Lost Packets in certain customer VLANs Trunked over ME

Similar Messages

• Vlan trunk over wifi

  Looking for advice on a problem we have.
  We have a building with the WAN link etc. There is a separate building which is connected via a point to point wireless link.
  We have Cisco 2960 switches at either end of the wireless link. The switch is divided into 2 vlans one for telephony and one for data. with links in the main building going into a netgear switch.
  In the separate building we can access the data vlan but not the voice. The ports connecting to the wireless link are trunked and if I create a vlan in the main building it replicates to the separate building and the ports are a member of the correct VLAN.
  I tested with the switches connected directly together and was fine so presuming something related to the wireless link, any thoughts welcome!!
  Many thanks

  I will assume the following
  1. Your data VLAN is the native VLAN on the trunk ports
  With that in mind you probably have an MTU issue:
  In trunk ports your native VLAN (Default VLAN 1, probably your data VLAN) will not be tagged so MTU=1500,
  your voice VLAN will be tagged so MTU > 1500 and your wireless equipment can't handle >1500 MTU so it drops the packets. You can confirm this by changing the native VLAN on your trunk ports to the voice VLAN and see if it works. If that's your case then either change the MTU on your wireless equipment or use 2 wireless links in non trunk ports 1 for each VLAN.
  Let me know if it works.

• VLAN trunk over Frame Relay

  I want to define a VLAN 101 within a branch office on one port of a CAT3524XL, that will in turn go to a router in that branch and be trunked back to the main office router (through a frame relay connection). Once in that main router, I want that one VLAN to specifically be directed to one of the unused ethernet interfaces and in turn to another 3500XL switch for distribution. There are already VLANs in the branch that are connected to the main office, but they all come out on the main branch router's e0/0 interface. I need to make an exception with the new VLAN 101 by forcing all VLAN 101 traffic to be on the e1/1. Please HELP!!!

  Yes, my requirement is to be able to direct traffic that originated on that one VLAN to a different port on the central router, where there is a captive portal device which will manage that remote traffic. I may have used the wrong term..."trunk". I really need full visibility and control of that remote VLAN. I have other VLANS (voice, data, management) in the remote branch, and they all come back through the frame. I really need to take this particular VLAN and "point" it to the available interface in the main office. Does that sound feasible with PBR? I will read more on it.
  Thanks for the info Rick. Any other ideas or help is appreciated.
  Mark

• VLAN tags over Pseudowire

  I have an existing MPLS Pseudowire connection that I need to rework to be able to carry vlan tags instead of just plain L2 frames.
  Existing setup:
  ME3400 <-> 7206VXR <-> 7206VXR <-> ME3400
  The ME3400's customer facing int tags incoming frames, which go over a trunk interface to a 7206VXR subint. The subint is conf'd for pseudowire p2p to the remote 7206VXR which has an identical setup. Subint on a trunk int to a ME3400, cust facing int tied to a matching vlan.
  My thought is use QinQ on the switches, with the question being will the 7206s correctly strip off one vlan tag layer, encapsulate the remaining vlan tagged L2 frame for psuedowire, and on the remote end take the pesuedowire packet, decapsulate it, add on the QinQ tag, and shove it back out to the switch? I won't know ahead of time what vlan tags the customer will be looking to pass, so I need to be able to support whatever they try to throw across this link.

  Hi,
  You can definitely do that, The pseudowire has 2 labels , the outer label represent the (tunnel label), the inner label represent the (Vc label).
  The egress 7206Vxr performs lookup at Vc label and forward the frames un labeled to the ME3400.
  On the other hand, with QinQ, the customer vlan access port is tunneled across the Service provider Network, this has no affect in your MPLS Forwarding which done at the vxr7206, The outer vlan tag(tagged by the service provider) is stripped out when the frames forwarded firstly unlabeled to the ME3400 at the egress tunnel interface , the inner vlan tag (customer tag) is forwarded untouched (preserved) to the ingress ME3400 interface.
  So, from different point,the MPLS provider is transparent for the Customer Vlan traffic even within the MPLS forwarding LSRs, The Only vlan that is binded to the inner label (Vc label) is the service provider access vlan provided to each customer.
  HTH
  Mohamed

• I  want to make sure: Send/Recve Errors and Lost Packets on Ping - HOW BAD?

  Greetings!
  Still relatively new to MBP and Mac OS - ramping up fast on account of having to troll Forums for info about MBP's not so reliable WiFi performance...
  *ANOTHER QUESTION:* I get a lot of Send and Receive errors - as monitored by Network Utility.app when on my wireless network. Actually 10-20 after just 1/2 hour of WiFi activity. Going thru a Linksys WRT54GL router into a HughesNet satellite modem. AND, if I PING another device on my wireless network, I often get LOST PACKETS. All an indication that at least in my case - and I hear the same many Forums denizens complain about similar issues.
  N*ow, as I download important stuff* through the wireless network - say, the current many updates/upgrades for Mac OS X and the MBP, do such occurrences render the downloads unreliable? I do not get any message of incomplete download or such as Install such wirelessly downloaded upgrades, but I am concerned about applying upgrades which would have been damaged by such xmission errors. OR, perhaps errors are flagged and "corrected" somehow??
  Meanwhile, I have recently started to download -especially upgraged - via a direct LAN connection between my MBP and the satellite modem. However, seems to be a setback to me, especially since my most mundane among my Win machines have no trouble communicating over the wireless network.
  I'll appreciate assistance!
  - Roger T

  I don't know about wireless, as I only have dial up. And I have an iBook and not a MBP. But I frequently lose internet connection part way through a software update, probably due to the local antiquated phone lines. About all that happens is that the download has to be done over completely. It never picks up where it left off, so I assume the partial download is just gone as if it had never been downloaded. I would guess the same would be true of wireless downloads.
  Good luck!

• Encrypting vlan-trunk traffic between switches

  Hi,
  Can anyone guide me to some papers or other resources on how to encrypt traffic between 2 switches. The switchces will be connected with fiber and use dot-1q tagging. And I wan't to encrypt all of the trunked traffic.
  I was thinking of L2TP, but I haven't found any good description on how to implement this. I have two 3750 switches I thought I might use.
  Thanks for any input,
  Regards,
  Oyvind Mathiesen
  mnemonic
  Norway

  Hi,
  Thanks for the response. I had a look at MACsec and it looks good. I would have liked to employ something P2P though, to also limit the ammount of MAC addresses broadcasted on the "wire". But let me first give you an understanding of the task:
  We have two sites, connected via fibre and we want to create a VLAN trunk across and order to expand the broadcast domains to te other site.
  The IDIOT carrier, has a limitation on the number of MAC addresses they allow on the fibre service, 100.
  We also need to encrypt the datatraversing this connectivity.
  MACsec wuold work 100% exept the source and dstination MAC addresses are still sent (at least according to https://docs.google.com/viewer?a=v&q=cache:LEf2qOmYZyYJ:www.ieee802.org/1/files/public/docs2011/bn-hutchison-macsec-sample-packets-0511.pdf+&hl=en&gl=za&pid=bl&srcid=ADGEESgmAHXpDOY0RBAE-Rv1HDpu_C_gkeSPN4cv6NGgyP0M1aXVu0UqzCfxo8t_P41ep6J37k4OLKnjfp1M9hoTDHxY22WGz2h7yB7YRLyPvRUbGS8TICzvEMlG92xqbhy6RWFugmnj&sig=AHIEtbTfu0LQIJejdYidE6yzq4lpPifxjQ
  And that would cause me to eat into the 100 MAC limit.
  Ridiculous I know, but we are looking for an out-of-the-norm plan...
  Thanks

• VLAN trunk via MPLS

  Is it possible to run a VLAN trunk (DOT1Q) from a Central site to a remote over a MPLS connection?

  You can do that either by using dot1q tunnelling or port based EoMPLS. For a description of these two features, please refer to the following document:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5013/products_feature_guide09186a0080088187.html
  Hope this helps,

• VLAN trunk from switch to router

  We have a 2691 cisco router and a Linksys (cisco) 24 port switch.
  Each E port is set with a different untagged VLAN ID grouped to G1 uplink port and is tagged
  The G1 port then is trunked and is tagged to native VLan 1
  One of the router ethernet ports is configued as
  interface FastEthernet0/0
  description $ETH-LAN$
  no ip address
  ip flow ingress
  duplex auto
  speed auto
  no cdp enable
  interface FastEthernet0/0.1
  description $ETH-LAN$
  encapsulation dot1Q 1 native
  ip address 216.110.213.1 255.255.255.0
  ip flow ingress
  no snmp trap link-status
  no cdp enable
  Is this correct ?
  Problem is all VLAN E ports on switch cannot get past the router.
  Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
  The config of the switch was verified with Linksys as being correct which leaves a router config issue
  So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
  Thanks for any help for cisco and linksys have been no help solving why servers on switch with vlan cannot see past router
  JR

  Is this correct ?
  A: The configuration above says that vlan 1 is native vlan, which means the router is expecting a "raw" packet to belong to vlan 1. "raw" packet menas it does not have any vlan id, I do not want to use "tag" coz "tag" might mean something else to Linksys. So, if it's "raw" as in if a PC transmit a packet, it will have no vlan id field.
  Problem is all VLAN E ports on switch cannot get past the router.
  Some E ports not with VLAN then default to VLAN 1 and they can function past the router.
  A: If you mean, they can ping the 216.110.213.1 and beyond 216.110.213.0/24 then that would be expected.
  The ports that belongs to other vlans will need a default gateway of their own, they cannot use the vlan 1 gateway because they are in different subnet. from the cofnig above, you only have sub-interface for vlan 1, do you have sub-interface for other vlans? If not, you need it.
  The config of the switch was verified with Linksys as being correct which leaves a router config issue
  So in short the switch would have 24 VLANs untagged going through trunk which is tagged ending up hitting router and then out WAN ports.
  >> This goes back to above, native vlan on cisco router will be the only vlan the router will expect with no vlan id, otherwise, everything the router rx with no vlan id or dot1q encapsulation will be assumed that it belongs to vlan 1. do you have other sub-interfaces on the 2691 for the other 24 vlans?
  Please rate all posts.

• VLAN trunking to server and security

  I have a question concerning interserver security.
  I have a cat6513 and the port connected to a w2k3 server (single NIC) is in trunking mode carrying 2 VLANS a "customer" VLAN and "backup" VLAN. We serve multiple customers,each on their own specific VLAN, but all customers use the same generic backup service in a generic backup VLAN. Customers VLANS are separated by a FWSM but with this setup all the servers can connect to other servers on the backup VLAN.
  What would be the best way to make sure that on the backup VLAN the servers can only connect to the backupserver and not ervers from oher customers.
  We tried private VLAN's (which I think won't work because the port is a trunk)ad access-list but can't get it to work.
  Any help or directions on how to solve this in well designed manner would be appreciated.
  This is the config of a port in which vlan 11 is the backup vlan and vlan 31 the customer VLAN.
  interface GigabitEthernet12/17
  description
  no ip address
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 11,31
  switchport mode trunk

  Hello,
  my first thought would be to use protected ports ('switchport protected' interface command), which would prohibit ports configured with that command from talking to each other. The drawback is that this only works for ports on the same switch...
  Regards,
  GP

• How Nokia Lost Me as a Customer

  Dear Nokia,
  I am not sure if this is the right place to post this message, but I am tired of not being heard by any of the other means of communication with the company.
  I bought a Nokia Lumia 900 around April 2012 (right after release) for full price and off-contract. The phone works great and looks even better. In terms of functionality, wp7.5 is great and in my honest opinion way better than iOS and Android. In fact, I was thrilled to hear Nokia had gone with Windows Phone, which definitely factored into my desicion to buy the Lumia originally.
  However, what I did not know, was the extent of neglect that Nokia would put me through after that. I am a student, and about 3 months after I bought the phone, I left the US to begin a study abroad program in Spain. When I tried to unlock my Lumia 900 for international use, I hit a brick wall. As it turned out, the Lumia 900 is an AT&T exclusive, so while Rogers users (in Canada) and in other networks around the world could unlock theirs without an issue, AT&T users were STUCK until the magical date of October 8th (the date at which the phone would become eligible for unlock). 
  We are now at October 17th, and despite my numerous attempts to obtain an unlock code, my phone is still locked. This is what my experience has been: AT&T asks for my IMEI #, then claims that the phone is indeed eligible for unlock, but they cannot for whatever reason find the code. After HOURS on the phone, they "opened a case" for it, for which I never received an answer. AT&T also recommended calling Nokia. Off to call Nokia. Nokia says that they do not have the unlock codes, and that I should call Microsoft. Off to call Microsoft. Microsoft says that they do not have the codes, and that I should call AT&T. Needless to say how much time has been wasted on this and how stressful, frustrating and futile the effort has been.
  This entire issue is not even to mention the fact that my phone will not be able to support Windows Phone 8. Which essentially means that I am stuck, overseas, with an obsolete phone that I can't use and can't sell.
  Thank you Nokia for at least venting my frustration. Unfortunately though, you have lost a previously passionate customer.
  Best,
  Max S

  Hi maxisultan,
  Thanks for your post and welcome!
  Sorry to hear about your experience obtaining an unlock code. Providing unlock codes is the responsibility of the carrier and Nokia Care will not be able to assist you with this. Besides that Nokia Support Discussions is a user to user support platform and not a 'direct to Nokia' support channel.
  I understand that being in Europe will make it more difficult to communicate with AT&T but unfortunately there is no other option. I will however forward your post internally and ask for this to be looked into. You are obviously free to contact Nokia Care USA directly to voice your opinion on this to them as well. You could ask them to also forward this. You can reach them through voice, mail or chat using the 'Contact us' link on this page.
  Press the 'Accept As Solution' icon if I have solved your problem, click on the Star Icon below if my advice has helped you!

• Receiving Custom XML Document over AS2 (HTTPS) - Inbound Processing

  Hi All,
  Need help in Receiving Custom XML Document over AS2 (HTTPS) - Inbound Processing
  External Trading Partner will be able to post the XML Documents to https://<b2bconsolehost>:<b2bconsoleport>/b2b/httpReceiver.
  Here is the process flow:
  1. External Trading Partner will be posting the XML Documents to https://<b2bconsolehost>:<b2bconsoleport>/b2b/httpReceiver
  2. B2B, consumes the Custom XML validates as per the XSD and process it.
  3. How to send the ACK back to External Trading Partner if it validates successfully and sent it to 'IP_IN_QUEUE'
  4. How to send the ACK back to External Trading Partner if the validation fails after receiving the XML document.
  5. Does the External Trading Partner require any certificates to post the XML Documents to https://<b2bconsolehost>:<b2bconsoleport>/b2b/httpReceiver (no need of encryption/decryption)?
  6. How to enable the B2B server to accept the HTTPS messages from the Trading Partner (no need of encryption/decryption).
  Please let me know. Thanks In Advance.
  Regards,
  Amirineni

  Hi Nandu, Ramesh,
  We have done the set-ups for transmitting a Custom XML Document over HTTP1.1 in B2B.
  Our Business Case is as follows:
  1. Read the Flat File using BPEL File Adapter
  2. Transform the Message in BPEL and send it to B2B
  2. Based on the set-ups in B2B, we need to post the XML message to the folliwng URL:-
  http://databridge.buy.datastream.net:5555/invoke/dsImport/receiveXML
  In the B2B Set-Ups, I have done the following:
  Business Protocol name: Custom Document over Internet
  Exchange Protocol: AS
  Document Protocol: Custom
  Transport Protocol: HTTP-1.1
  Host name : http://databridge.buy.datastream.net
  Port: 5555
  I have also deployed the agreement as well as the configuration. The issue that I am currently facing is when I select the configuration in WSIL browser in JDeveloper, I am getting the following error:
  "Unable to get schema information for target".
  Hence I am not able to map the message in BPEL and send it to B2B.
  Could you please let me know the possible causes and if I am missing anything in the set-ups in B2B.
  As always, your help and guidance is highly appreciated.
  Thanks,
  Dibya

• Does the 8540 support VLAN Trunking

  I would like to VLAN trunk four VLANs(8540 bridge-groups) from an 8540 switch router to a Cat 5000. I have not seen in Cisco's documentation anything that indicates that the 8540 supports VLAN trunking.

  8540 supports both ISL and 802.1q VLAN trunking
  http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_1/pereg_1/quick_cg/layer3.htm#39775

• Custom XML Document over AS2

  Hi All,
  We are planning to send Custom XML Document over HTTP(AS2) to the Remote Trading Partner. The XML Document needs to be posted to a particular URL in the Remote Trading Partner Site.Here is the process flow:
  1. The input application format file having the messages will be transformed to an XML message in BPEL.
  2. Then as per the set-ups done in B2B, this particular XML message needs to be posted to a URL.
  I went through the B2B User's Guide but could not find any documentation on how to set up Custom XML Document over HTTP(AS2).
  Could you please share the documents/technical notes or link which I can refer to do the set-ups in B2B.
  Please let me know. Thanks In Advance.
  Regards,
  DIbya

  Hi Nandu, Ramesh,
  We have done the set-ups for transmitting a Custom XML Document over HTTP1.1 in B2B.
  Our Business Case is as follows:
  1. Read the Flat File using BPEL File Adapter
  2. Transform the Message in BPEL and send it to B2B
  2. Based on the set-ups in B2B, we need to post the XML message to the folliwng URL:-
  http://databridge.buy.datastream.net:5555/invoke/dsImport/receiveXML
  In the B2B Set-Ups, I have done the following:
  Business Protocol name: Custom Document over Internet
  Exchange Protocol: AS
  Document Protocol: Custom
  Transport Protocol: HTTP-1.1
  Host name : http://databridge.buy.datastream.net
  Port: 5555
  I have also deployed the agreement as well as the configuration. The issue that I am currently facing is when I select the configuration in WSIL browser in JDeveloper, I am getting the following error:
  "Unable to get schema information for target".
  Hence I am not able to map the message in BPEL and send it to B2B.
  Could you please let me know the possible causes and if I am missing anything in the set-ups in B2B.
  As always, your help and guidance is highly appreciated.
  Thanks,
  Dibya

• Wifi issue lost packet

  Hello,
  I have upgrade my new macbook air to Moutain Lion and now i have a problem with wifi.
  I can't down file.
  I lost packet !!!!
  Olivier

  I am having the same problem.
  The only short term fix I have found is to Force Quit Finder (press Alt + Cmd + Esc, or go to menu bar Apple Logo -> Force Quit then select Finder and click Force Quit). Finder then quickly restarts and I am able to reconnect to my WiFi.
  I was hoping the latest update, OS X 10.7.1, would have resolved this but unfortuately it has not. I hope Apple can resolve this issue quickly.
  Dan
  p.s. I can't confirm that this problem only occurs when my mac goes to sleep during a Time Machine back up, simply becuase I have not checked for this. I will try and check and report back.

• Cisco VLAN Trunking Protocol Vulnerability

  I have got a cisco 2821 model router with a c2800nm-advipservicesk9-mz.151-2.T4 IOS, and was reported with 'Cisco VLAN Trunking Protocol Vulnerability'.
  Though the device is in server mode, I do not have any domain name or trunk port configured.
  Is my device really vulnerable? If yes, whats next?

  Hi Alex,
  for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
  The configuration on catalyst should :
  #config terminal
  #interface Gi 1/0/45
  # switchport encapsulation 
  #switchport trunk encapsulation dot1q
  #switchport mode trunk 
  #switchport trunk allowed vlan 101-103
  #spanning-tree portfast
  For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
  #interface fastethernet29
   #switchport mode access
   #switchport ccess vlan 103
  Please let me know after this configuration
  Thanks
  Mehdi
  Please rate or mark as answered to help other Cisco Customers