Re: ASA 5510 - Priority-queue

marcusauman · ‎11-04-2010

Hey guys I have a couple questions -

I have two ASAs 5510 running failover (active/passive) and I want to configure priority-queue on the outside interface and when ever I try to configure it rejects my command. If I do a priority-queue ? it says available interfaces and none are listed. Any ideas??

Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(5)

Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"

UMTMFW01 up 11 days 18 hours
failover cluster up 11 days 18 hours

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is c47d.4f3b.7d94, irq 9
1: Ext: Ethernet0/1         : address is c47d.4f3b.7d95, irq 9
2: Ext: Ethernet0/2         : address is c47d.4f3b.7d96, irq 9
3: Ext: Ethernet0/3         : address is c47d.4f3b.7d97, irq 9
4: Ext: Management0/0       : address is c47d.4f3b.7d98, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.

Scott Nishimura · ‎11-04-2010

hello..

So when you configure up the priority queueing, and you run the following command:

hostname(config)# priority-queue interface_name

You are saying that no interfaces are available to do this? one of the requirements is that it is applied to the physical interface. Can you try it and then send the results of the above command with the particular interface you are using.

you can also send:

show run interface X (x being the interface)

be sure to remove the ip info if you dont want that shown.

regards,

scott

marcusauman · ‎11-05-2010

Thats correct it show no available interface to apply this command to. I even try entering the name of the interface even though it isnt listed and it still rejects my command.

UMTMFW01(config-if)# priority-queue ?

configure mode commands/options:
Current available interface(s):

UMTMFW01(config)# priority-queue ?

configure mode commands/options:
Current available interface(s):

interface Ethernet0/3
no nameif
no security-level
no ip address
!
interface Ethernet0/3.139
description Outside Time Warner - Backup
vlan 139
nameif OUTSIDE-BAC
security-level 0
ip address x.x.x.x x.x.x.x standby x.x.x.x!
interface Ethernet0/3.226
description Outside Fiber Network - Primary
vlan 226
nameif OUTSIDE-PRI
security-level 0
ip address x.x.x.x x.x.x.x standby x.x.x.x

Scott Nishimura · ‎11-05-2010

The priority queue should first be set up in the global config, so the second attempt below is the correct one. I do have a question, are you running in multi context mode? if so, then that explains it as it will only be allowed in single mode. Let me know.

thanks,

scott

marcusauman · ‎11-05-2010

What do you mean by multi context mode?

Scott Nishimura · ‎11-05-2010

This is an overview of the multi-context mode:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146658

If you are running with multi-context mode enabled, then you would have 2 contexts and you would not be able to do QOS since it doesnt function in multiple mode.

thanks,

scott

marcusauman · ‎11-05-2010

Thanks for the help Scott.

Here is the show mode

UMTMFW01# show mode
Security context mode: single

Any other ideas???

Scott Nishimura · ‎11-05-2010

Thanks.. i would suggest opening a case with tac on this. We will need to do further troubleshooting with you and look at the box in more detail to see what is exactly happening.

best regards,

scott

marcusauman · ‎11-05-2010

Ok thanks Scott.