Help with VLANs on ASR9001

Hi All,
I have read the exapmles on this forum of setting up vlans but must have missed something.
Im trying to setup Bundle ether 1 to connect to a 3750x on vlan 220, bundle ether 2 will goto a customer (not active yet)
Both the asr and 3750 are reporting port chanel active but i cannot ping end to end
here is my ASR currect (non production) config
lacp system mac e4c7.2243.689c
rp mgmtethernet forwarding
interface Bundle-Ether1
description 2x10GbE Bundle to SecurITon Core
mac-address e4c7.2243.689c
interface Bundle-Ether1.220 l2transport
description -220-
encapsulation dot1q 220
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether2
description 220
bundle minimum-active links 1
l2transport
interface TenGigE0/0/2/0
bundle id 1 mode active
interface TenGigE0/0/2/1
nv
edge
   interface
transceiver permit pid all
interface TenGigE0/0/2/2
bundle id 2 mode active
interface TenGigE0/0/2/3
nv
edge
   interface
interface TenGigE1/0/2/0
bundle id 1 mode active
interface TenGigE1/0/2/1
nv
edge
   interface
transceiver permit pid all
interface TenGigE1/0/2/2
bundle id 2 mode active
interface TenGigE1/0/2/3
nv
edge
   interface
interface BVI220
ipv4 address 172.17.220.2 255.255.255.0
l2vpn
bridge group VLANs
bridge-domain vlan220
   interface Bundle-Ether2
   interface Bundle-Ether1.220
   routed interface BVI220
here is sh int br
               Intf       Intf        LineP              Encap MTU        BW
               Name       State       State               Type (byte)    (Kbps)
              BV220          up          up               ARPA 1514   10000000
                BE1          up          up               ARPA 1514   20000000
            BE1.220          up          up             802.1Q 1518   20000000
                BE2        down        down               ARPA 1514          0
                Nu0          up          up               Null 1500          0
    Mg0/RSP0/CPU0/0          up          up               ARPA 1514    1000000
    Mg0/RSP0/CPU0/1          up          up               ARPA 1514    1000000
          Te0/0/2/0          up          up               ARPA 1514   10000000
          Te0/0/2/1          up          up               ARPA 1514   10000000
          Te0/0/2/2        down        down               ARPA 1514   10000000
          Te0/0/2/3          up          up               ARPA 1514   10000000
    Mg1/RSP0/CPU0/0          up          up               ARPA 1514    1000000
    Mg1/RSP0/CPU0/1          up          up               ARPA 1514    1000000
          Te1/0/2/0          up          up               ARPA 1514   10000000
          Te1/0/2/1          up          up               ARPA 1514   10000000
          Te1/0/2/2        down        down               ARPA 1514   10000000
          Te1/0/2/3          up          up               ARPA 1514   10000000
here is the 3750 x config
vlan 220
name220
Interface vlan 220
description 220
ip address 172.17.220.10 255.255.255.0
interface TenGigabitEthernet1/1/2
description —ASR9001
switchport access vlan 220
switchport mode access
no cdp enable
no cdp tlv server-location
no cdp tlv app
spanning-tree portfast trunk
spanning-tree bpdufilter enable
channel-protocol lacp
channel-group 12 mode active
interface TenGigabitEthernet2/1/2
description —ASR9001
switchport access vlan 220
switchport mode access
no cdp enable
no cdp tlv server-location
no cdp tlv app
spanning-tree portfast trunk
spanning-tree bpdufilter enable
channel-protocol lacp
channel-group 12 mode active
interface Port-channel12
description --ASR9001
switchport access vlan 220
switchport mode access
spanning-tree portfast trunk
spanning-tree bpdufilter enable

Thank you

Similar Messages

Help with VLANs on SG200-18 and two SG200-08 switches

Hi everybody. My apologies but I'm only average at best with my CISCO skills. I have simple setup running a few network devices connected via 3 CISCO switches. It's small office and there are two rooms - one with servers and one with printer and pc's. Each room has 8-port SG200-08 switch.
Router/ firewall is Sonicwall TZ215 and it handles internal routing between VLAN's. Each SG200-08 was connected directly to TZ215 (no SG200-18 yet) and VLANs were working perfectly. Please see diagram below...
Problems started when I added in the middle larger SG200-18 to handle extra devices. Whatever I'm doing wrong but I can't make VLANs work anymore. Something I'm not setting up correctly in SG200-18.
Please help me to setup VLANS here - tagged, untagged, PVID, trunk........ I'm completely lost and already had to reset SG200-18 twice.
My working setup without 18 port switch was like this.
SG200-08 (1)
    g1 Trunk 1     1U,100T
    g2 Trunk 1     1U
    g3 Trunk 1     1U
    g4 Trunk 1     1U
    g5 Trunk 1     1U
    g6 Trunk 1     1U           SERVER3
    g7 Trunk 100   100U      SERVER1
    g8 Trunk 100   100U      SERVER2
SG200-08 (2)
    g1 Trunk 1     1U,50T,200T
    g2 Trunk 1     1U
    g3 Trunk 1     1U
    g4 Trunk 1     1U         PC1A
    g5 Trunk 1     1U         PC1B
    g6 Trunk 50    50U      PC2A
    g7 Trunk 50    50U      PC2B
    g8 Trunk 200   200U    NETWORK PRINTER
Thank you in advance.

Hello,
Small switches would remain untouched but 200-18 needs to have the following settings:
g15 Trunk 1     1U,100T
g16 Trunk 1     1U,50T,200T
g17 Trunk 1     1U,50T,200T
g18 Trunk 1 1U,50T,100T,200T
Sonicwall now would have only one port connected to SG200-18 with settinngs matching port g18 on big switch.
If you notice there is a change as now you would have only 1 port connecting your network to the Sonicwall, would advise you to use port 17 or 18 since they are uplink ports.
If you have tried to connect two ports to big switch STP would block one of the ports.
Let me know how it is going :-)
Aleksandra

Need basic Help - SG300 with vlan and routing

Hi,
i need some basic help with configuring vlan/routing.
Situation:
DSL Router - Cisco 300 - XenServer
192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
goal is, to reach from inside xenserver vms the internet.
vms = 192.168.2.x
gateway ip = 192.168.2.1
what i did:
- configured vlan 102, tagged, with the xenserver port
- configured on xenserver a network with vlan id 102, attached to the vm
- this network is conntected to an external bond
- configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
- automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
any ideas what i misconfigured or whats wrong?
cheers,
-Marco

Hi Tom,
ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
But i cant ping external adresses, error: Destination net unreachable.
My other problem i have, i cant reach any server from outside over router portforwarding.
How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
IPv4 Interface Table
Interface
IP Address Type
IP Address
Mask
Status
VLAN 1
Static
192.168.1.19
255.255.255.0
Valid
Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
when switching to layer 3 mode), but ive to look for the ios commands first.
What else do i missing ?
Thanks a lot,
Marcus

SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
-          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
-          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
-          I created two vlans, in switch, Data and Voice.
-          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
-          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
-          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
-          Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
-          Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
-          Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
            - enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server

How to resolve A VMWare portgroup with VLAN ID 0 cannot be founf on virtual switch vSwitch0.

Hi All,
I have deployed Microsoft private cloud using SCVMM, SCOM, SCCM, SCSM, SCO and SCSM Portal...
Also, i am using cloud service process pack runbooks and offerings for my vm provisioning in VM Ware platform...
After submitted the request vm got created but it is throwing an error in SCVMM jobs:
A VMWare portgroup with VLAN ID 0 cannot be found on virtual switch vSwitch0...
VLAN ID of the existing virtual switch vSwitch is 48 and that we cannot change...also we cannot create a new vswitch in DC...
How can i resolve this error...
Thanks in advance for your help...
Regards,
Sudheesh M A

Hi Alexander,
Thank for answering. I asked custumer to send some config file from the switch. I don´t how complete is this, but, regarding "mls cos" entries, we have:
no aaa new-model
switch 1 provision ws-c2960x-48ts-l
ip domain-name ecs.local
login on-failure trap
login on-success log
vtp mode transparent
mls qos
crypto pki trustpoint TP-self-signed-1837850112
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1837850112
revocation-check none
rsakeypair TP-self-signed-1837850112
interface GigabitEthernet1/0/1
switchport access vlan 235
switchport mode access
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
service-policy input ACCESS_INGRESS
interface GigabitEthernet1/0/2
switchport access vlan 235
switchport mode access
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
service-policy input ACCESS_INGRESS
interface GigabitEthernet1/0/48
switchport access vlan 235
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
service-policy input ACCESS_INGRESS
Is these entries make any sense for the behavior we are facing?
Thanks

Help config vlan and inter routing vlan on 2 switches SF300-24 ???

Dear Cisco!
now we have 2 switches: SF300-24
on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
VLAN ID 2 (ports: 2 -6) have ip interface 192.168.2.254/24
VLAN ID 3 (ports: 7 - 10) have ip interface 192.168.3.254/24
VLAN ID 4 (ports 11- 15 ) have ip interface 192.168.4.254/24
and VLAN 1 default have IP address: 192.168.1.200
DHCP relay - DHCP server 192.168.3.1
- DHCP relay: VLAN2; VLAN3; VLAN4
ip route: 0.0.0.0 0.0.0.0 192.168.3.1
all ports of VLAN2, VLAN3, VLAN4 set access mode.
and another SF300-24
was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports 2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
Could you please help me check this situation?
How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
Thanks!
See you soon!

Son Nquyen,
First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
Thanks,
Jasbryan.

Help with a simple 1811 configuration

I have a very basic level of understanding with Cisco products and I need help with what should be simple and even doable by me.
I have a Cisco 1811 integrated router and am simply trying to use it on my home network. I can configure the router with an enable secret password, password encryption, VTY, aux, and cons logins with no issues. The router has 2 Ethernet interfaces, 0 and 1 and 8 switch ports.
The idea is to bring Comcast ISP service into one of the Ethernet ports and then have three machines on the switch ports able to access the Internet. Also I have an off-the shelf wireless router that I thought I would just plug that into an available switch port and allow a wireless AP as well.
This is so simply, that I can't believe I can't figure it out, but I can't.
I set int F1 to DHCP, performed a 'no shut', and connected the ISP's router and have an up and up indication. I have setup a static network with my three machines on the switch ports and enabled all applicable ports and have up and up indications - however, no traffic flow, even amongst my static Layer 2 switched LAN - not even a 'ping'. By my understanding of Layer 2, this should work right now, whether the ISP service is working or not - WHAT AM I DOING WRONG?
The addressing scheme I have ended up on is 172.16.1.0/28
Obviously without the first hurdle cleared, of why the switched LAN doesn’t work, I haven't got any deeper. Do I need to configure NAT? I don't think I would need to in the scenario right?
All of my experience, and none at the CCNA level, has been with larger Cisco equipment. One thing I noticed on the 1811 was that when trying to create a new VLAN, it appears to work yet does not do anything and the 'sh vlans' output returns nothing, not even the VLAN1 I can see with 'sh ip int brief".
Anyway, if anyone has time to help a newbie out I would appreciate it; I’m lost.
Thanks,
Josh

Thanks for the help Andrew! You know, I think if this was two separate devices (switch and router) I think I would be up and running, but this integrated stuff is throwing me off, not to mention that the IOS is a much older version (I guess) than what I'm used to.
They were throwing this 1811 in the trash can at work, so I just emptied the trash can. I have no documentation at all but I have since found the 1800 series documentation on Cisco.com and have tried to implement the basic configurations cited; with what seems like success, but still no joy. I did have to recover the password and did so with 0x2142, I bypassed the setup and compared the default configuration with what is listed in the documentation and they DO NOT match; I also tried to go through setup mode with the same indications. Additionally I've also learned that the 1800 series is pre-configured on certain options (DHCP, VLAN), which is new to me - I thought Cisco routers were not configured by default - isn't that kind of the point? (By the way, the below port status may not be correct since I now have all the ports unplugged)
Anyway, here is the 'show run' command, the 'sh ip int brief' command, followed by the 'sh version' command:
Show Run
Casino#sh run
Building configuration...
Current configuration : 2006 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Casino
boot-start-marker
boot-end-marker
enable secret 5 $1$meWw$nsMTp6US7axi/uE0MWULK.
enable password 7 06535E741C1B584C55
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.1.1
ip dhcp pool Casino
   import all
   network 172.16.1.0 255.255.255.240
   default-router 67.165.208.1
   dns-server 68.87.89.150
   domain-name hsd1.co.comcast.net
no ip domain lookup
ip domain name GinRummy.localhost
ip name-server 68.87.85.102
ip name-server 68.87.69.150
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
multilink bundle-name authenticated
archive
log config
hidekeys
interface Loopback0
ip address 172.16.1.1 255.255.255.240
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp authentication chap
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat pool Casino 172.16.1.2 172.16.1.14 netmask 255.255.255.240
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit 172.16.1.0 0.0.0.15
dialer-list 1 protocol ip permit
control-plane
line con 0
password 7 080E5916584B4442435E5C
login
line aux 0
password 7 013C135C0A59475A70191E
login
line vty 0 4
password 7 09635B51485756475A5954
login
end
Show IP Interface Brief
Casino#sh ip int brief
Interface                  IP-Address      OK? Method Status                Prl
FastEthernet0              unassigned      YES NVRAM administratively down do
FastEthernet1              unassigned      YES DHCP   up                    do
BRI0                       unassigned      YES NVRAM administratively down do
BRI0:1                     unassigned      YES unset administratively down do
BRI0:2                     unassigned      YES unset administratively down do
FastEthernet2              unassigned      YES unset up                    do
FastEthernet3              unassigned      YES unset up                    do
FastEthernet4              unassigned      YES unset up                    do
FastEthernet5              unassigned      YES unset up                    do
FastEthernet6              unassigned      YES unset up                    do
FastEthernet7              unassigned      YES unset up                    do
FastEthernet8              unassigned      YES unset up                    do
FastEthernet9              unassigned      YES unset up                    up
Vlan1                      unassigned      YES NVRAM up                    up
Loopback0                  172.16.1.1      YES manual up                    up
Dialer0                    unassigned      YES manual up                    up
NVI0
'show version'
Casino#sh ver
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15))
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 24-Jan-08 13:05 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YH12, RELEASE SOFTWARE (fc1)
Casino uptime is 52 minutes
System returned to ROM by reload at 17:09:25 UTC Fri Jul 1 2011
System image file is "flash:c181x-advipservicesk9-mz.124-15.T3.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 1812 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of m.
Processor board ID FHK120622J3, with hardware revision 0000
10 FastEthernet interfaces
1 ISDN Basic Rate interface
31488K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Thanks again for your help,
Josh

Help with some ACLs for VACL

I need some help with acls for a vacl. Goal - have the 1.1.1.0/24 subnet only communicate with certain IP.
So, they cannot get out to anywhere else and no one except that IP can get in.
Here is what I have so far:
access-list acl1 permit tcp 1.1.1.0 255.255.255.0 host 1.2.3.4
access-list acl1 permit tcp host 1.2.3.4 1.1.1.0 255.255.255.0
access-list acl1 ip 1.1.1.0 255.255.255.0 any log
access-list acl1 ip deny any any log
vlan access-map vacl1 1
match ip address set acl1
action forward
exit
vlan filter vacl1 vlan-list 11
Will this work as I expect it to?
Thanks for any help

Hi,
I implemented this on my 6509 and it didn't work. I even modified it to look like the following and it didn't work (I could RDP to one of the boxes on that the subnet).
ip access-list extended rapt_acl
deny ip any any
deny tcp any any
deny udp any any
vlan access-map rapt_vacl 10
match ip address set rapt_acl
action forward
vlan filter rapt_vacl vlan-list 90
Any thoughts what I may be missing?

How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .

How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .

Hi Ramy,
As a work around , you can create a VM without installing OS and configure the Vlan of VNic , then export it .
The new VM will be with Vlan ID when you import the "export file".(note : you need to select "copy the virtual machine " in the tab "choose import type" during importing ) .
Hope this helps
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Two srw switches with vlans and pfsense gatway

Hi,
I've got a bit of a problem that a can't seem to get a handle of things.
I've got two srw 48 port switches that I would like to link together and then on to the pfsense box.
First I'd like to connect the two switches to see if everything works and then on connect the pfsense box.
Now I would be very great full if someone with a bit more experience with VLANs would be so kind to walk me trough the procedure of creating VLANs, configuring them to ports on the switch and connecting the whole thing to another switch.
This is what I've done so fare.
1. I created 3 VLANs on both switches (VLAN2-office,VLAN3-WiFi, VLAN5-VoIP). I've created these VLANs with the same tags on all the devices.
2. I configured the ports that connect the switches as trunk. (I can't seem to be able to configure anything else on this port. Is there something else I should configure on these ports?)
Now as fare as I understand the documentation the VLANs on each switch should now see each other.
I'm still not sure on how to configure a physical port to one VLAN. After creating the VLANs on both switches and connecting them trough the trunk port I set ports 10-20 to VLAN2 by going to VLAN Management -> Ports to VLAN I selected VLAN2 and marked ports general and untagged and saved the settings. I repeated the procedure on the other switch. Now if I stuck my network cable into one of this ports I didn't get an IP anymore form the DHCP witch means that they were on a different VLAN than the other ports so I setup another router to act as a test DHCP with a different IP range as the main DHCPto see if it works. Now when I connectedthe test router to one of the ports in VLAN2 and my PC to the same VLAN2 port I got the test IP no problem. But when I connected the PC to the other switch VLAN2 port nothing happened until I connected the test DHCP to one of the VLAN2 ports. So clearly the switch VLANs are not communicating.
Now I don't know did I forget something, made a mistake with some setting or I just don't know what I'm doing because I think I need to get the VLANs between switches working before tackling the pfsense connection.
I would be really great full if someone explains to me how to set these VLANs up so that they would work between switches.
Thank you for your help.

Hi,
I was successful and I did exactly that. I put all VLANs on trunk ports and the switch to switch to pfSense started to work.
The only thing that gave me some problems was the end port(port connecting to the device pc, phone, printer) configuration. I was under the impression that the port was supposed to be in general mode and tagged. But I figured out that the port is supposed to be in access mode and untagged and only a member of one VLAN(the one I wanted it to connect to).
Anyway all is working now and I've figured out all the kinks.
So thanks guys for the help.
Nice day to all.
Bye

Help with simple interVlan routing on L3 switch

Hi all - I just can't get my head around this really simple interVlan routing issue. I have two VLANs (1 & 6) on a 3560 L3 switch. I simply need to route between them. Here is how I have it set up:
Firewall is the VLAN1 client's default gateway:
10.10.22.1 /255.255.255.0
3560switch config:
ip subnet-zero
ip routing
VLAN1:
(hosts on 10.10.22.x/255.255.255.0; gateway 10.10.22.1)
int vlan1
ip address 10.10.22.254 255.255.255.0
no shutdown
VLAN6: (hosts on 192.168.25.x/255.255.255.0; gateway 192.168.25.1)
ip address 192.168.25.1 255.255.255.0
no shutdown
ip classless
int gi0/31 (an available unused port)
no switchport
ip address ?.?.?.?
no shutdown
Is the issue that all my 10.10.22.x clients are going to 10.10.22.1 trying to find 192.168.25.x, when they would need to go to 10.10.22.254; then the switch should have an ip route of 0.0.0.0 0.0.0.0 10.10.22.1? Then give the router on gi0/31 the 10.10.22.254 address?
(as a side note, it would be easier for me to change the gateway's IP than to change each VLAN1 client's IP.)
Thanks for any help!

Hi all - I just can't get my head
around this really simple interVlan routing issue. I have two VLANs (1
& 6) on a 3560 L3 switch. I simply need to route between them.
Here is how I have it set up:Firewall is the VLAN1 client's default gateway:
10.10.22.1 /255.255.255.03560switch config:
ip subnet-zero
ip routingVLAN1:
(hosts on 10.10.22.x/255.255.255.0; gateway 10.10.22.1)
int vlan1
ip address 10.10.22.254 255.255.255.0
no shutdownVLAN6: (hosts on 192.168.25.x/255.255.255.0; gateway 192.168.25.1)
ip address 192.168.25.1 255.255.255.0
no shutdownip classlessint gi0/31 (an available unused port)
no switchport
ip address ?.?.?.?
no shutdown***Is
the issue that all my 10.10.22.x clients are going to 10.10.22.1 trying
to find 192.168.25.x, when they would need to go to 10.10.22.254; then
the switch should have an ip route of 0.0.0.0 0.0.0.0 10.10.22.1? Then
give the router on gi0/31 the 10.10.22.254 address?(as a side note, it would be easier for me to change the gateway's IP than to change each VLAN1 client's IP.)Thanks for any help!
Hi,
With the above configuuration vlan 1 users will be going to firewll and if they want to reach vlan 6 firewall should have rule to permit for vlan 6 subnet and route towards vlan 6 interface and which is not there is your network.
Just clarify few things you want firewall to come into picture for every traffic which goes between vlan or not and in interface gi0/31 you will be connecting router also is this router is sending traffic to outside world if yes then you need to change some design configuration to route tha traffic from vlans to outside world.
If you want only inter vlan routing between vlan 1 and vlan 6 via firewall then make another zone in firewall and place that in vlan 6 with ip address as given in vlan 1 so that vlan 6 users can point traffic towards vlan 6 interface of firewall and in firewall just permit the vlan 6 communication with vlan 1 and drop a route for vlan 6 towards switch vlan 6 interface.
and if between vlans you dont want firewall to come into picture then the best is create three vlan one for vlan 1,vlan 6 and outside vlan between router and firewall and drop a default route towards firewall.In this case inter vlan routing will be taken care by switch and traffic towards outside world will scaaned as per rule given in firewall.
Hope to help
If helpful do rate the post
Ganesh.H

ISM with NAT44 - Need help with configuration

Hello everyone,
I'm trying to set up NAT44 in the following scenario below and I'm having a hard time figuring out how to redirect the traffic. As you can see the big problem is that I have one single interface that connects to the internal network (10.0.0.0/8) and also to the tunnel destinations all in the same VRF. Can you guys give me a hand? The trafiic comes from network network 10.0.0.0/8 enters interface bundle-ether 2 (Now it needs to be translated), once it is translated, now it needs to reach the destination known via GRE tunnel.
Configurations
vrf NAT_IN
address-family ipv4 unicast
vrf BLUE
address-family ipv4 unicast
hw-module service cgn location 0/3/CPU0
interface Bundle-Ether2
description UPLINK TO METRO ETHERNET
interface Bundle-Ether2.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet200/0/0/43
description LINK TO METRO ETHERNET
bundle id 2 mode active
interface GigabitEthernet300/0/0/43
description LINK TO METRO ETHERNET
bundle id 2 mode active
interface BVI2
description METRO
vrf BLUE
ipv4 address 100.0.0.10/24
interface tunnel-ip 101
description GRE_TUNNEL
vrf BLUE
ipv4 address 1.1.1.1/32
tunnel mode gre ipv4
tunnel source interface bvi 2
tunnel destination 200.0.0.1
interface BVI 100
vrf BLUE
ipv4 address [GATEWAY_100] [MASK_100]
interface BVI 200
vrf BLUE
ipv4 address [GATEWAY_200] [MASK_200]
interface BVI 300
vrf BLUE
ipv4 address [GATEWAY_300] [MASK_300]
interface ServiceApp1
vrf NAT_IN
ipv4 address 10.0.2.1 255.255.255.252
service cgn CGN service-type nat44
interface ServiceApp2
vrf BLUE
ipv4 address 10.0.2.2 255.255.255.252
service cgn CGN service-type nat44
interface ServiceInfra1
ipv4 address 10.0.3.1 255.255.255.0
service-location 0/3/CPU0
router static
address-family ipv4 unicast
vrf NAT_IN
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
10.0.0.0/8 vrf BLUE bvI 2 <NEXT HOP>
vrf BLUE
address-family ipv4 unicast
172.16.0.0/24 ServiceApp2
router ospf METRO
vrf BLUE
router-id [ROUTER_ID]
redistribute bgp 65500 metric 100
area 0
interface bvi 2
router ospf BLUE
vrf BLUE
router-id [ROUTER ID]
redistribute bgp 65500 metric 100
area 10
interface BVI100
interface BVI200
interface BVI200
router bgp 65500
address-family ipv4 unicast
address-family vpnv4 unicast
vrf BLUE
rd 65500:2
address-family ipv4 unicast
redistribute static
redistribute ospf BLUE
neighbor 1.1.1.2
remote-as 64512
ebgp-multihop 5
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
service cgn CGN
service-location preferred-active 0/3/CPU0
service-type nat44 nat44
portlimit 20000
inside-vrf NAT_IN
map outside-vrf BLUE address-pool 172.16.0.0/24
Thanks in advance,
Renato

Hi Somnath,
Let's see if you can help with this new scenario. I want to extend this NAT configuration to a new site (BO1), but instead of using this entire setup with ASR9K, etc, I just want to use ASR9000v module and have this AS9K + ISM as the host. The first problem I see in this scenario is that I have the same 10.0.0.0/8 network in both sites, network which will access the same resources as the devices in the 10.0.0.0/8 in the main site.
1) Do you think if I create a new inside VRF [NAT_IN1] would address this issue?
2) Can I use the same outside VRF?
Here is the configurations.
!! IOS XR Configuration 4.3.1
vrf NAT_IN
address-family ipv4 unicast
import route-target
   65500:2
   65500:3
export route-target
   65500:3
vrf RED
address-family ipv4 unicast
import route-target
   65500:1
export route-target
   65500:1
vrf NAT_OUT
address-family ipv4 unicast
import route-target
   65500:4
export route-target
   65500:4
vrf SATELLITE
vrf BLUE
address-family ipv4 unicast
import route-target
   65500:2
export route-target
   65500:2
hw-module service cgn location 0/3/CPU0
ipv4 access-list ABF
5 permit ospf any any
10 permit ipv4 any 10.200.0.0 0.0.255.255 nexthop1 vrf NAT_IN ipv4 10.0.2.2
20 permit icmp any any
interface Bundle-Ether3
description Uplink (BE3 - VRF NAT_IN) - VLAN 20
vrf NAT_IN
ipv4 address 1.1.1.1 255.255.255.0
ipv4 access-group ABF ingress
interface Bundle-Ether22
description LOOPBACK CABLE NAT_OUT
vrf NAT_OUT
ipv4 address 10.0.1.1 255.255.255.0
interface Bundle-Ether23
description LOOPBACK CABLE BLUE
vrf BLUE
ipv4 address 10.0.1.2 255.255.255.0
interface 6
description Uplink (BE6 - Global) - VLAN 20,51,80-82
interface 6.2
ipv4 address 1.1.1.2 255.255.255.0
encapsulation dot1q 2
interface 6.51 l2transport
description EFP - BE6 - VLAN 51
encapsulation dot1q 51
rewrite ingress tag pop 1 symmetric
interface 6.80 l2transport
description EFP - BE6 - VLAN 80
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
interface 6.81 l2transport
description EFP - BE6 - VLAN 81
encapsulation dot1q 81
rewrite ingress tag pop 1 symmetric
interface 6.82 l2transport
description EFP - BE6 - VLAN 82
encapsulation dot1q 82
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether100
description Bundle to Satellite 100
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 100
   remote-ports GigabitEthernet 0/0/0-43
interface Bundle-Ether200
description Bundle to Satellite 200
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 200
   remote-ports GigabitEthernet 0/0/0-43
interface Bundle-Ether300
description Bundle to Satellite 300
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 300
   remote-ports GigabitEthernet 0/0/0-35
interface Loopback0
description MGMT SATELLITE
vrf SATELLITE
ipv4 address 10.0.0.254 255.255.255.0
interface tunnel-ip31101
description BLUE-TUNNEL01
vrf BLUE
ipv4 address 10.200.253.90 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 13.13.13.13
interface tunnel-ip31102
description BLUE-TUNNEL02
vrf BLUE
ipv4 address 10.200.253.94 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 14.14.14.14
interface tunnel-ip31103
description RED-TUNNEL03
vrf RED
ipv4 address 10.200.253.90 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 13.13.13.13
interface tunnel-ip31104
description RED-TUNNEL04
vrf RED
ipv4 address 10.200.253.94 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 14.14.14.14
interface TenGigE0/0/0/0
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/0/0/1
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/0/0/2
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/0/0/3
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/0/0/4
description LINK TO SATELLITE 300
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 300
   remote-ports GigabitEthernet 0/0/36-43
interface TenGigE0/0/0/5
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/0/0/16
description UPLINK (BE6 - GLOBAL) - VLAN 20,51,80-82
bundle id 6 mode active
interface TenGigE0/1/0/16
description UPLINK (BE6 - GLOBAL) - VLAN 20,51,80-82
bundle id 6 mode active
interface TenGigE0/0/0/17
description UPLINK (BE3 - VRF NAT_IN) - VLAN 20
bundle id 3 mode active
interface TenGigE0/1/0/17
description UPLINK (BE3 - VRF NAT_IN) - VLAN 20
bundle id 3 mode active
interface TenGigE0/0/0/22
description LOOPBACK CABLE TE0/1/0/22
bundle id 22 mode on
interface TenGigE0/0/0/23
description LOOPBACK CABLE TE0/1/0/23
bundle id 22 mode on
interface TenGigE0/1/0/0
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/1/0/1
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/1/0/2
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/1/0/3
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/1/0/4
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/1/0/5
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/1/0/22
description LOOPBACK CABLE TE0/0/0/22
bundle id 23 mode on
interface TenGigE0/1/0/23
description LOOPBACK CABLE TE0/0/0/23
bundle id 23 mode on
interface BVI30
vrf RED
ipv4 address 10.200.25.193 255.255.255.192
interface BVI31
vrf BLUE
ipv4 address 10.200.1.1 255.255.255.248
interface BVI32
vrf BLUE
ipv4 address 10.200.25.129 255.255.255.224
interface BVI33
vrf BLUE
ipv4 address 10.200.25.1 255.255.255.128
interface BVI36
vrf BLUE
ipv4 address 10.200.237.145 255.255.255.240
interface BVI51
vrf RED
ipv4 address 192.168.7.12 255.255.255.0
interface BVI80
vrf RED
ipv4 address 10.200.26.169 255.255.255.224
interface BVI81
vrf BLUE
ipv4 address 10.200.25.164 255.255.255.240
interface BVI82
vrf BLUE
ipv4 address 10.200.25.180 255.255.255.240
interface ServiceApp1
description NAT_IN
vrf NAT_IN
ipv4 address 10.0.2.1 255.255.255.252
service cgn CGN service-type nat44
interface ServiceApp2
description NAT_OUT
vrf NAT_OUT
ipv4 address 10.0.2.5 255.255.255.252
service cgn CGN service-type nat44
interface ServiceInfra1
description ISM
ipv4 address 10.0.3.1 255.255.255.0
service-location 0/3/CPU0
prefix-set PS_ROUTES
10.200.0.8,
10.200.5.40/29,
10.200.1.0/29,
10.200.5.32/29,
10.200.0.144/28,
10.200.106.0/28,
10.200.106.16/28
end-set
prefix-set PS_BGP_BLUE_OUT
10.200.24.192/26,
10.200.5.40/29,
10.200.240.0/25,
10.200.1.0/29,
10.200.25.128/27,
10.200.25.0/25,
10.200.5.32/29,
10.200.26.0/25,
10.200.0.144/28,
10.200.27.128/27,
10.200.27.0/25,
10.200.106.0/28,
10.200.106.128/25,
10.200.106.16/28,
10.200.107.128/25
end-set
route-policy RP_DENY_ALL
drop
end-policy
route-policy RP_PASS_ALL
pass
end-policy
route-policy RP_BGP_BLUE_OUT
if destination in PS_BGP_BLUE_OUT then
    pass
endif
end-policy
route-policy RP_PASS_ROUTES
if destination in PS_ROUTES then
    pass
endif
end-policy
router static
address-family ipv4 unicast
0.0.0.0/0 1.1.1.20
vrf NAT_IN
address-family ipv4 unicast
   0.0.0.0/0 ServiceApp1
vrf RED
vrf NAT_OUT
address-family ipv4 unicast
   0.0.0.0/0 10.0.1.2
   10.200.24.192/26 ServiceApp2
vrf BLUE
address-family ipv4 unicast
   10.200.24.192/26 10.0.1.1
router ospf
log adjacency changes
vrf NAT_IN
router-id 1.1.1.1
disable-dn-bit-check
redistribute bgp 65500 metric 5 metric-type 2 route-policy RP_PASS_ROUTES
area 7
   interface Bundle-Ether3
router ospf RED
log adjacency changes
vrf RED
router-id 10.200.26.169
disable-dn-bit-check
redistribute bgp 65500 metric 10 metric-type 2
area 11
   interface BVI30
   interface BVI80
router ospf BLUE
log adjacency changes
vrf BLUE
router-id 10.200.25.164
disable-dn-bit-check
redistribute static
redistribute bgp 65500 metric 10 metric-type 2
area 0
   interface BVI81
   interface BVI82
area 2
   interface BVI31
   interface BVI32
   interface BVI33
   interface BVI36
router bgp 65500
address-family ipv4 unicast
address-family vpnv4 unicast
vrf NAT_IN
rd 65500:3
bgp router-id 1.1.1.1
address-family ipv4 unicast
   route-target download
vrf RED
rd 65500:1
bgp router-id 10.200.253.90
address-family ipv4 unicast
   network 10.200.25.192/26
   network 10.200.26.128/27
   network 10.200.26.192/27
   network 10.200.27.192/26
   network 10.200.104.128/27
   network 10.200.104.160/27
neighbor 10.200.253.89
   remote-as 64512
   ebgp-multihop 5
   update-source tunnel-ip31103
   address-family ipv4 unicast
    route-policy RP_PASS_ALL in
    route-policy RP_PASS_ALL out
    soft-reconfiguration inbound
neighbor 10.200.253.93
   remote-as 64512
   ebgp-multihop 5
   update-source tunnel-ip31104
   address-family ipv4 unicast
    route-policy RP_PASS_ALL in
    route-policy RP_PASS_ALL out
    soft-reconfiguration inbound
vrf BLUE
rd 65500:2
bgp router-id 10.200.253.90
address-family ipv4 unicast
   network 10.200.0.144/28
   network 10.200.1.0/29
   network 10.200.5.32/29
   network 10.200.5.40/29
   network 10.200.24.192/26
   network 10.200.25.0/25
   network 10.200.25.128/27
   network 10.200.26.0/25
   network 10.200.27.0/25
   network 10.200.27.128/27
   network 10.200.106.0/28
   network 10.200.106.16/28
   network 10.200.106.128/25
   network 10.200.107.128/25
   network 10.200.240.0/25
neighbor 10.200.253.89
   remote-as 64512
   ebgp-multihop 5
   update-source tunnel-ip31101
   address-family ipv4 unicast
    route-policy RP_PASS_ALL in
    route-policy RP_BGP_BLUE_OUT out
    soft-reconfiguration inbound
neighbor 10.200.253.93
   remote-as 64512
   ebgp-multihop 5
   update-source tunnel-ip31102
   address-family ipv4 unicast
    route-policy RP_PASS_ALL in
    route-policy RP_BGP_BLUE_OUT out
    soft-reconfiguration inbound
l2vpn
load-balancing flow src-dst-ip
bridge group VLAN30
bridge-domain VLAN30
   routed interface BVI30
bridge group VLAN31
bridge-domain VLAN31
   routed interface BVI31
bridge group VLAN32
bridge-domain VLAN32
   routed interface BVI32
bridge group VLAN33
bridge-domain VLAN33
   routed interface BVI33
bridge group VLAN36
bridge-domain VLAN36
   routed interface BVI36
bridge group VLAN51
bridge-domain VLAN51
   routed interface BVI51
bridge group VLAN80
bridge-domain VLAN80
   interface 6.80
   routed interface BVI80
bridge group VLAN81
bridge-domain VLAN81
   interface 6.81
   routed interface BVI81
bridge group VLAN82
bridge-domain VLAN82
   interface 6.82
   routed interface BVI82
nv
satellite 100
type asr9000v
ipv4 address 10.0.0.1
satellite 200
type asr9000v
ipv4 address 10.0.0.2
satellite 300
type asr9000v
ipv4 address 10.0.0.3
service cgn CGN
service-location preferred-active 0/3/CPU0
service-type nat44 nat44
portlimit 20000
inside-vrf NAT_IN
   map outside-vrf NAT_OUT address-pool 10.200.24.192/26
Thanks in advance,
Renato

Cisco/Linksys SLM224G SWITCH: Problem with VLANs

Hi!
I'm trying to set up VLANs in my racks. I have some knowledge about VLANs, but I still can't set it up in my way.
My situation:
I have PC which contains two virtual machines, which has to works as a routers between three networks: LAN1, LAN2, WAN. It's a bit complicated, but I'll try to draw it:
                                                 |-------------|
|----------------------------|                   |           e1|-to-eth1-VM2-----WAN
|VirtualMachine 1        eth0|---trunk-VLAN1&2---|g1         e2|-to-eth0-VM2-----LAN2
|eth0=VLAN1 eth1=VLAN2       |                   |           e3|-to-eth0-VM2-----LAN2 etc.
|                         PC |                   |   SWITCH e4|
|VirtualMachine 2            |                   |           e5|-to-eth1-VM1---wire-to-LAN2
|eth0=VLAN3 eth1=VLAN4   eth1|---trunk-VLAN3&4---|g2         e6|-to-eth0-VM1-----LAN1
|----------------------------|                   |           e7|-to-eth0-VM1-----LAN1 etc.
                                                 |-------------|
gX = Gigabit ports
eX = 100Mbit ports
VMX = Virtual machine number
wire-to = patch-cord connection between ports on the switch
Schema of routing and logical visibility:
LAN1---VM1-----VM2---WAN
              |
LAN2----------|
Important note is that LAN1 and LAN2 has to be separated (visible only through routers). WAN has to be visible only through VM2 for LAN2 and through by VM1 and VM2 for LAN1. It looks easy, but VLANs which I done on that switch seems to doesn't works.
I'm doing this like that:
Step1: VLAN Management / Create VLAN...
Creating VLANs from 1, 2, 3, 4 (numbers doesn't meters right now - I now that number 1 is restricted at the switch).
Step2: VLAN Management / Port to VLAN...
Setting up VLAN1 with ports g1, e5 (both tagged or untagged? - I haven't seen difference)
Setting up VLAN2 with ports g1, e6, e7, etc...
Setting up VLAN3 with ports g2, e2, e3, etc...
Setting up VLAN4 with ports g2, e1
Step3: VLAN Management / Port Setting...
Setting up port e1 to PVID4 (frame type=all I suppose, but what with "ingress filtering"?)
Setting up port e2 to PVID3
Setting up port e3 to PVID3
etc...
Setting up port e5 to PVID1
Setting up port e6 to PVID2
Setting up port e7 to PVID2
etc...
So, on that configuration and on that switch it doesn't work for me
I know that switch is seeing MACs from VLANs which are done by PC's, because when I get in "Admin / Dynamic Address" I can see MACs on correct ports and with correct VLAN ID. So the problem is to forward VLANs on their ports, next clear frames from IDs and let packets go (and back: take clear packets, add VLAN ID and send to gigabits ports).
Showed configuration is the one of many that I tried :/ but I think this one is the best one.
Or maybe I don't know VLANs as I think and that schema is impossible? Please tell me if I' doing sth wrong.
Regards
and waiting for any suggestions,
Lucas

You need to make sure that your VirtualMachine can send tagged frames if the VMs share physical ethernet ports on the host.
I count 4 different LAN segments but you have only 2 physical ports on your PC (router).
And VM2 requires 3 physical connections according to the list below.
Depending on the virtualisation software you can maybe create the connection PVM1 to VM2 internally inside the PC (logical connection)
Are these the connections you require ?
VM1 --- LAN1
VM1 --- VM2
VM2 --- WAN
LAN2 --- VM2
Is this correct ? Will your PC, Virtualisation Software/Hypervisor tag frames with VLAn tags ?
If this is true I can help you configure the switch.
Jo

Help with if statement in cursor and for loop to get output

I have the following cursor and and want to use if else statement to get the output. The cursor is working fine. What i need help with is how to use and if else statement to only get the folderrsn that have not been updated in the last 30 days. If you look at the talbe below my select statement is showing folderrs 291631 was updated only 4 days ago and folderrsn 322160 was also updated 4 days ago.
I do not want these two to appear in my result set. So i need to use if else so that my result only shows all folderrsn that havenot been updated in the last 30 days.
Here is my cursor:
/*Cursor for Email procedure. It is working Shows userid and the string
You need to update these folders*/
DECLARE
a_user varchar2(200) := null;
v_assigneduser varchar2(20);
v_folderrsn varchar2(200);
v_emailaddress varchar2(60);
v_subject varchar2(200);
Cursor c IS
SELECT assigneduser, vu.emailaddress, f.folderrsn, trunc(f.indate) AS "IN DATE",
MAX (trunc(fpa.attemptdate)) AS "LAST UPDATE",
trunc(sysdate) - MAX (trunc(fpa.attemptdate)) AS "DAYS PAST"
--MAX (TRUNC (fpa.attemptdate)) - TRUNC (f.indate) AS "NUMBER OF DAYS"
FROM folder f, folderprocess fp, validuser vu, folderprocessattempt fpa
WHERE f.foldertype = 'HJ'
AND f.statuscode NOT IN (20, 40)
AND f.folderrsn = fp.folderrsn
AND fp.processrsn = fpa.processrsn
AND vu.userid = fp.assigneduser
AND vu.statuscode = 1
GROUP BY assigneduser, vu.emailaddress, f.folderrsn, f.indate
ORDER BY fp.assigneduser;
BEGIN
FOR c1 IN c LOOP
IF (c1.assigneduser = v_assigneduser) THEN
dbms_output.put_line(' ' || c1.folderrsn);
else
dbms_output.put(c1.assigneduser ||': ' || 'Overdue Folders:You need to update these folders: Folderrsn: '||c1.folderrsn);
END IF;
a_user := c1.assigneduser;
v_assigneduser := c1.assigneduser;
v_folderrsn := c1.folderrsn;
v_emailaddress := c1.emailaddress;
v_subject := 'Subject: Project for';
END LOOP;
END;
The reason I have included the folowing table is that I want you to see the output from the select statement. that way you can help me do the if statement in the above cursor so that the result will look like this:
emailaddress
Subject: 'Project for ' || V_email || 'not updated in the last 30 days'
v_folderrsn
v_folderrsn
etc
[email protected]......
Subject: 'Project for: ' Jim...'not updated in the last 30 days'
284087
292709
[email protected].....
Subject: 'Project for: ' Kim...'not updated in the last 30 days'
185083
190121
190132
190133
190159
190237
284109
286647
294631
322922
[email protected]....
Subject: 'Project for: Joe...'not updated in the last 30 days'
183332
183336
[email protected]......
Subject: 'Project for: Sam...'not updated in the last 30 days'
183876
183877
183879
183880
183881
183882
183883
183884
183886
183887
183888
This table is to shwo you the select statement output. I want to eliminnate the two days that that are less than 30 days since the last update in the last column.
Assigneduser....Email.........Folderrsn...........indate.............maxattemptdate...days past since last update
JIM.........      jim@ aol.com.... 284087.............     9/28/2006.......10/5/2006...........690
JIM.........      jim@ aol.com.... 292709.............     3/20/2007.......3/28/2007............516
KIM.........      kim@ aol.com.... 185083.............     8/31/2004.......2/9/2006.............     928
KIM...........kim@ aol.com.... 190121.............     2/9/2006.........2/9/2006.............928
KIM...........kim@ aol.com.... 190132.............     2/9/2006.........2/9/2006.............928
KIM...........kim@ aol.com.... 190133.............     2/9/2006.........2/9/2006.............928
KIM...........kim@ aol.com.... 190159.............     2/13/2006.......2/14/2006............923
KIM...........kim@ aol.com.... 190237.............     2/23/2006.......2/23/2006............914
KIM...........kim@ aol.com.... 284109.............     9/28/2006.......9/28/2006............697
KIM...........kim@ aol.com.... 286647.............     11/7/2006.......12/5/2006............629
KIM...........kim@ aol.com.... 294631.............     4/2/2007.........3/4/2008.............174
KIM...........kim@ aol.com.... 322922.............     7/29/2008.......7/29/2008............27
JOE...........joe@ aol.com.... 183332.............     1/28/2004.......4/23/2004............1585
JOE...........joe@ aol.com.... 183336.............     1/28/2004.......3/9/2004.............1630
SAM...........sam@ aol.com....183876.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183877.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183879.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183880.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183881.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183882.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183883.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183884.............3/5/2004.........3/8/2004............     1631
SAM...........sam@ aol.com....183886.............3/5/2004.........3/8/2004............     1631
SAM...........sam@ aol.com....183887.............3/5/2004.........3/8/2004............     1631
SAM...........sam@ aol.com....183888.............3/5/2004.........3/8/2004............     1631
PAT...........pat@ aol.com.....291630.............2/23/2007.......7/8/2008............     48
PAT...........pat@ aol.com.....313990.............2/27/2008.......7/28/2008............28
NED...........ned@ aol.com.....190681.............4/4/2006........8/10/2006............746
NED...........ned@ aol.com......95467.............6/14/2006.......11/6/2006............658
NED...........ned@ aol.com......286688.............11/8/2006.......10/3/2007............327
NED...........ned@ aol.com.....291631.............2/23/2007.......8/21/2008............4
NED...........ned@ aol.com.....292111.............3/7/2007.........2/26/2008............181
NED...........ned@ aol.com.....292410.............3/15/2007.......7/22/2008............34
NED...........ned@ aol.com.....299410.............6/27/2007.......2/27/2008............180
NED...........ned@ aol.com.....303790.............9/19/2007.......9/19/2007............341
NED...........ned@ aol.com.....304268.............9/24/2007.......3/3/2008............     175
NED...........ned@ aol.com.....308228.............12/6/2007.......12/6/2007............263
NED...........ned@ aol.com.....316689.............3/19/2008.......3/19/2008............159
NED...........ned@ aol.com.....316789.............3/20/2008.......3/20/2008............158
NED...........ned@ aol.com.....317528.............3/25/2008.......3/25/2008............153
NED...........ned@ aol.com.....321476.............6/4/2008.........6/17/2008............69
NED...........ned@ aol.com.....322160.............7/3/2008.........8/21/2008............4
MOE...........moe@ aol.com.....184169.............4/5/2004.......12/5/2006............629
[email protected]/27/2004.......3/8/2004............1631
How do I incorporate a if else statement in the above cursor so the two days less than 30 days since last update are not returned. I do not want to send email if the project have been updated within the last 30 days.
Edited by: user4653174 on Aug 25, 2008 2:40 PM

analytical functions: http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/functions2a.htm#81409
CASE
http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96624/02_funds.htm#36899
http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96624/04_struc.htm#5997
Incorporating either of these into your query should assist you in returning the desired results.

I need help with Sunbird Calendar, how can I transfer it from one computer to the other and to my iphone?

I installed Sunbird in one computer and my calendar has all my infos, events, and task that i would like to see on another computer that i just downloaded Sunbird into. Also, is it possible I can access Sunbird on my iphone?
Thank you in advance,

Try the forum here - http://forums.mozillazine.org/viewforum.php?f=46 - for help with Sunbird, this forum is for Firefox support.

Help with VLANs on ASR9001

Similar Messages

Maybe you are looking for