Voice Match
Hi I am converting books to Audio using text to speech software “linguatec” I have text files converted to mp3 audio books but the voice quality sounds “unnatural and robotic” I was wondering if you have any plugin or any software for adobe audition which I could match the voice of any “BBC news reader and convert all the audio books to a particular voice which I like. Thanks your suggestion anxiously awaited
Audition does not currently offer any tools for replacing voices in this manner. The OS X command line enables you to perform a text-to-speech conversion from a text file source and output to an audio file in one of a number of voices.
say -f textfile.txt -o outputfile.aiff -v voicename
The "voicename" can be determined easily by opening the System Preferences dialog and previewing the Speech settings.
I am unfamiliar with other realistic text-to-speech applications on Windows or Mac, so perhaps other forum users can make suggestions.
Similar Messages
-
so im using fcpx for a film i am editing and i have a slight problem. I am trying to use video from one clip, but audio from another ( the audio on the first clip didnt sound that good) I cant seem to match up the audio. I have tried over and over to do it but i cant seem to do it. Does anyone know of an easy way to do this?
Is your project a muticam project? Do you want to switch between two camera angles throughout your timeline and use the audio of just one camera?
Or are you talking about stripping out the audio from one clip and using it to replace the audio in another – with only one camera angle throughout?
Russ -
Site-to-site VPN failover via 3G HWIC
Small problem. Branch utilizes a 2811 router connected via MPLS to core via serial interface. If serial ip sla reachability fails, fire up the cell interface, dial out and connect to the internet. Establish ipsec tunnel to a peer ASA and pass local LAN traffic over the tunnel. Problem is the tunnel does come up and I am 'briefly' able to communicate across the tunnel but then *poof*. No more communication. Tried multiple ideas and thoughts (different encypt, authentication etc). I am thinking that per my config, the IPSEC session is trying to establish before the dialer session is fully up, thus potentially causing problems with the authentication to the peer. Any help would be appreciated. Here is the debug of isakmp, ipsec, dialer and ppp when I manually kill the serial interface:
14th_Street(config)#int s0/1/0:0
14th_Street(config-if)#shut
14th_Street(config-if)#
*Nov 25 17:44:55.011 UTC: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.xxx Down Interface flap
*Nov 25 17:44:55.911 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: place call
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: Dialing cause ip (s=xxx.xxx.xxx.xxx, d=xxx.xxx.xxx.xxx)
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: Attempting to dial cdma
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Attempting async line dialer script
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Dialing using Modem script: cdma & System script: none
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: process started
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Asserting DTR
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Chat script cdma started
*Nov 25 17:44:55.915 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:56.999 UTC: %LINK-5-CHANGED: Interface Serial0/1/0:0, changed state to administratively down
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 PPP: Sending Acct Event[Down] id[1]
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 CDPCP: State is Closed
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 IPCP: State is Closed
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 PPP: Phase is TERMINATING
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 LCP: State is Closed
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 PPP: Phase is DOWN
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 IPCP: Remove route to xxx.xxx.xxx.xxx
*Nov 25 17:44:57.007 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:57.099 UTC: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*Nov 25 17:44:57.811 UTC: CHAT0/0/0: Chat script cdma finished, status = Success
*Nov 25 17:44:58.031 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0:0, changed state to down
*Nov 25 17:44:58.031 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:58.035 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:58.911 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:45:00.027 UTC: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Nov 25 17:45:00.027 UTC: Ce0/0/0 DDR: Dialer statechange to up
*Nov 25 17:45:00.027 UTC: Ce0/0/0 DDR: Dialer call has been placed
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Using dialer call direction
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Treating connection as a callout
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Session handle[FD000001] Session id[2]
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Active Open
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Authorization NOT required
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: No remote authentication for call-out
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: O CONFREQ [Closed] id 1 len 20
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: MagicNumber 0x13255539 (0x050613255539)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.031 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: I CONFREQ [REQsent] id 0 len 24
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MRU 1500 (0x010405DC)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0xCD87E220 (0x0506CD87E220)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: O CONFACK [REQsent] id 0 len 24
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MRU 1500 (0x010405DC)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0xCD87E220 (0x0506CD87E220)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: I CONFACK [ACKsent] id 1 len 20
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0x13255539 (0x050613255539)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: State is Open
*Nov 25 17:45:00.035 UTC: Ce0/0/0 PPP: Phase is FORWARDING, Attempting Forward
*Nov 25 17:45:00.035 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Finish LCP
*Nov 25 17:45:00.039 UTC: Ce0/0/0 PPP: Phase is UP
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: O CONFREQ [Closed] id 1 len 22
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 PPP: Process pending ncp packets
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: I CONFREQ [REQsent] id 0 len 10
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x030642AEA8C0)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: O CONFACK [REQsent] id 0 len 10
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x030642AEA8C0)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 1 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 2 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 2 len 4
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 3 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 3 len 4
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 4 len 22
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: I CONFACK [ACKsent] id 4 len 22
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: State is Open
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: Install negotiated IP interface address xxx.xxx.xxx.xxx
*Nov 25 17:45:00.059 UTC: IPSEC(recalculate_mtu): reset sadb_root 4975A1A8 mtu to 1500
*Nov 25 17:45:00.063 UTC: Ce0/0/0 IPCP: Install route to xxx.xxx.xxx.xxx
*Nov 25 17:45:00.063 UTC: Ce0/0/0 DDR: dialer protocol up
*Nov 25 17:45:00.067 UTC: Ce0/0/0 IPCP: Add link info for cef entry xxx.xxx.xxx.xxx
*Nov 25 17:45:01.027 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to up
*Nov 25 17:45:29.763 UTC: DDR: IP Address is (xxx.xxx.xxx.xxx) for (Ce0/0/0)
*Nov 25 17:45:29.763 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.221.0/255.255.255.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 86400s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Nov 25 17:45:29.767 UTC: ISAKMP:(0): SA request profile is (NULL)
*Nov 25 17:45:29.767 UTC: ISAKMP: Created a peer struct for xxx.xxx.xxx.xxx, peer port 500
*Nov 25 17:45:29.767 UTC: ISAKMP: New peer created peer = 0x47AC3A08 peer_handle = 0x80000002
*Nov 25 17:45:29.767 UTC: ISAKMP: Locking peer struct 0x47AC3A08, refcount 1 for isakmp_initiator
*Nov 25 17:45:29.767 UTC: ISAKMP: local port 500, remote port 500
*Nov 25 17:45:29.767 UTC: ISAKMP: set new node 0 to QM_IDLE
*Nov 25 17:45:29.771 UTC: insert sa successfully sa = 4B6322B8
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): beginning Main Mode exchange
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 25 17:45:29.927 UTC: ISAKMP (0:0): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_NO_STATE
*Nov 25 17:45:29.927 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing SA payload. message ID = 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing vendor id payload
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing IKE frag vendor id payload
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): local preshared key found
*Nov 25 17:45:29.931 UTC: ISAKMP : Scanning profiles for xauth ...
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Nov 25 17:45:29.931 UTC: ISAKMP: encryption 3DES-CBC
*Nov 25 17:45:29.931 UTC: ISAKMP: hash SHA
*Nov 25 17:45:29.931 UTC: ISAKMP: default group 2
*Nov 25 17:45:29.931 UTC: ISAKMP: auth pre-share
*Nov 25 17:45:29.931 UTC: ISAKMP: life type in seconds
*Nov 25 17:45:29.931 UTC: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Acceptable atts:life: 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
*Nov 25 17:45:29.931 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): processing vendor id payload
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): processing IKE frag vendor id payload
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_SA_SETUP
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
*Nov 25 17:45:30.171 UTC: ISAKMP (0:0): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_SA_SETUP
*Nov 25 17:45:30.171 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:30.171 UTC: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
*Nov 25 17:45:30.171 UTC: ISAKMP:(0): processing KE payload. message ID = 0
*Nov 25 17:45:30.219 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
*Nov 25 17:45:30.219 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID is Unity
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID seems Unity/DPD but major 71 mismatch
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID is XAUTH
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): speaking to another IOS box!
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):vendor ID seems Unity/DPD but hash mismatch
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Send initial contact
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Nov 25 17:45:30.223 UTC: ISAKMP (0:1001): ID payload
next-payload : 8
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 12
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Total payload length: 12
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Nov 25 17:45:30.495 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_KEY_EXCH
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing ID payload. message ID = 0
*Nov 25 17:45:30.495 UTC: ISAKMP (0:1001): ID payload
next-payload : 8
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 12
*Nov 25 17:45:30.495 UTC: ISAKMP:(0):: peer matches *none* of the profiles
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing HASH payload. message ID = 0
*Nov 25 17:45:30.495 UTC: ISAKMP:received payload type 17
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): vendor ID is DPD
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):SA authentication status:
authenticated
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):SA has been authenticated with xxx.xxx.xxx.xxx
*Nov 25 17:45:30.495 UTC: ISAKMP: Trying to insert a peer xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx/500/, and inserted successfully 47AC3A08.
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM5 New State = IKE_I_MM6
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_I_MM6
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):beginning Quick Mode exchange, M-ID of 458622291
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):QM Initiator gets spi
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Node 458622291, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Nov 25 17:45:30.715 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing HASH payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing SA payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001):Checking IPSec proposal 1
*Nov 25 17:45:30.715 UTC: ISAKMP: transform 1, ESP_3DES
*Nov 25 17:45:30.715 UTC: ISAKMP: attributes in transform:
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life type in seconds
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life type in kilobytes
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Nov 25 17:45:30.715 UTC: ISAKMP: encaps is 1 (Tunnel)
*Nov 25 17:45:30.715 UTC: ISAKMP: authenticator is HMAC-SHA
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001):atts are acceptable.
*Nov 25 17:45:30.715 UTC: IPSEC(validate_proposal_request): proposal part #1
*Nov 25 17:45:30.715 UTC: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.221.0/255.255.255.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Nov 25 17:45:30.715 UTC: Crypto mapdb : proxy_match
src addr : 192.168.221.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing NONCE payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing ID payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing ID payload. message ID = 458622291
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): processing NOTIFY RESPONDER_LIFETIME protocol 3
spi 399189113, message ID = 458622291, sa = 4B6322B8
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001):SA authentication status:
authenticated
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): processing responder lifetime
*Nov 25 17:45:30.719 UTC: ISAKMP (1001): responder lifetime of 28800s
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): Creating IPSec SAs
*Nov 25 17:45:30.719 UTC: inbound SA from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (f/i) 0/ 0
(proxy 0.0.0.0 to 192.168.221.0)
*Nov 25 17:45:30.719 UTC: has spi 0x498026E2 and conn_id 0
*Nov 25 17:45:30.719 UTC: lifetime of 28790 seconds
*Nov 25 17:45:30.719 UTC: lifetime of 4608000 kilobytes
*Nov 25 17:45:30.719 UTC: outbound SA from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (f/i) 0/0
(proxy 192.168.221.0 to 0.0.0.0)
*Nov 25 17:45:30.719 UTC: has spi 0x17CB2479 and conn_id 0
*Nov 25 17:45:30.719 UTC: lifetime of 28790 seconds
*Nov 25 17:45:30.719 UTC: lifetime of 4608000 kilobytes
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):deleting node 458622291 error FALSE reason "No Error"
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):Node 458622291, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
*Nov 25 17:45:30.723 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Nov 25 17:45:30.723 UTC: Crypto mapdb : proxy_match
src addr : 192.168.221.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
*Nov 25 17:45:30.723 UTC: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer xxx.xxx.xxx.xxx
*Nov 25 17:45:30.723 UTC: IPSEC(policy_db_add_ident): src 192.168.221.0, dest 0.0.0.0, dest_port 0
*Nov 25 17:45:30.723 UTC: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0x498026E2(1233135330),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001
*Nov 25 17:45:30.723 UTC: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0x17CB2479(399189113),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2002
*Nov 25 17:45:30.723 UTC: IPSEC(update_current_outbound_sa): updated peer xxx.xxx.xxx.xxx current outbound sa to SPI 17CB2479
*Nov 25 17:45:46.935 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Nov 25 17:45:46.935 UTC: ISAKMP: set new node -1909459720 to QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): processing HASH payload. message ID = -1909459720
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = -1909459720, sa = 4B6322B8
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):deleting node -1909459720 error FALSE reason "Informational (in) state 1"
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):DPD/R_U_THERE received from peer xxx.xxx.xxx.xxx, sequence 0x7BDFE4C6
*Nov 25 17:45:46.939 UTC: ISAKMP: set new node -777989143 to QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1224841120, message ID = -777989143
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): seq. no 0x7BDFE4C6
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):purging node -777989143
*Nov 25 17:45:46.943 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Nov 25 17:45:46.943 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
And here is the config:
Building configuration...
Current configuration : 10137 bytes
version 12.4
service pad to-xot
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
hostname Test
boot-start-marker
boot-end-marker
card type t1 0 1
logging message-counter syslog
logging buffered 4096
aaa new-model
aaa authentication login default local
aaa authentication ppp network local-case
aaa authorization console
aaa authorization exec default local
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
network-clock-participate wic 1
network-clock-select 1 T1 0/1/0
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.121.1 192.168.121.99
ip dhcp excluded-address 192.168.121.200 192.168.121.254
ip dhcp excluded-address 192.168.221.1 192.168.221.99
ip dhcp excluded-address 192.168.221.200 192.168.221.254
ip dhcp pool Voice
network 192.168.121.0 255.255.255.0
option 150 ip 10.101.90.6
default-router 192.168.121.254
ip dhcp pool Data
network 192.168.221.0 255.255.255.0
default-router 192.168.221.254
dns-server 10.1.90.189 10.5.100.30
no ip bootp server
no ip domain lookup
ip domain name xxxxxx
ip multicast-routing
no ipv6 cef
multilink bundle-name authenticated
chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
fax protocol pass-through g711ulaw
no fax-relay sg3-to-g3
h323
modem passthrough nse codec g711ulaw
sip
header-passing error-passthru
outbound-proxy ipv4:xxx.xxx.xxx.xxx
early-offer forced
midcall-signaling passthru
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class h323 1
h225 timeout tcp establish 3
voice translation-rule 1
rule 1 // // type any international
voice translation-rule 3
rule 1 /^8/ //
voice translation-profile International
translate called 1
voice translation-profile OutboundRedirecting
translate called 3
voice-card 0
no dspfarm
dsp services dspfarm
username xx
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key xxxxxxxxx address xxx.xxx.xxx.xxx
crypto ipsec transform-set CellFOSet esp-3des esp-sha-hmac
crypto map CellFOMap 1 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set security-association lifetime seconds 190
set transform-set CellFOSet
match address 100
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
ip tftp source-interface FastEthernet0/0.1
track 1 ip sla 1 reachability
class-map match-all VOICE
match ip dscp ef
class-map match-any VOICE-CTRL
match ip dscp af31
match ip dscp cs3
policy-map WAN-EDGE
class VOICE
priority 384
set ip dscp ef
class VOICE-CTRL
set ip dscp af21
bandwidth 32
class class-default
fair-queue
set ip dscp default
interface Loopback0
ip address 192.168.222.21 255.255.255.255
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.222.21
interface FastEthernet0/0
description Physical Interface for Data VLAN 10 and Voice VLAN 20
no ip address
ip flow ingress
ip pim sparse-dense-mode
no ip route-cache cef
duplex auto
speed auto
interface FastEthernet0/0.1
description Interface to Data VLAN 10
encapsulation dot1Q 10
ip address 192.168.221.254 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
ip virtual-reassembly
no cdp enable
interface FastEthernet0/0.2
description Interface to Voice VLAN 20
encapsulation dot1Q 20
ip address 192.168.121.254 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
no cdp enable
interface FastEthernet0/1
description Unused port
no ip address
shutdown
duplex auto
speed auto
no cdp enable
interface Cellular0/0/0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer string cdma
dialer-group 1
async mode interactive
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxxxx
ppp ipcp dns request
crypto map CellFOMap
interface Serial0/1/0:0
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip flow ingress
ip flow egress
encapsulation ppp
service-policy output WAN-EDGE
router bgp 65000
no synchronization
bgp log-neighbor-changes
bgp suppress-inactive
network xxx.xxx.xxx.xxx mask 255.255.255.252
network 192.168.121.0
network 192.168.221.0
network 192.168.222.21 mask 255.255.255.255
neighbor xxx.xxx.xxx.xxx remote-as 15270
default-information originate
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/1/0:0 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 20
no ip http server
no ip http secure-server
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 10.1.90.25 2055
ip nat inside source list 100 interface Cellular0/0/0 overload
ip access-list standard MON_SNMP_RO
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
ip radius source-interface FastEthernet0/0.1
ip sla 1
icmp-echo xxx.xxx.xxx.xxx
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
logging trap notifications
logging 10.1.90.167
access-list 100 remark = FO to C0/0/0 for Branch =
access-list 100 permit ip 192.168.221.0 0.0.0.255 any
access-list 100 permit ip any any
access-list 100 deny eigrp any any
access-list 100 deny igmp any any
dialer-list 1 protocol ip list 100
snmp-server community xxx RO
snmp-server enable traps tty
<---------- Truncated to remove VoIP Rules -------------->
banner motd ^C
This is a proprietary system.
^C
line con 0
line aux 0
line 0/0/0
script dialer cdma
modem InOut
no exec
rxspeed 3100000
txspeed 1800000
line vty 0 4
transport input telnet
line vty 5 15
transport input telnet
scheduler allocate 20000 1000
ntp server 10.1.99.5
endHi,
Here is configurations from my Lab ASA5520 with Dual ISP
interface GigabitEthernet0/0
description Primary ISP
nameif WAN-1
security-level 0
ip address 192.168.101.2 255.255.255.0
interface GigabitEthernet0/1
description Secondary ISP
nameif WAN-2
security-level 0
ip address 192.168.102.2 255.255.255.0
interface GigabitEthernet0/2
description LAN
nameif LAN
security-level 100
ip address 10.0.20.2 255.255.255.0
route WAN-1 0.0.0.0 0.0.0.0 192.168.101.1 1 track 200
route WAN-2 0.0.0.0 0.0.0.0 192.168.102.1 254
route LAN 10.0.0.0 255.255.255.0 10.0.20.1 1
access-list L2L-VPN-CRYPTOMAP remark Encryption Domain
access-list L2L-VPN-CRYPTOMAP extended permit ip 10.0.0.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list LAN-NAT0 extended permit ip 10.0.0.0 255.255.255.0 10.10.10.0 255.255.255.0
nat (LAN) 0 access-list LAN-NAT0
sla monitor 200
type echo protocol ipIcmpEcho 192.168.101.1 interface WAN-1
num-packets 3
timeout 1000
frequency 5
sla monitor schedule 200 life forever start-time now
track 200 rtr 200 reachability
crypto ipsec transform-set AES-256 esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map CRYPTOMAP 10 match address L2L-VPN-CRYPTOMAP
crypto map CRYPTOMAP 10 set peer 192.168.103.2
crypto map CRYPTOMAP 10 set transform-set AES-256
crypto map CRYPTOMAP interface WAN-1
crypto map CRYPTOMAP interface WAN-2
crypto isakmp enable WAN-1
crypto isakmp enable WAN-2
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
tunnel-group 192.168.103.2 type ipsec-l2l
tunnel-group 192.168.103.2 ipsec-attributes
pre-shared-key *****
Hope this helps
- Jouni -
ARP table not populating mac address for previously reachable IP address
Router has been online and working fine with one BGP neighbor for almost 2 years and no downtime. 2 weeks ago, added a 2nd BGP peer. Everything worked fine for 2 weeks, then all of a sudden yesterday the 2nd BGP peer is disconnected and does not come back. ISP checks and sees everything looks fine on their end. We cannot even ping each other now.
Upon investigation, the ARP table is not even populating the MAC address for the BGP peer IP anymore (same local subnet). Stays "incomplete" in the table no matter what we do, including clearing arp table, changing IP address, etc.
Plug a laptop directly into the 2nd BGP peer FE port and replicate the IP addressing. Laptop cannot ping Router, but Router CAN ping laptop. Check ARP table, but STILL no mac address assigned and now not even the ARP table showing "incomplete".
Thinking it could be the FE interface, switch to the 2nd FE interface and perform same laptop test, this time with arbitrary IP addressing. Now cannot ping each other, no MAC in ARP table.
End up rebooting the router and lo-and-behold, everything is working normally again. 2nd BGP peer peers up instantly.
I should also mention that the 1st BGP peer worked flawlessly throughout, taking all the Internet load and having no issues throughout.
Also, the FE ports for the 2nd BGP peer are on an HWIC FE card plugged into the router. The 1st BGP peer is plugged into the built-in GE interface. 2901 running: c2900-universalk9-mz.SPA.151-4.M4.bin
Lastly, no router resource issues, no error messages, no logs. Just the BGP peer disconnecting.
I have never, in 20 years working with Cisco routers seen something like this before. This is the most fundamental aspect of IP and Ethernet that was not working.
Has anyone ever seen this behavior before??
Here is the router config (IP's changed):
version 15.1
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
boot-start-marker
boot-end-marker
logging buffered 150000
aaa new-model
aaa authentication login LAUTHEN local
aaa authentication login TAUTHEN local group tacacs+ enable
aaa authorization console
aaa authorization exec LAUTHOR local if-authenticated
aaa authorization exec TAUTHOR local group tacacs+ if-authenticated
aaa session-id common
clock timezone PST -8 0
clock summer-time PDT recurring
no ipv6 cef
no ip source-route
ip cef
no ip domain lookup
multilink bundle-name authenticated
username ubiadmin privilege 15 secret 4 .JbeuWXuZvchrG0OL.5BftFtqrrEyxcnVHn5rIuCnTk
username umitsnoc01 privilege 15 secret 4 cUmoRUjey9O1x.wk9S.kleX.iAAhCwihupr6Z98p6OA
redundancy
ip ssh version 2
track 1 interface GigabitEthernet0/0 line-protocol
class-map match-any AutoQoS-VoIP-RTP-Trust
match access-group name SIP-Media-INBOUND
class-map match-any AutoQoS-VoIP-Control-Trust
match ip dscp cs3
match ip dscp af31
class-map match-any Customer-Voice
match access-group name Customer-VPNs
class-map match-any media
match access-group name SIP-Media
class-map match-any signaling
match access-group name SIP-Signaling
policy-map AutoQoS-Policy-Trust
class AutoQoS-VoIP-RTP-Trust
priority percent 70
class AutoQoS-VoIP-Control-Trust
bandwidth percent 5
class class-default
fair-queue
policy-map queue
class signaling
bandwidth percent 5
class media
priority percent 50
class Customer-Voice
priority percent 40
class class-default
fair-queue
policy-map shape
class class-default
shape average 10000000
service-policy queue
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description BGP Peer 1
ip address 2.2.2.2 255.255.255.252
no ip redirects
ip flow ingress
ip flow egress
duplex auto
speed auto
service-policy output shape
interface GigabitEthernet0/1
description LAN
ip address 1.2.3.4 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
standby 255 ip 1.2.3.1
standby 255 priority 105
standby 255 preempt
standby 255 mac-address 1a2b.3c4d.5e6f
standby 255 track 1 decrement 10
duplex auto
speed auto
service-policy output AutoQoS-Policy-Trust
interface FastEthernet0/0/0
description BGP Peer 2
ip address 1.1.1.1 255.255.255.252
ip flow ingress
ip flow egress
duplex full
speed 100
service-policy output shape
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
router bgp 7777
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 1.2.3.0 mask 255.255.255.0
neighbor 1.1.1.2 remote-as 5555
neighbor 1.1.1.2 update-source FastEthernet0/0/0
neighbor 1.1.1.2 prefix-list L3-DEFGW in
neighbor 1.1.1.2 route-map L3-LPREF-IN in
neighbor 2.2.2.1 remote-as 6666
neighbor 2.2.2.1 ebgp-multihop 2
neighbor 2.2.2.1 update-source GigabitEthernet0/0
neighbor 2.2.2.1 send-community
neighbor 2.2.2.1 prefix-list COLO-DEFGW in
neighbor 2.2.2.1 route-map COLO-LPREF-IN in
neighbor 2.2.2.1 route-map COLO-OUT out
ip forward-protocol nd
ip bgp-community new-format
ip as-path access-list 5 permit _5555_
ip as-path access-list 5 deny .*
ip as-path access-list 10 permit ^6666$
no ip http server
no ip http secure-server
ip flow-top-talkers
top 50
sort-by bytes
ip route 0.0.0.0 0.0.0.0 1.1.1.2 254 name L3
ip route 0.0.0.0 0.0.0.0 2.2.2.1 255 name COLO1
ip route 10.0.0.0 255.0.0.0 10.10.10.10 name FW_OUTSIDE
ip tacacs source-interface GigabitEthernet0/1
ip access-list standard SNMP_SOURCES
permit 12.12.12.0 0.0.0.255
deny any log
ip prefix-list L3-DEFGW seq 5 permit 0.0.0.0/0
ip prefix-list COLO-DEFGW seq 5 permit 0.0.0.0/0
ip prefix-list COLO-LPREF-OUT seq 5 permit 1.2.3.0/24
route-map COLO-LPREF-IN permit 5
match as-path 5
set local-preference 250
route-map COLO-LPREF-IN permit 10
set local-preference 150
route-map COLO-LPREF-IN permit 20
route-map COLO-OUT permit 10
match ip address prefix-list COLO-LPREF-OUT
set as-path prepend 7777 7777 7777
set community 29795:1004
route-map COLO-OUT permit 20
route-map L3-LPREF-IN permit 10
match as-path 10
set local-preference 200
route-map L3-LPREF-IN permit 20
set local-preference 150
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps mac-notification
snmp-server enable traps aaa_server
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps ipslaWhen you were checking the ARP table was there an entry for Fast0/0/0?
HTH
Rick -
Hello,
I'm currently configuring new 3750X switches.
I must implement QoS on the stack. The QoS must be the following:
VOIP Class (50%)
App-V Class (40%)
Movie Class (10%)
How I can do this (in particular for AppV)? I do the following for the moment:
class-map match-any VOIP
match protocol voice
match dscp ef
match protocol sip
match protocol skype
match protocol rtp audio
match protocol rtp video
exit
class-map AppV
exit
class-map Movie
match protocol rtp video
exit
policy-map BandwidthTraffic
class VOIP
priority percent 50
set dscp ef
class AppV
bandwidth remaining percent 40
class Movie
bandwidth remaining percent 10
interface Gig1/0/3
ip nbar protocol-discovery
service-policy input BandwidthTraffic
Anyone can says me if it's correct or not? And why?
Thank you for your help.
FlorentDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
It appears you've some router QoS. 3750X QoS is quite different for egress as you're limited to working with four egress queues. I don't recall 3750X supporting NBAR.
Suggest you read the configuration guide's chapter on QoS, for you 3750X IOS version, and then post questions as necessary. (My concern is, 3750X QoS is so different, it wouldn't be helpful to suggest a QoS configuration until you had a basic understanding of the 3750 QoS architecture and features.) -
In the following class-map:
"class-map match-any voice
match access-group 190"
If the ACL 190 has more than one line with "permit" statements.
In order for the policy-map using the above class-map to find a match and use the rules applied for the above class-map, does the traffic need to meet all the criteria in the ACL or does it work like a regular ACL, where it "walks" down and it stops execution at the first permit/deny "hit"?
Regards,
Christosthe explicit " match-any" will do just that.So, a nested ACL can be configured for multiple criteria.
The alternate is a "match-all" where all nested options in your acl MUST be met. Hope this helps.
T -
Available bandwindth and 'max-reserved bandwidth'
Is the max-reserved bandwidth only important when working with Qos classes and the bandwidth statement? Is the default 75% available bandwidth only used then?
In other words if I have a 100MB link with a service policy applied for Voice, Call-Control and video. After that I notice the available bandwidth on thie 100MB link is 61280 kilobits/sec.
If I put in a 'max-reserved bandwidth 95' would I reclaim another 20MB of bandwidth for the class-default? Would leaving 5% on the 100MB link for routing and other stuff be acceptable?
Here is the config and show commands:
class-map match-any Call-Control
match ip dscp cs3
match ip dscp af31
class-map match-any Video
match ip dscp af41
class-map match-any Voice
match ip dscp ef
policy-map QOS_classes_to_ACN
class Voice
priority 10000
class Call-Control
bandwidth 500
class Video
bandwidth 3220
class class-default
fair-queue
random-detect
interface FastEthernet6/0
description 100MB Link to ACN
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip route-cache flow
no ip mroute-cache
load-interval 30
duplex full
speed 100
service-policy output QOS_classes_to_ACN
ROC-RT7206-QMOE#sh int f6/0
FastEthernet6/0 is up, line protocol is up
Hardware is i82543 (Livengood), address is 00b0.4a28.3ca8 (bia 00b0.4a28.3ca8)
Description: 100MB Link to ACN
Internet address is xxx.xxx.xxx.xxx/xx
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 183/255, rxload 21/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output 00:00:00, output hang never
Last clearing of "show interface" counters 01:13:30
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 5211742
Queueing strategy: Class-based queueing
Output queue: 70/1000/64/5211742 (size/max total/threshold/drops)
Conversations 2/35/256 (active/max active/max total)
Reserved Conversations 2/2 (allocated/max allocated)
Available Bandwidth 61280 kilobits/sec <--- Available bandwidth
30 second input rate 8615000 bits/sec, 6860 packets/sec
30 second output rate 71788000 bits/sec, 7484 packets/sec
31692173 packets input, 4263195179 bytes
Received 1204 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
34536300 packets output, 2513155446 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped outHere is the output of show policy-pam int:
ROC-RT7206-QMOE#sh policy-map int f6/0
FastEthernet6/0
Service-policy output: QOS_classes_to_ACN
Class-map: Voice (match-any)
3417571 packets, 934178998 bytes
30 second offered rate 1722000 bps, drop rate 0 bps
Match: ip dscp ef (46)
3417571 packets, 934178998 bytes
30 second rate 1722000 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 10000 (kbps) Burst 250000 (Bytes)
(pkts matched/bytes matched) 1908656/521903140
(total drops/bytes drops) 0/0
Class-map: Call-Control (match-any)
615085 packets, 48926098 bytes
30 second offered rate 84000 bps, drop rate 0 bps
Match: ip dscp cs3 (24)
588857 packets, 47299978 bytes
30 second rate 81000 bps
Match: ip dscp af31 (26)
26228 packets, 1626120 bytes
30 second rate 2000 bps
Queueing
Output Queue: Conversation 265
Bandwidth 500 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 337953/26882724
(depth/total drops/no-buffer drops) 0/0/0
Class-map: Video (match-any)
146136 packets, 82165408 bytes
30 second offered rate 90000 bps, drop rate 0 bps
Match: ip dscp af41 (34)
146136 packets, 82165408 bytes
30 second rate 90000 bps
Queueing
Output Queue: Conversation 266
Bandwidth 3220 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 81687/45950190
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
35227089 packets, 47492000208 bytes
30 second offered rate 87718000 bps, drop rate 14714000 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/5171786/0
exponential weight: 9
class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 30181523/39910255774 1297726/1944176143 3893194/5836883998 20 40 1/10
1 0/0 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 1213/88749 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10 -
Making a VoIP call with the Cisco 837 ADSL router
I would greatly appreciate if could please provide some technical assistance to my questions below:
Is it possible to make a VoIP call between two 837 ADSL Cisco routers over a 1Mbps ADSL broadband connection?
If so, can I configure this VoIP connection using either a PPPoE or ATM WAN link?
Is it possible to make a VoIP call using a Cisco 837 Router while simultaneously surfing the Internet? In other words do I need two public IP addresses i.e. one for accessing the internet and one for making the VoIP call or is one static IP address obtained from my ISP sufficent.
It is possible to configure QoS parameters (e.g. RSVP, Voice precedence, Voice codec selection) on this 837 router using PPoE or can it only be done using an ATM WAN interface?
Does the Cisco 837 router support both the H.323 and SIP communication protocols? Do I need to purchase a certain IOS operating system version for VoIP calling?
Does the VoIP dial peers need to be configured with both a POTS and VoIP phone numbers or is only one number required?
Do I need to obtain a special VoIP number from my VoIP service provider? or can I use existing POTS numbers or made up numbers within the dial peers as this situation involves making a private VoIP call between two branch offices using 837 ADSL routers and not via a VoIP service provider.
Finally, can I use POTS ordinary telephones with the Cisco 837 for making VoIP calls or do I strictly need to purchase VoIP phones?
My apologies for the number of questions asked here but I currently need to know the technical ability of the Cisco ADSL 837 as I am thinking of employing these routers in my company organisation.
I await your feedback in due course.
Thanks,
Martin HealyHi,
I give you a sample config of my router.
class-map voice
match access-group 101
policy-map mypolicy
class voice
priority 128
class class-default
fair-queue 16
ip subnet-zero
gateway
interface Ethernet0
ip address 20.20.20.20 255.255.255.0
no ip directed-broadcast (default)
ip route-cache policy
ip policy route-map data
interface ATM0
ip address 10.10.10.20 255.255.255.0
no ip directed-broadcast (default)
no atm ilmi-keepalive (default)
pvc 1/40
service-policy output mypolicy
protocol ip 10.10.10.36 broadcast
vbr-nrt 640 600 4
! 640 is the maximum upstream rate of ADSL
encapsulation aal5snap
bundle-enable
h323-gateway voip interface
h323-gateway voip id gk-twister ipaddr 172.17.1.1 1719
h323-gateway voip h323-id gw-820
h323-gateway voip tech-prefix 1#
router eigrp 100
network 10.0.0.0
network 20.0.0.0
ip classless (default)
no ip http server
access-list 101 permit ip any any precedence critical
route-map data permit 10
set ip precedence routine
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
login
voice-port 1
local-alerting
timeouts call-disconnect 0
voice-port 2
local-alerting
timeouts call-disconnect 0
voice-port 3
local-alerting
timeouts call-disconnect 0
voice-port 4
local-alerting
timeouts call-disconnect 0
dial-peer voice 10 voip
destination-pattern ........
ip precedence 5
session target ras
dial-peer voice 1 pots
destination-pattern 5258111
port 1
dial-peer voice 2 pots
destination-pattern 5258222
port 2
dial-peer voice 3 pots
destination-pattern 5258333
port 3
dial-peer voice 4 pots
destination-pattern 5258444
port 4
end -
Sh policy-map LLQ counters showing strange results.
I've config'd LLQ for video conferencing across a dual-T1 multilink connection. When I have a video conf. session going, the Class-map counters for 'packets', 'match' and 'pkts matched' under queueing being exactly the same. This is supposed to show either that all packets are being processed switched - which they aren't, or that there is congestion on the link, but there isn't. There is nothing else going across the link except my telnet session I use to get the counters. I would have expected all counters, except Class-default, to be zero under the queueing area, and then when I flood the link with large file transfers, the other class queueing counters to begin incrementing - but all counters are equal even without congestion. This doesn't help me prove that my QOS LLQ is working properly. What gives?
Here is the config and some outputs:
policy-map WAN-multilink
class Voice
priority 90
class Video
bandwidth 460
class Call-Control
bandwidth 27
class class-default
fair-queue
random-detect
policy-map QOS_classes
class Voice
priority 90
class Video
bandwidth 460
class Call-Control
bandwidth 27
class class-default
fair-queue
interface Multilink1
ppp multilink
ppp multilink fragment delay 20
ppp multilink interleave
ppp multilink group 1
max-reserved-bandwidth 95
service-policy output WAN-multilink
interface Serial0/2/0
bandwidth 1536
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 95
interface Serial0/3/0
bandwidth 1536
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 95
MDF-VoIP-RT2811#sh int stats
Multilink1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 2175 179609 2436 237735
Route cache 7519 3809321 7416 2108198
Total 9694 3988930 9852 2345933
MDF-VoIP-RT2811#sh policy-map int mu 1
Multilink1
Service-policy output: WAN-multilink
Class-map: Voice (match-any)
2037 packets, 411126 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
2037 packets, 411126 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 90 (kbps) Burst 2250 (Bytes)
(pkts matched/bytes matched) 2037/411126
(total drops/bytes drops) 0/0
Class-map: Video (match-any)
1919 packets, 1087702 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
1919 packets, 1087702 bytes
5 minute rate 0 bps
Match: ip precedence 4
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 265
Bandwidth 460 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 1919/1087702
(depth/total drops/no-buffer drops) 0/0/0
Class-map: Call-Control (match-any)
430 packets, 31418 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs3 (24)
430 packets, 31418 bytes
5 minute rate 0 bps
Match: ip precedence 3
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 266
Bandwidth 27 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 430/31418
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
4669 packets, 612771 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
exponential weight: 9In accordance with the above, you would need to apply the policy to the subinterface.
As my collegue clearly depicts, you should be able to combine the two pvc's into one, that would also be the scenario where the policy comes in action. When you are sending voice over a dedicated pvc there is little need to prioritize the flow. This equals the configuration where you have a dedicated leased line for voice.
regards,
Leo -
Audigy 2 Value left channel stopped working *complete
Sony Vaio pcv-rs530
P4 3.2 Ghz
Gb Ram
All-In-Wonder ATI Radeon 9800 Pro 28mb
Windows XP Home Edition v02' Service Pack 2
Logitech Z-5300e 5. Speaker system
I've had my audigy 2 value for about two months now. I managed to install it after a huge adventure of wiping my c: dri've after my first failed installation which ended me with no sound and no hope of restoring it back to normal, except the wipe, of course. It worked for a while, two months, but then I was having issues with my video card, possibly due to overheating because my audigy 2 value was one empty slot away from it and the circulation of air was not enough to keep it cool.
I stopped getting video related crashes after I put my sound card to the last slot, effecti'vely taking out my fax/modem, which I never used in the first place, in order to put the audigy 2 in the last slot, farthest away from my ATI AIW Radeon 9800 Pro. That little modem was blocking the last slot, making it impossible to put my sound card there. Then I noticed a few days later that my front left speaker was not working. I switched the speakers around, and everything worked except for the speaker plugged into the green line ouput, more specifically, the left front speaker never worked.
I'm currently using Logitech's z-5300e 5. speakers system, and they worked fine up until recently where the front left channel will not work. I tested it out on my xbox, and the speakers work fine. Both left and right speakers were okay. I took out my old desktop speakers that came with my vaio and plugged it into the green line output, and even then the left speaker didn't work. The same thing happened when I plugged my headphones in. The left earphone never worked. Both the old and new speakers and the headphones work properly otherwise (when not plugged into the audigy 2). I'm thinking my line output left channel has stopped working on the sound card itself.
I noticed that if I pushed the speaker plug into the outlet halfway, the front left speaker worked, but when I tested the calibration -- the voice matching said "front right" through the front left speaker. Even with all the speakers connected in any configuration, there was never a mention of a "front left" speaker. I concluded that the front left channel on the audigy 2 has stopped working.
Is this assumption correct? If so, wow. How would I go about fixing this? Does it have something to do with the slot switching? I reinstalled the drivers and programs for the audigy 2 after I switched. Although it did not seem to have a problem with me switching the slots even when I didn't uninstall anything. It detected the hardware switch, and everything worked fine. Should I try switching back to the other slot and hope my video card doesn't become one with my motherboard? The warranty has expired on my audigy 2 value, and I don't think I'll be compensated if I have no warranty, correct? All the drivers are updated, and it <EM>has</EM> worked before.
I've heard of other people's audigy 2 values that have had other channels just fizzle out in a few months. Am I one of them? Any information would be really helpful! Thanks.Message Edited by Paulie on 05-2-2005 06:30 AMIf you're sure noone was funny and turned down the left channel in advanced tab of Surround Mixer for instance, perhaps the connector loosened on the board or the soldering went bad; since your warranty expired (check with the store first!) I'd have someone who knows his way with electronics and soldering irons have a look at it.
PS I have the Audigy 2 Value as well; so far it works good but had I known it was treated like the ugly little kid in the Creative family that noone really likes to deal with i'd have gotten the ZS.Message Edited by Marco on 05-2-2005 0:2 PM -
Hi everyone,
I'm wondering if anyone else has encountered this problem with PP CC2014. I just edited a wedding video clip with music and vows. The music and voices match the picture perfectly upon export, but the audio keyframes are out of sync by 9-12 frames ahead of when they should kick in. In Premiere, my music keyframes are in the right place to lower the music when someone says something, but upon export, the music fades down and goes back up half a second too soon.
I've never encountered this problem before. I edited 30fps FullHD AVCHD footage from my Panasonic GH4, and 30fps FullHD XDCAM 35bps footage from my Sony EX1, in a 30fps FullHD Sony XDCAM sequence, and used 2 MP3s. Oddly enough, the audio keyframes over the first song from 0-4:24 are fine. The problem only appears over the second song, Eternal Flame by Brand X Music, from 4:25-6:51. I'm exporting in H.264, 10-20kbps 2-pass VBR. The problem is present whether I do a direct export from Premiere, or use AME. I also tested exporting in Quicktime, which doesn't solve the problem. Ditto for MPEG2 DVD.
Any ideas? It seems the only solution for now is for me to move my audio keyframes 10 frames ahead of where they should be in my timeline, which results in nonsense on my Timeline, but correct sync in my exports.Been up the whole night with the same issue. Never had this with previous versions and clearly noticeably on my edits as I tend to cut on the beats. Counted a 12 frame shift from cut to beat. Oddly the AE comps for my opening and closing titles with their audio embedded in the comps stayed in sync. Couldn't say for the video footage, because I unlinked the audio and deleted it, since I wasn't using it. The problem seems to only be with the soundtrack.
After shifting the audio back and forth and multiple renders I opted to try CBR which you'll be pleased to know killed the bug and I now have perfectly synced renders. -
6880 Port policy map - TCAM error re configured L4OPs
Hi,
I'm working through a QoS configuration for the 6880-X-LE with 6800Ia FEXs. The QoS configuration, policymap, classes, ACLS etc have all been accepted fine.
I can apply a service policy to an interface but when I do I get the following errors come up:
*Oct 13 03:13:55.832: %EARL_CM-SW1-5-NOL4OP: Configured L4OPs exceeds the programmable limit for tcam= 0
*Oct 13 03:13:55.828: %EARL_CM-SW2_STBY-5-NOL4OP: Configured L4OPs exceeds the programmable limit for tcam= 0
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 1 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
*Oct 13 03:13:58.360: %QM-SW1-4-TCAM_ENTRY: Hardware TCAM entry programming failed for switch 2 slot 5 intf Gi141/1/0/1 dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
I've checked the QoS policer quota's and they look OK. Is there something else I should be looking at??
NewLevel4Switch#sh platform hardware capacity qos
QoS Policer Resources
Aggregate policers: Sw/Mod Total Used %Used
1/5 16384 16 1%
2/5 16384 16 1%
Microflow policer configurations: Sw/Mod Total Used %Used
1/5 128 1 1%
2/5 128 1 1%
Netflow policer configurations: Sw/Mod Total Used %Used
1/5 384 0 0%
2/5 384 0 0%
Aggregate policer configurations: Sw/Mod Total Used %Used
1/5 1024 8 1%
2/5 1024 8 1%
Distributed policers: Total Used %Used
4096 1 1%
QoS Tcam Entries: Sw/Mod Total Used %Used
1/5 16384 1171 7%
2/5 16384 1171 7%
Thanks,
David.Hi Aninda,
Details as requested:
#show platform hardware capacity acl
Classification Mgr Tcam Resources
Key: Ttlent - Total TCAM entries, QoSent - QoS TCAM entries, LOU - LOUs,
RBLent - RBACL TCAM entries, Lbl - Labels, TCP - TCP Flags,
Dstbl - Destinfo Table, Ethcam - Ethertype Cam Table,
ACTtbl - Accounting Table, V6ext - V6 Extn Hdr Table
Sw/Mod Ttlent QoSent RBLent Lbl LOU TCP Dstbl Ethcam ACTtbl V6ext
1/5 2% 4% 0% 1% 1% 0% 2% 0% 0% 0%
2/5 2% 4% 0% 1% 1% 0% 2% 0% 0% 0%
#show platform hardware capacity qos
QoS Policer Resources
Aggregate policers: Sw/Mod Total Used %Used
1/5 16384 16 1%
2/5 16384 16 1%
Microflow policer configurations: Sw/Mod Total Used %Used
1/5 128 1 1%
2/5 128 1 1%
Netflow policer configurations: Sw/Mod Total Used %Used
1/5 384 0 0%
2/5 384 0 0%
Aggregate policer configurations: Sw/Mod Total Used %Used
1/5 1024 8 1%
2/5 1024 8 1%
Distributed policers: Total Used %Used
4096 1 1%
QoS Tcam Entries: Sw/Mod Total Used %Used
1/5 32768 1192 3%
2/5 32768 1192 3%
Qos config is as follows:
auto qos default
ip access-list extended SIGNALING-ACL
remark Used for voice/video signaling
permit tcp any any eq 5060
permit udp any any eq 5060
permit udp any any eq 2427
permit udp any any eq 2727
permit tcp any any eq 2748
permit tcp any any eq 1720
permit tcp any any range 2000 2002
permit tcp any any range 11000 11999
class-map match-any TAG-VOIP
match ip dscp ef
class-map match-any TAG-SIGNALING-ACL
match access-group name SIGNALING-ACL
class-map match-any TAG-SIGNALING-CS3
match ip dscp cs3
class-map match-any TAG-VIDEO
match ip dscp af41
class-map match-any TAG-LYNC-VOICE
match ip dscp af42
class-map match-any TAG-LYNC-VIDEO
match ip dscp af43
class-map match-any TAG-LYNC-App-Sharing
match ip dscp af22
class-map match-any TAG-STREAM
match access-group name STREAM-ACL
class-map match-any TAG-REATIME-MULTIMEDIA-CS4
match ip dscp cs4
class-map match-any TAG-REATIME-MULTIMEDIA-CS5
match ip dscp cs5
class-map match-any TAG-NETWORK-CONTROL-CS6
match ip dscp cs6
class-map match-any TAG-NETWORK-CONTROL-CS7
match ip dscp cs7
class-map match-any TAG-NETWORK-MGT
match access-group name NETWORK-ACL
class-map match-any TAG-BUSINESS-CRITICAL-AF21
match ip dscp af21
class-map match-any TAG-BUSINESS-CRITICAL-AF23
match ip dscp af23
class-map match-any TAG-PROCESS
match access-group name PROCESS-ACL
class-map match-any TAG-BULK
match access-group name BULK-ACL
class-map match-any TAG-SCAVENGER
match access-group name SCAVENGER-ACL
ip access-list extended STREAM-ACL
remark Define any webcast traffic flows here
ip access-list extended NETWORK-ACL
remark Used to identify CRITICAL network management traffic
permit tcp any any eq 23
permit tcp any any eq 22
ip access-list extended PROCESS-ACL
remark Used to identify Process PCN traffic
ip access-list extended BULK-ACL
remark Define any bulk traffic flows here (Backups/Misc web surfing etc)
ip access-list extended SCAVENGER-ACL
remark Define any Scavenger/junk class traffic here
table-map policed-dscp-markdown
map from 8 to 0
map from 10 to 0
map from 16 to 0
map from 18 to 0
map from 20 to 0
default copy
table-map dscp2dscp
default copy
policy-map TAG-INBOUND-MARKING-AND-POLICING
class TAG-VOIP
police cir 128000 bc 8000
conform-action set-dscp-transmit ef
exceed-action drop
class TAG-SIGNALING-ACL
police cir 32000 bc 8000
conform-action set-dscp-transmit cs3
exceed-action drop
class TAG-SIGNALING-CS3
police cir 32000 bc 8000
conform-action set-dscp-transmit cs3
exceed-action drop
class TAG-VIDEO
police cir 7000000 bc 218750
conform-action set-dscp-transmit af41
exceed-action drop
class TAG-LYNC-VOICE
police cir 128000 bc 8000
conform-action set-dscp-transmit af42
exceed-action drop
class TAG-LYNC-VIDEO
police cir 5000000 bc 156250
conform-action set-dscp-transmit af43
exceed-action drop
class TAG-LYNC-App-Sharing
police cir 1000000 bc 31250
conform-action set-dscp-transmit af22
exceed-action drop
class TAG-STREAM
set ip dscp cs4
class TAG-REATIME-MULTIMEDIA-CS4
set ip dscp cs4
class TAG-REATIME-MULTIMEDIA-CS5
set ip dscp cs5
class TAG-NETWORK-CONTROL-CS6
set ip dscp cs6
class TAG-NETWORK-CONTROL-CS7
set ip dscp cs7
class TAG-NETWORK-MGT
police cir 1000000 bc 31250
conform-action set-dscp-transmit cs2
exceed-action policed-dscp-transmit
class TAG-BUSINESS-CRITICAL-AF21
set ip dscp af21
class TAG-BUSINESS-CRITICAL-AF23
set ip dscp af23
class TAG-PROCESS
set ip dscp af31
class TAG-BULK
set ip dscp af11
class TAG-SCAVENGER
set ip dscp cs1
class class-default
set dscp default
interface gigabitEthernet xx/xx/xx - xx
service-policy input TAG-INBOUND-MARKING-AND-POLICING
Thanks,
David -
VoIP & AutoQoS & frame/atm
I have 2 remote locations connected via frame/atm links currently with no QoS configs and potentially running VoIP. Is AutoQoS the simpliest and/or best solution, for voip communication across the WAN(frame/atm) if no other QoS is required ?
Thanks for your consideration -I'll admit that I haven't used AutoQoS on a WAN link, and definitely not on a FR/ATM interface.
I normally associate appropriate use of the AutoQoS command with L2 switchports, since the queueing on the switches is much more complex.
For routers, it's very simple, and there is a wider variance in how people use it.
In a very bare-bones scenario, you can get away with this:
class-map match-all voice
match protocol rtp audio
policy-map LLQ
class voice
priority percent 50
class class-default
fair-queue
int s0/0
service-policy out LLQ
You could make it more well rounded by matching on your VoIP signaling and other high priority traffic, but that's specific to your needs.
-nick -
Hello
I have experienced the following situation recently. It hasn't fixed yet. If you have any idea, please advise. Any comments are welcome!
The problem was that the voice packets have been dropped in class Voice despite the fact that the interface's utilization is quite low. Please see the policy-map interface output below.
Service-policy output: out_(3072k/3072k)_QoS (4754)
queue stats for all priority classes:
queue limit 192 (packets)
(queue depth/total drops/no-buffer drops) 0/297/0
(pkts queued/bytes queued) 12372/1041424
Class-map: Voice (match-all) (4755/7)
12098 packets, 1042365 bytes
5 minute offered rate 32000 bps, drop rate 3000 bps
Match: ip precedence 5 (4756)
Priority 50 (%) (1536 kbps) burst 1250000 (bytes)
I removed the service-module from the multilink interface and restored. I repeated the procedure for a few times. At some point, I noticed that queue-limit of LLQ changed from 192 to 384. I didn't change it manually. It was changed by itself. Then the drop stopped.
Service-policy output: out_(3072k/3072k)_QoS (6339)
queue stats for all priority classes:
queue limit 384 (packets)
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts queued/bytes queued) 2628/221321
Class-map: Voice (match-all) (6340/7)
2653 packets, 228634 bytes
5 minute offered rate 14000 bps, drop rate 0 bps
Match: ip precedence 5 (6341)
Priority 50 (%) (1536 kbps) burst 1250000 (bytes)
* I omitted some of the output due to the text size in this forum.
The average packet sizes in queue-limit 192 and 384 are almost same (86 bytes/packet).
Does anyone know how does the IOS calculate the queue-limit in LLQ? I know that it changes dynamic in LLQ but would like to know the algorithm.
Did anyone have a similar experience?
Thank you,Hello Creed,
>> I just think that the P router might not able to police the traffics as it get routed into the tunnels...
With both LDP LSPs and MPLS TE LSPs traffic is forwarded inside MPLS frames and so EXP field of the topmost label is accessible to P routers to provide diffserv QoS treatments.
Usually P routers implement only outgoing scheduling (queueing) combined with congestion avoidance (WRED).
The service policies are applied outbound the physical interfaces.
Rate control of what traffic enters the MPLS cloud both LDP LSPs and MPLS TE LSPs is made on PE at the edge before traffic enters the MPLS space.
DSCP bits should not be accessible inside the MPLS cloud once the ip packet travel inside an MPLS label stack.
Actually some inside inspections can be performed for flow based load-balancing purposes.
So policing on the P routers is not used in general.
Hope to help
Giuseppe -
Burst value for Policers in a 3750
Hi,
I am trying to create a Policy-Map to use it at the ingress of a Fastethernet interface to be able to enforce bandwidth utilization and marking for incoming packets.
One of my queues is used for VOICE. My objective for this queue, is to be able to guarantee around 6Mbps. I started using the below configuration, but after using 3rd party testing software (WAN Killer and Qcheck) I realized that the enforcing wasn't working because I was reaching speeds of 90Mbs for that particular class.
The first thing I thought about, was queueing at the egress.
As you can see, at a queueing level, I am using shaping for the PQ with a 10% (10 0 0 0), so I assume all traffic should be dropped after using 10Mbps (assuming I use a 100Mbps port).
After not being able to explain why my shape wasn't working the way I thought, I focused on the policer.
Looking at the Burst value, I tried to modify it, but the results of my testing didn't make any sense *.
I started testing with pairs of Bandwidth/Burst and the average speed reached just didn't make any sense.
I would like to be able to predict the max. speed based on my Policers (Bandwidth/burst). Is there any way to do it?
Thanks in advance for the help.
mls qos
mls qos map policed-dscp 24 26 to 0
mls qos map cos-dscp 0 8 24 26 34 46 48 56
mls qos srr-queue output dscp-map queue 1 threshold 2 34
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 26
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos queue-set output 1 buffers 5 10 84 1
ip access-list extended MAPI
deny ip any any
ip access-list extended SCAVENGER
deny ip any any
ip access-list extended VOICE-SIGNALING
permit tcp any any range 2000 2002
permit tcp any range 2000 2002 any
ip access-list extended VIDEO
deny ip any any
ip access-list extended VOICE
permit udp any any range 16384 32767
class-map match-all MAPI
match access-group name MAPI
class-map match-all VOICE-SIGNALING
match access-group name VOICE-SIGNALING
class-map match-all VIDEO
match access-group name VIDEO
class-map match-all VOICE
match access-group name VOICE
class-map match-all SCAVENGER
match access-group name SCAVENGER
policy-map QOS
class VOICE
police 6000000 450000 exceed-action drop
set dscp 46
class VIDEO
police 4000000 300000 exceed-action drop
set dscp 34
class VOICE-SIGNALING
police 1000000 75000 exceed-action policed-dscp-transmit
set dscp 26
class MAPI
police 3000000 225000 exceed-action policed-dscp-transmit
set dscp 24
class SCAVENGER
police 1000000 75000 exceed-action drop
set dscp 8
class class-default
police 85000000 1000000 exceed-action drop
set dscp 0
! Access Interfaces:
interface range FastEthernet0/1 - 48
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 800
spanning-tree portfast
srr-queue bandwidth share 1 5 94 1
srr-queue bandwidth shape 10 0 0 0
priority-queue out
service-policy input QOS
exit
* I tried testing different sets of values and the Bandwidth I was able to reach wasn't congruent at least with the way I understand it.
Here are some sets of values I used and the average reached speed:
Bandwidth/Burst -> Reached-Bandwidth
10000/8000 -> About 1Mbps
20000/8000 -> About 2Mbps
20000/20000 -> About 2Mbps
30000/8000 -> About 0.5Mbps
30000/15000 -> About 0.5Mbps
30000/500000 -> About 0.5Mbps
320000/8000 -> About 320Kbps -> This is an actual example from the SRND.
4000000/8000 -> About 3Mbps
5000000/8000 -> About 5Mbps
6000000/8000 -> More than 15Mbps
5500000/8000 -> Around 6Mbps (I had a few instances where the max. speed reached 25Mbps)None of this is making sense to me. Please provide more details after considering the following:
1. The priority-queue on the c3750 is output only, so setting a 'shape' to 10% would only effect outgoing traffic from the port, not inbound traffic. You can configure one ingress queue as the priority queue by using the 'mls qos srr-queue input priority-queue bandwidth ' global configuration command (see the docs).
2. The 'shaping' that you are describing for the priority queue is queue shaping, not a traffic shaper as if you had a policy map with a 'shape average ' command. This 'queue shaping' is outbound only and will not impact inbound traffic to the port. This is different if this is a metro c3750 on the ES ports.
3. Why are all 48 ports configured as trunks?
4. Why are you configuring portfast on each port instead of globally 'spanning-tree portfast default'?
5. What is the egress port for this switch? A Gig port or just other copper ports? Where does this traffic go from these copper ports? What is the config on the uplink or downlink ports? If this is the only switch involved in your test than you are definitely creating an interesting test environment in which your policer is policing inbound traffic and each port is 'queue shaping' outbound traffic. I would suggest one or the other and configure what is appropriate for what you need rather than configuring what looks like everything and trying to find out what works. I've been down this road, you will never get it exactly the way you want it.
6. Why on earth are the burst parameters so high on your config example? In most cases you should just configure the average and have the switch determine the appropriate burst values.
7. Why are you using access-lists for matching voice traffic? Your ACL matching udp ports from 16384 to 32767 have two huge problems: first, no guarantee that the udp packet is voice (many worms use ports in that range), second RTP traffic only uses even port numbers, not odd, odd port numbers are SRTP signalling packets. I want to be on your network, if I configure my laptop to trunk and send my edonkey traffic on udp port 16999 I will have high priority! At least include the destination ip of the call manager and voice gateways in the ACL to be more restrictive.
8. Why aren't you trusting the end device like an ip phone rather than trying to re-write the IP DSCP value using an ACL? The best practice is that the switch ports be configured (using auto qos or not) to use CDP to allow access to the voice vlan and NOT to use a trunk (the ip phone will tag the voice traffic using dot1q for the voice vlan and the port will never 'trunk'.
9. There are significant restrictions on how you can apply QoS policies to the switch ports on the ASIC based Catalyst platforms, including policing granularity, number of TCAM entries required, number of match statements per class, number of classes, etc.
10. Last, can you provide the IOS version and switch model that you are using?
I will provide some more advise once I understand the above information.
/Rick
Maybe you are looking for
-
Do I Really Need A New Hard Drive?
According to the mac genius I took my Powerbook G4 to, my hard drive is toast and I need to replace it. He then said that one reason might be that a spec of dust might have caused it to fail. My understanding is that that is an impossibility because
-
Suspected imac overheating- help!
Im wondering if my imac is overheating. My sims 3 game keeps shutting down and when i leave it for half hour it will play again for a couple of hours then shuts down. Its summer here so temps up to 100 deg (35 celcius). The imac affter sims shuts is
-
I'm using an iMac with OS X (v 10.8.5) The download function malfunctioned a few days ago. Now when zipped files are downloaded, I am unable to unzip them by clicking on the file. I'm using the download function in Safari as a work-around, but that
-
PGP Whole disk Encryption but for Windows Partition only ?
Hi, Slightly unusual situation here. I want to use my MacBook Pro at work and home. OSX at home and XP at work. Now at work they have a strict policy of only allowing computers on the network with PGP Whole disk Encryption. I've looked into this and
-
I am an **bleep** and left town for the weekend leaving my Blackberry curve plugged in, and now I am very worried my clock alarm was set to go off every morning rather than just weekdays. How long will the clock alarm sound before stopping? I can't