Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About AlexanderVotteler
Stats
Member since
11-14-2019
7
Posts
0
Helpful
0
Solutions
11-22-2019
10:46 AM
Downgrading doesn't help as well. The command stays unavailable. I do not think this is a supported command since the configuration guide you mentioned does only say adventerprise, advipservices and ipbase license levels can be activated.
... View more
11-15-2019
12:35 PM
I just did some more testing. Using iperf3 a single connection cannot reach more than 1.5 Gbit/s while ZBF is turned on. However, I can start 3 sessions and each of the go above 1 Gbit. It seems single connections are limited, is there a workaround for this issue?
... View more
11-15-2019
05:30 AM
The command license boot level firewall is not available on my machine. Does Smart licensing imply I won't be able to activate this license unless activating smart licensing? Should I downgrade to 16.6.X allow activating without smart licensing? Thanks for your help!
... View more
11-15-2019
12:14 AM
Yes, it is version 16.9.4. I have attached the output of "sh license feature".
... View more
11-14-2019
02:03 PM
I am running asr1001x-universalk9.16.09.04.SPA.bin. I have AES, 20GE throughput, and 10GE port licenses activated.
... View more
11-14-2019
01:10 PM
I configured the zone based firewall and the rules seem to work fine. However, the speeds are really bad. Even when just using pass actions it only reaches 1.5 Gbit/s (with the firewall turned off it reaches 9-10 Gbit/s). This even happens with very minimal ZBF config. There is an VM-Host connected to the first 10GE interface, the VMs reach 10 Gbit/s when using iperf without ZBF active, after enabling they slow down. class-map type inspect match-any cmap--test
match protocol tcp
match protocol udp
!
policy-map type inspect pmap--test
class type inspect cmap--test
inspect
class class-default
drop
!
zone security test-in
zone security test-out
zone-pair security in-to-out source test-in destination test-out
service-policy type inspect pmap--test
!
interface TenGigabitEthernet0/0/0.1
encapsulation dot1Q 1000
ip address 192.168.1.1 255.255.255.192
zone-member security test-in
!
interface TenGigabitEthernet0/0/0.2
encapsulation dot1Q 2000
ip address 192.168.0.1 255.255.255.0
zone-member security test-out Is there any way to improve ZBF performance?
... View more
Labels:
11-22-2019
Downgrading doesn't help as well. The command stays unavailable.I do not
think this is a supported c...
11-15-2019
I just did some more testing. Using iperf3 a single connection cannot
reach more than 1.5 Gbit/s whi...
11-15-2019
The commandlicense boot level firewall is not available on my machine.
Does Smart licensing imply I ...
11-14-2019
I am running asr1001x-universalk9.16.09.04.SPA.bin.I have AES, 20GE
throughput, and 10GE port licens...
Public Statistics
| Date Registered | 11-14-2019 01:06 PM |
| Date Last Visited | 12-03-2019 06:38 AM |
| Total Messages Posted | 7 |
