Exalogic  VLAN bond issue

Similar Messages

• Are drawable bond issues possible in  ECC 6 FSCM - Treasury & Risk Mgmt

  We have been attempting to use drawable bonds from the debt side (versus as an investment) and have been unsuccessful in making it work as category 41 does not allow for issues and redemptions like product category 40 with product types 04X and 04Y.  The category appears to only allow for purchase or sale. Has anyone found a workaround to allow for Drawable Bond Issues to occur?  If so please point us in the right direction.
  Thank you,
  Lisa
  P.S.  We have walked through the link below and been able to make drawable bonds work from the investment side.
  http://help.sap.com/SAPHELP_ERP2005/helpdata/EN/2f/b9b5386f64b555e10000009b38f8cf/content.htm

  Hi,
  How are you tracking your TDS?  Through derived flows?  In that case you can have 2 different procedures and assign suitable procedure for the corresponding business partner.
  you can check here for country specific settings.
  http://help.sap.com/erp2005_ehp_05/helpdata/en/2d/dd27906749406eb46c6746c4a7ce2d/frameset.htm
  Regards,
  Ravi

• Standard function support for bond issueing?

  Dear all,
  Within Treasury and Risk Management, are there some standard functions to handle bond issueing?
  The requirement is mainly to record information of bond details, interest payment and repayment, and currently we don't take postings to GL and payments into consideration.
  Thanks and cheers,
  leechey

  Hi,
  Bond Issue is available as a standard in TRM.  You need to create a separate security account which is a liabilities account for issuing bonds.  Bond issues are also managed in similar way to other bonds through a security master.
  Please check the following for more info on bond issue:
  http://help.sap.com/erp2005_ehp_05/helpdata/en/48/c1f409568f04e7e10000000a42189c/frameset.htm
  Regards,
  Ravi

• Exalogic cloud - vlan bond1 issue

  Hi,
  vlan module: 8021q used
  For example
  ref link; http://docs.oracle.com/cd/E18476_01/doc.220/e18478/commproc.htm#BEIHAIDA --- here they used multiple physical hosts not single ethernet port
  Here 
  in bracket oracle details and other is my details
  1)  eth0 (1A-ETH-3) - ethernet port
  2)  vlan121 (eth4, vlan 10 ) -     vlan 121
  3)  vlan122 (eth5, vlan 11 ) -      vlan 122
  I have a exalogic machine which has Oracle Linux 5.6- x64 bit
  Created 2 VLANs with IP and bond interface if i start network service [service network restart], I
  get hardware address conflicts error message on vlan 121, 122
  i have 1 physical lan cord, creating eth0, multiple vlans, bond1, bond0 interfaces
  i could see eth0 192.168.1.12, bond1 192.168.48.128 but vlan121, vlan122 no static ips displayed
  Question : How can i build vlan121, vlan122 ip address should set as static ips (or) based on hardware address
  when i run #ifconfig -a ==> default HwAddr displays common for all the vlans, bond1, eth0
  # vim /etc/sysconfig/network-scripts/ifcfg-vlan121
  DEVICE=vlan121
  BOOTPROTO=none
  ONBOOT=yes
  IPADDR=192.168.48.129
  #HWADDR=a2:c0:a0:a8:01:01
  VLAN=yes
  PHYSDEV=eth0
  VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
  MASTER=bond1
  SLAVE=yes
  # vim /etc/sysconfig/network-scripts/ifcfg-vlan122
  DEVICE=vlan122
  BOOTPROTO=none
  ONBOOT=yes
  IPADDR=192.168.48.130
  #HWADDR=a2:c0:a0:a8:01:01
  VLAN=yes
  PHYSDEV=eth0
  VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
  MASTER=bond1
  SLAVE=yes
  # vim /etc/sysconfig/network-scripts/ifcfg-bond1
  DEVICE=bond1
  IPADDR=192.168.48.128
  NETMASK=255.255.255.0
  BOOTPROTO=none
  USERCTL=no
  TYPE=Ethernet
  ONBOOT=yes
  IPV6INIT=no
  BONDING_OPTS="mode=active-backup miimon=100 downdelay=5000 updelay=5000"
  GATEWAY=192.168.48.1

  Moderator Action:
  This appears to be a direct duplicate of your post in the Oracle Linux forum space...
  https://forums.oracle.com/thread/2562248
  I'm not sure what this topic has to the Oracle Cloud Service, but it is locked because it is a duplicate cross-post.
  Multi-posting is poor forum etiquette.

• Vlan tag issue with Nexus 4001 in IBM Blade Centre

  Hi
  I have a DC architecture with a pair of Nexus 7010's running 3 VDC's (Core/Aggregation/Enterprise). I have at the edge Nexus 5548's which connect to back to the Aggregation VDC. Also connecting back to the Aggregation VDC is an IBM Blade Chassis which has a Nexus 4001i in slots 7 and slot 9. These blade servers are running ESXi 4.0 and are mapped to the Nexus 4001 blade switch.
  I had set up the Native VLAN as VLAN 999 which connects up to the ESXi host and I am trunking up multiple VLANS for the Virtual Machines.
  The problem I have is that VM's in all VLANS except the ESXi host VLAN (VLAN 10) cannot see their default gateway, and I suspect that there is an issue with the VLAN tag going up to the ESXi host. I have read enough documentation to suggest that this is where the issue is.
  My Nexus 4001 interface configuration is below
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 999
    switchport trunk allowed vlan 10,30,40-41,60-62,90,96,999
    spanning-tree port type edge trunk
    speed auto
  The Aggregation VDC on the Nexus 7010 is the default gateway for all these VLANS.
  I also noted that the Nexus 5000 and Nexus 7000 supports the command vlan dot1q tag native command yet the Nexus 4000 doesn't seem to support this. Any assistance would be useful
  Thanks
  Greg

  Your configuration on the N4K looks correct. You shouldn't use vlan dot1q tag native commands on your N7Ks and N5Ks. Native VLAN tagging is really for QinQ (dot1q tunneling).
  My only suggestion is check your configuration of the vSwitch in the ESXi host and the host network profile.
  Regards,
  jerry

• VLAN Map issue

  I have an issue with a VLAN map I am attempting to use to filter traffic. It is a flat Layer 2 LAN so all hosts are in VLAN 1. I have a number of test machines that I want to deny access to live database servers. To do this I tried the following:
  ip access-list extended testboxes
  permit ip host x.x.x.x host x.x.x.x
  vlan access-map denytest 10
  match ip address testboxes
  action drop
  vlan filter denytest vlan-list 1
  Once I apply the VLAN map I lose all connectivity to the switch. Is there something I am missing here?
  Thanks
  Ian

  Unlike regular IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN. If a VACL is configured for a certain traffic and that traffic does not match the VACL, the default action is deny. Additionally, VACLs have an implicit deny at the end of the map; a packet is denied if it does not match any ACL entry, and at least one ACL is configured for the packet type. Add an additional permit statement allowing telnet/ssh/or web traffic to the switch:
  permit tcp host X.X.X.X host X.X.X.X eq telnet
  Best Regards
  Francisco

• Ip phone and pc VLAN security issue - ISE 1.0

  Hello there.
  We are about to implement IP phones to our current network and during testing I have found 2 issues.
  1- ip phone connects to a protected port using ISE mab authentication for the data network.
  The voice VLAN is set up static on the port. The pc VLAN is given by ISE profiling.
  Then the issue is that once the pc connects to the VLAN it belongs to from the ip phone it leaves open that vlan on that port which means that if I connect another pc it will get the original VLAN the port had open up the connection with. This is a big security issue as computers that should not be allowed on specific VLAN can access them this way.
  2- once the connection is up and running on the port for both the phone and the pc, there is re-authentication Happening every minute to ISE. The Authentication logs are getting so many messages for just one port. So once we convert from 2 ip phones to 500, that is definitely going to generate a lot of unnecessary traffic.
  Let me know your thoughts...thanks
  Port config info....below
  interface GigabitEthernet0/2
  description Extra port by Camilos Desk
  switchport mode access
  switchport voice vlan 220
  srr-queue bandwidth share 1 30 35 5
  priority-queue out
  authentication event fail action next-method
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication open
  authentication order mab dot1x
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  mls qos trust cos
  snmp trap mac-notification change added
  auto qos trust
  spanning-tree portfast
  end

  On # 1
  You have the make sure that
  "authentication host-mode multi-domain" command is under each port
  This will allow one voice vlan and only one PC vlan at any given time. If you disconnect a PC and connect onother PC mac address to it, the phone will reinitialize to accept or reject the new mac based on its profile.
  On #2
  I have not found a solution. But what I have found after deployment is that it has happend only on 2 VOIP phones, out of 70 that we have as of now. So it might to be related to ISE.
  On the other hand we are not using Cisco phones but mitel. So this might be a whole issueon itself.
  Hope this helps.

• Cisco 877W Dual SSID/VLAN Security Issue

  Hi All
  I have an issue with my 877W that is as fascinating as it is frustrating. I have two SSIDs/VLANs, one for trusted LAN users (PRIVATE), and one for guests (GUEST).  The PRIVATE network is secured from the GUEST nework by zone based firewall. Everything works fine, guest devices cannot access private devices, except for one thing - the BVI interface on the PRIVATE network is always accessible to guest devices, and all services open to attack eg telnet/ssh/http/dns etc. I've tried everything to secure this interface from the guest network, including putting deny any any on physical, BVI and VLAN interfaces
  Am I missing something obvious, or some fundamental architecture of the 877 that would stop this interface being secured? Any help aprreciated!
  P.S config has been pared down to basics below
  version 15.1
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ROUTER
  boot-start-marker
  boot-end-marker
  logging buffered 4096
  enable secret 5 $1$BdpF$r/mAhQGYs8LBlqEpANmke0
  no aaa new-model
  dot11 syslog
  dot11 ssid PRIVATE@123
   vlan 100
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 046B0A535A15441D2D0C11141A5A5F
  dot11 ssid VISITOR@123
   vlan 200
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 03374C0A08392040420C00
  ip source-route
  no ip dhcp conflict logging
  ip dhcp excluded-address 172.16.1.1 172.16.1.10
  ip dhcp excluded-address 192.168.0.1 192.168.0.10
  ip dhcp pool GUEST
   utilization mark low 70 log
   network 172.16.1.0 255.255.255.0
   dns-server 192.168.0.1 61.9.242.33 61.9.226.33
   default-router 172.16.1.1
  ip dhcp pool PRIVATE
   utilization mark low 70 log
   network 192.168.0.0 255.255.255.0
   dns-server 192.168.0.1 61.9.242.33 61.9.226.33
   default-router 192.168.0.1
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  username cisco privilege 15 password 7 073F205F5D1E491713
  policy-map type inspect PM-DENYGUEST
   class class-default
    drop
  zone security GUEST
  zone security PRIVATE
  zone-pair security GUEST-TO-PRIVATE source GUEST destination PRIVATE
   service-policy type inspect PM-DENYGUEST
  bridge irb
  interface ATM0
   no ip address
   shutdown
   no atm ilmi-keepalive
  interface FastEthernet0
   no ip address
  interface FastEthernet1
   switchport access vlan 100
   no ip address
  interface FastEthernet2
   switchport access vlan 100
   no ip address
  interface FastEthernet3
   no ip address
  interface Dot11Radio0
   no ip address
   encryption vlan 100 mode ciphers aes-ccm
   encryption vlan 200 mode ciphers aes-ccm
   broadcast-key vlan 100 change 30
   broadcast-key vlan 200 change 30
   ssid PRIVATE@123
   ssid VISITOR@123
   mbssid
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
   station-role root
  interface Dot11Radio0.100
   encapsulation dot1Q 100 native
   zone-member security PRIVATE
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio0.200
   encapsulation dot1Q 200
   zone-member security GUEST
   bridge-group 2
   bridge-group 2 subscriber-loop-control
   bridge-group 2 spanning-disabled
   bridge-group 2 block-unknown-source
   no bridge-group 2 source-learning
   no bridge-group 2 unicast-flooding
  interface Vlan1
   no ip address
  interface Vlan100
   no ip address
   bridge-group 1
  interface Vlan200
   no ip address
   bridge-group 2
  interface Dialer0
   ip address negotiated
   ip access-group 101 out
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap callin
   ppp chap hostname [email protected]
   ppp chap password 7 10580A4F1C4005005B
  interface BVI1
   ip address 192.168.0.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
   zone-member security PRIVATE
  interface BVI2
   ip address 172.16.1.1 255.255.0.0
   ip nat inside
   ip virtual-reassembly in
   zone-member security GUEST
  ip forward-protocol nd
  ip http server
  ip http access-class 2
  ip http authentication local
  ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  logging 192.168.0.11
  control-plane
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 2 protocol ieee
  bridge 2 route ip
  line con 0
   exec-timeout 5 0
   no modem enable
   transport output all
  line aux 0
   exec-timeout 0 1
   no exec
   transport output none
  line vty 0 4
   exec-timeout 5 0
   login local
   transport input telnet ssh
   transport output none
  end

  Ignore that. self zone got me. Argh! phew!

• Dynamic VLAN assignment issue with ACS & WLC

  I have configured an ACS (v4.2) & a WLC 4402 (5.2.193.0) according to the document listed at: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  When I attempt to authenticate a user in the ACS local user database, I receive an auth failure.  I have enabled debugging in the WLC's CLI and I see that I get an authentication failure from the ACS.  Upon reviewing the ACS's 'failed attempts' log, I see the username I attempt to authenticare with but it reports 'CN user unknown' even though this user is the local database.
  During troubleshooting, I discovered that if I modify the AAA client for the WLC and change it to 'Cisco Aironet' rather than 'Cisco Airespace', authentication works perfectly, the proper user is authenticated to the local database and I am able to connect to the SSID.  The only issue is that because I'm now using Aironet instead of Airespace, the IETF attributes 064, 065, and 081 (VLAN, 802, and the VLAN ID respectively) do not properly assign the VLAN that the user needs to be on.
  Am I missing something?

  I determined that a NAP was blocking my authentication using Airespace and can successfully authenticate with both Aironet and Airespace now.  I also reviewed the debug output of both types of connections and I can see the proper attributes coming through, but the wireless clients just won't assign to the right VLAN interface.
  I've reviewed all of the configuration settings per the document about 40 or 50 times now and I am certain I'm not missing anything.  I do indeed have override enabled but the configured interface 'management' is still the one the user is assigned to every time, even in the client connection details under the monitor tab.  ARGH!!

• Mesh Ethernet Bridging with VLAN Tagging Issue

  Hi all.
  I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again.
  Has anyone else seen this? I can't find any relevant bugs.
  Justin

  Hi Saravanan,
  It is one RAP and three MAPs. After a TAC call and 30 hours of monitoring, my VLANs have remained registered. I think the issue was mismatched VLANs to bridge groups an it looks like the mesh bridge may be stable for now. Here is what I was seeing on the RAP and MAPs when the VLANs were deregistering unexpectedly. Notice how VLANs 2 and 10 are mapped to opposite bridge groups on the RAP and MAP:
  After I removed all the VLAN IDs from the Trunk configuration on the MAPs (through each AP's Mesh tab -- Ethernet Bridging config) and then rebuilt the VLAN IDs, I ran the same commands and now see this:
  My very unscientific theory here is that the mismatching was causing consistency checks to fail, so the RAP was just tearing down the registrations after getting bogus or non- responses from the MAPs during the periodic VLAN registration maintenance checks (debug mesh ethernet registration).
  If I have continued issues, I'll post back with updates.
  Thanks for the response!
  Justin

• Dot1X guest vlan authentication issue..Real Challenge!!

  Hi Guys!
  I would really appreciate if some one could help me find lead on this issue...
  My coporate and Quarantine users dosn't get correct VLAN as soon as i enable Guest VLAN feature..all of them go to guest VLAN...
  Scenario 1
  interface GigabitEthernet3/0/42
  switchport mode access
  authentication port-control auto
  dot1x pae authenticator
  dot1x timeout quiet-period 5
  dot1x timeout tx-period 5
  spanning-tree portfast
  Test Workstation behavior
  802.1X (Corporate) = VLAN 1
  802.1X (Quarantine)= VLAN 20
  Non-802.1X (Guest) = UnAouthorized
  Conclusion
  802.1x authentication is working without the guest VLAN feature
  Scenario 2
  interface GigabitEthernet3/0/42
  switchport mode access
  authentication event no-response action authorize vlan 30
  authentication port-control auto
  dot1x pae authenticator
  dot1x timeout quiet-period 5
  dot1x timeout tx-period 5
  spanning-tree portfast
  Test Workstation behavior
  802.1X (Corporate) = VLAN 30 GuestVlan
  802.1X (Quarantine)= VLAN 30 GuestVlan
  Non-802.1X = VLAN 30 GuestVlan
  Conclusion
  802.1X doesn't work after enabling Guest VLAN feature (no-response)
  Some important notes...
  1) IOS version = c3750-ipbase-mz.122-50.SE.bin the only IOS which supports 10gig modules...
  so i can not test with any other IOS
  2) We had older 3750 100Mpbs switches with same config (we copied the config from old switch to new Switch) and the only command which got change automatically due to IOS change is....
  dot1x guest-vlan 30 (Old IOS syntax) = authentication event no-response action authorize vlan 30 (New IOS syntax)
  so even if you put old command syntax it will get change to new one...
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/guide/sw8021x.html#wp1176660
  Guys please help me.........

  Just to update you here.......after running some debugs on Swicth i found that....(Scenario-2)
  When we connect 8021X enabled PCs (Coporate users) and Boot them...they initially behave like Non-8021X client while booting and during that time switch puts them in guest vlan but when workstation comes to a state (login prompt)where they start communicating like 8021X client.....switch just fails to put them in appropriate VLANs.. may be due to some time out issues.........I feel like i am very close to get the solution but just wondering which timers need to change or may be i am wrong if there is something else need to be put in...........any way i just shared my things with you....
  Same Workstations are working fine with old swicthes without any problem...it is windows XP SP3

• 8831 Vlan/IP issue

  I installed a few 8831s last week for my customer. These phones had no issue on the initial day we set them up.
  However the next week we moved them to a different location and they were pulling the DHCP IP address of my Access VLAN, however it showed the VLAN tag on the phone of my Voice VLAN.
  I defaulted and reconfigured the port, tried different switches with different VLANs, and had the same result every time.
  I was just wondering if anyone else had run into this issue.

  Hello!
  Have you tried to reset Network settings? All settings?
  Apps > Admin Settings > Reset Settings>All
  Can u post show run from switches and box, where dhcp server is started?
  Regards,
  Kirill

• Vlan Trunking issue

  Hi,
  I need some help setting up  L3 Cisco 3560 for my VM lab. I have setup a few vlans and at this point I am trying to test out routing and connectivity. I came across with two issues and I am trying to get good advise from the experst since I am not
  The Cisco 3560 is directly connected to my home router gi0/4 192.168.10.0/24 which would be my internet connection. The home router default gateway is 192.168.10.1.
  I created Vlan192 on the 3560 to interact with the home router and get me to the outside world from the core. Obviously I'm doing something wrong here and came across 2 issues.
  1- I tried setting Fas0/2 as trunk port and using the vlan226 on my pc but it wont work when I set this to my computer. It wont route to all vlans and I am not able to ping this 10.23.226.9 address from the 3560. The only way this works for me is if I set the IP to the 192 range which is my native Vlan, but anything other from 192 wont route.
  PC IP address
  10.23.226.9
  255.255.255.0
  10.23.226.254
  Fas0/2 configurartion
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 192,224-229
  switchport mode trunk
  Please see my entire config below and maybe you can help since I am not an expert on this.
  zeus-sw1#sh run
  Building configuration...
  Current configuration : 5364 bytes
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname zeus-sw1
  boot-start-marker
  boot-end-marker
  no logging console
  enable secret 5 $1$E9/L$UAOdxa6S.6QT52G2Lgcll0
  enable
  username admin1 privilege 15 secret 5 $1$hlCW$laTgSRIXF2LnZO.wyd0k0/
  aaa new-model
  aaa session-id common
  system mtu routing 1500
  vtp mode transparent
  ip routing
  crypto pki trustpoint TP-self-signed-13407744
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-13407744
  revocation-check none
  rsakeypair TP-self-signed-13407744
  crypto pki certificate chain TP-self-signed-13407744
  certificate self-signed 01
    3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31333430 37373434 301E170D 39333033 30313030 31393031
    5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
    2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313334 30373734
    3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BC82
    4A857145 B3984EBF ED1553C2 E23AF1CF 60B5CB00 96984A72 CEC9F4CC 09CA7B8D
    7416102A E630D17C 66716B57 DF7991AB 87DE6EBD DADE5539 F0278510 70BE7391
    F2EC292D DF0C707A 70083E80 D19F4D3D 31462E89 5EE310EE 4976F764 AB1592C1
    2A8EE610 C3B11D76 252568A7 2AE260B7 4C9141AB C8358A4A B76B94BF 6E970203
    010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 551D1104
    0D300B82 097A6575 732D7377 312E301F 0603551D 23041830 16801487 8F7A7E29
    112BA5CC 42E2E9E0 0A9C5ACF 6CCBD330 1D060355 1D0E0416 0414878F 7A7E2911
    2BA5CC42 E2E9E00A 9C5ACF6C CBD3300D 06092A86 4886F70D 01010405 00038181
    0059DAD2 5601B324 2B1E4143 9CE67677 45100C44 DC21364D 175CB8F2 178B0EBC
    D39D603F 8F896ADB 4CEEA493 13D8C028 F805F67B 9C7D6BA4 D195B7F3 FEED6763
    F03F4575 B768C6FB 9A783232 DCC60120 9F72B78C 9B5C1B7A FD1C78D7 A3DF7BFE
    483E46E6 7CA84A6C 95F37C63 BEA804F9 E535520E 629AE46E 0752BE69 42781471 21
    quit
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  vlan 192
  name NativeVlan
  vlan 224
  name iSCSI
  vlan 225
  name ESX_MGMT
  vlan 226
  name VM_SERVERS
  vlan 227
  name VMOTION
  vlan 228
  name VIEWDESKTOPS
  vlan 229
  name VCLOUD
  lldp run
  interface FastEthernet0/1
  interface FastEthernet0/2
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 192
  switchport trunk allowed vlan 192,224-229
  switchport mode trunk
  interface FastEthernet0/3
  interface FastEthernet0/4
  interface FastEthernet0/5
  interface FastEthernet0/6
  interface FastEthernet0/7
  interface FastEthernet0/8
  interface FastEthernet0/9
  interface FastEthernet0/10
  interface FastEthernet0/11
  interface FastEthernet0/12
  interface FastEthernet0/13
  interface FastEthernet0/14
  interface FastEthernet0/15
  interface FastEthernet0/16
  interface FastEthernet0/17
  interface FastEthernet0/18
  interface FastEthernet0/19
  interface FastEthernet0/20
  interface FastEthernet0/21
  interface FastEthernet0/22
  interface FastEthernet0/23
  interface FastEthernet0/24
  interface FastEthernet0/25
  interface FastEthernet0/26
  interface FastEthernet0/27
  interface FastEthernet0/28
  interface FastEthernet0/29
  interface FastEthernet0/30
  interface FastEthernet0/31
  interface FastEthernet0/32
  interface FastEthernet0/33
  interface FastEthernet0/34
  interface FastEthernet0/35
  interface FastEthernet0/36
  interface FastEthernet0/37
  interface FastEthernet0/38
  interface FastEthernet0/39
  interface FastEthernet0/40
  interface FastEthernet0/41
  interface FastEthernet0/42
  interface FastEthernet0/43
  interface FastEthernet0/44
  interface FastEthernet0/45
  interface FastEthernet0/46
  interface FastEthernet0/47
  interface FastEthernet0/48
  interface GigabitEthernet0/1
  interface GigabitEthernet0/2
  switchport trunk allowed vlan 192,224-229
  interface GigabitEthernet0/3
  interface GigabitEthernet0/4
  description LINK SG200 UNTAGGED
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 192
  switchport trunk allowed vlan 192,224-229
  switchport mode trunk
  interface Vlan1
  no ip address
  interface Vlan192
  ip address 192.168.10.254 255.255.255.0
  interface Vlan224
  description iSCSI
  ip address 10.23.224.254 255.255.255.0
  interface Vlan225
  description ESX
  ip address 10.23.225.254 255.255.255.0
  interface Vlan226
  description VM_SERVERS
  ip address 10.23.226.254 255.255.255.0
  ip helper-address 10.23.226.2
  interface Vlan227
  description VIEWDESKTOPS
  ip address 10.23.227.254 255.255.255.0
  interface Vlan228
  description vCloudDir
  ip address 10.23.228.254 255.255.255.0
  interface Vlan229
  description SERVERS
  ip address 10.23.229.254 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 192.168.10.1
  ip http server
  ip http authentication local
  no ip http secure-server
  end

  Glen,
  Thanks for your advise. After changing the port as an access port I am able ping all vlans and my gateway from my home router 192.168.10.1, However a new issues came up. I am not able to get to the internet.
  It seems it works from the 3560:
  zeus-sw1#ping yahoo.com
  Translating "yahoo.com"...domain server (255.255.255.255) [OK]
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 206.190.36.45, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 76/94/134 ms
  zeus-sw1#
  It wont work from my pc:
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Link-local IPv6 Address . . . . . : fe80::3d53:efc0:ea00:9bd2%3
     IPv4 Address. . . . . . . . . . . : 10.23.226.9
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.23.226.254
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
  Tunnel adapter isatap.{461494F6-EA41-42CC-8B0A-B5BD2D8097DA}:
    Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
  C:\Users\user1>ping google.com
  Ping request could not find host google.com. Please check the name and try agai
  .C:\Users\user1>ping 14.2.2.2
  Pinging 14.2.2.2 with 32 bytes of data:
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  Ping statistics for 14.2.2.2:
      Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

• VLAN config issue

       I am configuring VLANS on 2960x switches by building.  We have about 15 buildings and would like to have each building be in its own VLAN.  This issue I am having is that we have some devices that are static IP's and when those devices are pluged in, they do not work.  Cannot ping them.  For example, our maintenance department has some energy management devices that are addressed 10.20.1.x and printers are address 10.10.101.x.  So when i configure vlan 55, ip address 10.55.1.2, set the switch ports to switchports access vlan 55 and plug any device with a static ip in to that switch, it doesnt work.  It is possible to have these devices on the same vlan as everthing else in thier building without changing their IP address? 

  The 2960  is set up with all ports in vlan 55 and the link back to the 4506 is a trunk port.  The 4506 port is set up the same.
  4506
  interface Vlan55
  ip address 10.55.1.1 255.255.255.0
  Port to 2960
  interface GigabitEthernet2/10
  switchport access vlan 55
  switchport mode trunk
  2960
  interface Vlan55
  ip address 10.55.1.3 255.255.255.0
  ip helper-address 10.10.1.41  -- DHCP server
  ip helper-address 10.10.11.2 -- wireless controller
  port to 4506
  interface GigabitEthernet1/0/52
  switchport access vlan 55
  switchport mode trunk
  ip route 0.0.0.0 0.0.0.0 10.55.1.1
  When i plug in a device with a static ip, for example, 10.20.1.250, SM 255.255.0.0, DG 10.20.1.1 it does not work.  These are not PC''s .  They are allen bradly controllers that are installed on equipment like air compressors and heaters so our maintenanse department can monitor everything.  Theses devices will not be in every switch and have been installed way before i started working here.  I set up a pc using a address in the 10.20 range and cant even ping the switch that is plugged into. 

• VLAN's on 3524 VLAN enable issue (I don't want to route between them)

  I have segmented a 3524 switch into three different VLANs. One is the managment VLAN 1 and the other two are for my Test Lab and Production network. I don't want either VLAN to see the other (router between them). My problem is my VLAN10 and VLAN12 will not come out of a shutdown state. They stay administratively down even after I issue the no shut command from within the VLAN Interface. What am I doing wrong here?

  My guess is that you created 3 SVI's instead of creating the layer 2 vlans that you need . Do a show vlan ", do all 3 of your vlans show up ? If you created 3 different layer 3 SVI's , (conf t , interface vlan 10 and or 12 then the switch will only enable 1 because this is strictly used to manage the switch . To create your vlans I believe on this switch you need to use the vlan database. At the switch prompt type vlan database, enter. Then type vlan 10 , hit enter , then type vlan 12 and hit enter . This activates the layer 2 vlans .Exit out to the command line and do a show vlan and see if all 3 show up now.Apply the vlans to the ports as needed . These should now show up when you do a "show vlan" . I think you gettting confused between the layer 3 SVI's and the layer 2 vlans .