Traffic policing question on Cisco ASR 1001

Similar Messages

• PPPoGEC Cisco ASR 1001

  Hi Cisco Professional,
  We want to implementing PPPoE over port-channel (using subinterfaces L2) in Cisco ASR 1001 routers, my question is if this router support this feature?, in the other hand i've see  documents about this theme, pls check these links:
  http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_lnkbndl_xe.html
  http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/xe-3s/ce-ieee-link-bndl-xe.html
  My IOS version Cisco ASR 1001 is:
  System image file is "bootflash:/asr1001-universalk9.03.04.00.S.151-3.S.bin"
  We want this configuration on the router,
  no     interface     GigabitEthernet0/0/0.25
  interface     port-channel     10.25
  description     TURBONETT     PUBLICA     UT
  encapsulation     dot1Q     25
  ip     address     10.17.44.254     255.255.252.0
  no     interface     GigabitEthernet0/0/0.52
  interface     port-channel     10.52
  description     TURBONETT-UT
  encapsulation     dot1Q     52
  pppoe     enable     group     global
  pppoe     max-sessions     4000
  no     interface     GigabitEthernet0/0/0.61
  interface     port-channel     10.61
  description     Turbonett-Sector-A
  encapsulation     dot1Q     61
  pppoe     enable     group     global
  pppoe     max-sessions     4000
  Kind Regards,
  Renzo Tovar

  Hi Renzo,
  PPPoEoVLAN on GEC (LACP mode) is supported as of XE 3.7. I see that you are using XE 3.4 here so I would suggest to move to XE 3.7 and try this feature.
  This is a sample configuration for the feature:
  interface GigabitEthernet2/1/0
  no ip address
  negotiation auto
  channel-group 2 mode active
  interface GigabitEthernet3/1/0
  no ip address
  negotiation auto
  channel-group 2 mode active
  lacp port-priority 65000
  interface Port-channel2
  no ip address
  load-interval 30
  no negotiation auto
  lacp max-bundle 1
  lacp fast-switchover
  interface Port-channel2.200
  encapsulation dot1Q 200
  pppoe enable group global
  interface Port-channel2.500
  encapsulation dot1Q 500 second-dot1q 1500
  pppoe enable group global
  As you can see, both PPPoEoVLAN and  PPPoEoQinQ are supported.
  Hope this helps.
  Best regards.

• ASR 1001 L2TP sessions // License issue?

  Hello,
  This is my first post, in the fisrt place, sorry for my english, is not my native language.
  I have purchased a refurbished ASR 1001 without any license for using as LNS:
  Cisco IOS XE Software, Version 03.12.00.S - Standard Support Release
  Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
  asr1001-universalk9.03.12.00.S.154-2.S-std.bin
  The scenario is this:
  LAC (from network provider) send L2TP packet sessions-> LNS (ASR 1001, assign public IP to user and close the L2TP session).
  The configuration of ASR is the typical for xDSL connections.
  1) The LAC send requests to LNS Loopback interface:
  interface Loopbacktest1
    ip address 5.6.7.8 255.255.255.255
   snmp ifindex persist
  2) LNS assign the loopback interface to vpdn group, that points to virtual-template:
   vpdn-group VpdnG1
   accept-dialin
    protocol l2tp
    virtual-template 1
   terminate-from hostname Provider01
   dsl-line-info-forwarding
   source-ip 5.6.7.8
   lcp renegotiation always
   l2tp tunnel password 7 XXXXXXXX
  interface Virtual-Template1
   description Int-Vi1 VpdnG1
   mtu 1501
   ip unnumbered GigabitEthernetX/X/X
   ip mtu 1460
   ip tcp adjust-mss 1400
   no peer default ip address
   ppp max-terminate 255
   ppp max-configure 255
   ppp max-failure 255
   ppp max-bad-auth 10
   ppp authentication pap chap ppp_authent2
   ppp multilink
  Since here, all is OK, but the problem is that the ASR cannot reach connected users and evidently the user doesn't have internet connectivity because he cannot reach the gateway IP (ASR IP).
   Interface    User               Mode               Idle     Peer Address
    Vi1.1        test1                PPPoVPDN     -        1.2.3.4
  L2TP Tunnel and Session Information Total tunnels 1 sessions 1
  LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn     L2TP Class/
                                                                                                                  Count     VPDN Group
  1589           3324            Provider01       est     5.6.7.8                    1             VpdnG1
  ASR1001#ping 1.2.3.4
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 1.2.3.4, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  ASR1001 in not forwardinf the traffic to end users
  Exactly the same configuration works fine in 7201 cisco router.
  After read some information in internet and cisco web and test several IOS images and configurations I have activated 2 of 3 (marked in bold down) possible licenses that are available to test in the router (these are available during 60 days).
  SLASR1-IPB
  Cisco ASR 1000 IP BASE License
  SLASR1-AIS
  Cisco ASR 1000 Advanced IP Services License
  SLASR1-AES
  Cisco ASR 1000 Advanced Enterprise Services License
  ***Result-> After apply Advanced IP Service or Advanced Enterprise license the ASR works perfectly, forwarding the traffic to the end users. The router can reach gateway and have internet connection.
  I would like to try IP BASE License but there is no possibility to activate the test period in the router, I don't know if you knows any way to test it. This is the details that router shows about this 3 license types:
  Index 1 Feature: adventerprise
          Period left: 8  weeks 1  day
          Period Used: 2  days 12 hours
          License Type: EvalRightToUse
          License State: Active, In Use
          License Count: Non-Counted
          License Priority: Low
  Index 2 Feature: advipservices
          Period left: Not Activated
          Period Used: 0  minute  0  second
          License Type: EvalRightToUse
          License State: Active, Not in Use, EULA not accepted
          License Count: Non-Counted
          License Priority: None
  Index 3 Feature: ipbase
  -->There is no more info about IP base license<---
  If I use the command "license boot level" I can apply the IP base license, but after reload the router, nothing happens.
  ASR1001(config)#license boot level ?
    adventerprise  Advanced Enterprise License Level
    advipservices  Advanced IP Services License Level
    ipbase         IP Base License Level
  Then my answers are:
  1) Is 100% necessary to have a license in ASR1001 to use the router as LNS as showed? Apparently after my tests I will answer "yes", but I'm not sure if my configuration is the only one that I can configure. Maybe exist another way to config the required scenario and avoid the purchase license.
  2) Do you know if IP Base license will active the forwarding packet function in the ASR? I think yes, but before buy this license I need to be sure. As you know Ip Base is the most cheap license.
  Thanks in advantage!
  Regards

  Hello,
  Documentation states that licensing on the ASR 1000 are now honor-based since 3.7s. I didn't test it though.
  Basically, your license marked now as "EvalRTU" will be moved to an "RTU" license, indicating you would need to buy a license to keep your honor intact, but no disruption in features or connectivity will happen.
  Since your test was more than 60 days ago, can you confirm this behavior with 3.12 ?
  Thanks,
  Kind regards,
  Sources:
  - All Cisco ASR 1000 feature and performance upgrade licenses are honor-based; that is, they are not enforced through a PAK (Product Activation Key). Note: Prior to Cisco IOS XE Software Release 3.7S, performance upgrade licenses that are required to upgrade the Cisco ASR 1001 from 2.5 to 5 Gbps or the Cisco ASR 1002-X from 5 to 10 to 20 to 36 Gbps are enforced through a PAK. Similarly, prior to Cisco IOS XE Software Release 3.6S, technology package licenses are enforced through a PAK. [1]
  - When the 60-Day Evaluation Period expires, the license automatically changes to an RTU license. As with all other RTU licenses, there is no functionality disruption or accessibility concerns following this transition. [2]
  [1] http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/guide-c07-731639.html
  [2] http://www.cisco.com/c/en/us/td/docs/routers/asr1000/install/guide/1001-x/asr1hig/asr1lic.html

• ASR 1001 Router enquiry on fiber handoff

  Cisco ASR 1001 Router would support fiber hand-off of the link. Below is the Specifications of the Router - we received from vendor:
  Description
  Quantity
  Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S
  1
  Cisco 5-Port Gigabit Ethernet Shared Port Adapter
  1
  1000BASE-LX/LH SFP transceiver module, MMF/SMF, 1310nm, DOM
  2
  Cisco ASR1001 AC Power Supply
  2
  Power Cord India, Right Angle
  2
  Cisco ASR 1001 IOS XE UNIVERSAL - NO ENCRYPTION
  1
  Cisco ASR 1000 IP BASE License
  1
  SPA for ASR1000; No Physical Part; For Tracking Only
  1
  Cisco ASR1001 4GB DRAM
  1
  PRTNR SS 8X5XNBD Cisco ASR1001 System,Crypto
  1
  PRTNR SS 8X5XNBD Cisco ASR 1000 IP BASE License
  1
  PRTNR SS 8X5XNBD 5-Pt Gigabit Enet Shared Pt Adptr
  1
  Datacenter feature: There will be fiber connections already installed at the DMZ site from the meet me telco room to the partner racks.  Therefore, your service provider must understand that they will do a circuit handoff to fiber and order the routers, interface cards, connectors, etc. to support fiber circuit extension.

  You can use standard Ethernet copper or Fiber, providing that you have the correct SFP/GBICs.
  As long as you have the correct SFP's you need for the ASR - All should be good.
  http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/ASRintro.html#wp1235447
  http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6577/product_data_sheet0900aecd8033f885.html
  hth

• ASR 1001 IOS upgrade issue

  Hi I am changing IOS of Cisco ASR 1001  from asr1001-universalk9.03.07.02.S.152-4.S2.bin
  to asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin but everty time it boot up with old IOS universalk9.
  Is it becaused of Licence issue.
  Router#sh bootvar
  BOOT variable = bootflash:asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin,12;bootflash:asr1001-universalk9.03.07.02.S.152-4.S2.bin,12;
  CONFIG_FILE variable does not exist
  BOOTLDR variable does not exist
  Configuration register is 0x2102
  License Level: advipservices
  License Type: Permanent
  Next reload license Level: advipservices
  cisco ASR1001 (1RU) processor with 1155941K/6147K bytes of memory.
  Processor board ID SSI1607042B
  4 Gigabit Ethernet interfaces
  32768K bytes of non-volatile configuration memory.
  4194304K bytes of physical memory.
  7741439K bytes of eUSB flash at bootflash:.
  Configuration register is 0x2102

  You downloaded the wrong file.  The file you wanted to run has "rp1" but the original file doesn't.  You downloaded a file for a different model.  Your router is an ASR 1001 with fixed RP but you've downloaded a file for a different sub-model of ASR, like the 1002 or 1004.
  Go here instead:  http://software.cisco.com/download/release.html?mdfid=282993672&softwareid=282046477&release=3.10.3S&relind=AVAILABLE&rellifecycle=ED&reltype=latest

• ASR 1001 Licence Activation

  Hello, Try as I might I cant find a document that says;
  "How to activate encryption on an ASR 1001" or "activating ip advanced features" on the ASR 1001.
  Can anyone help please. My Kit list.
  Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S        
  Cisco ASR1001 4GB DRAM                                        
  Cisco ASR 1000 Advanced IP Services License                                   
  Cisco ASR 1001 IOS XE - ENCRYPTION UNIVERSAL                        
  IPSEC License for ASR1000 Series                                             
  Upgrade from 2.5 Gbps to 5Gbps License for ASR 1001                            
  Whats the process to activate the 2.5gbps to 5gbps feature or encryption?
  Thanks
  Chris

  Chris,
  The ASR1000 feature licensing is explained on the document http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c25-448292.html
  You can also find this information on the product datasheet at http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html
  Regarding IPSec and Bandwidth licenses on ASR1K, see below and excerpt from datasheet:
  Cisco ASR1001 Feature Licenses: Enforced with PAK
  FLSASR1001-5G
  Upgrade from 2.5 Gbps to 5Gbps License for ASR 1001
  FLSASR1001-5G=
  Upgrade from 2.5 Gbps to 5Gbps Paper PAK for ASR 1001
  L-FLSASR1001-5G=
  Upgrade from 2.5 Gbps to 5Gbps E-Delivery PAK for ASR 1001
  Security
  FLSASR1-IPSEC
  IPSEC License for ASR1000 Series
  FL-ASR1-IPSEC=
  IPSEC Paper PAK for ASR1000 Series
  L-FL-ASR1-IPSEC=
  IPSEC E-Delivery PAK for ASR1000 Series
  Cheers, Gustavo

• What Software image / License required for ASR 1001

  Hi,
  I want to purchase Cisco ASR 1001 router, I need to run ssh , Crypto , IPSec VPN ( 3DES, ESP ) and Gre Tunnels on it.
  i am confused with different IOS / Licenses of ASR 1001, can any one please suggest me with the part numbers that i need to put in for ordering ? 
  From my Vendor quote i can see that below is the part of the packege ( part number = ASR1001 )
  SASR1001UK9
  Cisco ASR1001 IOS XE - ENCRYPTION UNIVERSAL
  but there is another Technology based license required and this is not included in the above part number packet so i need to know which one i need to buy from below?
  ASR1001/ASR 1002-X Technology Package Licenses
  SLASR1-IPB
  Cisco ASR 1000 IP BASE License
  SLASR1-AIS
  Cisco ASR 1000 Advanced IP Services License
  SLASR1-AES
  Cisco ASR 1000 Advanced Enterprise Services License
  SLASR1-IPB=
  Cisco ASR 1000 IP BASE Paper PAK
  L-SLASR1-IPB
  Cisco ASR 1000 IP BASE E-Delivery PAK

  There was a regression introduced in 3.5.1 where the Main-class attribute of the Coherence.jar was changed to a different main class leading to this effect.
  The workaround is to specify the main class as part of the command line.
  Assuming your current directory is the coherence home directory:
  Start a cache server:
  java -cp lib/coherence.jar com.tangosol.net.DefaultCacheServer Start the command line:
  java -cp lib/coherence.jar com.tangosol.coherence.component.application.Console And the above is basically what the coherence.sh/.cmd and cache-server.sh/.cmd scripts do.
  Edited by: Christer Fahlgren on Aug 31, 2009 10:06 AM

• ASR 1001 licensing question

  Thanks in advance for your help!
  what license do I need to create a IPSEC tunnel?
  I have an ASR 1001, running ?
  System returned to ROM by reload at 10:14:31 UTC Tue Aug 23 2011
  System image file is "bootflash:asr1001-universalk9_npe.03.03.00.S.151-2.S.bin"
  Last reload reason: PowerOn
  License Info:
  License UDI:
  Device# PID                     SN                      UDI
  *0      ASR1001                 JAE153402YI             ASR1001:JAE153402YI
  License Package Information for Module:'asr1001'
  Module name   Image level          Pri   Config Valid license      
  asr1001       adventerprise        1     NO     adventerprise      
                advipservices        2     NO     advipservices      
                ipbase               3     NO     ipbase             
  Module name   Current Level        Reboot Level       
  asr1001       ipbase               ipbase             
  cisco ASR1001 (1RU) processor with 1202026K/6147K bytes of memory.
  4 Gigabit Ethernet interfaces
  32768K bytes of non-volatile configuration memory.
  4194304K bytes of physical memory.
  7782399K bytes of eUSB flash at bootflash:.

  Hi,
  You need to have advipservicesk9 bundle in order to configure vpn tunnels.
  Please rate the helpfull posts.
  Regards,
  Naidu.

• Maximum cos1 (voice traffic) supported by Cisco ASR 1006 router

  Dear Team,
  Please confirm the maximum cos 1 traffic supported by cisco ASR 1006 router.

  Yes, it would. If you are planning on terminating a single site on this router I would spread over multiple routers for redundancy.
  Table 6 explains number of ports and channels providing you have the DSPs: 
  http://www.cisco.com/c/dam/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/product_data_sheet0900aecd8057f2e0.pdf

• Cisco ASA QoS traffic policing - how to count conform burst

  hi,
  I have cisco ASA 8.4(5). I will do configuration for QoS traffic policing. Maximum output/input rate will be 850 Mbits/s.
  I am not sure if I need to do configuration also for conform burst ? if yes, can I count suitable value for it ? I must admit that I dont understand difference between conform rate and conform burst.
  access-list acl_qos_policing_admin extended permit ip any any
  class-map class_qos_policing_admin
   match access-list acl_qos_policing_admin
  policy-map policy_qos_policing_admin
   class  class_qos_policing_admin
   police output 850000000 xxxxxxx
   police input 850000000 xxxxxxx
  service-policy policy_qos_policing_admin interface
  inside_ADM

  Hi, I already have done configuration on production firewall. Bandwidth test worked very good for 200Mbps or 300 Mbps. But I got little strange results for bigger rate limits such 600Mbps or 850 Mbps. I could not see any dropped packets. I did test via http://www.speedtest.net. Maybe because
  I need to set conform-burst? there is now only default value (If you set bigger conform-rate then you get bigger conform-burst with default value).
  Interface inside_EDU:
    Service-policy: policy_qos_policing_edu
      Class-map: class_qos_policing_edu
        Output police Interface inside_EDU:
          cir 200000000 bps, bc 6250000 bytes
        Input police Interface inside_EDU:
          cir 200000000 bps, bc 6250000 bytes
  Interface inside_EDU:
    Service-policy: policy_qos_policing_edu
      Class-map: class_qos_policing_edu
        Output police Interface inside_EDU:
          cir 600000000 bps, bc 18750000 bytes
        Input police Interface inside_EDU:
          cir 600000000 bps, bc 18750000 bytes
  Interface inside_ADM:
    Service-policy: policy_qos_policing_admin
      Class-map: class_qos_policing_admin
        Output police Interface inside_ADM:
          cir 300000000 bps, bc 9375000 bytes
        Input police Interface inside_ADM:
          cir 300000000 bps, bc 9375000 bytes
  Interface inside_ADM:
    Service-policy: policy_qos_policing_admin
      Class-map: class_qos_policing_admin
        Output police Interface inside_ADM:
          cir 850000000 bps, bc 26562500 bytes
        Input police Interface inside_ADM:
          cir 850000000 bps, bc 26562500 bytes

• Ask the Experts: Understanding Cisco ASR 9000 Series Aggregation Services Routers Platform Architecture and Packet Forwarding Troubleshooting

  With Xander Thuijs
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to Cisco ASR 9000 Series Aggregation Services Routers with Cisco expert Xander Thuijs. The Cisco ASR 9000 Series Aggregation Services Routers product family offers a significant added value compared to the prior generations of carrier Ethernet routing offerings. The Cisco ASR 9000 Series is an operationally simple, future-optimized platform using next-generation hardware and software. The ASR 9000 platform family is composed of the Cisco ASR 9010 Router, the Cisco ASR 9006 Router, the Cisco ASR 9922 Router, Cisco ASR 9001 Router and the Cisco ASR 9000v Router.
  This is a continuation of the live Webcast.
  Xander Thuijs is a principal engineer for the Cisco ASR 9000 Series and Cisco IOS-XR product family at Cisco. He is an expert and advisor in many technology areas, including IP routing, WAN, WAN switching, MPLS, multicast, BNG, ISDN, VoIP, Carrier Ethernet, System Architecture, network design and many others. He has more than 20 years of industry experience in carrier Ethernet, carrier routing, and network access technologies. Xander  holds a dual CCIE certification (number 6775) in service provider and voice technologies. He has a master of science degree in electrical engineering from Hogeschool van University in Amsterdam.
  Remember to use the rating system to let Xander know if you have received an adequate response.
  Xander might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Service Providers community XR OS And Platforms  shortly after the event. This event lasts through Friday, May 24, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast  related links:
  Slides
  Webcast  Video Recording
  FAQ

  Is there a Cisco lab available for ASR 9000
  we have "XR4U" stations coming available soon when XR 511 comes alive. The plan is for a downloadable play image like that. In the interim we have 2 demo systems available, and they can be booked via your account manager representative.
  How will MOD160 perform with multiple 9000NVS?
  very well. the mod 160 has 4 NPU's, 2 per bay. So if you have a 4x10 MPA to serve a satellite, you effectively have a single NPU per 20 1Gigs from the satellite. The pps performance will be stellar. However it might be price technically more ideal to connect satellite with a 36x10. Since the MOD-x has native MPA's with 1G also.
       2. Is there a shortcut for a Bundle-EthernetX interface, such as port-channel interface (poX), in Cisco IOS® ?.
  usability enhancement is there, we are trying to push this into a new reasonable release. follow CSCuh04526
       3. What  is the revolutions per minute (RPM) on these hard disk drives (HDDs)  compared to the solid state drives (SDDs)? Will the spinning drives be  slow?
  depends on the type we had avaialble at time of production, you will see different sizes and disks on the RSP2. the rpm of the HD is not so much an issue as much as the buffered writing we used to do in XR. This is fixed up with XR43 where the disk writing performance is much better. the HD/SDD is used for logging storage only (and maybe your pictures) but other then that we're not that concerned with write perf of the HD.
  regards
  xander

• ISG: Service with traffic policing counts dropped packets.

  Hello,
  Our company has a router Cisco 7304 NPEG100. ("show version" in the  bottom of this message). We are planing to start ISG services at this router, but there is a bug CSCei4190. When I set traffic policing in service, accounting in this service counts  packets that has been dropped by traffic policing.
  Here is example of my definition of service in RADIUS:
  User-Name = 'Internet-Service'
  Cisco-AVPair += "ip:traffic-class=in access-group 2000 priority 10"
  Cisco-AVPair += "ip:traffic-class=out access-group 2001 priority 10"
  Cisco-AVPair += "ip:traffic-class=in default drop"
  Cisco-AVPair += "ip:traffic-class=out default drop"
  Cisco-AVPair += "prepaid-config=TRAFFIC_PREPAID"
  Cisco-AVPair += "accounting-list=ISG_ACCT"
  Cisco-Service-Info += "QU;256000;D;512000"
  Acct-Interim-Interval += '60'
  When I remove Cisco-Service-Info += "QU;256000;D;512000" from service  definition, all traffic are counting correctly.
  I did not found in Bug Details, which version of IOS, I should use in my  7304 router where this bug is fixed.
  Cisco IOS Software, 7300 Software (C7300-A3JK91S-M), Version 12.2(31)SB17,  RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Fri 30-Oct-09 12:35 by vpernank
  ROM: System Bootstrap, Version 12.2(22r)S, RELEASE SOFTWARE (fc1)
  BOOTLDR: 7300 Software (C7300-BOOT-M), Version 12.2(20)S6, RELEASE 
  SOFTWARE (fc4)
  7304 uptime is 17 hours, 24 minutes
  Uptime for this control processor is 17 hours, 24 minutes
  System returned to ROM by reload at 06:22:24 TSK Wed Feb 23 2005
  System restarted at 18:46:54 TSK Mon Mar 22 2010
  System image file is "disk0:c7300-a3jk91s-mz.122-31.SB17.bin"
  cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of  memory.
  SB-1 CPU at 800Mhz, Implementation 0x401, Rev 0.2, 512KB L2 Cache
  4 slot midplane, Version 67.49
  Last reset from software reset or reload
  4 FastEthernet interfaces
  3 Gigabit Ethernet interfaces
  1021K bytes of non-volatile configuration memory.
  62592K bytes of ATA compact flash in bootdisk (Sector size 512 bytes).
  125952K bytes of ATA compact flash in disk0 (Sector size 512 bytes).
  Configuration register is 0x2102

  I am getting other logs sent to the syslog server, yes, just not the firewall-related "dropped packet" logs.  Here's an example of one that does make it through:
  5790: *Apr 30 15:05:27.039 UTC: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-647534746 1500 bytes is out-of-order; expectedseq:3647406270. Reason: TCP reassembly queue overflow - session 192.168.1.179:3895 to 54.240.160.142:80 on zone-pair inside-to-Transitclass WB-Browsing
  I am not allowing all the traffic across the box.  The "self-to-inside" zone-pair just allows the *firewall itself* to initiate any traffic to the inside zone.  That's temporary until I get all the management traffic to and from the firewall defined, then I will lock it down further.
  And I added the "ip inspect log drop-pkt" and it did not appear to make any difference.
  Any other suggestions?
  -Mat

• Cisco ASR Router Software Version 4.3.1 // PRTG Custom Sensor

  Dears,
  We are encountering problem in doing costume SNMP sensors in PRTG, whenever I create a customized sensor, the sensor goes up and down.  We have faced this problem after updating the software of our Cisco ASR to 4.3.1. In older versions, it was working well.  Is there a problem in Cisco ASR 4.3.1 SNMP with PRTG ? I would appreciate it if you can support in this case as we are in need of these customized sensors. We have gor  all of them down because of the update
  Regards,

  Dear Alexander,
  The standard sensors of PRTG are working well such as traffic sensors, ping etc, but the customized sensors are not working well in version 4.3.1. I always do a customized sensors for QoS, SLAs and others and they are working well in versions below 4.3.1.
  Furthermore, I have tested those OIDs by using Paessler SNMP Tester and I have seen that the reading is not showing properly. For instance, I have a customized OID that shows the reading every 60s (as a minimum) only while in older versions of ASR software I can see the reading every 30s or below of that particular OID using the same version of PRTG!
  Conclusion:
  PRTG latest version + ASR 4.3.1 = Customized sesnors are not working well
  PRTG latest version + ASR Older version = Customized sesnors are working well
  Kind regards,

• 10GE port adapter in ASR 1001 chassis

  Dear All, 
  Will SPA-1X10GE-L-V2 work in ASR 1001 chassis with the integrated ESP and SIP? 
  Thx,
  Szilard

  You are most welcome, szilard.matayas1. Thanks for the rating as well. 
  Are you already working with a Cisco partner/rep for this requirement as well? Let me know if you need assistance on that department as I can check on SPA-1X10GE-L-V2 availability as well. Do send me an e-mail ([email protected]). Kind regards. 

• 2950 Traffic Policing

  Hi,
  I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:
  class-map match-all ALL-TRAFFIC
  match access-group 1
  policy-map 10mbs
  class ALL-TRAFFIC
  police 10000000 65536 exceed-action drop
  access-list 1 permit any
  Here's the interface config:
  interface FastEthernet0/24
  switchport access vlan 53
  load-interval 30
  service-policy input 10mbs
  spanning-tree portfast
  spanning-tree bpdufilter enable
  spanning-tree link-type point-to-point
  What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.
  I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.

  Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).
  http://www.cisco.com/en/US/partner/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
  Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.
  HTH
  Andy