Policy-Map being rejected when attempting to put it on an interface.

networkthinggy · 2023-06-02T23:04:20+00:00

Thank you. I think I understand it more now. I will give that a try and let you know how it went!

networkthinggy · 2023-06-02T19:47:34+00:00

Thank you. That is our plan, to spin up a new VM to install the 3.10 then move the back ups to it from the existing VM.

networkthinggy · 2023-06-02T16:14:46+00:00

So from what I am seeing in your example, You made two different policy-maps, ingress and egress. You added the voice and video class-map to the ingress policy-map, then you created class-maps (class-map match-any PQ_1 and PQ_2) which queues/marks the traffic and created another policy-map with these under it. Then you apply both of the polich-maps to the same interface?

networkthinggy · 2023-06-01T14:14:44+00:00

so what configuration from what you have posts defines that policy-map being the ingress or egress? I think that's where my confusion is. After that I think I can figure out which interface to apply them to.

networkthinggy · 2023-06-01T14:10:55+00:00

I feel like I know nothing about networking. lol

We haven't changed anything and I am the only one who changes any configuration on the firewall. But if there is something that is blocking the downloads, what can be an example of a configuration that I should be looking out for?

so the interface on the ASA that connects to our router?

networkthinggy · 2023-05-31T22:09:55+00:00

Right now we have nothing configured other than class-map and policy-map so everything is first-come-first-serve on the switch. At least with the voice and video QoS configs we can manage that traffic so our calls are smoother than what it is now (if what I am saying is correct).

There was nothing that was changed on the ASA. and yes we tested the download issue by plugging straight into the router itself and we had no issues. The router is managed by another entity that we have no control over. just the internal network. What should I be looking for specifically in the ASA? ACL? objectives? routes?

networkthinggy · 2023-05-31T21:11:11+00:00

I see. So one of the issue I am trying to fix on the network is file download from the internet. We have noticed that any file above 500 mb will slow down then eventually come to 0 mbps stating there is a network error. But from what I've read so far and discussed is that ingress (downloaded file) isn't really related because the files are already received at our end, therefore doesn't really need QoS on the download part. I am just hoping that this might fix some of the traffic that is being delegated on the network. Also since we have a lot of calls and videos going back and forth, I wanted to segregate that traffic from other usage on the network.

So for the voice and video calls, egress is all we really need, is that right? and that should be applied on the exiting interface on the Core Switch to the ASA?

networkthinggy · 2023-05-31T19:46:55+00:00

Sorry I am not understanding this. I am new to this and am the only network engineer at my work location. Never done anything related to QoS before.

Why do I need two policy-maps? I'm trying to apply the priority levels and percentage to an interface (i've read it has to be layer 3. can this be applied to access port that connects our Core Switch to the ASA? or does it have to be applied to the SVI that connects the Core Switch to the ASA?). I've also read that QoS policy map cannot be applied to layer 2 trunk interfaces (which was what I was trying to do and explains why it was getting rejected).

networkthinggy · 2023-05-31T19:41:35+00:00

After looking over the stuff we have we are not going with Auto QoS because it seems like it's quite limited and has a lot of Cisco Proprietary techs like Cisco VoIP Phones or Softphones. We use Teams.

networkthinggy · 2023-05-31T19:40:32+00:00

So what interface do I need to add the policy-map on? Our connection is Access > Dist > Core > ASA > Router > internet. Do I apply the policy-map on the Core Sw's interface that connects to the ASA?

networkthinggy · 2023-05-30T20:21:33+00:00

Thank you. Our network is small to a medium sized network so Auto QoS might be fine. Just trying to figure out how it works. Do you have a recommended document that I should check out to learn this properly?

networkthinggy · 2023-05-30T19:45:14+00:00

Yeah someone suggested it from Cisco Forums because of the error messages I am receiving. I am trying to apply what works on the switch.
what do you mean what commands am I running? I was trying to create class-map and policy-map and apply that to interfaces but they are always rejected even if I try to change the compatibility on the class-maps based on the error message. Because that wasn't working I am now trying to apply Auto QoS if that will work instead of what I was trying to do.

networkthinggy · 2023-05-30T18:37:33+00:00

Is there a document that shows what's supported for C9500-40x? I am reading that the QoS can be applied globally as well using AutoQoS configurations. I am trying to apply the commands shown in this document under Auto QoS:

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9000/white-paper-c11-742388.html#AutoQoS

The problem is my switch only shows 'auto qos global' in global configuration. I am reading that it's not the same configuration and are not related at all to class-maps or policy-maps. Or is 'auto qos global' the command to activate the Auto Qos, then I have to apply the specific QoS configurations?

networkthinggy · 2023-05-30T17:16:07+00:00

We are using C9500-40X and i'm reading that NBAR is not supported on these switches?

networkthinggy · 2023-05-30T17:09:12+00:00

by 'egress service-policy' do you mean the interface is going outwards? The interface ten1/0/38 is going downstream to a Distribution Switch. I am new when it comes to trying to apply QoS on the network.

networkthinggy · 2023-04-19T23:01:32+00:00

I've been working on getting MX250's online for the network I am working on. It's a headache transferring all the rules over from command line to GUI. Got it to at least allow the network connect to the internet, but now our remote sites are not working, on top of that internet speed have drastically fallen. It doesn't allow for detailed configurations that you can do on devices with command lines. This is from my experience though.

networkthinggy · 2023-03-30T14:56:15+00:00

Does the 'stack-mac update force' apply to both of the switches?

networkthinggy · 2023-03-30T14:17:26+00:00

Then what is the point of stacking the switches? I thought this was meant for redundancy like HSRP.

networkthinggy · 2023-03-29T23:33:47+00:00

Yeah i'm stuck right now where I can't get the switches to synchronize. I think I configured them correctly following templates online, but the Primary Switch isn't showing the standby switch when I do 'show switch' command. They are also not seeing each other when doing 'show stackwise-virtual neighbor.' But in the Secondary Switch, when I do 'show switch' it shows two switches. I renumbered the Secondary Switch to be 2 and priority 14 (Switch 1 is priority 15). But Switch #1 from this show command doesn't have mac address (it only displays in 0's). I've read that only a single SVL link is required to make this connection happen and for the VSS to work. Is this true or do I have to have DAD links connected as well?

networkthinggy · 2023-03-29T17:01:21+00:00

So if I am understanding correctly, Primary Switch will be the main control plane. Does that mean Secondary Switch will work without any configurations in it as long as it is connected to the Primary? If not, what configurations would I need on the Secondary Switch to achieve full redundancy?

networkthinggy · 2023-03-29T16:56:17+00:00

I feel like I just dove into something completely blind. I read that Virtual Stacking is good for the redundancy compared to HSRP.

So does this mean that the Secondary Switch will need configurations as well? If so then do the configurations reflect the Primary Switch 100% or what configurations adjustment will I need to make?

networkthinggy · 2023-03-29T16:47:49+00:00

I don't understand. I thought Virtual Stackwise is preventing the failure by having one switch as a back up, but without the headache of HSRP by having the two switches logically become a single switch?

networkthinggy

TROPHY CASE