JumboFrames on cisco3750g for iSCSI traffic
Hello Communality,
I need you help!
here is the goal: connect SAN and vmware ESXi by iSCSI via cisco3750g.
on cisco I'm using a separated vlan for iSCSI traffic.
So after turning on the JumboFrames on cisco ( system mtu jumbo 9000 > reload) I was trying to test it using PING command from the switch without success :-(
#show system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
System Alternate MTU size is 1500 bytes
Routing MTU size is 1500 bytes
#ping 192.168.0.21 size 9000 df-bit repeat 1
Type escape sequence to abort.
Sending 1, 9000-byte ICMP Echos to 192.168.0.21, timeout is 2 seconds:
Packet sent with the DF bit set
Success rate is 0 percent (0/1)
#show int gi1/0/3 mtu
Port Name MTU
Gi1/0/3 iSCSI 9000
#show vlan mtu
VLAN SVI_MTU MinMTU(port) MaxMTU(port) MTU_Mismatch
1 1500 9000 9000 No
192 1500 9000 9000 No
#show ru int gi1/0/3
Building configuration...
Current configuration : 108 bytes
interface GigabitEthernet1/0/3
description iSCSI
switchport access vlan192
switchport mode access
end
thanks!
Hello
Does the interface need to be an access port or trunk?
res
Paul
Similar Messages
-
Etherchannel two cisco 3750 stacks for iscsi?
I have two sites connected by 96 strands of fibre. At each site I have an IBMv7000 relicating to the other one. For iSCSI traffic I have two Cisco 3750 switches, each are in 2 switch stack.
SAN A Fibre Link SAN B
| |
Cisco Stack A =========================Cisco Stack B
| |
| |
iSCSI Clients iSCSI Clients
My question: Is it ok to connect the the two stacks with etherchannel using the fibre links? Will is provide the necessary redundancy, if one of the interfaces goes down?What model numbers of 3750 are you using?
What is the distance between the stacks as this will dictate your fiber run modules. -
VLAN prioritization for SAN traffic
I have a stack of 3750's running two VLANs, one for NFS traffic (id 130) and one for iSCSI traffic (id 150). I have jumbo framing (MTU 9000) on VLAN 150. I'd like to try prioritizing the iSCSI traffic using 802.1p. Can anyone point me to some configuration help? Does anyone have any thoughts or experiences with this idea? Thanks!
The MDS GE/iSCSI interface can set the DSCP value on outbound IP packets, but that is in the IP header (layer 3). From what I recall, the 802.1p bits are in the Layer 2 field between the MAC addresses and the Ethernet type, and from what I understand, the MDS does not provide any marking at that level.
You could mark via 802.1p inbound on the Ethernet Switch that the MDS GE port is attached to, but not directly out of the MDS GE port.
If you are interested in marking iSCSI using DSCP, here is web page describing how you set the iSCSI interface for the desired DSCP value.
Hope this helps,
Mike -
I have a server with Intel 82576 Gigabit Dual Port Nics. I have configured them to use iSCSI boot the primary looks to 10.0.0.1/24 and the secondary looks to 10.0.1.1/24. The target is configured correctly. Everything boots as expected.
I have added the MPIO feature and configured MPIO for the iscsi initiator as per: http://blogs.technet.com/b/migreene/archive/2009/08/29/3277914.aspx.
My issue is that the iSCSI networks show up in the routing table like so:
I did not configure a default route in the Intel setup utility:
I tried to explicitly remove the 0.0.0.0 entry and leave blank, with no change. As you can see with the above routing table traffic attempts to travel over these routes:
C:\Users\Administrator>ping google.com
Pinging google.com [209.85.145.99] with 32 bytes of data:
Reply from 10.0.0.201: Destination host unreachable.
Reply from 10.0.1.201: Destination host unreachable.
Reply from 209.85.145.99: bytes=32 time=23ms TTL=51
Reply from 209.85.145.99: bytes=32 time=22ms TTL=51
Ping statistics for 209.85.145.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
A ping to the outside world first attempts on 10.0.0.x/24 network, then on 10.0.1.x/24 network and then finally on the network the traffic should go over. I don't want my iSCSI traffic to ever show up with a default route. How do I get rid of it?
route delete 0.0.0.0 mask 0.0.0.0 "on-link" results in: The route deletion failed: The parameter is incorrect.
route delete 0.0.0.0 mask 0.0.0.0 on-link results in: The route deletion failed: The parameter is incorrect.
route delete 0.0.0.0 deletes all default routes, then I have to add back in the "valid default route" of 192.168.100.6.
I would like to not have to do a route delete though.So I've sort of given up on fixing the gateway assignment in the route for iSCSI boot. I configured a DHCP server to give out the information required by iSCSI boot and configured the network cards to use DHCP for their configuration. I insured
that my DHCP server gave out no default gateway entry. However, I still got the undesired routes in the routing table. This makes me assume that there isn't a "fix" for it, only the workaround.
Here is the script I run on each iSCSI Boot initiator (you would obviously change the ip number to suit your environment):
@Echo off
Rem fixes iscsi route problem as shown below:
Rem IPv4 Route Table
REM ===========================================================================
REM Active Routes:
REM Network Destination Netmask Gateway Interface Metric
REM 0.0.0.0 0.0.0.0 On-link 10.0.0.200 10255
REM 0.0.0.0 0.0.0.0 On-link 10.0.1.200 266
REM 0.0.0.0 0.0.0.0 192.168.100.6 192.168.100.98 266
REM The top 2 lines are on the iscsi interface and traffic tries to go out it
REM We need to delete the routes, so we'll just delete all gateway routes and
REM add back in the one we care about.
route delete 0.0.0.0 >c:\iscsibootroutefix.log
route -p add 0.0.0.0 mask 0.0.0.0 192.168.100.6 >>c:\iscsibootroutefix.log
After running it I get:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.6 192.168.100.98 11
10.0.0.0 255.255.255.0 On-link 10.0.0.200 10255
10.0.0.1 255.255.255.255 On-link 10.0.0.200 10255
10.0.0.200 255.255.255.255 On-link 10.0.0.200 10255
Then I added a task in “task scheduler” of "administrative tools" that ran as the user “system” “when the computer starts” that runs this script. -
ISCSI traffic on wrong subnet/NIC
I have a server running Storage Server 2012 with a "management" port on .2 and the "data port" on .9, same goes for my backup server. However I was just looking at the traffic on the server and I see it's using the .2 NIC. The iSCSI target
for the drive is set to the .9 address so I'm not sure why it's using the wrong one. However when I look at the Portal Groups for that connection in the iSCSI Initiator it's listing both .2 and .9 both with a index of 0.
The backup Server is 2012 not R2.The NAS is a Dell NX3200 and the server is an older Dell PowerEdge 2950 running 2012 (not great but fine for backups).
The .2 which I didn't know is using DHCP but has our normal gateway set, the .9 IP is static and set to 192.168.9.1 which is actually nothing (it's how it was set up when we got our EqualLogic for the VMs that were on the server, the EqualLogic and the NX3200
are both supposed to be using the .9 for Data traffic).
One question about the static route, not quite sure what to put for the destination I know what I'd put if I were routing to another subnet, but not sure in this instance. We're a small company so don't do much with "networking" so I haven't had to
think about this since school about 12 years ago. So if I'm forgetting something please let me know as I think we are getting to the point where I'm going to need to start putting more thought into it. -
I have the following supervisor and Line Card Modules:
Supervisor: WS-X4013+
Line Card: WS-X4448-GB-RJ45
Are the supervisor and line card module capable of supporting ISCSI traffic or will someone recommend to upgrade line cards or purchase a separate Cisco Switch.
Thanks!The fabric and pps ratings for the 3750Gs don't support wire-rate for more than 16 gig ports. (Max performance for 3750G models is 38.7 Mpps and 32 Gbps fabric; for 3750-E it's 101.2 Mpps and 128 Gbps fabric [NB: pps is enough, slightly insufficent fabric bandwidth for 48 port models - similar 4948 offers 102 Mpps, 136 Gbps].)
Another performance limitation of the 3750s (and to lessor extent the 3750-Es) is stack ring bandwidth. As best I can tell, the 32 Gbps is really dual 8 Gbps duplex (dual 16 Gbps duplex for -Es). An important distinction between the original StackWise technology and the later StackWise+, the former puts a copy of all traffic on the stack, the latter suppresses unnecessary unicast. The former also requires the sender to remove the traffic from the stack ring, the latter the destination removes the traffic. (I.e. the "+" technology, really is plus.)
For really, really demanding performance, a stack ring isn't the same as a chassis fabric (e.g. 4500s), and within a single switch, the lower end switch models, they can't always provide wire-rate for all their ports. However, the real question is whether you need this performance in a small shop even though iSCSI is being used.
In other words, its rare to see all ports demanding full bandwidth, so a stack of 48 port 3750Gs migtht work just fine for your customer if the actual need doesn't require more than the device can supply.
In similar situations, I present the customer with such facts. Based on what the expected load is, device "A" might work fine, but it can't guarantee performance beyond a certain level. If customer wants the capability for more performance, for growth or "just to be safe", can do too, here's your options (and extra cost) for that too.
BTW, if SAN devices can support 10gig, then you'll need something better than the 3750G since the model with a single 10gig port has been discontinued. -
Administration port - network channel for admin traffic
I am trying to configure a separate channel for Administration traffic on weblogic. I followed the oracle docos and configured the SSL, domain wide admin port, server listen address, ‘admin’ channel.
The issue is admin traffic in not happening through the newly created channel.
L2 network is not getting used. I can’t see any activity in the monitoring tab of new Channel. Also the netstat is showing that the port 9101/9102 is getting used on the 192.168.100.218 and not on 10.254.252.849.
I also tried by setting up the newly created channel weight as 51, but no luck.
Is JMX connectivity related to admin channel?
Any help is highly appreciated. Thanks.
Ipconfig:
Admin: adminserver701.mycompany.internal, 192.168.100.238, 10.254.252.808
Managed: appserver701.mycompany.internal, :192.168.100.218, 10.254.252.849
Domain wide admin port: 9101
Admin:
Listen address –> adminserver701.mycompany.internal
Channel –> admin -> 10.254.252.808/9101
Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.808:9101
Managed:(appserver701)
Listen address –> appserver701.mycompany.internal
Admin port override: 9102
Channel –> admin -> 10.254.252.849/9102
Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.849:9102
AdminServer Logs:
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613346> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.runtime .>
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613353> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.edit .>
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613367> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.domainruntime .>
####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616699> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.238:9101 for protocols admin, ldaps, https.>
####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616700> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.808:9101 for protocols admin, ldaps, https.>
####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "Default" is now listening on 192.168.100.238:7001 for protocols iiop, t3, ldap, snmp, http.>
####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.238:7002 for protocols iiops, t3s, ldaps, https.>
ManagedServer Logs:
####<Feb 18, 2013 2:54:19 PM EST> <Info> <JMX> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163259911> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://appserver701.mycompany.internal:9102/jndi/weblogic.management.mbeanservers.runtime .>
####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.849:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.218:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.218:7102 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "Default" is now listening on 192.168.100.218:7101 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
AdminServer logs update while starting managed:
####<Feb 18, 2013 2:54:57 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-0000000000000162> <1361163297488> <BEA-149506> <Established JMX Connectivity with adp_ms01 at the JMX Service URL of service: jmx:admin://appserver701.mycompany.internal:9102 /jndi/weblogic.management.mbeanservers.runtime.>
Admin Server :
[oracle@adminserver701 bin]$ netstat -an | grep 9101
tcp 0 0 10.254.252.808:9101 0.0.0.0:* LISTEN
tcp 0 0 192.168.100.238:9101 0.0.0.0:* LISTEN
tcp 0 0 192.168.100.238:9101 192.168.100.218:59038 ESTABLISHED
I am wondering if the JMX connectivity is using the server listen address (adminserver701.mycompany.internal) which will by default resolve to 192.168.100.238. Is there a way to force JMX to use 10.254.252.808?Hi
For first question the answer is no. With the administration port, you enable the SSL between the admin server and Node manager-managed Servers. You can still use the web console.
For teh second question, you can use ANT or can use the WLS Scripting ..you can get more details in dev2dev.bea.com
Jin -
No more multipath-tools (for iscsi) in arch? Alternative?
Hi,
I wonder is there any alternative to multipath for iscsi available?
Is there absolutely no multipath in arch anymore?
Thank you!Thank you!
I just saw that multipath-tools wasn't orphaned anymore. -
Which is prioritized for multicast traffic if FastSwitching and CEF is enable?
Hello
Here is the related configuration and output of show command below,
In my understanding, there are 3 swtching mode, CPU, fast-swthing and CEF swthing,
But if FastSwthing and CEF swithing are enable both, then which swithing mode is prioritized for mutlicast traffic?
interface Vlan302
ip address 10.0.20.1 255.255.255.0
3750X#sh ip int vlan 302
Vlan302 is down, line protocol is down
Internet address is 10.0.20.1/24
Broadcast address is 255.255.255.255
*omit
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is enabled
IP route-cache flags are Fast, CEF
*omit
interface Vlan301
ip address 10.0.10.1 255.255.255.0
no ip mroute-cache
3750X#sh ip int vlan 301
Vlan301 is down, line protocol is down
Internet address is 10.0.10.1/24
Broadcast address is 255.255.255.255
*omit
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF, No Distributed
*omit
Product : Cat3750X
IOS version : 15.0(2)SE5
Best Regards,
Masanobu HiyoshiDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I'm not 100% certain, but I believe FastSwitching and CEF switching apply to unicast, not multicast. Your "IP mroute-cache" command enables/disables fast multicast switching.
On a 3750, switching should be hardware based, for unicast and multicast, unless TCAM resources are insufficient. If hardware switching falls back to non-hardware switching, you'll likely find process vs. Fast vs. CEF vs. multicast doesn't matter, all too slow. -
Cisco ASA 5505, Software 8.0(3)
ASA IP: xxx.xxx.xxx.yy4/29
This is part of my ASA config that ensures PAT for incomming SMTP traffic:
access-list acl_inbound_outside extended permit tcp any host xxx.xxx.xxx.yy7 eq smtp
nat-control
global (outside) 1 interface
nat (inside) 0 access-list acl_no_nat_inside
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp xxx.xxx.xxx.yy7 ftp 172.27.1.1 smtp netmask 255.255.255.255
access-group acl_inbound_outside in interface outside
This ensures SMTP traffic to xxx.xxx.xxx.yy7 reach my SMTP server.
But outgoing SMTP traffic is from xxx.xxx.xxx.yy4 (WAN IP of ASA).
How can I set up that ONLY SMTP traffic from 172.27.1.1 is PATed behind IP xxx.xxx.xxx.yy7 and other traffic from 172.27.1.1 will be NATed to
xxx.xxx.xxx.yy4?Hi,
It seems that there is either a typo or mistake in the configuration above.
You are forwarding "ftp" port to "smtp" port
Shouldnt it be
static (inside,outside) tcp xxx.xxx.xxx.yy7 smtp 172.27.1.1 smtp netmask 255.255.255.255
So in addition to forwarding the "smtp" port you also want all outgoing "smtp" traffic from this single host/server to use the public IP address xxx.xxx.xxx.yy7
Then you can configure this
access-list SMTP-POLICYPAT remark Policy PAT for SMTP traffic
access-list SMTP-POLICYPAT permit tcp host 172.27.1.1 any eq smtp
global (outside) 25 xxx.xxx.xxx.yy7
nat (inside) 25 access-list SMTP-POLICYPAT
Hope this helps
Please do remember to mark the reply as the correct answer if it answered your question.
- Jouni -
How do I do the following so I can get into my chess program??
The access to our new chess hall may be blocked by your
local firewall. You would need to reconfigure your firewall to open port 15010
for TCP traffic.This is not really Firefox related.
What you need to do here is to read the firewall manual which usually explains how to create a rule for what you want to do.
If you're using the Windows XP firewall, see this Microsoft article: http://windows.microsoft.com/en-US/windows-vista/Firewall-frequently-asked-questions -
Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
keyring ISR_Keyring
self-identity user-fqdn [email protected]
match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overloadHow does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post. -
Which network is Oracle using for RAC traffic ? where you will get info ? ?
Hi,
I am using two node RAC on Oracle 10g R2 (10.2.0.3.0) version on SUN Solaris 10 . I want to know "Which network is Oracle using for RAC traffic ? where you will get info "
--KumarHi Kumar,
In 10g, you can query x$ksxpia. If the cluster_interconnect information is stored in OCR (default), you will get
SQL> select INST_ID,PUB_KSXPIA,PICKED_KSXPIA, NAME_KSXPIA,IP_KSXPIA from x$ksxpia;
If you specified the cluster_interconnects parameter in your init.ora:
Columns to look in : INST_ID P PICK NAME_KSXPIA IP_KSXPIA
And also you can use 'oradebug ipc' to see which interconnects the database is using:
SQL> oradebug setmypid
SQL> oradebug ipc
Hope it helps...
Thanks
LaserSoft -
Cascade Catalyst 3560 switch for loaded traffic
I have a layer 3 Catalyst switch 3560 with 24 FE interfaces.
I need to pump traffic from traffic generator into port 1 and propagate it to other ports; the last port will be connected back to the traffic generator.
I suppose that I need to cascade some of the switchports but how do I configure the catalyst switch for this setup? Is it making use of routed port and static routing?Hi Ankur,
Thanks for the reply.
The traffic generator are layer 3 interfaces which I can assign IP address.
You mentioned that I do not need any routing, but I require traffic coming from the traffic generator(e.g FE1) going into switchport 1 to traverse through the rest of the switchports before exiting from the last switchport back to the traffic generator(e.g FE2). Therefore, I need advice on how to setup the catalyst switch to achieve this.If I assign ip address for this traffic to end at the traffic generator-FE2, the generated traffic will enter the switch at switchport 1 and directly exit from the last switchport without any traversing done. Btw, do I need to cascade my switch with cross cable in this aspect?
Thanks in advance for your advice.
Regards,
Raymond -
ACE Normalization for SMTP Traffic
Hi,
I was facing issue with the ACE normalization and that was stopping my SMTP traffic. When i disabled it globally my SMTP traffic is working fine. But due to the audit i cannot disabled it for all the traffic. I want to disabled the normalization only for the SMTP por 25 traffic.
I am trying to create the L4 policy as mention below but unable to set the partameter require for to disable the normalization.
class-map match-any SMTP_CLASS
match port tcp eq 25
parameter-map type connection TCP_SMTP_MAP
no random-sequence-number
exceed-mss allow
policy-map multi-match TCP_SMTP_POLICY
What else i need to reacll in parameter-map in order to disable the normalization for SMTP traffic.
Pleae help.Hi,
I have attached the capture when normalization was enabled (not working) and capture when normalization was disabled.
Please review and let me know how to achive this by fine tunning the parameters.
We are seeing lot of tcp retransmission error etc.
I have done some research and normalization deals with the following below mentoin parameters.
exceed-mss-----Configure behavior if a packet exceeds MSS
random-seq-num-disable----Disable TCP sequence number randomization
reserved-bits-----Configure Reserved bits in TCP header
syn-data-----Configure behavior for a SYN packet containing data
tcp-options-----Configure TCP header options
urgent-flag-----Allow/Clear Urgent flag
Maybe you are looking for
-
How do I select/change the status of my post/reply?
Hello, I'm fairly new to the forum and I'm finding it challenging to figure out how to use all the features in a straight forward manner. For instance, I've noticed on my recent reply to one of my post questions that the status automatically showed
-
Got a new Macbook Pro itunes music was all there. Suddenly it is not and my library is probably about 1/4 of what it was.....where did the music go and how do I get it back?
-
Is there a way to get a PDF into my iPad keynote?
Is it possible?
-
Cannot see my fiance's library but she can see mine. Checked all appropriate boxes to share entire library. Help syays to check under Shared which does not even appear anywhere. It also said to check the "Look for share libraries" under shared pan
-
Burns correct song, but wrong file name
I have been burning a song of mine. After the song is finished burning I click on the cd icon and when it opens it shows a name of a different song. When I play the cd it plays the correct song-the one I burned! The name it labels it with is a drum t