Exalogic VLAN bond issue
Hi,
vlan module: 8021q used
For example
ref link; http://docs.oracle.com/cd/E18476_01/doc.220/e18478/commproc.htm#BEIHAIDA --- here they used multiple physical hosts not single ethernet port
Here
in bracket oracle details and other is my details
1) eth0 (1A-ETH-3) - ethernet port
2) vlan121 (eth4, vlan 10 ) - vlan 121
3) vlan122 (eth5, vlan 11 ) - vlan 122
I have a exalogic machine which has Oracle Linux 5.6- x64 bit
Created 2 VLANs with IP and bond interface if i start network service [service network restart], I
get hardware address conflicts error message on vlan 121, 122
i have 1 physical lan cord, creating eth0, multiple vlans, bond1, bond0 interfaces
i could see eth0 192.168.1.12, bond1 192.168.48.128 but vlan121, vlan122 no static ips displayed
Question : How can i build vlan121, vlan122 ip address should set as static ips (or) based on hardware address
when i run #ifconfig -a ==> default HwAddr displays common for all the vlans, bond1, eth0
# vim /etc/sysconfig/network-scripts/ifcfg-vlan121
DEVICE=vlan121
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.48.129
#HWADDR=a2:c0:a0:a8:01:01
VLAN=yes
PHYSDEV=eth0
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
MASTER=bond1
SLAVE=yes
# vim /etc/sysconfig/network-scripts/ifcfg-vlan122
DEVICE=vlan122
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.48.130
#HWADDR=a2:c0:a0:a8:01:01
VLAN=yes
PHYSDEV=eth0
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
MASTER=bond1
SLAVE=yes
# vim /etc/sysconfig/network-scripts/ifcfg-bond1
DEVICE=bond1
IPADDR=192.168.48.128
NETMASK=255.255.255.0
BOOTPROTO=none
USERCTL=no
TYPE=Ethernet
ONBOOT=yes
IPV6INIT=no
BONDING_OPTS="mode=active-backup miimon=100 downdelay=5000 updelay=5000"
GATEWAY=192.168.48.1
I'm not really sure I understand your question. If you want any or all network interface cards in a computer to be used for communication, then any or all need to be connected to a switch or network router using a cable. Every real and virtual NIC has a physical address (MAC), which the device broadcasts when initialized to tell other devices that it's there. The MAC address is a unique number. The mapping of an IP address to a MAC address is maintained by an ARP table.
Network redundancy typically shifts an IP address among available devices. If a devices fails, a standby is activated, which updates the ARP table to inform other devices of the change and IP communiation can continue. I have also seen non Linux systems, which actually modify the phsycial MAC address of a device. If you want to use mutliple NIC's to work in a team for performance, the system network stack needs to support inverse multiplexing and you need to connect each device to a managed network switch that supports Link Aggregation Ccontrol Protocol (802.3ad).
Your ping issue might be due to TCP/IP routing. Devices by default see each other only if they are phycially connected through a switch and share the same network or subnet. If you have devices with different subnets you need to configure a TCP/IP gateway or bridge. This is basic TCP/IP routing and knowledge, which is explained by many free sources available on the Internet. Just search Google for TCP/IP routing basics.
Update:
Looking at your TCP/IP configuration from the information you provided, your VLAN interface is not within the network (netmask) of your gateway, hence the VLAN interface has no knowledge of your other networks. So perhaps if you change your VLAN to 255.255.0.0 it will work.
Similar Messages
-
Are drawable bond issues possible in ECC 6 FSCM - Treasury & Risk Mgmt
We have been attempting to use drawable bonds from the debt side (versus as an investment) and have been unsuccessful in making it work as category 41 does not allow for issues and redemptions like product category 40 with product types 04X and 04Y. The category appears to only allow for purchase or sale. Has anyone found a workaround to allow for Drawable Bond Issues to occur? If so please point us in the right direction.
Thank you,
Lisa
P.S. We have walked through the link below and been able to make drawable bonds work from the investment side.
http://help.sap.com/SAPHELP_ERP2005/helpdata/EN/2f/b9b5386f64b555e10000009b38f8cf/content.htmHi,
How are you tracking your TDS? Through derived flows? In that case you can have 2 different procedures and assign suitable procedure for the corresponding business partner.
you can check here for country specific settings.
http://help.sap.com/erp2005_ehp_05/helpdata/en/2d/dd27906749406eb46c6746c4a7ce2d/frameset.htm
Regards,
Ravi -
Standard function support for bond issueing?
Dear all,
Within Treasury and Risk Management, are there some standard functions to handle bond issueing?
The requirement is mainly to record information of bond details, interest payment and repayment, and currently we don't take postings to GL and payments into consideration.
Thanks and cheers,
leecheyHi,
Bond Issue is available as a standard in TRM. You need to create a separate security account which is a liabilities account for issuing bonds. Bond issues are also managed in similar way to other bonds through a security master.
Please check the following for more info on bond issue:
http://help.sap.com/erp2005_ehp_05/helpdata/en/48/c1f409568f04e7e10000000a42189c/frameset.htm
Regards,
Ravi -
Exalogic cloud - vlan bond1 issue
Hi,
vlan module: 8021q used
For example
ref link; http://docs.oracle.com/cd/E18476_01/doc.220/e18478/commproc.htm#BEIHAIDA --- here they used multiple physical hosts not single ethernet port
Here
in bracket oracle details and other is my details
1) eth0 (1A-ETH-3) - ethernet port
2) vlan121 (eth4, vlan 10 ) - vlan 121
3) vlan122 (eth5, vlan 11 ) - vlan 122
I have a exalogic machine which has Oracle Linux 5.6- x64 bit
Created 2 VLANs with IP and bond interface if i start network service [service network restart], I
get hardware address conflicts error message on vlan 121, 122
i have 1 physical lan cord, creating eth0, multiple vlans, bond1, bond0 interfaces
i could see eth0 192.168.1.12, bond1 192.168.48.128 but vlan121, vlan122 no static ips displayed
Question : How can i build vlan121, vlan122 ip address should set as static ips (or) based on hardware address
when i run #ifconfig -a ==> default HwAddr displays common for all the vlans, bond1, eth0
# vim /etc/sysconfig/network-scripts/ifcfg-vlan121
DEVICE=vlan121
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.48.129
#HWADDR=a2:c0:a0:a8:01:01
VLAN=yes
PHYSDEV=eth0
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
MASTER=bond1
SLAVE=yes
# vim /etc/sysconfig/network-scripts/ifcfg-vlan122
DEVICE=vlan122
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.48.130
#HWADDR=a2:c0:a0:a8:01:01
VLAN=yes
PHYSDEV=eth0
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
MASTER=bond1
SLAVE=yes
# vim /etc/sysconfig/network-scripts/ifcfg-bond1
DEVICE=bond1
IPADDR=192.168.48.128
NETMASK=255.255.255.0
BOOTPROTO=none
USERCTL=no
TYPE=Ethernet
ONBOOT=yes
IPV6INIT=no
BONDING_OPTS="mode=active-backup miimon=100 downdelay=5000 updelay=5000"
GATEWAY=192.168.48.1Moderator Action:
This appears to be a direct duplicate of your post in the Oracle Linux forum space...
https://forums.oracle.com/thread/2562248
I'm not sure what this topic has to the Oracle Cloud Service, but it is locked because it is a duplicate cross-post.
Multi-posting is poor forum etiquette. -
Vlan tag issue with Nexus 4001 in IBM Blade Centre
Hi
I have a DC architecture with a pair of Nexus 7010's running 3 VDC's (Core/Aggregation/Enterprise). I have at the edge Nexus 5548's which connect to back to the Aggregation VDC. Also connecting back to the Aggregation VDC is an IBM Blade Chassis which has a Nexus 4001i in slots 7 and slot 9. These blade servers are running ESXi 4.0 and are mapped to the Nexus 4001 blade switch.
I had set up the Native VLAN as VLAN 999 which connects up to the ESXi host and I am trunking up multiple VLANS for the Virtual Machines.
The problem I have is that VM's in all VLANS except the ESXi host VLAN (VLAN 10) cannot see their default gateway, and I suspect that there is an issue with the VLAN tag going up to the ESXi host. I have read enough documentation to suggest that this is where the issue is.
My Nexus 4001 interface configuration is below
interface Ethernet1/1
switchport mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 10,30,40-41,60-62,90,96,999
spanning-tree port type edge trunk
speed auto
The Aggregation VDC on the Nexus 7010 is the default gateway for all these VLANS.
I also noted that the Nexus 5000 and Nexus 7000 supports the command vlan dot1q tag native command yet the Nexus 4000 doesn't seem to support this. Any assistance would be useful
Thanks
GregYour configuration on the N4K looks correct. You shouldn't use vlan dot1q tag native commands on your N7Ks and N5Ks. Native VLAN tagging is really for QinQ (dot1q tunneling).
My only suggestion is check your configuration of the vSwitch in the ESXi host and the host network profile.
Regards,
jerry -
I have an issue with a VLAN map I am attempting to use to filter traffic. It is a flat Layer 2 LAN so all hosts are in VLAN 1. I have a number of test machines that I want to deny access to live database servers. To do this I tried the following:
ip access-list extended testboxes
permit ip host x.x.x.x host x.x.x.x
vlan access-map denytest 10
match ip address testboxes
action drop
vlan filter denytest vlan-list 1
Once I apply the VLAN map I lose all connectivity to the switch. Is there something I am missing here?
Thanks
IanUnlike regular IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN. If a VACL is configured for a certain traffic and that traffic does not match the VACL, the default action is deny. Additionally, VACLs have an implicit deny at the end of the map; a packet is denied if it does not match any ACL entry, and at least one ACL is configured for the packet type. Add an additional permit statement allowing telnet/ssh/or web traffic to the switch:
permit tcp host X.X.X.X host X.X.X.X eq telnet
Best Regards
Francisco -
Ip phone and pc VLAN security issue - ISE 1.0
Hello there.
We are about to implement IP phones to our current network and during testing I have found 2 issues.
1- ip phone connects to a protected port using ISE mab authentication for the data network.
The voice VLAN is set up static on the port. The pc VLAN is given by ISE profiling.
Then the issue is that once the pc connects to the VLAN it belongs to from the ip phone it leaves open that vlan on that port which means that if I connect another pc it will get the original VLAN the port had open up the connection with. This is a big security issue as computers that should not be allowed on specific VLAN can access them this way.
2- once the connection is up and running on the port for both the phone and the pc, there is re-authentication Happening every minute to ISE. The Authentication logs are getting so many messages for just one port. So once we convert from 2 ip phones to 500, that is definitely going to generate a lot of unnecessary traffic.
Let me know your thoughts...thanks
Port config info....below
interface GigabitEthernet0/2
description Extra port by Camilos Desk
switchport mode access
switchport voice vlan 220
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
mls qos trust cos
snmp trap mac-notification change added
auto qos trust
spanning-tree portfast
endOn # 1
You have the make sure that
"authentication host-mode multi-domain" command is under each port
This will allow one voice vlan and only one PC vlan at any given time. If you disconnect a PC and connect onother PC mac address to it, the phone will reinitialize to accept or reject the new mac based on its profile.
On #2
I have not found a solution. But what I have found after deployment is that it has happend only on 2 VOIP phones, out of 70 that we have as of now. So it might to be related to ISE.
On the other hand we are not using Cisco phones but mitel. So this might be a whole issueon itself.
Hope this helps. -
Cisco 877W Dual SSID/VLAN Security Issue
Hi All
I have an issue with my 877W that is as fascinating as it is frustrating. I have two SSIDs/VLANs, one for trusted LAN users (PRIVATE), and one for guests (GUEST). The PRIVATE network is secured from the GUEST nework by zone based firewall. Everything works fine, guest devices cannot access private devices, except for one thing - the BVI interface on the PRIVATE network is always accessible to guest devices, and all services open to attack eg telnet/ssh/http/dns etc. I've tried everything to secure this interface from the guest network, including putting deny any any on physical, BVI and VLAN interfaces
Am I missing something obvious, or some fundamental architecture of the 877 that would stop this interface being secured? Any help aprreciated!
P.S config has been pared down to basics below
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ROUTER
boot-start-marker
boot-end-marker
logging buffered 4096
enable secret 5 $1$BdpF$r/mAhQGYs8LBlqEpANmke0
no aaa new-model
dot11 syslog
dot11 ssid PRIVATE@123
vlan 100
authentication open
authentication key-management wpa
wpa-psk ascii 7 046B0A535A15441D2D0C11141A5A5F
dot11 ssid VISITOR@123
vlan 200
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 03374C0A08392040420C00
ip source-route
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.1.1 172.16.1.10
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp pool GUEST
utilization mark low 70 log
network 172.16.1.0 255.255.255.0
dns-server 192.168.0.1 61.9.242.33 61.9.226.33
default-router 172.16.1.1
ip dhcp pool PRIVATE
utilization mark low 70 log
network 192.168.0.0 255.255.255.0
dns-server 192.168.0.1 61.9.242.33 61.9.226.33
default-router 192.168.0.1
ip cef
no ipv6 cef
multilink bundle-name authenticated
username cisco privilege 15 password 7 073F205F5D1E491713
policy-map type inspect PM-DENYGUEST
class class-default
drop
zone security GUEST
zone security PRIVATE
zone-pair security GUEST-TO-PRIVATE source GUEST destination PRIVATE
service-policy type inspect PM-DENYGUEST
bridge irb
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
interface FastEthernet0
no ip address
interface FastEthernet1
switchport access vlan 100
no ip address
interface FastEthernet2
switchport access vlan 100
no ip address
interface FastEthernet3
no ip address
interface Dot11Radio0
no ip address
encryption vlan 100 mode ciphers aes-ccm
encryption vlan 200 mode ciphers aes-ccm
broadcast-key vlan 100 change 30
broadcast-key vlan 200 change 30
ssid PRIVATE@123
ssid VISITOR@123
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.100
encapsulation dot1Q 100 native
zone-member security PRIVATE
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.200
encapsulation dot1Q 200
zone-member security GUEST
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Vlan1
no ip address
interface Vlan100
no ip address
bridge-group 1
interface Vlan200
no ip address
bridge-group 2
interface Dialer0
ip address negotiated
ip access-group 101 out
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 7 10580A4F1C4005005B
interface BVI1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security PRIVATE
interface BVI2
ip address 172.16.1.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
zone-member security GUEST
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
logging 192.168.0.11
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
line con 0
exec-timeout 5 0
no modem enable
transport output all
line aux 0
exec-timeout 0 1
no exec
transport output none
line vty 0 4
exec-timeout 5 0
login local
transport input telnet ssh
transport output none
endIgnore that. self zone got me. Argh! phew!
-
Dynamic VLAN assignment issue with ACS & WLC
I have configured an ACS (v4.2) & a WLC 4402 (5.2.193.0) according to the document listed at: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
When I attempt to authenticate a user in the ACS local user database, I receive an auth failure. I have enabled debugging in the WLC's CLI and I see that I get an authentication failure from the ACS. Upon reviewing the ACS's 'failed attempts' log, I see the username I attempt to authenticare with but it reports 'CN user unknown' even though this user is the local database.
During troubleshooting, I discovered that if I modify the AAA client for the WLC and change it to 'Cisco Aironet' rather than 'Cisco Airespace', authentication works perfectly, the proper user is authenticated to the local database and I am able to connect to the SSID. The only issue is that because I'm now using Aironet instead of Airespace, the IETF attributes 064, 065, and 081 (VLAN, 802, and the VLAN ID respectively) do not properly assign the VLAN that the user needs to be on.
Am I missing something?I determined that a NAP was blocking my authentication using Airespace and can successfully authenticate with both Aironet and Airespace now. I also reviewed the debug output of both types of connections and I can see the proper attributes coming through, but the wireless clients just won't assign to the right VLAN interface.
I've reviewed all of the configuration settings per the document about 40 or 50 times now and I am certain I'm not missing anything. I do indeed have override enabled but the configured interface 'management' is still the one the user is assigned to every time, even in the client connection details under the monitor tab. ARGH!! -
Mesh Ethernet Bridging with VLAN Tagging Issue
Hi all.
I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again.
Has anyone else seen this? I can't find any relevant bugs.
JustinHi Saravanan,
It is one RAP and three MAPs. After a TAC call and 30 hours of monitoring, my VLANs have remained registered. I think the issue was mismatched VLANs to bridge groups an it looks like the mesh bridge may be stable for now. Here is what I was seeing on the RAP and MAPs when the VLANs were deregistering unexpectedly. Notice how VLANs 2 and 10 are mapped to opposite bridge groups on the RAP and MAP:
After I removed all the VLAN IDs from the Trunk configuration on the MAPs (through each AP's Mesh tab -- Ethernet Bridging config) and then rebuilt the VLAN IDs, I ran the same commands and now see this:
My very unscientific theory here is that the mismatching was causing consistency checks to fail, so the RAP was just tearing down the registrations after getting bogus or non- responses from the MAPs during the periodic VLAN registration maintenance checks (debug mesh ethernet registration).
If I have continued issues, I'll post back with updates.
Thanks for the response!
Justin -
Dot1X guest vlan authentication issue..Real Challenge!!
Hi Guys!
I would really appreciate if some one could help me find lead on this issue...
My coporate and Quarantine users dosn't get correct VLAN as soon as i enable Guest VLAN feature..all of them go to guest VLAN...
Scenario 1
interface GigabitEthernet3/0/42
switchport mode access
authentication port-control auto
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x timeout tx-period 5
spanning-tree portfast
Test Workstation behavior
802.1X (Corporate) = VLAN 1
802.1X (Quarantine)= VLAN 20
Non-802.1X (Guest) = UnAouthorized
Conclusion
802.1x authentication is working without the guest VLAN feature
Scenario 2
interface GigabitEthernet3/0/42
switchport mode access
authentication event no-response action authorize vlan 30
authentication port-control auto
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x timeout tx-period 5
spanning-tree portfast
Test Workstation behavior
802.1X (Corporate) = VLAN 30 GuestVlan
802.1X (Quarantine)= VLAN 30 GuestVlan
Non-802.1X = VLAN 30 GuestVlan
Conclusion
802.1X doesn't work after enabling Guest VLAN feature (no-response)
Some important notes...
1) IOS version = c3750-ipbase-mz.122-50.SE.bin the only IOS which supports 10gig modules...
so i can not test with any other IOS
2) We had older 3750 100Mpbs switches with same config (we copied the config from old switch to new Switch) and the only command which got change automatically due to IOS change is....
dot1x guest-vlan 30 (Old IOS syntax) = authentication event no-response action authorize vlan 30 (New IOS syntax)
so even if you put old command syntax it will get change to new one...
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/guide/sw8021x.html#wp1176660
Guys please help me.........Just to update you here.......after running some debugs on Swicth i found that....(Scenario-2)
When we connect 8021X enabled PCs (Coporate users) and Boot them...they initially behave like Non-8021X client while booting and during that time switch puts them in guest vlan but when workstation comes to a state (login prompt)where they start communicating like 8021X client.....switch just fails to put them in appropriate VLANs.. may be due to some time out issues.........I feel like i am very close to get the solution but just wondering which timers need to change or may be i am wrong if there is something else need to be put in...........any way i just shared my things with you....
Same Workstations are working fine with old swicthes without any problem...it is windows XP SP3 -
I installed a few 8831s last week for my customer. These phones had no issue on the initial day we set them up.
However the next week we moved them to a different location and they were pulling the DHCP IP address of my Access VLAN, however it showed the VLAN tag on the phone of my Voice VLAN.
I defaulted and reconfigured the port, tried different switches with different VLANs, and had the same result every time.
I was just wondering if anyone else had run into this issue.Hello!
Have you tried to reset Network settings? All settings?
Apps > Admin Settings > Reset Settings>All
Can u post show run from switches and box, where dhcp server is started?
Regards,
Kirill -
Hi,
I need some help setting up L3 Cisco 3560 for my VM lab. I have setup a few vlans and at this point I am trying to test out routing and connectivity. I came across with two issues and I am trying to get good advise from the experst since I am not
The Cisco 3560 is directly connected to my home router gi0/4 192.168.10.0/24 which would be my internet connection. The home router default gateway is 192.168.10.1.
I created Vlan192 on the 3560 to interact with the home router and get me to the outside world from the core. Obviously I'm doing something wrong here and came across 2 issues.
1- I tried setting Fas0/2 as trunk port and using the vlan226 on my pc but it wont work when I set this to my computer. It wont route to all vlans and I am not able to ping this 10.23.226.9 address from the 3560. The only way this works for me is if I set the IP to the 192 range which is my native Vlan, but anything other from 192 wont route.
PC IP address
10.23.226.9
255.255.255.0
10.23.226.254
Fas0/2 configurartion
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 192,224-229
switchport mode trunk
Please see my entire config below and maybe you can help since I am not an expert on this.
zeus-sw1#sh run
Building configuration...
Current configuration : 5364 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname zeus-sw1
boot-start-marker
boot-end-marker
no logging console
enable secret 5 $1$E9/L$UAOdxa6S.6QT52G2Lgcll0
enable
username admin1 privilege 15 secret 5 $1$hlCW$laTgSRIXF2LnZO.wyd0k0/
aaa new-model
aaa session-id common
system mtu routing 1500
vtp mode transparent
ip routing
crypto pki trustpoint TP-self-signed-13407744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-13407744
revocation-check none
rsakeypair TP-self-signed-13407744
crypto pki certificate chain TP-self-signed-13407744
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333430 37373434 301E170D 39333033 30313030 31393031
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313334 30373734
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BC82
4A857145 B3984EBF ED1553C2 E23AF1CF 60B5CB00 96984A72 CEC9F4CC 09CA7B8D
7416102A E630D17C 66716B57 DF7991AB 87DE6EBD DADE5539 F0278510 70BE7391
F2EC292D DF0C707A 70083E80 D19F4D3D 31462E89 5EE310EE 4976F764 AB1592C1
2A8EE610 C3B11D76 252568A7 2AE260B7 4C9141AB C8358A4A B76B94BF 6E970203
010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 551D1104
0D300B82 097A6575 732D7377 312E301F 0603551D 23041830 16801487 8F7A7E29
112BA5CC 42E2E9E0 0A9C5ACF 6CCBD330 1D060355 1D0E0416 0414878F 7A7E2911
2BA5CC42 E2E9E00A 9C5ACF6C CBD3300D 06092A86 4886F70D 01010405 00038181
0059DAD2 5601B324 2B1E4143 9CE67677 45100C44 DC21364D 175CB8F2 178B0EBC
D39D603F 8F896ADB 4CEEA493 13D8C028 F805F67B 9C7D6BA4 D195B7F3 FEED6763
F03F4575 B768C6FB 9A783232 DCC60120 9F72B78C 9B5C1B7A FD1C78D7 A3DF7BFE
483E46E6 7CA84A6C 95F37C63 BEA804F9 E535520E 629AE46E 0752BE69 42781471 21
quit
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 192
name NativeVlan
vlan 224
name iSCSI
vlan 225
name ESX_MGMT
vlan 226
name VM_SERVERS
vlan 227
name VMOTION
vlan 228
name VIEWDESKTOPS
vlan 229
name VCLOUD
lldp run
interface FastEthernet0/1
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 192
switchport trunk allowed vlan 192,224-229
switchport mode trunk
interface FastEthernet0/3
interface FastEthernet0/4
interface FastEthernet0/5
interface FastEthernet0/6
interface FastEthernet0/7
interface FastEthernet0/8
interface FastEthernet0/9
interface FastEthernet0/10
interface FastEthernet0/11
interface FastEthernet0/12
interface FastEthernet0/13
interface FastEthernet0/14
interface FastEthernet0/15
interface FastEthernet0/16
interface FastEthernet0/17
interface FastEthernet0/18
interface FastEthernet0/19
interface FastEthernet0/20
interface FastEthernet0/21
interface FastEthernet0/22
interface FastEthernet0/23
interface FastEthernet0/24
interface FastEthernet0/25
interface FastEthernet0/26
interface FastEthernet0/27
interface FastEthernet0/28
interface FastEthernet0/29
interface FastEthernet0/30
interface FastEthernet0/31
interface FastEthernet0/32
interface FastEthernet0/33
interface FastEthernet0/34
interface FastEthernet0/35
interface FastEthernet0/36
interface FastEthernet0/37
interface FastEthernet0/38
interface FastEthernet0/39
interface FastEthernet0/40
interface FastEthernet0/41
interface FastEthernet0/42
interface FastEthernet0/43
interface FastEthernet0/44
interface FastEthernet0/45
interface FastEthernet0/46
interface FastEthernet0/47
interface FastEthernet0/48
interface GigabitEthernet0/1
interface GigabitEthernet0/2
switchport trunk allowed vlan 192,224-229
interface GigabitEthernet0/3
interface GigabitEthernet0/4
description LINK SG200 UNTAGGED
switchport trunk encapsulation dot1q
switchport trunk native vlan 192
switchport trunk allowed vlan 192,224-229
switchport mode trunk
interface Vlan1
no ip address
interface Vlan192
ip address 192.168.10.254 255.255.255.0
interface Vlan224
description iSCSI
ip address 10.23.224.254 255.255.255.0
interface Vlan225
description ESX
ip address 10.23.225.254 255.255.255.0
interface Vlan226
description VM_SERVERS
ip address 10.23.226.254 255.255.255.0
ip helper-address 10.23.226.2
interface Vlan227
description VIEWDESKTOPS
ip address 10.23.227.254 255.255.255.0
interface Vlan228
description vCloudDir
ip address 10.23.228.254 255.255.255.0
interface Vlan229
description SERVERS
ip address 10.23.229.254 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip http server
ip http authentication local
no ip http secure-server
endGlen,
Thanks for your advise. After changing the port as an access port I am able ping all vlans and my gateway from my home router 192.168.10.1, However a new issues came up. I am not able to get to the internet.
It seems it works from the 3560:
zeus-sw1#ping yahoo.com
Translating "yahoo.com"...domain server (255.255.255.255) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 206.190.36.45, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/94/134 ms
zeus-sw1#
It wont work from my pc:
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::3d53:efc0:ea00:9bd2%3
IPv4 Address. . . . . . . . . . . : 10.23.226.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.23.226.254
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{461494F6-EA41-42CC-8B0A-B5BD2D8097DA}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\user1>ping google.com
Ping request could not find host google.com. Please check the name and try agai
.C:\Users\user1>ping 14.2.2.2
Pinging 14.2.2.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 14.2.2.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), -
I am configuring VLANS on 2960x switches by building. We have about 15 buildings and would like to have each building be in its own VLAN. This issue I am having is that we have some devices that are static IP's and when those devices are pluged in, they do not work. Cannot ping them. For example, our maintenance department has some energy management devices that are addressed 10.20.1.x and printers are address 10.10.101.x. So when i configure vlan 55, ip address 10.55.1.2, set the switch ports to switchports access vlan 55 and plug any device with a static ip in to that switch, it doesnt work. It is possible to have these devices on the same vlan as everthing else in thier building without changing their IP address?
The 2960 is set up with all ports in vlan 55 and the link back to the 4506 is a trunk port. The 4506 port is set up the same.
4506
interface Vlan55
ip address 10.55.1.1 255.255.255.0
Port to 2960
interface GigabitEthernet2/10
switchport access vlan 55
switchport mode trunk
2960
interface Vlan55
ip address 10.55.1.3 255.255.255.0
ip helper-address 10.10.1.41 -- DHCP server
ip helper-address 10.10.11.2 -- wireless controller
port to 4506
interface GigabitEthernet1/0/52
switchport access vlan 55
switchport mode trunk
ip route 0.0.0.0 0.0.0.0 10.55.1.1
When i plug in a device with a static ip, for example, 10.20.1.250, SM 255.255.0.0, DG 10.20.1.1 it does not work. These are not PC''s . They are allen bradly controllers that are installed on equipment like air compressors and heaters so our maintenanse department can monitor everything. Theses devices will not be in every switch and have been installed way before i started working here. I set up a pc using a address in the 10.20 range and cant even ping the switch that is plugged into. -
VLAN's on 3524 VLAN enable issue (I don't want to route between them)
I have segmented a 3524 switch into three different VLANs. One is the managment VLAN 1 and the other two are for my Test Lab and Production network. I don't want either VLAN to see the other (router between them). My problem is my VLAN10 and VLAN12 will not come out of a shutdown state. They stay administratively down even after I issue the no shut command from within the VLAN Interface. What am I doing wrong here?
My guess is that you created 3 SVI's instead of creating the layer 2 vlans that you need . Do a show vlan ", do all 3 of your vlans show up ? If you created 3 different layer 3 SVI's , (conf t , interface vlan 10 and or 12 then the switch will only enable 1 because this is strictly used to manage the switch . To create your vlans I believe on this switch you need to use the vlan database. At the switch prompt type vlan database, enter. Then type vlan 10 , hit enter , then type vlan 12 and hit enter . This activates the layer 2 vlans .Exit out to the command line and do a show vlan and see if all 3 show up now.Apply the vlans to the ports as needed . These should now show up when you do a "show vlan" . I think you gettting confused between the layer 3 SVI's and the layer 2 vlans .
Maybe you are looking for
-
AppleCare tried to help, but since Safari is working fine on both accounts, they said the problem was with Firefox on the personal account and they could not help me any further than what they already tried I do not want to lost it on my business acc
-
When I click on an image on a web page using Safari, instead of opening the image in a new window (as it did 2 weeks ago) the image is downloaded to the desktop. If the image is a link to another web page it behaves correctly. It only happens if the
-
I have?3 qusestions: )Is there any difference between sound play back lat say 24/48khz in Enterteiment Mode and Audio Creation mode if awrything(EQ and etc)?is on flat 2)Entertaiment mode has to unoying bottons? Bass and Treble and thay are on defaul
-
Inventory transfer two report preview
Dear Experts, Kindly help me upon our problem. We are generating a report for inventory transfer using our customized report that is set on default. The problem arises when we are clicking the preview 2 Report are generated, one is from our customize
-
Set Print Preset in 10.6.7
I've found several discussion on this around the internet, but they all date at latest 2008 using 10.4 or earlier. In 10.6, this command creates a line (that does not exist prior) in the plist, but does not set the preset: do shell script "defaults w