The counters are showing the amount of bytes dropped not packets.
Below is the bug id.
From TAC "Here is the bug id that states the output drops counters are in bytes: CSCuu56537."
bytes dropped \ bytes out * 100= percentage of drops.
... View more
I have the commands you mentioned in place and all is good for all non FEX ports.
The FEX trunk itself shows Jumbo frames are enabled BUT I can't
policy-map type network-qos jumbo class type network-qos class-default mtu 9216
system qos service-policy type network-qos jumbo policy-map type control-plane copp-system-policy-customized copp profile strict
We are running NX-OS with a pair of 93180LC at our core and 2 pair of 93180YC at our Access layer. The YC's connect to 2248 FEX pairs with MTU set to 9216 on the FEX port-channels.
When I try to create a Jumbo enable port-channels on FEX port connected devices I get no love. Is there a limitation to enabling Jumbo frames on FEX connected devices?
The PO interface shows 9216 but the vpc consistency-parameters interface port-channel121 command is still showing MTU 1500.
Seems similar to this 7k bug
interface port-channel121 description SUNVM2-NAS switchport switchport mode trunk switchport trunk native vlan 4 switchport trunk allowed vlan 4 flowcontrol send on mtu 9216 vpc 121
DF-RW1-C93180Y-DSwc-A1(config-if)# channel-group 121 force mode passive command failed: port not compatible:[MTU] ** You can use force option to override the port's parameters ** (e.g. "channel-group X force") ** Use "show port-channel compatibility-parameters" to get more information on failure
DF-RW1-C93180Y-DSwc-A1(config-if)# 2018 Apr 3 21:33:55 DF-RW1-C93180Y-DSwc-A1 last message repeated 1 time
DF-RW1-C93180Y-DSwc-A1(config-if)# sh run interface Ethernet113/1/30
!Command: show running-config interface Ethernet113/1/30 !Time: Tue Apr 3 21:34:08 2018
interface Ethernet113/1/30 description SUNVM2-NAS switchport mode trunk switchport trunk native vlan 4 switchport trunk allowed vlan 4
... View more
We are looking to upgrade from a NEXUS 5548UP pair and 2 pair of 2248 FEX's. I have kept aside 6 pair of 10G ports to connect to our new switch infrastructure.
We really like the NEXUS 93180LC-EX pair running NX-OS as a new core with 93180YC-EX and 93180TC-EX pairs for access.
Can anyone help in suggesting how to calculate the necessary uplink speeds we will need?
Does the 5548 have any commands I can run to calculate uplink stats since Netflow isn't an option.
I want to just go with 100G uplinks and not even use 40G but I'm being challenged to prove I need the uplink speed.
We do monitor the NEXUS 5548 in SolarWinds NPM. I can get some stats on an interface by interface level.
Just looking to see if there may be a better way.
... View more
All members in the stack have the same up time.
Can you try running the command "dir flashX:crashinfo_ext" where "X" is the stack member number?
I have a strange feeling this stack not crashed and this is a power issue.
... View more
Sorry for the delay in my response.
We have a HUB and Spoke with multiple MPLS carriers and several MOE spoke sites.
Each of our MOE and MPLS carrier networks are full mesh.(See attached)
Individual MPLS networks aggregate could overrun our HUB. (See attached)
Here is our Egress QOS policy at a sample spoke site.
The Centurylink MPLS and MOE operate differently. The MPLS has 4 queues as does the MOE but with the MOE the P1 queue bandwidth is purchased in 5Mb increments the remaining are shaped. We then share the remaining BW P2 40% P3 20% P4 40%
The MPLS is also 4 shaped queues P1 40%, P2 20%, P3 20%, P4 20%. All queues can borrow from other queues if there is BW available from my understanding.
---------------------- MOE QOS ----------------------------------- class-map match-any Priority_1_QMOE match ip dscp cs5 ef match access-group name qos-priority1 class-map match-any Priority_2_QMOE match ip dscp cs4 af41 af42 af43 cs6 cs7 match access-group name qos-priority2 class-map match-any Priority_3_QMOE match ip dscp cs3 af31 af32 af33 match access-group name qos-priority3
policy-map OUTBOUND_QMOE class Priority_1_QMOE set ip dscp ef priority 5000 class Priority_2_QMOE set ip dscp cs4 bandwidth remaining percent 40 class Priority_3_QMOE set ip dscp cs3 bandwidth remaining percent 20 class class-default set ip dscp default bandwidth remaining percent 40 policy-map 20M_QMOE class class-default shape average 18000000 service-policy OUTBOUND_QMOE
interface FastEthernet0/1 description 20M_QMOE ip address 172.19.10.10 255.255.255.0 service-policy output 20M_QMOE
------------------ MPLS QOS ---------------------
class-map match-any Priority_1_MPLS match ip dscp cs5 ef match access-group name qos-priority1 class-map match-any Priority_2_MPLS match ip dscp cs4 af41 af42 af43 match access-group name qos-priority2 class-map match-any Priority_3_MPLS match ip dscp cs3 af31 af32 af33 cs6 cs7 match access-group name qos-priority3 ! ! policy-map OUTBOUND_MPLS class Priority_1_MPLS priority percent 20 set dscp ef class Priority_2_MPLS bandwidth percent 20 set dscp cs4 class Priority_3_MPLS bandwidth percent 20 set dscp cs3 class class-default bandwidth percent 40 policy-map 1.5M_MPLS class class-default shape average 1350000 service-policy OUTBOUND_MPLS
interface Serial0/0/0:0 description Century Link MPLS Circuit DS1IT ip address x.x.x.x 255.255.255.252 service-policy output 1.5M_MPLS
----------------- Shared QOS Access list ------------------------- ip access-list extended qos-priority1 remark ShoreTel call control permit udp any any range 5440 5448 permit udp any any eq 2427 permit udp any any eq 2727 permit udp any any eq sunrpc permit tcp any any eq sunrpc permit tcp any any eq 5440 permit tcp any any eq 31453 permit udp any any eq 31453 remark ShoreTel call controll permit ip host 192.168.1.221 any permit ip host 192.168.1.220 any permit ip any host 192.168.1.221 permit ip any host 192.168.1.220 ip access-list extended qos-priority2 permit tcp any any eq telnet ip access-list extended qos-priority3 remark Move VDI and SSH to dedicated priority queue permit tcp any any eq 22 permit ip host 192.168.10.68 any permit ip any host 192.168.10.68 permit tcp any any eq 4172 permit udp any any eq 4172 !
We will be using G.711.
... View more
I have a Cisco 3925 with C3900-SPE100/K9 version 15.2(4)M4 with an HWIC-2FE. I need the additional routed ports for foward facing redundant links. The HWIC shows up in inventory but it doesn't show up in the running config with any additional ethernet ports. Am I missing something? Below is the sh inv, sh ver and sh run. RLU-C3925-Rtr# sh inv NAME: "CISCO3925-CHASSIS", DESCR: "CISCO3925-CHASSIS" PID: CISCO3925-CHASSIS , VID: V02, SN: NAME: "Cisco Services Performance Engine 100 for Cisco 3900 ISR on Slot 0", DESCR: "Cisco Services Performance Engine 100 for Cisco 3900 ISR" PID: C3900-SPE100/K9 , VID: V06 , SN: NAME: "Two-Port Fast Ethernet High Speed WAN Interface Card on Slot 0 SubSlot 0", DESCR: "Two-Port Fast Ethernet High Speed WAN Interface Card" PID: HWIC-2FE , VID: V01 , SN: NAME: "1000BASE-LX SFP", DESCR: "1000BASE-LX SFP" PID: FTLF1318P3BTL-CSA , VID: A , SN: NAME: "1000BASE-LX SFP", DESCR: "1000BASE-LX SFP" PID: FTLF1318P3BTL-CSA , VID: A , SN: NAME: "C3900 AC Power Supply 1", DESCR: "C3900 AC Power Supply 1" PID: PWR-3900-AC , VID: V03, SN: RLU-C3925-Rtr# ------------------------------------------------------------------------------------ RLU-C3925-Rtr# sh ver Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Thu 20-Jun-13 13:50 by prod_rel_team ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1) ITL-RLU-C3925-Rtr uptime is 1 week, 5 days, 8 hours, 49 minutes System returned to ROM by reload at 03:16:15 PDT Wed Oct 15 2014 System image file is "flash0:c3900-universalk9-mz.SPA.152-4.M4.bin" Last reload type: Normal Reload Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to email@example.com. Cisco CISCO3925-CHASSIS (revision 1.0) with C3900-SPE100/K9 with 997376K/51200K bytes of memory. Processor board ID 3 Gigabit Ethernet interfaces 1 terminal line DRAM configuration is 72 bits wide with parity enabled. 255K bytes of non-volatile configuration memory. 250880K bytes of ATA System CompactFlash 0 (Read/Write) License Info: License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *0 C3900-SPE100/K9 Technology Package License Information for Module:'c3900' ----------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------ ipbase ipbasek9 Permanent ipbasek9 security None None None uc None None None data None None None Configuration register is 0x2102 --------------------------------------------------------------------------------- ITL-RLU-C3925-Rtr#sh run Building configuration... Current configuration : 7899 bytes ! ! Last configuration change at 11:51:18 PDT Mon Oct 27 2014 by liadmin version 15.2 no service pad service timestamps debug uptime service timestamps log datetime localtime service password-encryption service sequence-numbers ! hostname RLU-C3925-Rtr ! boot-start-marker boot-end-marker ! ! logging buffered informational enable secret 4 ! no aaa new-model clock timezone PST -8 0 clock summer-time PDT recurring ! ip cef ! ! ! ! ! ! no ip domain lookup ip domain name no ipv6 cef multilink bundle-name authenticated ! ! ! license udi pid C3900-SPE100/K9 sn ! ! ! ! ! ! ! interface Loopback0 description Mgmt address for 3925-Edge-Rtr ip address 172.16.98.50 255.255.255.255 no ip redirects no ip unreachables no ip proxy-arp ! interface Loopback1 description Loopback for OSPF area 0 ip address 172.16.98.51 255.255.255.255 no ip redirects no ip unreachables no ip proxy-arp ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description Connection to ITL LAN ip address 172.31.100.249 255.255.255.0 secondary ip address 172.31.100.250 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp duplex auto speed auto ! interface GigabitEthernet0/1 description Century Link MPLS SM-FIBER Circuit ip address n.n.n.n no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress load-interval 30 duplex auto speed auto ! interface GigabitEthernet0/2 description GCI MPLS Circuit bandwidth 1500 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress shutdown duplex full speed 100 ! ! router eigrp 100 network 172.16.98.50 0.0.0.0 network 172.31.100.0 0.0.0.255 redistribute bgp 65002 metric 1000 10 255 100 1500 ! router bgp 65002 bgp router-id 172.16.98.50 bgp log-neighbor-changes network 172.16.98.50 mask 255.255.255.255 network 172.31.100.0 mask 255.255.255.0 network n.n.n.n mask 255.255.255.248 timers bgp 15 45 redistribute eigrp 100 neighbor p.p.p.p remote-as 209 ! ip default-gateway 172.31.100.248 ip forward-protocol nd ! ip http server ip http secure-server ! ip route 0.0.0.0 0.0.0.0 172.31.100.248 ! control-plane ! ! banner login ^CCC ################################################################################ ## WARNING ## ################################################################################ Only authorized users are allowed to access this system. By logging in to this this system you acknowledge and agree that such access and use may be monitored. No one accessing or using the system can have any expectation whatsoever of privacy with regard to accessing or using the system. ################################################################################ ^C ! line con 0 login local line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 20000 1000 !
... View more
I have a pair of wireless links connecting two sites together. The wireless links are different speeds but I shut down the slower link due to a flapping interface on the wireless port. (The link is complaining that it can't get NTP to synk for some reason.) They are both currently in a port channel but I'm wondering if since the throughput is different (by a factor of 2.5) should I use the slower wireless link as a backup using IP SLA(Once I figure out the issue with NTP.)? Or shoud I continue to leave it in a port channel? Are there other options for me? I would unfortunatly need to upgrade my IOS from IPBase to IPServices to use IPSLA from what I understand.
... View more
Hello, you can use EIGRP if both lines have equal speed. I asume that you have 4 Routers, two on each side, with two serial T1s in between. 1.) Set the metric to ignore interface bandwidth. router eigrp 1 metric weights 0 0 0 1 0 0 Now, only interface delay is used for route calculation 2.) Set the delay on all LAN Ethernet Interfaces to 5 3.) Set the delay on the serial interfaces of the first T1 to 10 on both sides 4.) Set the delay on the serial interfaces of the second T1 to 15 on both sides. Now you have perfect Loadsharing. Bye Jo
... View more
I have worked with the winroute vendor and they have helped me fix the problem. We port mapped the following ports from the win2k router to 192.168.0.2: Listen port --- protocol --- dest IP ------ dest port NA--------------PPTP---------192.168.0.2-----NA 000-------------50-----------192.168.0.2-----0 500-------------UDP----------192.168.0.2-----500 24705-----------TCP----------192.168.0.2-----23 (This is so we can telnet to the cisco routers external interface in the event the tunnel is down.) we also needed a route statmenmt on the win2k sys route add -p 10.195.0.0 255.255.255.0 192.168.0.2 Those setting did in fact get my GRE tunnel up and functional. I hope this solution may help someone else out there.
... View more
Hi, I was also need to VPN to a remote site while maintaining internet access for the local network. Great example by the way! Let me see if I am correct in this hack of your example. I want to tunnel internal LAN 192.168.1.1. To remote IP xxx.225.137.113. From here xxx.11.70.9 My config: interface Tunnel70 ip address xx.11.70.9 255.255.255.248 tunnel source Ethernet0/0 tunnel destination 220.127.116.11 tunnel mode ipip ! ! interface Ethernet0/0 description Exodus LAN ip address 192.168.1.1 255.255.255.0 ! interface Serial0/0 description P2P E10 ip address xxx.11.70.9 255.255.255.248 service-module t1 clock source internal ! ip http server ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip route xxx.225.137.113 255.255.255.0 Tunnel70 TIA for any pointers... George
... View more
I'm using a cisco 2600 as the VPN gateway. I have 15 IPIP (GRE) tunnels to various locations. (Guam, Fiji, Curacao, Samoa, USVI and some domestic) The remote sites are either 1600 or 2600 routers. These remotes have several different types of connectivity. (WDSL, ADSL, SDSL, FRAME, 56k PPP) All sites are over the internet. I am also doing some VOIP through the tunnels as well. I haven't noticed any performance issues as of yet. All remotes support 4to6 terminals and 2to3 print servers (HP Jetdirect). On the ethernet side of the remotes I use private addressing and I use NAT for internet access. I hope this helps
... View more
Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, its often difficult to do so for this type of issue. To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen If anyone else in the forum has some advice, please reply to this thread. Thank you for posting.
... View more