SF302-08P qos police to zero

Similar Messages

• Bandwidth Management(Rate Limit) Using QoS Policies

  Hello,
  I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
  Need input please,
  Thanks,
  D

  Hello,
  That's a question that you as the network admin of that organization could answer.
  How much traffic for business purposes must travel via HTTP/HTTPS?
  How much bandwith are you willing to provide to this 2 protocols?
  Those are the kind of answers you need to answer before setting the number
  Regards
  Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
  Julio

• Installing SF302-08p with VOIP and Vlans

  I am installing this switch to a new departement. The reason of this is to share networks and bring POE over there as we will be istalling VOIP phones next month. We already have a network in place:
  -Cisco me 3400 from the ISP
  -Cisco ASA 5510 firewall
  -Cisco ESW 520 (x3) where access points are connected as well as most part of the network
  -Cisco catalyst 3900 (x3) for extra ports
  I am actually adding these 2 devices:
  -SF302-08P
  -WES610N
  The SF302-08P will be used for network and VOIP, while the WES610n connects 2 industrial printers to the network.
  The network uses VLANS (10 WAN for office, 100 VOIP, 300 WIFI and 309 for management)
  Here are my troubles:
  The SF302-08P refuse VOIP registration but allows computers
  The WES610n connects to access point, allows devices to fetch info from DHCP but blocks every connection except tracert
  Any advices or help on this would be greatly appreciated

  David
  This forum deals primarily with the Cisco Enterprise switches and as such that is the expertise people have here. You have a Small Business switch. No offense intended but you should move this to the Small Business switches forum where you should get the help you need -
  https://supportforums.cisco.com/community/netpro/small-business/switches
  Jon

• SF302-08P small buisiness switch with CNA

  I've been using the CNA for our 3560X type switches and really like it.
  I saw the lastest version would support the Sx300 switches.
  I tried it on some of our SF302-08P switches and it worked great!
  But then I tried it on a new one, with newer firmware (1.3.7.18) I got a connection error (said something about not specifying a host name with DNS, but I didn't copy it all down).
  Anyone know if that version of firmware has an issue with the latest CNA?  (6.1)
  I also couldn't update the firmware on the switch to the 1.4.x firmware on the cisco site. Said a mismatch.
  Mark

  Hi,
   Thanks for the response.
  the firmware is for the  SF302-08P switches.
  I use the latest CNA to connect with other 302 switches (older firmware) but not this one with the newer firmware.
  That was what I was trying to find out. Is there an issue with the 1.3.7.18 firmware on the  302 switches AND CNA.
  Or if possibly I'm doing something else wrong (certainly probable)
  thanks
  mark

• NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS

  Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
  To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
  While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
  My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
  Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
  Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
  Thank you for your time,
  Joshua

  Hi,
  First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
  http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
  or one of the following commercial tools:
  http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
  The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
  However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
  Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
  I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
  HTH - plz rate if useful.
  Andrew.

• Cisco SF302-08P пропадает с порта trunk native vlan, когда подключаю IP PHONE.

  Здравствуйте!
  У меня возникла проблема с коммутатором Cisco SF302-08P. В частности проблема заключается в настройке порта для IP phone и ПК.
  Как известно это PoE коммутатор.
  vlan database
  vlan 47,147
  exit
  voice vlan id 147
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  hostname DepGrajdIniciativ
  ip ssh server
  snmp-server server
  ip telnet server
  interface vlan 47
   ip address 172.27.47.253 255.255.255.0
   no ip address dhcp
  interface fastethernet1
   storm-control broadcast enable
   storm-control broadcast level 10
   storm-control include-multicast
   port security max 10
   port security mode max-addresses
   port security discard trap 60
   spanning-tree portfast
   switchport trunk allowed vlan add 147
   switchport trunk native vlan 47                 <-----               
   macro description ip_phone_desktop
   !next command is internal.
   macro auto smartport dynamic_type ip_phone_desktop
  147 влан для Ip phone. 47 влан для компьютера.
  Дело в том, что когда, например, на 1 порт подключаю IP phone (cisco 6921), с порта пропадает настройка  "switchport trunk native vlan 47", соотвественно, на компьютере, который подключен к телефону на порт "computer", пропадает связь (теряется vlan 47?).  Приходится по новой прописывать, но он сохраняется до следующей перезагрзуки коммутатора или телефона.
  P.S. настройки на коммутаторе сохраняем командой "copy run start" или "wr". На телефоне "admin vlan" указан 147. 
  P.S.S. телефон питается по PoE.
  В чем может быть проблема? я работал со многими cisco коммутаторами, но нигде такой картины не видел....

• SF302-08P layer 3 mode

  Hi,
  i'm trying to configure SF302-08P in layer 3 mode.
  ports 1 to 8 have ip phones and desktops, port GE1 in connected to a router (not cisco) that links to the internet.
  i created vlan 100 and assigned to ports 1 to 8 (untagged)
  i created vlan 200 and assigned to port ge1 (untagged)
  activated dhcp server , created pool with 192.168.26.0/24 gw 192.168.26.1
                         |router A| (192.168.16.0/24 gw 192.168.16.1)
                             |
                             |
                             | GE1 (192.168.16.14)
                         | SF302-08P |
                                   |
                                   |
  SPA504G+DESKTOP |    SPA504G+DESKTOP
          192.168.26.2                      192.168.26.4
           192.168.26.3                      192.168.26.5
  the problem that i'm facing is that SPA504G and desktops access the internet with their inter address 192.168.26.0/24 and not 192.168.16.14.
  is there a way to achieve what i'm looking ? how does routing work in this case ? shouldn't there be some kind of NAT ?
  thank you

  Hello Luis,
  Is there a particular reason that the switch needs to be in Layer 3 Mode?
  I think your scenario would work better if you configure NAT on your router and let the router act as the DHCP server. Then, the switch could be in Layer 2 Mode.
  Alex

• VLAN setup on SF302-08P switch

  I have the following setup using two SF302-08P PoE switches:
  1st floor
  =========
  Switch #1 <-------> private network
            <-------> public network
  2nd floor
  =========
  Switch #2 <-------> private network
              ....    public network (visible but devices can't connect)
  I have tried to make the config in switch #2 identical to switch #1, but something is still wrong.
  Is this most likely a VLAN setup problem, or what?
  Thanks.
  Ken Watkins

  Tom,
  Thanks so much for your help. In my case, the second VLAN is VLAN 50. Here are the pics of what I think you are talking about through the web interface. Do these look like what you are suggesting?
  Thanks again.
  Ken

• Power adaptor of the sf302-08p

  Hey,
  We are looking for a power adaptor for a cisco switch Sf302-08p. We can't find the adaptor anymore and we have to orde a new one, but we can't figure out the order number of the adaptor. The voltages is 48vdc and has an 4 pin connector . Do someone know the type or ordernumber of this adaptor?
  Thanks a lot.
  Stefan

  Hi Stefan, the power adapter does not have a separate part number. What you can do is call the SBSC, a lot of times they will RMA a whole unit to you then you may remove the power adapter and ship back the unit that was sent. The SX300 RMA process is always advance replacement since it is the defined service level for the warranty.
  -Tom
  Please mark answered for helpful posts

• 19" Rackmount-kit included with 8-port switch SF302-08P?

  Hi, distribution can´t tell me if rackmount kit 19" is included in 8-port models... can anybody tell me? Thanks a lot!

  Yes, it is.  From techdata.com:
  WHAT'S IN THE BOX
  Cisco Small Business SF302-08P
  Serial cable
  Rack mounting kit

• SF302-08P & MP

  What is the difference between SF302-08P and SF302-08MP Switches? Comparison Chart is identical.
  Thanks
  DJE

  Hi Douglas,
  MP means "Maximum PoE" meaning that the full PoE specified 15,4 Watts are available simultaniously on all ports.
  Best regards,
  Zsolt

• Cisco SF302-08P (SRW208P-K9-NA) Support for Cisco IP 7942 Phones

  Hi All,
  I am looking at quoting the SF302-08P for a client which will have three small offices interconnected via single mode fiber. I am planning on connecting them to a 3560 switch. Each office will have no more than 3 - 7942 phones. I reviewed the notes on this switch and it seems it should support this phone type without any issues. Could you advise if you have run into any support/reliability issues with this switch and the 7942s?
  Thank You,

  Hi RevereORL,
  My concern is there are;
  slight nuances or differences between the CLI configuration on the SG300 compared to the Catalyst range.
  I am also very very slightly concerned about post sales support interaction between TAC and SBSC, but these days there is much more cross talking between these two support groups.
  Different SFP SKU's for fiber connectivity GLC- series for catalyst and MGB series on 300, even though I have no issue with plugging the GLC SKU's into my 300 series product.
  The SF302-8P has a POE budget defined as 62W across all 8 ports or 62watts / 8 ports= 7.75 approx watts that can be drawn from each port.
  With the software upgrade to 1.1.1.8 the 300 series now also supports pre-standard POE as well as the 802.3af, power should not be a issue..
  I guess the beauty of buying from a distributor, and keeping the packaging, is that your can validate your application.
  Give it a try,.
  regards Dave

• How do people manage QoS Policies in large network without using QPM

  We are using QPM to manage QoS polices however we are looking at decommissioning CiscoWorks. How are people managing with their QoS settings in large environments?

  I have no idea about the modem and bridge mode (I don't do networking -- hopefully Bob Timmons, Tesserax, or one of the other networking gurus will drop in and address that).
  But . . . you should be able to back up to the TC as long as it's on your network and recognized by your Macs.  I think being in bridge mode means it will be rather slow, but it should work.  Until/unless we hear otherwise, you might want to see #Q1 in Using Time Machine with a Time Capsule.

• 3650 QoS Policing

  Hi,
  I am trying to do some policing on a 3650 and for some reason, the interface doesn't seem to want to apply my service policy. Here is my config:
  class-map match-any ExchangeClass
    match vlan  410
  policy-map ExchangePolicy
   class ExchangeClass
      police cir percent 25    conform-action transmit     exceed-action drop     violate-action drop
  I use the command service-policy input ExchangePolicy on the gi1/0/1 interface, I then do a sh run int gi1/0/1 and there is no input service policy shown in the config. Does anybody know why it hasn't applied the service policy? If I use an auto qos input service policy then it seems to apply it.

  The log will have a reason as to why is was not applied.  
  I have the same problem on a 3850 have asked this question:
  https://supportforums.cisco.com/discussion/12467066/qos-routed-ports-3850
  e.g.
  Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!!

• Catalyst 3850 QoS police

  Hello,
  Here is the config for Catalyst 3560 found under the link below.
  I would like to do same setting on Catalyst 3850.
  http://itknowledgeexchange.techtarget.com/network-engineering-journey/how-to-configure-per-vlan-qos-in-cisco-3550-and-3560/
  mls qos
  interface fa0/2
  mls qos vlan-based
  class-map INT
  match input-interface fa0/2
  policy-map NESTED_POLICE
  class INT
  policy 12800 1600 exceed-action drop
  class-map HTTP
  match protocol http
  policy-map PARENT_MARK
  class HTTP
  set dscp af11
  service-policy NESTED_POLICE
  interface vlan 10
  service-policy input PARENT_MARK
  But commands like "mls qos", "mls qos vlan-based" and "match input-interface " doesn't work on 3850.
  There is no helpful Cisco manual for it.
  Could anyone help me?
  Thanks in advance,
  Taro

  Hello Paul,
  Thank you for the attention.
  Here is the information.
  #sh ver
  Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Wed 20-Mar-13 17:10 by prod_rel_team
  Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
  All rights reserved.  Certain components of Cisco IOS-XE software are
  licensed under the GNU General Public License ("GPL") Version 2.0.  The
  software code licensed under GPL Version 2.0 is free software that comes
  with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
  GPL code under the terms of GPL Version 2.0.
  (http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
  documentation or "License Notice" file accompanying the IOS-XE software,
  or the applicable URL provided on the flyer accompanying the IOS-XE
  software.
  ROM: IOS-XE ROMMON
  BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
  SW01 uptime is 21 weeks, 6 days, 14 hours, 27 minutes
  Uptime for this control processor is 21 weeks, 6 days, 14 hours, 30 minutes
  System returned to ROM by reload at 22:27:58 JST Wed Jan 8 2014
  System restarted at 22:27:52 JST Wed Jan 8 2014
  System image file is "flash:packages.conf"
  Last reload reason: Reload command
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  License Level: Ipservices
  License Type: Permanent
  Next reload license Level: Ipservices
  cisco WS-C3850-24T (MIPS) processor with 4194304K bytes of physical memory.
  Processor board ID FOC1717V01B
  24 Virtual Ethernet interfaces
  56 Gigabit Ethernet interfaces
  8 Ten Gigabit Ethernet interfaces
  2048K bytes of non-volatile configuration memory.
  4194304K bytes of physical memory.
  250456K bytes of Crash Files at crashinfo:.
  250456K bytes of Crash Files at crashinfo-2:.
  1609272K bytes of Flash at flash:.
  1609272K bytes of Flash at flash-2:.
  0K bytes of Dummy USB Flash at usbflash0:.
  0K bytes of Dummy USB Flash at usbflash0-2:.
  0K bytes of  at webui:.
  Base Ethernet MAC Address          : 44:ad:d9:6d:4e:00
  Motherboard Assembly Number        : 73-12238-06
  Motherboard Serial Number          : FOC17163HB8
  Model Revision Number              : B0
  Motherboard Revision Number        : D0
  Model Number                       : WS-C3850-24T
  System Serial Number               : FOC1717V01B
  Switch Ports Model              SW Version        SW Image              Mode
       1 32    WS-C3850-24T       03.02.01.SE       cat3k_caa-universalk9 INSTALL
       2 32    WS-C3850-24T       03.02.01.SE       cat3k_caa-universalk9 INSTALL
  Switch 02
  Switch uptime                      : 21 weeks, 6 days, 14 hours, 31 minutes
  Base Ethernet MAC Address          : 20:bb:c0:01:86:80
  Motherboard Assembly Number        : 73-12238-06
  Motherboard Serial Number          : FOC17163HCM
  Model Revision Number              : B0
  Motherboard Revision Number        : D0
  Model Number                       : WS-C3850-24T
  System Serial Number               : FOC1717V01K
  Configuration register is 0x102
  SW01#sh sdm prefer
  Showing SDM Template Info
  This is the Advanced template.
    Number of VLANs:                                 4094
    Unicast MAC addresses:                           32768
    Overflow Unicast MAC addresses:                  512
    IGMP and Multicast groups:                       8192
    Overflow IGMP and Multicast groups:              512
    Directly connected routes:                       32768
    Indirect routes:                                 8192
    Security Access Control Entries:                 3072
    QoS Access Control Entries:                      2816
    Policy Based Routing ACEs:                       1024
    Netflow ACEs:                                    1024
    Input Microflow policer ACEs:                    256
    Output Microflow policer ACEs:                   256
    Flow SPAN ACEs:                                  256
    Tunnels:                                         256
    Control Plane Entries:                           512
    Input Netflow flows:                             8192
    Output Netflow flows:                            16384
  These numbers are typical for L2 and IPv4 features.
  Some features such as IPv6, use up double the entry size;
  so only half as many entries can be created.