Traffic policing question on Cisco ASR 1001
Hi Experts,
I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.
Lets say I have a router with several subinterfaces:
interface GigabitEthernet0/2
description WAN
ip address x.x.x.x x.x.x.x
interface GigabitEthernet0/1.70
description Lan_1
encapsulation dot1Q 70
ip address 192.168.55.1 255.255.255.0
interface GigabitEthernet0/1.80
description LAN_2
encapsulation dot1Q 80
ip address 192.168.56.1 255.255.255.0
interface GigabitEthernet0/1.90
description Servers
encapsulation dot1Q 90
ip address 172.16.10.1 255.255.255.0
I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?
Many Thanks
Hello
The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and shaping values from LAN1 & 2 traffic is set to 35MB.each.
Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.
Maybe others on here could review to verify any problems with this post and share their thoughts?
ip access-list extended SRVS_acl
permit ip 172.16.10.0 0.0.0.255 any
ip access-list extended LAN1_acl
permit ip 192.168.55.0 0.0.0.255 any
ip access-list extended LAN2_acl
permit ip 192.168.56.0 0.0.0.255 any
class-map match-all SRVS_CM
match access-group name SRVS_acl
class-map match-all LAN_1_CM
match access-group name LAN1_acl
class-map match-all LAN_2_CM
match access-group name LAN2_acl
policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action transmit exceed-action drop
policy-map LAN_2_PM
class LAN_2_CM
police 35840000 conform-action transmit
policy-map LAN_1_PM
class LAN_1_CM
police 35840000 conform-action transmit
interface GigabitEthernet0/1.70
service-policy input LAN_1_PM
interface GigabitEthernet0/1.90
service-policy input SRVS_PM
interface GigabitEthernet0/1.80
service-policy input LAN_2_PM
policy-map WAN_CHILD
class SRVS_CM
priority 30720
class LAN_1_CM
shape average 35840000
class LAN_2_CM
shape average 35840000
class class-default
fair-queue
policy-map WAN_PARENT
class class-default
shape average 102400000
service-policy WAN_CHILD
int GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT
res
Paul
Similar Messages
-
Hi Cisco Professional,
We want to implementing PPPoE over port-channel (using subinterfaces L2) in Cisco ASR 1001 routers, my question is if this router support this feature?, in the other hand i've see documents about this theme, pls check these links:
http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_lnkbndl_xe.html
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/xe-3s/ce-ieee-link-bndl-xe.html
My IOS version Cisco ASR 1001 is:
System image file is "bootflash:/asr1001-universalk9.03.04.00.S.151-3.S.bin"
We want this configuration on the router,
no interface GigabitEthernet0/0/0.25
interface port-channel 10.25
description TURBONETT PUBLICA UT
encapsulation dot1Q 25
ip address 10.17.44.254 255.255.252.0
no interface GigabitEthernet0/0/0.52
interface port-channel 10.52
description TURBONETT-UT
encapsulation dot1Q 52
pppoe enable group global
pppoe max-sessions 4000
no interface GigabitEthernet0/0/0.61
interface port-channel 10.61
description Turbonett-Sector-A
encapsulation dot1Q 61
pppoe enable group global
pppoe max-sessions 4000
Kind Regards,
Renzo TovarHi Renzo,
PPPoEoVLAN on GEC (LACP mode) is supported as of XE 3.7. I see that you are using XE 3.4 here so I would suggest to move to XE 3.7 and try this feature.
This is a sample configuration for the feature:
interface GigabitEthernet2/1/0
no ip address
negotiation auto
channel-group 2 mode active
interface GigabitEthernet3/1/0
no ip address
negotiation auto
channel-group 2 mode active
lacp port-priority 65000
interface Port-channel2
no ip address
load-interval 30
no negotiation auto
lacp max-bundle 1
lacp fast-switchover
interface Port-channel2.200
encapsulation dot1Q 200
pppoe enable group global
interface Port-channel2.500
encapsulation dot1Q 500 second-dot1q 1500
pppoe enable group global
As you can see, both PPPoEoVLAN and PPPoEoQinQ are supported.
Hope this helps.
Best regards. -
ASR 1001 L2TP sessions // License issue?
Hello,
This is my first post, in the fisrt place, sorry for my english, is not my native language.
I have purchased a refurbished ASR 1001 without any license for using as LNS:
Cisco IOS XE Software, Version 03.12.00.S - Standard Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
asr1001-universalk9.03.12.00.S.154-2.S-std.bin
The scenario is this:
LAC (from network provider) send L2TP packet sessions-> LNS (ASR 1001, assign public IP to user and close the L2TP session).
The configuration of ASR is the typical for xDSL connections.
1) The LAC send requests to LNS Loopback interface:
interface Loopbacktest1
ip address 5.6.7.8 255.255.255.255
snmp ifindex persist
2) LNS assign the loopback interface to vpdn group, that points to virtual-template:
vpdn-group VpdnG1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname Provider01
dsl-line-info-forwarding
source-ip 5.6.7.8
lcp renegotiation always
l2tp tunnel password 7 XXXXXXXX
interface Virtual-Template1
description Int-Vi1 VpdnG1
mtu 1501
ip unnumbered GigabitEthernetX/X/X
ip mtu 1460
ip tcp adjust-mss 1400
no peer default ip address
ppp max-terminate 255
ppp max-configure 255
ppp max-failure 255
ppp max-bad-auth 10
ppp authentication pap chap ppp_authent2
ppp multilink
Since here, all is OK, but the problem is that the ASR cannot reach connected users and evidently the user doesn't have internet connectivity because he cannot reach the gateway IP (ASR IP).
Interface User Mode Idle Peer Address
Vi1.1 test1 PPPoVPDN - 1.2.3.4
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
1589 3324 Provider01 est 5.6.7.8 1 VpdnG1
ASR1001#ping 1.2.3.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.2.3.4, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASR1001 in not forwardinf the traffic to end users
Exactly the same configuration works fine in 7201 cisco router.
After read some information in internet and cisco web and test several IOS images and configurations I have activated 2 of 3 (marked in bold down) possible licenses that are available to test in the router (these are available during 60 days).
SLASR1-IPB
Cisco ASR 1000 IP BASE License
SLASR1-AIS
Cisco ASR 1000 Advanced IP Services License
SLASR1-AES
Cisco ASR 1000 Advanced Enterprise Services License
***Result-> After apply Advanced IP Service or Advanced Enterprise license the ASR works perfectly, forwarding the traffic to the end users. The router can reach gateway and have internet connection.
I would like to try IP BASE License but there is no possibility to activate the test period in the router, I don't know if you knows any way to test it. This is the details that router shows about this 3 license types:
Index 1 Feature: adventerprise
Period left: 8 weeks 1 day
Period Used: 2 days 12 hours
License Type: EvalRightToUse
License State: Active, In Use
License Count: Non-Counted
License Priority: Low
Index 2 Feature: advipservices
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: ipbase
-->There is no more info about IP base license<---
If I use the command "license boot level" I can apply the IP base license, but after reload the router, nothing happens.
ASR1001(config)#license boot level ?
adventerprise Advanced Enterprise License Level
advipservices Advanced IP Services License Level
ipbase IP Base License Level
Then my answers are:
1) Is 100% necessary to have a license in ASR1001 to use the router as LNS as showed? Apparently after my tests I will answer "yes", but I'm not sure if my configuration is the only one that I can configure. Maybe exist another way to config the required scenario and avoid the purchase license.
2) Do you know if IP Base license will active the forwarding packet function in the ASR? I think yes, but before buy this license I need to be sure. As you know Ip Base is the most cheap license.
Thanks in advantage!
RegardsHello,
Documentation states that licensing on the ASR 1000 are now honor-based since 3.7s. I didn't test it though.
Basically, your license marked now as "EvalRTU" will be moved to an "RTU" license, indicating you would need to buy a license to keep your honor intact, but no disruption in features or connectivity will happen.
Since your test was more than 60 days ago, can you confirm this behavior with 3.12 ?
Thanks,
Kind regards,
Sources:
- All Cisco ASR 1000 feature and performance upgrade licenses are honor-based; that is, they are not enforced through a PAK (Product Activation Key). Note: Prior to Cisco IOS XE Software Release 3.7S, performance upgrade licenses that are required to upgrade the Cisco ASR 1001 from 2.5 to 5 Gbps or the Cisco ASR 1002-X from 5 to 10 to 20 to 36 Gbps are enforced through a PAK. Similarly, prior to Cisco IOS XE Software Release 3.6S, technology package licenses are enforced through a PAK. [1]
- When the 60-Day Evaluation Period expires, the license automatically changes to an RTU license. As with all other RTU licenses, there is no functionality disruption or accessibility concerns following this transition. [2]
[1] http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/guide-c07-731639.html
[2] http://www.cisco.com/c/en/us/td/docs/routers/asr1000/install/guide/1001-x/asr1hig/asr1lic.html -
ASR 1001 Router enquiry on fiber handoff
Cisco ASR 1001 Router would support fiber hand-off of the link. Below is the Specifications of the Router - we received from vendor:
Description
Quantity
Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S
1
Cisco 5-Port Gigabit Ethernet Shared Port Adapter
1
1000BASE-LX/LH SFP transceiver module, MMF/SMF, 1310nm, DOM
2
Cisco ASR1001 AC Power Supply
2
Power Cord India, Right Angle
2
Cisco ASR 1001 IOS XE UNIVERSAL - NO ENCRYPTION
1
Cisco ASR 1000 IP BASE License
1
SPA for ASR1000; No Physical Part; For Tracking Only
1
Cisco ASR1001 4GB DRAM
1
PRTNR SS 8X5XNBD Cisco ASR1001 System,Crypto
1
PRTNR SS 8X5XNBD Cisco ASR 1000 IP BASE License
1
PRTNR SS 8X5XNBD 5-Pt Gigabit Enet Shared Pt Adptr
1
Datacenter feature: There will be fiber connections already installed at the DMZ site from the meet me telco room to the partner racks. Therefore, your service provider must understand that they will do a circuit handoff to fiber and order the routers, interface cards, connectors, etc. to support fiber circuit extension.You can use standard Ethernet copper or Fiber, providing that you have the correct SFP/GBICs.
As long as you have the correct SFP's you need for the ASR - All should be good.
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/ASRintro.html#wp1235447
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6577/product_data_sheet0900aecd8033f885.html
hth -
Hi I am changing IOS of Cisco ASR 1001 from asr1001-universalk9.03.07.02.S.152-4.S2.bin
to asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin but everty time it boot up with old IOS universalk9.
Is it becaused of Licence issue.
Router#sh bootvar
BOOT variable = bootflash:asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin,12;bootflash:asr1001-universalk9.03.07.02.S.152-4.S2.bin,12;
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x2102
License Level: advipservices
License Type: Permanent
Next reload license Level: advipservices
cisco ASR1001 (1RU) processor with 1155941K/6147K bytes of memory.
Processor board ID SSI1607042B
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7741439K bytes of eUSB flash at bootflash:.
Configuration register is 0x2102You downloaded the wrong file. The file you wanted to run has "rp1" but the original file doesn't. You downloaded a file for a different model. Your router is an ASR 1001 with fixed RP but you've downloaded a file for a different sub-model of ASR, like the 1002 or 1004.
Go here instead: http://software.cisco.com/download/release.html?mdfid=282993672&softwareid=282046477&release=3.10.3S&relind=AVAILABLE&rellifecycle=ED&reltype=latest -
Hello, Try as I might I cant find a document that says;
"How to activate encryption on an ASR 1001" or "activating ip advanced features" on the ASR 1001.
Can anyone help please. My Kit list.
Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S
Cisco ASR1001 4GB DRAM
Cisco ASR 1000 Advanced IP Services License
Cisco ASR 1001 IOS XE - ENCRYPTION UNIVERSAL
IPSEC License for ASR1000 Series
Upgrade from 2.5 Gbps to 5Gbps License for ASR 1001
Whats the process to activate the 2.5gbps to 5gbps feature or encryption?
Thanks
ChrisChris,
The ASR1000 feature licensing is explained on the document http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c25-448292.html
You can also find this information on the product datasheet at http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html
Regarding IPSec and Bandwidth licenses on ASR1K, see below and excerpt from datasheet:
Cisco ASR1001 Feature Licenses: Enforced with PAK
FLSASR1001-5G
Upgrade from 2.5 Gbps to 5Gbps License for ASR 1001
FLSASR1001-5G=
Upgrade from 2.5 Gbps to 5Gbps Paper PAK for ASR 1001
L-FLSASR1001-5G=
Upgrade from 2.5 Gbps to 5Gbps E-Delivery PAK for ASR 1001
Security
FLSASR1-IPSEC
IPSEC License for ASR1000 Series
FL-ASR1-IPSEC=
IPSEC Paper PAK for ASR1000 Series
L-FL-ASR1-IPSEC=
IPSEC E-Delivery PAK for ASR1000 Series
Cheers, Gustavo -
What Software image / License required for ASR 1001
Hi,
I want to purchase Cisco ASR 1001 router, I need to run ssh , Crypto , IPSec VPN ( 3DES, ESP ) and Gre Tunnels on it.
i am confused with different IOS / Licenses of ASR 1001, can any one please suggest me with the part numbers that i need to put in for ordering ?
From my Vendor quote i can see that below is the part of the packege ( part number = ASR1001 )
SASR1001UK9
Cisco ASR1001 IOS XE - ENCRYPTION UNIVERSAL
but there is another Technology based license required and this is not included in the above part number packet so i need to know which one i need to buy from below?
ASR1001/ASR 1002-X Technology Package Licenses
SLASR1-IPB
Cisco ASR 1000 IP BASE License
SLASR1-AIS
Cisco ASR 1000 Advanced IP Services License
SLASR1-AES
Cisco ASR 1000 Advanced Enterprise Services License
SLASR1-IPB=
Cisco ASR 1000 IP BASE Paper PAK
L-SLASR1-IPB
Cisco ASR 1000 IP BASE E-Delivery PAKThere was a regression introduced in 3.5.1 where the Main-class attribute of the Coherence.jar was changed to a different main class leading to this effect.
The workaround is to specify the main class as part of the command line.
Assuming your current directory is the coherence home directory:
Start a cache server:
java -cp lib/coherence.jar com.tangosol.net.DefaultCacheServer Start the command line:
java -cp lib/coherence.jar com.tangosol.coherence.component.application.Console And the above is basically what the coherence.sh/.cmd and cache-server.sh/.cmd scripts do.
Edited by: Christer Fahlgren on Aug 31, 2009 10:06 AM -
Thanks in advance for your help!
what license do I need to create a IPSEC tunnel?
I have an ASR 1001, running ?
System returned to ROM by reload at 10:14:31 UTC Tue Aug 23 2011
System image file is "bootflash:asr1001-universalk9_npe.03.03.00.S.151-2.S.bin"
Last reload reason: PowerOn
License Info:
License UDI:
Device# PID SN UDI
*0 ASR1001 JAE153402YI ASR1001:JAE153402YI
License Package Information for Module:'asr1001'
Module name Image level Pri Config Valid license
asr1001 adventerprise 1 NO adventerprise
advipservices 2 NO advipservices
ipbase 3 NO ipbase
Module name Current Level Reboot Level
asr1001 ipbase ipbase
cisco ASR1001 (1RU) processor with 1202026K/6147K bytes of memory.
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7782399K bytes of eUSB flash at bootflash:.Hi,
You need to have advipservicesk9 bundle in order to configure vpn tunnels.
Please rate the helpfull posts.
Regards,
Naidu. -
Maximum cos1 (voice traffic) supported by Cisco ASR 1006 router
Dear Team,
Please confirm the maximum cos 1 traffic supported by cisco ASR 1006 router.Yes, it would. If you are planning on terminating a single site on this router I would spread over multiple routers for redundancy.
Table 6 explains number of ports and channels providing you have the DSPs:
http://www.cisco.com/c/dam/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/product_data_sheet0900aecd8057f2e0.pdf -
Cisco ASA QoS traffic policing - how to count conform burst
hi,
I have cisco ASA 8.4(5). I will do configuration for QoS traffic policing. Maximum output/input rate will be 850 Mbits/s.
I am not sure if I need to do configuration also for conform burst ? if yes, can I count suitable value for it ? I must admit that I dont understand difference between conform rate and conform burst.
access-list acl_qos_policing_admin extended permit ip any any
class-map class_qos_policing_admin
match access-list acl_qos_policing_admin
policy-map policy_qos_policing_admin
class class_qos_policing_admin
police output 850000000 xxxxxxx
police input 850000000 xxxxxxx
service-policy policy_qos_policing_admin interface
inside_ADMHi, I already have done configuration on production firewall. Bandwidth test worked very good for 200Mbps or 300 Mbps. But I got little strange results for bigger rate limits such 600Mbps or 850 Mbps. I could not see any dropped packets. I did test via http://www.speedtest.net. Maybe because
I need to set conform-burst? there is now only default value (If you set bigger conform-rate then you get bigger conform-burst with default value).
Interface inside_EDU:
Service-policy: policy_qos_policing_edu
Class-map: class_qos_policing_edu
Output police Interface inside_EDU:
cir 200000000 bps, bc 6250000 bytes
Input police Interface inside_EDU:
cir 200000000 bps, bc 6250000 bytes
Interface inside_EDU:
Service-policy: policy_qos_policing_edu
Class-map: class_qos_policing_edu
Output police Interface inside_EDU:
cir 600000000 bps, bc 18750000 bytes
Input police Interface inside_EDU:
cir 600000000 bps, bc 18750000 bytes
Interface inside_ADM:
Service-policy: policy_qos_policing_admin
Class-map: class_qos_policing_admin
Output police Interface inside_ADM:
cir 300000000 bps, bc 9375000 bytes
Input police Interface inside_ADM:
cir 300000000 bps, bc 9375000 bytes
Interface inside_ADM:
Service-policy: policy_qos_policing_admin
Class-map: class_qos_policing_admin
Output police Interface inside_ADM:
cir 850000000 bps, bc 26562500 bytes
Input police Interface inside_ADM:
cir 850000000 bps, bc 26562500 bytes -
With Xander Thuijs
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to Cisco ASR 9000 Series Aggregation Services Routers with Cisco expert Xander Thuijs. The Cisco ASR 9000 Series Aggregation Services Routers product family offers a significant added value compared to the prior generations of carrier Ethernet routing offerings. The Cisco ASR 9000 Series is an operationally simple, future-optimized platform using next-generation hardware and software. The ASR 9000 platform family is composed of the Cisco ASR 9010 Router, the Cisco ASR 9006 Router, the Cisco ASR 9922 Router, Cisco ASR 9001 Router and the Cisco ASR 9000v Router.
This is a continuation of the live Webcast.
Xander Thuijs is a principal engineer for the Cisco ASR 9000 Series and Cisco IOS-XR product family at Cisco. He is an expert and advisor in many technology areas, including IP routing, WAN, WAN switching, MPLS, multicast, BNG, ISDN, VoIP, Carrier Ethernet, System Architecture, network design and many others. He has more than 20 years of industry experience in carrier Ethernet, carrier routing, and network access technologies. Xander holds a dual CCIE certification (number 6775) in service provider and voice technologies. He has a master of science degree in electrical engineering from Hogeschool van University in Amsterdam.
Remember to use the rating system to let Xander know if you have received an adequate response.
Xander might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Service Providers community XR OS And Platforms shortly after the event. This event lasts through Friday, May 24, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
Webcast related links:
Slides
Webcast Video Recording
FAQIs there a Cisco lab available for ASR 9000
we have "XR4U" stations coming available soon when XR 511 comes alive. The plan is for a downloadable play image like that. In the interim we have 2 demo systems available, and they can be booked via your account manager representative.
How will MOD160 perform with multiple 9000NVS?
very well. the mod 160 has 4 NPU's, 2 per bay. So if you have a 4x10 MPA to serve a satellite, you effectively have a single NPU per 20 1Gigs from the satellite. The pps performance will be stellar. However it might be price technically more ideal to connect satellite with a 36x10. Since the MOD-x has native MPA's with 1G also.
2. Is there a shortcut for a Bundle-EthernetX interface, such as port-channel interface (poX), in Cisco IOS® ?.
usability enhancement is there, we are trying to push this into a new reasonable release. follow CSCuh04526
3. What is the revolutions per minute (RPM) on these hard disk drives (HDDs) compared to the solid state drives (SDDs)? Will the spinning drives be slow?
depends on the type we had avaialble at time of production, you will see different sizes and disks on the RSP2. the rpm of the HD is not so much an issue as much as the buffered writing we used to do in XR. This is fixed up with XR43 where the disk writing performance is much better. the HD/SDD is used for logging storage only (and maybe your pictures) but other then that we're not that concerned with write perf of the HD.
regards
xander -
ISG: Service with traffic policing counts dropped packets.
Hello,
Our company has a router Cisco 7304 NPEG100. ("show version" in the bottom of this message). We are planing to start ISG services at this router, but there is a bug CSCei4190. When I set traffic policing in service, accounting in this service counts packets that has been dropped by traffic policing.
Here is example of my definition of service in RADIUS:
User-Name = 'Internet-Service'
Cisco-AVPair += "ip:traffic-class=in access-group 2000 priority 10"
Cisco-AVPair += "ip:traffic-class=out access-group 2001 priority 10"
Cisco-AVPair += "ip:traffic-class=in default drop"
Cisco-AVPair += "ip:traffic-class=out default drop"
Cisco-AVPair += "prepaid-config=TRAFFIC_PREPAID"
Cisco-AVPair += "accounting-list=ISG_ACCT"
Cisco-Service-Info += "QU;256000;D;512000"
Acct-Interim-Interval += '60'
When I remove Cisco-Service-Info += "QU;256000;D;512000" from service definition, all traffic are counting correctly.
I did not found in Bug Details, which version of IOS, I should use in my 7304 router where this bug is fixed.
Cisco IOS Software, 7300 Software (C7300-A3JK91S-M), Version 12.2(31)SB17, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 12:35 by vpernank
ROM: System Bootstrap, Version 12.2(22r)S, RELEASE SOFTWARE (fc1)
BOOTLDR: 7300 Software (C7300-BOOT-M), Version 12.2(20)S6, RELEASE
SOFTWARE (fc4)
7304 uptime is 17 hours, 24 minutes
Uptime for this control processor is 17 hours, 24 minutes
System returned to ROM by reload at 06:22:24 TSK Wed Feb 23 2005
System restarted at 18:46:54 TSK Mon Mar 22 2010
System image file is "disk0:c7300-a3jk91s-mz.122-31.SB17.bin"
cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of memory.
SB-1 CPU at 800Mhz, Implementation 0x401, Rev 0.2, 512KB L2 Cache
4 slot midplane, Version 67.49
Last reset from software reset or reload
4 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1021K bytes of non-volatile configuration memory.
62592K bytes of ATA compact flash in bootdisk (Sector size 512 bytes).
125952K bytes of ATA compact flash in disk0 (Sector size 512 bytes).
Configuration register is 0x2102I am getting other logs sent to the syslog server, yes, just not the firewall-related "dropped packet" logs. Here's an example of one that does make it through:
5790: *Apr 30 15:05:27.039 UTC: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-647534746 1500 bytes is out-of-order; expectedseq:3647406270. Reason: TCP reassembly queue overflow - session 192.168.1.179:3895 to 54.240.160.142:80 on zone-pair inside-to-Transitclass WB-Browsing
I am not allowing all the traffic across the box. The "self-to-inside" zone-pair just allows the *firewall itself* to initiate any traffic to the inside zone. That's temporary until I get all the management traffic to and from the firewall defined, then I will lock it down further.
And I added the "ip inspect log drop-pkt" and it did not appear to make any difference.
Any other suggestions?
-Mat -
Cisco ASR Router Software Version 4.3.1 // PRTG Custom Sensor
Dears,
We are encountering problem in doing costume SNMP sensors in PRTG, whenever I create a customized sensor, the sensor goes up and down. We have faced this problem after updating the software of our Cisco ASR to 4.3.1. In older versions, it was working well. Is there a problem in Cisco ASR 4.3.1 SNMP with PRTG ? I would appreciate it if you can support in this case as we are in need of these customized sensors. We have gor all of them down because of the update
Regards,Dear Alexander,
The standard sensors of PRTG are working well such as traffic sensors, ping etc, but the customized sensors are not working well in version 4.3.1. I always do a customized sensors for QoS, SLAs and others and they are working well in versions below 4.3.1.
Furthermore, I have tested those OIDs by using Paessler SNMP Tester and I have seen that the reading is not showing properly. For instance, I have a customized OID that shows the reading every 60s (as a minimum) only while in older versions of ASR software I can see the reading every 30s or below of that particular OID using the same version of PRTG!
Conclusion:
PRTG latest version + ASR 4.3.1 = Customized sesnors are not working well
PRTG latest version + ASR Older version = Customized sesnors are working well
Kind regards, -
10GE port adapter in ASR 1001 chassis
Dear All,
Will SPA-1X10GE-L-V2 work in ASR 1001 chassis with the integrated ESP and SIP?
Thx,
SzilardYou are most welcome, szilard.matayas1. Thanks for the rating as well.
Are you already working with a Cisco partner/rep for this requirement as well? Let me know if you need assistance on that department as I can check on SPA-1X10GE-L-V2 availability as well. Do send me an e-mail ([email protected]). Kind regards. -
Hi,
I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:
class-map match-all ALL-TRAFFIC
match access-group 1
policy-map 10mbs
class ALL-TRAFFIC
police 10000000 65536 exceed-action drop
access-list 1 permit any
Here's the interface config:
interface FastEthernet0/24
switchport access vlan 53
load-interval 30
service-policy input 10mbs
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree link-type point-to-point
What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.
I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).
http://www.cisco.com/en/US/partner/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.
HTH
Andy
Maybe you are looking for
-
Whenever I put my earphones into my iPod Touch 2g the music isn't clear and I have to push and hold them in order to hear the song normally. It isn't the earphones because I tried another pair, that worked fine, and there was still no difference. I a
-
Sorry, I'm new to the Mac world. I recently got a new IMAC and installed my Epson CX5800F printer and it worked fine. Then a few weeks later I installed Windows7 through Bootcamp and I think it reconfigured a port or something and now I get a communi
-
Maxtor DiamondMax 10 No Longer Recognized (10.7.3)
I finally upgraded my Rev A G5 PowerMac and purchased a new 27" i7 iMac - I was extatic! Everything went well the first day while I was setting it up. I had all my iPhoto and iTunes files on an internal SATA drive (Maxtor DiamondMax 10) on my PowerMa
-
Content Search Web Part displaying wrong Results for anonymous Users.
HI Forum Group, I am getting Wrong results for my content search web part. The requirement is to show the News Description for the selected news item. I have a catalog site which stores News like News1 News2 News3 as Items. and i have connected this
-
WiFi Problem NEO V even after downgrade
now i downgraded my Neo V from ICS to GB 2.3.4 and guess what !!!!!, i have the same Wi-Fi problem, i still can't see and connect on 90% of the serounded networks, so now i have to live with it !!!!!??? i think the phone is harmed, and i think thats