Flapping MAC in default VLAN 1 (mngt vlan)

Similar Messages

• Vlan & Inter Vlan question

  Here is my network layout:
  I have a cable modem connecting to a Linksys WRT54GL (DDWRT) router. Port 1 on the WRT54GL is connect to port 01 on the SG300-10 switch.
  On the SG300-10 I've created two Vlans (Vlan 30 & Vlan 40). I assigned ports 3 & 4 on the SG300-10 to Vlan 30 and ports 5 & 6 to Vlan 40. Vlan 30 has the IP Address 10.10.30.1 and Vlan 40 has an Address of 10.10.40.1. The default Vlan (Vlan1) has an Address of 10.10.20.2. The default gateway (WRT54GL router) has an Address of 10.10.20.1. I have also enable DHCP relay on the switch and enter the command "ip routing". My question is on either vlan if I wanted to setup static addresses for clients would I use the 10.10.20.1 (WRT54GL) address as the default gateway? Also, what additional configurations do I need to make for the Vlans to be able to talk to each other and be able to access the internet?
  Thanks,

  Van,
  Thanks for the reply. The SG300-10 is in layer 3 mode. I have configured the DHCP server accordingly. Here is my setup:
                     cable modem
                            |
                            |
                     linksys wrt54gl (10.10.20.1)
                            |
                            |
                     sg300-10  Vlan1=  10.10.20.2 (manage)
                                    Vlan30= 10.10.30.0 /24 (GW= 10.10.30.1)
                                    Vlan40= 10.10.40.0 /24 (GW= 10.10.40.1)
  You said that for inter-Vlan to work I need to set the clients GW to the switch. Would that be the Vlan's gateway for clients in each vlan? For example if a client was in vlan30 their gw would be 10.10.30.1?
  The clients are not able to access the internet from the vlan. How would I configure the static on the switch for the vlans to be able to access the internet? Would this work:  ip route 0.0.0.0 0.0.0.0 10.10.20.1?

• L2VPN Local Switching VLAN to VLAN issue on 7200VXR/NPE-G1

  I've been working with a client trying to get this working. We tried 12.2(31)SB6, 12.4(15)T1 IP Services and 12.4(15)T1 Advanced IP Services.
  It works fine for Ethernet to Ethernet, or Ethernet to VLAN, but it doesn't work for VLAN to VLAN either on the same interface or on different interfaces. We've tried this on both a Cat5505 as well as a Cat294XL thinking that maybe there would be some issues with one platform or the other.
  Here's an example:
  ! VXR (12.4(15)T1 Adv. IP Services)
  interface GigabitEthernet0/1
  no ip address
  duplex full
  speed 100
  media-type rj45
  no negotiation auto
  interface GigabitEthernet0/1.202
  encapsulation dot1Q 202
  interface GigabitEthernet0/1.203
  encapsulation dot1Q 203
  connect test GigabitEthernet0/1.202 GigabitEthernet0/1.203
  ! Cat 5505
  set vlan 202 9/1
  set vlan 203 9/2
  set port name 9/1 PC1
  set port name 9/2 PC2
  set port name 9/3 VXR-G0/1TRUNK
  clear trunk 9/3 1-201,204-999
  set trunk 9/3 on dot1q 202-203,1000-1005
  We seem to be able to sequeeze a few packets through every once in awhile - like 1 or 2 every 20 or 30 packets:
  64 bytes from 192.168.1.1: icmp_seq=10 ttl=64 time=0.604 ms
  64 bytes from 192.168.1.1: icmp_seq=18 ttl=64 time=0.638 ms
  64 bytes from 192.168.1.1: icmp_seq=40 ttl=64 time=0.621 ms
  64 bytes from 192.168.1.1: icmp_seq=48 ttl=64 time=0.608 ms
  64 bytes from 192.168.1.1: icmp_seq=70 ttl=64 time=0.605 ms
  64 bytes from 192.168.1.1: icmp_seq=78 ttl=64 time=0.630 ms
  As you can see from the below show interface, the interface is receiving lots more packets than it's sending:
  Router#show int g0/1
  GigabitEthernet0/1 is up, line protocol is up
  Hardware is BCM1250 Internal MAC, address is 001c.b0fa.101b (bia 001c.b0fa.101b)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
  Keepalive set (10 sec)
  Full Duplex, 100Mbps, RJ45, media type is RJ45
  output flow-control is unsupported, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:00:15
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
  40 packets input, 2836 bytes, 0 no buffer
  Received 36 broadcasts (0 IP multicasts)
  0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 19 multicast, 0 pause input
  8 packets output, 672 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
  Router#
  Does L2VPN Local Switching VLAN to VLAN not work on VXRs or something?
  This link seems to indicate that E-E VLAN is supported in 12.4(11)T.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/fslocal.htm#wp1149105
  What am I missing?

  Hi,
  In ASR9k, VLAN is port significant so yes you can match the same VLAN on different port.
  For your untagged traffic, both UPE fo site 1 will think they are directly connected via two links so yes STP should take care about the loop
  For your VPLS domain, if you are not using VLAN 100 on site 3, you need to pop the tag on both ASR9k. Also do you extend STP to site 3 ?
  SVI is not supported in ASR9k today so you have to use unumbered interfaces instead:
  interface Loopback1
  ipv4 address a.b.c.d 255.255.255.255
  interface g0/7/0/0.200
  encapsulation dot1q 200
  ipv4 point-to-point
  ipv4 unnumbered Loopback1
  proxy-arp
  interface g0/7/0/1.200
  encapsulation dot1q 200
  ipv4 point-to-point
  ipv4 unnumbered Loopback1
  proxy-arp
  I never tested it in this situation but from STP perspective those links should be seen as host connection.
  Let me know if it works
  HTH
  Laurent.

• 1200: Native VLAN & Management VLAN

  I want to keep the management VLAN and native VLAN seperate. Is this the correct setup when using VLAN 999 as the native VLAN and VLAN 100 for the management VLAN.
  Management VLAN 100 (10.100.0.0/24)
  ### Trunk SW ###
  description "AP"
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 999
  switchport trunk allowed vlan
  switchport mode trunk
  switchport nonegotiate
  speed 100
  duplex full
  ### AP ###
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 99 key 1 size 128bit 7 3831CB248113D952741376BEC352 transmit-key
  encryption vlan 99 mode wep mandatory
  encryption vlan 11 mode ciphers tkip
  ssid xoxoxo
  vlan 11
  authentication open eap eap_methods
  authentication network-eap eap_methods
  authentication key-management wpa
  ssid xxx
  vlan 99
  authentication network-eap eap_methods
  speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
  rts threshold 2312
  station-role root
  interface Dot11Radio0.11
  encapsulation dot1Q 11
  no ip route-cache
  bridge-group 11
  bridge-group 11 subscriber-loop-control
  bridge-group 11 block-unknown-source
  no bridge-group 11 source-learning
  no bridge-group 11 unicast-flooding
  bridge-group 11 spanning-disabled
  interface Dot11Radio0.99
  encapsulation dot1Q 99
  no ip route-cache
  bridge-group 99
  bridge-group 99 subscriber-loop-control
  bridge-group 99 block-unknown-source
  no bridge-group 99 source-learning
  no bridge-group 99 unicast-flooding
  bridge-group 99 spanning-disabled
  interface dot11radio 0.999
  encapsulation dot1q 999 native
  interface dot11radio 0.100
  encapsulation dot1q 100
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  ntp broadcast client
  interface FastEthernet0.11
  encapsulation dot1Q 11
  no ip route-cache
  bridge-group 11
  no bridge-group 11 source-learning
  bridge-group 11 spanning-disabled
  interface FastEthernet0.99
  encapsulation dot1Q 99
  no ip route-cache
  bridge-group 99
  no bridge-group 99 source-learning
  bridge-group 99 spanning-disabled
  interface fastethernet 0.999
  encapsulation dot1q 999 native
  interface fastethernet 0.100
  encapsulation dot1q 100
  interface BVI100
  ip address 10.100.0.110 255.255.255.0
  no ip route-cache
  ip default-gateway 10.100.0.1

  This looks correct to me. Do you have a non_root bridge on their other side?
  Are you able to trunk all 4 VLANS with this config?

• VLAN to VLAN firewall rules support missing on RV180

  How do I submit an RFE (Request For Enhancement) to the Cisco SBR team to encourage them to  implement the missing support for VLAN to VLAN firewall rules that was available in the RVS4000 (See https://supportforums.cisco.com/message/3614106#3614106) and that was supposedly added to a beta release of the RV220W firmware (See  https://supportforums.cisco.com/message/3614106#3614106)?

  Hi Kelly, the RV220W does support LAN to LAN access rules on the 1.0.4.17 and it is released.
  To make a feature request, it is pretty simple. Call the SBSC, have a case created for you. Tell the engineer you'd like to make a feature request. It usually gets escalated in 3 days or less.
  -Tom
  Please mark answered for helpful posts

• How can I reset my Mac to default settings? Or how can I reset it to a prior date? My Mac has a virus and I would like to get rid of it. I would appreciate your help concerning this matter.

  How can I reset my Mac to default settings? Or how can I reset it to a prior date? My Mac has a virus and I would like to get rid of it. I would appreciate your help concerning this matter.

  To restore it follow these instructions: What to do before selling or giving away your Mac.
  Before you do the above check out the following;
  Helpful Links Regarding Malware Problems
  If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
  Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
  The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
  Fix Some Browser Pop-ups That Take Over Safari.
  Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
  Quit Safari
  Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
  Relaunch Safari
  If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
  This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

• Create 2 VLAN (VLAN 1 & VLAN 2)

  Hello all,
  i need help and advice with my new Cisco SF300-48. I want to create 2 vlan (vlan 1 & vlan 2). The switch is set at layer 2.
  example :
  vlan 1 (port 1, 2, 3) , vlan 2 (port 4, 5, 6)
  vlan 1 can communicate each other (port 1, 2, 3) and vlan 2 can communicate each other (port 4, 5, 6)
  But vlan 1 cannot communicate with vlan 2.
  Any help would be appreciated
  Thanks,
  Johan

  Hi Johan,  in a layer 2 environment VLANs are designed to not be able to communicate to each other. For intervlan communication, it requires a layer 3 device.
  If you have the switch with 2 computers connecting on the different VLAN with no other devices connected, vlan 1 talks to vlan 1, vlan 2 talks to vlan 2. A router would have to be able to route between the VLANs. However, the router would have to support 802.1q and either trunk or sub interfaces to make it possible for the VLANs to communicate.
  -Tom
  Please mark answered for helpful posts

• L2TPv3 Ethernet VLAN-to-VLAN Session problem

  Hi all ,
  I had got in trouble with L2TPv3 Ethernet VLAN-to-VLAN Session.
  control tunnel state is up,but session state is down.
  Circuit state is DOWN
  cisco 851 Session state is wait-for-service-selection-icrq,
  cisco 2811 Session state is wait-reply,
  topology：cisco 851 --------cisco 2811
  detail:Attachment

  It Only works in situations where there is more than one Ethernet interface.Check the interface support for these technology and recreate it

• Sudden Ping Drop from Default Gateway in VLAN

  Hi,
  We have a Layer3 Switch 3560 and we have configure multiple VLANs along with SVI on it. We have then cascade layer2 Switches (Cisco 2960) with 3560 by Trunk links. Now we are facing problem on one VLAN that users are in specific VLAN sudden get ping drop from their default gateway (SVI on Cisco 3560) and this problem is not come with all users in that VLAN as just few users in a single time face this problem. When we unplug the systems for few second and reconnect then problem get resolved for few minutes till hours.
  Kindly guide me to resolved this.
  Regards,
  Arshad

  I have also clean the arp cache on users systems by using "'netsh interface ipv4 delete arpcache" but in vain. Now i have perform the below steps and operation is working fine since last 20 hours approx.
  1- Change the First Casade Switch Cisco 2960.
  2- Remove EtherChannel and Change the Backbone port on Cisco 3560 and Cisco 2960.
  3- Connect both switches with single backbone Gig Port.
  4- IOS Version on previous Cisco 2960 switch was IOS 12.2(50)SE3 and the IOS Version on newly installed switch is IOS 12.2(50)SE5

• Vlan 1 (Default) from other VLan not accesible

  Hello at all,
  I have configured a Cisco Nexus 5000 as L 3 Core switch and have now the problem when i try to access an access swicht in VLAN 1 from another Vlan or from outside i get no answer. When I connect a PC on a Interface of the access switch everything is working. Did anybody have a idea?
  Matthias

  Hi,
  did you configure the nexus as default gateway on the access switch ?
  Regards
  Alain
  Don't forget to rate helpful posts.

• Two SSIDs; different VLANs; second VLAN can't talk to Internet

  I've got an ASA 5505 firewall with internal interface 192.168.65.1 on port 1 and a WAP connected to port 5 with the address 10.10.1.1. The WAP has two SSIDs configured; one is on VLAN 1 and the other on VLAN 14. The firewall has port 5 configured as a trunk for VLAN 1,14 and the interface was configured a VLAN 14.
  If I connect to the WAP using the SSID on VLAN 1 I get an address of 192.168.x.x from our internal DHCP server and have full connectivity to the internal and external networks. If I connect to the SSID on VLAN 14 I get an address of 10.10.1.x from the firewall DHCP server but am unable to connect to anything.
  When connecting to the SSID on VLAN 14 I want to be able to access the external interface but not anything internally. I have configured a firewall access rule to allow 10.10.1.0/24 to outside and deny 10.10.1.0/24 to 192.168.0.0/16 but this hasn't worked.
  Any ideas?

  You need to configure an IP helper on the appropriate VLAN interface(s). Routers, by default, will not forward broadcast packets. Since DHCP client messages use the destination IP address of 255.255.255.255 (all Nets Broadcast), DHCP clients will not be able to send requests to a DHCP server on a different subnet unless the DHCP/BootP Relay Agent is configured on the router. The DHCP/BootP Relay Agent will forward DHCP requests on behalf of a DHCP client to the DHCP server. The DHCP/BootP Relay Agent will append its own IP address to the source IP address of the DHCP frames going to the DHCP server. This allows the DHCP server to respond via unicast to the DHCP/BootP Relay Agent. The DHCP/BootP Relay Agent will also populate the Gateway IP address field with the IP address of the interface on which the DHCP message is received from the client. The DHCP server uses the Gateway ip address field to determine the subnet from which the DHCPDISCOVER, DHCPREQUEST, or DHCPINFORM message originates.
  See more at the following document, with configuration steps and examples:
  http://www.cisco.com/warp/public/473/100.html#configdhcpbootpciscoios

• RV042 VLAN to VLAN access?

  I have 2 VLANs set up and I know they are set as default to not allow one to communicate to the other.  Is there a way to set a rule to allow that?  I'd like VLAN1 to be able to access VLAN2, but not the other way around.

  The port-based VLAN feature of RV042 does not allow different VLANs to communicate with each other.
  To support your scenario, you could try configuring multiple subnets under the Setup>Network page, and then configure Access Rules to restrict the traffic between the multiple subnets.

• WPA321 VLAN / Management VLAN

  Hey all,
  i have a Network with multiple VLANs, VLAN 19-23 is for the WLAN (one per floor) because of security Reasons. All Switches got 192.168.1.xx IP Adresses. The VLANS have 192.168.19.xx to 192.168.23.xx So my WPA321 for example has the IP 192.168.19.2 (WIth VLAN 19 for WLAN Traffic) How can i set it up the way that the clients get the 192.168.19.xx IPs but the Router itself lies on the 192.168.1.xx network?
  Thanks in advance!

  Are you talking about an autonomous AP right?
  With regards to your case, you need to configure using the MBSSID setup, 
  ASSUME: VLAN20 MGMT VLAN
  dot11 ssid VLAN119
    vlan 19
    authentication open    -just a sample, configure as you desire
    mbssid guest-mode
  interface dot11radio 0
    ssid VLAN19
    mbssid
    bridge-group 1        -already default, but just in case
  interface dot11radio 0.19
    encapsulation dot1q 19
    bridge-group 2
  interface gig0/0
    encapsulation dot1q 19
    bridge group 2
  interface bvi 1
    ip address 10.10.19.10 255.255.255.0  -ip mgmt of AP
  AT SWITCH
  interface f0/1
    switchport mode trunk
    switchport trunk native vlan 20  
  pretty much explainable your WLAN traffic gets tag with VLAN19 and since the native vlan is 20, 
  well you guessed it you can manage your AP

• RV220W - VLAN 2 VLAN single port access

  Hi
  I just bought Cisco RV220W router, and i have some problems connecting VLANs.
  I have 2 vlans on my network. Now i would like to leave those 2 vlans seperate, so that nobody can go from one vlan to another.
  But i want 3 exceptions.
  1.) access from VLAN1 (default vlan) to a server (192.168.10.2) on VLAN10 port 3389 (RDP).
  2.) access from VLAN10 to a server (10.10.10.3) on VLAN1 (default vlan) port 62000.
  3.) allow ping from VLAN10 to a server (10.10.10.3) on VLAN1 (default vlan).
  Thanks for all your help in advance.
  Bostjan

  cool
  and when can we expect the next firmware release?
  (can i get a beta version of this firmware?)
  Bostjan

• RVS4000 V1 tracks some VLAN to VLAN connections backwards

  Firmware         V1.3.3.5
  Operation Mode:        Gateway
  VLANs:             4, one per LAN subnet
  Inter-VLAN Routing:     Enabled
  I've got all of the management interfaces of the infrastructure devices
  (switches, UPS,WAPs) on the default VLAN 1 that is configured on as untagged on
  all relevant ports. I've noticed that the router will track most of the routed
  connections from the non-default VLANs to devices on the devices on the default
  VLAN backwards, where the destination is listed as the source and vice versa,
  often with the SYN_SENT state instead of ESTABLISHED as reported by the source
  host.
  I get this information from the IP Conntrack view launched from the
  Status/Gateway screen. This is how a telnet connection from a computer on the
  guest VLAN 3, subnet 10.0.89.0/24 to the default mgmt VLAN 1, subnet
  192.168.75.0 looks in IP Conntrack
  Basic Information                 Original Direction                             Reply Direction
  Protocol     Life Time     State         Source IP     Source Port     Destination IP     Destination Port     Source IP     Source Port    Destination IP     Destination Port
  TCP         44         SYN_SENT     192.168.75.98     23         10.0.89.2     50196             10.0.89.2     50196         192.168.75.98     23
  Also, there are corresponding entries in the router's access log. 
  Jan 29 22:26:00 - [Access Log]I TCP Packet - 192.168.75.98:23 --> 10.0.89.2:50196
  Notice that it  is incoming as expected as opposed to outgoing (to the WAN port).
  I know that these are routed connections, for when I turn off Inter-VLAN
  Routing, I cannot make any connections from on VLAN subnet to another.
  This reversed connection tracking anomaly is causing the firewall ACLs that I have
  implemented to block traffic from the guest VLAN (3) to the default
  (infrastructure) VLAN to not work, since ACLs are defined based on source IP
  and destination IP. Connections to other VLANs other than the default appear as expected
  in the access log and the IP Conntrack view.
  Is this a known bug with the RVS4000 V1?

  Thanks for answer.
  I investigated thread you sent and found there the solution, which can be shorten to one line:
  Setup -> Advanced Routing -> Inter-VLAN Routing -> Disable
  Once more, Many THX
  It works and is solved.