881 - How to configure inter-VLAN routing
I hesitate to post here -- I know that I should know my job. But here goes...
Small business wants to use an ASA 5505 firewall on the edge connected to VDSL modem, and then an 881 to route internally (see attachment). The 881 has a downstream link to a 2960.
Want the following "blocks":
VLAN 33 - CLIENTS
VLAN 55 - SERVERS
VLAN 101 - CDLAB
The lab is for testing, and will be connected via Cisco 2500 series router. The server farm (Server 2008 domain +) will be connected via layer 2 switch over VLAN. A DMZ is anticipated after basic connectivity is established. Connectivity is already verified from a client connected to the INSIDE interface of the ASA going to the OUTSIDE and back.
Before I started I wiped the devices in order to start clean. Both the router and the switch are in vtp mode transparent.
To build a trunk link, I connected the 881 and the 2960 using a crossover cable from int fa0 to int fa0/8 respectively.
On both devices' interfaces I set switchport mode trunk.
I configured the 3 VLANs on the 881, assigned IP addresses to them, and used switchport trunk allowed vlan add 33,55,101 to assign them to the trunk but that doesn't appear in the sh run output under the interface.
I set both devices' to switchport nonegotiate (best practices?). Once again, on the 881 this command doesn't appear in the running config.
I configured the 3 VLANs on the 2960, then used the same switchport commands as above to assign them to the trunk.
Here's the deal.
From a client connected to a VLAN 33 access port on the 2960, I can't ping, for example, the VLAN 55 IP address. I can ping the VLAN 33 IP address. I also can't ping the IP address of the interface on the far side of the router headed to the ASA (int fa4).
What am I doing wrong? I'll gladly post the running configs if anyone wants to see. I've spent most of the day on this racking my brain and literally scouring the Internet. I'd be very grateful for some assistance.
Help!
Thanks, Mike.
Yeah, I might not have been too clear. But on the router, each VLAN was created using the vlan 33 command (for example) and given a name. Then I went to int vlan 33 (for example) and used ip address 10.0.33.xx 255.255.255.0 for the address and subnet mask. Those have been in place since I started. And like I said, I can ping the SVI for VLAN 33, which is mapped to the client access port I'm on.
The problem is, I still can't ping inter-VLAN and I still can't ping the far side interface.
Bummer...
Similar Messages
-
Inter-vlan routing on CIsco 881 router ?
Hello, I have configured my 881 to perform inter-VLAN routing i.e. I am using ports 0-2 as tagged switch ports (with PC's plugged in and addressed on their relevant subnets) and port 3 as a trunk feeding in to port 4 as a router on stick configuration.
For some reason I am unable to ping between subnets. It seems the trunk is failing ?
Could someone please take a look and help me out. It must be something basic. This is driving me crazy.
p.s. I have entered 'switchport trunk encapsulation dot1q' on port 3 (the trunk) however it is not showing up.
Thank you kindly for any help.
Building configuration...
Current configuration : 1564 bytes
! Last configuration change at 22:45:55 UTC Wed Apr 29 2015
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
ip flow-cache timeout active 1
ip cef
no ipv6 cef
license udi pid CISCO881-K9 sn FGL171824DY
interface FastEthernet0
switchport access vlan 10
no ip address
interface FastEthernet1
switchport access vlan 10
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
switchport trunk native vlan 15
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet4
no ip address
ip flow ingress
ip flow egress
duplex auto
speed auto
interface FastEthernet4.1
encapsulation dot1Q 15 native
ip address 192.168.15.1 255.255.255.0
interface FastEthernet4.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
interface FastEthernet4.10
encapsulation dot1Q 10
ip address XXX.XXX.XXX.XXX 255.255.255.252 <== altered to block public ip address details
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip default-gateway XXX.XXX.XXX.XXX <== altered to block public ip address details
ip forward-protocol nd
no ip http server
no ip http secure-server
ip flow-export source FastEthernet4
ip flow-export version 5 origin-as
ip flow-export destination 192.168.247.232 9996
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX <== altered to block public ip address details
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
endAre you able to provide a diagram please? Having trouble understanding what you are trying to do.
-
Inter VLAN Routing for IEC 61850
Hello,
Hoping someone can help me with this query. I'm in the process of configuring two CGS2520 switches located in two electrical substations. Each of these switches have Protection Relays and Remote Terminal Units (RTUs) connected to them. These devices communicate with each other as follows:
IEC 61850 GOOSE: http://en.wikipedia.org/wiki/Generic_Substation_Events
IEC 61850 MMS: http://en.wikipedia.org/wiki/IEC_61850
- Protection Relay to Protection Relay communication within either substation (Using IEC 61850 GOOSE - VLAN 11 and VLAN 21)
- Protection Relay to Protection Relay communication between substations (Using IEC 61850 GOOSE - VLAN 50)
- RTU to Protection Relay (Using IEC 61850 MMS - VLAN 10 and VLAN 20)
I've attached an image (hope that clears things out). Basically GOOSE traffic is VLAN tagged and and the MMS traffic is untagged.
I need to be able to route between VLAN 10 and VLAN 20 between the substations and I want to allow VLAN 50 between the substations. How do I go about configuring this?
So far I've configured the interfaces as follows:
Switch A2:
Fa0/5 and Fa0/7 (Protection Relay Ports)
port type nni
switchport trunk native vlan 10
switchport trunk allowed vlan 11, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 10
Switch B1
Fa0/4 and Fa0/5 (Protection Relay Ports)
port type nni
switchport trunk native vlan 20
switchport mode allowed vlan 21, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 20
Locally at each substation this seems to work (I can ping the Protection Relays from the RTU port and the Protection Relays send each other GOOSE messages). However I don't know how to configure the inter vlan routing (I want to be able to ping a Protection Relay Substation B from the RTU Port at Substation A) at and how to configure the switch interfaces that connect to each other?
Any help is much appreciated.
Thanks
DarshHello DarshanaD,
Could you fix this? Im asking because I have the same problem right now.
I'll appreciated if you can tell me how did you configure the inter VLAN routing.
Thanks
Ali -
Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper
Hope that somebody can help me with the setup in the screenshot.
Planning to use Auto-Voice VLAN and Smartports to configure VOIP
LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right?
Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
Normal data should pass the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
Still confused on how to set it up, hope that someone can point me in the right directionIf you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS. -
RV130W Inter-VLAN Routing occurs even when disabled
On my RV130W I have two VLANs set up:
VLAN1:
VLAN100:
Inter-VLAN Routing is NOT enabled:
Why then am I able to ping hosts in a different VLAN?
Does this require a bug fix?I put my theory to the test and it worked as I thought
which is that vlan 101 could get to vlan 102 and vice versa
but vlan 1 could get to either and vice versa
I take it that this is probably due to how the router os is setup and hardware options on it
based on that there is probably only a couple of real interfaces
and that the vlan 1 is assigned to the one of them or to the switch interface
and the other vlans are just attached to it,
vlan 1 has to be able to cross communicate due to my guess that there aren't enough real interfaces
in that vlan is the end gateway and the other vlans are just virtual gateways if you will
This is what I did with the ports
In my lab I actually don't assign vlan 1 to any ports at all, nothing is on it except that actual router
but I left it on a port for you to see, as it might be handy to connect to in worst case scenarios
which works because of routing
as to whether its a feature or a bug or a limitation is hard to say without more info from cisco -
Inter VLAN Routing with ASA 5520 and Cat 2960
Hi there,
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).
As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology.
I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs. Any assistance would be greatly appreciated.
ROUTER CONFIG:
ciscoasa#
ciscoasa# show run
: Saved
ASA Version 8.3(1)
hostname ciscoasa
domain-name null
enable password ###### encrypted
passwd ###### encrypted
names
dns-guard
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
interface GigabitEthernet0/1
no nameif
security-level 100
ip address 10.10.1.1 255.255.255.0
interface GigabitEthernet0/1.10
vlan 10
nameif vlan10
security-level 100
ip address 10.10.10.1 255.255.255.0
interface GigabitEthernet0/1.20
vlan 20
nameif vlan20
security-level 100
ip address 10.10.20.1 255.255.255.0
interface GigabitEthernet0/1.30
vlan 30
nameif vlan30
security-level 100
ip address 10.10.30.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa831-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name null
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list global_access extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu vlan10 1500
mtu vlan20 1500
mtu vlan30 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
access-group global_access global
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.5 inside
dhcpd enable inside
dhcpd address 10.10.10.101-10.10.10.253 vlan10
dhcpd enable vlan10
dhcpd address 10.10.20.101-10.10.20.253 vlan20
dhcpd enable vlan20
dhcpd address 10.10.30.101-10.10.30.253 vlan30
dhcpd enable vlan30
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4ad1bba72f1f51b2a47e8cacb9d3606a
: end
SWITCH CONFIG
Switch#show run
Building configuration...
Current configuration : 2543 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Switch
boot-start-marker
boot-end-marker
no aaa new-model
system mtu routing 1500
ip subnet-zero
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1
vlan internal allocation policy ascending
interface GigabitEthernet0/1
description Port Configured As Trunk
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport mode trunk
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
interface GigabitEthernet0/3
switchport access vlan 20
switchport mode access
interface GigabitEthernet0/4
switchport access vlan 30
switchport mode access
interface GigabitEthernet0/5
interface GigabitEthernet0/6
interface GigabitEthernet0/7
interface GigabitEthernet0/8
interface GigabitEthernet0/9
interface GigabitEthernet0/10
interface GigabitEthernet0/11
interface GigabitEthernet0/12
interface GigabitEthernet0/13
interface GigabitEthernet0/14
interface GigabitEthernet0/15
interface GigabitEthernet0/16
interface GigabitEthernet0/17
interface GigabitEthernet0/18
interface GigabitEthernet0/19
interface GigabitEthernet0/20
interface GigabitEthernet0/21
interface GigabitEthernet0/22
interface GigabitEthernet0/23
interface GigabitEthernet0/24
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface GigabitEthernet0/27
interface GigabitEthernet0/28
interface GigabitEthernet0/29
interface GigabitEthernet0/30
interface GigabitEthernet0/31
interface GigabitEthernet0/32
interface GigabitEthernet0/33
interface GigabitEthernet0/34
interface GigabitEthernet0/35
interface GigabitEthernet0/36
interface GigabitEthernet0/37
interface GigabitEthernet0/38
interface GigabitEthernet0/39
interface GigabitEthernet0/40
interface GigabitEthernet0/41
interface GigabitEthernet0/42
interface GigabitEthernet0/43
interface GigabitEthernet0/44
interface GigabitEthernet0/45
interface GigabitEthernet0/46
interface GigabitEthernet0/47
interface GigabitEthernet0/48
interface Vlan1
ip address 10.10.1.2 255.255.255.0
no ip route-cache
interface Vlan10
no ip address
no ip route-cache
interface Vlan20
no ip address
no ip route-cache
interface Vlan30
no ip address
no ip route-cache
ip default-gateway 10.10.1.1
ip http server
ip http secure-server
control-plane
line con 0
line vty 5 15
endciscoasa# capture cap10 interface vlan10
ciscoasa# capture cap20 interface vlan20
ciscoasa# show cap cap10
97 packets captured
1: 17:32:32.541262 802.1Q vlan#10 P0 10.10.10.101.2461 > 10.10.10.1.8905: ud
p 96
2: 17:32:36.741294 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
3: 17:32:36.741523 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
4: 17:32:37.539217 802.1Q vlan#10 P0 10.10.10.101.2462 > 10.10.10.1.8905: ud
p 98
5: 17:32:39.104914 802.1Q vlan#10 P0 10.10.10.101.2463 > 10.12.5.64.8906: ud
p 95
6: 17:32:41.738914 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
7: 17:32:41.739143 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
8: 17:32:42.544023 802.1Q vlan#10 P0 10.10.10.101.2464 > 10.10.10.1.8905: ud
p 93
9: 17:32:46.747352 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
10: 17:32:46.747580 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
11: 17:32:47.546633 802.1Q vlan#10 P0 10.10.10.101.2465 > 10.10.10.1.8905: ud
p 98
12: 17:32:51.739921 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
13: 17:32:51.740150 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
14: 17:32:52.544100 802.1Q vlan#10 P0 10.10.10.101.2466 > 10.10.10.1.8905: ud
p 98
15: 17:32:56.741859 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
16: 17:32:56.742088 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
17: 17:32:57.547396 802.1Q vlan#10 P0 10.10.10.101.2467 > 10.10.10.1.8905: ud
p 98
18: 17:33:01.742728 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
19: 17:33:01.742957 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
20: 17:33:02.547609 802.1Q vlan#10 P0 10.10.10.101.2468 > 10.10.10.1.8905: ud
p 97
21: 17:33:06.742774 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
22: 17:33:06.743018 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
23: 17:33:07.543337 802.1Q vlan#10 P0 10.10.10.101.2469 > 10.10.10.1.8905: ud
p 93
24: 17:33:10.375514 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
25: 17:33:11.114679 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
26: 17:33:11.742728 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
27: 17:33:11.742957 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
28: 17:33:11.864731 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
29: 17:33:12.546266 802.1Q vlan#10 P0 10.10.10.101.2470 > 10.10.10.1.8905: ud
p 98
30: 17:33:16.746497 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
31: 17:33:16.746726 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
32: 17:33:17.548403 802.1Q vlan#10 P0 10.10.10.101.2471 > 10.10.10.1.8905: ud
p 97
33: 17:33:21.744880 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
34: 17:33:21.745109 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
35: 17:33:22.545351 802.1Q vlan#10 P0 10.10.10.101.2472 > 10.10.10.1.8905: ud
p 95
36: 17:33:23.785558 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
37: 17:33:24.522464 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
38: 17:33:25.272568 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
39: 17:33:26.744926 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
40: 17:33:26.745154 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
41: 17:33:27.548708 802.1Q vlan#10 P0 10.10.10.101.2473 > 10.10.10.1.8905: ud
p 96
42: 17:33:31.749625 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
43: 17:33:31.749854 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
44: 17:33:32.550096 802.1Q vlan#10 P0 10.10.10.101.2474 > 10.10.10.1.8905: ud
p 97
45: 17:33:36.748343 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
46: 17:33:36.748572 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
47: 17:33:37.546251 802.1Q vlan#10 P0 10.10.10.101.2475 > 10.10.10.1.8905: ud
p 95
48: 17:33:41.745566 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
49: 17:33:41.745795 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
50: 17:33:42.547975 802.1Q vlan#10 P0 10.10.10.101.2476 > 10.10.10.1.8905: ud
p 97
51: 17:33:46.747855 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
52: 17:33:46.748084 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
53: 17:33:47.548403 802.1Q vlan#10 P0 10.10.10.101.2477 > 10.10.10.1.8905: ud
p 94
54: 17:33:51.747718 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
55: 17:33:51.747931 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
56: 17:33:52.547670 802.1Q vlan#10 P0 10.10.10.101.2478 > 10.10.10.1.8905: ud
p 97
57: 17:33:54.134239 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
58: 17:33:56.750678 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
59: 17:33:56.750891 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
60: 17:33:57.563035 802.1Q vlan#10 P0 10.10.10.101.2479 > 10.10.10.1.8905: ud
p 97
61: 17:33:59.245272 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
62: 17:34:01.752188 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
63: 17:34:01.752402 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
64: 17:34:01.995737 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
65: 17:34:01.995813 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
66: 17:34:01.995950 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
67: 17:34:01.996011 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
68: 17:34:01.996118 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
69: 17:34:01.996179 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
70: 17:34:02.551836 802.1Q vlan#10 P0 10.10.10.101.2480 > 10.10.10.1.8905: ud
p 98
71: 17:34:03.011306 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
72: 17:34:03.011367 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
73: 17:34:03.011443 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
74: 17:34:03.011489 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
75: 17:34:03.011550 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
76: 17:34:03.011596 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
77: 17:34:04.027037 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
78: 17:34:04.027082 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
79: 17:34:04.027174 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
80: 17:34:04.027250 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
81: 17:34:04.027311 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
82: 17:34:04.027357 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
83: 17:34:04.745811 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
84: 17:34:06.058514 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
85: 17:34:06.058605 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
86: 17:34:06.058651 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
87: 17:34:06.058712 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
88: 17:34:06.058758 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
89: 17:34:06.058819 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
90: 17:34:06.750907 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
91: 17:34:06.751151 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
92: 17:34:07.552751 802.1Q vlan#10 P0 10.10.10.101.2481 > 10.10.10.1.8905: ud
p 96
93: 17:34:11.752082 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
94: 17:34:11.752326 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
95: 17:34:12.553392 802.1Q vlan#10 P0 10.10.10.101.2482 > 10.10.10.1.8905: ud
p 96
96: 17:34:16.755438 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
97: 17:34:16.755682 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
98: 17:34:17.554811 802.1Q vlan#10 P0 10.10.10.101.2483 > 10.10.10.1.8905: ud
p 97
99: 17:34:21.751303 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
100: 17:34:21.751563 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
101: 17:34:22.552034 802.1Q vlan#10 P0 10.10.10.101.2484 > 10.10.10.1.8905: ud
p 95
102: 17:34:26.753989 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
103: 17:34:26.754218 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
104: 17:34:27.560334 802.1Q vlan#10 P0 10.10.10.101.2485 > 10.10.10.1.8905: ud
p 98
105: 17:34:31.755499 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
106: 17:34:31.755728 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
107: 17:34:32.563950 802.1Q vlan#10 P0 10.10.10.101.2486 > 10.10.10.1.8905: ud
p 95
107 packets shown
ciscoasa# show cap cap20
92 packets captured
1: 17:26:53.653378 802.1Q vlan#20 P0 10.10.20.101.1187 > 216.49.94.13.80: S 8
20343450:820343450(0) win 65535
2: 17:27:12.019133 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
3: 17:27:17.214481 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
4: 17:27:55.593688 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
499891746:1499891746(0) win 65535
5: 17:27:58.555284 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
499891746:1499891746(0) win 65535
6: 17:28:04.564790 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
499891746:1499891746(0) win 65535
7: 17:29:06.504856 802.1Q vlan#20 P0 arp who-has 10.10.20.1 tell 10.10.20.101
8: 17:29:06.504917 802.1Q vlan#20 P0 arp reply 10.10.20.1 is-at 54:75:d0:ba:4
6:bb
9: 17:29:06.505222 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
7080594:47080594(0) win 65535
10: 17:29:09.467032 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
7080594:47080594(0) win 65535
11: 17:29:15.476537 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
7080594:47080594(0) win 65535
12: 17:30:17.417245 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
445997597:1445997597(0) win 65535
13: 17:30:18.156043 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
14: 17:30:20.378688 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
445997597:1445997597(0) win 65535
15: 17:30:23.220356 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
16: 17:30:26.388102 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
445997597:1445997597(0) win 65535
17: 17:30:28.721047 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
18: 17:30:34.222507 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
19: 17:33:43.156928 802.1Q vlan#20 P0 arp who-has 10.10.20.101 tell 10.10.20.1
01
20: 17:33:44.187002 802.1Q vlan#20 P0 arp who-has 10.10.20.1 tell 10.10.20.101
21: 17:33:44.187047 802.1Q vlan#20 P0 arp reply 10.10.20.1 is-at 54:75:d0:ba:4
6:bb
22: 17:33:44.187261 802.1Q vlan#20 P0 10.10.20.101 > 10.10.20.1: icmp: echo re
quest
23: 17:33:44.187520 802.1Q vlan#20 P0 10.10.20.1 > 10.10.20.101: icmp: echo re
ply
24: 17:33:44.239016 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
25: 17:33:44.327360 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
26: 17:33:44.989740 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
27: 17:33:45.150611 802.1Q vlan#20 P0 10.10.20.101.6646 > 10.10.20.255.6646:
udp 236
28: 17:33:45.331312 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
udp 34
29: 17:33:45.740943 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
30: 17:33:46.331892 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
31: 17:33:46.492131 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
32: 17:33:47.243502 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
33: 17:33:47.994501 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
34: 17:33:48.335050 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
35: 17:33:48.335141 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
udp 34
36: 17:33:48.745658 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
37: 17:33:49.496861 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
38: 17:33:50.248812 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
39: 17:33:50.249300 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
40: 17:33:50.999170 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
41: 17:33:50.999246 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
42: 17:33:51.750342 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
43: 17:33:51.750418 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
44: 17:33:52.341336 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
45: 17:33:52.341474 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
udp 34
46: 17:33:52.501576 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
47: 17:33:52.501652 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
48: 17:33:53.254183 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
49: 17:33:53.254320 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 204
50: 17:33:54.134361 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
51: 17:33:54.755118 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
52: 17:33:54.823535 802.1Q vlan#20 P0 10.120.2.198.1261 > 161.69.12.13.443: R
250934743:250934743(0) ack 2427374744 win 0
53: 17:33:54.823901 802.1Q vlan#20 P0 10.120.2.198.1262 > 161.69.12.13.443: R
3313764765:3313764765(0) ack 1397588942 win 0
54: 17:33:54.824618 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
2860571026:2860571026(0) win 65535
55: 17:33:56.257448 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
56: 17:33:57.759833 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
57: 17:33:57.779729 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
2860571026:2860571026(0) win 65535
58: 17:33:59.245394 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
59: 17:33:59.262178 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
60: 17:34:00.263780 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
61: 17:34:01.265382 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
62: 17:34:02.266908 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
63: 17:34:03.268540 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
64: 17:34:03.789189 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
2860571026:2860571026(0) win 65535
65: 17:34:04.019591 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
66: 17:34:04.745933 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
67: 17:34:04.770757 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
68: 17:34:05.521991 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
69: 17:34:06.273209 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
70: 17:34:07.024367 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
71: 17:34:07.775518 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
72: 17:34:08.526706 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
73: 17:34:09.277939 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
74: 17:34:09.278061 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
75: 17:34:09.278702 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 204
76: 17:34:15.810489 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
77: 17:34:16.809726 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
udp 31
78: 17:34:17.811222 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
79: 17:34:19.814349 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
80: 17:34:19.814380 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
udp 31
81: 17:34:23.820682 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
82: 17:34:23.820788 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
udp 31
83: 17:34:30.822924 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 50
84: 17:34:31.572892 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 50
85: 17:34:32.324079 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 50
86: 17:34:33.083079 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
87: 17:34:34.077007 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
udp 44
88: 17:34:35.078639 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
89: 17:34:37.081584 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
90: 17:34:37.081706 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
udp 44
91: 17:34:41.087809 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
92: 17:34:41.087840 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
udp 44
92 packets shown -
3750 SMI is HSRP possible with inter-VLAN routing
Dear Netprof,
Wondering if anyone has managed to do this in practice.
I have two sites separate by a LES100 circuit, which is currently configured as a trunk.
I have 2 x 3750G-48-SMI's at each site (total of 4).
I want to have the same vlan numbering at each site, i.e vlans 10, 20, 30, etc for users and vlans 100, 200, 300 for servers then another load of vlans for DMZ and market feeds.
The same VLANs would be presented at both sites.
Is it possible to setup HSRP so that on each stack inter-VLAN routing can occur on each site if the LES 100 fails.
Any web links would be appreciated.
Thanks in advance,
Regards, adrian.Hi, many thanks for your assistance on this.
I totally agree, the best way would be to have a different default gateway configured at each site. However I have all the client machines with static addresses and this would involve a lot of work.
The vlans that are split between the sites has the majority of users at one site, so vlan 10 would have 95% of the users at site 1 and vlan 20 would have 95% of the users at site 2.
I was planning on balancing the HSRP between the switches so on vlan 10 the primary switch (active) would be at site 1 and secondary (standby) would be at site 2. The reverse configuration would be used for vlan 20.
I am thinking along the lines of something like this for the config, can I have your thoughts?
Site 1
Interface vlan 10
Ip address 192.168.10.2 255.255.255.0
Standby 1 ip 192.168.10.1
standby 1 priority 110
standby 1 preempt
Interface vlan 20
Ip address 192.168.20.2 255.255.255.0
Standby 2 ip 192.168.20.1
Interface vlan 30
Ip address 192.168.30.2 255.255.255.0
Standby 3 ip 192.168.30.1
standby 3 priority 110
standby 3 preempt
Interface vlan 40
Ip address 192.168.40.2 255.255.255.0
Standby 4 ip 192.168.40.1
Site 2
Interface vlan 10
Ip address 192.168.10.3 255.255.255.0
Standby 1 ip 192.168.10.1
Interface vlan 20
Ip address 192.168.20.3 255.255.255.0
Standby 2 ip 192.168.20.1
standby 2 priority 110
standby 2 preempt
Interface vlan 30
Ip address 192.168.30.3 255.255.255.0
Standby 3 ip 192.168.30.1
Interface vlan 40
Ip address 192.168.40.3 255.255.255.0
Standby 4 ip 192.168.40.1
standby 4 priority 110
standby 4 preempt
I thought CEF should only need to route the first packet and all remaining packets in the flow should be switched (not routed) ?
Thank again for your assistance.
Regards, Adrian. -
Inter Vlan Routing on a Cisco 861 Router
Hi all
I have a Network with 2 Subnets (2 DHCP servers) , Cisco Switch and a Cisco 861 Router.
On the Router
Fa 4 (WAN port) is connected to the ADSL line
All other 4 ports which are layer 2 ports
I need to achieve inter vlan routing
I have created 2 SVI's and assigned the default ip address on these SVI vlans
I have selected fa 3 as the uplink trunk port that connects to the Switch.
The config on the Fa 3 Trunk port is as shown below
switchport mode trunk
switchport trunk encapsulation dot.1q
switchport trunk allowed vlan all
This config does not show up on the Show Run config even though i did configure it. Is that normal ?
so will inter vlan routing work in this way ?
there should be only one connection between switch and router
Many Thanks.Hi David,
I have enabled what you have specified above which has blocked traffic both ways but it seems to be ignoring all rules to allow RDP, SMTP, IMAP, FTP ect. Settings shown below:
Rules 34 - 38 seem to be ignored for some reason not sure why?
Kind Regards
Richard -
ACE design with inter-Vlan routing
Hello all.
I'm working on a design for a customer where the ACE will perform inter vlan routing.
A few questions about that :
- is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per
https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable
- if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?
example :
VLAN2 (client) ----- ACE ----- VLAN3 (servers)192.168.2.0/24 192.168.3.0/24
If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?
I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.
Thanks in advance.Hello Surya!
Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.
And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.
Cheers,
Marko -
RV180 Router: Cannot get Inter-VLAN Routing to work.
I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
Here is the est-up:.
Upgraded to latest Cisco firmware (1.0.1.9).
Starting with factory default settings, I added 2 VLANS as follows:
vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
vlan vlan2 (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
vlan vlan3 (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
(unconnected)
WAN port
|
Routing/NAT
|
vlan ip 192.168.1.1 192.168.2.1 192.168.3.1
vlan name default vlan2 vlan3
vlan id ID=1 ID=2 ID=3
Inter-VLAN Routing No Yes Yes
Port 1 Untagged Excluded Excluded
Port 2 Excluded Untagged Excluded
Port 3 Excluded Excluded Untagged
Port 4(not of interest) Untagged Excluded Excluded
Port 1 Port 2 Port 3
| | |
AdminPC PC2 PC3
192.168.2.191 192.168.3.181
PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
BUT....
PC2 cannot ping PC3 - NOT WORKING
PC3 cannot ping PC2 - NOT WORKING
(does not work in both Gateway Mode and Router Mode)
ANYONE CAN HELP ME FIGURE OUT WHY ??????
Your help is much appreciated.
I bought this device specifically because it supported inter-VLAN routing!.
Venu
Supporting Information:
Screen captures:
VLAN Membership:
VLAN ID Description Inter VLAN Device Port 1 Port 2 Port 3 Port 4
Routing Mgment
1 Default Disabled Enabled Untagged Excluded Excluded Untagged
2 VLAN2 Enabled Enabled Excluded Untagged Excluded Excluded
3 VLAN3 Enabled Enabled Excluded Excluded Untagged Excluded
Multiple VLAN Subnets:
VLAN ID IP Address Subnet Mask DHCP Mode DNS Proxy Status
1 192.168.1.1 255.255.255.0 DHCP Server Enabled
2 192.168.2.1 255.255.255.0 DHCP Server Enabled
3 192.168.3.1 255.255.255.0 DHCP Server Enabled
Routing Table (Gateway Mode)
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.3.0 0.0.0.0 255.255.255.0 0 0 0 bdg3 Dynamic UP
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 bdg2 Dynamic UP
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
192.168.1.0 192.168.1.1 255.255.255.0 1 0 0 bdg1 Static UP,Gateway
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo Dynamic
Routing Table (Router Mode)
(Same)cadet alain, you hit the nail on the head. The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet. Thank you for your help in resolving this.
I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that. Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it. My current routing table looks like this:
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 bdg2 Dynamic UP
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo Dynamic UP
It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254). Can't seem to find a way to add a default route. -
Cisco Sg500X inter vlan routing - Cisco can you please help - holding up a project
Hey guys
I am simply trying to get inter vlan routing working on an SG500X operating in standalone mode.
I have setup a couple of vlan interfaces on the switch which I assume are routed automatically when ip routing is enabled.
I can ping these vlan interfaces from a pc on the appropriate VLAN (ie - I can ping what should be the default gateway and the gateway and IP are setup correctly on the pc's in question but no traffic will pass from pc to pc.
Have probably missed something obvious - any help would be greatly appreciated, config below:
skelta-dist#sh run
config-file-header
skelta-dist
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2000,3000,4092-4093
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname skelta-dist
line console
exec-timeout 0
exit
line ssh
exec-timeout 0
exit
line telnet
exec-timeout 0
exit
logging console debugging
username admin password encrypted 54f0197510fc8f980214826ad98ecc0291956ebc privilege 15
username cisco password encrypted 007253f1436da456a0880a66bbcc7c1b4a3af284 privilege 15
username readonly password encrypted 9a27718297218c3757c365d357d13f49d0fa3065
snmp-server location "Skelta comms room"
snmp-server contact [email protected]
ip http timeout-policy 0
interface vlan 1
ip address 1.1.1.1 255.255.255.0
no ip address dhcp
interface vlan 2000
name backup
ip address 192.168.50.241 255.255.255.0
interface vlan 3000
name user
ip address 10.129.53.241 255.255.254.0
interface vlan 4092
name server
ip address 10.129.38.241 255.255.255.0
interface vlan 4093
ip address 10.129.100.241 255.255.255.0
interface gigabitethernet1/1
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/2
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/3
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/4
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/5
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/6
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/7
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/8
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/9
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/10
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/11
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/12
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/13
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/14
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/15
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/16
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/17
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/18
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/19
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/20
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/21
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/22
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/23
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/24
switchport mode access
switchport access vlan 2000
interface tengigabitethernet1/1
channel-group 1 mode on
interface tengigabitethernet1/2
channel-group 1 mode on
exit
macro auto disabled
macro auto processing type host enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
macro auto processing type ap disabled
ip helper-address all 0.0.0.0 7
skelta-dist#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 1.1.1.0/24 is directly connected, vlan 1
C 10.129.38.0/24 is directly connected, vlan 4092
C 10.129.52.0/23 is directly connected, vlan 3000
skelta-dist#sh arp
Total number of entries: 3
VLAN Interface IP address HW address status
vlan 3000 gi1/4 10.129.53.1 a4:5d:36:18:12:d6 dynamic
vlan 4092 gi1/12 10.129.38.1 04:7d:7b:5b:f1:1f dynamic
vlan 4092 10.129.38.2 a4:5d:36:18:12:d6 dynamic
These are the two VLANs and above are the two ARP entries for the pc's.
and these are the default gateways:
skelta-dist#sh ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
1.1.1.1/24 vlan 1 Static disable No Valid
10.129.38.241/24 vlan 4092 Static disable No Valid
10.129.53.241/23 vlan 3000 Static disable No Valid
10.129.100.241/24 vlan 4093 Static disable No Valid
192.168.50.241/24 vlan 2000 Static disable No ValidHi Rajeevsh
Ip routing is turned on, the correct connected routes are in the route table, I can see the arp entries for the two pc's but the two pc's cant ping each other (windows firewall is turned off).
I CAN ping the vlan interfaces from both pc's but the pc's cant talk to each other.
The ports are in untagged (switchport access) and obviously in the correct vlans
skelta-dist#sh ip route address 10.129.38.1
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.129.38.0/23 is directly connected, vlan 4092
skelta-dist#sh ip route address 10.129.53.1
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.129.53.0/24 is directly connected, vlan 1
skelta-dist#sh arp
Total number of entries: 2
VLAN Interface IP address HW address status
vlan 1 gi1/4 10.129.53.1 a4:5d:36:18:12:d6 dynamic
vlan 4092 gi1/12 10.129.38.1 04:7d:7b:5b:f1:1f dynamic
skelta-dist#sh ip interface
IP Address I/F I/F Status Type Directed Precedence Status
admin/oper Broadcast
10.129.38.241/23 vlan 4092 UP/UP Static disable No Valid
10.129.53.241/24 vlan 1 UP/UP Static disable No Valid -
How to configure switch to route ISP ethernet handoff? (L3 or VLAN routing)
I have an ISP providing a redundant internet circuit through Ethernet handoff, and I need to route their border network to my firewall which will hold the public IP address block. The handoffs will go into 2 3750 switches stacked, which in turn will be uplinked to an ASA active/standby pair. How do I configure the switches to handle the traffic? The equipment isn't in place yet so I can't test the configuration; just trying to validate the plan. I'm not sure of the pros/cons of using L3 switchport vs VLAN routing.
Example, ISP provides 2 drops, 10.10.10.1/29 and 10.10.10.2/29, and a virtual gateway to route traffic out to the internet, 10.10.10.3/29 (FYI - in reality these are public IP's, just using privates for example). Assume the public block is 192.168.0.0/24. I need to configure the 3750 switches with interfaces of 10.10.10.4/29 and 192.168.0.1/24. The ASA firewall outside interface will be 192.168.0.2/24.
The ISP routes everything destined for 192.168.0.0/24 to 10.10.10.4/29. I need to route all outbound internet traffic to 10.10.10.3/29.
So the 3750 would have a layer 3 port-channel with IP 10.10.10.4/29 to uplink to the ISP drops. It will also have another layer 3 port-channel with IP 192.168.0.1 (or should I use a VLAN interface for both or either?). The ASA outside interface will be 192.168.0.2. On the ASA my default route out is 0.0.0.0 0.0.0.0 192.168.0.1. The default route on the 3750 stack will be 0.0.0.0 0.0.0.0 10.10.10.3.
Thoughts?
[ISP-BORDER1-10.10.10.1]
[INTERNET]----[ISP-BORDER-VIP-10.10.10.3] [3750-L3-PORT-10.10.10.4/192.168.0.1]----------[ASA-192.168.0.2]
[ISP-BORDER2-10.10.10.2]Hi,
Any update on above queries.
Need Solution. -
I am trying to setup a home network for myslef for practice basically that has two VLANs. One will be a secure VLAN with servers, domain access, etc. The other will just be an internet access VLAN.
I have an internet gateway, but only one, that needs to be shared by both VLANs. Currently I have everything setup fine so that I can access the internet from either VLAN. The only problem is I think by opening a link between them to share the internet connection I am also opening s ecurity risk. I need an ACL to allow only internet traffic from the seocnd VLAN to be passed thorugh.
My problem has been that anything I have tried either allows nothing to pass, or everything to pass. I was trying to do just a permit from any host to any host on http, and deny everything else.
Thanks for any help.I have another question for you:
you said that you need to access server on 192.168.1.0/24 , from which subnet? are you connected on the same vlan? or coming from the internet?
somewhere in this network you are doing NAT right? so to get in , you would need a static NAT or outside NAT.
So, if you are coming from internet I think you'd need to set and ACL to permit only the IP you have.
But I guess you're inside vlan 1 192.168.1.0/24, so basically you need to restric traffic from 192.168.2.0/24 to reach 192.168.1.0/24.
You need an ACL on the fa0.2 blocking traffic like this:
ip access-list extended sec-traffic-out
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit any any
int fa0.2
ip access-group sec-traffic-out in
I guess what could be confusing you is that your INTERNET gateway is on 192.168.1.0/24, but outgoing internet traffic will have layer3 destination addresses on a different subnet , like 200.0.0.0/8, so, it wont be blocked by the ACL.
HTH,
if it does, please rate this post,
Vlad
BTW, I think you dont need :
ip default-gateway, as its used when you dont have routing configured (no ip routing).
also ip defaul-network have specific use, I'm not sure you'd need it here too. -
Hi there,
I've got a problem with VLAN routing.
First said, I'm new to VLAN's.
I've set up a Debian DHCP Server with following VLANS:
eth0 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:360 errors:0 dropped:0 overruns:0 frame:0
TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28838 (28.1 KiB) TX bytes:16833 (16.4 KiB)
eth0.1 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.1.0.1 Bcast:10.1.15.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.5 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.105.100.1 Bcast:10.105.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.10 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.110.100.1 Bcast:10.110.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:347 errors:0 dropped:0 overruns:0 frame:0
TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26816 (26.1 KiB) TX bytes:15165 (14.8 KiB)
eth0.15 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.115.100.1 Bcast:10.115.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.20 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.120.100.1 Bcast:10.120.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:230 (230.0 B) TX bytes:0 (0.0 B)
eth0.30 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.130.100.1 Bcast:10.130.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:184 (184.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
and the switch configuration is the following: (shortened for the problems purpose)
switchcfd817#show running-config
config-file-header
switchcfd817
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2,5,10,15,20,30
exit
voice vlan id 15
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.110.100.1
ip dhcp relay enable
bonjour interface range vlan 1
hostname switchcfd817
re: <space>, Quit: q or CTRL+Z, One line: <return> ip ssh password-auth : <return>
clock timezone " " 1
clock summer-time web recurring eu
ip domain polling-interval 18
ip address 10.1.0.10 255.255.240.0
no ip address dhcp
ip dhcp relay enable
interface vlan 2
name Admin
ip address 10.102.100.10 255.255.252.0
interface vlan 5
name Guests
ip address 10.105.100.10 255.255.252.0
ip dhcp relay enable
interface vlan 10
name Server
ip address 10.110.100.10 255.255.252.0
interface vlan 15
name Voice
ip address 10.115.100.10 255.255.252.0
ip dhcp relay enable
interface vlan 20
name Printer
ip address 10.120.100.10 255.255.252.0
ip dhcp relay enable
interface vlan 30
name "Mechanical Engineers"
ip address 10.130.100.10 255.255.252.0
ip dhcp relay enable
interface gigabitethernet1/1/19
switchport trunk allowed vlan add 10,20,30
interface gigabitethernet1/1/20
switchport trunk native vlan 10
interface gigabitethernet1/1/25
switchport mode access
switchport access vlan 5
interface Port-channel1
description data-syn-1
exit
macro auto built-in parameters printer $native_vlan 20
macro auto built-in parameters host $max_hosts 10 $native_vlan 1
With a client connected to a VLAN 30 or VLAN 10 port I get an IP from the DHCP, so DHCP relaying works.
Now the Problem:
I want to ping the DHCP Server on it's VLAN 10 IP 10.110.100.1 from VLAN 5 (static IP: 10.105.100.50 GW: 10.105.100.10)
this shows the routes automatically setup by the switch:
switchcfd817#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.1.0.0/20 is directly connected, vlan 1
C 10.105.100.0/22 is directly connected, vlan 5
C 10.110.100.0/22 is directly connected, vlan 10
C 10.120.100.0/22 is directly connected, vlan 20
C 10.130.100.0/22 is directly connected, vlan 30
and the ARP list from the switch:
switchcfd817#show arp
Total number of entries: 2
VLAN Interface IP address HW address status
vlan 5 gi1/1/25 10.105.100.50 00:80:80:8a:61:14 dynamic
vlan 10 gi1/1/19 10.110.100.1 b8:27:eb:69:d0:18 dynamic
I'm able to ping 10.110.100.10 (Switch on VLAN10) from VLAN 5 but not the DHCP Server.
What am I missing there?
best regards
SundyphaAfter mirroring port GE19 (DHCP Server) I see that the Switch is sending the ping packet to the DHCP Server. But without a VLAN Tag. So what do I have to do, to let the DHCP Server accept VLan10 as it's native? or better, to let the swtich tag the native vlan on a trunk interface to prevent double-tagged packets? And the Switch also does an ARP Request who has 10.110.100.1 despite it should know it in it's ARP Table.
-
SG300 inter-VLAN routing and MAC address changes in incoming packets
Hello
I have SG300-20 working in Layer3 mode
VLAN1 is not used
Internet gateway is in VLAN211
Clients are in other VLANs
Switch is default gateway for clients and itself has internet gateway as default route.
MAC address of switch is XX:XX:XX:XX:XX:63
When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63
But in incoming packets source MAC address is XX:XX:XX:XX:XX:69
Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?Hi Robert,
I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.
When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.
Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.
Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.
Thanks,
Chris
Maybe you are looking for
-
Ipod classic can't be found, can't be read from or written to; what gives?
My ipod classic 160 has recently developed a problem: when I connect it to synch the itunes software hangs for a while, then says either "the ipod cannot be synched because it could not be found" or "could not be read from or written to" or "required
-
Firefox 13.0.1 (Win7 ) crashes after Windows defender update applied
Windows 7 SP1 Firefox 13.0.1 Upgraded to FF 13.0.1 with no problems encountered. The next day I restarted the system and installed the Windows Defender definition update released on 6/15 (11.27.2061.0 - KB915597) via Windows Update. After applying th
-
Calling multiple API for AP invoices
Hi I want to invoke the AP_INVOICES_INTERFACES AND AP_INVOICES_LINES_INTERFACE from bpel. I have coded the transformation for the header part that is ap_invoices_interfaces and have sucessfully invoked it. Now how to invoke the ap_invoices_lines_inte
-
Passing parameters to my applet on apex
i cannot seem to pass parameters to my applet which i embedded on my apex region. can anyone help.
-
Is there a way to export data in 11g and import to 9i