About 0115aaaaa

0115aaaaa · 01-03-2015

I'm using C3850, and want to set dscp AF21 for the first 100 mbps of input traffic on a L3 port ("no switchport"), and set AF11 for the remainder (any traffic >100mbps). I am not trusting DSCP of ingress packets, but generally they are dscp 0.I see ...

0115aaaaa · 01-03-2015

can "set qos-group" be used for this? table-map set-af21 default 18table-map set-af11 default 10 policy-map myMap class class-default police 100m exceed-action set-dscp-transmit dscp table set-af11 set qos-group dscp table set-af21!interface gi1/...

0115aaaaa · 01-03-2015

Ken writes "the remote router can be accessed from the internal network via a VPN". We can't tell if the VPN terminates "outisde" this LAN we're talking about re-IP'ing, or "inside." I'd go with the more cautious approach of adding a secondary IP o...

0115aaaaa · 01-03-2015

Here is one completely different approach: you can dedicate one port of every access switch as span target, and connect all those span-target cables to a dedicated "sniffer" switch (this could be a cheap 3500xl-en you have propping a door open, or a...

0115aaaaa · 01-03-2015

Looking at my answer, there may be a few cases where an application uses multiple udp or tcp flows as part of a single transaction, and the remote server expects them all to arrive from the same sourceIP. These are pretty rare, and NAT-unfriendly to...

0115aaaaa · 01-03-2015

You could create two IPSLA tracked objects, one for each ISP; then add one static 0/0 route to ISP A, dependent on A's tracked object; and similar for B. Outbound traffic should balance as well as simple flow-hashing can balance. Then you don't ne...

Member Since	‎01-03-2015 11:23 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	6

User Statistics

User Activity

set default dscp on ingress, while doing policer markdown

can "set qos-group" be used

Ken writes "the remote router

Here is one completely

Looking at my answer, there

You could create two IPSLA