Output drops on cisco link connecting to F5 Loadbalancer's management port

Similar Messages

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• DMVPN in Cisco 3945 output drop in tunnel interface

  I configured DMVPN in Cisco 3945 and checked the tunnel interface. I found out that I have output drop. How can I remove that output drop? I already set the ip mtu to 1400.
  CORE-ROUTER#sh int tunnel 20
  Tunnel20 is up, line protocol is up
    Hardware is Tunnel
    Description: <Voice Tunneling to HO>
    Internet address is 172.15.X.X./X
    MTU 17878 bytes, BW 1024 Kbit/sec, DLY 50000 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation TUNNEL, loopback not set
    Keepalive not set
    Tunnel source 10.15.X.X (GigabitEthernet0/1)
     Tunnel Subblocks:
        src-track:
           Tunnel20 source tracking subblock associated with GigabitEthernet0/1
            Set of tunnels with source GigabitEthernet0/1, 1 member (includes iterators), on interface <OK>
    Tunnel protocol/transport multi-GRE/IP
      Key 0x3EA, sequencing disabled
      Checksumming of packets disabled
    Tunnel TTL 255, Fast tunneling enabled
    Tunnel transport MTU 1438 bytes
    Tunnel transmit bandwidth 8000 (kbps)
    Tunnel receive bandwidth 8000 (kbps)
    Tunnel protection via IPSec (profile "tunnel_protection_profile_2")
    Last input 00:00:01, output never, output hang never
   --More--           Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 7487
    Queueing strategy: fifo
    Output queue: 0/0 (size/max)
    30 second input rate 0 bits/sec, 0 packets/sec
    30 second output rate 0 bits/sec, 0 packets/sec
       48007 packets input, 4315254 bytes, 0 no buffer
       Received 0 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
       42804 packets output, 4638561 bytes, 0 underruns
       0 output errors, 0 collisions, 0 interface resets
       0 unknown protocol drops
       0 output buffer failures, 0 output buffers swapped out
  interface Tunnel20
   description <Bayantel Voice tunneling>
   bandwidth 30720
   ip address 172.15.X.X 255.255.255.128
   no ip redirects
   ip mtu 1400
   no ip next-hop-self eigrp 20
   no ip split-horizon eigrp 20
   ip nhrp authentication 0r1x@IT
   ip nhrp map multicast dynamic
   ip nhrp network-id 1002
   ip nhrp holdtime 300
   ip tcp adjust-mss 1360
   tunnel source FastEthernet0/0/1
   tunnel mode gre multipoint
   tunnel key 1002
   tunnel protection ipsec profile tunnel_protection_profile_2 shared

  Hi,
  Thanks for the input. If the radio is sending out the packet but client did not receive, not output drop should be seen since packet is sent out, right?
  From my understanding, output drop is related to congested interface. Outgoing interface cannot take the rate packets coming in and thus droping it. What I don't understand is input and output rate has not reached limit yet. Also input queue is seeing drop of packet as well even though input queue is empty.
  Any idea?

• Cisco 6500 VSS , VSL Link Connection Issue

  Hello Everyone
  actually i have two Cisco 6509E with two VS-S720-10G and want to run VSS on them
  i do all the config same as cisco recommend, but i get somethings wrong on them, 1st. on switch2 , under "switch virtual domain" when i enter switch2, its not accepot and 2nd. non of 10G link goes up & so VSL link always down
  here is my config and show commands
  SWITCH#1
  ==================================
  switch virtual domain 10
   switch mode virtual
   switch 1 priority 110
   mac-address use-virtual
  redundancy
   main-cpu
    auto-sync running-config
   mode sso
  interface Port-channel1
   no switchport
   no ip address
   switch virtual link 1
   mls qos trust cos
   no mls qos channel-consistency
  interface TenGigabitEthernet1/5/4
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 1 mode on
  interface TenGigabitEthernet1/5/5
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 1 mode on
  ======
  SWITCH#2
  switch virtual domain 10
   switch mode virtual
   switch 1 priority 110
  redundancy
   main-cpu
    auto-sync running-config
   mode sso
  interface Port-channel2
   no switchport
   no ip address
   switch virtual link 2
   mls qos trust cos
   no mls qos channel-consistency
  interface TenGigabitEthernet2/5/4
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 2 mode on
  interface TenGigabitEthernet2/5/5
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 2 mode on
  Thank you all in advance

  Hello Dear Reza
  at first, thanks for your replay
  below you can find the Show Version of the SWITCH#1
   6500-1#sh version 
  Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Wed 01-May-13 13:16 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
  BOOTLDR: Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
   6500-1 uptime is 6 minutes
  Uptime for this control processor is 6 minutes
  System returned to ROM by  power cycle at 11:49:28 UTC Mon Nov 17 2014 (SP by power on)
  System image file is "sup-bootdisk:s72033-adventerprisek9-mz.151-1.SY1.bin"
  Last reload reason: reload
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco WS-C6509-E (R7000) processor (revision 1.6) with 983008K/65536K bytes of memory.
  Processor board ID SMC18080014
  SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
  Last reset from s/w reset
  1 Virtual Ethernet interface
  99 Gigabit Ethernet interfaces
  5 Ten Gigabit Ethernet interfaces
  1917K bytes of non-volatile configuration memory.
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  as you see i use "adventerprisek9-mz.151-1.SY1" but now downgrade it to "s72033-adventerprisek9_wan-mz.122-33.SXJ2" , so nothing change and EtherChannel still not up
  below are the show commands:
  VSS-Sw2#show  etherchannel 2 summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 1
  Number of aggregators:           1
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  2      Po2(RD)          -        Te2/5/4(D)     Te2/5/5(D)
  Last applied Hash Distribution Algorithm:   -
  ===========================
  VSS-Sw2#sh etherchannel 2 port
                  Ports in the group:
  Port: Te2/5/4
  Port state    = Down Not-in-Bndl
  Channel group = 2           Mode = On      Gcchange = -
  Port-channel  = null        GC   =   -         Pseudo port-channel = Po2
  Port index    = 0           Load = 0x00        Protocol =    -
  Age of the port in the current state: 0d:00h:00m:00s
  Port: Te2/5/5
  Port state    = Down Not-in-Bndl
  Channel group = 2           Mode = On      Gcchange = -
  Port-channel  = null        GC   =   -         Pseudo port-channel = Po2
  Port index    = 0           Load = 0x00        Protocol =    -
  Age of the port in the current state: 0d:00h:00m:00s
  Last applied Hash Distribution Algorithm:   -

• Issue on Cisco Unity Connection after performing 'utils ntp restart'

  Hello everybody.
  There's a client with Cisco Unity Connection 8.5.1.10000-206. After doing a 'utils ntp restart', the following message showed up:
  Communication is not functioning correctly between the servers in the Cisco Unity Connection cluster. To review server status for the cluster, go to the Tools > Cluster Management page of Cisco Unity Connection Serviceability.
  The client states that there was no service for 5 minutes and wants to know if performing this task shoud be disruptive or not and if there is any official document from Cisco stating this.
  See SrvConnUnity_1.jpg sent by the client after performing the ntp restart.
  Right now the service is normal (see SrvConnUnity_2.jpg attached). The client also sent a 'utils ntp
  status':
  admin:utils ntp status
  ntpd (pid 10899) is running...
       remote           refid      st t when poll reach   delay   offset  jitter
  ==============================================================================
  *127.127.1.0     LOCAL(0)        10 l   16   64  377    0.000    0.000   0.002
  synchronised to local net at stratum 11
     time correct to within 12 ms
     polling server every 64 s
  Current time in UTC is : Fri Apr 26 16:01:23 UTC 2013
  Current time in America/Argentina/Buenos_Aires is : Fri Apr 26 13:01:23 ART 2013
  admin:
  Could anybody help me with this? What steps should I take? Many thanks in advance.
  Best,
  Patricio                 

  Hello Patricio,
  On the command line guide you won't see any downtime requirements for the Unity Connection server:
  Command Line Interface Reference Guide for Cisco Unified Communications Solutions Release 8.5(1)
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/8_5_1/cli_ref_851.html
  Utils ntp restart
  This command restarts the NTP service.
  Command syntax
  utils ntp restart
  Parameters
  None
  Requirements
  Command privilege level: 0
  Allowed during upgrade: Yes
  Also on the caveats i do not see any particular mention for this: (Caveats could be found applicable to CUC)
  Release Notes for Cisco Unified Communications Manager Release 8.5(1)
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/rel_notes/8_5_1/cucm-rel_notes-851.html
  Breaking up the output of the "utils ntp status"  there are are two considerations:
  admin:utils ntp status
  ntpd (pid 10899) is running...
       remote           refid      st t when poll reach   delay   offset  jitter
  ==============================================================================
  *127.127.1.0     LOCAL(0)        10 l   16   64  377    0.000    0.000   0.002
  First, you are using the ip address 127.127.1.0 which is the referenced used for the local system clock, the asterisc means is the preferred option as there is no other IP available. This is not a good practice and not recommended.
  Secondly the stratum is unreliable, meaning too high to reach or too low to be accepted by Unity Connection.
  If you would happen to run 'utils diagnose test' you would have probably seen an output as the following example below:
  admin:utils diagnose test
  Log file: platform/log/diag1.log
  Starting diagnostic test(s)
  ===========================
  test - disk_space          : Passed (available: 25680 MB, used: 7849 MB)
  skip - disk_files          : This module must be run directly and off hours
  test - service_manager     : Passed
  test - tomcat              : Passed
  test - tomcat_deadlocks    : Passed
  test - tomcat_keystore     : Passed
  test - tomcat_connectors   : Passed
  test - tomcat_threads      : Passed
  test - tomcat_memory       : Passed
  test - tomcat_sessions     : Passed
  test - validate_network    : Reverse DNS lookup missmatch
  test - raid                : Passed
  test - system_info         : Passed (Collected system information in diagnostic log)
  test - ntp_reachability    : Passed
  test - ntp_clock_drift     : Passed
  test - ntp_stratum         : Failed
  The reference NTP server is a stratum 11 clock.
  NTP servers with stratum 5 or worse clocks are deemed unreliable.
  Please consider using an NTP server with better stratum level.
  Please use OS Admin GUI to add/delete NTP servers.
  skip - sdl_fragmentation   : This module must be run directly and off hours
  skip - sdi_fragmentation   : This module must be run directly and off hours
  test - ipv6_networking     : Passed
  And on the RTMT (Real Time Monitoring Tool) you would have seen a Critical event:
  Condition:
  The best external NTP server, , is stratum , which is unacceptably high. External NTP servers must be <= strata 8 and should be <= strata 5. NTP server strata can be verified using the CLI 'utils ntp status' command ('st' column). Try using different NTP servers.
  Problem cause:
  All specified external NTP server(s) have unacceptably high stratum values. Network issues exist or the designated servers have unreliable stratum values.
  Information is self explanatory and therefore reassures the need of having a NTP different from the server itself.
  By the snippet you sent we can know that it is the publisher server, as the Subscriber polls this information from the Publisher.
  Installing the Operating System and Cisco Unity Connection 8.x
  http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/installation/guide/8xcucig020.html
  "Cisco recommends that you use an external NTP server to ensure accurate system time on the publisher server. Ensure the external NTP server is stratum 9 or higher (meaning stratums 1-9). The subscriber server will get its time from the publisher server"
  Documentation also reaffirms the need for that NTP to be accessible otherwise your system can be degraded.  Some addtional information which would be interesting to know is:
  - Why did they had to restart the NTP in the first place?
  System Requirements for Cisco Unity Connection Release 8.x
  http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/requirements/8xcucsysreqs.html
  "A network time protocol (NTP) server must be accessible to the Connection server"
  On the Cisco Unity Connection Serviceability> Tools> CLuster Management screen shot you sent i see that the ports were "Not Available" and that the customer stated "there was no service for 5 minutes".
  By no service did they mean that over the phone they heard a disconnected tone or a failsafe message?
  Additionaly after the servers resolved from SBR the Subscriber never recovered entirely as it did not start the Conversation Manager service.
  Bottom line if they are able to reproduce it then it would be worth a while checking with TAC
  Best regards,
  David  Rojas Peck
  Cisco TAC Support Engineer, Unity
  Email: [email protected]
  Mon, Wed, and Fri 12:00 pm to 9:00 pm ET, Tue and Thu 8:00 am to 5:00pm ET
  Cisco Worldwide Contact link is below for further reference.
  http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

• Output Drop by RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT

  Hello!
  How i can determine a reason of output drops?
  >sh inter tenGigE 0/0/0/6              
  Fri Nov  2 15:26:05.358 MSK
  TenGigE0/0/0/6 is up, line protocol is up
    Interface state transitions: 11
    Hardware is TenGigE, address is 108c.cf1d.f326 (bia 108c.cf1d.f326)
    Layer 1 Transport Mode is LAN
    Description: To_XXX
    Internet address is 10.1.11.77/30
    MTU 9194 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
       reliability 255/255, txload 2/255, rxload 5/255
    Encapsulation ARPA,
    Full-duplex, 10000Mb/s, LR, link type is force-up
    output flow control is off, input flow control is off
    loopback not set,
    ARP type ARPA, ARP timeout 04:00:00
    Last input 00:00:00, output 00:00:00
    Last clearing of "show interface" counters 50w1d
    30 second input rate 218575000 bits/sec, 41199 packets/sec
    30 second output rate 115545000 bits/sec, 30555 packets/sec
       481020016118 packets input, 287815762466192 bytes, 876403 total input drops
       0 drops for unrecognized upper-level protocol
       Received 29 broadcast packets, 39255653 multicast packets
                0 runts, 17 giants, 0 throttles, 0 parity
       17 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
       368901547057 packets output, 180820085800502 bytes, 28931652 total output drops
       Output 5 broadcast packets, 39284266 multicast packets
       0 output errors, 0 underruns, 0 applique, 0 resets
       0 output buffer failures, 0 output buffers swapped out
       10 carrier transitions
  >show controllers np counters np7  location 0/0/CPU0 | i DROP
  Fri Nov  2 15:27:03.815 MSK
    31  PARSE_INGRESS_DROP_CNT                                849353           0
    32  PARSE_EGRESS_DROP_CNT                                1236171           0
    33  RESOLVE_INGRESS_DROP_CNT                              868559           0
    34  RESOLVE_EGRESS_DROP_CNT                           3636654813         293
    37  MODIFY_EGRESS_DROP_CNT                                   669           0
    84  RESOLVE_AGE_NOMAC_DROP_CNT                                 1           0
    85  RESOLVE_AGE_MAC_STATIC_DROP_CNT                    187392316           8
  371  MPLS_PLU_DROP_PKT                                          1           0
  468  RESOLVE_VPLS_SPLIT_HORIZON_DROP_CNT                 28931887           6
  469  RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT           3293536501         272
  481  RESOLVE_L2_EGR_PW_UIDB_MISS_DROP_CNT                       4           0
  491  RESOLVE_VPLS_EGR_PW_FLOOD_UIDB_DOWN_DROP_CNT                 1           0
  499  RESOLVE_MAC_NOTIFY_CTRL_DROP_CNT                   313463638          16
  500  RESOLVE_MAC_DELETE_CTRL_DROP_CNT                     1591242           0
  622  EGR_DHCP_PW_UNTRUSTED_DROP                           1236171           0
  Input drops by RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT was considered at https://supportforums.cisco.com/thread/2099283
  But how we can apply it for output?

  Last column at "show controllers np counters np7  location 0/0/CPU0 | i DROP" is a pps. So we see 293pps
  RESOLVE_EGRESS_DROP_CNT and 0pps RESOLVE_INGRESS_DROP_CNT. Therefore RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT is a part of RESOLVE_EGRESS_DROP_CNT, aren't it?
  Also, counters egress_drop are increases, but ingress_drop are not:
    33  RESOLVE_INGRESS_DROP_CNT                              868559           0
    34  RESOLVE_EGRESS_DROP_CNT                           3637707596         149
  469  RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT           3294483194         129
  And one minute later:
    33  RESOLVE_INGRESS_DROP_CNT                              868559           0
    34  RESOLVE_EGRESS_DROP_CNT                           3637718845         156
  469  RESOLVE_VPLS_REFLECTION_FILTER_DROP_CNT           3294492975         135
  Also no new input drops at "sh inter":
  sh inter tenGigE 0/0/0/6 | i drops
  Fri Nov  2 16:57:39.828 MSK
       481200652943 packets input, 287931866783215 bytes, 876403 total input drops
       0 drops for unrecognized upper-level protocol
       369034005321 packets output, 180881208804090 bytes, 28963679 total output drops
  One minute later:
  sh inter tenGigE 0/0/0/6 | i drops
  Fri Nov  2 16:59:23.441 MSK
       481203274011 packets input, 287933491017363 bytes, 876403 total input drops
       0 drops for unrecognized upper-level protocol
       369035900847 packets output, 180882007120600 bytes, 28964280 total output drops

• 3750ME Total output drops, OutDiscards

  Hi,
  I am testing a 3750ME switch as L2 device with iperf and Agilent router tester. I have a physical loop on 2 fastethernet ports - one port is access in vlan A and the other is access in vlan B. On the switch uplink both vlans are allowed. The test traffic comes from the uplink via vlan A, loops to vlan B via the physical loop and then goes back via vlan B through the uplink.
  I have tested a lot of Cisco switches in this way and had no issues until now. Now I have 18 OutDiscards (Total output drops) on one of the fastethernet interfaces, connected via the physical loop.
  The IOS is 12.2(44)SE1. I've read the release notes for this IOS, aka
  http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_44_se/release/notes/OL14631.html
  where it says:
  CSCsj53001
  The Total- output-drops field in the show interfaces privileged EXEC command output now displays accurate ASIC drops.
  so the counters are correct.
  I generate less then 5Mbps duplex traffic, so the switch must not be overloaded.
  Do you have any idea why I get these 18 output errors?
  Regards,
  Mladen

  Please generate more definitive test - clear the counters and generate much more traffic - like 100 Mbps (full port speed if you're not using the uplinks on 3750ME).
  Also, be sure the port is in "switchport" mode, because there could be an issue with mac addresses when switch is routing.
  Is your test setup in pure L2? without L3?

• Total output drops & dot1dBridgeEventsV2

  I am seen a lot of "Total output drops: " in the LAN/WAN Router, does any one have any documents that plains the cause of "Total output drops" and what it it's?
  Also I am getting a lot of traps in the LAN, but I can't find documents that explains the event, "dot1dBridgeEventsV2" Can you guys guide me to a document where it explains the events?
  Thanks

  Total output drops is the number of packets in the output queue that have been dropped because of a full queue. Check out the following link for troubleshooting input queue drops and output queue drops :
  http://www.cisco.com/warp/public/63/queue_drops.html

• Could high "Total Output Drops" on one interface on a 3560G, be caused by faulty hardware on another interface?

  Hi All,
  I have been trying to diagnose a issue we have been having with packet loss on video calls (which I think we may have now resolved as the problem lay elsewhere), but in the process we have trailed some equipment from PathView and this seems to have created a new problem.
  We have a standalone 3560G switch which connects into a providers 3750G as part of an MPLS network. There is a single uplink to the 3750 from the 3560 (@ 1Gbps) and whilst I can  manage the 3560, I have no access to the providers switch. Our 3560 has a fairly vanilla config on it with no QoS enabled.
  There are only a few ports used on the 3560, mainly for Cisco VCS (Video Conferencing Servers) and a PathView traffic analysis device.The VCS devices are used to funnel videoconferencing traffic across the MPLS network into another institutions network.The PathView device can be used to send traffic bursts (albeit relatively small compared with the Bandwidth that is available) across the same route as the VC traffic to an opposing device, however, I have also disabled all of these paths for the moment.
  I can run multiple VC calls which utilise the VCS devices so traffic is routing into the relevant organisations and everything is good. In fact, I have 5 x 2Mb calls in progress now and there are 0 (or very, very few) errors.
  However, I have actually shut-down the port (Gi0/3) connected to the PathView device for the moment. If I re-enable it I start to see a lot of errors on the VC calls, and the Total Output Drops on the UPLINK interface (Gi0/23) starts rising rapidly. As soon as I shut-down the PathView port again (Gi0/3), the error stop and all returns to normal.
  I have read that issues on the Output queue are often attributed to a congested network/interface, but I don't believe that this is the case in this instance. My 5 VC calls would only come in at 10Mbps so is a way short of the 1000Mpbs available. Even the PathView device only issue burst up to 2Mbps, and with the Paths actually disabled even this shouldn't be happening, so only a small amount of management traffic should be flowing. Still, as soon as I enable the port, problems start.
  So, is it possible that either the port on the switch, cable or PathView device is actually faulty and cause such errors? Has anyone seen anything like this?
  Cheers
  Chris

  "As far as I know, such drops shouldn't be caused by faulty hardware, but if the hardware is really faulty, you would need to involve TAC."
  Ok, thanks.
  "BTW, all the other interfaces, which have the low bandwidth rates you describe, are physically running at low bandwidth settings on the interface, e.g. 10 Mbps?  If not, you can have short transient micros bursts which can cause drops.  This can happen even when average bandwidth utilization is low.  (NB: if these other ports average utilization is so low, if not already doing so, you could run the ports at 10 Mbps too.)"
  No. All ports on the switch connect to devices with 1Gb capable interfaces. They have been left to auto negotiate and have negotiated at 1000/full. The bandwidth described is more with regard to the actual data throughput of a call. Technically, the VCS devices are licence to handle 50 simultaneous call of up to 4Mbps so potentially could require a bandwidth of 200Mbps, although it is unlikely that we will see this amount of traffic.
  "Also, even if you have physically low bandwidth ingress, with a high bandwidth egress, and even if the egress's bandwidth is more than the aggregate of all the ingress, you can still have drops caused by concurrent arrivals."
  In general, the ingress and the egress should be similar. Think of this as a stub network - one path in and out (via Gi0/23). The VCS act as a kind or proxy/router for video traffic, simply terminating inbound legs, and generating a next hop outbound leg. The traffic coming in  to the VCS should be the same as the traffic go out.
  There will of course be certain management traffic, but this will be relatively low volume, and of course the PathView traffic analyser can generate a burst of UDP packets to simulate voice traffic.
  "Some other "gotchas" include, you mention you don't have QoS configured, but you're sure QoS is disabled too?"
  Yes.
  switch#show mls qos
  QoS is disabled
  QoS ip packet dscp rewrite is enabled
  I can't see a lot of point enabling QoS on this particular switch. Pretty much all of the traffic passing through it will be QoS tagged at the same level. Therefore it ALL prioritised.
  Indeed running a test overnight with these multiple calls live and the PathView port shutdown, resulted in 0 Total Output Drops.Each leg did suffer a handful of dropped packets end-to-end, but I think I can live with 100 packets dropped in 10 million during a 12 hour period (and this, I suspect, will be somewhere else on the network).
  "Lastly, Cisco has documented, at least for the 3750X, that uplink ports have the same buffer RAM resources as 24 copper edge ports.  Assuming the earlier series are similar, there might be benefit to moving your uplink, now on g0/23, to an uplink port (if your 3650G has them)."
  Unfortunately, no can do. we are limited to the built in ports on the switch as we have no SFP modules installed.
  Apologies about the formatting - this is yet another thing that has been broken in these new forums. I looks a lok better in the Reply window than it looks in this normal view.

• Cisco Unity Connection 8.5.1 SU3 to 8.5.1 SU6 & Upgrade to 9.1.2

  Two questions !
  Firstly  - I am upgrading to the latest patch level as I want to upgrade the systems to 9.1.X
  I am installing UCSInstall_UCOS_8.5.1.16900-6.sgn.iso onto the inactive partition on the publisher then onto the inactive partition on the subscriber.
  Then I plan to switch versions out of hours.
  Question - will messages / data that has happened between the installation on the inactive partition and the switch version be preserved ??
  So if I install onto the inactive partition at 1pm, then an important message is left at 2pm and I switch version at 3pm, does the iimportant message exist on the active partition at the end ??
  Second question -
  I have UCCX-8.5.1 SU4 (HA), CUC 8.5.1 SU6 (HA) and CUCM 8.5.1 SU6 (1 pub, 2 sub) - so 7 VM's in total.
  If I want to migrate to -
  UCSInstall_UCOS_9.1.2.12900-11.sgn.iso &  UCSInstall_UCCX_9_0_2_UCOS_9.0.2.11002-27.sgn.iso
  in which order should the installations take place ?? CUCM Publisher last ?? Publisher first ??
  Thanks
  James

  Hi James,
  +5 to my friend Aman for his good tips here 
  Messages are preserved during the "switch-version" so the messages left before the command is run will be preserved as they are stored in a "common" partition;
  Switching to the Upgraded Version of Connection 8.x Software
  If you chose not to automatically switch to the upgraded partition at the end of the upgrade, do the following procedure when you are ready to switch partitions.
  To Switch to the Upgraded Version of Connection 8.x Software
  Step 1 If you do not have a recent backup, back up the server by using the Disaster Recovery System. For more information, see the Disaster Recovery System Administration Guide for Cisco Unity Connection Release 8.x athttp://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/drs_administration/guide/8xcucdrsag.html.
  Step 2 Sign in to Cisco Unified Operating System Administration.
  Step 3 From the Settings menu, select Version.
  Step 4 On the Version Settings page, select Switch Versions, and the following occurs:
  •Connection services are stopped.
  •Data from the partition where the older version is installed is copied to the partition where the newer version is installed. If changes to the database schema require updates to the format of data, that occurs in this step. Note that messages are stored in a common partition, so they are not copied.
  •The Connection server restarts and switches to the newer version.
  Note You can check the status of the installation of the upgrade software by using the CLI command show cuc version. The upgrade is complete when the inactive partition has the upgraded software and the active partition has the old software.
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/8x/upgrade/guide/8xcucrugx/8xcucrug009.html#wp1056720
  The upgrade order is shown here (above link) as well, which is Pub followed by Sub;
  Task List for Upgrading Connection 7.x or 8.x Software to the Shipping 8.x Version in a Connection Cluster
  Cheers!
  Rob

• Increasing Total Output Drops number

  I have an autonomous Cisco AP1242 running on channel 11 (best channel avail) with only one client associated.
  Signal Strength and Channel Utilization look good.
  By design this client is constantly sending UDP/Multicast packets, so I had to disable IGMP Snooping on the AP. However, I have noticed data dropout and have been able to correlate it by running the command:
  show interface dot11radio 0
  Every-time I run the above command the Total Output Drops increases:
  Dot11Radio0 is up, line protocol is up
    Hardware is 802.11G Radio, address is 001c.b0eb.eb70 (bia 001c.b0eb.eb70)
    MTU 1500 bytes, BW 54000 Kbit, DLY 1000 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters 00:37:46
    Input queue: 0/1127/0/0 (size/max/drops/flushes); Total output drops: 3178
    Queueing strategy: fifo
    Output queue: 0/30 (size/max)
    5 minute input rate 43000 bits/sec, 14 packets/sec
    5 minute output rate 92000 bits/sec, 17 packets/sec
       29799 packets input, 12551639 bytes, 0 no buffer
       Received 17376 broadcasts, 0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 input packets with dribble condition detected
       41308 packets output, 25121942 bytes, 0 underruns
       0 output errors, 0 collisions, 0 interface resets
       0 unknown protocol drops
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  I cleared the statistics and ran the command after a few minutes.
  Any ideas what could be causing packets to be dropped?
  QOS is disabled on the AP.
  Thanks

  Hi,
  There is only one wireless client.
  Just took a 5 min Wireshark reading and it giving the following:
  Packets: 2286
  Avg. packets/sec: 7.729
  Avg packet size: 671.527 bytes
  Avg bytes/sec: 5190.457
  I am new to this. Is the above considered high volume for one client?
  I just compared a wired vs wireless captures... I am only losing packets on the wireless medium.
  When you say that the radio may not have enough buffer... are you reffering to wireless adapater or the Acess Point?
  Thanks

• Regarding Transfer speed in Cisco Any Connect

  Hi,
  I was trying to check transfer speed from Cisco Any Connect, with only ports opened in firewall 443 & 80 with 1 destination , but to complete data transfer of 50MB file it takes around 40mins, but if all ports are unblocked in Firewall with 1 destination ,it takes only 9mins.
  so wanted to know the correct port numbers which needs to be opened to make data transfer speed fast & why this behaviour.
  Please somebody help me.

  a customer has confronted me with a similar issue. They are using AnyConnect SSL Clients in their LAN, and noticed a severe performance drop on client side once connected via AnyConnect.  I have set this up in a lab environment to compare LAN performance with AnyConnect SSL performance.
  Win7 Client                                                                                                                
  AnyConnect                                              ASA5520                                                    Win7 iperf Server
  Secure Mobility -----------1Gb LAN---------------- v9.1.1---------------------1Gb LAN--------------------  TCP Window Size 4MB
  3.1.02040
  The ASA was configured from factory default and there was no traffic passing besides this test. AnyConnect used DTLS, and interface mtu on the ASA was 1500, the AnyConnect mtu was left unmodified, so I suspect the maximum of 1406 bytes was used.
  Result:
  - While AnyConnect was disconnected, Iperf reported bandwidth usage of about 300Mbps. This was what I was expecting.
  - As soon as I was connected via AnyConnect, the bandwidth usage dropped tp about 80Mbps. I expected a slight drop, but not this much.
  What causes such decrease in performance? Sure, if connected via the Internet, clients will most likely never notice this, but the customer uses AnyConnect SSL in a Gigabit LAN environment. Could the bottleneck be on the client side? The load and memory usage on the ASA side was very low. I have tried several ASA versions, but they all deliver similar results.

• Cann't Drop public database link

  I am not able to drop public database link .
  Oracle Version - 11.2.0.1.0 - 64bit Production
  Os Version - Sun Solaris .
  When I am going to drop a public database link it's give a error :
  SQL Error: ORA-00604: error occurred at recursive SQL level 1
  ORA-20000: Can not drop Object
  ORA-06512: at line 2
  00604. 00000 - "error occurred at recursive SQL level %s"
  Can anyone help to resolve this problem? It is a Production Database and it's a Urgent .
  Thanks,
  Dip Sankar Rana

  You say:
  I already given syntax of creating Public database link.
  But you should give real details (exact statements and exact results) to make it clear what you are attempting and what your problem is.
  Please show:
  - The CREATE PUBLIC DATABASE LINK statement (obscuring the password, of course) and its result (i.e. success or failure message)
  - From each of schema1 (working) and schema2 (not working):
  - - The result of SELECT USER FROM DUAL;
  - - The result of SELECT USER FROM DUAL@DB_TST;
  - - The result of SELECT COUNT(*) FROM ALL_OBJECTS@DB_TST WHERE OWNER = 'B1';
  In the meantime, an observation.
  You said:
  I create a public db link from schema1 to other database using below command --
  CREATE PUBLIC DATABASE LINK DB_TST
  CONNECT TO B1 IDENTIFIED BY password
  USING 'SPPROD'Note that any user (in caps: ANY USER) on this database can use this link to connect to database SPPROD as B1 without knowing the password - because you put the credentials in the link.
  If you have a PUBLIC database link with credentials, like you do here, you have a serious, glaring security exposure. You really, REALLY should not do this. Use a private database link (available only to the user that created it) or do not put credentials on the link (so that any user using that link is using his own credentials to connect to the remote database).
  Edited by: mtefft on Jan 14, 2011 4:14 AM

• Cisco unity connection 8.6.1 / VMware workstation 10.0

  Hi 
  Downloaded the iso file UCSInstall_UCOS_8.6.1.20000-1.sgn.iso to install Cisco unity connection.
  Downloads Home
  Products
  Unified Communications
  Unified Communications Applications
  Messaging
  Cisco Unity Connection
  Cisco Unity Connection Version 8.6
  Unified Communications Manager / Cisco Unity Connection Updates-8.6(1a)
  Installing the same in VM Ware workstation 10.0, but not getting the selection for unity connection. Its automatically installs CUCM 8.6.1.
  Please let me know any specific vmware settings to install unity connection 8.6.1.

  You are not getting UCxN option because your VMware configuration is not complying with the minimum requirement to install Unity connection.
  If you are not installing through OVA template then look at the VM configuration minimum requirement section of that particular version from the link shared by Aman.
  Thanks
  Manish

• Cisco Unity 4.2 to Cisco Unity Connection 8.x

  Hi All,
  My company wants to upgrade from our current version of Cisco Unity 4.2 to the newest version of Cisco Unity Connection. I're read that the process can be some what complicated. I get the basics that I need to back up our unity server. Then install Unity Connection then re-install the back up after the unity connection install.
  The bad part is that I have to use the same server so I have to do a back up of Unity then wipe out that server, then install Unity Conenction and then apply the back up of Unity. In a perfect world I could use a second server.
  Does anyone have any advice that about this process. Any helpful hints and advice I would apperciate.
  Thanks,
  Dan

  Have a look at the videos at the bottom of the page linked to below:
  http://www.ciscounitytools.com/Applications/General/COBRAS/COBRAS.html