Radius accounting for QoS pppoe policy-map
Hi folks
I have a radius pushing an AVPAIR ip:sub-qos-policy-out to a virtual template for clients connected to a BRAS through PPPOE.
The AVPAIR is correctly applied to each and every pppoe session but the following link http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sbbbrs1c.html is indicating that I should be able to push back to the RADIUS some traffic info per class-map/policy map. This would allow some Quota stuff and getting some info about traffic used per customer
From what I have been able to configure, i'm not getting any of this stats back to the RADIUS
the debug radius accounting :
*Mar 12 05:29:00.419: RADIUS/ENCODE(0000000E):Orig. component type = PPPoE
*Mar 12 05:29:00.419: RADIUS/ENCODE(0000000E): Acct-session-id pre-pended with Nas Port = 0/0/3/0
*Mar 12 05:29:00.419: RADIUS(0000000E): Config NAS IP: 0.0.0.0
*Mar 12 05:29:00.419: RADIUS(0000000E): sending
*Mar 12 05:29:00.419: RADIUS/ENCODE: Best Local IP-Address 192.168.38.133 for Radius-Server 192.168.38.131
*Mar 12 05:29:00.419: RADIUS(0000000E): Send Accounting-Request to 192.168.38.131:1813 id 1646/55, len 299
*Mar 12 05:29:00.419: RADIUS: authenticator ED 94 CF EE BD 73 30 7E - 93 07 A4 C3 50 A6 03 DE
*Mar 12 05:29:00.419: RADIUS: Acct-Session-Id [44] 18 "0/0/3/0_00000005"
*Mar 12 05:29:00.419: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Mar 12 05:29:00.419: RADIUS: Framed-IP-Address [8] 6 10.10.10.2
*Mar 12 05:29:00.419: RADIUS: User-Name [1] 9 "olivier"
*Mar 12 05:29:00.419: RADIUS: Vendor, Cisco [26] 35
*Mar 12 05:29:00.419: RADIUS: Cisco AVpair [1] 29 "connect-progress=LAN Ses Up"
*Mar 12 05:29:00.419: RADIUS: Vendor, Cisco [26] 29
*Mar 12 05:29:00.419: RADIUS: Cisco AVpair [1] 23 "nas-tx-speed=10000000"
*Mar 12 05:29:00.419: RADIUS: Vendor, Cisco [26] 29
*Mar 12 05:29:00.419: RADIUS: Cisco AVpair [1] 23 "nas-rx-speed=10000000"
*Mar 12 05:29:00.419: RADIUS: Acct-Session-Time [46] 6 2582
*Mar 12 05:29:00.419: RADIUS: Acct-Input-Octets [42] 6 7232
*Mar 12 05:29:00.419: RADIUS: Acct-Output-Octets [43] 6 7232
*Mar 12 05:29:00.419: RADIUS: Acct-Input-Packets [47] 6 517
*Mar 12 05:29:00.419: RADIUS: Acct-Output-Packets [48] 6 517
*Mar 12 05:29:00.419: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Mar 12 05:29:00.419: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]
*Mar 12 05:29:00.419: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Mar 12 05:29:00.419: RADIUS: Vendor, Cisco [26] 15
*Mar 12 05:29:00.419: RADIUS: cisco-nas-port [2] 9 "0/0/3/0"
*Mar 12 05:29:00.419: RADIUS: NAS-Port [5] 6 50331648
*Mar 12 05:29:00.419: RADIUS: NAS-Port-Id [87] 9 "0/0/3/0"
*Mar 12 05:29:00.419: RADIUS: Vendor, Cisco [26] 41
*Mar 12 05:29:00.419: RADIUS: Cisco AVpair [1] 35 "client-mac-address=aabb.cc00.6430"
*Mar 12 05:29:00.419: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 12 05:29:00.419: RADIUS: NAS-IP-Address [4] 6 192.168.38.133
*Mar 12 05:29:00.419: RADIUS: Ascend-Session-Svr-K[151] 10
*Mar 12 05:29:00.419: RADIUS: 37 39 38 32 45 41 38 30 [ 7982EA80]
*Mar 12 05:29:00.419: RADIUS: Acct-Delay-Time [41] 6 0
*Mar 12 05:29:00.419: RADIUS(0000000E): Started 5 sec timeout
*Mar 12 05:29:00.419: RADIUS: Received from id 1646/55 192.168.38.131:1813, Accounting-response, len 20
*Mar 12 05:29:00.419: RADIUS: authenticator A7 0E 79 40 C5 B5 CF DC - 09 46 27 48 52 BE 01 7D
What I get in the freeradius log :
Tue Mar 11 22:30:04 2014
Acct-Session-Id = "0/0/3/0_00000005"
Framed-Protocol = PPP
Framed-IP-Address = 10.10.10.2
User-Name = "olivier"
Cisco-AVPair = "connect-progress=LAN Ses Up"
Cisco-AVPair = "nas-tx-speed=10000000"
Cisco-AVPair = "nas-rx-speed=10000000"
Acct-Session-Time = 2646
Acct-Input-Octets = 7428
Acct-Output-Octets = 7428
Acct-Input-Packets = 531
Acct-Output-Packets = 531
Acct-Authentic = RADIUS
Acct-Status-Type = Interim-Update
NAS-Port-Type = Virtual
Cisco-NAS-Port = "0/0/3/0"
NAS-Port = 50331648
NAS-Port-Id = "0/0/3/0"
Cisco-AVPair = "client-mac-address=aabb.cc00.6430"
Service-Type = Framed-User
NAS-IP-Address = 192.168.38.133
X-Ascend-Session-Svr-Key = "7982EA80"
Acct-Delay-Time = 0
Acct-Unique-Session-Id = "523eac6ae326a778"
Timestamp = 1394602204
Request-Authenticator = Verified
user config in the users file on the freeradius server :
olivier Cleartext-Password := "olivier"
Service-Type = Framed-User,
Cisco-AVPair += "ip:addr-pool=pppoepool",
Cisco-AVpair += "ip:sub-qos-policy-out=TEST"
I see that the policy map name is pulled correctly from the radius server and applied to the session :
#sh policy-map session uid 14
SSS session identifier 14 -
Service-policy output: TEST
Class-map: TEST (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
police:
cir 8000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Any input very welcome
Cisco sever is working fine. When you do use non-standard or non-RFC requests from your NAS to the AAA server for instance, you have to configure your server accordingly to instruct it how to handle this kind of requests.
This is typically done with something called "dictionary", which should be included in your radius server. The server typically decodes all RFC 2865 VSAs (or should), but when a new NAS model is introduced into the network, you can modify it to add any VSAs not appearing in the dictionary, which is your case.
As an example, imagine you want to change the attribute cisco-vsa-port-string to tagged-string, your dictionary will look somethign similar than:
And finally you will have to modify with a text editor, or XML editor and change type="tagged-string" supposing your device comply with RFC 2868. Probably
the AAA server will have to restarted for taking this
changes into account.
Also,since this does apply to all devices for this vendor, you've got other option more, which is define your own dictionary for a specific vendor, or even if you wish for a specific NAS or group or NASes.
In NavisRadius you could associate a dictionary to a
device adding a client-class:
# Client-IP Client-Secret Client-Class
10.0.0.1 secret taos-old
And then specifying the dictionary later in client_properties for this device:
# This file contains information about client classes # and is used to set per-client specific information.
# TAOS Devices in OLD mode with RFC conflicts
taos-old
Client-Dictionary=max_dictionary
# Other devices now, etc.
Hope it helps
Similar Messages
-
DMVPN per tunnel QOS. show policy-map multipoint not working
Hi All,
I have a DMVPN hub which is a 1841 with image c1841-advsecurityk9-mz.151-4.M1.bin .
I have been using DMVPN and its awesome but now trying to get the QOS sorted out and having issues.
I have configured the interface like so.
interface Tunnel1
ip address 10.255.255.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxx
ip nhrp map multicast dynamic
ip nhrp map group ADSL1 service-policy output ADSL1
ip nhrp network-id 1
ip nhrp redirect
ip tcp adjust-mss 1360
no ip split-horizon
ip ospf 1 area 0
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 1
tunnel path-mtu-discovery
tunnel protection ipsec profile VPN
end
policy-map ADSL1
class class-default
shape average 1000000
service-policy Classes
policy-map Classes
class Silver
bandwidth percent 25
fair-queue
class Gold
bandwidth percent 50
fair-queue
class Scavanger
bandwidth percent 5
class class-default
fair-queue
The output of show dmvpn detail shows it has applied the QOS rule.
NG-SR-WE-RT-2#show dmvpn detail
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface Tunnel1 is up/up, Addr. is 10.255.255.1, VRF ""
Tunnel Src./Dest. addr: 10.32.0.100/MGRE, Tunnel VRF ""
Protocol/Transport: "multi-GRE/IP", Protect "VPN"
Interface State Control: Disabled
Type:Hub, Total NBMA Peers (v4/v6): 1
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb Target Network
1 x.x.x.x 10.255.255.2 UP 1d18h D 10.255.255.2/32
NHRP group: ADSL1
Output QoS service-policy applied: ADSL1
but my router cannot run show policy-map multipoint... it doesnt come up with a tab but i can write it in by hand. Even when i write it in by hand it outputs blank.
I cut the ADSL1 shape down to 512k and it didnt take affect so i dont think the qos is working at all.
Is my feature set too low?
Cheers,
SimonRay,
There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
Also coexistance of other service-policy etc etc.
The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
M. -
QoS on 3560, 2960 and 3750 does not work (Policy-map).
Hi
I am tryng to configure QoS on 3 switches (2960, 3560 and 3750) with this configuration:
mls qos
class-map match-all QOS_DATA_CLASS
match access-group name QOS-DATA
class-map match-all QOS_DEFAULT_CLASS
match access-group name QOS-DEFAULT
class-map match-all QOS_VOICE_CLASS
match access-group name QOS-VOICE
class-map match-all QOS_SIGNALING_CLASS
match access-group name QOS-SIGNALING
policy-map QOS-SOFTPHONE-POLICY
class QOS_DEFAULT_CLASS
set dscp default
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class QOS_VOICE_CLASS
set dscp cs3
interface GigabitEthernet0/34
no switchport
ip address 10.10.11.1 255.255.255.252
ip ospf network point-to-point
priority-queue out
service-policy input QOS-SOFTPHONE-POLICY
interface GigabitEthernet0/47
switchport access vlan 150
spanning-tree portfast
service-policy input QOS-SOFTPHONE-POLICY
ip access-list extended QOS-DATA
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended QOS-DEFAULT
permit ip any any
ip access-list extended QOS-SIGNALING
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended QOS-VOICE
permit udp any any range 16384 32767
but when I check the show commands I see that QoS is not working.
CoreA#sh policy-map interface g0/34
GigabitEthernet0/34
Service-policy input: QOS-SOFTPHONE-POLICY
Class-map: QOS_DEFAULT_CLASS (match-all)
3 packets, 198 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DEFAULT
Class-map: QOS_SIGNALING_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-SIGNALING
Class-map: QOS_DATA_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DATA
Class-map: QOS_VOICE_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-VOICE
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CoreA#sh policy-map interface g0/47
GigabitEthernet0/47
Service-policy input: QOS-SOFTPHONE-POLICY
Class-map: QOS_DEFAULT_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DEFAULT
Class-map: QOS_SIGNALING_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-SIGNALING
Class-map: QOS_DATA_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DATA
Class-map: QOS_VOICE_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-VOICE
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
What do I do bad?
The flow is the next:
Computer with CIPC --------> Switch 2960 or 3560 or 3750 ------------------> switch core ---------------> CIPC
I have wireshark in a port mirror on switch 2960, 3560 and 3750. In wireshark I always see the packets marked with default label.
I hope you can help me.
Regards.Try this config:
policy-map QOS-SOFTPHONE-POLICY
class QOS_VOICE_CLASS
set dscp cs3
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class class-default
set dscp default
BR -
Map-class frame-relay , policy map
Does a service-policy output have to be applied to an interface for qos to work?
here is the config but there is nothing applied to the serial interface..
Thanks for your help
policy-map 256/128KVoice
class 256/128KVoice
priority 112
class class-default
fair-queue
map-class frame-relay 256/128KVoice
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 600
frame-relay mincir 128000
no frame-relay adaptive-shaping
frame-relay fair-queue
frame-relay fragment 150
frame-relay ip rtp priority 16384 16380 210
interface Serial0/0
bandwidth 1544
ip address xxx.xxx.xxx.xxx 255.255.255.255
ip route-cache flow
no fair-queue
service-module t1 timeslots 1-24Hello,
Will QOS will work in this way where class is put on WAN interface where it should be service policy.
router#sh run interface Se0/0/0.1
Building configuration...
Current configuration : 239 bytes
interface Serial0/0/0.1 point-to-point
bandwidth 2048
ip address XXXX
ip nat outside
frame-relay interface-dlci 555
class COS-OUT-S0/0/0.1
end
COS-OUT-S0/0/0.1 is defined as policy map with class of voice and video.
When checking on WAN int #sh policy-map interface Se0/0/0.1 , can see output of service policy input/output with policy map recpective classes and packets match entries.Is QOS working with this configuration?
Appreciate any input on this.
Regards,
Brajesh. -
HI Team,
If we use the folowing comands for QOS, what is the effect of
service-policy NIC-QOS-OUT, as i have studied service policy will be applied under physical interfaces. Here policy map has been defined and again it is referred under Parent-QoS-2.5GIG policy map. So please clarify
policy-map NIC-QoS-OUT
description #### Common Child Policy ####
class VIDEO&VOICE-OUT
police cir percent 20
priority
class NICNET-OUT
bandwidth percent 20
random-detect dscp-based
class CONTROL-OUT
bandwidth percent 10
random-detect dscp-based
class INTERNET-SURF-OUT
bandwidth percent 10
random-detect dscp-based
class class-default
random-detect
policy-map Parent-QoS-2.5GIG
description #### Parent QoS Policy for 2.5 GIG Link ####
class class-default
shape average 2300000000
service-policy NIC-QoS-OUT
policy-map NIC-QOS-OUT
Thanks in advance,
NaveenThe two ASA syslogs you posted were both from an internal host to port 80 on an external host. This would indicate that a sucessful DNS resolution has occured in these two instances.
If the cause of your problem is bad DNS lookups, you should see evidence in your AIP-SSM event log of the packets being dropped.
- Bob -
Asking for QoS Advice...
We're upgrading our network infrastructure. We're currently on a Catalyst 6509 core with 3560's as distribution and access. We're currently running CUCM 10.5. Our phones are primarily 7940's running SCCP.
We're moving to a Catalyst 6807 with 6800ia FEXes. We'll be replacing the majority of our deskset phones with the Jabber client and Jabra headsets.
Our current QoS is configured using the 'mls qos' commands and policy-maps in our switches. Someone told me in passing that QoS for Cisco Unified Communications is simplified through "medianet". So the advice I'm looking for...is "medianet" the way we want to go? Or is the 'mls qos' and policy-maps still the way to go? Or is there another preferred option?
Also would be interested in any documentation on best-practices for QoS with CUCM, Unity, WebEx, UCCX, etc.
Thanks,
-MikeHi
+5 for yosh , just keep in your mind the following medianet technology is used especially for Real time applications as video endpoints when you have a switch which connected to many applications as " voice , data , video ,wireless" different types of traffic . In this we d classification for the traffic , here below a good example for mdianet configuration
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Video/qoscampuscat3xxxaag.html
Cisco medianet is specially for video conference endpoints and can be used for IP phone , jabber , telepresence used for the below:-
Autoconfiguration: Facilitates the deployment of video endpoints and reduces the ongoing operational costs of managing moves, adds, and changes.After you connect to the switch by "camera , DMP , IP Pone , jabber" it will get automatically VLAN , QOS , location information and security .
Media Monitoring: Enhances visibility into the network. It helps accelerate troubleshooting, and assess and measure the impact of video, voice, and data applications in the network.
•Media Awareness: Helps the network to become application and rich-media context aware end to end. The network works together with the video endpoints and applications for optimal QoE for end-users and improved visibility for IT.
I used medianet configuration on my cisco switches for my cisco DMPs " digital media players" and this medianet allow me to get the above benfits. Just you have to check the version of your IOS if it is support medianet configuration or not. for configuration , please find the below
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Video/Medianet_Ref_Gd/medianet_ref_gd/chap7.html
http://www.cisco.com/web/learning/le31/le46/cln/learning_module/autoconfiguration/index.html
Thanks
please rate all useful information -
Assign QoS Service Policy via RADIUS to Catalyst 45k/37k?
hi,
is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?
in detail, we would like to assign this policy
policy-map SET_EF
class class-default
set dscp ef
to an interface. All traffic should be marked with a defined DSCP value.
This works find when doing it statically with
interface FastEthernet2/1
service-policy input SET_EF
but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for
that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.
we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k (http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1926523)
unfortunately this seems to not work on Catalyst 45k and 37k.
In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.
it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)
4503-E#sh aaa attributes
AAA ATTRIBUTE LIST:
Type=1 Name=disc-cause-ext Format=Enum
Type=2 Name=Acct-Status-Type Format=Enum
<snip>
Type=345 Name=sub-policy-In Format=String
Type=346 Name=sub-qos-policy-in Format=String
Type=347 Name=sub-policy-Out Format=String
Type=348 Name=sub-qos-policy-out Format=String
any input is welcome :-))
best reagrdsadditionally to this discussion, i've just opened a service request with TAC.
unfortunately the engineer told me that by now per-User QoS is definitely no supported on this two plattforms but it's listed on the roadmap and will be possibly availabe mid 2012...... -
Policy map/ class map/ service policy for IOS xr
Hi,
I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
the IOS xr version we are using is 4.3.4
I was hoping someone could help me out by giving me a configuration example I could follow.
Thank you.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
QoS Atm subinterface to Internet Policy Map Help
I have a 40meg connection to the Internet via 7200 router using ATM ubr. I have been trying to design a Strict priorty for a particular subnet, then a 1 percent Scavenger Class the rest being class default with fair queue and random detect.
I can build the classes and policy maps yet the service-policy will not allow and inbound or outbound placement on the sub-interface. Any help on this would be most appreciated.
Thanks
JasonThat's correct, CBWFQ or LLQ is not supported on the PVC configured as UBR ATM class of service because of the nature of UBR service, there is no guarantee that any traffic will get through, the actual traffic rate can be anything.
Some documentation mention that this is not supported, here is one for 12.4T train:
"CBWFQ is supported on variable bit rate (VBR) and available bit rate (ABR) ATM connections. It is not supported on unspecified bit rate (UBR) connections."
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/congstion_mgmt_oview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1001237
Regards,
Raphael -
How do I show ACL hits for ACL's used in policy maps?
Is there a way to display the hit count against ACL entries when the ACL is used for policy maps, QoS classification etc?
The manual shows how to do this for an ACL when its attached to an interface. Also there are options for a location, it doesn't match for any of the presented locations, but does give the option for a `word' to be entered.Hi Michel,
I have spent some time trying to figure out the syntax for this command, I see how to do it if the ACL is applied to an interface, but not if its used for a policy map or qos policy. Its not clear from the command guide.
What do I use for location assuming this is the way to do it for this type of ACL? I have a read through the configuration guide, its not clear if I can look at these counters or not.
Andy -
Show policy-map interface | Question about QOS show command output
I hope this is the correct place for this question. If not, please let me know.
When I issue the show policy-map interface command (in this case on a 3845) there is some output I don't understand. I have included some output below and formatted the lines I am confused about as "computer code" which show up as red on my screen. A list of the individual lines i'm confused about is below, followed by those liens in the context of the show policy-map command's output.
Any help with this will be greatly appreciated. Thanks in advance.
5 minute offered rate 46000 bps, drop rate 0 bps
5 minute rate 10000 bps
bandwidth remaining 50% (768 kbps)
show policy-map interface
--- previous output omitted ---
GigabitEthernet0/0
Service-policy input: QoS_IN
class-map: Silver (match-any)
164691299 packets, 23570752398 bytes
5 minute offered rate 46000 bps, drop rate 0 bps
Match: access-group name MAINFRAME
4371992 packets, 2311242335 bytes
5 minute rate 0 bps
Match: access-group name KRONOS
13334297 packets, 3051409140 bytes
5 minute rate 5000 bps
Match: access-group name EMAIL
97652823 packets, 10323856470 bytes
5 minute rate 10000 bps
Match: access-group name VOIP-CONTROL
20782858 packets, 1481676784 bytes
5 minute rate 0 bps
Match: access-group name LOGIXWEB
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name GRINDLOG
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CITRIX
46895 packets, 14669179 bytes
5 minute rate 0 bps
Match: access-group name CORP_WEB
28502414 packets, 6387897396 bytes
5 minute rate 4000 bps
QoS Set
dscp af31
Packets marked 164691269
show policy-map interface s0/0/0:0
Serial0/0/0:0
Service-policy output: QoS_OUT
--- previous output omitted ---
Class-map: Silver (match-any)
86590227 packets, 12051546524 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: access-group name MAINFRAME
7641084 packets, 2701232492 bytes
5 minute rate 0 bps
Match: access-group name KRONOS
6975052 packets, 1555404656 bytes
5 minute rate 0 bps
Match: access-group name EMAIL
58438150 packets, 5433636586 bytes
5 minute rate 3000 bps
Match: access-group name VOIP-CONTROL
355083 packets, 41252455 bytes
5 minute rate 0 bps
Match: access-group name LOGIXWEB
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name GRINDLOG
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CITRIX
19 packets, 4967 bytes
5 minute rate 0 bps
Match: access-group name CORP_WEB
13180836 packets, 2320015236 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/18156/0
(pkts output/bytes output) 86421413/12004278837
bandwidth remaining 50% (768 kbps)this is my configuration
DGMGRL> show configuration
Configuration
Name: matrix
Enabled: YES
Protection Mode: MaxPerformance
Databases:
stdby1 - Primary database
stdby2 - Physical standby database
stdby3 - Physical standby database
Fast-Start Failover: DISABLED
Current status for "matrix":
SUCCESS
--- this is my first successful switchover -----
DGMGRL> switchover to stdby2
Performing switchover NOW, please wait...
New primary database "stdby2" is opening...
Operation requires shutdown of instance "stdby1" on database "stdby1"
Shutting down instance "stdby1"...
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
Operation requires startup of instance "stdby1" on database "stdby1"
Starting instance "stdby1"...
ORACLE instance started.
Database mounted.
Switchover succeeded, new primary is "stdby2"
-------------------this is my second switchover -------------
DGMGRL> switchover to stdby1
Performing switchover NOW, please wait...
New primary database "stdby1" is opening...
Operation requires shutdown of instance "stdby2" on database "stdby2"
Shutting down instance "stdby2"...
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
Operation requires startup of instance "stdby2" on database "stdby2"
Starting instance "stdby2"...
Unable to connect to database
ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
Failed.
You are no longer connected to ORACLE
Please connect again.
Unable to start instance "stdby2"
You must start instance "stdby2" manually
Switchover succeeded, new primary is "stdby1"
DGMGRL>
Edited by: user6981287 on Jan 7, 2010 12:57 AM
Edited by: user6981287 on Jan 7, 2010 1:00 AM -
Hi,
I'm a new Network admin, and I have some configuration questions about my installation (see attachment).
I have 3 web servers behind a router.
Public interface: 3 public ip adresses
Private interface: router on a stick config ( 3 sub-interfaces, 3 different networks, 3 VLAN)
I would to know the best way to redirect http traffic to the right server.
My idea is to map a public address to a private address, via NAT, but I'm not sure for the configuration. I could also redirect via Policy-map and filter by url content.
So if you have some advise for this case, it would be really appreciated.
Thank you.
Chris.Hello Christophe,
As I understand you want 1st that ;
if somebody go to A.local.com from internet then he will redirect to 192.168.1.10 in your internal network.
That means, you need static mapping between your public @ip address and your local ip address.
for this example, your local interface is Fa0/0.1 and I dont your public interface because it is not mention in your diagram. I will suppose S0/0 for public interface.
that is the config for the Web Server1. You can do the same with the remaining servers:
interface fa0/0.1
ip nat inside
interface serial0/0
ip nat outside
ip nat inside source static 192.168.1.10 172.1.2.3
static mapping from local to public.
I suppose you have done the dns mapping in your network and the ISP have done the same in his network.
ip route 171.1.2.3 interface serial0/0
or
ip route 0.0.0.0 0.0.0.0 interface serial0/0.
After these step for each web server, you will get the mapping.
Now you can restrict access to this ip only to http or https protocol on your isp and after on your local network
like
ip access-list extended ACL_WebServer1
permit ip any 192.168.1.10 eq www
deny ip any 192.168.1.10
exit
interface fa0/0.1
ip acess-group ACL_WebServer1 in
no shut
exit
That is the first step.
Second step : you want to filter traffic by url, that means layer 5 to 7 filtering.
I am not sure that it is possible using cisco router with (ZBF + Regex).
Check the first step and let us know !
Please rate and mark as correct if it is the case.
Regards, -
QoS - Create class-map while inside policy-map
The cisco training notes for CME claim you can create a non-existant class-map while in the policy-map. Here is the what the notes say
router(config-pmap)#class class-map-name condition
? Optionally you can define a new class-map by entering the condition after the name of the new class map
Does this workIf my memory serves me, it was on a 7206VXR running a 12.3 cut. Also, I do recall that the '?' will not present this as an option but it still works...
Paresh. -
How to map accounts for RCA, CLS, IRV and PPV account titles??
Hi,
We are on 11.5.9 and using PMAC costing.
While mapping for CLS, RCA, IRV, PPV account titles, I am getting confused to what accounts should i have to map these a/c titles :( I understand why those accounts are generated but somehow, am unable to find out the way to map them..
I have gone thru Metalink and user guides but there doesn't seem to be any clue for it.
Pl help me out.
Rgds,Hi MAK,
Usually, RCA and CLS accounting titles are mapped to Production Batch Transactions. CLS is used to map Batch Closure Variance, amount required to clear WIP account. Typical reasons for non-zero closing variances are:
* Batch Release and Certification in different cost periods
* With PMAC, the average costs include the period end balance, which may create a variance.
RCA (Resource Control Account) represents the value of Resources (Direct / Indirect Labor etc.), burden cost allocated to the Production batch. MAC subledger accounting user guide provide in-depth documentation on these accounting titles.
Regards,
Sanjeev -
Hi there, newbie here. Wondered if anyone can help, opened another user account for daughter on windows 64, and when we tried to open itunes a message came up saying it could not open because of digital signature policy, when i go back to my user it opens ok.
Could anyone help.
Cheersam not prepared to enter my credit card also on her account application.
You can enter it on the registration page then delete it immediately after you complete the registration.
If I purchase a iTunes card with some credit, can I open the account for her just with the code?
If you wish. Instead of going to Create new accout, go to Redeem on the main iTunes store screen, enter the code, then select *Create new account*.
What will happen if the credit on the card gets to zero?
She will not be able to make a purchase until another gift card is entered or a CC is linked to the account.
Maybe you are looking for
-
Problem with "Oracle JDeveloper News" RSS ?
This message is probably misplaced but I don't know who to send it to. I keep getting the same message from "Oracle JDeveloper News" titled "New EA Step-by-Step Tutorials" dated 9/19/2005 4:46 AM with as malformed website address of "/technology/prod
-
Is caret positioning in right-to-left oriented jtextpane corruptable?
Dear all - Below is a serious problem. I hope I can get help from you experts out there; otherwise, I think it is a bug that should be reported to the JDK developers. I am writing an editor using my own keyboard layout to type in Arabic. To do so, I
-
Hi I have an Interactive Adobe form, in which I have 3 Drop lists in a Table. If User enter same data ( Duplicates ), then we need to control those. how we can control it? ex: DD1 DD2 DD3 101 10 1 102
-
ALC-ASM-S00-002 NumberFormatException on attachment filename or source
DDX: <DDX xmlns="http://ns.adobe.com/DDX/1.0/"> <PDF result="pdfWithAttachments" format="PDF"> <PDF source="pdfWithoutAttachments"/> <FileAttachments source="pic_20140917135051.bmp"> <File filename="pic_20140917135051.bmp"/> <Descript
-
Can't download Mountain Lion - error message
The product distribution file could not be verified. It may be damaged or was not signed.