[nsp] 4. Rate-limit on 3550 (Prit)

Martin Wills MWills at cxtec.com
Tue Jul 20 14:17:15 EDT 2004


 
Greetings,

Rate limiting on the 3550 can be done by using QoS features.  It's done by
classifying the traffic, defining a policy then applying the policy to a PHY
interface.  Thank you Cisco for the Cisco Modular Quality of Service Command
Line Interface.

Here's some great URLs that I'm sure you will find to be useful...

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/moqcs_wp.htm
Cisco Modular Quality of Service Command Line Interface 

http://www.cisco.com/en/US/partner/tech/tk389/tk813/technologies_tech_note09
186a00801558cb.shtml
QoS Scheduling and Queueing on the Catalyst 3550 Switches

As of recently- I have been fortunate enough to have done some QoS
deployments.  Most notably, I did a QoS config. for a bank that was running
VoIP @ (7)x locations (they so happened to be using 3550's).  I would be
way-willing to work with you to do this configuration.  My services would be
absolutely FREE (I have a great deal of skill & technical expertise that I
don't get to exercise enough).  In fact- I am taking the Cisco QoS exam this
week..or early next week.   My signature below looks ridiculous & I don't
ever use 'all-that', but I just wanted to make a point.  With you
permission, I'd add your name to my resume as a reference for having done a
job that I guarantee would exceed your expectations.  

Note that I'd be willing to do [almost] ANY configuration services for FREE
regardless of the product family, & that goes for anyone that's reading
this.  I am currently seeking ANY opportunities that will allow me to work
more with VoIP or video conferencing, specifically.  I'm willing to relocate
too.  Drop me an email message for a copy of my resume.

Best regards,
J. Martin Wills; LCNCS(C), LCNCS(F), 3CSA, 3CSE, 3NTS, NNCAS, NNCDS, ENS,
ENS-PS, ENA, CCNA, CCDA, CCNP, CCDP
J.Martin at XoverIP.US
315.863.5853






-----Original Message-----
From: cisco-nsp-request at puck.nether.net
[mailto:cisco-nsp-request at puck.nether.net] 
Sent: Tuesday, July 20, 2004 12:02 PM
To: cisco-nsp at puck.nether.net
Subject: cisco-nsp Digest, Vol 20, Issue 50

Send cisco-nsp mailing list submissions to
	cisco-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/cisco-nsp
or, via email, send a message with subject or body 'help' to
	cisco-nsp-request at puck.nether.net

You can reach the person managing the list at
	cisco-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-nsp digest..."


Today's Topics:

   1. Cisco "event-buffer" (info at beprojects.com)
   2. Disconnecting Subscribers on a Redback SMS1800 via SNMP
      (Jay Greenberg)
   3. VPN Client to PIX connection problem (Tony Mucker)
   4. Rate-limit on 3550 (Prit)
   5. RE: Rate-limit on 3550 (Nick Shah)
   6. RE: Rate-limit on 3550 (Olav Langeland)
   7. how to configure tcl ivr scripts on fxo port of cisco 2600
      (naveen chandra)
   8. Cisco-Juniper E3 compatibility (Andre Chapuis)
   9. VPN Clients through Border Manager (Voll, Scott)
  10. Re: VPN Clients through Border Manager (info at beprojects.com)


----------------------------------------------------------------------

Message: 1
Date: Mon, 19 Jul 2004 13:46:23 -0500
From: <info at beprojects.com>
Subject: [nsp] Cisco "event-buffer"
To: "Cisco Nsp" <cisco-nsp at puck.nether.net>
Message-ID: <0a0801c46dc0$b0b33720$5370cd41 at dellbert>
Content-Type: text/plain;	charset="iso-8859-1"

Does anybody know what the "event-buffer" command does in IOS?  I've found a
reference to it in bug CSCEF00753 and it says to apply it under the
interface.  It appears to be a hidden, but working, command in IOS 12.3 (I
have no idea what other releases support it).  I've search CCO and the TAC
website and the only mention of the command is in the referenced bug above.
>From the name of the command I can't imagine why it would fix the issue in
the bug,  but I really don't know what it is used for.  Thanks.


Peder



------------------------------

Message: 2
Date: Mon, 19 Jul 2004 16:21:45 -0400
From: Jay Greenberg <jg at execulink.com>
Subject: [nsp] Disconnecting Subscribers on a Redback SMS1800 via SNMP
To: cisco-nsp at puck.nether.net
Message-ID: <1090268505.10366.6.camel at gowron>
Content-Type: text/plain

Anyone know how to disconnect subscribers on a Redback SMS1800 via
SNMP?  I can't get it to work for the life of me.  AOS 5.0.6.x

Thanks!

-- 
Jason Greenberg, CCIE #11021
Network Administrator
Execulink, Inc.
<jg at execulink.com>



------------------------------

Message: 3
Date: Mon, 19 Jul 2004 14:29:15 -0700
From: Tony Mucker <Tony at tonymucker.com>
Subject: [nsp] VPN Client to PIX connection problem
To: cisco-nsp at puck.nether.net
Message-ID: <40FC3D2B.1070006 at tonymucker.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

My switch over from an older Nortel Contivity Switch to my PIX went 
almost perfectly.

Except for one user.  He sits behind a Motorola SBG900 Surfboard 
Wireless gateway.  He is able to connect to the PIX VPN (and I show him 
being assigned an IP address) but when he tries to ping anything (or I 
try to ping him), it fails.
I know there's an issue with the Linksys Wireless APs and the Cisco 
Client (with Linksys firmware < 1.44), but I can't find anything about 
the Motorola Wireless Gateway.

This guy worked fine on the Nortel IPSEC client, but now for some reason 
is having problems with the Cisco version.  We've checked his firewall 
settings (doesn't look like he can modify them), and they look normal.

Tony


------------------------------

Message: 4
Date: Tue, 20 Jul 2004 09:54:23 +0530
From: Prit <shahtejal at gmail.com>
Subject: [nsp] Rate-limit on 3550
To: NSP List <cisco-nsp at puck.nether.net>
Message-ID: <7c9c2a39040719212456e82247 at mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII

Hello All,

How can we do rate-limit on cisco 3550 switch ?
or is there any other way to control traffic on Cisco 3550 ?

Regards
Prit


------------------------------

Message: 5
Date: Tue, 20 Jul 2004 16:38:02 +1000
From: "Nick Shah" <Nick.Shah at aapt.com.au>
Subject: RE: [nsp] Rate-limit on 3550
To: Prit <shahtejal at gmail.com>, "NSP List" <cisco-nsp at puck.nether.net>
Message-ID:
	<986841376AC62542A1D74E756396FDFB04AD5A at aunswa002.au.tcnz.net>
Content-Type: text/plain; charset=us-ascii

Hi Prit

Check:

http://www.cisco.com/warp/public/473/153.html

I have deployed policing on 3550's and it works as expected, barring the
issue with the burst (configure it high enough so that the saw tooth
effect is averaged out)

rgds
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Prit
Sent: Tuesday, 20 July 2004 2:24 PM
To: NSP List
Subject: [nsp] Rate-limit on 3550


Hello All,

How can we do rate-limit on cisco 3550 switch ?
or is there any other way to control traffic on Cisco 3550 ?

Regards
Prit
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


----------------------------------------------------------------------------
--
This communication, including any attachments, is confidential. If 
 you are not the intended recipient, you should not read it - please 
 contact me immediately, destroy it, and do not copy or use any part of 
 this communication or disclose anything about it.

----------------------------------------------------------------------------
--




------------------------------

Message: 6
Date: Tue, 20 Jul 2004 08:41:05 +0200
From: "Olav Langeland" <Olav.Langeland at activeisp.com>
Subject: RE: [nsp] Rate-limit on 3550
To: "Prit" <shahtejal at gmail.com>, "NSP List"
	<cisco-nsp at puck.nether.net>
Message-ID:
	
<00DF3E24DE6EF840B1F6D2FB41483C56016B5E70 at NO01-3-CX003.AISP.no01.activeisp.c
om>
	
Content-Type: text/plain;	charset="us-ascii"

> -----Original Message-----
> From: Prit [mailto:shahtejal at gmail.com]
> Sent: 20. juli 2004 06:24
> To: NSP List
> Subject: [nsp] Rate-limit on 3550
> 
> Hello All,
> 
> How can we do rate-limit on cisco 3550 switch ?
> or is there any other way to control traffic on Cisco 3550 ?

Hi,

cisco-nsp: Previous discussions about 3550 and traffic policing:
http://www.google.com/search?q=site%3Apuck.nether.net+3550+traffic&sourc
eid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8

Cisco.com: Understanding QoS Policing and Marking on the Catalyst 3550
http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note
09186a00800feff5.shtml



/olav




------------------------------

Message: 7
Date: Tue, 20 Jul 2004 12:42:10 +0100 (BST)
From: naveen chandra <naveen_gsb at yahoo.com>
Subject: [nsp] how to configure tcl ivr scripts on fxo port of cisco
	2600
To: cisco-nsp at puck.nether.net
Message-ID: <20040720114210.24258.qmail at web53710.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1


Hi all,

Can anybody tell me how to configure tcl ivr scripts on fxo port of cisco
2600.....

Once the call is going to pstn side...i want some ivr prompt to be played.

 

Thanks in advance

Naveen

 

 

 

 


		
---------------------------------
 ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself 

------------------------------

Message: 8
Date: Tue, 20 Jul 2004 15:49:53 +0200
From: Andre Chapuis <chapuis at ip-plus.net>
Subject: [nsp] Cisco-Juniper E3 compatibility
To: cisco-nsp at puck.nether.net
Message-ID: <566363801.20040720154953 at ip-plus.net>
Content-Type: text/plain; charset=ISO-8859-15

Hi,
Does anybody have good advice for interconnecting a Cisco and a Juniper
through an E3 circuit ?
(Cisco PA-E3 and Juniper E3 PIC).
I'm using dsu mode kentrox and ppp, but we sometimes get interface bounces

Thanks,
André

--------------------------------
André Chapuis
IP+ Backbone engineering, AS3303
Swisscom Enterprise Solutions AG
Genfergasse 14, CH-3050 Bern
+41 31 893 89 61
chapuis at ip-plus.net
CCIE #6023
--------------------------------



------------------------------

Message: 9
Date: Tue, 20 Jul 2004 06:51:10 -0700
From: "Voll, Scott" <Scott.Voll at wesd.org>
Subject: [nsp] VPN Clients through Border Manager
To: <cisco-nsp at puck.nether.net>
Message-ID: <407055A92CECCB499C922A2D35FC19A6013F2FED at apollo.wesd.org>
Content-Type: text/plain;	charset="us-ascii"

OK, I'm stumped.

I have a client that needs to get around a Border Manager / filter
server / firewall via a VPN connection to us, to use our web application
over Citrix.  When the first person uses there Cisco VPN client and
connect to our VPN (3005) they make the connection, and can use the web
application.  But when the second person tries to connect to the same
VPN the Connection gets dropped.

I initially thought it was maybe a NAT issue.  But both users have
publicly addressed computers that just go through.  I also thought that
maybe it was that the Border Manager was only allowing one VPN
connection but the second user can connect to a second VPN (3005 also).

It looks like the only problem is when multiple users try to connect to
one VPN at the same time.  Both user can connect to this one VPN, just
not at the same time.  Any ideas????  I do not have access to this
Border Manager, but if I have something for the Admin at this site to
try, I believe he is willing. 

Thanks for any comments, suggestions, or thoughts.

Scott




------------------------------

Message: 10
Date: Tue, 20 Jul 2004 09:25:56 -0500
From: <info at beprojects.com>
Subject: Re: [nsp] VPN Clients through Border Manager
To: "Cisco Nsp" <cisco-nsp at puck.nether.net>
Message-ID: <031a01c46e65$78c05780$5370cd41 at dellbert>
Content-Type: text/plain;	charset="iso-8859-1"

Change the VPN3005 to use tcp connections and set the users to transparent
tunneling through tcp.  This will allow virtually any user to connect from
anywhere and it doesn't matter if they are NAT'd or not.

In a typical IPSec VPN, the user initiates a connection on udp port 500,
then the server initiates an ESP connection back to the user.  Most
firewalls are smart enough to figure out how to send this back to one
internal user, but when a second user tries to connect, they don't know what
to do.  There is no port info in an ESP packet, so typically it drops the
first user.  If you switch to tcp, you only use one tcp connection per user
so there are no esp issues.  It is a much better solution.


----- Original Message ----- 
From: "Voll, Scott" <Scott.Voll at wesd.org>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, July 20, 2004 8:51 AM
Subject: [nsp] VPN Clients through Border Manager


> OK, I'm stumped.
>
> I have a client that needs to get around a Border Manager / filter
> server / firewall via a VPN connection to us, to use our web application
> over Citrix.  When the first person uses there Cisco VPN client and
> connect to our VPN (3005) they make the connection, and can use the web
> application.  But when the second person tries to connect to the same
> VPN the Connection gets dropped.
>
> I initially thought it was maybe a NAT issue.  But both users have
> publicly addressed computers that just go through.  I also thought that
> maybe it was that the Border Manager was only allowing one VPN
> connection but the second user can connect to a second VPN (3005 also).
>
> It looks like the only problem is when multiple users try to connect to
> one VPN at the same time.  Both user can connect to this one VPN, just
> not at the same time.  Any ideas????  I do not have access to this
> Border Manager, but if I have something for the Admin at this site to
> try, I believe he is willing.
>
> Thanks for any comments, suggestions, or thoughts.
>
> Scott
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



------------------------------

_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp


End of cisco-nsp Digest, Vol 20, Issue 50
*****************************************


More information about the cisco-nsp mailing list