help please.

any interface i put the queue on blocks all traffic

Hello Ali,

Can you share the configuration  ( Entire.. You can change username and IP's for security purposes) you are using please?

Regards

Any Update on this Case i ran into the same issue ?

Hello,

This in my config :        

ASA Version 8.4(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0

shutdown

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface GigabitEthernet1

shutdown

nameif outside

security-level 0

ip address 10.0.1.1 255.255.255.0

!

interface GigabitEthernet2

shutdown

nameif management

security-level 0

ip address 10.0.2.1 255.255.255.0

!

interface GigabitEthernet3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet5

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

router rip

network 10.0.0.0

passive-interface management

version 2

no auto-summary

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 10.0.2.2 255.255.255.255 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

management-access inside

priority-queue outside

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15

!

       class-map inspection_default

           match default-inspection-traffic

class-map VOIP-TRAFFIC

   match dscp ef

!

!

       policy-map global_policy

         class inspection_default

           inspect icmp

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

  priority

policy-map QOS-TRAFFIC-OUT

class class-default

  shape average 1000000

  service-policy PRIORITY-POLICY

!

        service-policy global_policy global

service-policy QOS-TRAFFIC-OUT interface outside

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

crashinfo save disable

Hello Ali,

All the interfaces are shutdown!

Have you done this???

Let me know, do No shut on each of them and try!

Julio

No they are not shutdown for sure

Bcz when i remove the priority queue the pings work

This was the config tht i had saved on the disk

But the actual one has no shutdown on the interfaces

Hello Ali,

Okay, So its the same config with the only difference being the shutdown command... Right?

I want to see the configuration with the priority queue configuration

Regards,

yes the same one.

this config has the priority queue in it.

class-map VOIP-TRAFFIC

   match dscp ef

!

policy-map PRIORITY-POLICY

class VOIP-TRAFFIC

  priority

policy-map QOS-TRAFFIC-OUT

class class-default

  shape average 1000000

  service-policy PRIORITY-POLICY

!

service-policy QOS-TRAFFIC-OUT interface outside

priority-queue outside

Please share the following:

Show service-policy QOS-TRAFFIC-OUT

Show priority-queue statistics outside

Do you have any logs of the ASA while the issue happens?

sorry for the late reply, but i got to work.

thank you btw for the help and time.           

Show service-policy QOS-TRAFFIC-OUT

Interface outside:

  Service-policy: QOS-TRAFFIC-OUT

    Class-map: class-default

      shape (average) cir 1000000, bc 4000

      (pkts output/bytes output) 30/2700

      (total drops/no-buffer drops) 0/0

      Service-policy: PRIORITY-POLICY

        Class-map: VOIP-TRAFFIC

          priority

          Queueing

          queue limit 64 packets

          (queue depth/total drops/no-buffer drops) 0/0/0

          (pkts output/bytes output) 0/0

        Class-map: class-default

          Default Queueing

          queue limit 64 packets

          (queue depth/total drops/no-buffer drops) 0/0/0

          (pkts output/bytes output) 30/2700

Show priority-queue statistics outside

Priority-Queue Statistics interface outside

Queue Type         = BE

Tail Drops         = 0

Reset Drops        = 0

Packets Transmit   = 0

Packets Enqueued   = 9

Current Q Length   = 9

Max Q Length       = 9

Queue Type         = LLQ

Tail Drops         = 0

Reset Drops        = 0

Packets Transmit   = 0

Packets Enqueued   = 0

Current Q Length   = 0

Max Q Length       = 0

ciscoasa(config-priority-queue)#

Hello Ali,

No drops hmm,, Can you share the logs the ASA shows while the issue is happening?

Hello,

This was when the issue is happening, these recorded packets are actually the pings i sent.

the pings dont go through but no dropped packets are recorded. thats why im baffled.

Again....

Do you have any logs???????????