Can't set service policy
I am not able to have Service-Policy... " commands enabled in my Router that is working as a PE in the lab.
The router info is as follows:
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-JS-M), Version 12.2(21a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 09-Jan-04 16:23 by kellmill
Image text-base: 0x60008930, data-base: 0x61458000
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (f
c1)
PE uptime is 5 hours, 12 minutes
System returned to ROM by power-on
System image file is "flash:slot0"
cisco 3640 (R4700) processor (revision 0x00) with 44032K/5120K bytes of memory.
Processor board ID 22105451
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
1 Serial network interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Can someone help with it.. thx.
Hi
Are you trying to bind the service policy under any of the interface or class map or in the control plane config ?
can you post what exactly you are trying to do and the error you are recieving while do so ..
regds
Similar Messages
-
Can't apply service-policy to atm int?
Attempted to apply service-policy output MPLS-EGRESS to ATM Int:
class-map match-any GOLD
match mpls experimental topmost 5
match ip precedence 5
class-map match-any BRONZE
match mpls experimental topmost 3
match ip precedence 3
class-map match-any SILVER
match mpls experimental topmost 4
match ip precedence 4
policy-map MPLS-EGRESS
class GOLD
priority percent 5
set mpls experimental topmost 5
class SILVER
bandwidth percent 10
random-detect
set mpls experimental topmost 4
class BRONZE
bandwidth percent 20
random-detect
set mpls experimental topmost 3
class class-default
set mpls experimental topmost 0
fair-queue
random-detect
interface ATM4/0.102 point-to-point
description TRUNK LINK TO PE_B
bandwidth 16000
ip address xxx.xxx.xxx.xxx 255.255.255.252
no ip redirects
no ip proxy-arp
ip ospf message-digest-key xxx
no snmp trap link-status
mpls ip
pvc PE_B 10/102
tx-ring-limit 3
oam-pvc manage
encapsulation aal5snap
service-policy output MPLS-EGRESS
And it *appears* to apply without error, but logs show:
Jul 28 09:34:32.550 aest: %SCHED-3-SEMLOCKED: Virtual Exec attempted to lock a semaphore, already locked by itself -Traceback= 0x61317864 0x62658A88 0x620F0A4C 0x60DD3668 0x60DD5648 0x6135ABD8 0x61379744 0x62644508 0x626444EC
Jul 28 09:34:33.870 aest: I/f ATM4/0.102 VC 10/102 class GOLD requested bandwidth 0 (kbps), available only 0 (kbps)
And ATM4/0.102 does not include the service-policy output MPLS-EGRESS when I do a show run nor when I do a sho policy-map interface?Resolved my own issue - I needed:
vbr-nrt 32000 16000
under the atm sub int... -
Can i set the policy in code not in a policy file
normally starting rmi client with a policy file. and start the client with such JVM parameters: java.security.policy and java.rmi.codebase.
But in jsp how can i specify these JVM parameters.Or can i make the policy in code not in
a file.You can specifiy inline with code otherwise malicious code would use it the grant all permissions before it wrecks havoc on the system.
When your Servlet engine starts (Tomcat, JBoss, depends on which you are using) there will either be an option to pass in additional policy file, or a policy file will exist inthe servlet engine directory path for you to edit and add your entries to. -
My service preferences won't set after installing combined update earlier this week and the security 2012-4 update that caused so much problem with mail. Is there a list of changes that was made in safari with this latest update, because the bookmarking isn't working the same and the readling list page is gone?
because the bookmarking isn't working and the same and the reading list page is gone?
Your profile indicates you have v10.7.2 installed yet your topic refers to v10.6.8 (Snow Leopard).
Try this...
Open System Preferences > iCloud
Deselect the box next to Safari then reselect it.
Give iCloud a few minutes to re sync your bookmarks and reading list.
Safari 5.0.5 is an outdated version. You need to update Safari.
Click your Apple menu icon top left in your screen. From the drop down menu click Software Update...
Restart your Mac after the updates are installed. -
OIM-How can i set a password policy which does not contain any space?
How can i set a password policy which does not contain any space?
I put space at Characters not allowed but it is not working.
Can anyone help me out?You can go to Settings>Messages and turn off Messages. Then go to Settings>General>Restrictions and turn on the the Restriction that prevent changing accounts.
I just verified that it works. -
iCloud says "you can't sing in because of a server error" running Windows Vista x32 service pack 2. Can't set it up on my PC any ideas?
I have used the solution below to fix mine and others that have run into this issue.
Start --> Programs --> Accessories (Right Click on Command Prompt) --> Run as Administrator
then type in: "Netsh winsock reset" (-without the quotes-)
Hit enter, restart PC, iCloud For PC should now connect without any server errors
(This solutions will work in some instances when trying to fix errors associated when you are unable to connect to iTunes also.) -
Can not set remote error true in reporting service's properties's advanced
can not set remote error true in reporting service's properties's advanced
美斯: 唔理幾多個皇上啦, 個波呢家係皇上果度!!!Hello,
Based on the limited information, I am not very clearly about you issue. In order to solve the problem more efficiently, I need to clarify some information. Are you get some error messages when you set EnableRemoteErrors to true? Or do you mean that it doesn’t
throw error message to us, but the property is useless? And could you tell me the edition of your SQL Server?
It is benefit for us to do further analysis. Thank you for your understanding.
The following document may help you:
http://technet.microsoft.com/en-us/library/aa337165(v=sql.110).aspx
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
I have two older iPhones (3g, 3gs) that I've given to my granddaughters. The phones don't have phone service so they're using them like an iPod touch. Can I set up Messages for them on these phones without a phone number or data plan using only Wi-Fi?
Yes you can. Just make sure you have iMesages on. You will need to go into Settings>Messages and turn it on and log in to their Apple IDs. I was having some activation issues when I first got my iPhone 4S [it was the carrier's fault, not the iPhone's] and I was using iMessages with my Apple ID to text my friends who had iPhones. I of course had to be connected to Wi-Fi for it to work. Hope that helps.
You could also have them download a texting app and they could use that on Wi-Fi. There are many free ones out there. I personally enjoy Text Now. Gives you your own phone number so others can text you too, not just iDevices. -
2 New Ipads (Retina and Mini)(New to Apple) How do I share purchased apps, but others have each act independently? Mini is for the Wife the Ipad4? is for me. I want to use mine at work, etc. She's home with the kids. Can we set them up seperate, but share
--break--
So we are entirely new to Apple products. I'm an IT guy, but have always been a windows user.
So the Ipad with Retina Display is to be mine (and will use it at work for notes, organization, etc)
The MINI is for the wife.
But, are we allowed and can we.. buy an app and share that app between both devices? IE. Can I buy a copy of Angry Birds for the House and both Ipad's use that single purchase? and if so, can we still run the Ipads seperate other than to share the apps purchased. IE my facebook and email set up on mine and hers on her ipad mini?
When I finally find a note taking app I like, can I share it on her ipad, without her having all my work files, etc?
Thanks for helping out the apple noob. Hoping for a great experience, and anticipate droping $100 in apps the first day.. just don't want to do that twice. If this is against the usage policy, thats unfortunate but good to know. (I mean we can share stuff on PC as long as its in the same household)
thanks again (explanations or links are fine)There are a number of Apple services: iMessage, FaceTime, iCloud, Game center, Find My iPad, etc.
Now, to share apps, music and books you need to have the same Apple ID:
iPad's Settings > iTunes & App Stores > Apple ID > Your purchasing Apple ID.
For the other service, your wife should have her own Apple ID.
All she needs is a valid e-mail address, apply Apple ID below:
https://appleid.apple.com
Here's a limk with useful tips: Note: It's also valid in IOS 6
iOS 5 & iCloud Tips: Sharing an Apple ID With Your Family -
Policy map/ class map/ service policy for IOS xr
Hi,
I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
the IOS xr version we are using is 4.3.4
I was hoping someone could help me out by giving me a configuration example I could follow.
Thank you.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
Fundamental ACL & Service Policy related questions
Hi All,
apologies in advance for seemingly stupid questions but I was forced to ask them as I have ALWAYS had great difficulty in using debug on Cisco platforms. Nothing ever shows up when I set up debug despite configuring "logging console" and setting the level to 7 etc. I have no clue why that is and if it's because all debugging messages go to the debug log instead of being prnted on the console, or what it is...I just don't get it. When I'm saying logging console...please print it on the console! Anyway, that rant aside...
I have a VERY simple topology like so
A few servers in this VLAN
ISP <---> 3560G (Physical Routed Port) <--> SVI (VLAN)
ASA5520 <--> Internal VLAN
With regards to ACLs and their direction, when an ACL is applied to a physical port (or in cases where QoS is enabled and a service-policy) is applied to either a routed physical port on the 3560, saying that the policy is applied in the "in" direction (or 'input' in case of service-policy) does that mean 'inbound' in either direction? As in IF that routed port is my direct connection to the ISP, and I set up "ip access-group myacl in" (or service-policy input myPolicymap) ...will that be applicable if the traffic enters that port from the ISP side OR from the internal network side, or "IN" for it is always JUST the ISP side because it's assuming that all traffic generated from inside the network going out to the Internet is implcitly allowed UNLESS an ACL somewhere in the network restricts that?
then, in case of an SVI...I believe just like the physical routed port, I can ONLY implement an "Inbound" ACL on this as well. So when I implement either a Heirarchical policy-map or just an access-group "in", then what is "IN" ...traffic entering this VLAN from the internal network and those public servers going out to the Internet AND Traffic entering this VLAN from the ISP/Internet via the physical routed Port OR is it JUST the latter, or is it just the former?
Now Lastly, when I have the physical ports to which the ASA and each of those physical servers are connected to sitting on the public VLAN, if I apply port-based ACLs or service-policies to them, then again, what direction is the "IN" ACL applied? Both? i.e. traffic coming into it from the public servers and the Internal network through the ASA, and the Internet OR just the traffic coming into it from the Internet, but the traffic going out from the servers to the Internet is not subjected to this ACL or service-policy
Again, very sorry for a dumb question but I'm seeing bizzare things in my network so was just wondering before I decide on what kind of security I want to plan/design
Thanks in advanceThe mystical difference between debug output going to the console versus showing up in syslog is "logging debug-trace". On goes to syslog, "no logging debug-trace" goes to console. I've been bit by this one myself.
ACLs on physical ports have directionality like the cable plug: "in" is from the cable entering into the switch or firewall, "out" is leaving the device to run along the cable to somewhere else. On Catalyst switches port ACLs are inbound (receiving packets) only. Obviously, on directly connected devices, one devices out is the other devices in.
ACLs on SVI's depend on whether your are running a base image or services image; services images can do IPv4 and IPv6 in both directions. However, port ACL's trump routed ACL's; if both exist, the port ACL is the only one applied. I think if a directly connected port has no port ACL, no ACL is applied at all; routed ACL's on SVI's only apply to transitions between VLANs inside the switch, not to traffic entering physical ports.
-- Jim Leinweber, WI State Lab of Hygiene -
FMW11g WSM , Can't set keystore.recipient.alias in ADF Connections
Hi.
I added a wsm server policy on a composite service. this works fine. And as client I have a ws datacontrol in an ADF application.
I can deploy this ADF application to WSL and change the ADF connections in the Enterprise manager. When I select the connection and do Edit Web Service, select the wsm client policy I can't set keystore.recipient.alias. when I put in a new value and do apply nothing happens. and it holds the default value ( orakey ).
Hope someone can help me with this
thanks EdwinI found it ,
it is a read only repos, so I can override this property in the datacontrol ( define security settings ) of the adf application
thanks -
My ISP has said they will set up their side to give 50% policed real time traffic and 30% for our application traffic burstable then 5% anything else burstable. The QOS below is my attempt to do this but I was advised that to apply it to the Dialer 1 interface I hade to create a second policy-map (ADSLOut) which had the class-default and the child policy (QOSADSL) within that.
When I did this I can't apply it to the Dialer 1 interface but if I use the child policy then it will allow me to apply that, will this work the same way.
class-map match-all RealTime
match ip dscp ef
class-map match-all General
match any
class-map match-any Application
match ip dscp cs3
match ip dscp af41
policy-map QOSADSL
class RealTime
bandwidth percent 50
class Application
priority percent 30
class General
priority percent 5
class class-default
shape peak percent 85
policy-map ADSLOut
class class-default
service-policy QOSADSL
interface Dialer1
<Snipped>
bandwidth 1240
ip nbar protocol-discovery
ip flow ingress
ip flow egress
load-interval 30
tx-ring-limit 3
tx-queue-limit 3
service-policy output QOSADSL
or
service-policy output ADSLOutHi @scotlandvisit,
My first opinion is a recomendation: in the policy-map, when you're configuring LLQ use the priority command for delay-sensitive traffic (Voice) and the bandwidth command for the rest. This is because the priority command is used to indentify a class as a "strict priority class" which in my opinion should be the voice traffic and the bandwidth command is used to allocate bandwidth to nonpriority classes.
The interface is not letting you apply the service-policy because you have to configure shaping inside the class-default of the parent policy-map. This shape is going to be the value in bps that you want to assing to the traffic classes that you've configured. For example, let's say that you want to allocate 1Mbps for all the classes.
policy-map QOSADSL
class RealTime
priority percent 50
class Application
bandwidth percent 30
class General
bandwidth percent 5
class class-default
shape peak percent 85
policy-map ADSLOut
class class-default
shape average 1000000
service-policy QOSADSL
interface Dialer1
service-policy output ADSLOut
Try this configuration and let me know.
HTH.
Rgrds,
Martin, IT Specialist -
Assign QoS Service Policy via RADIUS to Catalyst 45k/37k?
hi,
is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?
in detail, we would like to assign this policy
policy-map SET_EF
class class-default
set dscp ef
to an interface. All traffic should be marked with a defined DSCP value.
This works find when doing it statically with
interface FastEthernet2/1
service-policy input SET_EF
but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for
that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.
we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k (http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1926523)
unfortunately this seems to not work on Catalyst 45k and 37k.
In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.
it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)
4503-E#sh aaa attributes
AAA ATTRIBUTE LIST:
Type=1 Name=disc-cause-ext Format=Enum
Type=2 Name=Acct-Status-Type Format=Enum
<snip>
Type=345 Name=sub-policy-In Format=String
Type=346 Name=sub-qos-policy-in Format=String
Type=347 Name=sub-policy-Out Format=String
Type=348 Name=sub-qos-policy-out Format=String
any input is welcome :-))
best reagrdsadditionally to this discussion, i've just opened a service request with TAC.
unfortunately the engineer told me that by now per-User QoS is definitely no supported on this two plattforms but it's listed on the roadmap and will be possibly availabe mid 2012...... -
High current conns in service policy.
Hi,
We have the following policy on a firewall to limit the maximum number of connections:
policy-map global_policy
class HTTP
set connection conn-max 2250 embryonic-conn-max 100 per-client-max 20 per-client-embryonic-max 5
set connection timeout half-closed 0:05:00 idle 0:05:00
If we look in the logs we see that connections are being dropped because of this:
Feb 05 2014 12:33:12: %ASA-3-201011: Connection limit exceeded 2250/2250 for input packet from x.x.x.x/63257 to x.x.x.x/80 on interface outside
Feb 05 2014 12:33:12: %ASA-3-201011: Connection limit exceeded 2250/2250 for input packet from x.x.x.x/53429 to x.x.x.x/80 on interface outside
Feb 05 2014 12:33:12: %ASA-3-201011: Connection limit exceeded 2250/2250 for input packet fromx.x.x.x/48613 to x.x.x.x/80 on interface outside
And these show true if we look at the service policy
XXXX# show service-policy global
Global policy:
Service-policy: global_policy
Class-map: HTTP
Set connection policy: conn-max 2250 embryonic-conn-max 100 per-client-max 20 per-client-embryonic-max 5
current embryonic conns 2, current conns 2250, drop 15870337
Set connection timeout policy:
half-closed 0:05:00 idle 0:05:00
DCD: disabled, retry-interval 0:00:15, max-retries 5
DCD: client-probe 0, server-probe 0, conn-expiration 0
However the connections on the firewall and servers aren’t high
xxxxx# show conn count
529 in use, 2485 most used
Can anyone explain why this is, not sure if it is bug or is normal expected behavour. Is this "current conns" figure meant to corresond to the firewall conns, or is taking from something else? I guess they only way to remove this is to remove and re-add the policy, just wanted to get peoples thoughts on it or see if I was missing something.
This is on an ASA5510 running Software Version 8.2(5)41
Thankshi all ,
im really exhausted about this issue
i googled alot , i have been googling about 1 week with no benefit !!!!!
i changed ios many times but no luck !!!!
i followed the navigatro tool of cisco , it say that cisco 7200 npeg2 dont support the feaute called
QoS: Per-Session Shaping and Queuing
i followed here
http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbsbpssq.html
they say it supported for ios that supported with 7200
i found an old discsuuion on internet for guys about cisco 7200 for shap
i dont know
not sure
does cisco 7200 support shaping and bw gurantee for vpdn session on LNS router ?????????
i need an expert for that
plz help
regards
Maybe you are looking for
-
Photos on timeline showing black when using ken burns effect
My photos in the project are not visible in the preview window when selecting'show settings' after the ken burns effect has been applied. The arrow moves but the screen is black. Any ideas ??
-
WHen I connect my IPOD to my pc it isnt recognized and doesn't connect to ITunes. WHen I connect a second IPOD it is recognized. HELP.................
-
ESS/MSS Role : Employee Search
Do I have to give * in IT0001 and IT0002...etc for Auth objects in ECC for Employee Search in ESS/MSS to work ? Kindly help.....
-
Jdeveloper BPEL designer. not running
Hi, Again i installed patch 1,2 &3 but when double clicking on the Jdeveloper designer it just close i'm not able to run it. Any solutino to fix this ?? PS: thsi happend right after i logged in to the BPEL console using the Default password! before i
-
Need to obtain material last consumption date
Greetings, Experts! I am writing a report, and one of the requirements is supplying the date a material was last consumed. I will also be using this date as a date range selection. Where can I find the last consumption date of a material? Not a perio