Create an Etherchannel link

Catalyst WS-C3560X-24T-L  switch EtherChannel provides fault-tolerant high-speed links between switches, routers, and servers. You can use it to increase the bandwidth between the wiring closets and the data center, and you can deploy it anywhere in the network where bottlenecks are likely to occur. EtherChannel provides automatic recovery for the loss of a link by redistributing the load across the remaining links. If a link fails, EtherChannel redirects traffic from the failed link to the remaining links in the channel without intervention.

 I would like to create an etherchannel link between two cisco 3560 switches.

My question is: do all ports involved (4 in this case 2 on each switch) need to be the same number channel? or does the pair on one switch need to be a different channel from the  pair on the other switch.

Probably identifiable number on both sides will make maintenance easier, but technically it does not negotiate any channel name on the wire.

Configuring Layer 3 EtherChannels section of Configuring EtherChannel (Catalyst WS-C3560X-24T-S switch)

Configuring a GPON ONT

The Huawei MA5600  /MA5680T /MA5608T provides end users with services through the ONT. The MA5600T/MA5603T/MA5608T can manage the ONT and the ONT can work in the normal state only after the channel between the MA5600T/MA5603T/MA5608T and the ONT is available.

huawei(config)#interface gpon 0/2

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000001 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000002 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000003 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000004 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000005 always-on profile-id 10 manage-mode omci

To add an ONT that is managed by the OLT through the OMCI protocol, confirm this ONT according to the SN 3230313185885B41 automatically reported by the system, and bind the ONT with capability profile 3 that match the ONT, do as follows:

huawei(config)#interface gpon 0/2

huawei(config-if-gpon-0/2)#port 0 ont-auto-find enable

huawei(config-if-gpon-0/2)#ont confirm 0 sn-auth 3230313185885B41 profile-id 3 manage-mode omci

To add an ONU that is managed as an independent NE and whose SN is known as 3230313185885641, bind the ONU with capability profile 4 that matches the ONU, configure the NMS parameters for the ONU, and set the management VLAN to 100, do as follows:

huawei(config)#snmp-profile add profile-id 1 v2c public private 10.10.5.53 161 huawei

huawei(config)#interface gpon 0/2

huawei(config-if-gpon-0/2)#ont add 0 2 sn-auth 3230313185885641 profile-id 4 manage-mode snmp

huawei(config-if-gpon-0/2)#ont ipconfig 0 2 static ip-address 10.20.20.20 mask 255.255.255.0 gateway 10.10.20.1 vlan 100 

huawei(config-if-gpon-0/2)#ont snmp-profile 0 2 profile-id 1

huawei(config-if-gpon-0/2)#ont snmp-route 0 2 ip-address 10.10.20.190 mask 255.255.255.0 next-hop 10.10.20.100

If the ONU is an independent NE and is directly managed by the NMS through the SNMP management mode, select the SNMP management mode. For this mode, you only need to configure the parameters for the GPON line and the parameters for the management channel on the OLT.

If the ONU is not an independent NE and all its configuration data is issued by the OLT through OMCI, select the OMCI management mode. For this mode, you need to configure all parameters (including line parameters, UNI port parameters, and service parameters) that are required for the ONU on the OLT.

Generally, the ONT management mode is set to the OMCI mode.

Cisco 3750 Stacking Q

I have two WS-C3750X-48T-L  and I want to stack them together to create one switch with 96 ports.  Do I just cable them together and the 3750s will become a stack automagically?  Or is there more that needs to be done?

 So here is what I would do with two switches that were already in production with configs on them.

#1 - make sure they have the same IOS on each them.  If not update one or the other so they are the same.  This just makes things easier.

#2 - Whichever switch will be on the bottom - issue a write erase and turn it off.

#3 - Cable the switches together with the stack cables criss crossing each other.

#4 - Power on the bottom switch

After it boots the top switch should recognize the 2nd switch as part of the stack and if you do a show ver it should show you that there are 2 switches in the stack.  The boot up takes a good bit on the WS-C3750X-48T-S   so be patient.

Police policy on SVI Cisco 3750

I'm trying to rate limit traffic from a couple of IPs in a VLAN (920). The traffic is incoming from 6 physical trunk ports. The VLAN 920 interface on this WS-C3750X-24P-S  is the default gateway in VLAN 920, the 3750 routes traffic to other VLANs.

I've created the policy as below, but I get this error when I try to apply it to the VLAN interface;

QoS: class(IdentifyPorts) Unsupported classification [Vlan920]

Service Policy attachment failed

添加图片说明

int range gi 1/0/1-3

mls qos vlan-based

int range gi 2/0/1-3

mls qos vlan-based

access-list 102 permit ip host 192.168.143.3 host 192.168.178.8

class-map match-any IdentifyTraffic

match access-group 102

class-map IdentifyPorts

match input gi 1/0/1 - gi 1/0/3

match input gi 2/0/1 - gi 2/0/3

policy-map Port-Policy

class IdentifyPorts

police 8000000 1000000 exceed-action drop

policy-map VLAN-policy

class IdentifyTraffic

set ip precedence 1

service-policy Port-Policy

int vlan 920

service WS-C3750V2-48PS-S-policy input VLAN-policy

. Bandwidth Threshold on Cisco 3750

Does anyone know if at layer 3 an interface has a limit ?

I have been told that even thought our WS-C3750V2-48PS-S  switch has 1GB ports that we can expect much lower bandwidth throughput on the ports if we are using layer 3 on those ports

I'm trying to find some documentation that explains this but nothing clear is coming up

All switches have a limit in layer 2 forwarding, usually expressed in Gbps or Mbps. It's sometimes called the backplane bandwidth.

Layer 3 switches also have a limit in routing, expressed in (IP) packets per second: Mpps.

For a routing device, routing a 16 byte ICMP 'ping' packet is the same effort as routing a 1450 byte TCP packet carrying HTTP. If you multiply your average packet size with this Mpps value, you get an average Mbps value that indicates your L3 performance.

Not sure about the 3750 (and it'll depend on the exact model), but from memory even the 3550-48 had the horsepower to do layer3 at 1Gbps with 800byte packets; and compared to that, even a first generation WS-C3750X-24T-L  is a monster.

Cisco 3750 trunks

I am currently replacing our backbone switches (2 x 3560's) linked together via

trunked ether channels.

The user switches (2960's) connect to each 3560 using their 2 x 1GB trunked

Ports.

Install a stack of (3 x WS-C3750V2-24TS-S 's) as the main backbone and server connections.

Install a stack  of ( 2 x 3750's) for the user switches to connect to . This will

Connect to the 3750X's using multiple trunked ether channels (2 x to

each 3750X)

Then ether channel and trunk each user 2960' to each the 3750's (2 x to

each 3750) using the two 1GB Ethernet ports.

This allows us to use the 3750x's for the high bandwidth requirements and

The user switches are kept away from the main backbone.

Not sure if you've already purchased the 3750x's, but if you haven't, see if you can order the new 3850 switches. They are the successor the to 3750X. Some cool features are a 480G stack cable (versus 64G with the 3750x), have netflow enabled on ALL ports, up to 4 10G ports (2 10G ports on the 3750X), and has a built in wireless controller (activated via licensing, but if not needed... just don't license it).

Here's the kicker - it's the exact same list price as the 3750X.

If you have an "ordinary office" network load, there is no advantage in putting the the 2x 3750 for the client switches to connect to. Even with etherchannel, you will have multiple client connections sharing each 1GB link, from the 3750 switches to the 3750 X switches

If your budget permits, I've be tempted to do a stack of 5x 3750 X, if it doesn't then even a stack of 4x 3750 X with the client switches distributed across would be better, then you can utilize the stack bandwidth between the switches.

As you are stacking the 3750 X switches, the trunks to/from each trunked server and switch should be across two switches, for example port 1 on switch 1 and port 1 on switch 2 rather than ports 1 & 2 on switch 1.

Much as I like the WS-C3750X-48T-S  series of switches (and manage several stacks of them), for a L2 network, or even one with "light" L3 requirements (inter VLAN routing, but not BGP etc) I would usually specify the HP 5400zl series.

Cisco Netflow on 3750s

Can someone please tell me why I can't apply the following configuration to out cisco WS-C3750V2-48PS-S?

flow record FlowRecord1

 match ipv4 protocol

 match ipv4 source address

 match ipv4 destination address

 match transport source-port

 match transport destination-port

 match interface input

 collect interface output

 collect flow direction

 collect counter bytes

 collect counter packets

 collect timestamp sys-uptime first

The router show version is:

Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Thu 09-Feb-12 18:14 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x02800000

ROM: Bootstrap program is C3750E boot loader

BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)

MX-C3750-FL1-N uptime is 18 weeks, 4 days, 3 hours, 14 minutes

System returned to ROM by power-on

System restarted at 11:47:29 UTC Sat Apr 27 2013

System image file is "flash:/c3750e-universalk9-mz.122-55.SE5/c3750e-universalk9-mz.122-55.SE5.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

License Level: ipbase

License Type: Permanent

Next reload license Level: ipbase

ciscoWS-C3750V2-48PS-S Price (PowerPC405) processor (revision K0) with 262144K bytes of memory.

Processor board ID FDO1702Z2R1

Last reset from power-on

3 Virtual Ethernet interfaces

1 FastEthernet interface

208 Gigabit Ethernet interfaces

8 Ten Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

Cisco Catalyst 3750 Series configurations:

The Cisco Catalyst 3750-X Switch are an enterprise-class lines of stackable and standalone switches, respectively. These switches provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower (available only on the Catalyst 3750-X), IEEE 802.3at Power over Ethernet Plus (PoE+) configurations, optional network modules, redundant power supplies, and Media Access Control Security (MACsec) features.

• Cisco Catalyst 3750G-24TS-24 Ethernet 10/100/1000 ports and four Small Form-Factor Pluggable (SFP) uplinks

• Cisco Catalyst 3750G-24T-24 Ethernet 10/100/1000 ports

• Cisco Catalyst 3750G-12S-12 Gigabit Ethernet SFP ports

• Cisco Catalyst 3750-48TS-48 Ethernet 10/100 ports and four SFP uplinks

• Cisco Catalyst 3750-24TS-24 Ethernet 10/100 ports and two SFP uplinks

• Cisco Catalyst 3750-48PS-48 Ethernet 10/100 ports with IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) and four SFP uplinks

• Cisco Catalyst 3750-24PS-24 Ethernet 10/100 ports with IEEE 802.3af and Cisco prestandard PoE and two SFP uplinks

• Cisco Catalyst 3750-24FS-24 100BASE-FX Ethernet ports and two SFP uplinks

• Cisco Catalyst 3750G-24TS-1U-24 Ethernet 10/100/1000 ports and four SFP uplinks, 1-rack unit (RU) height

• Cisco Catalyst 3750G-24PS-24 Ethernet 10/100/1000 ports with IEEE 802.3af and Cisco prestandard PoE and four SFP uplinks

• Cisco Catalyst 3750G-48TS-48 Ethernet 10/100/1000 ports and four SFP uplinks

• Cisco Catalyst 3750G-48PS-48 Ethernet 10/100/1000 ports with IEEE 802.3af and Cisco prestandard PoE and four SFP uplinks

• Cisco Catalyst 3750G-24WS-24 Ethernet 10/100/1000 ports with IEEE 802.3af, Cisco prestandard PoE and two SFP uplinks and an integrated wireless LAN controller

The Cisco Catalyst 3750 Series is available with either the IP Base image or the IP Services image. The IP Base image feature set includes advanced quality of service (QoS), rate-limiting, access control lists (ACLs), static routing, Routing Information Protocol (RIP) and EIGRP stub routing, capabilities. The IP Services image provides a richer set of enterprise-class features, including advanced hardware-based IPv6 and multicast routing.

Cisco 3750 - Fiber Connectivity

I am going to connect 6 WS-C3750V2-48PS-S switches on fiber for my 4 floor building,

below is my requirements:

All switches should get connected each other with redundant link (if one fiber cable is damaged second one should be available as a backup, so we will have the redundant link with each floors (not the redundant switch on each floor)

Kindly clarify my some queries as below:

1. My cable vendor shipped me single mode fiber cable for interconnecting the switches, so is this cable fine or do I have to go for mulimode fiber cable?

2. My cable vendor says ... you have to use SC-LC single mode Duplex adapter=is it correct? as cisco 3750X / 2960S SFP module will be compatible with LC connectors=True?

3. What SFP module I have to order if I have to go for 1G or 4G fiber = SC or LC? confused?

4. My cable vendor says ...you have to use SC/PC Pigtail OS2 PVC 1.5 m  + SC to LC fiber connector...so what does he exactly mean by this?,,, &.. what I understood is...my 2960S switch connect as below:

Cisco2960--->SFP--->---LC connector--->----fiber---------> SC/PC Pigtail <----------fiber------------ LC connector---< ----Cisco3750X   ( pls correct if I am wrong anywhere)

5. As 3750X comes with 12 fiber ports + 4 extra modules ports so all my 6 switches(6X2=12ports = pls refer to the attached net-diagram) will get connected with each switch with redundant link but can i use 4 extra ports to connect my 2 physical server with this switch = if yes...what I have to use to get it connected?

3. For 1G, 1000BASE-LX/LH (GLC-LH-SM). 10G would be SFP-10G-LR

4. if you are connecting back to back and this is within the same room I would say save some money and go with a long patch cable to connect the two directly. If there is a room or a floor between the two devices I would recommend a patch panel so that you can make changes in the future. This will accommodate hardware changes and moves.

5. Yes, you should be able to, but you still need to match the SFP type, or more specifically the frequency.

The above would be straight answers without throwing you any curves. But here's a slight curve. If none of the closets are further apart than 300M, you may be better off going with 50um MM fiber (OM3 or OM4). It's not so much that the fiber will save you money, but the price difference in SFP's is huge when it comes to 10G

As of today, list price is:

SFP-10G-LR=  3,995.00 (Single Mode)

SFP-10G-SR= 1,495.00 (Multi Mode)

When you multiply that out by the minimum 12 SFP's (just to get to your switches) that's a big difference - 47,940.00 for SM versus 17,940 for MM.

Use the links below to see the specs for different types of Cisco optics. When I say that you need to match the "type", I really mean the frequency. Frequency usually equates to a "type" like LR, SR, LX, LH, etc. Please excuse my use of the word type when referring to SFP's as it can be misleading.

For example, Cisco SFP-10G-SR has a frequency of 850nm, and Cisco FET-10G also has a frequency of 850nm. They do not have the same name, and do not serve the exact same purpose (the purposes are for a completely different topic), but they are compatible to communicate with each other directly because the frequency matches. This is a common pairing when using Nexus switches.

I would be willing to bet that the server fiber cards run at 850nm which means the SFP-10G-SR would be compatible and can use any of the listed fiber types within the distance limitations.

http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_c78-455693.html

http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6577/product_data_sheet0900aecd8033f885.html

For more Cisco WS-C3750X-48T-L information please click here

Cisco 3750 ASIC Errors?

I have a stack of 2 Cisco 3750 WS-C3750X-24T-L Price switches and am attempting to rollout QoS in the entire LAN using the AutoQoS template. This has so far been a success on other 2900, 3700 and 4900 series switches, however this particular switch stack is not happy when we apply the commands.

This is what we see on the logging console when we apply AutoQoS globally or even just to 1 interface attached to an IP Phone:

Mar 19 07:32:43.972: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 11 queue 1

Mar 19 07:32:43.989: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 0 queue 1

Mar 19 07:32:48.049: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 15 queue 1

Mar 19 07:32:48.133: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 1 queue 1

Mar 19 07:32:52.092: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 0 queue 1

Mar 19 07:32:52.235: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 3 queue 1

Mar 19 07:32:56.178: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 11 queue 1

Mar 19 07:32:56.278: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 4 queue 1

Mar 19 07:33:00.363: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 11 queue 1

Mar 19 07:33:00.330: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 5 queue 1

Mar 19 07:33:04.424: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 15 queue 1

Mar 19 07:33:04.382: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 9 queue 1

Mar 19 07:33:08.542: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 0 queue 1

Mar 19 07:33:08.450: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 10 queue 1

Mar 19 07:33:12.644: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 11 queue 1

Mar 19 07:33:12.502: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 16 queue 1

Mar 19 07:33:16.654: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 25 queue 1

Mar 19 07:33:20.697: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 26 queue 1

Mar 19 07:33:24.783: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 22 queue 1

Mar 19 07:33:28.834: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 23 queue 1

Mar 19 07:33:33.180: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 26 queue 1

Mar 19 07:33:37.282: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 27 queue 1

Mar 19 07:33:41.325: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 1 queue 1

Mar 19 07:33:45.368: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 0 queue 1

Mar 19 07:33:49.428: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 3 queue 1

Mar 19 07:33:53.480: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 5 queue 1

Mar 19 07:33:57.632: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 4 queue 1

Mar 19 07:34:01.667: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 9 queue 1

Mar 19 07:34:05.752: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 10 queue 1

Mar 19 07:34:09.787: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 16 queue 1

Mar 19 07:34:13.998: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 25 queue 1

Mar 19 07:34:18.058: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 1 port 26 queue 1

Mar 19 07:34:22.110: %SUPQ-4-PORT_QUEUE_STUCK: Port queue Stuck for asic 2 port 23 queue 1

We have swapped this stack with identical hardware using different stacking cables and we still see the same issue. These switches were purchased in batch.

TAC is the best idea for something like this.

Another thing to check is that the SDM templates match on all switches. If they don't match, autoQos can get screwy.

For more Cisco information please click here

http://www.3anetwork.com/cisco-ws-c3750x-24t-l-price_p101.html

unstable iOS on 3750's

Catalyst WS-C3750X-12S-S is next-generation energy-efficient Layer 3 Fast Ethernet stackable switches while 3750X is layer 3 GE switches. The Cisco Catalyst 3750 v2 Series consumes less power than its predecessors 3750. The 3750-X Series Switches are enterprise-class lines of stackable and standalone switches with StackWise Plus technology, they are the replacement of Cisco 3750G and 3750E switches. 3Anetworkcom keeps many stocks for 3750V2 and 3750X switches. Among all Cisco Catalyst 3750 switches, WS-C3750V2-24TS-S and WS-C3750X-24T-S are best selling models. 3Anetwork.com offers best Cisco 3750 Price, Cisco 3750V2 Price, Cisco 3750X Price, ship to worldwide.

We've had issues with our 9 switch 3750 stack crashing on 12.2(58)SE2 so tac said to upgrade to 15.0(2)SE4. We did that upgrade today and while at first it seemed to take, the stack eventually froze and after a few reboots we just couldn't log in via ssh or console. Console would complain about memory.

So we eventually broke the stack and one by one downgraded to 12.2(55)SE8. Was a painful process as the last 3 switches are 3750X POE so they had to do the microcode update again. We also took out a 3750v2 48 port since we consolidated some things.

So now all seems working with 3 3750X PoE and 5 3750v2 on 12.2(55)SE8. downgrading to that version of IOS?

One of the best releases of IOS started from 12.2(55)SE6 to SE8.  I strongly recommend 12.2(55)SE8 as it's very stable.  All my 3750/G/E/X are running this version without any issues or even crashes.

15.0(2)SE4 is also not bad.  The rest are plain rubbish.

For more Cisco WS-C3750V2-48PS-S information please click here

Cisco Catalyst WS-C3560X-48P-L Switch

WS-C3560X-48P-L,Catalyst 3560X 48 Port PoE LAN Base

The Cisco Catalyst 3560-X Series Switches are an enterprise-class lines of stackable and standalone switches, respectively. These switches provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as IEEE 802.3at Power over Ethernet Plus (PoE+) configurations, optional network modules, redundant power supplies, and Media Access Control Security (MACsec) features. The Cisco Catalyst 3560-X enhances productivity by enabling applications such as IP telephony, wireless, and video for borderless network experience.

Cisco is pleased to introduce the new Cisco Catalyst 3750-X and 3560-X Series Switches. The Cisco Catalyst 3750-X and 3560-X Series Switches are an enterprise-class lines of stackable and standalone switches, respectively. These switches provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, IEEE 802.3at Power over Ethernet Plus (PoE+) configurations, optional network modules, redundant power supplies, and Media Access Control Security (MACsec) features. The Cisco Catalyst 3750-X Series with StackWise Plus technology provides scalability, ease of management and investment protection for the evolving business needs. The Cisco Catalyst 3750-X and 3560-X enhance productivity by enabling applications such as IP telephony, wireless, and video for borderless network experience.

For more Cisco WS-C3750X-12S-S  information please click here

Cisco UCS FCoE Multihop Configuration

3Anetwork.com keeps regular stock of Cisco SFP-10G-SR, Cisco 10GBASE-SR Module SFP-10G-SR supports a link length of 26m on standard Fiber Distributed Data Interface (FDDI)-grade multimode fiber (MMF). Using 2000MHz*km MMF (OM3), up to 300m link lengths are possible. Using 4700MHz*km MMF (OM4), up to 400m link lengths are possible.

Cable up 2 additional twinax cables in each Fabric, doesn’t have to be twinax but that is the most cost effective way to go. You can also use 10G-SR SFPs and LC/LC fibre.

Configure an FCoE VLAN on Nexus:

This must be a new VLAN

Must be the same FCoE VLAN used in UCS for the current VSANs

Must only exist on the Nexus switch for which the VSAN is on. For example in the diagram above VLAN 100 only exists on Fabric A Nexus and VLAN 101 only exists on Fabric B Nexus.

Prune the FCoE VLANs from all trunks except for the FCoE port channels, this includes the vPC peer link.

Map the VLAN to the VSAN

Create a Virtual FC interface (vfc)

Add the vfc to the appropriate VSAN

Bind the vfc to the FCoE port channel

Two or more cables required for the NE020 (typically using SFP+ connectors)

Intel states support for Windows Server 2012 SMB Direct and Kernel-mode RDMA capabilities on the following adapter models:

NetEffect™ Ethernet Server Cluster Adapter CX4 (Dover)

NetEffect™ Ethernet Server Cluster Adapter SFP+SR (Argus)

NetEffect™ Ethernet Server Cluster Adapter DA (Argus)

For more Cisco GLC-T information please click here

Cisco HWIC-2T Cabling

HWIC-2T,2-Port Serial WAN Interface Card.Serial and asynchronous high-speed WAN interface cards (HWICs) provide highly flexible connections for Cisco 1800, 1900, 2800, 2900, 3800, and 3900 Series Integrated Services Routers. These HWICs help customers enable applications such as WAN access, legacy protocol transport, console server, and dial access server. You can mix and match HWICs to tailor cost-effective solutions for common networking problems such as remote network management, external dial-modem access, low-density WAN aggregation, legacy protocol transport, and high-port-density support.

These highly flexible interface cards facilitate several important applications:

• WAN access and aggregation

• Legacy protocol transport

• Dial access server

Hewlett Packard HP MOD AL 2PT- CX4 10GETH LAN MOD Network Switch Modules (J9149A) Expansion Module

StarTech com Startech PCISOUND4LP PCI 4 CHANNEL Sound Cards Expansion Module

Hewlett Packard HP ProCurve J9312A Expansion Module 2 x Expansion Slot (884962722930) Expansion Module

Cisco (WIC- 1AM- V2) (WIC1AMV2) Expansion Module

INTEL ETHERNET 1340 SERVER CTLRADAPTER (E1G44HT) Expansion Module

Hewlett Packard HP HP ProCurve Switch 5400zl 20- port 10/ 100/ 100 + 4- port Mini- GBIC Module

Cisco 2- Port T1/ E1 Multiflex Trunk Voice/ WAN Interface Card (VWIC2- 2MFT- T1/ E1=) Expansion Module

Cisco Aironet 2112 Wireless LAN Controller - 8 x 10/ 100Base- TX (AIRWLC2112K9)

For more Cisco WS-X45-SUP7-E information please click here

Cisco 2951 Router Configuration

The Cisco C2921-VSEC Series offer unparalleled total cost of ownership savings and network agility through the intelligent integration of market leading security, unified communications, wireless, and application services. The Integrated Services Routers Generation 2 platforms are future-enabled with multi-core CPUs, support for high capacity DSPs (Digital Signal Processors) for future enhanced video capabilities, high powered service modules with improved availability, Gigabit Ethernet switching with enhanced POE, and new energy monitoring and control capabilities while enhancing overall system performance.

Current configuration : 5030 bytes

! Last configuration change at 00:03:16 UTC Wed Jan 12 2011 by cisco

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname yourname

boot-start-marker

boot-end-marker

! card type command needed for slot/vwic-slot 0/0

logging buffered 51200 warnings

no aaa new-model

no ipv6 cef

ip source-route

yourname#en

yourname#sh run

Building configuration...

Current configuration : 5030 bytes

! Last configuration change at 00:03:16 UTC Wed Jan 12 2011 by cisco

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname yourname

boot-start-marker

boot-end-marker

! card type command needed for slot/vwic-slot 0/0

logging buffered 51200 warnings

no aaa new-model

no ipv6 cef

ip source-route

ip cef

ip domain name yourdomain.com

multilink bundle-name authenticated

crypto pki token default removal timeout 0

crypto pki trustpoint TP-self-signed-906767808

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-906767808

revocation-check none

crypto pki certificate chain TP-self-signed-906767808

certificate self-signed 01

quit

voice-card 0

license udi pid CISCO2951/K9 sn FTX1451AM0V

hw-module pvdm 0/0

username cisco privilege 15 secret 5 $1$aUqy$aOjafgL./kGg8ATVSgSqw0

redundancy

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 10.10.10.1 255.255.255.248

duplex auto

speed auto

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

access-list 23 permit 10.10.10.0 0.0.0.7

nls resp-timeout 1

cpd cr-id 1

control-plane

gatekeeper

shutdown

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to

use.

-----------------------------------------------------------------------

^C

banner login ^C

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device.

This feature requires the one-time use of the username "cisco" with the

password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN

CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>

no username cisco

Replace <myuser> and <mypassword> with the username and password you want

to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE

TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the

QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp

-----------------------------------------------------------------------

^C

!

line con 0

login local

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Is my IOS image out of date? This is what I have:

yourname#dir flash0:

Directory of flash0:/

1 -rw- 57011012 Dec 17 2010 20:14:40 +00:00 c2951-universalk9_npe-mz.SPA.151-2.T2.bin

2 -rw- 2903 Dec 17 2010 20:29:30 +00:00 cpconfig-29xx.cfg

3 -rw- 2941440 Dec 17 2010 20:29:46 +00:00 cpexpress.tar

4 -rw- 1038 Dec 17 2010 20:29:56 +00:00 home.shtml

5 -rw- 115712 Dec 17 2010 20:30:02 +00:00 home.tar

6 -rw- 1697952 Dec 17 2010 20:30:18 +00:00 securedesktop-ios-3.1.1.45-k9.pkg

7 -rw- 415956 Dec 17 2010 20:30:30 +00:00 sslclient-win-1.1.4.176.pkg

For more WS-C3750X-24P-L information please click here

How to configure Command-Line Access on Cisco 2911 Router?

Cisco 2900 Series Integrated Services Routers (ISR) have modular design that allows for reuse of a broad array of existing modules that meet business requirements while maximizing investment protection. Among all Cisco 2901-SEC, Cisco 2951 router, Cisco 2921 price and Cisco 2911-SEC are best selling models.

      

line [aux | console | tty | vty] line-number

Router(config)# line console 0

Router(config-line)#

Enters line configuration mode, and specifies the type of line.

This example specifies a console terminal for access.

password password

Router(config)# password 5dr4Hepw3

Router(config-line)#

Specifies a unique password for the console terminal line.

Router(config-line)# login

Router(config-line)#

Enables password checking at terminal session login.

Router(config-line)# exec-timeout 5 30

Router(config-line)#

Sets the interval that the EXEC command interpreter waits until user input is detected. The default is 10 minutes. Optionally, add seconds to the interval value.

This example shows a timeout of 5 minutes and 30 seconds. Entering a timeout of 0 0 specifies never to time out.

Router(config-line)# line vty 0 4

Router(config-line)#

Specifies a virtual terminal for remote console access.

Router(config-line)# password aldf2ad1

Router(config-line)#

Specifies a unique password for the virtual terminal line.

Router(config-line)# login

Router(config-line)#

Enables password checking at the virtual terminal session login.

Router(config-line)# end

Router#

Exits line configuration mode, and returns to privileged EXEC mode.

For more Cisco 2921-SEC information please click here

How to configure Power Stack Parameters on Catalyst 3560-X Switch?

Cisco delivers a comprehensive portfolio of switching solutions for Borderless Networks, data centers, and smaller businesses. These solutions are optimized for a wide range of industries, including service providers, financial services, and the public sector. The WS-C3560X-48T-L Series Switches is an enterprise-class lines of stackable and standalone switches.

      

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

stack-power stack power stack name

Enter the stack power stack name and enter power stack configuration mode. The name can be up to 31 characters.

Step 3

mode {power-sharing | redundant} [strict]

Set the operating mode for the power stack:

•power-sharing—The input power from all switches in the power stack can be used for loads, and the total available power appears as one huge power supply. This is the default.

•redundant—The largest power supply is removed from the power pool to be used as backup power in case one of the other power supplies fails. This is the recommended mode if enough power is available in the system.

•strict—(Optional) Configures the power stack mode to run a strict power budget. The stack power needs cannot exceed the available power. The default is non-strict.

Step 4

end

Return to privileged EXEC mode.

Step 5

show stack-power

Verify your entries.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

For more Cisco WS-C3560X-48T-S information please click here

How to configure LAN Access Layer on Cisco WS-C3750V2-24PS-S switch?

How to configure LAN Access Layer on Cisco WS-C3750V2-24PS-S switch?

Catalyst 3750V2 24 10/100 PoE + 2 SFP Standard Image

The Cisco Catalyst 3750 v2 Series Switches are next-generation energy-efficient Layer 3 Fast Ethernet stackable switches. This new series of switches supports Cisco EnergyWise technology, which enables companies to measure and manage power consumption of network infrastructure and network-attached devices, thereby reducing their energy costs and their carbon footprints. The Cisco Catalyst 3750 v2 Series consumes less power than its predecessors and is the ideal access layer for enterprise, retail, and branch-office environments, as it increases productivity and investment protection by enabling a unified network for data, voice, and video.

service password-encryption
!
hostname A3750X
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$pthq$yU30IFO1CMO61Wy03fCP40
!
username admin password 7 141443180F0B7B7977
!
!
aaa new-model
!
!
aaa authentication login default group radius local
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time UTC recurring
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
stack-mac persistent timer 0
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
ip dhcp snooping vlan 136-137
no ip dhcp snooping information option
ip dhcp snooping
ip domain-name cisco.local
ip arp inspection vlan 136-137
vtp mode transparent
udld aggressive
!
mls qos map policed-dscp 24 26 46 to 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!


For more Cisco information please click here

WAN Routing between N5K (L3-vPC) & VSS (MEC) with Link Aggregation

Question:

We want a solution for Cisco 3925 price  routing between N5K and VSS with aggregated WAN links. Here is the scenario.

DC1: It has 2 cisco 6509 with VSS. There are 4 server farm cisco4948 switches connected with VSS with redundant uplink via MEC. Server gateway is the VSS. VSS is running Eigrp routing.

DC2: This is a new datacenter we are going to establish soon. We are planning 2 N5K at core layer with L3 daughter card and 4 N2K as server farm switch. 2 N5K will have vPC peer between them. Each 4 N2K will connect with redundant uplink via vPC with this N5K. N5K will run Eigrp routing and will be the gateway of this new DC server.

WAN between DC1 & DC2: DC1 VSS will connect with DC 2XN5K with 2X10G links. we want to do MEC at VSS side and L3 vPC at DC2 side.

If we have VSS at both end it might not be a problem. Both the link will work together as 20G aggregated link. But as we are using N5K at one end, so it creates a confusion whether it will work properly is this scenerio or not. This is my 1st question.

Also I would like to know,
1) In VSS I have configured 1 VLAN interface for server gateway. But in N5K do I have to configure at 2 switch seperately?
2) In WAN routing VSS shows as 1 device. Does this 2 N5K will show as 2 seperate hops or L3 vPC will allow them to act as a single device while traceroute from one end to another end.

I am not sure if my questiones are so elementary level or not. As I am very new to this technology I would like you all to get me some suggestions or documention or links regarding this design. I am also attaching the diagram.

Answer:

You solution in step 1-3 are fine. I will use the same solution based on the following:
1. VSS is a logical switch, in the N5K's perspective, it is 1 switch. You are acutally ECMP upstream, which is good. Just let routing protocol to take care the job.
2. The cross /30 link between N5K-1 and N5K-2 is used only if one uplink failed. Please note that the L3 /30 cross link is not part of vPC peer-link. It is a dedicated interface. Please see the below diagram.
In term of HSRP, you have to understand one thing first. In vPC, HSRP behavior has modified, both switch will forward traffic (different from C6K where only one is active). Please see the below link on how HSRP works under vPC (somehow this link is broken right now, let me see if I can get someone to fix it):

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html

To answer your question:
1. When N5K-1 goes down, N5K-2 will forward traffic out, and vise versa.
2. When vPC peer-link goes down. vPC secondary will shut down all vPC related interfaces and SVI. If SVI is down,Cisco 3945 routing protocol will stop the advertisement. Original comes from

http://www.kerchoonz.com/account/submit/add-blog/added_309996/

IOS upload

Question:

We have a router WS-C3560X-48PF-S Price in which we dont have much memeory to keep the existing IOS and

upload the new IOS.
i have to delet the old ios and upload the new.
my question? how much time it will take to upload the new ios using the console

connection.
please help, any suggestion would be highly appreciated. Thanks in advance.          

     

Answer:

No the telnet session would not disconnect just because you deleted the old IOS.

Perhaps it would help to be clear that flash is where the code is stored that is

loaded and executed at boot time. After the code is loaded then the router will

continue to run the code no matter what happens in flash. so you can easily delete

the image in flash and load another image and that will not impact the running of the

router.

However you should be aware that there is some risk in doing this. If there is any

problem in loading the code over the network there could be a problem. And if the

router should reload (power cycle or whatever) before the new code is loaded then the

router would not be able to load code and run - and recovery over the network is more

challenging. So you should be aware of these risks as you make the decision to erase

the image from flash and then to load a new image over the network.

I do not want to be alarmist or to give too negative an impression. I frequently do

erase images and load code over the network. And you can do this also. But I just

want to be sure that you understand the possible problems as you make your decision. WS-C3560X-48PF-L 

Original comes from http://lilirouter.livejournal.com/

Show Policy-Map Interface X/X output question

Question:

I am troubleshooting a Cisco 2951-SEC situation with a customer where they are getting voice quality issues over their WAN.  When I look at the policy-map applied to the WAN facing interface I see the following output:

    Class-map: REALTIME (match-any)
      5934775 packets, 547271148 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: ip dscp ef (46)
        1811301 packets, 128310242 bytes
        5 minute rate 0 bps
      Match: ip dscp af41 (34)
        167441 packets, 28756344 bytes
        5 minute rate 0 bps
      Match: access-group name AVAYAVOIP
        3956033 packets, 390204562 bytes
        5 minute rate 0 bps
      Queueing
        Strict Priority
        Output Queue: Conversation 264
        Bandwidth 30 (%)
        Bandwidth 926 (kbps) Burst 23150 (Bytes)
        (pkts matched/bytes matched) 912864/77181333
        (total drops/bytes drops) 856/1206256
    Class-map: CRITICAL (match-any)
      3837968 packets, 225767347 bytes
      5 minute offered rate 1000 bps, drop rate 0 bps
      Match: ip dscp af31 (26)
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: ip dscp cs6 (48)
        3837968 packets, 225767347 bytes
        5 minute rate 1000 bps
      Queueing
        Output Queue: Conversation 265
        Bandwidth 20 (%)
        Bandwidth 617 (kbps)
        (pkts matched/bytes matched) 3105906/180974193
        (depth/total drops/no-buffer drops) 0/0/0
         exponential weight: 9
         mean queue depth: 0
   dscp    Transmitted      Random drop      Tail drop    Minimum Maximum  Mark
           pkts/bytes       pkts/bytes       pkts/bytes    thresh  thresh  prob
   af11       0/0               0/0              0/0           32      40  1/10
   af12       0/0               0/0              0/0           28      40  1/10
   af13       0/0               0/0              0/0           24      40  1/10
   af21       0/0               0/0              0/0           32      40  1/10
   af22       0/0               0/0              0/0           28      40  1/10
   af23       0/0               0/0              0/0           24      40  1/10
   af31       0/0               0/0              0/0           32      40  1/10
   af32       0/0               0/0              0/0           28      40  1/10
   af33       0/0               0/0              0/0           24      40  1/10
   af41       0/0               0/0              0/0           32      40  1/10
   af42       0/0               0/0              0/0           28      40  1/10
   af43       0/0               0/0              0/0           24      40  1/10
    cs1       0/0               0/0              0/0           22      40  1/10
    cs2       0/0               0/0              0/0           24      40  1/10
    cs3       0/0               0/0              0/0           26      40  1/10
    cs4       0/0               0/0              0/0           28      40  1/10
    cs5       0/0               0/0              0/0           30      40  1/10
    cs6 3837968/225767347       0/0              0/0           32      40  1/10
    cs7       0/0               0/0              0/0           34      40  1/10
     ef       0/0               0/0              0/0           36      40  1/10
   rsvp       0/0               0/0              0/0           36      40  1/10
default       0/0               0/0              0/0           20      40  1/10

It looks like the policy-map is matching on the EF needed for real-time traffic but what I do not know is why down toward the bottom of the output ,where everything is broken down by DSCP value , I am not seeing transmitted packets under ef  but rather all going cs6. #I am unsure about this command and thought I would post here.  I am assuming that it has something to do with the strict priority queue just sending all traffic immediately but it seems as though you could confirm that all traffic with an EF tag is actually being sent first.    ,

Answer:

The service-policy counts packets that matches the different classes, but it doesn't kick in until there is conquestions on the outgoing interface.

For a service-policy to kick in, there must be conquestions on the output interface. That means that if there are enough room in the tx-buffers (hardware buffers), a packet will be put to the tx-queue imediatly. However if the tx-buffers fill up, the router starts to use software-buffers, and at this point the service-policy is kicked-in.

Breaking Your output down in small peaces.
Class-map REALTIME matches on EF (1811301 packets) it also matches on af41 (167441 packets) and access-group AVAYAVOIP (3956033 packets) that makes a total of 5934775 for the hole class-map REALTIME.
Most of the time there has been no conquestion, but at some point (it can be more than one) there has been conquestions and the policy-map kicks in. At this point there has been 912864 packets that have been put in the priorityqueue to be served first, but 856 of them have been dropped because the total bandwidth for the priorityqueue has been higher than 926kb at some point

For class-map CRITICAL wich matches dscp af31 (0 packets) and dscp cs6 (3837968 packets) 3105906 of them have been put in the softwarequeue under the time when there was conquestion, and none of them have been dropped.

All the dscp values at the bottom is just related to the class-map critical and has nothing to do with the class-map REALTIME

For Your last sentense, yes, the priority queue will be served first if there is conquestions, but it will at that moment also be policed to the configured rate (30%) in your case.

If there are no conquetions the priority traffic can be higher than 30%. Because the policy-map only kicks in if interface Cisco 2901-V is conquested.

For more info,

http://www.journalspace.com/index.php?do=/profile-1592/