NBAR in RSP720-3C-10GE

Hi,
Does RSP720-3C-10GE with 7600-PFC3C-10GE of 7609-S chassis support NBAR?

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I think the only 6500 sup (itself) that supported anything like NBAR was the sup32-PISA's FPM. The FlexWAN cards might.
PS:
Some NBAR is just a pretty face on an ACE. Some NBAR, though, does deep packet inspection and/or stateful inspection. The former you can usually substitute an ACL but the latter will be a problem.

Similar Messages

Netflow on 7604

I have a Cisco 7604 which has a RSP720-3C-10GE supervisor. With netflow I want to capture traffic from interface vlans and some physical ports. I'm a bit unsure about the configuration. I've done some research and this is what i've come up with but im not sure if it is all nesscary.
mls netflow interface
mls flow ip interface-full
mls nde sender version 7
mls aging long 64
mls aging normal 32
ip flow-export destination 10.209.92.28 9996
ip flow-export version 7
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
For interfaces:
ip flow ingress
Do I need both the mls aging and ip flow-cache timeout commands? What are the recommened values for these commands? Am I missing anything that I should have?
Many Thanks,
Sebastian

So is Crannog Netflow Tracker reporting flows for other interfaces of the router? Is there "little" (which implies there's some, to me) or "no" flow for g3/9?
In the unlikely case the command "show ip flow interface" is available, it's the easiest way to determine whether there're flows out of g3/9.
Does the 7604 have any NDE config for the PFC? E.g.:
mls aging fast threshold ##
mls aging long ##
mls aging normal ##
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5

High CPU Utilization in 7603 router with RSP720-10GE

Hi everyone
We have a 7603 router with "RSP720-10GE" and we have high cpu utilization due to high amount of interrupts.
The output of “show cef drop” and “show ip cef switching statistics” commands show lots of packets that have been dropped by CEF.
But CEF is enabled on every physical interfaces and on every GRE tunnel that we have on this router.
As I understand the output of “show ip cef switching statistics” command shows some of the reasons for CEF dropping packets like “Routed to Null0” but I don’t know how to solve them. For example I can’t delete routes to Null0 because it’s going to cause routing loops in our network. Could you please help me

Hey,
The output shows high interrupt to CPU, So collect the last output multiple times to see if the DROP values are incrementing. Also configure NetDr captures to see what packets are punted to CPU. I am adding a link for same:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/116475-technote-product-00.html
HTH.
Regards,
RS

QoS Packets not matching on 6500 with SUP720-10GE and SU2T

Hi,
I do not see packets matching in policy.
output below:
Switch#sh policy-map interface vlan 2232
Vlan2232
Service-policy input: HARDPHONE-VVLAN
Class-map: VOICETRAFFIC (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICETRAFFIC
Class-map: VOICESIGNALING (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICESIGNALING
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
I also not find packets matching ACL:
switch#sh access-lists
Extended IP access list VIDEOTRAFFIC
10 permit udp any any range 16384 32767
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 range 16384 32767
I checked policies, they looks applied correctly.
On SUP-720-10GE, I modified ACL to 'permit udp any any' but not found any matching packets. There are plenty of IP phones connected directly to this switch belongs to voice VLAN. I applied VLAN based QoS under voice VLAN and other VLANs too.
I observed different thing on SUP 2T. I saw packets matching ACL statement 'permit udp any any' but when I took off this line, ACL was not showing packets matching.
OUTPUT of IP phones connected to switch:
switch#sh cdp neighbors | in SEP
SEP0008308A5D7B Gig 13/38 143 H P M IP Phone Port 1
SEP0008308A5DE0 Gig 10/1 121 H P M IP Phone Port 1
SEP0023049C6348 Gig 3/42 152 H P M IP Phone Port 1
SEP0021A02D64D4 Gig 9/28 120 H P M IP Phone Port 1
SEP1C6A7AE0588E Gig 3/9 127 H P M IP Phone Port 1
SEP00229059969E Gig 12/48 166 H P M IP Phone Port 1
SEP0008308AF26F Gig 2/7 161 H P M IP Phone Port 1
SEP00235EB7BE0E Gig 4/2 154 H P M IP Phone Port 1
SEP00229059BE5A Gig 6/37 158 H P M IP Phone Port 1
SEP1CAA07115CF3 Gig 12/29 148 H P M IP Phone Port 1
SEP00235EB7884F Gig 9/3 156 H P M IP Phone Port 1
SEP0008308B03FB Gig 2/30 178 H P M IP Phone Port 1
SEP006440B42CD3 Gig 3/45 132 H P M IP Phone Port 1
SEP0022905991C9 Gig 11/4 145 H P M IP Phone Port 1
SEP0008308A5E6C Gig 6/36 124 H P M IP Phone Port 1
SEP006440B427CA Gig 13/31 170 H P M IP Phone Port 1
SEP006440B425FF Gig 3/19 168 H P M IP Phone Port 1
SEP0008308A7AD7 Gig 2/3 159 H P M IP Phone Port 1
SEP0008308A3EB2 Gig 10/4 132 H P M IP Phone Port 1
SEP002414B45A0E Gig 10/28 170 H P M IP Phone Port 1
SEP04C5A4B19C8B Gig 2/15 162 H P M IP Phone Port 1
SEP006440B43DE6 Gig 9/48 162 H P M IP Phone Port 1
SEP006440B42B0D Gig 9/23 179 H P M IP Phone Port 1
Could anyone please help, how to make sure that packets are hitting correct ACL and policy on 6500 with SUP720-10GE and SUP2T.
Thanks,
Pruthvi

Please note that 6500 is used as L2 switch only and SVI are used for applying policies only.
Configuration below:
class-map match-all VOICESIGNALING
match access-group name VOICESIGNALING
class-map match-all VOICETRAFFIC
match access-group name VOICETRAFFIC
class-map match-all VIDEOTRAFFIC
match access-group name VIDEOTRAFFIC
policy-map HARDPHONE-VVLAN
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class class-default
police flow mask src-only 32000 8000 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STUDENT-DVLAN
class class-default
police flow mask src-only 25000000 1562500 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STAFF-DVLAN
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VIDEOTRAFFIC
police flow mask src-only 2000000 150000 conform-action set-dscp-transmit ef exceed-action drop
class class-default
police flow mask src-only 50000000 1000000 conform-action set-dscp-transmit ef exceed-action drop
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VOICETRAFFIC
permit udp any any dscp ef
permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
permit udp any any range 16384 32767 dscp ef
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VIDEOTRAFFIC
permit udp any any range 16384 32767 dscp ef
interface Vlan104
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan105
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan573
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan604
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan654
description PolicyOnlyInt
no ip address
service-policy input STUDENT-DVLAN
interface Vlan674
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan807
ip address 172.18.128.5 255.255.255.0
interface Vlan860
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan2016
description PolicyOnlyInt
no ip address
service-policy input HARDPHONE-VVLAN
interface Vlan3124
description PolicyOnlyInt
no ip address
shutdown
service-policy input HARDPHONE-VVLAN
switch#sh access-lists
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef <----- not showing any match
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 <----not shwoing any match
12 permit udp any any range 16384 32767 dscp ef<----not shwoing any match
If I user "permit udp any any ", acl is showing match.
switch#sh access-lists
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
12 permit udp any any range 16384 32767 dscp ef
13 permit udp any any (527055 matches)

WS-X6704-10GE at line rate ?

Hi..
Any idea if the 4 port 10GE card WS-X6704-10GE runs at line rate for each port ? Can we get approx 40Gbps throughput out of this card ?
Eng Wee

Hi Eng wee,
The 4 port 10 Gigabit Ethernet interface module is CEF720 based and communicate using 40-Gbps connections to the integrated 720-Gbps switch fabric of the Supervisor Engine 720.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet09186a00801dce34.html
HTH,
-amit singh

CRS with 10GE port

Hi ,
As of now we use 1 port 10GE card only (Cisco 1-Port 10-Gigabit Ethernet LAN/WAN-PHY SPA) in our CRS connects to Core backbone.
We might need 10GE for access now to provide 10GE to PE ( pure ethernet not any optical technology).
I was trying to find out the line card support more 10GE port density for this purpose. Cisco support 8 port 10GE module but that is not SPA rather normal Ethernet card (Cisco CRS-1 8-Port 10 Gigabit Ethernet Interface Module). How is it diff than SPA to use for PE-P - MPLS link includes LSP, Qos etc feature....
Can I use this 8 port 10GE card for the above puropse ? Important thing there should not be any major limitation
Regards,
Chintan

Hello Chintan,
in other platforms we are used to see more features or different features supported on SPA modules.
the datasheet of the 8 TenGiga
http://www.cisco.com/en/US/prod/collateral/routers/ps5763/ps5862/product_data_sheet09186a008022d5e9.html
About SW it just says:
Software Compatibility
Cisco IOS XR Software Release 3.0 or later
the list of features for SPA GE and 10GE
http://www.cisco.com/en/US/prod/collateral/modules/ps6267/product_data_sheet0900aecd804d884d_ps5763_Products_Data_Sheet.html
There is some more detail.
then I've gone to
www.cisco.com/go/crs
but I've found no useful info
Looking at the configuration guides, the QoS for example I didn't find any distinction about the linecards
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/qos/configuration/guide/qc37fab.html#wp998930
Ask to your cisco account manager or even open a TAC service request to request info to be sure.
Hope to help
Giuseppe

DFM@LMS4.0.1: lots of Voltage meassage from 10GE ports

Hello,
We got suddenly a lot of Voltage faults in DFM from 10GE ports at our VSS Core. Communication is not affected.
All other devices show voltage in a valid range and the VSS before this night as well.
An "shut / no shut" of the interface doesnt help, CLI confirms the problem, see below.
What does it mean? What can we do that this faults disappears?
fli_rie_core254#sh interfaces transceiver switch 1
Transceiver monitoring is disabled for all interfaces.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
                                         Optical   Optical
            Temperature Voltage Current   Tx Power Rx Power
Port        (Celsius)    (Volts) (mA)      (dBm)     (dBm)
Te1/1/1       33.8       0.00      45.7 --   -1.4     -32.2 --
Te1/1/2       32.3       0.00      42.3 --   -1.5      -1.2
Te1/1/3       31.5       0.00      42.0 --   -1.5      -2.8
Te1/1/4       28.7       0.00      43.3 --   -1.4      -2.7
Te1/1/5       29.7       0.00      43.0 --   -1.5      -2.7
Te1/1/6       28.4       0.00      45.8 --   -1.4      -4.9
Te1/1/8       26.2       0.00      43.2 --   -1.4     -37.0 --
Te1/2/1       30.2       0.00      41.3 --   -2.1     -33.0 --
thx for help in advance,
Steffen

No,
Have your question something to do with the initiated discussion?
Von: cassiefang
Gesendet: Freitag, 17. Juni 2011 09:06
An: Neuser, Steffen
Betreff: New message: "[email protected]: lots of Voltage meassage from 10GE ports"
Cisco Support Community
Re: [email protected]: lots of Voltage meassage from 10GE ports
created by Shuo Fang in Network Management - View the full discussion

Using NBAR to Prioritize Citrix Traffic

Hi can anyone help, I am trying to set up NBAR to prioritize Citrix traffic using the ICA tags in the Citrix frame header. But I cannot get it to work.
We are using version 6 PDLM, IOS 12.3(4)T on a 7206 when we check the policy map stats there are no matches, we have also sniffed the citrix traffic to check that it is being marked. The configuration is as follows (the gig0/3 interface is the main interface of a 802.1q VLAN trunk i.e. the traffic we want to mark is coming in over the sub interfaces)
class-map match-all Citrix-medium
match protocol citrix ica-tag "1"
class-map match-all Citrix-high
match protocol citrix ica-tag "0"
class-map match-all Citrix-background
match protocol citrix ica-tag "3"
class-map match-all Citrix-low
match protocol citrix ica-tag "2"
policy-map ABCCITRIX
class Citrix-high
set dscp ef
class Citrix-medium
set dscp 11
class Citrix-low
set dscp 11
class Citrix-background
set dscp 11
class test
set dscp af43
interface GigabitEthernet0/3
no ip address
ip nbar protocol-discovery
service-policy input ABCCITRIX
duplex auto
speed auto
media-type rj45
no negotiation auto

Have you tried assigning your service-policy input to the subinterface where traffic is received rather than to the main interface?

NBAR & BGP

I'm trying to use "match protocol bgp" command in a class-map in order to classify all BGP routing traffic, but it doesn't match.
When I try to do the same using an ACL matching tcp 179 in the same class-map configuration it works.
Any suggestion?
Regards
Fabio

ip cef
class-map match-any SILVER
match protocol bgp
policy-map LLQ
class SILVER
bandwidth 150
interface ATM0/0.1 point-to-point
ip nbar protocol-discovery
pvc 8/35
service-policy output LLQ
As you can see in the configuration The outputs below show TEST-2651XM-ADSL#sh policy-map Class-map: SILVER (match-any)
0 packets, 0 bytes
30 second offered Match: protocol bgp
0 packets, 0 bytes
30 second rate 0 bps
TEST-2651XM-ADSL#sh ip ATM0/0.1
Input Protocol Byte Count snmp 229270 19069945 3000 telnet 2316 122848 1000 icmp 4395 421864 0 bgp 0 0 0 I'm using the IOS release:
(C2600-IS-M), ver.12.2(15)T12 extract above the commands you suggested are applied.
that bgp packets have no match:
int atm 0/0.1
rate 0 bps, drop rate 0 bps
nbar protocol-discovery int atm 0/0.1
Output
Packet Count Packet Count
Byte Count
30 second bit rate (bps) 30 second bit rate (bps)
12936
1528680
0
3
162
0
313
29488
0
0
0
0

URL filtering using NBAR on the ASR1000 / 9000

I've been asked to provide Internet Watch Foundation filtering on a router facing off to an ISP. This is a list of 8-900 URLs which is updated daily. Could this be done using NBAR on the ASR1000 or 9000? Has anyone done anything like this before? I'm sort of thinking of some sort of TCL script to do the update.

not quite the same, but a question...
the asr9k does not currently support nbar, is it on a road map? anyone know?
thanks in advance.
tricia

WS-X6704-10GE Problem

I have a Catalyst 6509 with supervisor 720-3B and IOS 12.2(17d)SXB10. I have installed a X6704 4 port 10Gb card in slot 1 and powered up the system. The X6704 is recognised but is powered off with a message stating that it is not supported. Using show module the online daig status is unknown and the detals for the card are as follows:
HW FW Sw Status
1.5 12.2(14r)S5 12.2(17d)SXB Other
I have tried using alternate IOS levels such as 12.2(18)SXD4 but get the following error messages:
%PM_SCP-SP-1-LCP_FW_ERR: System resetting module 1 to recover from error: Linecard received system exception
%OIR-SP-3-PWRCYCLE: Card in module 1, is being power-cycled Off (Module Reset due to exception or user request)
Can someone please tell me what is wrong and if its the IOS I'm using what level I need to support the card.
Thanks

Hi Paresh,
I don't think I have any of those cards. Using show module I have the following:
Mod Ports Card Type Model Serial No.
1 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0715BHAR
2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL08280B14
3 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL09465FNV
4 6 Firewall Module WS-SVC-FWM-1 SAD071903HF
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL09358QGZ
6 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL09475WKY
9 48 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX SAL094448HW
Mod MAC addresses Hw Fw Sw Status
1 0009.11f7.ff90 to 0009.11f7.ff9f 1.0 7.2(1) 8.3(0.156)RO Ok
2 0011.5ccf.08b0 to 0011.5ccf.08b3 1.5 12.2(14r)S5 12.2(18)SXD7 PwrDown
3 0015.f998.2e38 to 0015.f998.2e67 1.1 7.2(1) 8.3(0.156)RO Ok
4 0003.feab.7538 to 0003.feab.753f 2.0 7.2(1) 2.3(3)2 Ok
5 0013.7f0a.e194 to 0013.7f0a.e197 4.4 8.1(3) 12.2(18)SXD7 Ok
6 0015.f943.e990 to 0015.f943.e9bf 1.1 7.2(1) 8.3(0.156)RO Ok
9 0015.c6c9.32a4 to 0015.c6c9.32d3 1.1 7.2(1) 8.3(0.156)RO Ok
Mod Sub-Module Model Serial Hw Status
5 Policy Feature Card 3 WS-F6K-PFC3B SAL09358QTN 2.1 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL09358N63 2.3 Ok
Mod Online Diag Status
1 Pass
2 Unknown
3 Pass
4 Pass
5 Pass
6 Pass
9 Pass
does this mean I need some extra kit to use the x6704 ?
Thanks,
Paul

Prime 1.4 NBAR protocol pack

So I have installed the nbar protocol pack on my wlc that are running 7.5 code. Everything is working fine. I have them configured to netflow for the aggregating of all the avc data into PI. Its all working except I have some unclassified or unknown traffic showing up in PI when I look at the app data. I don't see this when I look at the app data directly on the controller. I found this from this link...
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/solution_overview_c22-728972.html#wp9000606
Applying Protocol Pack on Cisco Prime Infrastructure
Once the device is updated with the new Protocol Pack, the next step is to update Cisco Prime Infrastructure with it. Browse to Administration à Software Update à Upload Update File. Now click the browse button to locate the protocol pack ubf file and upload. You will then have to restart the Cisco Prime Infrastructure server by logging into the server as "admin" and performing the following: "ncs stop" followed by "ncs start"."
I can't seem to find any protocol pack file that is a ubf that I can load into Prime. Is there a special pack just for PI or is it sufficient to just load the protocol pack on the wlc themselves. I have tried the file that I used on the wlc but it just errors in PI

It says this in your link
When you upgrade an NBAR protocol pack on the device, a corresponding Prime Infrastructure update should be performed to update Prime Infrastructure with the supported protocols/applications on the devices.
To achieve that there is a periodic Prime Infrastructure software update (UBF file) issues when new protocol packs are released. Once you upgrade the NBAR protocol pack on the device, you should use Prime Infrastructure software upgrade to make sure Prime is also updated with the latest protocols.

High CPU usage in cisco 7613 with rsp720-3cxl

Hi everybody,
our cisco 7613 has about 4.5 Gbps Tx/Rx IP traffic in total, and we run ospf with other cisco cloud for routing I list in the following some our router show.what is your idea about our high cpu usage .Is it in normal range with the listed cards and modules.How can I tune the rsp720 and other SIP-200,400,600 for better performances
why our interrupt rate is high ,and one thing more the total sum of 5sec in separate rows not equal to cpu utilization for five second 50%
show proc cpu sor
CPU utilization for five seconds: 50%/46%; one minute: 54%; five minutes: 59%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
8 196795220 12640741 15568 1.51% 0.38% 0.26% 0 Check heaps
224 1048610528 4169501364 0 1.19% 1.45% 1.44% 0 IP Input
13 374006320 3155162661 0 0.23% 0.26% 0.24% 0 ARP Input
217 119862004 985030884 121 0.15% 0.32% 0.25% 0 ADJ resolve pro
c
185 537716 1825736183 0 0.07% 0.03% 0.02% 0 ACE Tunnel Task
260 1550992 2983272818 0 0.07% 0.13% 0.15% 0 Ethernet Msec T
i
305 38186336 58050485 657 0.07% 0.02% 0.00% 0 XDR mcast
34 67208 11707798 5 0.07% 0.00% 0.00% 0 IPC Loadometer
27 232776 57160812 4 0.07% 0.01% 0.00% 0 IPC Periodic Ti
m
325 17539200 92894502 188 0.07% 0.15% 0.15% 0 CEF: IPv4 proce
s
195 7406636 43782487 169 0.07% 0.00% 0.00% 0 esw_vlan_stat_p
r
show ip route summ
IP routing table name is default (0x0)
IP routing table maximum-paths is 32
Route Source Networks Subnets Replicates Overhead Memory (bytes)
static 1 120 0 7620 20812
connected 0 313 0 18860 53836
ospf 98 17 4892 0 589020 863984
Intra-area: 89 Inter-area: 383 External-1: 0 External-2: 0
NSSA External-1: 0 NSSA External-2: 4437
bgp 12880 0 1 0 60 172
External: 1 Internal: 0 Local: 0
ospf 410 0 269 0 16220 47344
Intra-area: 1 Inter-area: 0 External-1: 0 External-2: 268
NSSA External-1: 0 NSSA External-2: 0
internal 137 260544
Total 155 5595 0 631780 1246692
sh module
Mod Ports Card Type Model Serial No.
1 0 4-subslot SPA Interface Processor-200 7600-SIP-200
2 0 4-subslot SPA Interface Processor-400 7600-SIP-400
3 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
6 1 1-subslot SPA Interface Processor-600 7600-SIP-600
7 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE
8 2 Route Switch Processor 720 (Cold) RSP720-3CXL-GE
show ver
System image file is "bootdisk:c7600rsp72043-adventerprisek9-mz.122-33.SRE2.bin"
1 SIP-200 controller .
1 SIP-400 controller (1 Channelized OC3/STM-1).
1 SIP-600 controller (1 TenGigabitEthernet).
2 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
1 Ten Gigabit Ethernet interface
1 Channelized STM-1 port
1 Channelized STM-1 port
show int vlan 1
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 2d23h
Input queue: 0/75/2886/1830 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2380531000 bits/sec, 287383 packets/sec
5 minute output rate 422133000 bits/sec, 254113 packets/sec
L2 Switched: ucast: 1200869468 pkt, 101172643240 bytes - mcast: 253599 pkt, 78
873415 bytes
L3 in Switched: ucast: 60947040633 pkt, 68919665115039 bytes - mcast: 0 pkt, 0
bytes mcast
L3 out Switched: ucast: 52594517004 pkt, 9869168832783 bytes mcast: 0 pkt, 0 b
ytes
62147839148 packets input, 69016175499764 bytes, 0 no buffer
Received 257634 broadcasts (0 IP multicasts)
0 runts, 0 giants, 15 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
53647248858 packets output, 10292998021217 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Thank you for your hints and replying
These are our show ibc in 1 min interval
Interface information:
Interface IBC0/0
5 minute rx rate 20045000 bits/sec, 30183 packets/sec
5 minute tx rate 47394000 bits/sec, 60212 packets/sec
19879272237 packets input, 4006174536193 bytes
19835355282 broadcasts received
19808585787 packets output, 3981305571968 bytes
90548 broadcasts sent
0 Bridge Packet loopback drops
19756362091 Packets CEF Switched, 1320184 Packets Fast Switched
0 Packets SLB Switched, 0 Packets CWAN Switched
Label switched pkts dropped: 0 Pkts dropped during dma: 339549
Invalid pkts dropped: 0 Pkts dropped(not cwan consumed): 0
IPSEC pkts dropped: 635184
Xconnect pkts processed: 0, dropped: 0
Xconnect pkt reflection drops: 0
Total paks copied for process level 0
Total short paks sent in route cache 2605317676
Total throttle drops 265338 Input queue drops 5831090
total spd packets classified (120217214 low, 174503 medium, 3073 high)
total spd packets dropped (339549 low, 0 medium, 0 high)
spd prio pkts allowed in due to selective throttling (0 med, 0 high)
IBC resets = 1; last at 23:52:49.004 Sat Jan 19 2013
Driver Level Counters: (Cumulative, Zeroed only at Reset)
Frames Bytes
Rx(0) 26537712 3421085217
Rx(1) 3449063135 2838813650
Tx(0) 3390340306 2016620276
Input Drop Frame Count
Rx0 = 0 Rx1 = 2488435
Per Queue Receive Errors:
FRME OFLW BUFE NOENP DISCRD DISABLE BADCOUNT
Rx0 0 0 0 0 0 0 0
Rx1 0 0 0 3633 0 0 0
Tx Errors/State:
One Collision Error = 0 More Collisions = 0
No Encap Error = 0 Deferred Error = 0
Loss Carrier Error = 0 Late Collision Error = 0
Excessive Collisions = 0 Buffer Error = 0
Tx Freeze Count = 0 Tx Intrpt Serv timeout= 1
Tx Flow State = FLOW_ON
Tx Flow Off Count = 0 Tx Flow On Count = 0
Counters collected at Idb:
Is input throttled = 0 Throttle Count = 0
Rx Resource Errors = 0 Input Drops = 2488435
Input Errors = 194243
Output Drops = 0 Giants/Runts = 0/0
Dma Mem Error = 0 Input Overrun = 0
Hash match table for multicast (in use 0, maximum 64 entries):
show ibc
Interface information:
Interface IBC0/0
5 minute rx rate 20194000 bits/sec, 30412 packets/sec
5 minute tx rate 47753000 bits/sec, 60663 packets/sec
19891125514 packets input, 4007158118761 bytes
19847185365 broadcasts received
19820407164 packets output, 3982279276274 bytes
90576 broadcasts sent
0 Bridge Packet loopback drops
19768178233 Packets CEF Switched, 1321008 Packets Fast Switched
0 Packets SLB Switched, 0 Packets CWAN Switched
Label switched pkts dropped: 0 Pkts dropped during dma: 339549
Invalid pkts dropped: 0 Pkts dropped(not cwan consumed): 0
IPSEC pkts dropped: 635574
Xconnect pkts processed: 0, dropped: 0
Xconnect pkt reflection drops: 0
Total paks copied for process level 0
Total short paks sent in route cache 2606549061
Total throttle drops 265338 Input queue drops 5831090
total spd packets classified (120252754 low, 174531 medium, 3074 high)
total spd packets dropped (339549 low, 0 medium, 0 high)
spd prio pkts allowed in due to selective throttling (0 med, 0 high)
IBC resets = 1; last at 23:52:49.004 Sat Jan 19 2013
Driver Level Counters: (Cumulative, Zeroed only at Reset)
Frames Bytes
Rx(0) 26550723 3422835145
Rx(1) 3461063605 176652699
Tx(0) 3402319442 3368513724
Input Drop Frame Count
Rx0 = 0 Rx1 = 2490155
Per Queue Receive Errors:
FRME OFLW BUFE NOENP DISCRD DISABLE BADCOUNT
Rx0 0 0 0 0 0 0 0
Rx1 0 0 0 3633 0 0 0
Tx Errors/State:
One Collision Error = 0 More Collisions = 0
No Encap Error = 0 Deferred Error = 0
Loss Carrier Error = 0 Late Collision Error = 0
Excessive Collisions = 0 Buffer Error = 0
Tx Freeze Count = 0 Tx Intrpt Serv timeout= 1
Tx Flow State = FLOW_ON
Tx Flow Off Count = 0 Tx Flow On Count = 0
Counters collected at Idb:
Is input throttled = 0 Throttle Count = 0
Rx Resource Errors = 0 Input Drops = 2490155
Input Errors = 194358
Output Drops = 0 Giants/Runts = 0/0
Dma Mem Error = 0 Input Overrun = 0
Hash match table for multicast (in use 0, maximum 64 entries):
and sorry what is your idea about total sum of 5sec in separate rows not equal to cpu utilization for five second 50%

10GE Twinax cables connecting to servers NIC which accept 10GE SFP+

Anyone has any real life experience of using the Cisco 10GE Twinax cables to connect this to servers with NIC cards that accept SFP+? I'm talking servers like HP and Dell which have 10GE NIC cards. For the switch, I would be using Nexus 5548UP. The SFP+ part number would be SFP-H10GB-ACU10M.
The SFP-10G-SR is too expensive and I'm looking at 10GE Twinax cables as an alternative but am quite concerned about the compatability.

Yes, the twinax cables are all we ever use to connect servers to Nexus 5ks. We have used them with both Qlogic and Emulex CNAs. If the server is more than 10m from the switch the 10G-SR and 50 micron fiber are required.

WS-C4948 10GE - red staus LED

Hello
My Cisco switch, model WS-C4948 10GE, is looks like "dead". I tried to conect it by console port but it dosen't work . (I have linked by RS-RJ cable to my PC with Putty terminal and there is nothing on terminal window). The LED's statuses of front panel are like below:
PS1 - green
PS2 - green
FAN - green
Status - red
Interface 1-48 - off (after put in a cable, LED still off)
Interface CON - off (after put in a cable, LED still off)
Interface MGT - off (after put in a cable, LED still off)
When power is switching On Status LED on front is lighting red imidetly. Power supplay are wroking corectly, FAN's are working corectly.
Anybody had problem like this?

From Feedback Forum description: Please do not post content other than feedback regarding the Cisco Support Community experience within this community.
So you are off topic here with little chance to valuable response. But don't worry, I will move your's question to more appropriate community.

NBAR in RSP720-3C-10GE

Similar Messages

Maybe you are looking for