Cisco Radius VSA

FreeRadius : https://freeradius.org/rfc/rfc2865.html

RADIUS Attributes : https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/bng/configuration/guide/b_bng_cg42asr9k/b_bng_cg42asr9k_appendix_01000.pdf

ASR9k VSA : https://supportforums.cisco.com/t5/service-providers-documents/asr9000-xr-bng-vsa-s-vendor-specific-attributes-and-services/ta-p/3141601

Matching EXP bits in ME3600

For anyone else in the future who may be experiencing a similar issue:

Problem turned out to be QoS ACL matching conditions. Docs here state:

http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-5_1_S/configuration/guide/3800x3600xscg/swqos.html

“Not all IP ACL options are supported in QoS ACLs. Only these protocols are supported for permit actions in an IP ACL: TCP, and UDP

Although you can configure many options in ACLs, only some are supported for QoS ACLs.

For permit protocol , the supported keywords are: tcp , and udp .
For source and destination address, the supported entries are ip-address , any , or host .
For match criteria, the supported keywords are dscp or tos . You can also specify a time-range.”

I ended up having to modify the ACLs to only match on IP and remove the ICMP ACE and it works.

Working on ME3600X-24FS on 15.4(3)S6a and I am testing out a very simple QoS
policy and it’s not working. Here’s my config:

class-map match-all ING-EF-CLASS
match access-group name EF-CLASS-ACL
class-map match-all ING-EF-CLASS-EXP
match mpls experimental topmost 5
!
ip access-list extended EF-CLASS-ACL
permit udp any any dscp ef
permit udp any any dscp cs5
permit udp any any precedence critical
permit icmp any any dscp ef
deny ip any any
!
policy-map ING-UPLINK
class ING-EF-CLASS
set ip dscp ef
class ING-EF-CLASS-EXP
set mpls experimental topmost 5
!
interface GigabitEthernet0/24
no switchport
mtu 9800
ip address 10.0.10.2 255.255.255.252
ip mtu 9100
ip router isis
mpls ip
mpls mtu 9100
service-policy input ING-UPLINK
It seems that every packet on the wire is matching the class ‘ING-EF-CLASS-
EXP’:
ME3600X#sh policy-map interface
GigabitEthernet0/24
Service-policy input: ING-UPLINK
Class-map: ING-EF-CLASS (match-all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: access-group name EF-CLASS-ACL
set dscp 46
Class-map: ING-EF-CLASS-EXP (match-all)
1710 packets, 175484 bytes
30 second offered rate 1000 bps, drop rate 0000 bps
Match: mpls experimental topmost 5
set mpls exp topmost 5
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any

ESX upgrade 6.0 -> 6.5

esxcli software vib update –depot=/vmfs/volumes/SATA/ESXi650-201704001.zip

esxcli software sources profile list -d /vmfs/volumes/SATA/VMware-ESXi-6.5.0-4564106-depot.zip
esxcli software profile update -p ESXi-6.5.0-4564106-standard -d /vmfs/volumes/SATA/VMware-ESXi-6.5.0-4564106-depot.zip

esxcli software vib update –depot=/vmfs/volumes/SATA/ESXi650-201704001.zip

Cisco, NBAR2 Live Updates

NBAR2 Live Updates

Protocol Pack 30 is now available on CCO!

Please Note: minimal required release for protocol pack 28 and up is now:
IOS XE 3.16.4bS Version 15.5(3)Sb4, IOS 15.5(3)M4a.

So- what is new, you ask?

Brand new protocols support:
Splunk: platform for collecting and analyzing machine-generated big data, Google-Downloads: Google downloads and updates services
Webex-Control: WebEx protocol control and signaling traffic
Web-Analytics: Web and mobile analytics and customer engagement platforms.
Office 365 updates.
For 3.16.4 users: Introduced granular app detection over QUIC.
Added support for Wifi-Calling on specific operators.
Various improvements and identification enhancements– Gmail, Crashplan, Mysql, Microsoft-SMS, NTP, Teamspeak.
A bunch of bug fixes, see full list in documentation page
And obviously all of pp 28.0, 29.0 content we released last months:
Cisco IPA-SLA (Internet Protocol Service Level Agreement) recognition.
IKE version 2 support.
Strengthening of Vmware-vSphere, Webex-meeting, Ms-SMS, Cisco-Spark, Acano, apple cloud apps detection.
For 3.16.4 IOS-XE / 15.5(3)M4a IOS users: integrated SIP and DNS-SRV engines updates. Newer versions of the engines improve media sessions, audio-video separation and services detection significantly.
We want to hear what you think!
Got anything you want to share with us? Let us know. We want to hear what you need, what works great for you and what we could do even better. Reply to this email, we’ll take it from there…

Check it out on Cisco.com software download page

https://software.cisco.com/download/navigator.html

1 2 3 4 5 21