Help with VLANs on ASR9001
Hi All,
I have read the exapmles on this forum of setting up vlans but must have missed something.
Im trying to setup Bundle ether 1 to connect to a 3750x on vlan 220, bundle ether 2 will goto a customer (not active yet)
Both the asr and 3750 are reporting port chanel active but i cannot ping end to end
here is my ASR currect (non production) config
lacp system mac e4c7.2243.689c
rp mgmtethernet forwarding
interface Bundle-Ether1
description 2x10GbE Bundle to SecurITon Core
mac-address e4c7.2243.689c
interface Bundle-Ether1.220 l2transport
description -220-
encapsulation dot1q 220
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether2
description 220
bundle minimum-active links 1
l2transport
interface TenGigE0/0/2/0
bundle id 1 mode active
interface TenGigE0/0/2/1
nv
edge
interface
transceiver permit pid all
interface TenGigE0/0/2/2
bundle id 2 mode active
interface TenGigE0/0/2/3
nv
edge
interface
interface TenGigE1/0/2/0
bundle id 1 mode active
interface TenGigE1/0/2/1
nv
edge
interface
transceiver permit pid all
interface TenGigE1/0/2/2
bundle id 2 mode active
interface TenGigE1/0/2/3
nv
edge
interface
interface BVI220
ipv4 address 172.17.220.2 255.255.255.0
l2vpn
bridge group VLANs
bridge-domain vlan220
interface Bundle-Ether2
interface Bundle-Ether1.220
routed interface BVI220
here is sh int br
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
BV220 up up ARPA 1514 10000000
BE1 up up ARPA 1514 20000000
BE1.220 up up 802.1Q 1518 20000000
BE2 down down ARPA 1514 0
Nu0 up up Null 1500 0
Mg0/RSP0/CPU0/0 up up ARPA 1514 1000000
Mg0/RSP0/CPU0/1 up up ARPA 1514 1000000
Te0/0/2/0 up up ARPA 1514 10000000
Te0/0/2/1 up up ARPA 1514 10000000
Te0/0/2/2 down down ARPA 1514 10000000
Te0/0/2/3 up up ARPA 1514 10000000
Mg1/RSP0/CPU0/0 up up ARPA 1514 1000000
Mg1/RSP0/CPU0/1 up up ARPA 1514 1000000
Te1/0/2/0 up up ARPA 1514 10000000
Te1/0/2/1 up up ARPA 1514 10000000
Te1/0/2/2 down down ARPA 1514 10000000
Te1/0/2/3 up up ARPA 1514 10000000
here is the 3750 x config
vlan 220
name220
Interface vlan 220
description 220
ip address 172.17.220.10 255.255.255.0
interface TenGigabitEthernet1/1/2
description —ASR9001
switchport access vlan 220
switchport mode access
no cdp enable
no cdp tlv server-location
no cdp tlv app
spanning-tree portfast trunk
spanning-tree bpdufilter enable
channel-protocol lacp
channel-group 12 mode active
interface TenGigabitEthernet2/1/2
description —ASR9001
switchport access vlan 220
switchport mode access
no cdp enable
no cdp tlv server-location
no cdp tlv app
spanning-tree portfast trunk
spanning-tree bpdufilter enable
channel-protocol lacp
channel-group 12 mode active
interface Port-channel12
description --ASR9001
switchport access vlan 220
switchport mode access
spanning-tree portfast trunk
spanning-tree bpdufilter enable
Thank you
Similar Messages
-
Help with VLANs on SG200-18 and two SG200-08 switches
Hi everybody. My apologies but I'm only average at best with my CISCO skills. I have simple setup running a few network devices connected via 3 CISCO switches. It's small office and there are two rooms - one with servers and one with printer and pc's. Each room has 8-port SG200-08 switch.
Router/ firewall is Sonicwall TZ215 and it handles internal routing between VLAN's. Each SG200-08 was connected directly to TZ215 (no SG200-18 yet) and VLANs were working perfectly. Please see diagram below...
Problems started when I added in the middle larger SG200-18 to handle extra devices. Whatever I'm doing wrong but I can't make VLANs work anymore. Something I'm not setting up correctly in SG200-18.
Please help me to setup VLANS here - tagged, untagged, PVID, trunk........ I'm completely lost and already had to reset SG200-18 twice.
My working setup without 18 port switch was like this.
SG200-08 (1)
g1 Trunk 1 1U,100T
g2 Trunk 1 1U
g3 Trunk 1 1U
g4 Trunk 1 1U
g5 Trunk 1 1U
g6 Trunk 1 1U SERVER3
g7 Trunk 100 100U SERVER1
g8 Trunk 100 100U SERVER2
SG200-08 (2)
g1 Trunk 1 1U,50T,200T
g2 Trunk 1 1U
g3 Trunk 1 1U
g4 Trunk 1 1U PC1A
g5 Trunk 1 1U PC1B
g6 Trunk 50 50U PC2A
g7 Trunk 50 50U PC2B
g8 Trunk 200 200U NETWORK PRINTER
Thank you in advance.Hello,
Small switches would remain untouched but 200-18 needs to have the following settings:
g15 Trunk 1 1U,100T
g16 Trunk 1 1U,50T,200T
g17 Trunk 1 1U,50T,200T
g18 Trunk 1 1U,50T,100T,200T
Sonicwall now would have only one port connected to SG200-18 with settinngs matching port g18 on big switch.
If you notice there is a change as now you would have only 1 port connecting your network to the Sonicwall, would advise you to use port 17 or 18 since they are uplink ports.
If you have tried to connect two ports to big switch STP would block one of the ports.
Let me know how it is going :-)
Aleksandra -
Need basic Help - SG300 with vlan and routing
Hi,
i need some basic help with configuring vlan/routing.
Situation:
DSL Router - Cisco 300 - XenServer
192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
goal is, to reach from inside xenserver vms the internet.
vms = 192.168.2.x
gateway ip = 192.168.2.1
what i did:
- configured vlan 102, tagged, with the xenserver port
- configured on xenserver a network with vlan id 102, attached to the vm
- this network is conntected to an external bond
- configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
- automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
any ideas what i misconfigured or whats wrong?
cheers,
-MarcoHi Tom,
ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
But i cant ping external adresses, error: Destination net unreachable.
My other problem i have, i cant reach any server from outside over router portforwarding.
How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
IPv4 Interface Table
Interface
IP Address Type
IP Address
Mask
Status
VLAN 1
Static
192.168.1.19
255.255.255.0
Valid
Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
when switching to layer 3 mode), but ive to look for the ios commands first.
What else do i missing ?
Thanks a lot,
Marcus -
SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN
Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
- Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
- Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
- I created two vlans, in switch, Data and Voice.
- On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
- On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
- On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
- Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
- Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
- Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
- enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server -
How to resolve A VMWare portgroup with VLAN ID 0 cannot be founf on virtual switch vSwitch0.
Hi All,
I have deployed Microsoft private cloud using SCVMM, SCOM, SCCM, SCSM, SCO and SCSM Portal...
Also, i am using cloud service process pack runbooks and offerings for my vm provisioning in VM Ware platform...
After submitted the request vm got created but it is throwing an error in SCVMM jobs:
A VMWare portgroup with VLAN ID 0 cannot be found on virtual switch vSwitch0...
VLAN ID of the existing virtual switch vSwitch is 48 and that we cannot change...also we cannot create a new vswitch in DC...
How can i resolve this error...
Thanks in advance for your help...
Regards,
Sudheesh M AHi Alexander,
Thank for answering. I asked custumer to send some config file from the switch. I don´t how complete is this, but, regarding "mls cos" entries, we have:
no aaa new-model
switch 1 provision ws-c2960x-48ts-l
ip domain-name ecs.local
login on-failure trap
login on-success log
vtp mode transparent
mls qos
crypto pki trustpoint TP-self-signed-1837850112
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1837850112
revocation-check none
rsakeypair TP-self-signed-1837850112
interface GigabitEthernet1/0/1
switchport access vlan 235
switchport mode access
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
service-policy input ACCESS_INGRESS
interface GigabitEthernet1/0/2
switchport access vlan 235
switchport mode access
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
service-policy input ACCESS_INGRESS
interface GigabitEthernet1/0/48
switchport access vlan 235
srr-queue bandwidth share 1 70 25 5
priority-queue out
mls qos trust dscp
service-policy input ACCESS_INGRESS
Is these entries make any sense for the behavior we are facing?
Thanks -
Help config vlan and inter routing vlan on 2 switches SF300-24 ???
Dear Cisco!
now we have 2 switches: SF300-24
on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following
VLAN ID 2 (ports: 2 -6) have ip interface 192.168.2.254/24
VLAN ID 3 (ports: 7 - 10) have ip interface 192.168.3.254/24
VLAN ID 4 (ports 11- 15 ) have ip interface 192.168.4.254/24
and VLAN 1 default have IP address: 192.168.1.200
DHCP relay - DHCP server 192.168.3.1
- DHCP relay: VLAN2; VLAN3; VLAN4
ip route: 0.0.0.0 0.0.0.0 192.168.3.1
all ports of VLAN2, VLAN3, VLAN4 set access mode.
and another SF300-24
was configed at layer 2. We config VLAN ID 2 ̣̣̣have ports 2 -6; VLAN ID 3 ports 7 -10; VLAN ID 4 port 11-15 ,too.
And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.
But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3!!!
Could you please help me check this situation?
How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
Thanks!
See you soon!Son Nquyen,
First i would upgrade to 1.1.8 since the 1.0.0.27 was beta code.
Next when when connecting both switches together each port will need set via Trunk mode with proper native vlan and tagged vlan traffic. What's the configuration of your trunk ports on each switch?
Thanks,
Jasbryan. -
Help with a simple 1811 configuration
I have a very basic level of understanding with Cisco products and I need help with what should be simple and even doable by me.
I have a Cisco 1811 integrated router and am simply trying to use it on my home network. I can configure the router with an enable secret password, password encryption, VTY, aux, and cons logins with no issues. The router has 2 Ethernet interfaces, 0 and 1 and 8 switch ports.
The idea is to bring Comcast ISP service into one of the Ethernet ports and then have three machines on the switch ports able to access the Internet. Also I have an off-the shelf wireless router that I thought I would just plug that into an available switch port and allow a wireless AP as well.
This is so simply, that I can't believe I can't figure it out, but I can't.
I set int F1 to DHCP, performed a 'no shut', and connected the ISP's router and have an up and up indication. I have setup a static network with my three machines on the switch ports and enabled all applicable ports and have up and up indications - however, no traffic flow, even amongst my static Layer 2 switched LAN - not even a 'ping'. By my understanding of Layer 2, this should work right now, whether the ISP service is working or not - WHAT AM I DOING WRONG?
The addressing scheme I have ended up on is 172.16.1.0/28
Obviously without the first hurdle cleared, of why the switched LAN doesn’t work, I haven't got any deeper. Do I need to configure NAT? I don't think I would need to in the scenario right?
All of my experience, and none at the CCNA level, has been with larger Cisco equipment. One thing I noticed on the 1811 was that when trying to create a new VLAN, it appears to work yet does not do anything and the 'sh vlans' output returns nothing, not even the VLAN1 I can see with 'sh ip int brief".
Anyway, if anyone has time to help a newbie out I would appreciate it; I’m lost.
Thanks,
JoshThanks for the help Andrew! You know, I think if this was two separate devices (switch and router) I think I would be up and running, but this integrated stuff is throwing me off, not to mention that the IOS is a much older version (I guess) than what I'm used to.
They were throwing this 1811 in the trash can at work, so I just emptied the trash can. I have no documentation at all but I have since found the 1800 series documentation on Cisco.com and have tried to implement the basic configurations cited; with what seems like success, but still no joy. I did have to recover the password and did so with 0x2142, I bypassed the setup and compared the default configuration with what is listed in the documentation and they DO NOT match; I also tried to go through setup mode with the same indications. Additionally I've also learned that the 1800 series is pre-configured on certain options (DHCP, VLAN), which is new to me - I thought Cisco routers were not configured by default - isn't that kind of the point? (By the way, the below port status may not be correct since I now have all the ports unplugged)
Anyway, here is the 'show run' command, the 'sh ip int brief' command, followed by the 'sh version' command:
Show Run
Casino#sh run
Building configuration...
Current configuration : 2006 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Casino
boot-start-marker
boot-end-marker
enable secret 5 $1$meWw$nsMTp6US7axi/uE0MWULK.
enable password 7 06535E741C1B584C55
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.1.1
ip dhcp pool Casino
import all
network 172.16.1.0 255.255.255.240
default-router 67.165.208.1
dns-server 68.87.89.150
domain-name hsd1.co.comcast.net
no ip domain lookup
ip domain name GinRummy.localhost
ip name-server 68.87.85.102
ip name-server 68.87.69.150
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
multilink bundle-name authenticated
archive
log config
hidekeys
interface Loopback0
ip address 172.16.1.1 255.255.255.240
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp authentication chap
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat pool Casino 172.16.1.2 172.16.1.14 netmask 255.255.255.240
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit 172.16.1.0 0.0.0.15
dialer-list 1 protocol ip permit
control-plane
line con 0
password 7 080E5916584B4442435E5C
login
line aux 0
password 7 013C135C0A59475A70191E
login
line vty 0 4
password 7 09635B51485756475A5954
login
end
Show IP Interface Brief
Casino#sh ip int brief
Interface IP-Address OK? Method Status Prl
FastEthernet0 unassigned YES NVRAM administratively down do
FastEthernet1 unassigned YES DHCP up do
BRI0 unassigned YES NVRAM administratively down do
BRI0:1 unassigned YES unset administratively down do
BRI0:2 unassigned YES unset administratively down do
FastEthernet2 unassigned YES unset up do
FastEthernet3 unassigned YES unset up do
FastEthernet4 unassigned YES unset up do
FastEthernet5 unassigned YES unset up do
FastEthernet6 unassigned YES unset up do
FastEthernet7 unassigned YES unset up do
FastEthernet8 unassigned YES unset up do
FastEthernet9 unassigned YES unset up up
Vlan1 unassigned YES NVRAM up up
Loopback0 172.16.1.1 YES manual up up
Dialer0 unassigned YES manual up up
NVI0
'show version'
Casino#sh ver
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15))
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 24-Jan-08 13:05 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YH12, RELEASE SOFTWARE (fc1)
Casino uptime is 52 minutes
System returned to ROM by reload at 17:09:25 UTC Fri Jul 1 2011
System image file is "flash:c181x-advipservicesk9-mz.124-15.T3.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 1812 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of m.
Processor board ID FHK120622J3, with hardware revision 0000
10 FastEthernet interfaces
1 ISDN Basic Rate interface
31488K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Thanks again for your help,
Josh -
I need some help with acls for a vacl. Goal - have the 1.1.1.0/24 subnet only communicate with certain IP.
So, they cannot get out to anywhere else and no one except that IP can get in.
Here is what I have so far:
access-list acl1 permit tcp 1.1.1.0 255.255.255.0 host 1.2.3.4
access-list acl1 permit tcp host 1.2.3.4 1.1.1.0 255.255.255.0
access-list acl1 ip 1.1.1.0 255.255.255.0 any log
access-list acl1 ip deny any any log
vlan access-map vacl1 1
match ip address set acl1
action forward
exit
vlan filter vacl1 vlan-list 11
Will this work as I expect it to?
Thanks for any helpHi,
I implemented this on my 6509 and it didn't work. I even modified it to look like the following and it didn't work (I could RDP to one of the boxes on that the subnet).
ip access-list extended rapt_acl
deny ip any any
deny tcp any any
deny udp any any
vlan access-map rapt_vacl 10
match ip address set rapt_acl
action forward
vlan filter rapt_vacl vlan-list 90
Any thoughts what I may be missing? -
How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .
How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .
Hi Ramy,
As a work around , you can create a VM without installing OS and configure the Vlan of VNic , then export it .
The new VM will be with Vlan ID when you import the "export file".(note : you need to select "copy the virtual machine " in the tab "choose import type" during importing ) .
Hope this helps
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Two srw switches with vlans and pfsense gatway
Hi,
I've got a bit of a problem that a can't seem to get a handle of things.
I've got two srw 48 port switches that I would like to link together and then on to the pfsense box.
First I'd like to connect the two switches to see if everything works and then on connect the pfsense box.
Now I would be very great full if someone with a bit more experience with VLANs would be so kind to walk me trough the procedure of creating VLANs, configuring them to ports on the switch and connecting the whole thing to another switch.
This is what I've done so fare.
1. I created 3 VLANs on both switches (VLAN2-office,VLAN3-WiFi, VLAN5-VoIP). I've created these VLANs with the same tags on all the devices.
2. I configured the ports that connect the switches as trunk. (I can't seem to be able to configure anything else on this port. Is there something else I should configure on these ports?)
Now as fare as I understand the documentation the VLANs on each switch should now see each other.
I'm still not sure on how to configure a physical port to one VLAN. After creating the VLANs on both switches and connecting them trough the trunk port I set ports 10-20 to VLAN2 by going to VLAN Management -> Ports to VLAN I selected VLAN2 and marked ports general and untagged and saved the settings. I repeated the procedure on the other switch. Now if I stuck my network cable into one of this ports I didn't get an IP anymore form the DHCP witch means that they were on a different VLAN than the other ports so I setup another router to act as a test DHCP with a different IP range as the main DHCPto see if it works. Now when I connectedthe test router to one of the ports in VLAN2 and my PC to the same VLAN2 port I got the test IP no problem. But when I connected the PC to the other switch VLAN2 port nothing happened until I connected the test DHCP to one of the VLAN2 ports. So clearly the switch VLANs are not communicating.
Now I don't know did I forget something, made a mistake with some setting or I just don't know what I'm doing because I think I need to get the VLANs between switches working before tackling the pfsense connection.
I would be really great full if someone explains to me how to set these VLANs up so that they would work between switches.
Thank you for your help.Hi,
I was successful and I did exactly that. I put all VLANs on trunk ports and the switch to switch to pfSense started to work.
The only thing that gave me some problems was the end port(port connecting to the device pc, phone, printer) configuration. I was under the impression that the port was supposed to be in general mode and tagged. But I figured out that the port is supposed to be in access mode and untagged and only a member of one VLAN(the one I wanted it to connect to).
Anyway all is working now and I've figured out all the kinks.
So thanks guys for the help.
Nice day to all.
Bye -
Help with simple interVlan routing on L3 switch
Hi all - I just can't get my head around this really simple interVlan routing issue. I have two VLANs (1 & 6) on a 3560 L3 switch. I simply need to route between them. Here is how I have it set up:
Firewall is the VLAN1 client's default gateway:
10.10.22.1 /255.255.255.0
3560switch config:
ip subnet-zero
ip routing
VLAN1:
(hosts on 10.10.22.x/255.255.255.0; gateway 10.10.22.1)
int vlan1
ip address 10.10.22.254 255.255.255.0
no shutdown
VLAN6: (hosts on 192.168.25.x/255.255.255.0; gateway 192.168.25.1)
ip address 192.168.25.1 255.255.255.0
no shutdown
ip classless
int gi0/31 (an available unused port)
no switchport
ip address ?.?.?.?
no shutdown
Is the issue that all my 10.10.22.x clients are going to 10.10.22.1 trying to find 192.168.25.x, when they would need to go to 10.10.22.254; then the switch should have an ip route of 0.0.0.0 0.0.0.0 10.10.22.1? Then give the router on gi0/31 the 10.10.22.254 address?
(as a side note, it would be easier for me to change the gateway's IP than to change each VLAN1 client's IP.)
Thanks for any help!Hi all - I just can't get my head
around this really simple interVlan routing issue. I have two VLANs (1
& 6) on a 3560 L3 switch. I simply need to route between them.
Here is how I have it set up:Firewall is the VLAN1 client's default gateway:
10.10.22.1 /255.255.255.03560switch config:
ip subnet-zero
ip routingVLAN1:
(hosts on 10.10.22.x/255.255.255.0; gateway 10.10.22.1)
int vlan1
ip address 10.10.22.254 255.255.255.0
no shutdownVLAN6: (hosts on 192.168.25.x/255.255.255.0; gateway 192.168.25.1)
ip address 192.168.25.1 255.255.255.0
no shutdownip classlessint gi0/31 (an available unused port)
no switchport
ip address ?.?.?.?
no shutdown***Is
the issue that all my 10.10.22.x clients are going to 10.10.22.1 trying
to find 192.168.25.x, when they would need to go to 10.10.22.254; then
the switch should have an ip route of 0.0.0.0 0.0.0.0 10.10.22.1? Then
give the router on gi0/31 the 10.10.22.254 address?(as a side note, it would be easier for me to change the gateway's IP than to change each VLAN1 client's IP.)Thanks for any help!
Hi,
With the above configuuration vlan 1 users will be going to firewll and if they want to reach vlan 6 firewall should have rule to permit for vlan 6 subnet and route towards vlan 6 interface and which is not there is your network.
Just clarify few things you want firewall to come into picture for every traffic which goes between vlan or not and in interface gi0/31 you will be connecting router also is this router is sending traffic to outside world if yes then you need to change some design configuration to route tha traffic from vlans to outside world.
If you want only inter vlan routing between vlan 1 and vlan 6 via firewall then make another zone in firewall and place that in vlan 6 with ip address as given in vlan 1 so that vlan 6 users can point traffic towards vlan 6 interface of firewall and in firewall just permit the vlan 6 communication with vlan 1 and drop a route for vlan 6 towards switch vlan 6 interface.
and if between vlans you dont want firewall to come into picture then the best is create three vlan one for vlan 1,vlan 6 and outside vlan between router and firewall and drop a default route towards firewall.In this case inter vlan routing will be taken care by switch and traffic towards outside world will scaaned as per rule given in firewall.
Hope to help
If helpful do rate the post
Ganesh.H -
ISM with NAT44 - Need help with configuration
Hello everyone,
I'm trying to set up NAT44 in the following scenario below and I'm having a hard time figuring out how to redirect the traffic. As you can see the big problem is that I have one single interface that connects to the internal network (10.0.0.0/8) and also to the tunnel destinations all in the same VRF. Can you guys give me a hand? The trafiic comes from network network 10.0.0.0/8 enters interface bundle-ether 2 (Now it needs to be translated), once it is translated, now it needs to reach the destination known via GRE tunnel.
Configurations
vrf NAT_IN
address-family ipv4 unicast
vrf BLUE
address-family ipv4 unicast
hw-module service cgn location 0/3/CPU0
interface Bundle-Ether2
description UPLINK TO METRO ETHERNET
interface Bundle-Ether2.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet200/0/0/43
description LINK TO METRO ETHERNET
bundle id 2 mode active
interface GigabitEthernet300/0/0/43
description LINK TO METRO ETHERNET
bundle id 2 mode active
interface BVI2
description METRO
vrf BLUE
ipv4 address 100.0.0.10/24
interface tunnel-ip 101
description GRE_TUNNEL
vrf BLUE
ipv4 address 1.1.1.1/32
tunnel mode gre ipv4
tunnel source interface bvi 2
tunnel destination 200.0.0.1
interface BVI 100
vrf BLUE
ipv4 address [GATEWAY_100] [MASK_100]
interface BVI 200
vrf BLUE
ipv4 address [GATEWAY_200] [MASK_200]
interface BVI 300
vrf BLUE
ipv4 address [GATEWAY_300] [MASK_300]
interface ServiceApp1
vrf NAT_IN
ipv4 address 10.0.2.1 255.255.255.252
service cgn CGN service-type nat44
interface ServiceApp2
vrf BLUE
ipv4 address 10.0.2.2 255.255.255.252
service cgn CGN service-type nat44
interface ServiceInfra1
ipv4 address 10.0.3.1 255.255.255.0
service-location 0/3/CPU0
router static
address-family ipv4 unicast
vrf NAT_IN
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
10.0.0.0/8 vrf BLUE bvI 2 <NEXT HOP>
vrf BLUE
address-family ipv4 unicast
172.16.0.0/24 ServiceApp2
router ospf METRO
vrf BLUE
router-id [ROUTER_ID]
redistribute bgp 65500 metric 100
area 0
interface bvi 2
router ospf BLUE
vrf BLUE
router-id [ROUTER ID]
redistribute bgp 65500 metric 100
area 10
interface BVI100
interface BVI200
interface BVI200
router bgp 65500
address-family ipv4 unicast
address-family vpnv4 unicast
vrf BLUE
rd 65500:2
address-family ipv4 unicast
redistribute static
redistribute ospf BLUE
neighbor 1.1.1.2
remote-as 64512
ebgp-multihop 5
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
service cgn CGN
service-location preferred-active 0/3/CPU0
service-type nat44 nat44
portlimit 20000
inside-vrf NAT_IN
map outside-vrf BLUE address-pool 172.16.0.0/24
Thanks in advance,
RenatoHi Somnath,
Let's see if you can help with this new scenario. I want to extend this NAT configuration to a new site (BO1), but instead of using this entire setup with ASR9K, etc, I just want to use ASR9000v module and have this AS9K + ISM as the host. The first problem I see in this scenario is that I have the same 10.0.0.0/8 network in both sites, network which will access the same resources as the devices in the 10.0.0.0/8 in the main site.
1) Do you think if I create a new inside VRF [NAT_IN1] would address this issue?
2) Can I use the same outside VRF?
Here is the configurations.
!! IOS XR Configuration 4.3.1
vrf NAT_IN
address-family ipv4 unicast
import route-target
65500:2
65500:3
export route-target
65500:3
vrf RED
address-family ipv4 unicast
import route-target
65500:1
export route-target
65500:1
vrf NAT_OUT
address-family ipv4 unicast
import route-target
65500:4
export route-target
65500:4
vrf SATELLITE
vrf BLUE
address-family ipv4 unicast
import route-target
65500:2
export route-target
65500:2
hw-module service cgn location 0/3/CPU0
ipv4 access-list ABF
5 permit ospf any any
10 permit ipv4 any 10.200.0.0 0.0.255.255 nexthop1 vrf NAT_IN ipv4 10.0.2.2
20 permit icmp any any
interface Bundle-Ether3
description Uplink (BE3 - VRF NAT_IN) - VLAN 20
vrf NAT_IN
ipv4 address 1.1.1.1 255.255.255.0
ipv4 access-group ABF ingress
interface Bundle-Ether22
description LOOPBACK CABLE NAT_OUT
vrf NAT_OUT
ipv4 address 10.0.1.1 255.255.255.0
interface Bundle-Ether23
description LOOPBACK CABLE BLUE
vrf BLUE
ipv4 address 10.0.1.2 255.255.255.0
interface 6
description Uplink (BE6 - Global) - VLAN 20,51,80-82
interface 6.2
ipv4 address 1.1.1.2 255.255.255.0
encapsulation dot1q 2
interface 6.51 l2transport
description EFP - BE6 - VLAN 51
encapsulation dot1q 51
rewrite ingress tag pop 1 symmetric
interface 6.80 l2transport
description EFP - BE6 - VLAN 80
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
interface 6.81 l2transport
description EFP - BE6 - VLAN 81
encapsulation dot1q 81
rewrite ingress tag pop 1 symmetric
interface 6.82 l2transport
description EFP - BE6 - VLAN 82
encapsulation dot1q 82
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether100
description Bundle to Satellite 100
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 100
remote-ports GigabitEthernet 0/0/0-43
interface Bundle-Ether200
description Bundle to Satellite 200
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 200
remote-ports GigabitEthernet 0/0/0-43
interface Bundle-Ether300
description Bundle to Satellite 300
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 300
remote-ports GigabitEthernet 0/0/0-35
interface Loopback0
description MGMT SATELLITE
vrf SATELLITE
ipv4 address 10.0.0.254 255.255.255.0
interface tunnel-ip31101
description BLUE-TUNNEL01
vrf BLUE
ipv4 address 10.200.253.90 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 13.13.13.13
interface tunnel-ip31102
description BLUE-TUNNEL02
vrf BLUE
ipv4 address 10.200.253.94 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 14.14.14.14
interface tunnel-ip31103
description RED-TUNNEL03
vrf RED
ipv4 address 10.200.253.90 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 13.13.13.13
interface tunnel-ip31104
description RED-TUNNEL04
vrf RED
ipv4 address 10.200.253.94 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 14.14.14.14
interface TenGigE0/0/0/0
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/0/0/1
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/0/0/2
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/0/0/3
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/0/0/4
description LINK TO SATELLITE 300
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 300
remote-ports GigabitEthernet 0/0/36-43
interface TenGigE0/0/0/5
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/0/0/16
description UPLINK (BE6 - GLOBAL) - VLAN 20,51,80-82
bundle id 6 mode active
interface TenGigE0/1/0/16
description UPLINK (BE6 - GLOBAL) - VLAN 20,51,80-82
bundle id 6 mode active
interface TenGigE0/0/0/17
description UPLINK (BE3 - VRF NAT_IN) - VLAN 20
bundle id 3 mode active
interface TenGigE0/1/0/17
description UPLINK (BE3 - VRF NAT_IN) - VLAN 20
bundle id 3 mode active
interface TenGigE0/0/0/22
description LOOPBACK CABLE TE0/1/0/22
bundle id 22 mode on
interface TenGigE0/0/0/23
description LOOPBACK CABLE TE0/1/0/23
bundle id 22 mode on
interface TenGigE0/1/0/0
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/1/0/1
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/1/0/2
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/1/0/3
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/1/0/4
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/1/0/5
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/1/0/22
description LOOPBACK CABLE TE0/0/0/22
bundle id 23 mode on
interface TenGigE0/1/0/23
description LOOPBACK CABLE TE0/0/0/23
bundle id 23 mode on
interface BVI30
vrf RED
ipv4 address 10.200.25.193 255.255.255.192
interface BVI31
vrf BLUE
ipv4 address 10.200.1.1 255.255.255.248
interface BVI32
vrf BLUE
ipv4 address 10.200.25.129 255.255.255.224
interface BVI33
vrf BLUE
ipv4 address 10.200.25.1 255.255.255.128
interface BVI36
vrf BLUE
ipv4 address 10.200.237.145 255.255.255.240
interface BVI51
vrf RED
ipv4 address 192.168.7.12 255.255.255.0
interface BVI80
vrf RED
ipv4 address 10.200.26.169 255.255.255.224
interface BVI81
vrf BLUE
ipv4 address 10.200.25.164 255.255.255.240
interface BVI82
vrf BLUE
ipv4 address 10.200.25.180 255.255.255.240
interface ServiceApp1
description NAT_IN
vrf NAT_IN
ipv4 address 10.0.2.1 255.255.255.252
service cgn CGN service-type nat44
interface ServiceApp2
description NAT_OUT
vrf NAT_OUT
ipv4 address 10.0.2.5 255.255.255.252
service cgn CGN service-type nat44
interface ServiceInfra1
description ISM
ipv4 address 10.0.3.1 255.255.255.0
service-location 0/3/CPU0
prefix-set PS_ROUTES
10.200.0.8,
10.200.5.40/29,
10.200.1.0/29,
10.200.5.32/29,
10.200.0.144/28,
10.200.106.0/28,
10.200.106.16/28
end-set
prefix-set PS_BGP_BLUE_OUT
10.200.24.192/26,
10.200.5.40/29,
10.200.240.0/25,
10.200.1.0/29,
10.200.25.128/27,
10.200.25.0/25,
10.200.5.32/29,
10.200.26.0/25,
10.200.0.144/28,
10.200.27.128/27,
10.200.27.0/25,
10.200.106.0/28,
10.200.106.128/25,
10.200.106.16/28,
10.200.107.128/25
end-set
route-policy RP_DENY_ALL
drop
end-policy
route-policy RP_PASS_ALL
pass
end-policy
route-policy RP_BGP_BLUE_OUT
if destination in PS_BGP_BLUE_OUT then
pass
endif
end-policy
route-policy RP_PASS_ROUTES
if destination in PS_ROUTES then
pass
endif
end-policy
router static
address-family ipv4 unicast
0.0.0.0/0 1.1.1.20
vrf NAT_IN
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
vrf RED
vrf NAT_OUT
address-family ipv4 unicast
0.0.0.0/0 10.0.1.2
10.200.24.192/26 ServiceApp2
vrf BLUE
address-family ipv4 unicast
10.200.24.192/26 10.0.1.1
router ospf
log adjacency changes
vrf NAT_IN
router-id 1.1.1.1
disable-dn-bit-check
redistribute bgp 65500 metric 5 metric-type 2 route-policy RP_PASS_ROUTES
area 7
interface Bundle-Ether3
router ospf RED
log adjacency changes
vrf RED
router-id 10.200.26.169
disable-dn-bit-check
redistribute bgp 65500 metric 10 metric-type 2
area 11
interface BVI30
interface BVI80
router ospf BLUE
log adjacency changes
vrf BLUE
router-id 10.200.25.164
disable-dn-bit-check
redistribute static
redistribute bgp 65500 metric 10 metric-type 2
area 0
interface BVI81
interface BVI82
area 2
interface BVI31
interface BVI32
interface BVI33
interface BVI36
router bgp 65500
address-family ipv4 unicast
address-family vpnv4 unicast
vrf NAT_IN
rd 65500:3
bgp router-id 1.1.1.1
address-family ipv4 unicast
route-target download
vrf RED
rd 65500:1
bgp router-id 10.200.253.90
address-family ipv4 unicast
network 10.200.25.192/26
network 10.200.26.128/27
network 10.200.26.192/27
network 10.200.27.192/26
network 10.200.104.128/27
network 10.200.104.160/27
neighbor 10.200.253.89
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31103
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_PASS_ALL out
soft-reconfiguration inbound
neighbor 10.200.253.93
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31104
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_PASS_ALL out
soft-reconfiguration inbound
vrf BLUE
rd 65500:2
bgp router-id 10.200.253.90
address-family ipv4 unicast
network 10.200.0.144/28
network 10.200.1.0/29
network 10.200.5.32/29
network 10.200.5.40/29
network 10.200.24.192/26
network 10.200.25.0/25
network 10.200.25.128/27
network 10.200.26.0/25
network 10.200.27.0/25
network 10.200.27.128/27
network 10.200.106.0/28
network 10.200.106.16/28
network 10.200.106.128/25
network 10.200.107.128/25
network 10.200.240.0/25
neighbor 10.200.253.89
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31101
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_BGP_BLUE_OUT out
soft-reconfiguration inbound
neighbor 10.200.253.93
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31102
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_BGP_BLUE_OUT out
soft-reconfiguration inbound
l2vpn
load-balancing flow src-dst-ip
bridge group VLAN30
bridge-domain VLAN30
routed interface BVI30
bridge group VLAN31
bridge-domain VLAN31
routed interface BVI31
bridge group VLAN32
bridge-domain VLAN32
routed interface BVI32
bridge group VLAN33
bridge-domain VLAN33
routed interface BVI33
bridge group VLAN36
bridge-domain VLAN36
routed interface BVI36
bridge group VLAN51
bridge-domain VLAN51
routed interface BVI51
bridge group VLAN80
bridge-domain VLAN80
interface 6.80
routed interface BVI80
bridge group VLAN81
bridge-domain VLAN81
interface 6.81
routed interface BVI81
bridge group VLAN82
bridge-domain VLAN82
interface 6.82
routed interface BVI82
nv
satellite 100
type asr9000v
ipv4 address 10.0.0.1
satellite 200
type asr9000v
ipv4 address 10.0.0.2
satellite 300
type asr9000v
ipv4 address 10.0.0.3
service cgn CGN
service-location preferred-active 0/3/CPU0
service-type nat44 nat44
portlimit 20000
inside-vrf NAT_IN
map outside-vrf NAT_OUT address-pool 10.200.24.192/26
Thanks in advance,
Renato -
Cisco/Linksys SLM224G SWITCH: Problem with VLANs
Hi!
I'm trying to set up VLANs in my racks. I have some knowledge about VLANs, but I still can't set it up in my way.
My situation:
I have PC which contains two virtual machines, which has to works as a routers between three networks: LAN1, LAN2, WAN. It's a bit complicated, but I'll try to draw it:
|-------------|
|----------------------------| | e1|-to-eth1-VM2-----WAN
|VirtualMachine 1 eth0|---trunk-VLAN1&2---|g1 e2|-to-eth0-VM2-----LAN2
|eth0=VLAN1 eth1=VLAN2 | | e3|-to-eth0-VM2-----LAN2 etc.
| PC | | SWITCH e4|
|VirtualMachine 2 | | e5|-to-eth1-VM1---wire-to-LAN2
|eth0=VLAN3 eth1=VLAN4 eth1|---trunk-VLAN3&4---|g2 e6|-to-eth0-VM1-----LAN1
|----------------------------| | e7|-to-eth0-VM1-----LAN1 etc.
|-------------|
gX = Gigabit ports
eX = 100Mbit ports
VMX = Virtual machine number
wire-to = patch-cord connection between ports on the switch
Schema of routing and logical visibility:
LAN1---VM1-----VM2---WAN
|
LAN2----------|
Important note is that LAN1 and LAN2 has to be separated (visible only through routers). WAN has to be visible only through VM2 for LAN2 and through by VM1 and VM2 for LAN1. It looks easy, but VLANs which I done on that switch seems to doesn't works.
I'm doing this like that:
Step1: VLAN Management / Create VLAN...
Creating VLANs from 1, 2, 3, 4 (numbers doesn't meters right now - I now that number 1 is restricted at the switch).
Step2: VLAN Management / Port to VLAN...
Setting up VLAN1 with ports g1, e5 (both tagged or untagged? - I haven't seen difference)
Setting up VLAN2 with ports g1, e6, e7, etc...
Setting up VLAN3 with ports g2, e2, e3, etc...
Setting up VLAN4 with ports g2, e1
Step3: VLAN Management / Port Setting...
Setting up port e1 to PVID4 (frame type=all I suppose, but what with "ingress filtering"?)
Setting up port e2 to PVID3
Setting up port e3 to PVID3
etc...
Setting up port e5 to PVID1
Setting up port e6 to PVID2
Setting up port e7 to PVID2
etc...
So, on that configuration and on that switch it doesn't work for me
I know that switch is seeing MACs from VLANs which are done by PC's, because when I get in "Admin / Dynamic Address" I can see MACs on correct ports and with correct VLAN ID. So the problem is to forward VLANs on their ports, next clear frames from IDs and let packets go (and back: take clear packets, add VLAN ID and send to gigabits ports).
Showed configuration is the one of many that I tried :/ but I think this one is the best one.
Or maybe I don't know VLANs as I think and that schema is impossible? Please tell me if I' doing sth wrong.
Regards
and waiting for any suggestions,
LucasYou need to make sure that your VirtualMachine can send tagged frames if the VMs share physical ethernet ports on the host.
I count 4 different LAN segments but you have only 2 physical ports on your PC (router).
And VM2 requires 3 physical connections according to the list below.
Depending on the virtualisation software you can maybe create the connection PVM1 to VM2 internally inside the PC (logical connection)
Are these the connections you require ?
VM1 --- LAN1
VM1 --- VM2
VM2 --- WAN
LAN2 --- VM2
Is this correct ? Will your PC, Virtualisation Software/Hypervisor tag frames with VLAn tags ?
If this is true I can help you configure the switch.
Jo -
Help with if statement in cursor and for loop to get output
I have the following cursor and and want to use if else statement to get the output. The cursor is working fine. What i need help with is how to use and if else statement to only get the folderrsn that have not been updated in the last 30 days. If you look at the talbe below my select statement is showing folderrs 291631 was updated only 4 days ago and folderrsn 322160 was also updated 4 days ago.
I do not want these two to appear in my result set. So i need to use if else so that my result only shows all folderrsn that havenot been updated in the last 30 days.
Here is my cursor:
/*Cursor for Email procedure. It is working Shows userid and the string
You need to update these folders*/
DECLARE
a_user varchar2(200) := null;
v_assigneduser varchar2(20);
v_folderrsn varchar2(200);
v_emailaddress varchar2(60);
v_subject varchar2(200);
Cursor c IS
SELECT assigneduser, vu.emailaddress, f.folderrsn, trunc(f.indate) AS "IN DATE",
MAX (trunc(fpa.attemptdate)) AS "LAST UPDATE",
trunc(sysdate) - MAX (trunc(fpa.attemptdate)) AS "DAYS PAST"
--MAX (TRUNC (fpa.attemptdate)) - TRUNC (f.indate) AS "NUMBER OF DAYS"
FROM folder f, folderprocess fp, validuser vu, folderprocessattempt fpa
WHERE f.foldertype = 'HJ'
AND f.statuscode NOT IN (20, 40)
AND f.folderrsn = fp.folderrsn
AND fp.processrsn = fpa.processrsn
AND vu.userid = fp.assigneduser
AND vu.statuscode = 1
GROUP BY assigneduser, vu.emailaddress, f.folderrsn, f.indate
ORDER BY fp.assigneduser;
BEGIN
FOR c1 IN c LOOP
IF (c1.assigneduser = v_assigneduser) THEN
dbms_output.put_line(' ' || c1.folderrsn);
else
dbms_output.put(c1.assigneduser ||': ' || 'Overdue Folders:You need to update these folders: Folderrsn: '||c1.folderrsn);
END IF;
a_user := c1.assigneduser;
v_assigneduser := c1.assigneduser;
v_folderrsn := c1.folderrsn;
v_emailaddress := c1.emailaddress;
v_subject := 'Subject: Project for';
END LOOP;
END;
The reason I have included the folowing table is that I want you to see the output from the select statement. that way you can help me do the if statement in the above cursor so that the result will look like this:
emailaddress
Subject: 'Project for ' || V_email || 'not updated in the last 30 days'
v_folderrsn
v_folderrsn
etc
[email protected]......
Subject: 'Project for: ' Jim...'not updated in the last 30 days'
284087
292709
[email protected].....
Subject: 'Project for: ' Kim...'not updated in the last 30 days'
185083
190121
190132
190133
190159
190237
284109
286647
294631
322922
[email protected]....
Subject: 'Project for: Joe...'not updated in the last 30 days'
183332
183336
[email protected]......
Subject: 'Project for: Sam...'not updated in the last 30 days'
183876
183877
183879
183880
183881
183882
183883
183884
183886
183887
183888
This table is to shwo you the select statement output. I want to eliminnate the two days that that are less than 30 days since the last update in the last column.
Assigneduser....Email.........Folderrsn...........indate.............maxattemptdate...days past since last update
JIM......... jim@ aol.com.... 284087............. 9/28/2006.......10/5/2006...........690
JIM......... jim@ aol.com.... 292709............. 3/20/2007.......3/28/2007............516
KIM......... kim@ aol.com.... 185083............. 8/31/2004.......2/9/2006............. 928
KIM...........kim@ aol.com.... 190121............. 2/9/2006.........2/9/2006.............928
KIM...........kim@ aol.com.... 190132............. 2/9/2006.........2/9/2006.............928
KIM...........kim@ aol.com.... 190133............. 2/9/2006.........2/9/2006.............928
KIM...........kim@ aol.com.... 190159............. 2/13/2006.......2/14/2006............923
KIM...........kim@ aol.com.... 190237............. 2/23/2006.......2/23/2006............914
KIM...........kim@ aol.com.... 284109............. 9/28/2006.......9/28/2006............697
KIM...........kim@ aol.com.... 286647............. 11/7/2006.......12/5/2006............629
KIM...........kim@ aol.com.... 294631............. 4/2/2007.........3/4/2008.............174
KIM...........kim@ aol.com.... 322922............. 7/29/2008.......7/29/2008............27
JOE...........joe@ aol.com.... 183332............. 1/28/2004.......4/23/2004............1585
JOE...........joe@ aol.com.... 183336............. 1/28/2004.......3/9/2004.............1630
SAM...........sam@ aol.com....183876.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183877.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183879.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183880.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183881.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183882.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183883.............3/5/2004.........3/8/2004.............1631
SAM...........sam@ aol.com....183884.............3/5/2004.........3/8/2004............ 1631
SAM...........sam@ aol.com....183886.............3/5/2004.........3/8/2004............ 1631
SAM...........sam@ aol.com....183887.............3/5/2004.........3/8/2004............ 1631
SAM...........sam@ aol.com....183888.............3/5/2004.........3/8/2004............ 1631
PAT...........pat@ aol.com.....291630.............2/23/2007.......7/8/2008............ 48
PAT...........pat@ aol.com.....313990.............2/27/2008.......7/28/2008............28
NED...........ned@ aol.com.....190681.............4/4/2006........8/10/2006............746
NED...........ned@ aol.com......95467.............6/14/2006.......11/6/2006............658
NED...........ned@ aol.com......286688.............11/8/2006.......10/3/2007............327
NED...........ned@ aol.com.....291631.............2/23/2007.......8/21/2008............4
NED...........ned@ aol.com.....292111.............3/7/2007.........2/26/2008............181
NED...........ned@ aol.com.....292410.............3/15/2007.......7/22/2008............34
NED...........ned@ aol.com.....299410.............6/27/2007.......2/27/2008............180
NED...........ned@ aol.com.....303790.............9/19/2007.......9/19/2007............341
NED...........ned@ aol.com.....304268.............9/24/2007.......3/3/2008............ 175
NED...........ned@ aol.com.....308228.............12/6/2007.......12/6/2007............263
NED...........ned@ aol.com.....316689.............3/19/2008.......3/19/2008............159
NED...........ned@ aol.com.....316789.............3/20/2008.......3/20/2008............158
NED...........ned@ aol.com.....317528.............3/25/2008.......3/25/2008............153
NED...........ned@ aol.com.....321476.............6/4/2008.........6/17/2008............69
NED...........ned@ aol.com.....322160.............7/3/2008.........8/21/2008............4
MOE...........moe@ aol.com.....184169.............4/5/2004.......12/5/2006............629
[email protected]/27/2004.......3/8/2004............1631
How do I incorporate a if else statement in the above cursor so the two days less than 30 days since last update are not returned. I do not want to send email if the project have been updated within the last 30 days.
Edited by: user4653174 on Aug 25, 2008 2:40 PManalytical functions: http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/functions2a.htm#81409
CASE
http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96624/02_funds.htm#36899
http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96624/04_struc.htm#5997
Incorporating either of these into your query should assist you in returning the desired results. -
I installed Sunbird in one computer and my calendar has all my infos, events, and task that i would like to see on another computer that i just downloaded Sunbird into. Also, is it possible I can access Sunbird on my iphone?
Thank you in advance,Try the forum here - http://forums.mozillazine.org/viewforum.php?f=46 - for help with Sunbird, this forum is for Firefox support.
Maybe you are looking for
-
FIX FOR: iPhone 4 battery draining fast, phone running hot
I had the same issue many have reported here and in comments on blogs, where their +_battery was draining at least twice as fast_+ as on an iPhone 3GS with iOS 4. Some threads suggest +_this happens to iPhone 4 when restored from a 3G or 3GS_+, and i
-
Can anyone help me with advice for a replacement hard drive
Hi there, Can anyone help me with advice for a replacement hard drive and RAM upgrade for my Mac Book Pro 5,3 Its 3 years old & running Snow Leopard 10.6.8 I do a lot of audio & movie work so performance is important. The logic board was replaced las
-
SQL Formatter Settings not saved
Every time I try and change the tab size on the formatter settings, it reverts to 2, no matter what value I use. How do I set the Home directory? I have changed the start in directory in my windows shortcut, but when i go to open files, it always sta
-
Layer Masks Aren't Working Properly
I frequently use layer masks in my work and have never had any problems with them. However, for the last few days, something weird has been happening. I have used a large soft brush at 20% flow and 100% opacity and things seem to work until I look cl
-
HRMS Mutating Custom Trigger Error
Hi Gurus! In Oracle 10.7 SC HRMS, the column PERSON_TYPE_ID in table PER_ALL_PEOPLE_F was used to populate the actual person type. In releases 11+, this column was redesigned to hold just the default user_person_type for a given system_person_type. I