CSS SLB within same VLAN

Similar Messages

• CSS - src and dst in the same vlan

  Hi guys,
  I need LB something like this in routed mode:
  first data flow:
  [client]->[vip1-c(css)]->[www1/www2]
  and second (backend) flow is:
  [www1/www2]->[vip2-c(css)]->[www3/www4]
  vip1,2-c = VIP address on client side
  www1,2,3,4 = all servers are in the same VLAN
  problematic is second data flow (www1/2 -> vip2 -> www3/4(because www3/4 are in the same VLAN as www1/2).
  I have two solution for this:
  1. migrate www1/2 and www3/4 to the independent VLANs (this can be design problem in existing topology)
  2. communication from www1/2 with destination to www3/4 translate to IP address located on the CSS using group, but I'm not sure if it's possible, or how it's possible to configure on the CSS.
  group gr1
  add service www1
  add service www2
  add destination service www3
  add destination service www4
  vip address ip-from-client-side(for example vip2-c)
  active
  it's possible to use this configuration?
  martin

  The group is a good solution.
  However, the way it was configured is incorrect.
  You either specify the source or destination.
  So, if you want to nat all traffic from www1 and www2 you leave the 'add server www1' commands and remove the 'add destination service www3'.
  Or you can nat all traffic going to www3 and www4. In this case, you remove the 'add service www1' and keep the others.
  Another way of doing this would be to remove all 'add ..' commands and use an acl to specify when to use the group using the option 'sourcegroup gr1' inside the acl.
  Gilles.

• Load balancing within the same ACE across two different contexts residing on the same vlan

  I'm working on a design that requires traffic be sent to a different context in the same ACE. The question I have is can this be done when both reside on the same VLAN. Would the traffic in this case be handled at layer 2 instead of layer 7. Would I have to create a seperate subnet in order to provide loadbalancing?
  |__________________|
  |   | vlan 5         |         |
      |                  |
      |                  |
  Context A        |
                         |
                         |
                      Context B
  Thanks, Jerilyn

  by design, two contexts on the same box in the same vlan can't communicate. You have to use an external L3 device.
  A workaround may be to use two diferent vlans and then bridge between them with a loopback cable.

• Need to configure different SSIDs on same VLAN on 1142

  We're having a problem with interference in the B/G range due to the large number of access points owned by other companies in a fairly small area. The various laptops keep deauthenticating, which is causing problems with applications. I'd like to configure two SSIDs on the same VLAN but have them broadcasted on different frequencies. The AP complained about the configuration when I added the Company5.8 SSID below stating another SSID can't be added to a VLAN, but it shows in the configuration. Does any one have a suggestion as to what I can try? Thanks
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption vlan 1 mode ciphers aes-ccm
   encryption vlan 3 mode ciphers aes-ccm
   ssid Moleculera Labs
   ssid Moleculera Labs-guest
   antenna gain 0
   mbssid
   channel least-congested 2412 2437 2462
   station-role root
  interface Dot11Radio0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
   bridge-group 1 spanning-disabled
  interface Dot11Radio0.3
   encapsulation dot1Q 3
   no ip route-cache
   bridge-group 3
   bridge-group 3 subscriber-loop-control
   bridge-group 3 block-unknown-source
   no bridge-group 3 source-learning
   no bridge-group 3 unicast-flooding
   bridge-group 3 spanning-disabled
  interface Dot11Radio1
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   encryption vlan 1 mode ciphers aes-ccm
   encryption vlan 3 mode ciphers aes-ccm
   ssid Moleculera Labs
   ssid Moleculera Labs-guest
   antenna gain 0
   dfs band 3 block
   mbssid
   channel dfs
   station-role root
  interface Dot11Radio1.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
   bridge-group 1 spanning-disabled
  interface Dot11Radio1.3
   encapsulation dot1Q 3
   no ip route-cache
   bridge-group 3
   bridge-group 3 subscriber-loop-control
   bridge-group 3 block-unknown-source
   no bridge-group 3 source-learning
   no bridge-group 3 unicast-flooding
   bridge-group 3 spanning-disabled

  Amjad, if I delete "encryption mode ciphers aes-ccm" what kind of encryption will the AP use?
  Mohanak, I'm using the same encryption settings with VLANs
  Here is the more complete configuration:
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname COMPANY-AP
  no logging console
  enable secret 5 *
  no aaa new-model
  no ip domain lookup
  ip domain name COMPANY.local
  dot11 syslog
  dot11 ssid COMPANY-2.4
     vlan 1
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 *
  dot11 ssid COMPANY-5.8
     vlan 1
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 *
  dot11 ssid COMPANY-guest
     vlan 3
     authentication open
     authentication key-management wpa
     guest-mode
     mbssid guest-mode
     wpa-psk ascii 7 *
  bridge irb
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption vlan 1 mode ciphers aes-ccm
   encryption vlan 3 mode ciphers aes-ccm
   ssid COMPANY-2.4
   ssid COMPANY-guest
   antenna gain 0
   mbssid
   station-role root
  interface Dot11Radio0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
   bridge-group 1 spanning-disabled
  interface Dot11Radio0.3
   encapsulation dot1Q 3
   no ip route-cache
   bridge-group 3
   bridge-group 3 subscriber-loop-control
   bridge-group 3 block-unknown-source
   no bridge-group 3 source-learning
   no bridge-group 3 unicast-flooding
   bridge-group 3 spanning-disabled
  interface Dot11Radio1
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   encryption vlan 1 mode ciphers aes-ccm
   encryption vlan 3 mode ciphers aes-ccm
   ssid COMPANY-2.4  (Want this to be COMPANY-5.8)
   ssid COMPANY-guest
   antenna gain 0
   dfs band 3 block
   mbssid
   channel dfs
   station-role root
  interface Dot11Radio1.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
   bridge-group 1 spanning-disabled
  interface Dot11Radio1.3
   encapsulation dot1Q 3
   no ip route-cache
   bridge-group 3
   bridge-group 3 subscriber-loop-control
   bridge-group 3 block-unknown-source
   no bridge-group 3 source-learning
   no bridge-group 3 unicast-flooding
   bridge-group 3 spanning-disabled
  interface GigabitEthernet0
   no ip address
   no ip route-cache
   duplex auto
   speed auto
   no keepalive
  interface GigabitEthernet0.1
   encapsulation dot1Q 1 native
   no ip route-cache
   bridge-group 1
   no bridge-group 1 source-learning
   bridge-group 1 spanning-disabled
  interface GigabitEthernet0.3
   encapsulation dot1Q 3
   no ip route-cache
   bridge-group 3
   no bridge-group 3 source-learning
   bridge-group 3 spanning-disabled
  interface BVI1
   ip address 192.168.67.3 255.255.255.0
   no ip route-cache
  ip default-gateway 192.168.67.1
  ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  line vty 0 4
   exec-timeout 30 0
   password 7 *
   login local
  end
  COMPANY-AP#

• .blocking host in same VLAN

  Is it possible to block access from one host to another host (in one direction only), both in the same vlan.
  I read about acl blocking using mac id and tried it too, but could not succed.
  the switch used is 6509

  Rajesh
  Take a look at this config guide:
  <http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080403fec.html#wp1177176>
  hth,
  Ajaz Nawaz

• AP groups with same vlans , same ssid but different subnet.

  Hi Members,
  I have a Cisco Flex 7500 in my datacenter and I need to connect 100 sites , each site with 2-3 APs , each side has its own network and is independent of other sites , the site only need to comunity locally and do not need to access any centralized applications.
  I am trying to achieve this by Creating 100  different AP groups and assiging 2-3 AP in each groups for each branch, I will achieve WAN failover resiliency by creating flexconnect groug , the issue I am facing are as below .
  1.Since all the sites has same setup , the AP and clients on all sites are in vlan 2 , so when I try to create 2 or more AP group with same vlan, it restricts me of doing so , I cannot create diffrent AP groups mapped to same Vlan .
  2.If I keep the APs and Clients in the same subnet , I dont think it should be a problem , but I need your second opinion.
  to give you an even better picture , look at the topology enclosed , and my question is if both STAFF and STUDENT APs are in same vlan but in 2 different broadcast domain , how would I create the AP groups.
  Thank you

  Thanks for the reply Jenn , here is my situation.
  I have 2 sites lets day , site A in virginia ,  site B in Maryland.
  SiteA - 10.1.1.0/24 - vlan 2
             10.1.2.0/24 - vlan 3
             10.1.3.0/30 - WAN to central site where controller sits.
  SiteB - 10.2.1.0/24 - vlan 2
             10.2.2.0/24 - vlan 3
             10.2.3.0/30 - WAN to central site where controller sits.
  both the sites will have a single ssid "XYZ" and will switch locally only.
  howin my understanding the way I will deploy this is as below
  1.I will create WLAN with ssid "XYZ".
  2.I will create 2 AP groups lets say "Site-A" and "Site-B"
  3.I will map the APs in site A to AP group "Site-A" and APs in Site B to "Site-B"
  4.I will create 2 dynamic interfaces one for each AP group , now this is where I am facing problem , when I am creating dynamin interfaces , I need to specify the subnet and vlans when creating dynamic interfaces , since the vlans used is same on both sites , its not letting me create 2 interfaces with same vlan id.
  in my understanding HREAP is only majorly used for WAN failover and local authentication so I am not concerned about that right not , my prime work is to udnerstand the AP group and working.
  if you still need print shot let me know I will have to go at site.
  also validate if my thinking is right on the 4 steps I have mentioned above , I am new to wireless and whatever I have learned I have learned in last 10 days .
  Appreciate your help.
  Thank you

• ACE30-MOD-k9 in bridge mode. Individual server in the same vlan of Real Servers not reacheable.

  I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
  I Thought that the traffic directed to this "spare" server shouldn't  be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
  What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
  In rispect at the following configuration 10.10.10.168 isn't reacheable
  access-list INBOUND line 8 extended permit ip any any
  access-list INBOUND line 16 extended permit icmp any any
  probe http HTTP_PROBE1
    expect status 200 200
  rserver host RS_WEB1
    ip address 10.10.10.163
    inservice
  rserver host RS_WEB2
    ip address 10.10.10.164
    inservice
  rserver host RS_WEB3
    ip address 10.10.10.165
    inservice
  rserver host RS_WEB4
    ip address 10.10.10.167
    inservice
  serverfarm host SF_FIREGROUP
    rserver RS_WEB1
      inservice
    rserver RS_WEB2
      inservice
    rserver RS_WEB3
      inservice
    rserver RS_WEB4
      inservice
  sticky ip-netmask 255.255.255.255 address source sticky-ip
    replicate sticky
    serverfarm SF_FIREGROUP
  sticky http-cookie myCookie sticky-cookie
    cookie insert browser-expire
    serverfarm SF_FIREGROUP
  class-map match-any VS_FIREGROUP
    2 match virtual-address 10.10.10.169 tcp eq www
    4 match virtual-address 10.10.10.169 tcp eq 8081
    5 match virtual-address 10.10.10.169 tcp eq 8082
    6 match virtual-address 10.10.10.169 tcp eq 8083
    7 match virtual-address 10.10.10.169 tcp eq 8084
    8 match virtual-address 10.10.10.169 tcp eq 8085
    9 match virtual-address 10.10.10.169 tcp eq 8097
  class-map match-any VS_FIREGROUP_HTTPS
    2 match virtual-address 10.10.10.169 tcp eq https
  policy-map type loadbalance first-match HTTP
    class class-default
      sticky-serverfarm sticky-cookie
  policy-map type loadbalance first-match HTTPS
    class class-default
      sticky-serverfarm sticky-ip
  policy-map multi-match HTTP_HTTPS_MULTI_MATCH
    class VS_FIREGROUP
      loadbalance vip inservice
      loadbalance policy HTTP
      loadbalance vip advertise active
    class VS_FIREGROUP_HTTPS
      loadbalance vip inservice
      loadbalance policy HTTPS
      loadbalance vip advertise active
  interface vlan 4
    bridge-group 1
    access-group input INBOUND
    service-policy input HTTP_HTTPS_MULTI_MATCH
    no shutdown
  interface vlan 700
    bridge-group 1
    access-group input INBOUND
    no shutdown
  interface bvi 1
    ip address 10.10.10.150 255.255.255.0
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.10.10.1
  Thanks a lot
  Francesco

  Hi Francesco,
  Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
  But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
  Regards,
  Kanwal

• Error in shared component import within same as well as diff instance.

  Please help me with below issue:
  I am trying to import shared components related to a single page within same instance to diff application.I changed the application_id to target application_id and also set wwv_flow_api.g_id_offset to diff value.
  Still getting following error:
  ORA-20001: GET_BLOCK Error. ORA-20001: Execution of the statement was unsuccessful. ORA-00001: unique constraint (APEX_030200.WWV_FLOW_MENU_TEMP_IDX2) violated &lt;pre&gt;begin begin wwv_flow_api.create_menu_template ( p_id=&amp;gt; 94480251996632657 + wwv_flow_api.g_id_offset, p_flow_id=&amp;gt; wwv_flow.g_flow_id, p_name=&amp;gt;'Breadcrumb Menu', p_before_first=&amp;gt;'', p_current_page_option=&amp;gt;'&amp;lt;a href=&amp;quot;#LINK#&amp;quot; class=&amp;quot;t20Current&amp;quot;&amp;gt;#
  And also tried to import shared components of single page to a application in diff instance.I changed the application_id,workspace_id with target application_id and workspace_id and also set wwv_flow_api.g_id_offset to diff value.
  there also I am getting same error.

  The error seems to be that the template (some breadcrumb template) does exist already. What kind of shared component do you want to copy? Some, like images and templates, can be shared between applications in the same workspace. Thats the main reason why they are named "shared". Also possible would be that this component was created or is using some standard template/theme/menu, that is created during the standard apex installation. Or it was already copied during the workspace installation.
  Edited by: Sven W. on Aug 7, 2012 7:42 PM

• Drag and drop row within same table.

  Version 12.1.2
  I am trying to implement drag and drop row within same table, and I am trying to follow this sample from Frank:
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/106-reorder-table-rows-1921121.pdf
  But, I am getting this cast exception. The code I have in my dropEvent bean is identical to whats on the sample.
  oracle.jbo.server.ViewRowImpl cannot be cast to oracle.jbo.uicli.binding.JUCtrlHierNodeBinding
  ADF_FACES-60097:For more information, please see the server's error log for an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #1
  Not sure if anything has changed on 12c release, or if I am missing anything.
  Here is my complete code:
  public DnDAction doDnD(DropEvent dropEvent) {
  RichTable table = (RichTable) dropEvent.getDragComponent();
  List dropRowKey = (List) dropEvent.getDropSite();
  if (dropRowKey == null) {
  return DnDAction.NONE;
  Transferable t = dropEvent.getTransferable();
  DataFlavor<RowKeySet> df = DataFlavor.getDataFlavor(RowKeySet.class, "rowmove");
  RowKeySet rks = t.getData(df);
  Iterator iter = rks.iterator();
  List draggedRowKey = (List) iter.next();
  JUCtrlHierNodeBinding draggeRowNode = (JUCtrlHierNodeBinding) table.getRowData(draggedRowKey);
  Row dragRow = draggeRowNode.getRow();
  JUCtrlHierNodeBinding dropRowObject = (JUCtrlHierNodeBinding) table.getRowData(dropRowKey);
  Row dropRow = dropRowObject.getRow();
  //get the table's ADF JUCtrlHierBinding
  CollectionModel collectionModel = (CollectionModel) table.getValue();
  JUCtrlHierBinding treeBinding = (JUCtrlHierBinding) collectionModel.getWrappedData();
  DCIteratorBinding objectsIterator = treeBinding.getDCIteratorBinding();
  RowSetIterator rsi = objectsIterator.getRowSetIterator();
  int indexOfDropRow = rsi.getRangeIndexOf(dropRow);
  dragRow.removeAndRetain();
  rsi.insertRowAtRangeIndex(indexOfDropRow, dragRow);
  objectsIterator.setCurrentRowIndexInRange(indexOfDropRow);
  AdfFacesContext adfctx = AdfFacesContext.getCurrentInstance();
  adfctx.addPartialTarget(table.getParent());
  return DnDAction.MOVE;
  It does not seem to like this line of code:
  JUCtrlHierNodeBinding draggeRowNode = (JUCtrlHierNodeBinding) table.getRowData(draggedRowKey);
  I would greatly appreciate any help.
  Thanks.

  Well there has bee a changes somehow. using 12c
  table.getRowData(draggedRowKey);
  returns a ViewRowImpl and no longer anything which can be convertet to JUCtrlHierNodeBinding. Anyway, the fix is easy:
      public DnDAction onDepartmentsRowDrop(DropEvent dropEvent) {
          //get the table instance. This information is later used
          //to determine the tree binding and the iterator binding
          RichTable table = (RichTable) dropEvent.getDragComponent();
          List dropRowKey = (List) dropEvent.getDropSite();
          //if no dropsite then drop area was not a data area
          if (dropRowKey == null) {
              return DnDAction.NONE;
          //The transferable is the payload that contains the dragged row's
          //row key that we use to access the dragged row handle in the ADF
          //iterator binding
          Transferable t = dropEvent.getTransferable();
          //get the row key set of the dragged row. The "rowmove" string is the
          //discriminant defined on the drag source and the collectionDrop target.
          DataFlavor<RowKeySet> df = DataFlavor.getDataFlavor(RowKeySet.class, "rowmove");
          RowKeySet rks = t.getData(df);
          Iterator iter = rks.iterator();
          //for this use case the re-order of rows is one-by-one, which means that the rowKeySet
          //should only contain a single entry. If it contains more then still we only look at a
          //singe (first) row key entry
          List draggedRowKey = (List) iter.next();
          //get access to the oracle.jbo.Row instance represneting this table row
          Object objdragg = table.getRowData(draggedRowKey);
          Row dragRow = (Row) objdragg;
          Object objdrop = table.getRowData(dropRowKey);
          Row dropRow = (Row) objdrop;
          //get the table's ADF JUCtrlHierBinding
          CollectionModel collectionModel = (CollectionModel) table.getValue();
          JUCtrlHierBinding treeBinding = (JUCtrlHierBinding) collectionModel.getWrappedData();
          //get access to the ADF iterator binding used by the table and the underlying RowSetIterator.
          //The RowSetIterator allows us to remove and re-instert the dragged row
          DCIteratorBinding departmentsIterator = treeBinding.getDCIteratorBinding();
          RowSetIterator rsi = departmentsIterator.getRowSetIterator();
          int indexOfDropRow = rsi.getRangeIndexOf(dropRow);
          //remove dragged row from collection so it can be added back
          dragRow.removeAndRetain();
          rsi.insertRowAtRangeIndex(indexOfDropRow, dragRow);
          //make row current in ADF iterator.
          departmentsIterator.setCurrentRowIndexInRange(indexOfDropRow);
          //ppr the table
          AdfFacesContext adfctx = AdfFacesContext.getCurrentInstance();
          //note that the refresh of the table didn't work when refreshing the table
          //so I needed to refresh the container component (af:panelStretchLayout).
          adfctx.addPartialTarget(table.getParent());
          return DnDAction.MOVE;
  does the trick. I changed the line to
  //get access to the oracle.jbo.Row instance represneting this table row
          Object objdragg = table.getRowData(draggedRowKey);
          Row dragRow = (Row) objdragg;
  so you don't need the detour through the JUCtrlHierNodeBinding any longer.
  Timo

• 2 SSIDs on the same Vlan?

  Hi all -
  Newbie question. When I am setting up wireless, will I be able to use 2 different SSIDs on the same vlan?
  Example:
  dot11 ssid Example1
  vlan 2
  authentication open eap eap_methods
  authentication network-eap eap_methods
  dot11 ssid Example2
  vlan 2
  authentication open eap_methods
  authentication network-eap eap_methods

  Hi James,
  Hopefully the attached docs will answer your question:
  Cisco Aironet 1100 Series
  Using VLANs with Cisco Aironet Wireless Equipment
  Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
  Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
  Configuring Multiple SSIDs
  vlan vlan-id
  (Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
  Hope this helps!
  Rob
  Please remember to rate helpful posts.......

• 3750 bandwidth limitation between the same vlan over the trunk

  Hi All,
  I have 2 3750G series switches on the trunk link. some machines are part of vlan1 on the switch 1 and some machines are the part of the same vlan1 on the other switch2. I need to limit the bandwidth between the switches for the vlan1. picture is attached.
  I tried to do through the modulare policy frame work (class-map/service-map and policy-map using the police command) but problems are
  1) 3750 does not support output service policy, so i cannot apply the policy on the output of the trunk link.
  2) I can apply the input policy but it will be only for one machine but not for the others on the same switch. if i apply the policy on per port basis then every port has separate bw limitation. I require to limit the bandwidth on per vlan basis on the trunk port. like vlan 1 takes 10 MB, VLAN2 takes 10 MB on the trunk link when communicating between the same vlans.
  Is there any solution for that scenario? your help in this case will be higly appriciated. As its the layer 2 communication, its hard for me to find the solution. if it was layer 3 then i can do it easily by using the rate-limit commmand on the interface.
  thanks

  On the 4500 series we use vlan-range for this,
  conf t
  qos aggregate-policer 10MB 10 mbps 1250000 byte conform-action transmit exceed-action drop
  policy-map 10MB
  class class-default
  police aggregate 10MB
  interface GigabitEthernet1/1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,10,12,15
  switchport mode trunk
  switchport nonegotiate
  vlan-range 1
  service-policy input 10MB
  service-policy output 10MB
  end
  dunno if the 3750's have the same options

• Problem in 3750 with multiple IP segment in same VLAN

  Hi,
  I've problems in 3750 and would like to ask for help.
  I've 3750 switch with standard image. Because of lacking IP addresses, I'm going to redesign the IP scheme. Before complete migrate to new IP range, I've to let new IP segment co-exist with old IP segment for a while (I've 3 VLANs that have same situation). For example, 10.10.13.0/24 (old) will co-exist with 10.10.32.0/21 (new) in same VLAN (let say VLAN 32).
  Below is the partial configuration in 3750:
  interface VLAN 32
  ip address 10.10.13.2 255.255.255.0 secondary
  ip address 10.10.32.2 255.255.248.0
  standby 14 ip 10.10.13.3
  standby 40 ip 10.10.32.3
  I've two PCs. PC-A is 10.10.13.250 and PC-B is 10.10.33.250, both are using HSRP IP as default gateway (the subnet mask are correct).
  My problem is:
  Two PCs can not ping to each other. I can not ping to both PCs from 3750. But if I'm using physical IP as their gateway (such as 10.2.13.2 for PC-A and 10.2.32.2 for PC-B), then both PCs can be ping each others.
  How can I solve the problems if I've to use HSRP IP as default gateway?

  I don't get it. What is the significance of standby 1 and 2 VS standby 14 and 40? The only difference I noticed is the lower number of standby group goes with primry and higher goes with secondary.
  If possible, can you also try the same config you used before except swapping the group number?
  e.g.
  interface VLAN 32
  ip address 10.10.13.2 255.255.255.0 secondary
  ip address 10.10.32.2 255.255.248.0
  standby 40 ip 10.10.13.3
  standby 14 ip 10.10.32.3

• STO-Within same company code and same sales organisation

  hi freinds
  i need steps for STO Within same company code and same sales organisation "xyz" with different plant "X " and  " Y"
  with regards
  dinesh

  Hi,
  Sales organization is linked to sending plant. It does not matter if receiving plant is using the same or different sales organization. The setup from sending plant is independent from that.
  As for the STO standard setup, I suggest you search SDN first. Below example link.
  STO setup article link:
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c05e2251-91f0-2c10-4e91-e919468e4687
  Regards,
  Dominik Modrzejewski

• Stock Transfer Between two plants within same company code

  Hello,
  We are using scenario-'Stock transfer between two plants within same company code. Scenaro is like Plant A is receving plant and Plant B is delivering Plant.
  Plant A release PO for 100 nos to Plant B
  Plant B issues 100 nos (via delivery) to Plant A
  But Plant A receives only 50 nos physically so they do Goods receipt for 50 nos , but document got generated for 100 nos (when plant B issues material).
  Now Plant A do not want to receive remaining 50 nos physically, but wants to reduce material document which got created when goods issue posted by plant B
  Now stock in transis (mb5t) is 50 nos.
  How to reduce this material document. or any another alternative solution for this?
  Thanks,
  Shailesh

  Hi There
  Reversal of partial is not possible ,
  But you can use the Mov Type 557 and 558 to do the adjustments in Stock in transit qty
  Few more details on STO adjustments
  Hi There
  it can be settle in many ways,,,
  1. Receive the goods as 100 and Scrap the 50 nos from the received plant,,- If the receiving plant is responsible
  2.Revert the PGI/Transfer movement(Vl09) and send the 50 nos again from the supplying plant- of the Supplying plant is responsible,
  3.Also we have the movement type 557 and 558 without doing the above two steps you can correct the qty from stock in transit itself,,
  4. also you can check the below similar thread
  STO - material lost during tranfer from plant A to plant B
  5. If above are not ok, then receive the goods as 100, And raise the STO as your plant as supplying plant and receiving plant is (Supplied 50 nos less) plant,, Do the process without sending the material.. in this way that 50 nos can be adjusted,,
  6.Here is some more details
  557 Issue from stock in transit (adjustment posting)
  Only use this movement type (also the reversal movement type) under the following circumstances:
  Using movement type 557, you can correct purchase-order-independent stock in transit if
  - a good receipt cannot be posted to a purchase order without stock in transit, even though there is still stock in transit according to the purchase order history
  - stock in transit still exists, even though there are no open stock transfer orders for the particular material
  This movement type may ONLY be used in the cases mentioned above after careful analysis, to correct stock in transit that has rounding errors.
  This movement type may not be copied.
  Note!
  Before using this movement type, note the following:
  - 392205 Analysis stock in transit / Correction if split valuation
  Possible special stock indicators:
  E, Q
  7. As previous post says if you have the note for this issue you can use that also
  You can use any one of the way to solve the issue, Hope it helps
  Cheers
  Senthil P

• FCIP Peer in the same VLAN

  Hi,
  I will have 2 data centre connected with a 1gb possibly 2 x 1gb ethernet link.
  There will be some 802.q trunking between location and some traffic will be routed.
  I have the option of having my FCIP peer in the same vlan and carried in the trunk. Or have them in different VLAN and routed between location.
  Initiallay I though routed would be good because I can use QoS to prioritise FCIP traffice.
  But could I still achieve this using single vlan. and is it allowed.
  both site are connect using 6509 with sup720s
  Thanks
  John

  Hi John,
  For the FCIP link it is just an IP connectivity. So, you can do in both ways as you describe. You can route it or use a vlan. Just make sure that you have no too hign RTT. And also there RTT timout setting on FCIP you can play with that according to your RRT in your network.
  Thanks,
  Hakan.