[c-nsp] XR on GNS3
Hi All, I am looking for help. I want to use XR IOS any router on GNS3. Anyone ever used & any issues? I would be really appreciate any prompt help. I have Laptop Core i7 with 16 GB RAM on it. Also What XR IOS need to use? Much appreciate for prompt reply. Thanks & Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Channel Errors
Hi All, First thanks for all replies.Below are the configs of customer side & our(ISP) side interface. On our side, we are using bridge network(which is broadcast domain), other customers are part of this broadcast domain.We do not have control on their L2 frames(STP,CDP,LDP etc). Do customer or we need to add any other configuration so we can get it stop those L2 Channel errors.Current configurations are below. Do customer need to use ACL on their side juniper srx firewall to drop/block those L2 frames?If yes what config customer can use. Customer side SRX Juniper Firewall: set interfaces ge-0/0/0 gigether-options redundant-parent reth0 set interfaces ge-2/0/0 gigether-options redundant-parent reth0 set interfaces reth0 description ISP set interfaces reth0 redundant-ether-options redundancy-group 2 set interfaces reth0 unit 0 family inet address 2.2.2.2/30 Cisco 6500 switch ISP side interface: interface GigabitEthernet1/15 description Customers(many other customer IP's are here as secondary on this interface) mtu 1546 ip address 2.2.2.1 255.255.255.252 secondary ip address 10.0.9.1 255.255.255.0 no ip redirects no ip proxy-arp logging event link-status logging event spanning-tree status no cdp enable spanning-tree bpdufilter enable Specifically, this counter increases when the Junos software cannot find a valid logical interface for an incoming frame(As customer & ISP,both are not using any vlan or logical interface on any side). Any config need to add on juniper side? Your replies & suggestions would be appreciated. Thanks & Regards, Ahsan Rasheed Thanks & Regards, Ahsan Rasheed On Mon, Feb 20, 2017 at 4:49 PM, Ahsan Rasheed <ahsanrashe...@gmail.com> wrote: > Hi All, > > > Our one customer is facing this issue. They are using Juniper firewall on > their side connected to us. We are using on our side as ISP Cisco 6500 > switch. Our side we are using bridged network environment. Our side > interface configured as L3 interface. On their side they are getting " L2 > Channel errors" & are increasing. > > > I searched & found about that L2 Channel errors arise due to the following > reasons: > > * An untagged interface on the SRX receiving VLAN tagged packets. > * An interface on the SRX, which is tagged with the VLAN id (for > example, 'x'), receives packets with some other VLAN id's or tags. This > usually happens when the SRX interface is configured as an access port; but > the interface of the switch connected to it, if any, is configured as a > Trunk. > * STP runs on the interface of the device connected to the interface > of the SRX > * layer 2 frames such as STP or CDP/LLDP. > > Specifically, this counter increases when the Junos software cannot find a > valid logical interface (that is, something like ge-0/0/1.0) for an > incoming frame. Conversely, the packet is dropped. > > > Anyone encountered on this type of issue. What would be the solution? Need > to use ACL on Juniper firewall etc.? > > Any help would be appreciated. > > Thanks & Regards, > Ahsan Rasheed > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] L2 Channel Errors
Hi All, Our one customer is facing this issue. They are using Juniper firewall on their side connected to us. We are using on our side as ISP Cisco 6500 switch. Our side we are using bridged network environment. Our side interface configured as L3 interface. On their side they are getting " L2 Channel errors" & are increasing. I searched & found about that L2 Channel errors arise due to the following reasons: * An untagged interface on the SRX receiving VLAN tagged packets. * An interface on the SRX, which is tagged with the VLAN id (for example, 'x'), receives packets with some other VLAN id's or tags. This usually happens when the SRX interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk. * STP runs on the interface of the device connected to the interface of the SRX * layer 2 frames such as STP or CDP/LLDP. Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped. Anyone encountered on this type of issue. What would be the solution? Need to use ACL on Juniper firewall etc.? Any help would be appreciated. Thanks & Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Help needed regarding the Eompls tunnel in Juniper & Cisco
: No fault Last local SSS circuit status sent: No fault Last local LDP TLVstatus sent: No fault Last remote LDP TLVstatus rcvd: Not sent Last remote LDP ADJstatus rcvd: No fault MPLS VC labels: local 20, remote 299776 Group ID: local 0, remote 0 MTU: local 1546, remote 1546 Remote interface description: Remote VLAN id: 1089 Sequencing: receive disabled, send disabled Control Word: Off (configured: autosense) VC statistics: transit packet totals: receive 102, send 109 transit byte totals: receive 7344, send 7376 transit packet drops: receive 0, send 0 ! interface GigabitEthernet2/2.1089 encapsulation dot1Q 1089 xconnect 63.250.250.225 1089 encapsulation mpls ! interface GigabitEthernet2/2 mtu 1546 ip address 10.0.59.1 255.255.255.252 ! interface GigabitEthernet2/1 mtu 1546 ip address 10.252.0.85 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 020E01490E151B28431D594A5244 ip ospf network point-to-point logging event link-status logging event spanning-tree status mpls ip no cdp enable On Cisco 6503 i am using this IOS:s72033-advipservicesk9_wan-mz.122-33.SXJ6.bin Cisco 3550 swicth1(Output): interface GigabitEthernet0/11 description facing-Cisco6503 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,100,1089 switchport mode trunk logging event spanning-tree no cdp enable ! interface Vlan1089 ip address 1.1.1.1 255.255.255.252 Cisco 3550 swicth2(Output): interface GigabitEthernet0/11 description facing-Juniper-ACX400 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,100,1089 switchport mode trunk logging event spanning-tree no cdp enable ! interface Vlan1089 ip address 1.1.1.2 255.255.255.252 ! Any one seen before this type of issue. It would be much appreciated if i get any help asap. Is there any workaround if someone knows? Thanks & Regards, Ahsan Rasheed <https://puck.nether.net/mailman/listinfo/juniper-nsp> ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Tough Switches with connected devices are dropping
Hi Support, We are having some serious issues on our point to multipoint network we need your guys help suggestion. Below is setup we are using. Core Cisco switch 6524-- Ubiquiti Tough Switch 1-- Ubiquiti Tough Switch 1 Issue: Our Core switch is connected with first tough switch first tough switch is connected with second tough switch. The issue we are having 3 Ubiquiti AP’s are connected on TS1 2 Ubiquiti AP’s are connected on TS2. AP’s are connected with CPE CPE are connected with customer devices. After every 30-45 secs whole multipoint network drops and then again it up. This dropping issue started as soon as we connected 2 Tough switches together. Before that no drop with single TS connected on core switch. On both Tough switches we are running RSTP with native vlan 1 vlan configuration picture is attached. On both tough switch vlan configuration are same. ME 6524 port configuration: interface GigabitEthernet1/24 description mp-toughswitch mtu 1546 ip address 10.254.7.89 255.255.255.248 secondary ip address 172.16.15.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp logging event link-status logging event spanning-tree status no cdp enable spanning-tree bpdufilter enable end Thanks Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Router 2821 is having issue getting error
Hi Guys, I would like to say thank you so much for all of you who replied helped me to fix this issue. I also tried to use working RAM of another router on this bad router but it also could not fix. I also tried to use CF(Compact flash) of this bad router into another good router so CF of bad router is working fine into good router. I also checked CF(compact flash) of good router into bad router but i am getting same below errors. CF(Compact flash) on bad router is 128MB but this CF card is working fine on another working router. Now i also know that RAM CF(compact Flash) is not an issue but what is the issue?. Below are the possible issues on this router? 1)Router file system is corrupted? or What could be the issue? - Still getting below errors: DIMM0 is a ECC Memory DIMM1 is a non-ECC Memory c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized boot: cannot open flash: boot: cannot determine first executable file name on device flash: c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized boot: cannot open flash: boot: cannot determine first executable file name on device flash: c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Thanks Regards, Ahsan Rasheed On Fri, Apr 24, 2015 at 5:38 AM, Aled Morris al...@qix.co.uk wrote: On 24 April 2015 at 08:48, Lukas Tribus luky...@hotmail.com wrote: There was an issue a while back that Cisco had with faulty memory from a particular vendor. Thats about RAM, not CF cards. There was a 64GB CF Card recall which affected 2800 routers (a long while ago, 2006) http://www.cisco.com/c/en/us/support/docs/field-notices/620/fn62127.html Aled ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Router 2821 is having issue getting error
Hi Guys, I am having issue in my lab router Cisco 2821. This router is booting on rommon mode all the time. I checked flash of this router in another working router. So flash is working fine in another router. I tried to use another router working flash on this router i am still having the same issue getting the below error. Can anyone confirm me what is the issue on router, file system is corrupted on router?. Any advise to fix this issue would be appreciated. *boot: cannot open flash:* *boot: cannot determine first executable file name on device flash:* System Bootstrap, Version 12.4(13r)T5, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2007 by cisco Systems, Inc. Memory Dimms are not of the same type DIMM0 is a ECC Memory DIMM1 is a non-ECC Memory c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized boot: cannot open flash: boot: cannot determine first executable file name on device flash: c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized *boot: cannot open flash:* *boot: cannot determine first executable file name on device flash:* c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized rommon 1 rommon 9 dir flash: dir: cannot open device flash: --- Thanks Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Router 2821 is having issue getting error
Hi Richard, Thanks for your reply helping me. I really appreciated. I changed configuration register to 0x2102 but nothing changed. i am still getting below messages and router is continuously booting on rommon mode. so how i can show you configuration or which commands i should run so i can tell you the configuration . boot: cannot open flash: boot: cannot determine first executable file name on device flash: Thanks Regards, Ahsan Rasheed On Thu, Apr 23, 2015 at 6:16 PM, Infratection rgolod...@infratection.com wrote: Ahsan, what is your configuration register set to? Can you show me the first few lines of a show running command output? Richard -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ahsan Rasheed Sent: Thursday, April 23, 2015 5:28 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco Router 2821 is having issue getting error Hi Guys, I am having issue in my lab router Cisco 2821. This router is booting on rommon mode all the time. I checked flash of this router in another working router. So flash is working fine in another router. I tried to use another router working flash on this router i am still having the same issue getting the below error. Can anyone confirm me what is the issue on router, file system is corrupted on router?. Any advise to fix this issue would be appreciated. *boot: cannot open flash:* *boot: cannot determine first executable file name on device flash:* System Bootstrap, Version 12.4(13r)T5, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2007 by cisco Systems, Inc. Memory Dimms are not of the same type DIMM0 is a ECC Memory DIMM1 is a non-ECC Memory c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized boot: cannot open flash: boot: cannot determine first executable file name on device flash: c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized *boot: cannot open flash:* *boot: cannot determine first executable file name on device flash:* c2821 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized rommon 1 rommon 9 dir flash: dir: cannot open device flash: --- Thanks Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover
Hi Guys, Actually I would like to know if you guys can provide me the solution on below issue. we are providing internet to one of our customer. our Connection is connected on customer onsite 3 com switch. on 3com switch, his two ASA firewalls are connected, Primary/Secondary as Active/Standby. We are providing /30 IP to customer. So customer is using single public IP address on both ASA firewalls. He is having issue of duplicate Mac address on his side when his primary ASA fails, his fail-over is not working unless he reboots the connection between us. 1.So the temporary solution customer has to reboot the connection every time to make it work on fail-over or We (ISP) has to clear the arp from our core switch. This solution is manual, customer wants to do fail-over automatically. 2. I asked customer to use /29 IP on their side we can provide so he can use different public IP’s on both firewalls. He denied to use /29.He urged to use single public IP on both ASA firewalls. 3. I asked customer to use router facing to us and use /30 IP on router. He denied to use router between us firewalls. Any other solution is possible, can we(ISP) use on our side to clear his arp automatically when his primary ASA firewall drops the connection and try to connect the secondary firewall same public IP but different Mac address. Thanks Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Active/Standy ASA Firewalls are having duplicate IP issue on failover
Hi David, Fabien all who replies , First I would like to say thank you so much for helping me on this issue. I would like to clear few things. Customer is using /30 IP on Active Firewall and Standby configured as no IP on its outside interface. Whenever fail-over occurs, the issue is having Customer is getting duplicate IP address message and fail-over is not working with us only. Because our Core switch has already mac address of Active ASA with that IP. When fail-over occurs standby using same IP but different mac. So Arp entry on core switch with that IP is not clearing unless someone has to drop the connection between ISP customer or someone clear the arp entry manually on our(ISP) end. We are providing this customer radio link, so every time customer has to reboot the radio to make it fail-over work on his side. “ one important thing, Customer is saying his both firewall is working fine as Active/Standby with other provider Comcast. Fail-over is working perfectly with no issues with Comcast”. Why he is having issue with us. Why our core switch is not getting that GARP’s to update CAM table as an adjacent although Comcast is working fine. Customer refused to use /29 IP block. Customer refused to use Router. As per customer, they are not using HSRP/VRRP, they are using Active/Standby ASA firewalls. Do you guys think, in this scenario the only solution is to customer should use Virtual Mac address on his firewalls. If yes then how to use the Virtual mac address for Active/Standby ASA with single IP on active ASA, no IP on standby ASA. I have read the below one comment in one thread: Dear Rajesh, You are right that *gratuitous ARP injected by ASA to other connected Device. But the best solution to implement failover is to use a virtual mac address, if you will use the Virtual mac address for failover then the ARP entries will not get changed and there will be no timeout anywhere on the network. If you are not using the virtual mac address then if failover occurs in that case the arp entries will be changed and when the new device takes over the active state then it will send the gratituous arp* *Regards,* *Aakil* Thanks Regards, Ahsan Rasheed On Tue, Nov 25, 2014 at 2:34 PM, David White, Jr. (dwhitejr) dwhit...@cisco.com wrote: Hi Ahsan, The customer cannot configure the 'same' IP address on both ASAs in an Active/Standby pair. Each ASA's outside interface must have it's own IP (or the Standby could be configured without an IP - but in that case the physical interface would not be monitored for all failures). When the ASAs failover, they swap both IPs and MAC addresses - therefore, they shouldn't run into a 'duplicate MAC' case. Both ASAs will send out GARPs to update the CAM/ARP tables of adjacent devices. Why isn't configuring a /29 acceptable to the customer? It is the only way to allow the ASA pair the IPs it needs to have failover configured properly. Sincerely, David. On 11/25/2014 11:50 AM, Ahsan Rasheed wrote: Hi Guys, Actually I would like to know if you guys can provide me the solution on below issue. we are providing internet to one of our customer. our Connection is connected on customer onsite 3 com switch. on 3com switch, his two ASA firewalls are connected, Primary/Secondary as Active/Standby. We are providing /30 IP to customer. So customer is using single public IP address on both ASA firewalls. He is having issue of duplicate Mac address on his side when his primary ASA fails, his fail-over is not working unless he reboots the connection between us. 1.So the temporary solution customer has to reboot the connection every time to make it work on fail-over or We (ISP) has to clear the arp from our core switch. This solution is manual, customer wants to do fail-over automatically. 2. I asked customer to use /29 IP on their side we can provide so he can use different public IP’s on both firewalls. He denied to use /29.He urged to use single public IP on both ASA firewalls. 3. I asked customer to use router facing to us and use /30 IP on router. He denied to use router between us firewalls. Any other solution is possible, can we(ISP) use on our side to clear his arp automatically when his primary ASA firewall drops the connection and try to connect the secondary firewall same public IP but different Mac address. Thanks Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Any one ever worked on Cisco 6500 QOS specifically 6503 or 6524(help) needed
:30 31 32 33 34 35 36 37 38 39 4 :40 41 42 43 44 45 01 47 48 49 5 :50 51 52 53 54 55 56 57 58 59 6 :60 61 62 63 Maximum Burst Policed-dscp map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 - 0 :00 01 02 03 04 05 06 07 08 09 1 :10 11 12 13 14 15 16 17 18 19 2 :20 21 22 23 24 25 26 27 28 29 3 :30 31 32 33 34 35 36 37 38 39 4 :40 41 42 43 44 45 46 47 48 49 5 :50 51 52 53 54 55 56 57 58 59 6 :60 61 62 63 Dscp-cos map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 - 0 :00 00 00 00 00 00 00 00 01 01 1 :01 01 01 01 01 01 02 02 02 02 2 :02 02 02 02 03 03 03 03 03 03 3 :03 03 04 04 04 04 04 04 04 04 4 :05 05 05 05 05 05 05 05 06 06 5 :06 06 06 06 06 06 07 07 07 07 6 :07 07 07 07 Dscp-exp map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 - 0 :00 00 00 00 00 00 00 00 01 01 1 :01 01 01 01 01 01 02 02 02 02 2 :02 02 02 02 03 03 03 03 03 03 3 :03 03 04 04 04 04 04 04 04 04 4 :05 05 05 05 05 05 05 05 06 06 5 :06 06 06 06 06 06 07 07 07 07 6 :07 07 07 07 Cos-dscp map: cos: 0 1 2 3 4 5 6 7 dscp: 0 10 18 24 34 46 48 56 IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 dscp: 0 8 16 24 32 40 48 56 Exp-dscp map: exp: 0 1 2 3 4 5 6 7 dscp: 0 8 16 24 32 40 48 56 mls netflow interface mls qos map cos-dscp 0 10 18 24 34 46 48 56 mls qos ! class-map match-all exp_3 match mpls experimental topmost 3 class-map match-all EXP_5 match mpls experimental topmost 5 class-map match-all QOS_GROUP_5 match qos-group 5 class-map match-all prec5 match ip precedence 5 class-map match-all cos5 match cos 5 ! policy-map mpls2ip class QOS_GROUP_5 set cos 5 ! policy-map IN_FROM_R3 class EXP_5 set qos-group 5 ! interface Loopback0 ip address 5.5.5.5 255.255.255.255 ! interface GigabitEthernet2/2 mls qos trust cos or (tried both individually but none worked) mls qos trust dscp ! interface GigabitEthernet2/2.455 encapsulation dot1Q 455 xconnect 3.3.3.3 455 encapsulation mpls service-policy output mpls2ip ! interface GigabitEthernet2/1 ip address 192.168.34.4 255.255.255.0 ip ospf network point-to-point mls qos trust cos or (tried both individually but none worked) mls qos trust dscp mpls ip service-policy input IN_FROM_R4 ! Thanks regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Any one ever worked on Cisco 6500 QOS specifically 6503 or 6524(help) needed
I would like to say thanks both of you who replied. Is there any other solution. Can i use any other IOS. Can i use hierarchical QOS?. What is the solution of this issue. Because we are using majority 6503 Cisco switches on our border in our company. i can not change these switches, not in my control. can i use queuing on 6503 interfaces. Is there any way to prioritize voip traffic on these switches if MQC is not possible can i do priority Queuing for voip traffic? I would be thankful appreciated on solutions replies. Thanks Regards, Ahsan Rasheed On Sun, Oct 12, 2014 at 1:37 PM, Matthew Huff mh...@ox.com wrote: The 6500 series switch has unique, complex and restrictive hardware QOS compared to a software based router/switch. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/qos.html -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Swapnendu Mazumdar Sent: Sunday, October 12, 2014 1:49 PM To: Ahsan Rasheed Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Any one ever worked on Cisco 6500 QOS specifically 6503 or 6524(help) needed 6748 is a switch based line card. It has limited qos features supported as compared to a routed platform such as ISR router. On 12 Oct 2014 10:45, Ahsan Rasheed ahsanrashe...@gmail.com wrote: Hi All, I am having issue specifically doing QOS configuration on 6503 or 6524 or 6509 switches. I am unable to match any EF(voice) traffic for eompls(vlan based) on 6503 cisco switch. If i use any other router as 2811 or 2821 my QOS configuration works perfect but if i put 6503 as PE2 it does not work.i am using vlan based eompls. Below is the scenario configuration which i am having issue. CE1(2821 router)(dot1Q)-PE1(2821 router)---P(6524 switch)PE2(6503 switch)---(dot1Q)(2821 switch)CE2. On CE1 i can match ip-precedence 5 traffic and mark that traffic to cos5 on outbound port.On PE1 i can match cos5 packet and mark with mpls exp top5 on inbound port, on outbound port i can match mpls exp 5. On PE2(6503) i am unable to match that mpls exp5 packet on inbound port. none of the configuration worked on 6500 series switches with mls qos, ,mls qos trust dscp,mls qos trust cos etc. Although i can match cos5 traffic on CE2 on inbound interface.i can not match mpls exp 5 traffic on 6503 and all i can see traffic as default-class on 6503 switch. I tried many things and many configurations on 6503 but nothing worked.If i put 2821 router as PE2 instead of 6503 my qos configuration works. but why if i put 6503 my same qos configuration does not work? ---match means=classification or classify Can anyone tell me how qos works on 6500 series switches or where i am having issue in my scenario. i am using this ios on 6503: s72033-advipservicesk9_wan-mz.122-33.SXI3.bin. below r my questions for 6503 qos: 1.do i need to use some other map tables,am i using correct map tables on 6503 as cos-dscp,dscp-cos,exp-dscp etc. 2.any other configuration of qos needed on 6503? 3.i am unable to match anything on outbound port of 6503. 4.on 6503 i am using sup720 and PFC3BXL.any specific configuration needed for PFC3bxl. 5. 6503 not allowing me to match qos-group on inbound interface, not allowing me to set cos5 on outbound interface. not allowing me to set cos5 as an inbound interface. CE1(2821) config: ! class-map match-any EF match ip precedence 5 class-map match-any data match ip precedence 3 ! ! policy-map ip2mpls class EF set cos 5 class data set cos 3 ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.455 encapsulation dot1Q 455 ip address 172.16.15.1 255.255.255.252 service-policy output EF ! PE1(2821) config: - - mls qos map cos-dscp 0 8 16 24 32 40 48 56 ! class-map match-all exp_3 match mpls experimental topmost 3 class-map match-all mpls_exp match mpls experimental topmost 5 class-map match-any cos3 match cos 3 class-map match-any LOO1 match cos 5 ! ! policy-map EF class LOO1 set mpls experimental imposition 5 class cos3 set mpls experimental imposition 3 policy-map QOS_G_5 class mpls_exp priority class exp_3 bandwidth 500 ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.23.2 255.255.255.0 ip ospf network point-to-point duplex auto speed auto mpls ip service-policy output QOS_G_5 ! interface FastEthernet0/1.455 encapsulation dot1Q 455 xconnect 5.5.5.5 455 encapsulation mpls service-policy input EF ! --- --- PE2(6503 qos): R1#show module Mod Ports
[c-nsp] Fwd: Eompls qos help needed with l3(6503) switch
Hi All members, Any one worked on 6500 layer 3 qos. Is there anything i need to use on 6500. I am using ethernet over mpls(eompls). i am using 6500 as PE2. i am unable to see any matching or marking on PE2 in 6500 but i can see matching marking on all routers 2811 and 2821 on CE1,PE1, P and CE2. I am using mls qos globally on PE2(6500) and on interfaces mls qost trust cos but still unable to see any matching and marking on PE2. for PE2 configs kindly see my previous post. Any configuration more needed on 6500 qos. PE2 CONFIG:(6503) class-map match-all EXP_5 match mpls experimental topmost 5 class-map match-all QOS_GROUP_5 match qos-group 5 ! policy-map mpls2ip class QOS_GROUP_5 policy-map IN_FROM_R3 class EXP_5 ! interface GigabitEthernet0/0 description to-P mtu 1546 ip address 192.168.34.5 255.255.255.0 ip ospf network point-to-point duplex auto speed auto mpls ip mls qos trust cos service-policy input IN_FROM_R3 ! interface GigabitEthernet0/1.50 encapsulation dot1Q 50 mls qos trust cos xconnect 3.3.3.3 50 encapsulation mpls service-policy output mpls2ip ! --- Thanks Regards, Ahsan Rasheed -- Forwarded message -- From: Ahsan Rasheed ahsanrashe...@gmail.com Date: Fri, Mar 14, 2014 at 12:42 PM Subject: Eompls qos help needed with l3(6503) switch To: cisco-nsp@puck.nether.net Hi All Members, I am having problem in applying the qos in ethernet over mpls(EOMPLS). CE1(2811 router)---PE1(2811 router)---P(3750 switch)-PE2(2811 cisco router)CE2(2811 cisco router) If i am using the above senario on eompls qos. i can mark and match all cos5 and exp5 on all ce1,pe1,pe2 and ce2. all things worked fine. CE1(2811 router)---PE1(2811 router)---P(3750 switch)-PE2(6523 or 7203 L3 switch)CE2(2811 cisco router) when i am using (cisco 6523 or 6503 or 7203 l3 switch) as PE2 instead of 2811, problems started here. i didn't see any markings or matching of qos on 6503 l3 switch. Is there anything i am missing on l3 switch for qos. I will really thankful for suggestions solutions on this issue. I have also enabled mls qos globally on l3 6503 switch as PE2. i have checked with mls qos trust cos on incoming interface on 6503 switch but nothing changes. Any more configuration needed on l3switch. why its not matching and marking. Below are the configs and output with the first scenario. CE1 CONFIG: class-map match-any EF match ip precedence 5 ! ! policy-map foo class EF set cos 5 ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/1 mtu 1546 no ip address duplex auto speed auto ! interface FastEthernet0/1.50 encapsulation dot1Q 50 ip address 172.16.15.1 255.255.255.0 service-policy output foo ! PE1 CONFIG: class-map match-all QOS_G_5 match qos-group 5 class-map match-any LOO1 match cos 5 ! ! policy-map EF class LOO1 set qos-group 5 policy-map QOS_G_5 class QOS_G_5 set mpls experimental topmost 5 ! interface GigabitEthernet0/0 description to-P mtu 1546 ip address 192.168.23.2 255.255.255.0 ip ospf network point-to-point duplex auto speed auto mpls ip service-policy output QOS_G_5 ! interface GigabitEthernet0/1.50 encapsulation dot1Q 50 xconnect 67.217.136.1 50 encapsulation mpls service-policy input EF ! On P(3750): no qos configuration used. PE2 CONFIG:(6503) class-map match-all EXP_5 match mpls experimental topmost 5 class-map match-all QOS_GROUP_5 match qos-group 5 ! policy-map mpls2ip class QOS_GROUP_5 policy-map IN_FROM_R3 class EXP_5 ! interface GigabitEthernet0/0 description to-P mtu 1546 ip address 192.168.34.5 255.255.255.0 ip ospf network point-to-point duplex auto speed auto mpls ip service-policy input IN_FROM_R3 ! interface GigabitEthernet0/1.50 encapsulation dot1Q 50 xconnect 3.3.3.3 50 encapsulation mpls service-policy output mpls2ip ! --- CE2 config: ! class-map match-all cos5 match cos 5 ! policy-map foo class cos5 ! interface FastEthernet0/1.50 encapsulation dot1Q 50 ip address 172.16.15.2 255.255.255.0 service-policy input foo ! -- -- -- OUTPUT : PE1#show mpls l2transport vc Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Gi0/1.50 Eth VLAN 505.5.5.5 50 UP PE2#show mpls l2transport vc Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Gi0/1.50 Eth
[c-nsp] Eompls qos help needed with l3(6503) switch
marked 5 Class-map: class-default (match-any) 5 packets, 536 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any PE1# --- PE2#show policy-map interface GigabitEthernet0/0 Service-policy input: IN_FROM_R3 Class-map: EXP_5 (match-all) 5 packets, 680 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: mpls experimental topmost 5 QoS Set qos-group 5 Packets marked 5 Class-map: class-default (match-any) 148 packets, 11762 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any GigabitEthernet0/1.50 Service-policy output: mpls2ip Class-map: QOS_GROUP_5 (match-all) 5 packets, 202630 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: qos-group 5 -- CE2#show policy-map interface FastEthernet0/1.50 Service-policy input: foo Class-map: cos5 (match-all) 5 packets, 590 bytes 5 minute offered rate 0 bps Match: cos 5 Class-map: class-default (match-any) 4 packets, 472 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any CE2# --- PE2 output with 6503(no matching) Service-policy input: IN_FROM_R3 Class-map: EXP_5 (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: mpls experimental topmost 5 QoS Set qos-group 5 Packets marked 0 Class-map: class-default (match-any) 148 packets, 11762 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any GigabitEthernet0/1.50 Service-policy output: mpls2ip Class-map: QOS_GROUP_5 (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: qos-group 5 --- --- Thanks Regards, Ahsan Rasheed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
