07-10-2012 07:43 PM - edited 03-11-2019 04:29 PM
Tried setting up a Shape Policy and it states its invalid. Worked fine on my 5520, just curious if anyone else might know why its coming as invalid now
ciscoasa(config-pmap-c)# shape
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config-pmap-c)# shape ?
ERROR: % Unrecognized command
07-10-2012 11:34 PM
Are you in the class-default while you try to apply shaping? It's only supported in that class.
Sent from Cisco Technical Support iPad App
07-11-2012 04:18 AM
100% sure, this is on asa 8.6.1
ciscoasa(config)# policy-map shaper
ciscoasa(config-pmap)# policy-map shaper
ciscoasa(config-pmap)# class class-default
ciscoasa(config-pmap-c)# ?
MPF policy-map class configuration commands:
exit Exit from MPF class action configuration mode
help Help for MPF policy-map class/match submode commands
no Negate or set default values of a command
police Rate limit traffic for this class
priority Strict scheduling priority for this class
quit Exit from MPF class action configuration mode
set Set connection values
user-statistics configure user statistics for identity firewall
csc Content Security and Control service module
flow-export Configure filters for NetFlow events
inspect Protocol inspection services
ips Intrusion prevention services
ciscoasa(config-pmap-c)# shape average ?
ERROR: % Unrecognized command
ciscoasa(config-pmap-c)# shape average
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config-pmap-c)#
The downfall here for me is that I need to use shape for outgoing traffic and limit it, the connect speed with the fiber box is 100Mbit, police polocy doesnt work, using police people downloading off the FTP server get under 1KB per second (Acts like a duplex issue), using shaper always made it work perfect by limiting the upload to 60MBit
07-11-2012 06:18 AM
Strange, the shaper is documented not to work on the ASA 5580, but you probably have one of the newer ASA 5500-X. I'm not aware of any more restrictions there. Perhaps someone at Cisco can take over ...
03-11-2015 05:50 AM
I switched over and have Edge Routers that take care of everything now so the command isn't relevant. However on remote sites, having a firewall that I can shape traffic with will be missed, police is just not that great imo, I notice on heavy traffic that things like Telepresence calls will stutter and flicker, using QoS policies I can improve it, but with half a days effort I took care of with the shape command in 5 minutes :P
07-22-2012 09:22 PM
Hi Bro
Based on the Cisco's Configuration Guide, this should work. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_qos.html#wp1112081
By any chance, is your Cisco ASA FW running in multiple context mode or transparent firewall mode?
09-18-2012 07:44 AM
Same problem here.
I use an ASA 5545, routed and single context mode.
According to documentation that feature should be supported.
I follow the documentation (use class-default) and i cannot define a shaping policy.
Is it a bug ? Does a software upgrade is needed to fix the problem ? I actually use :
asamaster# show version
Cisco Adaptive Security Appliance Software Version 8.6(1)2
Device Manager Version 6.6(1)
Compiled on Fri 01-Jun-12 02:16 by builders
System image file is "disk0:/asa861-2-smp-k8.bin"
Any help would be very appreciated
09-27-2012 09:53 PM
I am actually having the same issue with my ASA 5515X. The shape command just seems to be missing. Has anyone contacted Cisco yet about this issue?
Cisco Adaptive Security Appliance Software Version 8.6(1)
Device Manager Version 6.6(1)
Compiled on Fri 18-Nov-11 21:21 by builders
System image file is "disk0:/asa861-smp-k8.bin"
09-28-2012 04:35 AM
Theres a bug opened on it, just waiting for a reply. I currently use the Police Method as a work around
10-15-2012 04:02 PM
Same problem with ASA5515 running 8.6.1. Command appears not present. Ethan, what did Cisco suggest to workaround/solve the issue? Thanks.
12-11-2012 04:54 AM
Nothing, your left using the Police Command, however in my case I setup a router to do outbound Shaping.
12-05-2012 06:11 PM
Parece que es un bug de la version 8.6.1 actualizar a la version 9.
Cisco Adaptive Security Appliance Software Version 9.0(1)
FW-5510(config)# policy-map shape
FW-5510(config-pmap)# class class-default
FW-5510(config-pmap-c)# ?
MPF policy-map class configuration commands:
exit Exit from MPF class action configuration mode
help Help for MPF policy-map class/match submode commands
no Negate or set default values of a command
police Rate limit traffic for this class
priority Strict scheduling priority for this class
quit Exit from MPF class action configuration mode
service-policy Configure QoS Service Policy
set Set connection values
shape Traffic Shaping
user-statistics configure user statistics for identity firewall
csc Content Security and Control service module
flow-export Configure filters for NetFlow events
inspect Protocol inspection services
ips Intrusion prevention services
FW-5510(config-pmap-c)#
FW-5510(config-pmap-c)# shape average ?
mpf-policy-map-class mode commands/options:
<64000-154400000> Target Bit Rate (bits per second), the value needs to be
multiple of 8000
FW-5510(config-pmap-c)# shape average
12-11-2012 04:55 AM
I already know how to setup a shape command, problem is on the newer -X firewalls the commands isnt present for some reason, on my 5510 and 5520 its there
07-19-2013 08:50 AM
Shaping is not supported on newer X ASAs. We need to know if this is going to be on the roadmap. Shaping is pretty vital.
08-30-2013 07:47 AM
I'm running into the same issue on the newer ASAs. Not sure why the shaping command is missing or removed, but it needs to be available, especially for sub-rate ethernet connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide