True, I am also observing that...... With regards Kings
On Sat, Jun 2, 2012 at 4:45 AM, Imre Oszkar <[email protected]> wrote: > mqc policing works for me but the counters do not increment > rate-limiting doesn't work. > > mls qos > > access-list 111 permit udp any any > > class-map match-all CMAP > match access-group 111 > ! > ! > policy-map PMAP > class CMAP > police 128000 8000 exceed-action drop > > interface FastEthernet0/5 > description R5-FA0/1 > no switchport > ip address 136.1.133.1 255.255.255.0 > service-policy input PMAP > spanning-tree portfast > > > > SW2#sh policy-map interface > FastEthernet0/5 > > Service-policy input: PMAP > > Class-map: CMAP (match-all) > 0 packets, 0 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: access-group 111 > > Class-map: class-default (match-any) > 0 packets, 0 bytes > 5 minute offered rate 0 bps, drop rate 0 bps > Match: any > 0 packets, 0 bytes > 5 minute rate 0 bps > > Loading c2801-adventerprisek9-mz.124-15.T.bin from 136.1.122.6 (via > FastEthernet0/1): !O!.!O!O.!O!OO!.!O!OO!OO!O.!O!OO!O.!O!OO!OO!OO!O > > > > > On Fri, Jun 1, 2012 at 9:00 AM, <[email protected] > > wrote: > >> Send CCIE_Security mailing list submissions to >> [email protected] >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://onlinestudylist.com/mailman/listinfo/ccie_security >> or, via email, send a message with subject or body 'help' to >> [email protected] >> >> You can reach the person managing the list at >> [email protected] >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of CCIE_Security digest..." >> >> >> Today's Topics: >> >> 1. Policing traffic on switch (Kingsley Charles) >> 2. RES: IOS IPS troubleshooting (Carlos Alberto Campos Jardim) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Fri, 1 Jun 2012 13:23:53 +0530 >> From: Kingsley Charles <[email protected]> >> To: [email protected] >> Subject: [OSL | CCIE_Security] Policing traffic on switch >> Message-ID: >> <CAHs0B04Z+MZxf0hh1PH7Q8YRjq51= >> [email protected]> >> Content-Type: text/plain; charset="iso-8859-1" >> >> Hi all >> >> I am trying to configure policing and rate-limiting on a switch. It >> doesn't >> work for me. For rate-limiting, it seems we make the port as a L3 port >> using "no switchport" command which was interesting for me. Tried enabling >> "mls qos" but still rate-limiting or policing doesn't work. >> >> Has anyone tried rate-limiting or policing on a switch. >> >> Snippet from >> >> http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_44_se/command/reference/cli1.html#wp5046030 >> >> >> Usage Guidelines >> >> QoS must be globally enabled to use QoS classification, policing, mark >> down >> or drop, queueing, and traffic shaping features. You can create a >> policy-map and attach it to a port before entering the mls qos command. >> However, until you enter the mls qos command, QoS processing is disabled. >> >> >> With regards >> Kings >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> </archives/ccie_security/attachments/20120601/9f365dc2/attachment-0001.html> >> >> ------------------------------ >> >> Message: 2 >> Date: Fri, 1 Jun 2012 08:51:55 -0300 >> From: "Carlos Alberto Campos Jardim" <[email protected]> >> To: "Kingsley Charles" <[email protected]> >> Cc: [email protected] >> Subject: [OSL | CCIE_Security] RES: IOS IPS troubleshooting >> Message-ID: >> <[email protected]> >> Content-Type: text/plain; charset="us-ascii" >> >> >> >> At this time I am managing with CCP. Do you know how to fix it? >> >> All signatures were tuned to only produce-alert and IOS IPS keeps >> reseting connections without providing any alarm.. >> >> >> >> De: Kingsley Charles [mailto:[email protected]] >> Enviada em: sexta-feira, 1 de junho de 2012 03:49 >> Para: Carlos Alberto Campos Jardim >> Cc: [email protected] >> Assunto: Re: [OSL | CCIE_Security] IOS IPS troubleshooting >> >> >> >> It is some issue with tcp socket having src port of 443. Are managing it >> with SDM or CCP? >> >> With regards >> Kings >> >> On Thu, May 31, 2012 at 9:23 PM, Carlos Alberto Campos Jardim >> <[email protected]> wrote: >> >> Hi guys, I have configured IOS IPS and I getting the following messages: >> >> >> >> *May 31 12:28:59: %IPS-6-TIMEOUT_EVENT: Synwait timer timeout event. >> >> *May 31 12:28:59: %IPS-6-SEND_TCP_PAK: Sending TCP >> packet:(12.12.12.12:443)=>(44.44.44.44:2985),tcp flag:0x4, >> pak:0x3187DEDC, iso:0x2CCD0C60,tcp seq:0x0, tcp ack:0x0, >> tcp_window:65535, ip_checksum:0xDA60, Serial0/0/0,feat_flags:0x10000, >> fast_path(no) >> >> >> >> >From statistics I can see: >> >> >> >> Lab_ips_Eng#sh ip ips statistics >> >> Interfaces configured for ips 1 >> >> Session creations since subsystem startup or last reset 131182 >> >> Current session counts (estab/half-open/terminating) [0:907:0] >> >> Maxever session counts (estab/half-open/terminating) [2:1000:1] >> >> Last session created 00:00:09 >> >> Last statistic reset 00:02:17 >> >> TCP reassembly statistics >> >> Out-of-order packets dropped 0 >> >> >> >> >> >> Do you guys have any insight about these errors? >> >> >> >> Best regards! >> >> Carlos Jardim >> >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >> >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> </archives/ccie_security/attachments/20120601/f3a30c49/attachment-0001.html> >> >> End of CCIE_Security Digest, Vol 72, Issue 4 >> ******************************************** >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
