Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Tried setting up a Shape Policy and it states its invalid.  Worked fine on my 5520, just curious if anyone else might know why its coming as invalid now                  

      

ciscoasa(config-pmap-c)# shape

                                          ^

ERROR: % Invalid input detected at '^' marker.

ciscoasa(config-pmap-c)# shape ?

ERROR: % Unrecognized command

Everyone's tags (6)
22 REPLIES
VIP Purple

Re: Cisco ASA 8.6.1 Shape Command Invalid

Are you in the class-default while you try to apply shaping? It's only supported in that class.

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Re: Cisco ASA 8.6.1 Shape Command Invalid

100% sure, this is on asa 8.6.1

ciscoasa(config)# policy-map shaper
ciscoasa(config-pmap)# policy-map shaper
ciscoasa(config-pmap)# class class-default
ciscoasa(config-pmap-c)# ?

MPF policy-map class configuration commands:
  exit             Exit from MPF class action configuration mode
  help             Help for MPF policy-map class/match submode commands
  no               Negate or set default values of a command
  police           Rate limit traffic for this class
  priority         Strict scheduling priority for this class
  quit             Exit from MPF class action configuration mode
  set              Set connection values
  user-statistics  configure user statistics for identity firewall
 
  csc              Content Security and Control service module
  flow-export      Configure filters for NetFlow events
  inspect          Protocol inspection services
  ips              Intrusion prevention services
ciscoasa(config-pmap-c)# shape average ?
ERROR: % Unrecognized command
ciscoasa(config-pmap-c)# shape average
                           ^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config-pmap-c)#

The downfall here for me is that I need to use shape for outgoing traffic and limit it, the connect speed with the fiber box is 100Mbit, police polocy doesnt work, using police people downloading off the FTP server get under 1KB per second (Acts like a duplex issue), using shaper always made it work perfect by limiting the upload to 60MBit

VIP Purple

Re: Cisco ASA 8.6.1 Shape Command Invalid

Strange, the shaper is documented not to work on the ASA 5580, but you probably have one of the newer ASA 5500-X. I'm not aware of any more restrictions there. Perhaps someone at Cisco can take over ...


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

I switched over and have Edge

I switched over and have Edge Routers that take care of everything now so the command isn't relevant.  However on remote sites, having a firewall that I can shape traffic with will be missed, police is just not that great imo, I notice on heavy traffic that things like Telepresence calls will stutter and flicker, using QoS policies I can improve it, but with half a days effort I took care of with the shape command in 5 minutes :P

Re: Cisco ASA 8.6.1 Shape Command Invalid

Hi Bro

Based on the Cisco's Configuration Guide, this should work. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_qos.html#wp1112081

By any chance, is your Cisco ASA FW running in multiple context mode or transparent firewall mode?

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Cisco ASA 8.6.1 Shape Command Invalid

Same problem here.

I use an ASA 5545, routed and single context mode.

According to documentation that feature should be supported.

I follow the documentation (use class-default) and i cannot define a shaping policy.

Is it a bug ? Does a software upgrade is needed to fix the problem ? I actually use :

asamaster# show version

Cisco Adaptive Security Appliance Software Version 8.6(1)2

Device Manager Version 6.6(1)

Compiled on Fri 01-Jun-12 02:16 by builders

System image file is "disk0:/asa861-2-smp-k8.bin"

Any help would be very appreciated

New Member

Cisco ASA 8.6.1 Shape Command Invalid

I am actually having the same issue with my ASA 5515X. The shape command just seems to be missing. Has anyone contacted Cisco yet about this issue?

Cisco Adaptive Security Appliance Software Version 8.6(1)

Device Manager Version 6.6(1)

Compiled on Fri 18-Nov-11 21:21 by builders

System image file is "disk0:/asa861-smp-k8.bin"

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Theres a bug opened on it, just waiting for a reply.  I currently use the Police Method as a work around

Cisco ASA 8.6.1 Shape Command Invalid

Same problem with ASA5515 running 8.6.1.  Command appears not present.  Ethan, what did Cisco suggest to workaround/solve the issue?  Thanks.

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Nothing, your left using the Police Command, however in my case I setup a router to do outbound Shaping.

Cisco ASA 8.6.1 Shape Command Invalid

Parece que es un bug de la version 8.6.1 actualizar a la version 9.

Cisco Adaptive Security Appliance Software Version 9.0(1)

FW-5510(config)# policy-map shape

FW-5510(config-pmap)# class class-default

FW-5510(config-pmap-c)# ?            

MPF policy-map class configuration commands:

  exit             Exit from MPF class action configuration mode

  help             Help for MPF policy-map class/match submode commands

  no               Negate or set default values of a command

  police           Rate limit traffic for this class

  priority         Strict scheduling priority for this class

  quit             Exit from MPF class action configuration mode

  service-policy   Configure QoS Service Policy

  set              Set connection values

  shape            Traffic Shaping

  user-statistics  configure user statistics for identity firewall

 

  csc              Content Security and Control service module

  flow-export      Configure filters for NetFlow events

  inspect          Protocol inspection services

  ips              Intrusion prevention services

FW-5510(config-pmap-c)#

FW-5510(config-pmap-c)# shape average ?

mpf-policy-map-class mode commands/options:

  <64000-154400000>  Target Bit Rate (bits per second), the value needs to be

                     multiple of 8000

FW-5510(config-pmap-c)# shape average

New Member

Cisco ASA 8.6.1 Shape Command Invalid

I already know how to setup a shape command, problem is on the newer -X firewalls the commands isnt present for some reason, on my 5510 and 5520 its there

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Shaping is not supported on newer X ASAs.  We need to know if this is going to be on the roadmap.  Shaping is pretty vital.

New Member

Cisco ASA 8.6.1 Shape Command Invalid

I'm running into the same issue on the newer ASAs.  Not sure why the shaping command is missing or removed, but it needs to be available, especially for sub-rate ethernet connections.

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Same situation we are seeing.  50Mbps Ethernet DIA and PTP connections with no shaping.  I dont want to have to spend even more money for a switch or router to provide the shaping.  Unacceptable.

New Member

Cisco ASA 8.6.1 Shape Command Invalid

I already have an open ticket with engineering, at least I'm told I do lol

Yeah ended up doing it with the router infront of the firewall to handle things with a shaper policy

New Member

Cisco ASA 8.6.1 Shape Command Invalid

New Member

Cisco ASA 8.6.1 Shape Command Invalid

That works fine on the old ASAs, not on the new ones.  Other people have reported the same issue and a bug was opened.

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Cisco,

Is shaping on the roadmap for the "Next Gen" ASAs?

New Member

Cisco ASA 8.6.1 Shape Command Invalid

Its still an open bug so not sure, youd think theyd add that by now

New Member

It is very likely NOT the

I wish I had found this thread before spending days trying to determine why my ASA 5515-X wasn't traffic shaping...sigh.

 

New Member

The reason why it does not

The reason why it does not work is this:

*Traffic shaping is only supported on the ASA 5505, 5510, 5520, 5540, and 5550. Multi-core models (such as the ASA 5500-X) do not support shaping.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s1.html#pgfId-1580793

3277
Views
0
Helpful
22
Replies