I have noticed on my 20 site DMVPN network that traffic shapping is not working correctly.  I am using a broadband provider and have several sites on a 50 Mbps down / 10 Mbps up Link, including the Hub site. The problem that I see is when one of my hosts aretransmitting a huge amount of data (over 10 Meg stream, typically a backup running on a remote file server), is that I am loosing EIGRP neighbor relationships. The remote router will recieve the DUAL msg "Peer goodbye received" which tells me that the HUB did not see 3 Hello packets in a row. The statistics from a Show Service Policy on the Outside Physical interface show everything is normal, packets with EF, CS6, etc are not being dropped and packets in the default class are being dropped. I am traffic shaping 'average' down to 10 meg and applying the service policy on the outside Interface. I have setup a test lab, (2) 2811 routers back to back, running c2800nm-advipservicesk9-mz.124-24.T.bin (same IOS ver on all my routers). If I turn off the DMVPN, shut down the tunnel int, turn on eigrp for my "Wan" subnet, traffic shape policy is set to 2Mbps, everything works when I flood the router with packets generated by Solarwinds WAN Killer which is sending udp packets 1000 bytes @ average of 15Mbps.  Then I turn on the DMVPN, remove the WAN subnet from EIGRP, enable the tunnel interfaces, I loose EIGRP neighbor relationships quite frequently. The only option to stop this behavior is to configure "rate-limit output dscp 0 1800000 17912 17912 conform-action transmit exceed-action drop". I choose 90% of my traffic shaped bandwidth and this is working pretty good. Other than this issue, the DMVPN is working great. I have attached a config from my benchtest and some show commands. On my "live" DMVPN Network, I have 2 DMVPN hub sites, I am not loosing EIGRP Neighbor Relationships with my 2nd Hub site, the file server backups are running to my 1st Hub site. ... View more

The Campus Manager User Tracking Report has the dot1xEnabled field that is always false. It was my understanding that the switch will send SNMP Trap Notifications to Cisco Works regarding the status of 802.1x authentication per port. We have configured per port: snmp trap mac-notification added snmp trap mac-notification removed and globally snmp-server host x.x.x.x  abababa udp-port 1431 MAC-Notification With no success, so we opened a TAC case, 614376387 and we were told by TAC and the Development Engineers that this "feature" does not work in LMS 3.2 and Campus Manager 5.2.1 and that this feature will be available in the next new release. I thought I had read on this forum that some folks have this 'feature' working, where this field shows the current status of 802.1x per access port. Has anyone been able to get this 'feature' to work?  And if so, what versions are you running and what were the 'tricks' to get it working? Much appreciated. ... View more

Due to New Corporate Security Policies, only 2 servers can access the routers and switches via SSH2 and Telnet. The Server that Cisco Works is running on, now can only access the routers and switches via SNMP v2 only. Network Devices are syslog'ing  to Cisco Works, but not SNMP Trap'ing to Cisco Works. No TFTP from/to Cisco Works I am trying to come up with a list of items that are useless now in  Cisco Works: No SSH/Telnet access to Routers/Switches   1)  no Configuration Version'ing - Running config to Startup config or to various versions.   2)  no Copying of the VLAN.dat file for backup, uses TFTP   3)  no Copying of the IOS from flash for backup, uses TFTP No SNMP Traps to Cisco Works   1)  disables notifications to Cisco Works when a configuration change has been made, causing the new config to be archived promptly instead of waiting           on the collection job to run.   2)  Renders the User Tracking Tool basically useless,  could track dot1X switch ports status and other info. SNMP only access from Routers/Switches   1)  can modify Router/Switch Configs from Cisco Works   2)  Archive of Router/Switch Configs to Cisco Works. This is what I came up with so far, if anyone can add to the list, I would appreciate it. Charlie ... View more