JumboFrames on cisco3750g for iSCSI traffic

Hello Communality,
I need you help!
here is the goal: connect SAN and vmware ESXi by iSCSI via cisco3750g.
on cisco I'm using a separated vlan for iSCSI traffic.
So after turning on the JumboFrames on cisco ( system mtu jumbo 9000 > reload) I was trying to test it using PING command from the switch without success :-(
#show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
System Alternate MTU size is 1500 bytes
Routing MTU size is 1500 bytes
#ping 192.168.0.21 size 9000 df-bit repeat 1
Type escape sequence to abort.
Sending 1, 9000-byte ICMP Echos to 192.168.0.21, timeout is 2 seconds:
Packet sent with the DF bit set
Success rate is 0 percent (0/1)
#show int gi1/0/3 mtu
Port      Name               MTU
Gi1/0/3   iSCSI              9000     
#show vlan mtu
VLAN    SVI_MTU    MinMTU(port)      MaxMTU(port)     MTU_Mismatch
1    1500          9000              9000              No
192   1500          9000              9000              No
#show ru int gi1/0/3                        
Building configuration...
Current configuration : 108 bytes
interface GigabitEthernet1/0/3
 description iSCSI
 switchport access vlan192
 switchport mode access
end
thanks!

Hello
Does the interface need to be an access port or trunk?
res
Paul

Similar Messages

  • Etherchannel two cisco 3750 stacks for iscsi?

    I have two sites connected by 96 strands of fibre. At each site I have an IBMv7000 relicating to the other one. For iSCSI traffic I have two Cisco 3750 switches, each are in 2 switch stack. 
    SAN A                         Fibre Link                          SAN B
            |                                                                        |
    Cisco Stack A =========================Cisco Stack B
            |                                                                        |
            |                                                                        |
    iSCSI Clients                                                       iSCSI Clients
    My question: Is it ok to connect the the two stacks with etherchannel using the fibre links? Will is provide the necessary redundancy, if one of the interfaces goes down?

    What model numbers of 3750 are you using?
    What is the distance between the stacks as this will dictate your fiber run modules.

  • VLAN prioritization for SAN traffic

    I have a stack of 3750's running two VLANs, one for NFS traffic (id 130) and one for iSCSI traffic (id 150). I have jumbo framing (MTU 9000) on VLAN 150. I'd like to try prioritizing the iSCSI traffic using 802.1p. Can anyone point me to some configuration help? Does anyone have any thoughts or experiences with this idea? Thanks!

    The MDS GE/iSCSI interface can set the DSCP value on outbound IP packets, but that is in the IP header (layer 3). From what I recall, the 802.1p bits are in the Layer 2 field between the MAC addresses and the Ethernet type, and from what I understand, the MDS does not provide any marking at that level.
    You could mark via 802.1p inbound on the Ethernet Switch that the MDS GE port is attached to, but not directly out of the MDS GE port.
    If you are interested in marking iSCSI using DSCP, here is web page describing how you set the iSCSI interface for the desired DSCP value.
    Hope this helps,
    Mike

  • ISCSI boot with Intel NICs added to windows 2008 r2 routing table causes non iscsi traffic to attempt default routes on iscsi networks

    I have a server with Intel 82576 Gigabit Dual Port Nics.  I have configured them to use iSCSI boot the primary looks to 10.0.0.1/24 and the secondary looks to 10.0.1.1/24.  The target is configured correctly.  Everything boots as expected.
     I have added the MPIO feature and configured MPIO for the iscsi initiator as per: http://blogs.technet.com/b/migreene/archive/2009/08/29/3277914.aspx.
     My issue is that the iSCSI networks show up in the routing table like so:
    I did not configure a default route in the Intel setup utility:
    I tried to explicitly remove the 0.0.0.0 entry and leave blank, with no change.  As you can see with the above routing table traffic attempts to travel over these routes:
    C:\Users\Administrator>ping google.com
    Pinging google.com [209.85.145.99] with 32 bytes of data:
    Reply from 10.0.0.201: Destination host unreachable.
    Reply from 10.0.1.201: Destination host unreachable.
    Reply from 209.85.145.99: bytes=32 time=23ms TTL=51
    Reply from 209.85.145.99: bytes=32 time=22ms TTL=51
    Ping statistics for 209.85.145.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    A ping to the outside world first attempts on 10.0.0.x/24 network, then on 10.0.1.x/24 network and then finally on the network the traffic should go over.  I don't want my iSCSI traffic to ever show up with a default route.  How do I get rid of it?
    route delete 0.0.0.0 mask 0.0.0.0 "on-link" results in: The route deletion failed: The parameter is incorrect.
    route delete 0.0.0.0 mask 0.0.0.0 on-link results in: The route deletion failed: The parameter is incorrect.
    route delete 0.0.0.0 deletes all default routes, then I have to add back in the "valid default route" of 192.168.100.6.
    I would like to not have to do a route delete though.

    So I've sort of given up on fixing the gateway assignment in the route for iSCSI boot.  I configured a DHCP server to give out the information required by iSCSI boot and configured the network cards to use DHCP for their configuration.  I insured
    that my DHCP server gave out no default gateway entry.  However, I still got the undesired routes in the routing table.  This makes me assume that there isn't a "fix" for it, only the workaround.
    Here is the script I run on each iSCSI Boot initiator (you would obviously change the ip number to suit your environment):
    @Echo off
    Rem fixes iscsi route problem as shown below:
    Rem IPv4 Route Table
    REM ===========================================================================
    REM Active Routes:
    REM Network Destination Netmask Gateway Interface Metric
    REM 0.0.0.0 0.0.0.0 On-link 10.0.0.200 10255
    REM 0.0.0.0 0.0.0.0 On-link 10.0.1.200 266
    REM 0.0.0.0 0.0.0.0 192.168.100.6 192.168.100.98 266
    REM The top 2 lines are on the iscsi interface and traffic tries to go out it
    REM We need to delete the routes, so we'll just delete all gateway routes and
    REM add back in the one we care about.
    route delete 0.0.0.0 >c:\iscsibootroutefix.log
    route -p add 0.0.0.0 mask 0.0.0.0 192.168.100.6 >>c:\iscsibootroutefix.log
    After running it I get:
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.100.6 192.168.100.98 11
    10.0.0.0 255.255.255.0 On-link 10.0.0.200 10255
    10.0.0.1 255.255.255.255 On-link 10.0.0.200 10255
    10.0.0.200 255.255.255.255 On-link 10.0.0.200 10255
    Then I added a task in “task scheduler” of "administrative tools"  that ran as the user “system” “when the computer starts” that runs this script.

  • ISCSI traffic on wrong subnet/NIC

    I have a server running Storage Server 2012 with a "management" port on .2 and the "data port" on .9, same goes for my backup server. However I was just looking at the traffic on the server and I see it's using the .2 NIC. The iSCSI target
    for the drive is set to the .9 address so I'm not sure why it's using the wrong one.  However when I look at the Portal Groups for that connection in the iSCSI Initiator it's listing both .2 and .9 both with a index of 0. 
    The backup Server is 2012 not R2.

    The NAS is a Dell NX3200 and the server is an older Dell PowerEdge 2950 running 2012 (not great but fine for backups).
    The .2 which I didn't know is using DHCP but has our normal gateway set, the .9 IP is static and set to 192.168.9.1 which is actually nothing (it's how it was set up when we got our EqualLogic for the VMs that were on the server, the EqualLogic and the NX3200
    are both supposed to be using the .9 for Data traffic).
    One question about the static route, not quite sure what to put for the destination I know what I'd put if I were routing to another subnet, but not sure in this instance.  We're a small company so don't do much with "networking" so I haven't had to
    think about this since school about 12 years ago.  So if I'm forgetting something please let me know as I think we are getting to the point where I'm going to need to start putting more thought into it.

  • ISCSI Traffic

    I have the following supervisor and Line Card Modules:
    Supervisor:  WS-X4013+  
    Line Card: WS-X4448-GB-RJ45 
    Are the supervisor and line card module capable of supporting ISCSI traffic or will someone recommend to upgrade line cards or purchase a separate Cisco Switch.
    Thanks! 

    The fabric and pps ratings for the 3750Gs don't support wire-rate for more than 16 gig ports. (Max performance for 3750G models is 38.7 Mpps and 32 Gbps fabric; for 3750-E it's 101.2 Mpps and 128 Gbps fabric [NB: pps is enough, slightly insufficent fabric bandwidth for 48 port models - similar 4948 offers 102 Mpps, 136 Gbps].)
    Another performance limitation of the 3750s (and to lessor extent the 3750-Es) is stack ring bandwidth. As best I can tell, the 32 Gbps is really dual 8 Gbps duplex (dual 16 Gbps duplex for -Es). An important distinction between the original StackWise technology and the later StackWise+, the former puts a copy of all traffic on the stack, the latter suppresses unnecessary unicast. The former also requires the sender to remove the traffic from the stack ring, the latter the destination removes the traffic. (I.e. the "+" technology, really is plus.)
    For really, really demanding performance, a stack ring isn't the same as a chassis fabric (e.g. 4500s), and within a single switch, the lower end switch models, they can't always provide wire-rate for all their ports. However, the real question is whether you need this performance in a small shop even though iSCSI is being used.
    In other words, its rare to see all ports demanding full bandwidth, so a stack of 48 port 3750Gs migtht work just fine for your customer if the actual need doesn't require more than the device can supply.
    In similar situations, I present the customer with such facts. Based on what the expected load is, device "A" might work fine, but it can't guarantee performance beyond a certain level. If customer wants the capability for more performance, for growth or "just to be safe", can do too, here's your options (and extra cost) for that too.
    BTW, if SAN devices can support 10gig, then you'll need something better than the 3750G since the model with a single 10gig port has been discontinued.

  • Administration port - network channel for admin traffic

    I am trying to configure a separate channel for Administration traffic on weblogic. I followed the oracle docos and configured the SSL, domain wide admin port, server listen address, ‘admin’ channel.
    The issue is admin traffic in not happening through the newly created channel.
    L2 network is not getting used. I can’t see any activity in the monitoring tab of new Channel. Also the netstat is showing that the port 9101/9102 is getting used on the 192.168.100.218 and not on 10.254.252.849.
    I also tried by setting up the newly created channel weight as 51, but no luck.
    Is JMX connectivity related to admin channel?
    Any help is highly appreciated. Thanks.
    Ipconfig:
    Admin: adminserver701.mycompany.internal, 192.168.100.238, 10.254.252.808
    Managed: appserver701.mycompany.internal, :192.168.100.218, 10.254.252.849
    Domain wide admin port: 9101
    Admin:
    Listen address –> adminserver701.mycompany.internal
    Channel –> admin -> 10.254.252.808/9101
    Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.808:9101
    Managed:(appserver701)
    Listen address –> appserver701.mycompany.internal
    Admin port override: 9102
    Channel –> admin -> 10.254.252.849/9102
    Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.849:9102
    AdminServer Logs:
    ####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613346> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.runtime .>
    ####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613353> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.edit .>
    ####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613367> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.domainruntime .>
    ####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616699> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.238:9101 for protocols admin, ldaps, https.>
    ####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616700> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.808:9101 for protocols admin, ldaps, https.>
    ####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "Default" is now listening on 192.168.100.238:7001 for protocols iiop, t3, ldap, snmp, http.>
    ####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.238:7002 for protocols iiops, t3s, ldaps, https.>
    ManagedServer Logs:
    ####<Feb 18, 2013 2:54:19 PM EST> <Info> <JMX> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163259911> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://appserver701.mycompany.internal:9102/jndi/weblogic.management.mbeanservers.runtime .>
    ####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.849:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
    ####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.218:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
    ####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.218:7102 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
    ####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "Default" is now listening on 192.168.100.218:7101 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
    AdminServer logs update while starting managed:
    ####<Feb 18, 2013 2:54:57 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-0000000000000162> <1361163297488> <BEA-149506> <Established JMX Connectivity with adp_ms01 at the JMX Service URL of service: jmx:admin://appserver701.mycompany.internal:9102 /jndi/weblogic.management.mbeanservers.runtime.>
    Admin Server :
    [oracle@adminserver701 bin]$ netstat -an | grep 9101
    tcp 0 0 10.254.252.808:9101 0.0.0.0:* LISTEN
    tcp 0 0 192.168.100.238:9101 0.0.0.0:* LISTEN
    tcp 0 0 192.168.100.238:9101 192.168.100.218:59038 ESTABLISHED
    I am wondering if the JMX connectivity is using the server listen address (adminserver701.mycompany.internal) which will by default resolve to 192.168.100.238. Is there a way to force JMX to use 10.254.252.808?

    Hi
    For first question the answer is no. With the administration port, you enable the SSL between the admin server and Node manager-managed Servers. You can still use the web console.
    For teh second question, you can use ANT or can use the WLS Scripting ..you can get more details in dev2dev.bea.com
    Jin

  • No more multipath-tools (for iscsi) in arch? Alternative?

    Hi,
    I wonder is there any alternative to multipath for iscsi available?
    Is there absolutely no multipath in arch anymore?
    Thank you!

    Thank you!
    I just saw that multipath-tools wasn't orphaned anymore.

  • Which is prioritized for multicast traffic if FastSwitching and CEF is enable?

                       Hello
    Here is the related configuration and output of show command below,
    In my understanding, there are 3 swtching mode, CPU, fast-swthing and CEF swthing,
    But if FastSwthing and CEF swithing are enable both, then which swithing mode is prioritized for mutlicast traffic?
    interface Vlan302
    ip address 10.0.20.1 255.255.255.0
    3750X#sh ip int vlan 302
    Vlan302 is down, line protocol is down
      Internet address is 10.0.20.1/24
      Broadcast address is 255.255.255.255
      *omit
      IP fast switching is enabled
      IP Flow switching is disabled
      IP CEF switching is enabled
      IP CEF switching turbo vector
      IP Null turbo vector
      IP multicast fast switching is enabled
      IP multicast distributed fast switching is enabled
      IP route-cache flags are Fast, CEF
      *omit
    interface Vlan301
    ip address 10.0.10.1 255.255.255.0
    no ip mroute-cache
    3750X#sh ip int vlan 301
    Vlan301 is down, line protocol is down
      Internet address is 10.0.10.1/24
      Broadcast address is 255.255.255.255
      *omit
      IP fast switching is enabled
      IP Flow switching is disabled
      IP CEF switching is enabled
      IP CEF switching turbo vector
      IP Null turbo vector
      IP multicast fast switching is disabled
      IP multicast distributed fast switching is disabled
      IP route-cache flags are Fast, CEF, No Distributed
      *omit
    Product : Cat3750X
    IOS version :  15.0(2)SE5
    Best Regards,
    Masanobu Hiyoshi

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    I'm not 100% certain, but I believe FastSwitching and CEF switching apply to unicast, not multicast.  Your "IP mroute-cache" command enables/disables fast multicast switching.
    On a 3750, switching should be hardware based, for unicast and multicast, unless TCAM resources are insufficient.  If hardware switching falls back to non-hardware switching, you'll likely find process vs. Fast vs. CEF vs. multicast doesn't matter, all too slow.

  • Outbound PAT for SMTP traffic

    Cisco ASA 5505, Software 8.0(3)
    ASA IP: xxx.xxx.xxx.yy4/29
    This is part of my ASA config that ensures PAT for incomming SMTP traffic:
    access-list acl_inbound_outside extended permit tcp any host xxx.xxx.xxx.yy7 eq smtp
    nat-control
    global (outside) 1 interface
    nat (inside) 0 access-list acl_no_nat_inside
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp xxx.xxx.xxx.yy7 ftp 172.27.1.1 smtp netmask 255.255.255.255
    access-group acl_inbound_outside in interface outside
    This ensures SMTP traffic to xxx.xxx.xxx.yy7 reach my SMTP server.
    But outgoing SMTP traffic is from xxx.xxx.xxx.yy4 (WAN IP of ASA).
    How can I set up that ONLY SMTP traffic from 172.27.1.1 is PATed behind IP xxx.xxx.xxx.yy7 and other traffic from 172.27.1.1 will be NATed to
    xxx.xxx.xxx.yy4?

    Hi,
    It seems that there is either a typo or mistake in the configuration above.
    You are forwarding "ftp" port to "smtp" port
    Shouldnt it be
    static (inside,outside) tcp xxx.xxx.xxx.yy7 smtp 172.27.1.1 smtp netmask 255.255.255.255
    So in addition to forwarding the "smtp" port you also want all outgoing "smtp" traffic from this single host/server to use the public IP address xxx.xxx.xxx.yy7
    Then you can configure this
    access-list SMTP-POLICYPAT remark Policy PAT for SMTP traffic
    access-list SMTP-POLICYPAT permit tcp host 172.27.1.1 any eq smtp
    global (outside)  25 xxx.xxx.xxx.yy7
    nat (inside) 25 access-list SMTP-POLICYPAT
    Hope this helps
    Please do remember to mark the reply as the correct answer if it answered your question.
    - Jouni

  • The access to our new chess hall may be blocked by your local firewall. You would need to reconfigure your firewall to open port 15010 for TCP traffic.

    How do I do the following so I can get into my chess program??
    The access to our new chess hall may be blocked by your
    local firewall. You would need to reconfigure your firewall to open port 15010
    for TCP traffic.

    This is not really Firefox related.
    What you need to do here is to read the firewall manual which usually explains how to create a rule for what you want to do.
    If you're using the Windows XP firewall, see this Microsoft article: http://windows.microsoft.com/en-US/windows-vista/Firewall-frequently-asked-questions

  • Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

    Hi All,
    I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
    2811 having C2800NM-ADVIPSERVICESK9-M
    2811 router connects to the Internet SW then connects to the Internet router.
    Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
    Below is router config for VPN & NAT
    crypto keyring ISR_Keyring
      pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 10
    crypto isakmp profile isa-profile
       keyring ISR_Keyring
       self-identity user-fqdn [email protected]
       match identity user vpn-proxy.websense.net
    crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
    crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
    set peer vpn.websense.net dynamic
    set transform-set ESP-NULL-SHA
    set isakmp-profile isa-profile
    match address 101
    interface FastEthernet0/1
    description connected to Internet
    ip address 216.222.208.101 255.255.255.128
    ip access-group HVAC_Public in
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed 100
    no cdp enable
    crypto map GUEST_WEB_FILTER
    access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
    access-list 103 permit ip 192.168.8.0 0.0.3.255 any
    ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
    ip nat inside source list 103 interface FastEthernet0/1 overload
    ip nat inside source route-map nonat pool mypool overload

    How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
    Check
    show crypto isakmp sa
    show crypto ipsec sa
    show crypto session
    You'd better remove the preshared key from your post.

  • Which network is Oracle using for RAC traffic ? where you will get info ? ?

    Hi,
    I am using two node RAC on Oracle 10g R2 (10.2.0.3.0) version on SUN Solaris 10 . I want to know "Which network is Oracle using for RAC traffic ? where you will get info "
    --Kumar                                                                                                                                                                                                                                                                                                                                                                                           

    Hi Kumar,
    In 10g, you can query x$ksxpia. If the cluster_interconnect information is stored in OCR (default), you will get
    SQL> select INST_ID,PUB_KSXPIA,PICKED_KSXPIA, NAME_KSXPIA,IP_KSXPIA from x$ksxpia;
    If you specified the cluster_interconnects parameter in your init.ora:
    Columns to look in : INST_ID P PICK NAME_KSXPIA IP_KSXPIA
    And also you can use 'oradebug ipc' to see which interconnects the database is using:
    SQL> oradebug setmypid
    SQL> oradebug ipc
    Hope it helps...
    Thanks
    LaserSoft

  • Cascade Catalyst 3560 switch for loaded traffic

    I have a layer 3 Catalyst switch 3560 with 24 FE interfaces.
    I need to pump traffic from traffic generator into port 1 and propagate it to other ports; the last port will be connected back to the traffic generator.
    I suppose that I need to cascade some of the switchports but how do I configure the catalyst switch for this setup? Is it making use of routed port and static routing?

    Hi Ankur,
    Thanks for the reply.
    The traffic generator are layer 3 interfaces which I can assign IP address.
    You mentioned that I do not need any routing, but I require traffic coming from the traffic generator(e.g FE1) going into switchport 1 to traverse through the rest of the switchports before exiting from the last switchport back to the traffic generator(e.g FE2). Therefore, I need advice on how to setup the catalyst switch to achieve this.If I assign ip address for this traffic to end at the traffic generator-FE2, the generated traffic will enter the switch at switchport 1 and directly exit from the last switchport without any traversing done. Btw, do I need to cascade my switch with cross cable in this aspect?
    Thanks in advance for your advice.
    Regards,
    Raymond

  • ACE Normalization for SMTP Traffic

    Hi,
    I was facing issue with the ACE normalization and that was stopping my SMTP traffic. When i disabled it globally my SMTP traffic is working fine. But due to the audit i cannot disabled it for all the traffic. I want to disabled the normalization only for the SMTP por 25 traffic.
    I am trying to create the L4 policy as mention below but unable to set the partameter require for to disable the normalization.
    class-map match-any SMTP_CLASS
    match port tcp eq 25
    parameter-map type connection TCP_SMTP_MAP
    no random-sequence-number
    exceed-mss allow
    policy-map multi-match TCP_SMTP_POLICY
    What else i need to reacll in parameter-map in order to disable the normalization for SMTP traffic.
    Pleae help.

    Hi,
    I have attached the capture when normalization was enabled (not working) and capture when normalization was disabled.
    Please review and let me know how to achive this by fine tunning the parameters.
    We are seeing lot of tcp retransmission error etc.
    I have done some research and normalization deals with the following below mentoin parameters.
    exceed-mss-----Configure behavior if a packet exceeds MSS
    random-seq-num-disable----Disable TCP sequence number randomization
    reserved-bits-----Configure Reserved bits in TCP header
    syn-data-----Configure behavior for a SYN packet containing data
    tcp-options-----Configure TCP header options
    urgent-flag-----Allow/Clear Urgent flag

Maybe you are looking for