Category: Networking

Weighted Random Early Detection (WRED) in QoS

1. Introduction

Weighted Random Early Detection (WRED) is a congestion avoidance QoS mechanism that randomly drops packets before the queue is full, helping to prevent global TCP synchronization and optimize network performance.

📌 Key Benefits of WRED:
✅ Prevents queue tail drops, reducing congestion
✅ Improves TCP traffic performance
✅ Differentiates traffic by priority levels
✅ Works best in TCP-based networks

2. How WRED Works

WRED monitors queue depth and randomly drops packets based on:

Queue occupancy (how full the queue is)
Packet marking (DSCP/IP Precedence)
Minimum and maximum drop thresholds

🔹 WRED Drop Logic:

Queue Status	Behavior
Queue < Min Threshold	No drops ✅
Queue between Min & Max	Random drops based on priority 🎲
Queue > Max Threshold	All new packets dropped (Tail Drop) 🚫

📌 Higher-priority traffic has higher thresholds, reducing drop probability.

3. WRED vs. Tail Drop

Feature	WRED	Tail Drop
Packet Drop Behavior	Gradual, based on queue depth	Drops all packets when full
Effect on TCP	Prevents global TCP synchronization	Causes synchronization issues
QoS Differentiation	Prioritizes important traffic	No differentiation

4. Configuring WRED on a Cisco Router

A. Basic WRED Configuration

To enable WRED on an interface:

interface GigabitEthernet1/0/1
 random-detect

📌 This applies default WRED settings, treating all traffic equally.

B. WRED with IP Precedence-Based Drop Probabilities

To prioritize higher-priority traffic:

interface GigabitEthernet1/0/1
 random-detect precedence 3 20 40
 random-detect precedence 5 30 60

📌 Explanation:

Precedence 3 packets → Start dropping at 20% queue, full drop at 40%.
Precedence 5 packets → Start dropping at 30%, full drop at 60%.
Higher precedence = Less chance of being dropped.

C. WRED with DSCP-Based Drop Probabilities

To configure WRED based on DSCP values:

interface GigabitEthernet1/0/1
 random-detect dscp-based

Then, define DSCP drop thresholds:

DSCP 10 (low priority) → Drops start at 20%, full drop at 50% queue depth.
DSCP 46 (VoIP, high priority) → Drops start at 40%, full drop at 70%.

D. WRED with Class-Based QoS

1️⃣ Define a Traffic Class:

class-map MATCH-VIDEO
 match ip dscp af41

2️⃣ Create a Policy with WRED:

policy-map WRED-POLICY
 class MATCH-VIDEO
  random-detect dscp-based

3️⃣ Apply Policy to an Interface:

interface GigabitEthernet1/0/1
 service-policy output WRED-POLICY

📌 Now, WRED is applied only to DSCP AF41 traffic!

5. Verifying WRED

✅ Check WRED settings on an interface:

show interfaces GigabitEthernet1/0/1 random-detect

✅ Monitor packet drops with WRED:

show policy-map interface GigabitEthernet1/0/1

6. Summary

Scenario	Configuration
Enable WRED on an interface	`random-detect`
Prioritize traffic based on IP Precedence	`random-detect precedence X min max`
Prioritize traffic based on DSCP	`random-detect dscp-based`
Class-Based WRED	`policy-map WRED-POLICY` + `random-detect dscp-based`
Verify WRED settings	`show interfaces random-detect`

🚀 WRED improves congestion management by preventing queue overflows and TCP synchronization issues!

February 22, 2025

QoS Policing in Cisco Networks

1. Introduction

Traffic policing is a QoS mechanism that limits the rate of traffic by dropping or marking excess packets when the defined limit is exceeded. Unlike traffic shaping, which buffers excess traffic, policing discards or reclassifies packets immediately.

📌 Key Benefits of Traffic Policing:
✅ Enforces bandwidth limits on applications/users
✅ Prevents network abuse (e.g., users setting high DSCP values)
✅ Protects critical traffic by limiting non-essential traffic
✅ Can mark or drop excess traffic to maintain QoS policies

2. How Does Policing Work?

Policing uses the Token Bucket Algorithm to monitor the rate of incoming traffic.

📌 Behavior of Policing:

Traffic within the limit → Allowed ✅
Traffic exceeding the limit → Dropped or marked 🚫
No buffering (unlike shaping)

Policing vs. Shaping

Feature	Policing	Shaping
Purpose	Limits and enforces a strict rate	Smooths out bursts
Effect on Excess Traffic	Drops or marks packets	Buffers packets in a queue
Delay Impact	No delay	Can introduce delay
Best Use Case	Ingress (incoming) traffic	Egress (outgoing) traffic

3. Configuring QoS Policing on Cisco Routers & Switches

Cisco uses Class-Based Policing to enforce bandwidth limits.

A. Policing All Traffic on an Interface

To police all traffic on an interface to 5 Mbps:

interface GigabitEthernet1/0/1
police 5000000 conform-action transmit exceed-action drop

conform-action transmit → Allowed traffic goes through.
exceed-action drop → Traffic beyond 5 Mbps is dropped.

B. Class-Based QoS Policing

1️⃣ Define a Class to Match Traffic:

class-map MATCH-VIDEO
 match ip dscp af41

2️⃣ Create a Policy Map to Apply Policing:

policy-map POLICE-VIDEO
 class MATCH-VIDEO
  police 2000000 250000 exceed-action drop

3️⃣ Apply to an Interface:

interface GigabitEthernet1/0/1
 service-policy input POLICE-VIDEO

🔹 Explanation:

Limits AF41-marked traffic (video) to 2 Mbps.
Bursts up to 250 Kbps are allowed.
Excess traffic is dropped.

C. Marking Instead of Dropping (Two-Color Policing)

Instead of dropping excess traffic, mark it with a lower priority (DSCP 10):

policy-map POLICE-WEB
 class MATCH-WEB
  police 1000000 200000
   conform-action transmit
   exceed-action set-dscp-transmit 10

📌 This means:

Traffic under 1 Mbps is transmitted normally.
Traffic above 1 Mbps is marked as DSCP 10 (lower priority) instead of being dropped.

D. Three-Color Policing (CIR, PIR, Drop)

Three-color policing allows three actions:
✔ Conform (Transmit ✅)
✔ Exceed (Mark lower priority ✏️)
✔ Violate (Drop 🚫)

policy-map POLICE-TRAFFIC
 class class-default
  police 5000000 1000000 2000000
   conform-action transmit
   exceed-action set-dscp-transmit 10
   violate-action drop

📌 Explanation:

Traffic ≤ 5 Mbps → Allowed ✅
Traffic between 5 Mbps – 7 Mbps → Marked as DSCP 10 ✏️
Traffic > 7 Mbps → Dropped 🚫

4. Verifying Policing

✅ Check if policing is applied:

show policy-map interface GigabitEthernet1/0/1

✅ Check interface traffic rate:

show interfaces GigabitEthernet1/0/1 | include rate

5. Summary

Scenario	Configuration
Police all traffic to 5 Mbps	`police 5000000 conform-action transmit exceed-action drop`
Limit Video (AF41) to 2 Mbps	Class-based policing with `exceed-action drop`
Mark excess traffic instead of dropping	`exceed-action set-dscp-transmit 10`
Three-color policing (Transmit, Mark, Drop)	`conform-action transmit, exceed-action set-dscp-transmit 10, violate-action drop`
Verify policing	`show policy-map interface`

🚀 Traffic policing enforces bandwidth limits and protects network resources!

February 22, 2025

Traffic Shaping in QoS

1. Introduction

Traffic shaping is a QoS mechanism that controls the rate of outbound traffic to prevent network congestion and packet loss. It smooths traffic bursts by buffering and delaying packets to maintain a steady transmission rate.

📌 Key Benefits of Traffic Shaping: ✅ Prevents network congestion
✅ Ensures consistent bandwidth allocation
✅ Helps with Service Level Agreements (SLAs)
✅ Reduces packet drops in bursty traffic

2. How Does Traffic Shaping Work?

Traffic shaping buffers excess packets in a queue instead of dropping them, then sends them at a regulated rate.

Shaping vs. Policing

Feature	Shaping	Policing
Purpose	Slows down traffic	Drops or marks excess traffic
Effect on Packets	Buffers packets in a queue	Discards or reclassifies packets
Use Case	WAN links, avoiding congestion	Enforcing strict bandwidth limits
Typical Deployment	Outbound (egress)	Inbound (ingress) & outbound

3. Configuring Traffic Shaping on Cisco Routers

Cisco uses Class-Based Traffic Shaping (CBTS) to configure shaping per class of traffic.

A. Shaping All Traffic on an Interface

To shape all traffic on an interface to 5 Mbps:

interface Serial0/0/0
traffic-shape rate 5000000

B. Class-Based Traffic Shaping

1️⃣ Define a Class to Match Traffic:

class-map MATCH-VOICE
 match ip dscp ef

2️⃣ Create a Policy Map to Shape Traffic:

policy-map SHAPE-POLICY
 class MATCH-VOICE
  shape average 1000000

3️⃣ Apply to an Interface:

interface GigabitEthernet1/0/1
 service-policy output SHAPE-POLICY

🔹 Explanation:

Traffic matching DSCP EF (VoIP) is shaped to 1 Mbps.
Other traffic is not affected unless added to the policy.

C. Configuring Hierarchical Shaping

For multiple traffic types, use Hierarchical QoS:

policy-map CHILD-POLICY
 class MATCH-VOICE
  priority 500
 class MATCH-VIDEO
  shape average 2000000

policy-map PARENT-POLICY
 class class-default
  shape average 5000000
  service-policy CHILD-POLICY

📌 This means:

The parent policy shapes all traffic to 5 Mbps.
The child policy shapes VoIP to 500 Kbps and Video to 2 Mbps.

4. Verifying Traffic Shaping

✅ To check if shaping is working:

show policy-map interface GigabitEthernet1/0/1

✅ To monitor traffic rates:

show interfaces GigabitEthernet1/0/1 | include rate

5. Summary

Scenario	Configuration
Shape all traffic to 5 Mbps	`traffic-shape rate 5000000`
Shape VoIP to 1 Mbps	`shape average 1000000`
Hierarchical shaping for multiple classes	Parent + Child Policy Maps
Verify shaping	`show policy-map interface`

🚀 Traffic shaping ensures a smooth and stable network experience by preventing congestion!

February 22, 2025

QoS Trust Boundary in Networking

1. Introduction

The QoS Trust Boundary defines where and how QoS markings (such as DSCP or CoS) are trusted, modified, or discarded in a network. It ensures that only trusted devices (like IP phones or network switches) can set QoS values, while preventing unauthorized or misconfigured endpoints from affecting network performance.

2. Why is the Trust Boundary Important?

If the network blindly trusts all QoS markings:
🚨 Security Risk – End users could set high-priority DSCP values to get more bandwidth.
🚨 Misconfiguration – Incorrect markings from endpoints can cause congestion.
🚨 Unfair Bandwidth Usage – A normal PC could mark its traffic as VoIP, starving real-time applications.

To prevent these issues, network devices must determine where to trust or overwrite QoS markings.

3. Where Should the Trust Boundary Be Set?

Trust Scenarios

Trust Model	Description	Example Devices
Trust at the Edge	QoS markings from endpoints are accepted	Cisco IP Phones
Trust at Access Switch	Switch verifies and applies QoS policies	Cisco Catalyst Switch
Trust at Distribution/Core	Only backbone switches/routers enforce QoS	Core Routers

Best Practices

✅ Endpoints (PCs, users) – 🚫 DO NOT TRUST (Override QoS values).
✅ IP Phones, APs – ✅ Trust QoS Markings (Mark and prioritize voice traffic).
✅ Access Switches – ⚠️ Conditional Trust (Verify markings, modify if needed).
✅ Core/Distribution Layer – ✅ Strictly Enforce QoS Policies.

4. Configuring the QoS Trust Boundary on Cisco Switches

Cisco switches allow administrators to set trust levels on interfaces:

A. Trust DSCP from an IP Phone, Not from a PC

Most Cisco IP Phones mark their own traffic correctly, but connected PCs should not be trusted.
To trust only the phone’s QoS markings:

interface GigabitEthernet1/0/1
 switchport mode access
 switchport voice vlan 10
 mls qos trust dscp

mls qos trust dscp → Trust DSCP values from IP phones.
switchport voice vlan 10 → Ensures that phone traffic is correctly prioritized.

B. Remove Trust from an Untrusted Device (PC)

To override markings from PCs:

interface GigabitEthernet1/0/2
mls qos trust cos
mls qos trust device cisco-phone

mls qos trust cos → Trust CoS (only if it’s coming from a phone).
mls qos trust device cisco-phone → Trust markings only from a Cisco IP phone, not a PC.

C. Rewriting QoS Markings (Reclassify Traffic)

If untrusted devices send incorrect markings, we can override them:

policy-map RECLASSIFY
 class class-default
  set dscp default

interface GigabitEthernet1/0/3
 service-policy input RECLASSIFY

This resets all traffic to DSCP 0 (Best Effort) unless explicitly classified.

5. Verifying Trust Settings

To check trust settings on an interface:

show mls qos interface GigabitEthernet1/0/1

To see traffic classification:

show policy-map interface GigabitEthernet1/0/1

6. Summary

Scenario	Configuration
Trust DSCP from IP Phone	`mls qos trust dscp`
Trust CoS from Cisco Phones Only	`mls qos trust cos; mls qos trust device cisco-phone`
Remove Trust from a PC	Apply policy to reset DSCP to default
Check Trust Settings	`show mls qos interface`

✅ Proper trust boundary configuration prevents abuse and ensures fair traffic prioritization! 🚀

February 22, 2025

QoS Classification and Marking

1. Introduction

Quality of Service (QoS) ensures that critical traffic like VoIP, video streaming, and business applications get higher priority over less important traffic like bulk data transfers or web browsing.

Key Concepts

Classification: Identifying and categorizing network traffic.
Marking: Assigning a priority value (like DSCP or CoS) to traffic.

2. QoS Classification

What is Classification?

Classification identifies and groups network traffic based on parameters such as:
✅ Source/Destination IP or Port
✅ Application type (VoIP, Video, Web, FTP)
✅ Protocol (TCP, UDP, ICMP)
✅ Interface (LAN, WAN, VPN)

Traffic Classification Methods

Method	Example
Access Control Lists (ACLs)	Match traffic based on IP, protocol, or port
Class Maps	Define traffic classes in QoS policies
Network-Based Application Recognition (NBAR)	Identifies applications dynamically (Skype, Zoom, etc.)
802.1p (CoS)	Layer 2 VLAN tagging
Differentiated Services Code Point (DSCP)	Layer 3 IP header marking

📌 Example of Traffic Classification Using ACLs:

ip access-list extended VOICE-TRAFFIC
 permit udp any any range 16384 32767

📌 Using Class Maps to Classify Traffic:

class-map MATCH-VOICE
 match access-group name VOICE-TRAFFIC

3. QoS Marking

What is Marking?

Marking assigns priority values to packets so that network devices (routers, switches) can prioritize traffic accordingly.

Common Marking Methods

Marking Type	Layer	Bits	Value Range
802.1p (CoS)	Layer 2 (VLAN)	3 bits	0-7
DSCP (Differentiated Services Code Point)	Layer 3 (IP)	6 bits	0-63
IP Precedence	Layer 3 (IP)	3 bits	0-7

📌 Marking Traffic with DSCP (Layer 3):

class-map MATCH-VOICE
 match ip dscp 46  # Expedited Forwarding (EF) for VoIP

📌 Marking Traffic with CoS (Layer 2 VLAN):

class-map MATCH-VIDEO
 match cos 5  # High priority video

4. DSCP Marking Values

DSCP values define traffic priority levels:

DSCP Class	DSCP Value	Traffic Type
EF (Expedited Forwarding)	46	VoIP (Low Latency)
AF41, AF42, AF43	34, 36, 38	Video Streaming
AF31, AF32, AF33	26, 28, 30	Mission-Critical Apps
AF21, AF22, AF23	18, 20, 22	Bulk Data
CS0 (Default)	0	Best Effort

📌 Example Configuration – Mark VoIP Traffic as EF (DSCP 46):

policy-map MARK-VOICE
 class MATCH-VOICE
  set dscp ef

📌 Trust DSCP on a Switch Port:

interface GigabitEthernet1/0/1
mls qos trust dscp

5. Applying Classification and Marking on an Interface

1️⃣ Create an ACL to Match VoIP Traffic

ip access-list extended VOICE-TRAFFIC
 permit udp any any range 16384 32767

2️⃣ Create a Class Map

class-map MATCH-VOICE
 match access-group name VOICE-TRAFFIC

3️⃣ Create a Policy Map to Mark Traffic

policy-map MARK-VOICE
 class MATCH-VOICE
  set dscp ef

4️⃣ Apply QoS Policy to an Interface

interface GigabitEthernet1/0/1
service-policy input MARK-VOICE

6. Summary

Step	Command
Classify Traffic	`class-map MATCH-VOICE`
Mark DSCP Values	`set dscp ef`
Mark CoS Values	`set cos 5`
Apply to Interface	`service-policy input MARK-VOICE`

Conclusion:

Classification helps identify network traffic.
Marking assigns priority values (DSCP, CoS).
Proper QoS policies ensure that voice, video, and critical data traffic get prioritized over non-essential traffic.

February 22, 2025

IP Precedence and DSCP Values in QoS

1. Introduction

In Quality of Service (QoS), traffic is classified and prioritized to ensure better performance for critical applications. Two common packet marking mechanisms used in QoS are:

IP Precedence (Legacy – 3 Bits)
Differentiated Services Code Point (DSCP – 6 Bits)

These values are set in the Type of Service (ToS) byte in the IP header to indicate priority levels.

2. IP Precedence (Legacy)

3-bit field (values: 0-7)
Used in older networks (before DSCP)
Higher values = Higher priority

IP Precedence	Binary	Priority Level	Traffic Type
7	`111`	Highest	Network Control
6	`110`	High	Internetwork Control
5	`101`	Critical	VoIP, Video
4	`100`	High	Streaming Media
3	`011`	Medium	Transactional Traffic
2	`010`	Normal	Bulk Data
1	`001`	Low	Scavenger Traffic
0	`000`	Default	Best Effort

📌 Example Configuration (Mark Traffic with IP Precedence 5 – VoIP):

class-map VOICE
 match ip precedence 5

policy-map QOS-POLICY
 class VOICE
  priority 1000

3. Differentiated Services Code Point (DSCP)

6-bit field (values: 0-63)
More granular control than IP Precedence
Backward-compatible with IP Precedence

DSCP Classes

DSCP values are divided into different categories:

1️⃣ Expedited Forwarding (EF – High Priority)

DSCP	Binary	Description
EF (46)	`101110`	VoIP, real-time apps

🟢 EF (Expedited Forwarding) is used for low-latency traffic like VoIP.

2️⃣ Assured Forwarding (AF – Prioritized Traffic)

Assured Forwarding (AF) provides four service classes (AF1-4) with three levels of drop probability (Low, Medium, High).

AF Class	DSCP Value	Binary	Drop Probability
AF11	10	`001010`	Low
AF12	12	`001100`	Medium
AF13	14	`001110`	High
AF21	18	`010010`	Low
AF22	20	`010100`	Medium
AF23	22	`010110`	High
AF31	26	`011010`	Low
AF32	28	`011100`	Medium
AF33	30	`011110`	High
AF41	34	`100010`	Low
AF42	36	`100100`	Medium
AF43	38	`100110`	High

🔵 Example Use Case:

AF41 is used for video streaming.
AF31 is used for mission-critical applications.

3️⃣ Default & Best Effort (Low Priority)

DSCP	Binary	Description
CS0 (0)	`000000`	Best Effort (Default)
CS1 (8)	`001000`	Background Traffic

🚫 CS0 (Best Effort) is used for general internet traffic without priority.

4. Mapping Between IP Precedence and DSCP

IP Precedence	Equivalent DSCP
0	CS0 (0)
1	CS1 (8)
2	CS2 (16)
3	CS3 (24)
4	CS4 (32)
5	CS5 (40)
6	CS6 (48)
7	CS7 (56)

5. Configuring DSCP on Cisco Devices

Marking Packets with DSCP

class-map MATCH-VOICE
 match ip dscp 46

policy-map QOS-POLICY
 class MATCH-VOICE
  priority 1000

Trust DSCP on an Interface

conf t
interface GigabitEthernet1/0/1
mls qos trust dscp
exit

6. Summary

IP Precedence (Legacy): 3-bit field (0-7), basic priority levels.
DSCP (Modern QoS): 6-bit field (0-63), more flexibility.
EF (46) for VoIP, AF41 for Video, CS0 for Best Effort.

February 22, 2025

Introduction to QoS (Quality of Service) in Networking

What is QoS?

Quality of Service (QoS) is a set of technologies and techniques used in networking to manage and prioritize traffic, ensuring efficient data transmission, reduced latency, and improved performance for critical applications.

Why is QoS Important?

Without QoS, all network traffic is treated equally, which can lead to:
✅ Poor VoIP call quality (jitter, latency, packet loss)
✅ Slow video streaming (buffering)
✅ Delayed critical applications (business or cloud apps)

QoS ensures that high-priority traffic (like voice and video) gets preferential treatment over less critical traffic (like file downloads or emails).

Key QoS Concepts

1. Bandwidth, Delay, Jitter, and Packet Loss

Term	Definition
Bandwidth	Maximum data transfer rate (measured in Mbps or Gbps).
Delay (Latency)	Time taken for packets to travel from source to destination.
Jitter	Variation in packet delay (problematic for VoIP and video).
Packet Loss	Percentage of lost packets, impacting data integrity.

QoS helps reduce delay, jitter, and packet loss to improve network performance.

2. Traffic Classification & Marking

QoS classifies packets into different categories and assigns them priorities using Differentiated Services Code Point (DSCP) or Class of Service (CoS).

Example of DSCP values:

Traffic Type	DSCP Value
Voice	EF (Expedited Forwarding – 46)
Video	AF41 (Assured Forwarding – 34)
Best Effort (Default)	0
Background Traffic	CS1 (Class Selector – 1)

To mark packets:

class-map VOICE
 match ip dscp 46

3. QoS Mechanisms

QoS is implemented using multiple techniques:

A. Traffic Classification & Marking

Identifies and labels packets based on type (voice, video, data).
Uses DSCP (Layer 3) or CoS (Layer 2).

B. Queuing and Scheduling

Priority Queuing (PQ): Highest-priority packets are sent first.
Weighted Fair Queuing (WFQ): Fair distribution among multiple traffic types.
Low Latency Queuing (LLQ): Guarantees bandwidth for real-time applications like VoIP.

C. Congestion Management

Random Early Detection (RED): Prevents congestion by dropping packets early.
Weighted Random Early Detection (WRED): Prioritizes higher-priority packets.

D. Policing and Shaping

Policing: Drops excess traffic above a configured rate.
Shaping: Buffers excess traffic instead of dropping it.

Example of policing:

policy-map POLICE-TRAFFIC
 class VIDEO
  police 1000000 conform-action transmit exceed-action drop

QoS Configuration on Cisco Devices

1. Enable QoS on an Interface

conf t
interface GigabitEthernet1/0/1
mls qos trust dscp
exit

2. Create a Class Map (Traffic Classification)

class-map MATCH-VOICE
 match ip dscp 46

3. Create a Policy Map (Traffic Treatment)

policy-map QoS-POLICY
 class MATCH-VOICE
  priority 1000
 class class-default
  fair-queue

4. Apply QoS Policy to an Interface

conf t
interface GigabitEthernet1/0/1
service-policy output QoS-POLICY
exit

Conclusion

QoS is essential for ensuring a smooth network experience, especially for real-time applications like voice, video, and business-critical services. By using traffic classification, marking, queuing, and congestion management, QoS optimizes performance and prevents network slowdowns.

February 22, 2025

What is Power over Ethernet (PoE)?

Power over Ethernet (PoE) allows network cables to carry both data and electrical power to devices like IP phones, wireless access points, and security cameras, eliminating the need for separate power adapters.

PoE Standards

Standard	Max Power per Port	Devices Supported
802.3af (PoE)	15.4W	Phones, small APs
802.3at (PoE+)	30W	High-power APs, cameras
802.3bt (PoE++)	60-100W	LED lights, laptops

How to Enable PoE on a Cisco Switch

Most Cisco switches support PoE by default, but you can manually enable or configure it.

1. Check if the Switch Supports PoE

Run:

Switch#show power inline

If you see available power and usage stats, the switch supports PoE.

2. Enable PoE on an Interface

Run:

Switch#conf t
interface <interface_id>
power inline auto
exit

<interface_id> → Example: GigabitEthernet1/0/1
auto → Enables PoE when a powered device (PD) is detected.

To disable PoE on a port:

Switch#conf t
interface <interface_id>
power inline never
exit

3. Set Power Limits for Devices

By default, the switch assigns power dynamically. You can manually set power limits:

Switch#conf t
interface <interface_id>
power inline static max 20000
exit

Max power in milliwatts (mW)
- 15000 for 15W (PoE)
- 30000 for 30W (PoE+)
- 60000 for 60W (PoE++)

To check power consumption:

Switch#show power inline interface <interface_id> detail

4. Troubleshoot PoE Issues

If a device is not powering up:

Check PoE status:bashCopyEditshow power inline interface <interface_id>
Reset PoE on the port:bashCopyEditconf t interface <interface_id> power inline never power inline auto exit
If the port is err-disabled, recover it:bashCopyEditconf t interface <interface_id> shutdown no shutdown exit
If power is exhausted, check:bashCopyEditshow power inline

Summary

Task	Command
Enable PoE	`power inline auto`
Disable PoE	`power inline never`
Set power limit	`power inline static max <mW>`
Check PoE status	`show power inline`
Check port power use	`show power inline interface <interface_id> detail`

February 22, 2025

Troubleshooting Switch Interfaces
Troubleshooting Cisco switch interface errors requires a structured approach to diagnose and resolve issues efficiently. Here’s a step-by-step guide:

1. Check Interface Status

Run:
```
Switch#show interfaces status
```
- Connected → Interface is up and functioning
- Notconnect → No device is connected or a cable issue
- Err-disabled → Error condition detected (see step 5)
- Disabled → Interface is administratively down
If the interface is down, enable it:
```
Switch#conf t
interface <interface_id>
no shutdown
exit
```
2. Verify Cable and Physical Connection
- Ensure the cable is properly plugged in.
- Test with a different cable.
- Check port LED status (blinking green = active, amber = issue).
3. Check Interface Errors

Run:
```
Switch#show interfaces <interface_id>
```
Look for:
- Input errors: CRC errors, frame errors → Cable or duplex mismatch.
- Output errors: Congestion or hardware failure.
- CRC errors: Bad cables, interference, or duplex mismatch.
- Collisions: High count may indicate a duplex mismatch.
4. Check Duplex and Speed Settings

Run:
```
Switch#show interfaces <interface_id> status
```
If there is a duplex mismatch, manually configure it:
```
Switch#conf t
interface <interface_id>
duplex full
speed 1000
exit
```
5. Check for Err-Disabled State

Run:
```
Switch#show interfaces status | include err-disabled
```
Common causes:
- Port security violation
- BPDU guard violation
- Link flap detection
- UDLD failure
Fix:
```
Switch#conf t
interface <interface_id>
shutdown
no shutdown
exit
```
To find the specific reason:
```
Switch#show interfaces <interface_id> | include error
```
If it’s due to port security:
```
Switch#show port-security interface <interface_id>
Switch#clear port-security sticky interface <interface_id>
```
If BPDU guard triggered:
```
Switch#spanning-tree bpduguard disable
```
To automatically recover from err-disabled state:
```
Switch#conf t
errdisable recovery cause all
errdisable recovery interval 30
exit
```
6. Check VLAN and Trunk Settings

Run:
```
Switch#show vlan brief
```
Ensure the port is in the correct VLAN.

For trunk ports:
```
Switch#show interfaces trunk
```
If VLANs are missing, add them:
```
Switch#conf t
interface <interface_id>
switchport mode trunk
switchport trunk allowed vlan add <vlan_id>
exit
```
7. Check Spanning Tree (STP) Issues

Run:
```
Switch#show spanning-tree interface <interface_id>
```
- If the port is in Blocking state, STP is preventing loops.
- If the port is flapping, check STP settings.
To disable STP (use cautiously):
```
Switch#conf t
interface <interface_id>
spanning-tree portfast
exit
```
8. Check MAC Address Table

Run:
```
Switch#show mac address-table interface <interface_id>
```
If there are no MAC addresses, the device might not be communicating.

9. Debugging Further

To see real-time logs:
```
Switch#terminal monitor
debug spanning-tree events
debug interface <interface_id>
```
Disable debugging after use:
```
Switch#undebug all
```
10. Reload Interface or Switch

If all else fails:
```
Switch#reload
```
or shut/no shut the interface.
February 22, 2025

How to Install Cisco SD-WAN on EVE-NG

This guide covers hardware & VMware prerequisites, setting up EVE-NG, and installing Cisco SD-WAN components (vManage, vBond, vSmart, vEdge).

1. Prerequisites

Hardware Requirements

CPU: 8+ cores (Intel VT-x/EPT or AMD-V/RVI enabled)
RAM: 16GB+ (32GB+ recommended for large labs)
Storage: 100GB+ SSD (for performance)
Network: Bridged networking for external access

VMware Workstation Requirements

VMware Workstation Pro (Recommended) or Player
Nested Virtualization enabled (for running EVE-NG inside VMware)
EVE-NG Installed (ISO or OVA method)
EVE-NG Network Adapter set to Bridged

2. EVE-NG Setup on VMware

If you haven’t installed EVE-NG yet, follow this guide:
📌 How to Install EVE-NG on VMware Workstation

Once EVE-NG is running, find its IP address using:

bashCopyEditip a

Access EVE-NG via browser:

cppCopyEdithttp://<EVE-NG-IP>/

3. Download Cisco SD-WAN Images

You need to get the Cisco SD-WAN images for EVE-NG.
These images are available on Cisco’s official website (Cisco Software Downloads).

🔹 Required Images for Cisco SD-WAN Deployment:

vManage (Orchestrator)
vBond (Authentication Controller)
vSmart (Control Plane)
vEdge (Data Plane)

🚨 Make sure you download KVM/QEMU-compatible images (not ESXi/OVA).

4. Upload & Configure SD-WAN Images in EVE-NG

Connect to EVE-NG via SSH:bashCopyEditssh root@<EVE-NG-IP>
Navigate to QEMU Directory:bashCopyEditcd /opt/unetlab/addons/qemu/
Create Folders for Each Image:bashCopyEditmkdir -p viptela-vmanage-<version> mkdir -p viptela-vbond-<version> mkdir -p viptela-vsmart-<version> mkdir -p viptela-edge-<version>
Upload Images (via WinSCP or SCP Command)
- Use WinSCP to upload images into the respective folders.
- Alternatively, use SCP from another system:bashCopyEditscp <local-path-to-image>.qcow2 root@<EVE-NG-IP>:/opt/unetlab/addons/qemu/viptela-vmanage/
Rename Image to “hda.qcow2”bashCopyEditmv <original-image-name>.qcow2 hda.qcow2
Fix PermissionsbashCopyEdit/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

5. Deploy Cisco SD-WAN Nodes in EVE-NG

Step 1: Create a New Lab

Open EVE-NG Web GUI → New Lab
Name the lab (e.g., SD-WAN-Lab)

Step 2: Add Cisco SD-WAN Devices

Click “Add a Node”
Choose vManage, vBond, vSmart, and vEdge
Assign at least:
- vManage: 8GB RAM, 4 vCPUs
- vBond: 4GB RAM, 2 vCPUs
- vSmart: 4GB RAM, 2 vCPUs
- vEdge: 2GB RAM, 1 vCPU
Save and Start the Nodes

6. Initial Configuration of SD-WAN Components

Once the devices boot up, access them via console (telnet in EVE-NG).

vManage Setup

Login with default credentials:pgsqlCopyEditUsername: admin Password: admin
Assign Basic Configurations:bashCopyEditconfig terminal system host-name vManage system-ip 1.1.1.1 site-id 100 organization-name "YourOrg" exit commit

vBond Setup

Set hostname, system IP, and site ID:bashCopyEditconfig terminal system host-name vBond system-ip 2.2.2.2 site-id 200 organization-name "YourOrg" exit commit

vSmart Setup

Configure hostname, system IP, and site ID:bashCopyEditconfig terminal system host-name vSmart system-ip 3.3.3.3 site-id 300 organization-name "YourOrg" exit commit

vEdge Setup

Configure hostname, system IP, and site ID:bashCopyEditconfig terminal system host-name vEdge system-ip 4.4.4.4 site-id 400 organization-name "YourOrg" exit commit

7. Establish Control Connections

Ensure vManage, vBond, and vSmart can communicate.
Check connectivity using:bashCopyEditshow control connections
Verify tunnel status:bashCopyEditshow ip route

8. Web Access & Final Configuration

Open a browser and go to:cppCopyEdithttps://<vManage-IP>:8443
Login with:
- Username: admin
- Password: admin
Complete initial setup via the GUI.

9. Troubleshooting & Tips

Common Issues & Fixes

Issue	Solution
Nodes not starting	Increase RAM & CPU in EVE-NG VM settings
No network connectivity	Use Bridged Adapter in VMware & ensure correct IP settings
Can’t access vManage Web GUI	Check HTTPS port (`8443`) & restart vManage
Control connections not forming	Verify IP configs & firewall rules

10. Conclusion

You’ve successfully installed Cisco SD-WAN on EVE-NG within VMware! 🎉

🔹 Next Steps:

Integrate real WAN/LAN connections.
Add vEdge Cloud or physical cEdge routers.
Test policy-based routing and QoS.

February 21, 2025