Can single interface accomodates multiple bridge groups

Similar Messages

• ASA 5585-X multiple bridge-groups expected behaviour

  Hi all,
  suppose a deploy of an asa5585-x in transparent mode made by two bridge-groups (2 interfaces each).
  Now suppose that a new traffic flow in direction north-south traverses the bvi1. What's the expected behavior if the traffic going back (south-north) will traverse the bvi2? Will be that traffic correctly recognized as part of the flow previously detected?
  Regards.
  A.M.

  Discovered today that the 'fix' I mention above is more of a workaround, because when I initiated a manual failover for one of the failover groups, the alerts returned. And the failover status was again on Normal (Waiting) for a couple of monitored logical interfaces.
  I was able to workaround the problem as described above.

• Can Single Trip have multiple travel expense reports?

  Hi All,
  Can a single trip have more than one travel expense report linked to it?
  My Client requires different travel receipts for a single trip to have different paymnet cycles.
  Say for a single trip (for 20 days) the airfare paid needs to be settled in next 7 days and the hotel will be reimbursed when employee finishes the trip i.e. after 20 days in this ex.
  Can each of these receipts be settled and then posted to finance separately if they are part of the same travel expense report.
  OR can we have different travel expense reports for the same trip which could then be settled and posted to finance individually?
  Regards,
  Amit

  Hi,
  I think you have some diferents posibilities:
  - Let your employees create differents travel expenses in the same period (Define Schema and Individual Field Control).
  - Let your employee modificate a travel expenses whith settlement status:  "settle".
  Marta.

• Can single machine have multiple JVM running ?

  Hi ,
  I have two questions.
  1) I have running jboss4 and tomcat 5 running in single machine, does it mean that they are running in same same jvm?.
  2) If no how i can configure the jboss and tomcat for running in same/different JVM but in same single physical machine?
  Please help me
  Thanks in advance
  Shuja

  tschodt wrote:
  Greek wrote:
  1) I have running jboss4 and tomcat 5 running in single machine, does it mean that they are running in same same jvm?.In the same JVM instance - no.
  On the same Java installation - depends on how you run them.
  2) If no how i can configure the jboss and tomcat for running in same/different JVM but in same single physical machine?For JBoss you set JAVA_HOME.
  For tomcat - I dunno - should be in the documentation somewhere.Thanks for reply
  for both jboss and tomact i have set jave_home to same the path, how i do ensure that they are running in same jvm instance.

• Bridge-Groups FWSM

  Hello All,
  I have a question about Bridge Groups if someone can help me. So, I have two bridge groups on one FWSM obviously using two different IP Scopes. However I can only have one default route so for instance.
  BVI 1 - 192.168.1.4 (outside1)
  BVI 2 - 192.168.2.4 (outside2)
  ip route outside1 0.0.0.0 0.0.0.0 192.168.1.1
  I now obviously cannot put another default route statement in so how does the FWSM route traffic it doesn't know the destination to when the source is from 192.168.2.x. Does it send it out 192.168.1.1? If so does this become a suboptimal routing issue, and is there possibly a better solution than this? Or is thisnormal and everything is ok? Thanks in advance to all who reply!

  Hi John,
  When the FWSM uses bridge-groups, it is configured in transparent (layer 2) mode. Because of this, the FWSM won't be responsible for routing traffic. It will use a MAC address lookup instead:
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/fwmode_f.html#wp1232185
  One exception to this is management traffic to/from the FWSM. For this, you'll need to specify separate static routes:
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/fwmode_f.html#wp1202704
  "The default route for the transparent firewall, which is required to provide a return path for management traffic, is only applied to management traffic from one bridge group network. This is because the default route specifies an interface in the bridge group as well as the router IP address on the bridge group network, and you can only define one default route. If you have management traffic from more than one bridge group network, you need to specify a static route that identifies the network from which you expect management traffic."
  -Mike

• Cisco ASASM Bridge-group support

  How many bridge groups total are supported. If I have 100 contexts, can each context run 8 bridge groups each for a total of 800 bridge groups? What is the max?

  How many bridge groups total are supported. If I have 100 contexts, can each context run 8 bridge groups each for a total of 800 bridge groups? What is the max?

• Provisioning multiple AD Groups from a Single Privilege

  Experts,
  We're encountering a situation here when we provision to multiple Active Directory groups from a single IDM Role.
  The scenario is this:
  We have a workflow that has multiple conditional and switch tasks that result in the provisioning of users to Active Directory 2008 (mixed mode) Our workflow uses the provisioning framework and all users have been granted the ONLY privilege for the system.
  The workflow will result in adding the users to multiple AD groups sometimes two AD groups that are associated with a single IDM role. The first assignment always works, the second does simply does not occur, no entry in the system or job log although IDM does show that the role has been assigned with an 'OK' status.
  We've accomplished a workaround by redesigning the workflow so that only single roles are assigned at a time and using chain result OK links to move from one provisioning activity to another, but frankly, we are unsatisfied with this.  IDM should be handling this much better through
  I'm wondering if we have a pending value floating out there and we should just be applying the pending value at the end of every AD group add.
  Any thoughts on this would be appreciated.
  Thanks,
  Matt

  Matt,
  In your post you mention "I'm wondering if we have a pending value floating out there and we should just be applying the pending value at the end of every AD group add"... I'm faced with a similar issue were I'm left pending values for privileges after the group is assigned.
  I've imported the AD groups as privileges. I assign them without issue. But when I review the assignments I can see that each corresponding privilege assignment now has a pending value. I can not remove the privilege from the user at this point.
  Have you seen this before? Any suggestions on how I can clean this up. BTW, I'm using the SAP PF basically unchanged...
  Thanks!

• How can I place calendars in multiple calendar groups?

  I would like to use a group for each of my family members but reference some of the same calendars from multiple calendar groups. Here is an example:
  Lets say I have a calendar for school, sport1, sport2, activity, family, and work
  I would like the groups to look like this:
  Me: family and work
  Wife: activity and family
  Son_1: school, sport1 and family
  Son_2: school, sport2 and family
  When a group is visible, that person can see the activities in which they participate. When several groups are visible, though, only single copies of shared events would appear and shared events would only have to be entered once.
  Is there a way to do this or do I need to place this on the feedback page?

  Bernd Alheit wrote:
  How can I place Windows Media Player in my PDF?
  Why want you the media player in a pdf file?
  e.g. pushing Mozart - button to listen to Mozart's music. But it must be a script not embedded player. Is it possible?

• Cisco 1702i WAP: how to get an interface in a non-native bridge group/ VLAN to be recognized by the internal DHCP server

  Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
  Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
  In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
  interface bvi1
    ip address 192.168.1.205 255.255.255.0
    no ip route-cache
    exit
  It would be the ..1. subnet.
  Since the dhcp pool is set as:
  ip dhcp pool GeneralWiFi
    network 192.168.1.0 255.255.255.0
    lease 1
    default-router 192.168.1.1
    dns-server 8.8.8.8
    exit
  There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
  Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
  Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• Can anyone explain how this works (vlans and bridge groups)

  Can someone please explain how this works...I have started to have problems but nothing changed. My problems are vlan1 and 1000 getting blocked on the switchport where the root bridge is attached.
  ROOT BRIDGE:
  ssid state
  station-role root bridge
  rts threshold 4000
  concatenation
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  no snmp trap link-status
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.911
  encapsulation dot1Q 911
  no ip route-cache
  no snmp trap link-status
  bridge-group 5
  interface Dot11Radio0.1000
  encapsulation dot1Q 1000
  no ip route-cache
  no snmp trap link-status
  bridge-group 2
  bridge-group 2 spanning-disabled
  interface Dot11Radio0.2001
  encapsulation dot1Q 2001
  no ip route-cache
  no snmp trap link-status
  bridge-group 253
  bridge-group 253 spanning-disabled
  interface Dot11Radio0.2120
  encapsulation dot1Q 2120
  no ip route-cache
  no snmp trap link-status
  bridge-group 7
  interface Dot11Radio0.2330
  encapsulation dot1Q 2330
  no ip route-cache
  no snmp trap link-status
  bridge-group 3
  bridge-group 3 spanning-disabled
  interface Dot11Radio0.2336
  encapsulation dot1Q 2336
  no ip route-cache
  no snmp trap link-status
  bridge-group 4
  interface Dot11Radio0.2350
  encapsulation dot1Q 2350
  no ip route-cache
  no snmp trap link-status
  bridge-group 6
  interface Dot11Radio0.2901
  encapsulation dot1Q 2901
  no ip route-cache
  no snmp trap link-status
  bridge-group 255
  bridge-group 255 spanning-disabled
  interface Dot11Radio0.2902
  encapsulation dot1Q 2902
  no ip route-cache
  no snmp trap link-status
  bridge-group 254
  bridge-group 254 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  interface FastEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  no snmp trap link-status
  interface FastEthernet0.911
  encapsulation dot1Q 911
  no ip route-cache
  no snmp trap link-status
  bridge-group 5
  interface FastEthernet0.1000
  encapsulation dot1Q 1000 native
  ip address 10.0.32.10 255.255.255.0
  no ip route-cache
  no snmp trap link-status
  bridge-group 1
  interface FastEthernet0.2001
  encapsulation dot1Q 2001
  no ip route-cache
  no snmp trap link-status
  bridge-group 253
  bridge-group 253 spanning-disabled
  interface FastEthernet0.2120
  encapsulation dot1Q 2120
  no ip route-cache
  no snmp trap link-status
  bridge-group 7
  interface FastEthernet0.2330
  encapsulation dot1Q 2330
  no ip route-cache
  no snmp trap link-status
  bridge-group 3
  interface FastEthernet0.2336
  encapsulation dot1Q 2336
  no ip route-cache
  no snmp trap link-status
  bridge-group 4
  interface FastEthernet0.2350
  description 81 River Rd - Labor
  encapsulation dot1Q 2350
  no ip route-cache
  no snmp trap link-status
  bridge-group 6
  interface FastEthernet0.2901
  encapsulation dot1Q 2901
  no ip route-cache
  no snmp trap link-status
  bridge-group 255
  bridge-group 255 spanning-disabled
  interface FastEthernet0.2902
  encapsulation dot1Q 2902
  no ip route-cache
  no snmp trap link-status
  bridge-group 254
  bridge-group 254 spanning-disabled
  interface BVI1
  ip address 10.0.32.10 255.255.255.0
  no ip route-cache
  ip default-gateway 10.0.32.1

  NON-ROOT BRIDGE#2:
  ssid state
  station-role non-root bridge
  rts threshold 4000
  concatenation
  infrastructure-client
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.1000
  encapsulation dot1Q 1000
  no ip route-cache
  bridge-group 254
  bridge-group 254 spanning-disabled
  interface Dot11Radio0.2001
  encapsulation dot1Q 2001
  no ip route-cache
  bridge-group 252
  bridge-group 252 spanning-disabled
  interface Dot11Radio0.2336
  encapsulation dot1Q 2336
  no ip route-cache
  bridge-group 251
  bridge-group 251 spanning-disabled
  interface Dot11Radio0.2901
  encapsulation dot1Q 2901
  no ip route-cache
  bridge-group 253
  bridge-group 253 spanning-disabled
  interface Dot11Radio0.2902
  encapsulation dot1Q 2902
  no ip route-cache
  bridge-group 255
  bridge-group 255 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  hold-queue 80 in
  interface FastEthernet0.1000
  encapsulation dot1Q 1000 native
  no ip route-cache
  bridge-group 1
  interface FastEthernet0.2001
  encapsulation dot1Q 2001
  no ip route-cache
  bridge-group 252
  bridge-group 252 spanning-disabled
  interface FastEthernet0.2336
  encapsulation dot1Q 2336
  no ip route-cache
  bridge-group 251
  bridge-group 251 spanning-disabled
  interface FastEthernet0.2901
  encapsulation dot1Q 2901
  no ip route-cache
  bridge-group 253
  bridge-group 253 spanning-disabled
  interface FastEthernet0.2902
  encapsulation dot1Q 2902
  no ip route-cache
  bridge-group 255
  bridge-group 255 spanning-disabled
  interface BVI1
  ip address 10.0.32.11 255.255.255.0
  no ip route-cache
  ip default-gateway 10.0.32.1

• Cisco 877w -Configuration of subinterfaces and main interface within the same bridge group is not permitted

  Hi,
  I have another problem - after upgrade ios wirelles connection not work.
  After reload i have :
  Configuration of subinterfaces and main interface
  within the same bridge group is not permitted
  STP: Unable to get the port parameters.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  SETUP: new interface NVI0 placed in "shutdown" state
  my old configuration work propertly in the old software, but after update i have notificatio.
  Old thread:
  https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
  my current sh run:
  version 12.4 
  no service pad 
  service tcp-keepalives-in 
  service tcp-keepalives-out 
  service timestamps debug datetime msec localtime 
  service timestamps log datetime msec localtime 
  service password-encryption 
  hostname cisco 
  boot-start-marker 
  boot system flash:c870-advipservicesk9-mz.124-24.T6.bin 
  boot-end-marker 
  logging message-counter syslog 
  logging buffered 4096 informational 
  enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s. 
  aaa new-model 
  aaa session-id common 
  dot11 syslog 
  dot11 ssid ciscowifi 
   vlan 1 
   authentication open 
   authentication key-management wpa 
   guest-mode 
   wpa-psk ascii 7 050D031D26595D0617 
  dot11 wpa handshake timeout 500 
  ip source-route 
  no ip dhcp use vrf connected 
  ip dhcp excluded-address 192.168.56.1 
  ip dhcp pool CLIENT 
     import all 
     network 192.168.56.0 255.255.255.0 
     default-router 192.168.56.1 
     dns-server 8.8.8.8 194.204.159.1 194.204.152.34 
     lease 0 2 
  ip cef 
  no ip domain lookup 
  no ipv6 cef 
  multilink bundle-name authenticated 
  username marek password 7 00121A0908500A 
  archive 
   log config 
    hidekeys 
  ip tcp path-mtu-discovery 
  bridge irb 
  interface ATM0 
   description Polaczenie ADSL do ISP$ES_WAN$ 
   no ip address 
   no atm ilmi-keepalive 
   pvc 0/35 
    encapsulation aal5mux ppp dialer 
    dialer pool-member 1 
   hold-queue 224 in 
  interface FastEthernet0 
   description Edzia 
  interface FastEthernet1 
   description dom 
  interface FastEthernet2 
   description Dziadek 
  interface FastEthernet3 
  interface Dot11Radio0 
   no ip address 
   no ip redirects 
   ip local-proxy-arp 
   ip nat inside 
   ip virtual-reassembly 
   no dot11 extension aironet 
   encryption vlan 1 mode ciphers tkip 
   encryption mode ciphers aes-ccm tkip 
   broadcast-key change 3600 
   ssid ciscowifi 
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 
   station-role root 
   world-mode dot11d country AU indoor 
   no cdp enable 
   bridge-group 1 
   bridge-group 1 subscriber-loop-control 
   bridge-group 1 spanning-disabled 
   bridge-group 1 block-unknown-source 
   no bridge-group 1 source-learning 
   no bridge-group 1 unicast-flooding 
  interface Dot11Radio0.1 
   description ciscowifi 
   encapsulation dot1Q 1 native 
   no cdp enable 
  interface Vlan1 
   no ip address 
   bridge-group 1 
  interface Dialer0 
   description Interfejs dzwoniacy 
   ip address negotiated 
   ip nat outside 
   ip virtual-reassembly 
   encapsulation ppp 
   dialer pool 1 
   dialer-group 1 
   ppp chap hostname [email protected] 
   ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx 
  interface BVI1 
   description Polaczenie dla sieci LAN 
   ip address 192.168.56.1 255.255.255.0 
   ip nat inside 
   ip virtual-reassembly 
  no ip forward-protocol nd 
  ip route 0.0.0.0 0.0.0.0 Dialer0 
  no ip http server 
  no ip http secure-server 
  ip nat inside source list 100 interface Dialer0 overload 
  ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80 
  ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22 
  logging trap debugging 
  logging 192.168.56.10 
  access-list 100 permit ip 192.168.56.0 0.0.0.255 any 
  access-list 100 deny   ip any any 
  no cdp run 
  snmp-server community ciskacz RO 
  snmp-server chassis-id ciskacz 
  control-plane 
  bridge 1 protocol ieee 
  bridge 1 route ip 
  line con 0 
   no modem enable 
  line aux 0 
  line vty 0 4 
   exec-timeout 0 0 
   transport preferred ssh 
   transport input ssh 
  scheduler max-task-time 5000 
  end 
  please help - thanks!

  Hello Marek,
  I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
  In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
  Remove the Dot11Radio0.1 subinterface entirely
  In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
  In the dot11 ssid ciscowifi section, remove the vlan 1 command
  After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
  Best regards,
  Peter

• Multiple sales groups in single salse office

  Hi ,
  Can we maintain multiple salses groups for single sales office in sap crm

  Hi
  No we can not maintain multiple sales groups for a single sales office in sap crm until and unless  we convert org model to represent multiple assignments in SAP ECC or R/3.
  Path for maintaining this setting is
  spro>crm>org management>data transfer> convert org model to represent multiple assignments of SAP ECc.
  or
  Transaction code- CRMSC_SWITCH_ORGMODEL
  Reward points if it helps
  Regards
  Nadh.

• VCenter Single Sign-On Permissions Assignment for Members of Multiple AD Groups

  Hi all,
  I ran across an interesting issue whilst assigning permissions using Active Directory groups within vCenter.
  Environment
  1 vCenter Appliance managing 2 Datacenters (1 Datacenter with 2 Clusters, 1 Cluster with 2 Hosts, 1 Cluster with 4 Hosts, 1 Datacenter with 1 Cluster containing 1 host.) 
  vCenter has an SSO Identity Source configured using Active Directory (Integrated Windows Authentication).
  vCenter and all hosts are domain members of child1.parent.com.au
  The Active Directory Forest contains a parent domain, let's call it parent.com.au, and two child domains child1.parent.com.au and child2.parent.com.au.
  Although the Identity Source was configured for my child domain, using child domain credentials it added the parent domain and subsequently both child domains. Okay, so there are trusts, I'm okay with this. The interesting issue is yet to come.
  Two Active Directory Groups were added. Deployment Admins A and Deployment Admins B.
  Two vCenter Roles were created with similar names. VM Deployers A and VM Deployers B
  Deployment Admins A was assigned the Deployers A role to Cluster A (Cluster, VM Folders, Datastore Folders)
  Deployment Admins B was assigned the Deployers B role to Cluster B (Cluster, VM Folders, Datastore Folders)
  Note: No objects overlap. All hosts, vms and datastores are isolated to each cluster.
  So the next step is assign an child1 AD User to the Deployment Admins A group. As expected the user using credentials child1\user can connect to vCenter via the VI Client and see all the relevant objects. Great!
  So now I assign the same child1 AD user to the second AD group Deployment Admins B. Now we wait and nothing happens. The permissions don't change. The user logs out and logs back in using the same credentials and still the permissions don't change.
  So I remove the user from both AD groups and get them to log out and in and sure enough they can't.
  This time I assign the child1\user account the roles as set out previously. So child1\user account is assigned to both roles in place of each AD Group. The expected behaviour is observed. As I add the second permission set, the objects become visible within the VI client.
  Okay so now I remove the explicitly assigned permissions and reassign via the groups and this time I ask the user to log in via the UPN ([email protected]). Whoa! It works.
  So it seems that assigning permissions for the same user in multiple AD groups across multiple roles can only be achieved when the user uses a UPN login to the VI Client.
  Has anybody else found this to be the case?
  If so, were you able to fix it?

  Hello,
  I have found this to be the case and think it is more due to SSO than AD. If you look at how you login as the 'administrator' when you first configure SSO it is in effect using UPN. I would raise this as a case to VMware and make sure they are aware of the issue. There are some issues with SSO being worked each day.
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• HT2688 Working on a single computer with multiple users, I have set things up to allow each user to view and listen to the others' music libraries under the "Shared Library" function.  Can you then connect an iPod touch and copy music from a shared librar

  Working on a single computer with multiple users, I have set things up to allow each user to view and listen to the others' music libraries under the "Shared Library" function.  Can you then connect an iPod touch and copy music from a shared library?

  Was your wife logged into the libray at the time you tried to log in? I have had a similar problem and it was because another user was logged into the library when I attempted to. I got the permission denied banner.

• Can i create a single image from multiple images in lightroom?

  Can i create a single image from multiple images in lightroom?

  Like a panorama, a composite or focus stack? Have you tried the Lightroom forum?
  Photoshop Lightroom