Keeping an eye on Router Traffic

Hi all.........
I have the HH 2, the black one.
I have 2 laptops, a Wii, a DSI and an Ipod that are connected wirelessly at various times to the HH for Internet access, downloads etc etc.....
How can I keep an eye on my total usage through the HH. I don't want to exceed my 10GB a month allowance, or at least know what my traffic is so that I can upgrade my allowance......
I have tried the BT Broadband Desktop Help program but can't see an obvious link on it.....
Many thanks
Solved!
Go to Solution.

 is a usage monitor - if you go to BT.com and then 'my account' there is a usage monitor showing usage up to midnight day before and is reset monthly
the hub loses the figures if reset
If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

Similar Messages

  • Possible to Route Traffic Based on AVC?

    Is it possible to route traffic, based on the Application Visibility Control functions that specific Cisco routers are capable of?  Here's my issue:  I have two ISP's.  One is at about 120% utilization.  The other isn't doing anything.  I can specify ip routes based on IP addresses.  For instance, I can ip route 173.252.110.27 255.255.255.255 10.x.x.x to point to our ISP2 firewall, which is our non-utilized provider, for Facebook traffic.  The problem is that sites like this have massive public subnets, so I won't be able to capture all of the traffic destined to Facebook.  Is there a way to route traffic based on application?  I know that Palo Alto firewalls have a way to do Policy Based Forwarding, based on application.  I was wondering if the same was possible with AVC.  Thanks for any help.

    Hello.
    Yes, it's possible and, actually, you have 2 ways.
    1. use manual load-balanace between links.
    2. use PfR to load-balance traffic automatically.
    PS: you also will need NAT with route-map.

  • Route Traffic to down a specfic link

    I need to route traffic that is sourced from 10.1.50.0 network down link 1. Currently all traffic goes down Link 2. I want all traffic except 10.1.50.0 network to still use Link 2 as primary. What would be the best approach a static route for the 10.1.50.0 network or some type of policy map or something else? Thanks for the help

    Thanks for the reply. I created the access list and policy map from above but can not put the policy map on the VLAN interface. The commands are there but when I verify by looking at the interface it is not there. It is a 3750 G with IPSERVICES IOS. Any ideas? Thanks
    Standard IP access list 50
    10 permit 10.2.50.0, wildcard bits 0.0.0.255 log
    sh route-map
    route-map **VLAN250**, permit, sequence 10
      Match clauses:
        ip address (access-lists): 50
      Set clauses:
        interface GigabitEthernet2/0/1
      Policy routing matches: 0 packets, 0 bytes

  • HT5622 i am getting iphones for my kids how should i set them up re: new apple ids or use mine? so i can keep an eye on them

    I plan on getting my kids i phone 4s how should i set them up should i use my apple id or create new ones how do i keep an eye on them etc
    thank you

    No it's not stealing. They have an allowance that you can share with so many computers/devices. You'll have to authorize her computer to play/use anything bought on your acct. You can do this under the Store menu at top when iTunes is open on her computer.
    As far as getting it all on her computer....I think but I am not sure (because I don't use the feature) but I think if you turn on Home Sharing in iTunes it may copy the music to her computer. I don't know maybe it just streams it. If nothing else you can sign into your acct on her computer and download it all to her computer from the cloud. Not sure exactly how to go about that, I haven't had to do that yet. I wonder if once you authorize her computer and then set it up for automatic downloads (under Edit>Preferences>Store) if everything would download. Sorry I'm not much help on that.

  • Any software by which I can keep an eye on my daug...

    Hi All,
    Is there any way or any software by which I can keep an eye on my daughter mobile (nokia lumia 520) for:
    SMS, Whtsapp, sms, call details and GPS Location as she is going to hostel for studies?
    Lorenz 

    What feature you going to get faster? Ya we too have faster...
    Notifications? We too have notifs
    minimize? Ya we too can minimize
    but standby is not increased in latest and even ram
    many apps bluetoothftp, alchemyos, jmp3tag, here and now and many apps doesn't support 500 but it supports 311... Even i have screenshot embeder,Handler setting embeder

  • ASA 5510 Not able to route traffic between 2 LAN interfaces

    Hi everybody,
    I need help to enable traffic between two physical ports on my Cisco ASA 5510. I created access rules and NAT but traffic doe not go from accounting interface to Inside. I am able to access internet from both interfaces. Can someone pin point me in the right direction since I am not an expert in Cisco but has to finish this by the end of the week.
    Thank you,
    Sigor
    Here is my configuration:
    ASA Version 8.2(2)
    hostname Cisco
    domain-name xxx.com
    names
    interface Ethernet0/0
     description Outside
     nameif Outside
     security-level 0
     ip address 101.101.101.101 255.255.240.0
    interface Ethernet0/1
     description Inside Network
     nameif Inside
     security-level 90
     ip address 192.168.10.1 255.255.255.0
    interface Ethernet0/2
     description Accounting
     nameif Accounting
     security-level 100
     ip address 20.0.1.1 255.255.255.0
    interface Ethernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    interface Management0/0
     nameif management
     security-level 100
     ip address 192.168.1.1 255.255.255.0
     management-only
    ftp mode passive
    clock timezone EST -5
    dns domain-lookup Outside
    dns server-group DefaultDNS
     name-server 8.8.8.8
     domain-name xxx.com
    same-security-traffic permit inter-interface
    object-group service Port-10000 tcp
     port-object eq 10000
    object-group service Port-8080 tcp
     port-object eq 8080
    object-group service Port-8011 tcp
     port-object eq 8011
    object-group service DM_INLINE_TCP_1 tcp
     group-object Port-8080
     port-object eq www
     group-object Port-8011
    object-group service DM_INLINE_TCP_2 tcp
     group-object Port-10000
     port-object eq https
     port-object eq www
    object-group service rdp tcp
     port-object eq 3389
    object-group service DM_INLINE_TCP_3 tcp
     group-object rdp
     port-object eq ftp
    object-group service DM_INLINE_TCP_4 tcp
     group-object Port-10000
     port-object eq www
     port-object eq https
     port-object eq ssh
    object-group service DM_INLINE_TCP_5 tcp
     group-object Port-8011
     group-object Port-8080
     port-object eq www
    object-group service DM_INLINE_TCP_6 tcp
     group-object Port-10000
     port-object eq www
     port-object eq https
    object-group service DM_INLINE_TCP_7 tcp
     group-object rdp
     port-object eq ftp
    access-list Outside_access_in extended permit tcp any host 101.101.101.104 object-group DM_INLINE_TCP_5
    access-list Outside_access_in extended permit tcp any host 101.101.101.102 object-group DM_INLINE_TCP_6
    access-list Outside_access_in extended permit tcp any host 101.101.101.103 object-group DM_INLINE_TCP_7
    access-list Outside_access_in extended permit tcp any host 101.101.101.106 eq smtp                                                              
    access-list Outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.80.0 255.255.255.0
    access-list CiscoIPsec_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0                                                                
    access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 192.168.10.0 255.255.255.0
    access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 any
    pager lines 24
    logging asdm informational
    mtu Outside 1500
    mtu Inside 1500
    mtu Accounting 1500
    mtu management 1500
    ip local pool IPSecDHCP 192.168.80.100-192.168.80.200 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (Outside) 1 interface
    nat (Inside) 0 access-list Inside_nat0_outbound
    nat (Inside) 1 0.0.0.0 0.0.0.0
    nat (Accounting) 1 0.0.0.0 0.0.0.0
    static (Inside,Outside) tcp 101.101.101.104 www 192.168.10.14 www netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.104 8011 192.168.10.14 8011 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.104 8080 192.168.10.14 8080 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.102 10000 192.168.10.3 10000 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.102 https 192.168.10.3 https netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.102 www 192.168.10.3 www netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.103 ftp 192.168.10.17 ftp netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.103 3389 192.168.10.32 3389 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.106 smtp 192.168.10.23 smtp netmask 255.255.255.255
    static (Inside,Accounting) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
    access-group Outside_access_in in interface Outside
    access-group Accounting in interface Accounting
    route Outside 0.0.0.0 0.0.0.0 101.101.101.101 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 management
    http 192.168.10.0 255.255.255.0 Inside
    http 20.0.1.0 255.255.255.0 Accounting
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 32608000
    crypto ipsec security-association replay disable
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256
    -SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
    crypto map Outside_map 1 match address Outside_1_cryptomap
    crypto map Outside_map 1 set pfs group1
    crypto map Outside_map 1 set peer 89.216.17.35
    crypto map Outside_map 1 set transform-set ESP-3DES-SHA
    crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map Outside_map interface Outside
    crypto isakmp enable Outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    telnet timeout 5
    ssh 192.168.10.0 255.255.255.0 Inside
    ssh timeout 5
    console timeout 0
    dhcpd address 20.0.1.100-20.0.1.200 Accounting
    dhcpd dns 192.168.10.19 8.8.8.8 interface Accounting
    dhcpd lease 306800 interface Accounting
    dhcpd domain abtscs.com interface Accounting
    dhcpd enable Accounting
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd enable management
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy CiscoIPsec internal
    group-policy CiscoIPsec attributes
     dns-server value 192.168.10.30 192.168.10.19
     vpn-tunnel-protocol IPSec
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value CiscoIPsec_splitTunnelAcl
     default-domain value xxx.com
     vpn-group-policy CiscoIPsec
    tunnel-group 198.226.20.35 type ipsec-l2l
    tunnel-group 198.226.20.35 ipsec-attributes
     pre-shared-key *****
    tunnel-group CiscoIPsec type remote-access
    tunnel-group CiscoIPsec general-attributes
     address-pool IPSecDHCP
     default-group-policy CiscoIPsec
    tunnel-group CiscoIPsec ipsec-attributes
     pre-shared-key *****
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:2a7c97a7a22397908ef83ca6f0065919
    : end

    Without diving too deep into your config, I noticed a couple of things:
    interface Ethernet0/1
     description Inside Network
     nameif Inside
     security-level 90
     ip address 192.168.10.1 255.255.255.0
    interface Ethernet0/2
     description Accounting
     nameif Accounting
     security-level 100
     ip address 20.0.1.1 255.255.255.0
    On an ASA, higher security level interfaces are always allowed, by default, to lower security levels, but not the other way around. So, if you want to keep this config, you would need an acl on the Inside interface to allow traffic to go from level 90 to 100:
    access-list Inside permit ip any any
    access-group Inside in interface Inside
    The acl will permit the traffic into either interface (outside or Accounting). As long as you have your other rules set up correctly, this should resolve your issue...
    HTH,
    John

  • Unknown network traffic / router traffic monitoring

    So I got a new PC with windows 7 on it, and I installed this gadget that monitors network traffic, and it shows a lot of traffic that my local PC isn't showing, so I am thinking there is something running on the LAN that I can't see. I was looking to find a live, better program to monitor the actiontec router, for traffic. anyone know of anything that can maybe show me who is using all the bandwidth on my network?
    i have found software for Linksys, but nothing for the Actiontec.
    Thanks,
    Quasimodem
    Fios in Florida
    Solved!
    Go to Solution.

    Keep in mind that when looking at Wireshark (sniffer) software there are different types of traffic:
    Unicast
    Broadcast
    Multicast
    Unicast is traffic between two devices.  You will see the traffic between the PC with wireshark and another device on your local network such as a printer, another PC or the Router.  You should not see traffic between another PC and the Internet for example.  Using a phone as an example some calls you and the conversation is between you and the person on the other end of the phone.  This is unicast traffic.  Using defaults of the actiontec, IP address seen will be 192.168.1.1 for the router and 192.168.1.2-99 for devices on your network.  If you have the TV service, 192.168.1.100-1xx is used for the cable boxes.
    Broadcast traffic is traffic sent to all devices.  Its not directed toward a particular PC but rather usually looking for information.  In a sniffer trace you will see broadcast traffic. Going back to the phone example, someone makes an announcement on an overhead intercom system that is broadcast traffic.  Broadcast traffic will be seen as 192.168.255.255
    Multicast traffic is traffic from one device for many devices.  Usually used in video feeds.   Using the phone system as an example someone wishes to tell a group of people something so instead of calling each person up and telling them each person who wants the information joins a conference bridge.  Anyone is allowed to listen but only those that wish to get the information receive it.  Generally how multicast works.  Multicast traffic will be seen as IP address 224.x.x.x or something of the sorts where the address will be 2xx.x.x.x.  
    I hope this makes sense.  Probably more information than you needed but at least it will help you understand what wireshark is telling you.

  • How to route traffic across subnets when one NIC is a hyper-V virtual switch?

    Having a bit of a problem with a hyper-V environment which does not seem to route network traffic on two different subnets between each other.
    If it were a purely physical server with two NICs and a gateway set traffic would automatically be forwarded between the two different subnets.
    However when one of those NICs is a hyper-V virtual switch this simple routing no-longer seems to work and no traffic gets forwarded between subnets?
    Situation is:
    Hyper-V server with two NICs
    NIC 1 = 192.168.0/24 - main Internal company network.
    NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router
    Virtualized Domain Controller.
    One or two virtualiszed NICs as necessary
    How then does traffic get routed between these two subnets?  If RRAS has to be configured to do this where is the best place to do it, on the hyper-V host or on the virtualized domain controller?
    Thanks,

    Hi ,
    You can create an internal virtual switch and configure an IP for it (I assume it is 192.168.1.2/24) .
    After you enable RRAS in hyper-v host  there will be two gateways for different subnets  .
    " NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router "
    The problem is here ,if  these VMs need to access internet .
    So , these VMs can not configure their gateway same as the IP of internal virtual switch , you may set VM's gateway as the ADSL internet router's IP meanwhile add a static route entry for every VM .
    Please refer to the Syntax :
    route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.2
    Hope this helps
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Need to route traffic based on destination to 2 different routers

    I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
    The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
    I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
    The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
    I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
    I am sure I am just missing something silly.
    Here are the relevant portions of the config:
    interface GigabitEthernet0/0/1
     ip address 172.31.0.20 255.255.254.0
     ip nat inside
     ip policy route-map Test
     negotiation auto
     vrrp 1 ip 172.31.0.1
     vrrp 1 priority 105
    interface GigabitEthernet0/0/1.2
     encapsulation dot1Q 2
     ip address 10.10.48.12 255.255.255.224
     ip nat inside
     ip access-group 199 in
     vrrp 1 ip 10.10.48.3
     vrrp 1 priority 105
     vrrp 2 priority 105
     no cdp enable
    ip route 0.0.0.0 0.0.0.0 10.10.48.1
    ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
    access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
    access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
    access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
    route-map Test permit 19
     match ip address 116
     continue 20
     set ip next-hop 172.31.1.3
    route-map Test1 permit 20
     set ip next-hop 10.10.48.15
    Thanks in advance.
    Burton Hallman

    Firstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
    That aside in terms of your PBR -
    1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
    2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
    Jon

  • WRE54G Cannot route traffic

    Hi all,
    My WRE54G version 2 cannot route the WIFI traffic to my Belkin router after setup. The setup was made by connecting the WRE54G directly to Belkin router with the following configurations with the Web configuration tool in WRE54G.
    WRE54G
    Name: Linksys WRE54G
    IP address: 192.168.1.150
    Subnet Mask: 255.255.255.0
    Gateway: 192.168.1.1
    Mode: Mixed
    Channel: 10
    SSID: 54Home
    Wireless Security: Enable
    Belkin Router
    IP Address: 192.168.1.1
    Subnet Mask: 255.255.255.0
    DHCP Address range: 192.168.1.2 - 192.168.1.100
    Mode: Mixed
    SSID: 54Home
    WEP setting of both Belkin router and WRE54G are the same.
    Both the link and activity LED on the WRE54G are Lighted in blue.
    When connecting WRE54G with UTP wire, I can ping the WRE54G with my notebook with wired connection with Belkin, and I can use the web interface configure the WRE54G. When removing the wire to WRE54G, the notebook cannot ping the WRE54G.
    When I test the WRE54G with wireless connection, my notebook cannot get an IP address and it needs to manually assign one. After using the manual IP, the notebook can reach the WRE54G, but not the Belkin Router, nor any connection to the internet.
    However, if I disable the wireless network of the notebook and connect it directly to the router with UTP wire, the router is working fine. I switch off the WRE54G, change the notebook to DHCP, it connect back to the Belkin router and internet contivity is also fine.
    It seems that the WRE54G did not talk to Belkin on the WIFI traffic. Are there anyone encountered the same problem, and have the solutions?
    Thanks in advance
    Davis

    Make sure that wireless settings are same as in wireless router also check the Ip settings in the range extender ... it should be in the range of the router .... If all settings working fine .... & still you are not able to ping the Range Extender when wireless .... Disable the firewall on the laptop for few seconds .... try to ping the Range Extender .... if not ... in such case ... upgrade the firmware of the range Extender ...after upgrade ... reset & reconfigure the router ...

  • 1 server, 2 networks how to route traffic to both

    Hi i have NW65SP7
    what i'm trying to do is
    1. to have users come in thru the data network (192.168.0.0) and the traffic
    go back out thru the default gateway (192.168.0.1) and
    2. i want LDAP traffic to go in thru the other network (10.1.0.0) and
    backout thru the same networks gateway (10.1.0.1).
    1. works fine and all seems to go up and down the right network, however 2.
    comes down 10.1.0.0 and backout thru the default gateway on 192.168.0.1. I
    don't\can't have this as the firewall rejects the packet as the source and
    destination networks are different ie. the fw sees the packet come in thru
    10.1.0.0 but when the server sends it back out thru 192.168.0.0 the firewall
    rightly drops it
    How do i get 2. to work as i want, can this even be done on NW.
    What i've done so far is
    a. enabled Static Routing
    b. created a default route (192.168.0.1) with a metric of 2
    c. created a network route for 10.1.0.0 (10.1.0.1) with a metric of 1

    "Thorsten Kampe" <[email protected]> wrote in message
    news:[email protected]...
    >* Steven Lim (Mon, 08 Dec 2008 01:57:27 GMT)>
    >> ok i'll try again but i thought that i did expalin it so i'm not sure how
    >> my
    >> second attempt will go ;)
    >
    > Is the NetWare server the router? Which addresses do the server's
    > interfaces have? Which default gateway do the hosts in the network have?
    > Any static routes?
    No the netware server is not the router
    The server has 1 interface but two vlans trunked to the one interface, each
    vlan has a separate IP. I can ping each IP on each of the trunked vlans
    fine. I'm using Broadcom Q57 NICS and the QASP\BASP advanced driver to
    support the trunked vlans. Don't let that confuse the issue though..it's
    basically the same as having two nic interfaces connected to two seperate
    networks in this case lets say 192.168.0.10 and 10.0.0.10
    Just so we're on the same page, we have a very large routed network with
    over 250 subnetworks with 4 10G interconnected core routers each with a 10G
    distribution routers, buildings\user\server networks hang of the
    distribution routers . Client machines are distributed accross the network
    and are not on the same vlan\subnet as the servers.
    A server on 192.168.0.0 will have a default gateway of 192.168.0.1 and
    servers on 10.0.0.0 will have a default gateway of 10.0.0.1 there are no
    clients machines on these subnets....btw we don't really have a 192.168.0.0
    network..i'm just using this as an example.
    The NW server has 1 static route configured as the default gateway on
    192.168.0.1...and i've been trying to work out how to configure another
    static route to make sure that all incoming and outgoing traffic for
    10.0.0.0 stays on 10.0.0.0 or whatever else i need to do to get it working
    >> i have two networks 192.168.0.0 and 10.0.0.0
    >>
    >> 1. I want all traffic that originates from 192.168.0.0 to go back thru
    >> the
    >> 192.168.0.0 gateway on 192.168.0.1 (currently the default gateway
    >> configured
    >> in inetcfg static routing table).
    >
    > In case the NetWare server is the router you only have to enable routing
    > - the server's default gateway is completely irrelevant for that. Of
    > course the hosts in the networks have to have the router as the default
    > gateway (or a static route).
    Clients are fine, lets say that they are on 192.168.1.0 to 192.168.255.0 and
    they have default gateways on their subnets the go thru x.x.x.1 (eg.a
    192.168.1.0 machine will have a default gateway of 192.168.1.1 and a
    192.168.2.0 machine will have a default gateway of 192.168.2.1 etc)
    >> 2. I want all ldap traffic, in my case this will be ldap port 389 and
    >> 636,
    >> that originates from network 10.0.0.0 to go back thru the gateway
    >> 10.0.0.1.
    >
    > Routing is not (application) protocol specific. You can either route all
    > IP packets or none a certain route. Please have a look at the routing
    > table of your computer to see what I mean.
    Yes i understand that routing is not application\protocol specific
    When you say "have a look at the routing table" i assume you mean the
    netware server....i've done that using TCPCON..i can see the issue..just not
    sure how to get it to do what i want
    > Also what you might want is called source routing[1] and this is mostly
    > blocked because it opens a huuuuge security hole.
    >
    >> This is required because the firewall requires that if a response is
    > to go
    >> out to a client then then it must go out over the same network that it
    >> originated from. This is the part that's not currently working. At the
    >> moment the query comes in from 10.0.0.0 and the response tries to goes
    >> out
    >> via the deafult gateway on 192.168.0.1 the firewall blocks the outgoing
    >> traffic....basic stuff!!!
    >
    > I wonder where and how you put that firewall if you have only two
    > subnets and one router. Is this Bordermanager on the NetWare server?
    See above re. the network...the firewall\s are blades within the core
    routers and support virtual firewalls that can be applied to any part of the
    distribution\access layer of the network.
    Does that make any more sense???
    > Thorsten
    > [1] http://en.wikipedia.org/wiki/Source_routing

  • Policy based routing on VRF interfaces to route traffic through TE Tunnel

    Hi All,
    Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
    The tunnel is already build up with these below config
    interface Tunnel25
    ip unnumbered Loopback0
    tunnel destination 10.250.16.250
    tunnel mode mpls traffic-eng
    tunnel mpls traffic-eng path-option 10 explicit name test
    ip explicit-path name test enable
    next-address x.x.x.x
    next-address y.y.y.y
    router ospf 1
    mpls traffic-eng router-id Loopback0
    mpls traffic-eng area 0
    mpls traffic-eng tunnels
    nterface GigabitEthernet5/2
    mpls traffic-eng tunnels
    mpls ip
    Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
    We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
    Any help would be really appreciated
    Thanks
    Regards
    Anantha Subramanian Natarajan

    hi Anantha!
    I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
    But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
    So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
    You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
    For your second question, the answer would be easy :
    If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
    If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
    Regards,
    Niranjan

  • VRF-Lite on one 6509; How to route traffic from global to VRF.

    To anyone that can lead me in the right direction:
    I have a 6509 switch with IOS " s3223-adventerprise_wan-mz.122-33.SXJ2.bin"  on it. I am running VRF-lite on it and would like to route some subnets from the global route table to the VRF route table. How can I do this and stay on the same physical switch.  I am using EIGRP for the global network and route table and static routing within the the VRF.  Any suggestions or recommendations?  Thanks in advance for your help in this matter...

    Hello,
    You need to use (Static route) in both directions, One Static in the VRF table points to the Global interface, and another one in the Global point to the VRF interface for the recieved traffic. After that, you Can Redistribute the Global Static route into Eigrp for end-to-end connectivity!
    Example:
    Consider you have 2 interfaces in your Core SW-6509: One is G0/1 and the other is G0/2
    G0/1 is placed into the Global table , and G0/2 is part of VRF (X)
    interface G0/1
    IP address 1.1.1.1 255.255.255.0
    inteface G0/2
    ip vrf forwarding X
    ip address 2.2.2.2 255.255.255.0
    Consider Subnet Y.Y.Y.Y in the Global and you want to have it accessible from the VRF!
    configure this:  (ip route vrf X  y.y.y.y y.y.y.y.y G0/1 Global)
    Configure also this for the return traffic from the Global table: (ip route 2.2.2.2 z.z.z.z G0/2)
    You Can then redistribute the Global static into the Eigrp as below:
    router Eigrp 1
    no auto summary
    redistribute static metric 1.1.1.1.1
    HTH
    Mohamed

  • Route traffic

    Hi All,
    we have three sites at mumbai, pune , delhi.
    A site to site tunnel  is created between mumbai and pune.
    and tunnel between mumbai and delhi.
    We donot have tunnel between delhi and pune.
    Is it possible to route the traffic of delhi from mumbai site to pune site.
    The problem is we donot to  create site to site between delhi and pune.

    Hi Jcavaraj,
    Just consider the scenario three site a, b, c.
    a---10.0.0.0/24 net
    b----20.0.0.0/24 net
    c-----30.0.0.0/24 net
    there is  site to site tunnel is created between a to b and a to c. no tunnel between b to c,
    Now the requirement is 20 network should access 30 network
    Please find the access-list below
    on site a
    access-list outside_2_crypto extended permit ip 10.0.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0
    accss-list   outside_2_crypto extended permit ip 10.0.0.0 255.255.255.255.0 30.0.0.0 255.255.255.0
    same-security-traffic permit intra-interface
    on site b
    access-list outside_4_crypto extended permit ip 20.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0
    access-list outside_4_crypto extended permit ip  20.0.0.0 255.255.255.0 30.0.0.0 255.255.255.0
    same-security-traffic permit intra-interface
    on site c
    access-list outside_3_crypto extended permit ip 30.0.0.0 255.255.255.0 10.0.0.0 255.255..255.0
    access-list outside_3_crypto extended permit ip 30.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0
    same-security-traffic permit intra-interface.
    Is the configuration right ? Please let me know

  • Using Xserve to route traffic between LANs

    A couple of years ago Camelot posted a response on how to set up an Xserve to route network traffic between the Xserve's internal NICs (http://discussions.apple.com/thread.jspa?threadID=1193839&tstart=127). In that situation, both LANs were 192.168.x.x. Can this same technique be used where one LAN is 192.168.x.x and the other LAN is 172.16.x.x or do the first two octets have to be the same for this to work? Addresses on the 172.16 are dished out from a Cisco PIX501 which I don't control. The Xserve has a fixed IP of 172.16.128.241 (DHCP with manual address) on en0. The 192.168 LAN is on en1 and the XServe does the DHCP for that side. NAT is on with IP forwarding. I can get to systems on the 172.16 LAN from the 192.168 LAN but not vice versa.
    Xserve is running Server 10.5.4

    Can this same technique be used where one LAN is 192.168.x.x and the other LAN is 172.16.x.x or do the first two octets have to be the same for this to work?
    You can route between any connected networks. There doesn't have to be any common elements in the IP address subnets.
    I can get to systems on the 172.16 LAN from the 192.168 LAN but not vice versa.
    You say you're running NAT on this system. NAT is not needed (or, in fact, desired) since it's designed for one way traffic (e.g. traffic from LAN 1 is translated to an address in LAN2 before forwarding). To have traffic flow the other way you need to setup port forwarding, which isn't practical for a large number of machines.
    My earlier suggestion doesn't suggest enabling NAT at all, just IP Forwarding. IP Forwarding should work both ways provided the relevant devices in each LAN know where to route the traffic (e.g. devices in the 192.168.x.x LAN need to have a route that sends traffic for 172.16.x.x to the 192.168.x.x address of the XServe).

Maybe you are looking for

  • After hard drive replacement, iTunes points to wrong drive

    I have my iTunes media on an external drive, and the drive failed. Luckily I had a backup, and I also had a spare drive to replace the bad one with. So I set up the replacement drive on my Mac Mini, naming it the same as the old drive (iTunes Library

  • Help needed with hardcoding

    Hi, please could you help with my problem. im currently reading a file into an array. instead of hardcoding the filename e.g. public class result {      public static void main(String[] args)throws Exception {           String scoreInfo;           in

  • Cannot publish to .Mac

    Whenever I try to publish my new (updated) sites to .Mac I get an error message. (problem publishing file) I tried to publish again and again (at least five times), and I always get the same error message, but each time with a different file! I had t

  • Itunes shows exclaimation point

    Can someone please tell me how I can access a song that has been purchased, shows up in my library but has an exclaimation point beside it. When I click on the song a window comes up saying that the file could not be found. Ironically, it is on all t

  • Outgoing SMTP server says "offline" can't send e-mails

    Set up new iCloud e-mail. Incoming mail works. Outgoing SMTP server says "offline." Can't send e-mails from this account. Need info on how to set it up. Thanks. M