cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2299
Views
0
Helpful
8
Replies

ASA 5510 - Priority-queue

marcusauman
Level 1
Level 1

Hey guys I have a couple questions -

I have two ASAs 5510 running failover (active/passive) and I want to configure priority-queue on the outside interface and when ever I try to configure it rejects my command. If I do a priority-queue ? it says available interfaces and none are listed. Any ideas??

Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(5)

Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"

UMTMFW01 up 11 days 18 hours
failover cluster up 11 days 18 hours

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is c47d.4f3b.7d94, irq 9
1: Ext: Ethernet0/1         : address is c47d.4f3b.7d95, irq 9
2: Ext: Ethernet0/2         : address is c47d.4f3b.7d96, irq 9
3: Ext: Ethernet0/3         : address is c47d.4f3b.7d97, irq 9
4: Ext: Management0/0       : address is c47d.4f3b.7d98, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100      
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 2        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 250      
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.

8 Replies 8

Scott Nishimura
Cisco Employee
Cisco Employee

hello..

So when you configure up the priority queueing, and you run the following command:

hostname(config)# priority-queue interface_name


You are saying that no interfaces are available to do this?  one of the requirements is that it is applied to the physical interface.  Can you try it and then send the results of the above command with the particular interface you are using.

you can also send:

show run interface X   (x being the interface)

be sure to remove the ip info if you dont want that shown.

regards,

scott

Thats correct it show no available interface to apply this command to. I even try entering the name of the interface even though it isnt listed and it still rejects my command.

UMTMFW01(config-if)# priority-queue ?

configure mode commands/options:
Current available interface(s):

UMTMFW01(config)# priority-queue ?

configure mode commands/options:
Current available interface(s):

interface Ethernet0/3
  no nameif
no security-level
no ip address
!
interface Ethernet0/3.139
description Outside Time Warner - Backup
vlan 139
nameif OUTSIDE-BAC
security-level 0
ip address x.x.x.x x.x.x.x standby x.x.x.x!
interface Ethernet0/3.226
description Outside Fiber Network - Primary
vlan 226    
nameif OUTSIDE-PRI
security-level 0
ip address x.x.x.x x.x.x.x standby x.x.x.x

The priority queue should first be set up in the global config, so the second attempt below is the correct one.   I do have a question, are you running in multi context mode?  if so, then that explains it as it will only be allowed in single mode.  Let me know.

thanks,

scott

What do you mean by multi context mode?

This is an overview of the multi-context mode:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146658

If you are running with multi-context mode enabled, then you would have 2 contexts and you would not be able to do QOS since it doesnt function in multiple mode.

thanks,

scott

Thanks for the help Scott.

Here is the show mode

UMTMFW01# show mode
Security context mode: single

Any other ideas???

Thanks..  i would suggest opening a case with tac on this.  We will need to do further troubleshooting with you and look at the box in more detail to see what is exactly happening.

best regards,

scott

Ok thanks Scott.

Review Cisco Networking for a $25 gift card