connection timeout half-closed 0:05:00 idle 0:05:00
  If we look in the logs we see that connections are being dropped because of this:
  Feb 05 2014 12:33:12: %ASA-3-201011: Connection limit exceeded 2250/2250 for input packet from x.x.x.x/63257 to x.x.x.x/80 on interface outside
  Feb 05 2014 12:33:12: %ASA-3-201011: Connection limit exceeded 2250/2250 for input packet from x.x.x.x/53429 to x.x.x.x/80 on interface outside
  Feb 05 2014 12:33:12: %ASA-3-201011: Connection limit exceeded 2250/2250 for input packet fromx.x.x.x/48613 to x.x.x.x/80 on interface outside
  And these show true if we look at the service policy
  XXXX# show service-policy global
  Global policy:
    Service-policy: global_policy
      Class-map: HTTP
        Set connection policy: conn-max 2250 embryonic-conn-max 100 per-client-max 20 per-client-embryonic-max 5
          current embryonic conns 2, current conns 2250, drop 15870337
        Set connection timeout policy:
          half-closed 0:05:00 idle 0:05:00
          DCD: disabled, retry-interval 0:00:15, max-retries 5
          DCD: client-probe 0, server-probe 0, conn-expiration 0
  However the connections on the firewall and servers aren’t high
  xxxxx# show conn count
  529 in use, 2485 most used
  Can anyone explain why this is, not sure if it is bug or is normal expected behavour. Is this "current conns" figure meant to corresond to the firewall conns, or is taking from something else? I guess they only way to remove this is to remove and re-add the policy, just wanted to get peoples thoughts on it or see if I was missing something.
  This is on an ASA5510 running Software Version 8.2(5)41
  Thanks

  hi all ,
  im really exhausted about this issue
  i googled alot , i have been googling about 1 week with no benefit !!!!!
  i changed ios many times but no luck !!!!
  i followed the navigatro tool of cisco , it say that cisco 7200 npeg2 dont support the feaute called
  QoS: Per-Session Shaping and Queuing
  i followed here
  http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbsbpssq.html
  they say it supported for ios that supported with 7200
  i found an old discsuuion on internet for guys about cisco 7200 for shap
  i dont know
  not sure
  does cisco 7200 support shaping and bw gurantee for vpdn session on LNS router ?????????
  i need an expert for that
  plz help
  regards