2940 connected to 2950 with VLANS
Hi
In my office, i have an 2940, no config. I want it to connect to the access sw, which again is connected to the dist/core. My port in the access sw have this config:
interface FastEthernet0/8
switchport access vlan 99
switchport mode access
switchport voice vlan 20
no ip address
spanning-tree portfast
When i connect the 2940 to this 0/8 port, only some traffice seems to pass. I have several IP phones in my office, but only two would register. The pc is connected via IP phone, but then, only the pc get's access, not that IP phone. I find this strange, about how i should configure the 0/8 port in the 2940, so that all the traffice from the access sw gets through to all my 2940 ports.
regards
/alf
If you configure port fa0/8 to be member of vlan 99 and voice vlan 20 you can only connect a IP phone to that port with built-in switchport that connects the PC/notebook.
You should not connect a switch to that port. If you want a to connect that switch you can use a trunk to transport VLANs. Furthermore portfast is ONLY to be used on edge ports.
Similar Messages
-
Dynamic Vlan Assigment on 2950 with acs 4.2
Hello to everyone
We have a problem with Cisco 2950G 48 EI and ACS (version 4.2) providing dynamic Vlan assignment based on groups
On the ACS we configured the following attributes for the specific group
64 = VLAN
65 = 802
81 = VLAN Name
We tried for the 81 attribute both Vlan name and Vlan ID but we get the same results
In detail, we need the machine to be placed on Vlan ID 6 named vlan_sio so we inserted these value in the attribute field
Before we configured the switch to speak with ACS:
aaa new-model
aaa group server radius Switch
server 172.16.0.93 auth-port 1812 acct-port 1813
dot1x system-auth-control
radius-server host 172.16.0.93 auth-port 1812 acct-port 1813 key xxxxxx
radius-server retransmit 3
Configured the ports for the use of dot1.x.
switchport mode access
dot1x port-control auto
dot1x guest-vlan 7
spanning-tree portfast
The users are correctly authenticated but the ports are always connected to the default Vlan of the ports
We tried to debug with the debug dot1.x events command and we get the following errors:
Feb 16 12:00:04.017: Attribute 64 6 0100000D
Feb 16 12:00:04.017: Attribute 65 6 01000006
Feb 16 12:00:04.017: Attribute 81 4 01360806
Feb 16 12:00:04.025: dot1x-ev:Received VLAN is No Vlan
Feb 16 12:00:04.037: dot1x-ev:Received VLAN Id -1
Feb 16 12:00:04.041: dot1x-ev:dot1x_port_authorized: clearing HA table from vlan 1
Feb 16 12:00:04.049: dot1x-ev:dot1x_port_authorized: Added 0006.1bdb.6a09 to HA table on vlan 1
Does anyone know what we could have missed?
Thank’ssolved
It was just missing the command
aaa authorization network default group XXXX -
Dot1q between two routers connected via 2950
Hi,
I have two 7200's connected to a 2950 (FE 22 + FE 24 - Both configured as trunks).
On the 7200's, I have the following:
7200-A
interface FastEthernet0/0.23
encapsulation dot1Q 23
ip address 192.168.1.1 255.255.255.252
no snmp trap link-status
7200-B
interface FastEthernet0/0.23
encapsulation dot1Q 23
ip address 192.168.1.2 255.255.255.252
no snmp trap link-status
2950:
interface FastEthernet0/22
switchport mode trunk
no ip address
duplex full
speed 100
interface FastEthernet0/24
switchport mode trunk
no ip address
duplex full
speed 100
But I cannot ping between the two routers?7200-A has dot1q ints for servers connected to the 2950 (Access Ports)....these are all currently successfully trunked down FE24
I want to connect 7200-B to 7200-A, and have dot1q Ints on both routers(As /30's) that can communicate (They will be used on 7200-B as Internet gateways for VRF's (With IP Nat enabled)....I was hoping that by having 7200-B connected to 2950 FE22, and configuring that port as a trunk also, that the dot1q ints on both routers could talk.
vlan 23 does exist on 2950, and is being trunked on both FE 22 + FE 24
I dont have any spare FE ports on 7200-A, hence the reason for me connecting 7200-B to the 2950. -
Hi, I need a help!
I have a Catalyst 2950 with 24 ports.
How Can I add 2 or more vlans in an interface? This interface is connected with a Firewall.
With Catalyst 2900 no problem, I use switchport.
Thks.With 2950, you will need to configure the port to "trunk" if you want to carry more than one VLAN over it. Does your firewall support trunking?
-
Connecting a 2950 Switch to an existing small network
Wondering what's the best way to connect a 2950 Switch to an existing small network. It consists of a few computers on just basic old Linksys switches, but there's only 1 network cable going to the back room, where we have several computers that need to access the internet. I've had a spare 2950 kicking around (RMA from a customer, all ports work but a good bunch of them do not light for some reason) that I'd like to just connect to the existing network line in the back room and have it piggyback essentially so all the machines in the back room can have internet access.
I'm just wondering how I should go about wiring and setting up this switch to work properly, as it's been awhile since I've done this, and the last time I did, it was with the ancient 1900 series switches :).
Thanks in advance for any help.Hello,
basically, it depends on if you have different VLANs implemented in your current network or not. If not, you could just connect the 2950 to one of the Linksys switches, using a crossover cable. The default VLAN for all ports on the 2950 is VLAN 1, so all you have to do is plug your computers into the (working) ports of the 2950, without configurung anything else.
HTH,
GP -
Error when connect to SAP with JCo Connector on linux
Dear all,
Please, i need help. i was tray to connect to SAP with SAP JCo on linux ubuntu, but i have an error.
this is the error :
com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed
Connect_PM GWHOST=myhost, GWSERV=sapgw00, ASHOST=myhost, SYSNR=00
LOCATION CPIC (TCP/IP) on local host
ERROR hostname 'avatar-bumi' unknown
TIME Thu Feb 14 15:25:48 2008
RELEASE 640
COMPONENT NI (network interface)
VERSION 37
RC -2
MODULE niuxi_mt.c
LINE 388
DETAIL NiPGetHostByName2: hostname 'avatar-bumi' not found
SYSTEM CALL gethostbyname_r
ERRNO 110
ERRNO TEXT Connection timed out
COUNT
at com.sap.mw.jco.rfc.MiddlewareRFC$Client.nativeConnect(Native Method)
at com.sap.mw.jco.rfc.MiddlewareRFC$Client.connect(MiddlewareRFC.java:1125)
at com.sap.mw.jco.JCO$Client.connect(JCO.java:3138)
at sapjco.Main.main(Main.java:34)
Exception in thread "main" com.sap.mw.jco.JCO$Exception: (121) JCO_ERROR_NULL_HANDLE: Invalid rfc_handle = NULL encountered
at com.sap.mw.jco.rfc.MiddlewareRFC.nativeGetAttributes(Native Method)
at com.sap.mw.jco.rfc.MiddlewareRFC$Client.getAttributes(MiddlewareRFC.java:1233)
at com.sap.mw.jco.JCO$Client.getAttributesInternal(JCO.java:2940)
at com.sap.mw.jco.JCO$Client.getAttributes(JCO.java:2994)
at sapjco.Main.main(Main.java:38)
How to resolve this error....
Regards,
Lisa
Edited by: Lisa Yanti on Feb 14, 2008 9:35 AMI was resolve this error by my self.
We can handle this error with registering our current IP and host name on /etc/hosts.
example:
content of /etc/hosts:
127.0.0.1 localhost
127.0.1.1 myhost.workgroup
The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
added the ip and host name to be like this configuration
127.0.0.1 localhost
127.0.1.1 myhost.workgroup
172.20.17.74 myhost
The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts -
SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN
Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
- Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
- Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
- I created two vlans, in switch, Data and Voice.
- On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
- On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
- On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
- Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
- Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
- Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
- enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server -
Hello,
I have installed Oracle VM on Dell Poweredge 2950 with broadcom netextrem II chipset NIC. When i configure the vlan with this commands :
vconfig add eth1 201
ifconfig eth1.201 192.168.201.233 up
it's not match. The NIC don't TAG the packets.
If i configure a Red Hat enterprise 5.2 with the same command and port on my switch CISCO, it's OK, the VLAN is correctly TAG.
The drivers in Oracle VM had a problem ?
Thank's for your help.It seems that these drivers are broken:
http://marc.info/?l=linux-netdev&m=117269169822297&w=2
http://www.nabble.com/-PATCH-1-9--bnx2:-Fix-VLAN-on-ASF-td2482908.html
You could recompile kernel by yourself (unsupported) or ask Oracle for patches. -
802.1x with VLAN assignment on Catalyst 2950T-48-SI
I will really appreciate if you can confirm me if the C2950T-48-SI will support the following features.
- IEEE 802.1x with VLAN assignment
- SSHv2
- SNMPv3
The data sheet for the Cisco Catalyst 2950 Series Switches with Standard Image mentions all the above and more features for the 2950T-48-SI, but at the same time the power point presentation, (Cisco Catalyst 2950 Series Switches, and the tool Sofware advisor say that those features are only supported with the Enhanced Image.
If your those feature are supported by the Standard Image, would you please also inform the last IOS version supported.
Thanks a lot.SSH isn't available on the SI version of the 2950 as you require the Crypto features and these are not available for the SI (the documentation is a little vague here but trust me I have upgraded one and it doesn't like it...). The documentation says 'Switches that support only the SI cannot run the cryptographic image.'
802.1x with VLAN assignment is available only in the latest IOS - or at least since 12.1(22).
SNMPv3 is supported.
HTH
Andy -
871 802.1x with vlan assignment aka dynamic vlan
you can do vlan assignment on 871W wireless using the local radius server but unfort only LEAP which is N.G.
I have been pounding on wired 802.1x PEAP (which works) trying to get vlan re-assignment. Have tried with IAS which I am using to do vlan reassignment with the WLC so I have the idea of how it works with IAS. With 871, no go. Have also tried ACS for radius with same results: can't escape the switchport's vlan. With debug radius local you can see the tunnel attributes for reassignment plainly but with debug radius with IAS or ACS, nada.
Using 12.4(6)T advanced IP.
I have just seen that 12.4(4)CX2 has "802.1x with vlan reassignment" but the download is MIA. Wonder what's up with that?
Has anybody got this to work? Any info much appreciated
Greg TurnerSSH isn't available on the SI version of the 2950 as you require the Crypto features and these are not available for the SI (the documentation is a little vague here but trust me I have upgraded one and it doesn't like it...). The documentation says 'Switches that support only the SI cannot run the cryptographic image.'
802.1x with VLAN assignment is available only in the latest IOS - or at least since 12.1(22).
SNMPv3 is supported.
HTH
Andy -
What happen when we connect Two PC with IP from Same subnets
Scenario 2nd : What happen when we connect Two PC with IP from Same subnets. PC1 -192.168.10.1/24 PC2 - 192.168.10.2 on a two different L2 Switch on different vlans which are connected via a LAN cable.
All ports are access ports
Interview Question : No More Info.
Pc1<SwA>------<SwB>PC2
Q.1 Will they communicate If yes what will be packet/frame flow.
Q.2 If not where will be the packet/frame drop. ? Why.
I need step by step if possible plz how the packet moves , vlan taggings n all internal works that happens behind .. plz
thnx in advnce ....Hi Abhishesk,
The PCs should communicate each othet.
Since there is no trunk port involved, there is not tagging involved.
Since both the PCs are into the same subnet. PC1 will not need default gateway for the communication with PC2. So PC1 will start with sending ARP request for PC2 MAC address.
Since all the ports in SW1 are in same VLAN, the ARP should reach all ports including the switchport where SW2 is connected to.
Sw2 has got a complete different access port on ALL the switchports. Sw2 will receive the ARP from Sw1. Remember that there is no tagging for the frame. Hence Sw2 will again send the ARP packet to all the ports which belong to same VLAN wherein the packet is received. ie, Sw2 will send the ARP packet to all the ports in Sw2. PC2 will also get the the ARP.
The ARP reply will make it way back using the same logic.
Now both the PCs can start the actual packet exchange. -
ISP with vlan id , cannot dialup
I use cisco 1921 k9 , made a pppoe setting, here the problem , my ISP come with a vlan ID :620, where should i input this vaule?
HI,
Create Sub-interface with VLAN tag where the IPS modem/Device is connected and then configure the Dialer interface with PPPOE setting.
Example:
Interface Gig 0/0 or 0/1
no ip address
duplex auto
speed auto
interface Gig0/0.620
encapsulation dot1Q 620
pppoe enable group global
pppoe-client dial-pool-number 1
end
interface Dialer0
ip address xxxxxxxxxxxx
ip mtu 1492
ip nat enable
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ( Username)
ppp chap password ( password)
ppp pap sent-username ( Username) password 7 (Password)
end -
Need basic Help - SG300 with vlan and routing
Hi,
i need some basic help with configuring vlan/routing.
Situation:
DSL Router - Cisco 300 - XenServer
192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
goal is, to reach from inside xenserver vms the internet.
vms = 192.168.2.x
gateway ip = 192.168.2.1
what i did:
- configured vlan 102, tagged, with the xenserver port
- configured on xenserver a network with vlan id 102, attached to the vm
- this network is conntected to an external bond
- configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
- automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
any ideas what i misconfigured or whats wrong?
cheers,
-MarcoHi Tom,
ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
But i cant ping external adresses, error: Destination net unreachable.
My other problem i have, i cant reach any server from outside over router portforwarding.
How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
IPv4 Interface Table
Interface
IP Address Type
IP Address
Mask
Status
VLAN 1
Static
192.168.1.19
255.255.255.0
Valid
Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
when switching to layer 3 mode), but ive to look for the ios commands first.
What else do i missing ?
Thanks a lot,
Marcus -
4250-sx connecting to 6500 for vlan pair mode
I am not sure if this question should be asked on the ids forum or the switching forum. Please let me know if it is the wrong place to be asking.
Could someone perhaps help? It the first time we are configuring this setup so we need some help in configuring the SX interface on a 6500 switch.
We would like to connect our 4250-SX ips sensor (5.1) for inline vlan pair mode to a 6500 catalyst running ios software. The switch has a fiber SC type connection. We would like to find a document that best describes how the interface on the switch should be configured for successful operation for this solution. Can someone point us to this document? We have been told that the port will need to be configured as an 802.1q trunk. Is this correct?
We would also like to filter all unneeded vlans from propagating on to that trunk. What is the best way to do this?
Thanks in advanceWhether the port is fiber or copper won't really matter much.
The first step is determine between which 2 vlans you will want to do inline vlan pair monitoring.
The most direct solution is to pick one existing vlan, and create one brand new vlan.
Now trunk both of these vlans on the switch port where the sensor is connected:
Here is a basic example configuration for that switch port:
interface GigabitEthernet1/1
switchport
switchport access vlan 1
switchport trunk native vlan 1
switchport trunk allowed vlan 100-101
switchport mode trunk
no ip address
no shutdown
exit
Vlan 100 was the existing vlan, and vlan 101 was the newly created vlan.
The vlan 1 settings were just to ensure the port was set back to the default of vlan 1 for the access vlan; the vlan 1 setting is not used in the vlan pairing and is not in the list of allowed vlans for the trunk port.
NOTE: You will see that the mode must be forced to trunk. Also be aware that depending on the port you may also have to force the trunk type to 802.1q:
"switchport trunk encapsulation dot1q"
Now on the sensor itself you will want to create an inline vlan pair on that SX interface, and pair vlan 100 with vlan 101.
Now remember that vlan 101 was a new vlan and is empty. So right the now the sensor is doing inline monitoring between that empty vlan and the rest of your network. The trick now is to move Some of the ports from the original vlan into that new vlan.
If this is your first time setting this up, then I suggest you try this with a very simple network with 3 pcs that all talk to each other on the same subnet. All 3 pcs would be in the same vlan to begin with. After the steps above are done to create the new vlan and create the inline vlan pair on the sensor, the next step is to move pcs into the other vlan. So for one PC change it's switch port configuration to move just that one PC from the original vlan (100) to the new vlan (101).
Wait a minute for spanning-tree to run.
Now ensure that the PCs from the orginal vlan can communicate to the PC in that new vlan.
NOTE: Both vlans are for the same IP subnet. The sensor does not IP route between the subnets, it just switches or brides packets between the 2 subnets. So the IPs on the PCs do not change as they get moved to the other vlan.
If you run some tests you will see that the sensor will see all traffic between the PC in the new vlan talking to either of the PCs in the original vlan. But you will also find that if the 2 PCs in the original vlan talk to each other, the sensor is unlikely to see that traffic (on occasion it will, but the sensor is just receiving a copy during broadcast and multicast situations).
Typical deployments will have something like a firewall in the original vlan, and the Internal network machines moved to the new vlan. Or if the switch itself is routing, then the switch will have it's ip address on the original vlan, and all of the other machines will be moved to the new vlan.
You also have the option of creating additional inline vlan pairs. To do this just create a new vlan for every original vlan where you want to add inline vlan pair monitoring.
Then just add those vlans to the trunk allowed vlan command and create the pair in the sensor configuration.
So let's say you also wanted to pair vlans 104 and 105 together. Then the command would look like:
switchport trunk allowed vlan 100-101,104-105
Your question about how do you keep the unneeded vlans from propogating is answered by that same command above. The "allowed vlan" list will restrict the trunk to only carrying those vlans listed. -
Two srw switches with vlans and pfsense gatway
Hi,
I've got a bit of a problem that a can't seem to get a handle of things.
I've got two srw 48 port switches that I would like to link together and then on to the pfsense box.
First I'd like to connect the two switches to see if everything works and then on connect the pfsense box.
Now I would be very great full if someone with a bit more experience with VLANs would be so kind to walk me trough the procedure of creating VLANs, configuring them to ports on the switch and connecting the whole thing to another switch.
This is what I've done so fare.
1. I created 3 VLANs on both switches (VLAN2-office,VLAN3-WiFi, VLAN5-VoIP). I've created these VLANs with the same tags on all the devices.
2. I configured the ports that connect the switches as trunk. (I can't seem to be able to configure anything else on this port. Is there something else I should configure on these ports?)
Now as fare as I understand the documentation the VLANs on each switch should now see each other.
I'm still not sure on how to configure a physical port to one VLAN. After creating the VLANs on both switches and connecting them trough the trunk port I set ports 10-20 to VLAN2 by going to VLAN Management -> Ports to VLAN I selected VLAN2 and marked ports general and untagged and saved the settings. I repeated the procedure on the other switch. Now if I stuck my network cable into one of this ports I didn't get an IP anymore form the DHCP witch means that they were on a different VLAN than the other ports so I setup another router to act as a test DHCP with a different IP range as the main DHCPto see if it works. Now when I connectedthe test router to one of the ports in VLAN2 and my PC to the same VLAN2 port I got the test IP no problem. But when I connected the PC to the other switch VLAN2 port nothing happened until I connected the test DHCP to one of the VLAN2 ports. So clearly the switch VLANs are not communicating.
Now I don't know did I forget something, made a mistake with some setting or I just don't know what I'm doing because I think I need to get the VLANs between switches working before tackling the pfsense connection.
I would be really great full if someone explains to me how to set these VLANs up so that they would work between switches.
Thank you for your help.Hi,
I was successful and I did exactly that. I put all VLANs on trunk ports and the switch to switch to pfSense started to work.
The only thing that gave me some problems was the end port(port connecting to the device pc, phone, printer) configuration. I was under the impression that the port was supposed to be in general mode and tagged. But I figured out that the port is supposed to be in access mode and untagged and only a member of one VLAN(the one I wanted it to connect to).
Anyway all is working now and I've figured out all the kinks.
So thanks guys for the help.
Nice day to all.
Bye
Maybe you are looking for
-
How to restore a Note in Mail from Time Machine
I have accidentally deleted some text in a note that I had in Mail (Notes). Trying to undo didn't work, and I can't find the file to restore it back from Time Machine. I've tried searching with spotlight but couldn't find anything. Any ideas of where
-
How to make a pdf (form) accessible for reader in Adobe Acrobat x pro?
Hi guys, i have bit of a problem here as i am new to the Acrobat pro X Using Acrobat pro 9 i always could save a LiveCycle pdf form with permission to fill and save as a reader user. now i have upgraded to cs6 and i have no clue how to do that anymo
-
I have an account with That Free Thing and Alert Pay. It's linked to my AOL email. I have just been informed that I should change to Firefox. How do I go about transferring everything? If I already have Gmail connected to Firefox and eventually will
-
How to display images in a simple or alv report
Dear gurus , i want to create a classical or ALV Report showing material codes(mara-matnr) and their respective images . how can i achieve it means where i will store the images and how i will fetch it in the report .Plz send any sample code for this
-
IDOC--XI--IDOC Using ABAP MAPPING
Hi all, My requirement is to map source IDOC fields to target IDOC fields using ABAP Mapping. few fields in source idoc structure has to be merged into a single field in target idoc structure. need help on how to start with as i am not exposed to ABA