Port knocking question

Similar Messages

• Port Knocking client for Symbian?

  I was wondering if a port knocking client existed for Symbian (specifically the N8)?
  http://en.wikipedia.org/wiki/Port_knocking
  Thanks

  not that i'm aware of. and i would say that the chances are pretty slim. these kinds of applications are rare on mobiles, even client side, given that their IPs are rarely routable.
  what are you ultimately trying to achieve. maybe that is a better approach.
  There's no dignity in begging for kudos. Do it for the karma.

• Java Socket - port knocking

  Hi
  I'm new here sorry if this subject was already discusssed. I was trying to find answer without result.
  I have to write simle client for port knocking technique in java, and i have little problem
  Port knocking daemon works fine (easy just read firewall logs) but client i sending many packets instead of one... When server is behind the firewall
  To "knock" to the server I'm using quite simle command:
  Socket S = new Socket(ip,port);
  Dou you have any idea how to make it work. I need this client to knock only once..
  Cheers,
  PP5585

  Thanks:) So the only way is not to allow my port knocking to have knocks kombination like:
  113455 or 22334455
  And if there will be knock to the same port again just ignore it.
  Cheers,
  Piotr

• Using 2011 iMac as external display for new Retina macbook / port sharing question

  I'd like to see if there is a way to use the firewire port on the back my 2011 iMac 27" when it's connected to my 2014 15" Retina Macbook.
  The two work fine right now - the iMac is the main display for the macbook, but I wanted to know if there is a way to utilize the extra ports - namely the firewire port on the iMac through the Macbook. I've created aggregate devices before - would this be the way to go?
  Thanks!

  Hello gstern1994,
  Yes you can. Form the article below you should be able to do that, just make sure that you plug in those devices when you have already set up the Target Display Mode on the iMac. 
  Target Display Mode: Frequently Asked Questions (FAQ)
  http://support.apple.com/en-us/ht3924
  Regards,
  -Norm G.  

• Port-channel question on 9148

  hey I have a question about  port-channel.
  we have a port-channel 10 which contains 4 interfaces as below.
  my question is how the port-channel associated with the servers?  I mean the output "sh flogi database" as below........
  do we need to add port-channel as a zone member ? I think the answer is no since I don;t see the port-channel as a zone member....
  =================================================================
  tormds01# sh interface port-channel  10
  port-channel 10 is up
      Hardware is Fibre Channel
      Port WWN is 24:0a:54:7f:ee:a0:d5:48
      Admin port mode is auto, trunk mode is on
      snmp link state traps are enabled
      Port mode is F
      Port vsan is 510
      Speed is 32 Gbps
      5 minutes input rate 124316072 bits/sec, 15539509 bytes/sec, 9919 frames/sec
      5 minutes output rate 2205921104 bits/sec, 275740138 bytes/sec, 141424 frames/sec
        43540499847 frames input, 70772376296224 bytes
          0 discards, 0 errors
          0 CRC,  0 unknown class
          0 too long, 0 too short
        237450525827 frames output, 442040501099476 bytes
          0 discards, 0 errors
        0 input OLS, 0 LRR, 0 NOS, 0 loop inits
        0 output OLS, 0 LRR, 0 NOS, 0 loop inits
      Member[1] : fc1/1
      Member[2] : fc1/5
      Member[3] : fc1/9
      Member[4] : fc1/13
      Interface last changed at Tue Apr  8 22:16:49 2014
  tormds01# sh flogi database
  INTERFACE        VSAN    FCID           PORT NAME               NODE NAME      
  fc1/3            510   0x860000  50:06:01:64:3d:e0:24:d0 50:06:01:60:bd:e0:24:d0
                             [torvnx01_spa0]
  fc1/7            510   0x860100  50:06:01:6c:3d:e0:24:d0 50:06:01:60:bd:e0:24:d0
                             [torvnx01_spb0]
  fc1/11           510   0x860200  50:06:01:60:3d:e0:24:d0 50:06:01:60:bd:e0:24:d0
                             [torvnx01_spa2]
  fc1/15           510   0x860300  50:06:01:68:3d:e0:24:d0 50:06:01:60:bd:e0:24:d0
                             [torvnx01_spb2]
  port-channel 10  510   0x860400  24:0a:54:7f:ee:92:3e:80 21:fe:54:7f:ee:92:3e:81
  port-channel 10  510   0x860401  20:01:04:25:b5:3a:00:8f 20:01:00:25:b5:30:00:8f
                             [mcvhes0101hba0]
  port-channel 10  510   0x860402  20:01:04:25:b5:3a:00:9f 20:01:00:25:b5:30:00:9f
                             [mcvhes0102hba0]
  port-channel 10  510   0x860404  20:01:04:25:b5:3a:00:6f 20:01:00:25:b5:30:00:6f
                             [mcvhes0103hba0]
  port-channel 10  510   0x860408  20:01:04:25:b5:3a:00:7f 20:01:00:25:b5:30:00:7f
                             [mcvhes0104hba0]
  port-channel 10  510   0x86040f  20:01:04:25:b5:3a:00:4f 20:01:00:25:b5:30:00:4f
                             [mcvhes0105hba0]
  port-channel 10  510   0x860410  20:01:04:25:b5:3a:00:5f 20:01:00:25:b5:30:00:5f
                             [mcvhes0106hba0]
  port-channel 10  510   0x860417  20:01:04:25:b5:3a:00:2f 20:01:00:25:b5:30:00:2f
                             [mcvhes0107hba0]
  port-channel 10  510   0x860418  20:01:04:25:b5:3a:00:0f 20:01:00:25:b5:30:00:0f
                             [mcvhes0109hba0]
  port-channel 10  510   0x86041b  20:01:04:25:b5:3a:00:bf 20:01:00:25:b5:30:01:bf
                             [mcvhes0110hba0]
  port-channel 10  510   0x86041d  20:01:04:25:b5:3a:00:1f 20:01:00:25:b5:30:00:1f
                             [mcvhes0111hba0]
  port-channel 10  510   0x86041e  20:01:04:25:b5:3a:00:3f 20:01:00:25:b5:30:00:3f
                             [mcvhes0108hba0]
  port-channel 10  510   0x86041f  20:01:04:25:b5:3a:00:ff 20:01:00:25:b5:30:01:ff
                             [mcvhes0112hba0]
  port-channel 10  510   0x860423  20:01:04:25:b5:3a:00:df 20:01:00:25:b5:30:01:df
                             [mcvhes0113hba0]
  port-channel 10  510   0x860425  20:01:04:25:b5:3a:00:ef 20:01:00:25:b5:30:01:ef
                             [mcvhes0114hba0]
  port-channel 10  510   0x860426  20:01:04:25:b5:3a:00:cf 20:01:00:25:b5:30:01:cf
                             [mcvhes0115hba0]
  port-channel 10  510   0x860427  20:01:04:25:b5:3a:00:8e 20:01:00:25:b5:30:01:8f
                             [MCDBWS0200hba0]
  port-channel 10  510   0x860429  20:01:04:25:b5:3a:00:9e 20:01:00:25:b5:30:01:9f
                             [MCDBWS0201hba0]
  port-channel 10  510   0x86042a  20:01:04:25:b5:3a:00:7e 20:01:00:25:b5:30:01:7f
                             [mcvhes0118hba0]
  port-channel 10  510   0x86042b  20:01:04:25:b5:3a:00:af 20:01:00:25:b5:30:01:af
                             [mcvhes0116hba0]
  port-channel 10  510   0x86042c  20:01:04:25:b5:3a:00:6e 20:01:00:25:b5:30:01:6f
                             [mcvhes0117hba0]
  port-channel 10  510   0x86042d  20:01:04:25:b5:3a:00:4e 20:01:00:25:b5:30:01:4f
                             [mcvhes0119hba0]
  port-channel 10  510   0x86042e  20:01:04:25:b5:3a:00:5e 20:01:00:25:b5:30:01:5f
                             [mcvhes0120hba0]
  port-channel 10  510   0x860431  20:01:04:25:b5:3a:00:2e 20:01:00:25:b5:30:01:2f
                             [awotorprodsql01hba0]
  port-channel 10  510   0x860432  20:01:04:25:b5:3a:00:3e 20:01:00:25:b5:30:01:3f
                             [awotorprodsql02hba0]
  port-channel 10  510   0x860435  20:01:04:25:b5:3a:00:fe 20:01:00:25:b5:30:00:ef
                             [dbcactv01n3hba0]
  port-channel 10  510   0x860436  20:01:04:25:b5:3a:00:de 20:01:00:25:b5:30:00:bf
                             [dbcactv01n4hba0]
  port-channel 10  510   0x860439  20:01:04:25:b5:3a:00:ce 20:01:00:25:b5:30:00:8e
                             [mcvhes0123hba0]
  port-channel 10  510   0x86043a  20:01:04:25:b5:3a:00:be 20:01:00:25:b5:30:00:af
                             [mcvhes0122hba0]
  port-channel 10  510   0x86043c  20:01:04:25:b5:3a:00:ae 20:01:00:25:b5:30:00:9e
                             [mcvhes0124hba0]
  port-channel 10  510   0x860443  20:01:04:25:b5:3a:00:8d 20:01:00:25:b5:30:00:6e
                             [mcvhes0125hba0]
  port-channel 10  510   0x860445  20:01:04:25:b5:3a:00:ee 20:01:00:25:b5:30:00:cf
                             [mcvhes0121hba0]
  port-channel 10  510   0x860446  20:01:04:25:b5:3a:00:9d 20:01:00:25:b5:30:00:7e
                             [mcvhes0126hba0]
  port-channel 10  510   0x860447  20:01:04:25:b5:3a:00:6d 20:01:00:25:b5:30:00:4e
                             [mcvhes0127hba0]
  port-channel 10  510   0x860449  20:01:04:25:b5:3a:00:7d 20:01:00:25:b5:30:00:5e
                             [mcvhes0128hba0]

  I think what you do is F-Port trunking channeling !
  port-channel as a zone member ? I assume you will do pwwn based zoning; in which case the answer is NO !

• Port mapping question - I need clarification

  I have posted a question about port mapping previously but - although I thought I understood - it is still not working for me. I was hoping there was a kind soul out there who could humor me and explain port mapping with AEBS 802.11n as if there where talking to a 5 year old.
  Thanks for the help and it's ok to laugh.

  {quote:}This address MUST be outside of the range of IP addresses that your 802.11n AirPort Extreme Base Station's (AEBS) DHCP service is providing.{quote}
  This actually is incorrect.
  The statement that the mapped internal address must be static is correct; otherwise the AEBS will not, if the Mac is assigned a different dynamic (DHCP) IP address by the AEBS some time in the future, be able to forward packets to the Mac. However it is very straightforward to have the Mac computer be assigned an address dynamically by the AEBS and to have the AEBS always assign the same IP address to the same Mac computer. Thereby giving the Mac a static address inside the DHCP range.
  In the AirPort utility go to Internet | DHCP | DHCP Reservations. Click "+" then enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the Mac computer, give it an IP address, save it. Then that Mac computer will always receive that (static) IP address from the AEBS.
  Why do this? Well by continuing to use DHCP (while having though a static IP address) you keep all the other benefits of DHCP such as automatically having the gateway address, the DNS server addresses given to the Mac. Otherwise you have to enter all this information manually on the computer if you put it outside the DHCP address range. This is very desirable, especially for most home users, as their DNS server entries are provided by their ASP and picked up by the AEBS. If the ASP changes DNS addresses the manually configured Mac machine will not know.
  So in summary - for port forwarding it is NOT necessary for the Mac machine to be outside the DHCP range, in fact _it is desirable to keep it in the DHCP range_ *as long as* the Mac utilises DHCP reservation on the AEBS.
  I have tested this and it works fine.

• Port monitoring question

  Hello,
  I'm new to the forum and to Network programming in particular.
  My question concerns port monitoring. I have a server transmitting UDP packets to a specific port. I need to have a thread that monitors that port and sees that there is traffic going out. Yet, it does not have any connection to the server (different processes), but it knows the IP and port number (actually the IP is the same).
  How do I make it happen? Do I need to use a DatagramSocket and read inputs? Could someone advise with a simple code sample?
  Thanks

  Hi,
  Why you dont simply create a DatagramSocket object. And using the receive message you can monitor datagrampackets, and if there is message or not available, simply use the getLength() method from this object.
  You can do it in two ways.
  One would be creating two threads, one to do the job, and the other one to monitor if there is or not message available. As you should know, the receives method, will block if there is no message available. As u dont want your program to freeze, put this job, in one thread.
  The other one, would also be using a timertask, which will monitor the waiting process. If then for x time, it doenst receive, you finish your program.
  There are really many many possibilities, u just need the DatagramSocket object, the DataGrampacket and a thread!
  If i misunderstood something, you can give me new directions

• VISA Read and Bytes at Port Timing Question

  Hi,
  I have a question that doesn't seem to be documented in the VISA Read function help. My application normally queries a serial instrument, waits, and then reads the port (with Bytes at Port property node wired to the byte count input of the VISA Read). However, I also need to be able to handle strings received from the instrument asynchronously without my vi requesting any data. So in the False Case in my vi (the True Case is where I write a command to the instrument) I have a Bytes at Port property wired to the VISA Read function's byte count input without using a VISA Write. This works fine if the \r\n terminated string is sent in one packet. However, sometimes there is a slight delay (only a few milliseconds) between characters. When that happens, the VISA Read returns, but I don't get the entire intended string. (Of course I know I have to keep reading in a loop until I get the \n and then assemble the received characters (sub strings) into my complete string for processing.)
  This is my question: What is the time delay between characters at which the VISA Read terminates? This is not specified. I assume it could be as little as just slightly more than 1 stop bit at the baud rate being used. Does anyone know? NI employees?
  When a string of more than one character (byte) is sent, as soon as the stop bit time has expired, the next start bit is normally sent immediately. Is it possible that if the next start bit doesn't come by, say, the mid-bit position time at the baud rate being used, the VISA Read returns immediately? Or does it wait at least 1 character time (at the baud rate)? This should be documented. Furthermore, for future versions it might be useful to add an input to the VISA Read to specify in milliseconds how long to wait AFTER the 'byte count' number of bytes have been received before returning the string (or character).
  Thanks for your help.
  Ed

  I looked up the PC16550D data sheet (http://www.national.com/ds/PC/PC16550D.pdf). On p. 19 it says:
  When RCVR FIFO and receiver interrupts are enabled, RCVR FIFO timeout interrupts will occur as follows:
  A. A FIFO timeout interrupt will occur, if the following conditions exist:
      - at least one character is in the FIFO
      - the most recent serial character received was longer than 4 continuous character times ago (if 2 stop bits are  programmed the second one is included in this time delay).
      - the most recent CPU read of the FIFO was longer than 4 continuous character times ago.
  The maximum time between a received character and a timeout interrupt will be 160 ms at 300 baud with a 12-bit receive character (i.e., 1 Start, 8 Data, 1 Parity and 2 Stop Bits).
  B. Character times are calculated by using the RCLK input for a clock signal (this makes the delay proportional to the baudrate).
  C. When a timeout interrupt has occurred it is cleared and the timer reset when the CPU reads one character from the RCVR FIFO.
  D. When a timeout interrupt has not occurred the timeout timer is reset after a new character is received or after the CPU reads the RCVR FIFO.
  So, this UART uses 4 character times to determine that no more characters are coming in. And the delay is baud-rate dependent. This makes sense because I see that at, say, 115200 baud I receive more "partial strings" than I do at 9600 baud (where the sending device has more time to send the next character)!
  Kudos for making me investigate this further! Thanks for listening. Hope this may help others in the future.

• T61 External Monitor Port Failure Question

  I have a Lenovo T61 8897-cto (purchased 4/2008) with what I believe is a failing backlight.  In dim environments I can still see the screen.  I've  been temporarily using an external monitor, but the external monitor just went blank and I can't get it back, (the external monitor works fine with another laptop which I'm using now).  My question is, does this new fault point to a system board failure?   I suppose it could be a connector but I don't move the system often and not recently.  The only other things that comes to mind is that the battery is dying and only has 50% of its capacity left, (but I always run it with the AC cable plugged in).
  I'm just wonder if it is worth putting any money into this laptop or to parts it out.  I've already ordered a replacement W510 which I should get in under 2 weeks. I was thinking about using the T61 as a backup or dedicated to Ubuntu, but I can buy a used one for under $600 so I don't want to dump $400 into to have it repaired.
  Any suggestions/prior experience with failing LCD displays and external video port?

  1400x1050 is the highest screen resolution, so I guess that is SXGA+ No, I've never spilled anything on the laptop. I'm running Windows Vista Pro latest Service Pack. I rebooted the system this morning and the external display was detected and used during the boot process. It started to work again under Windows. I'm starting to think that it was some sort of power saving mode that failed to re-initialize. The main laptop screen is still dim, but readable in a dark room. It does have a bit of a tint to it, which I've read is an indicator of a failing backlight. I've checked the warranty on the Lenovo website and they've indicated that it has expired.

• Nexus 1000v port-channels questions

  Hi,
  I’m running vCenter 4.1 and Nexus 1000v and about 30 ESX Hosts.
  I’m using one system uplink port profile for all 30 ESX Host; On each of the ESX host I have 2 NICs going to a Catalyst 3750 switch stack (Switch A), and another 2 NICs going to another Catalyst 3750 switch stack (Switch B).
  The Nexus is configured with the “sub-group CDP” command on the system uplink port profile like the following:
  port-profile type ethernet uplink
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 1,800,802,900,988-991,996-997,999
  switchport trunk native vlan 500
  mtu 1500
  channel-group auto mode on sub-group cdp
  no shutdown
  system vlan 988-989
  description System-Uplink
  state enabled
  And the port channel on the Catalyst 3750 are configured like the following:
  interface Port-channel11
  description ESX-10(Virtual Machine)
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 500
  switchport trunk allowed vlan 800,802,900,988-991
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  interface GigabitEthernet1/0/18
  description ESX-10(Virtual Machine)
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 500
  switchport trunk allowed vlan 800,802,900,988-991
  switchport mode trunk
  switchport nonegotiate
  channel-group 11 mode on
  spanning-tree portfast trunk
  spanning-tree guard root
  end
  interface GigabitEthernet1/0/1
  description ESX-10(Virtual Machine)
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 500
  switchport trunk allowed vlan 800,802,900,988-991
  switchport mode trunk
  switchport nonegotiate
  channel-group 11 mode on
  spanning-tree portfast trunk
  spanning-tree guard root
  end
  Now Cisco is telling me that I should be using MAC pinning when doing a trunk to two different stacks , and that each interface on 3750 should not be configured in a port-channel like above,  but should be configured as individual trunks.
  First question: Is the above statement correct, are my uplinks configured wrong?  Should they be configured individually in trunks instead of a port-channel?
  Second questions: If I need to add the MAC pinning configuration on my system uplink port-profile can I create a new system uplink port profile with the MAC pinning configuration and then move one ESX host (with no VM on them) one at a time to that new system uplink port profile? This way, I could migrate one ESX host at a time without outages to my VMs. Or is there an easier way to move 30 ESX hosts to a new system uplink profile with the MAC Pinning configuration.
  Thanks.

  Hello,
  From what I understood, you have the following setup:
       - Each ESX host has 4 NICS
       - 2 of them go to a 3750 stack and the other 2 go to a different 3750 stack
       - all 4 vmnics on the ESX host use the same Ethernet port-profile
            - this has 'channel-group auto mode on sub-group cdp'
       - The 2 interfaces on each 3750 stack are in a port-channel (just 'mode on')
  If yes, then this sort of a setup is correct. The only problem with this is the dependance on CDP. With CDP loss, the port-channels would go down.
  'mac-pinning' is the recommended option for this sort of a setup. You don't have to bundle the interfaces on the 3750 for this and these can be just regular trunk ports. If all your ports are on the same stack, then you can look at LACP. The CDP option would not be supported in the future releases. In fact, it is supposed to be removed from 4.2(1)SV1(2.1) but I still see the command available (ignore 4.2(1)SV1(4) next to it) - I'll follow up on this internally:
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_2_1_1/interface/configuration/guide/b_Cisco_Nexus_1000V_Interface_Configuration_Guide_Release_4_2_1_SV_2_1_1_chapter_01.html
  For migrating, the best option would be as you suggested. Create a new port-profile with mac-pinning and move one host at a time. You can migrate VMs off the host before you change the port-profile and can remove the upstream port-channel config as well.
  Thanks,
  Shankar

• TCP/UDP Port Utilization question for CCX 8.5

  Greetings,
  I have gone through the CCX 8.5 TCP/UDP port utilization guide.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
  I always do this as a matter of practice and I had a question concerning Java RMI ports. In the guide there is an ephemeral range TCP:32768-61000 that is used for Java RMI. Based on the context clues in the footnote this is an intra-cluster communication between processes running on CCX. This jives with ACLs I have built for previous versions.
  The hang up I have is that Table 1 (page 6) of the guide shows that one of the remote devices is "Editor". I take this to mean CRS Editor, which can run on a desktop in the environment. I want to keep the ACL as trim as possible, so I don't want to open up the TCP ephemeral range unnecessarily. So, I guess my question is:
  When that document refers to "Editor" do they mean that the CRS Editor is communicating using the referenced ports? Or is there a server-side process called Editor listening on those ports. The shift in how I apparently have to account for RMI is causing me to question.
  Thanks in advance,
  Bill

  I followed the port guide, but am still having issues connecting to the editor from my workstation with my access-list in place.
  When I remove the ACL the editor connects and I can do reactive debugging. The ACL breaks this.
  Followed this
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf
  Does anyone have a sample acl that works?

• Port Mapping Question

  Well, I thought I had this all figured out...
  About a year ago I set up an older AirPort Extreme Base Station (Version 5.7) successfully to port to an iMac running OS X Tiger Server. As Leopard came out I decided that I wanted to do a little upgrading around the house and purchased the new AEBS along with a Mac Mini to run the new server software.
  I have no problems getting the AEBS set up, but the port mapping just doesn't seem to work correct.
  Right now I reverted back to the old system and seem to be serving just fine on the Mac Mini with OS X Leopard Server... But I'd really like to leverage the new AEBS.
  So, anyone out there can offer some advice on one of the settings I seem to be missing that seems to make this not work?
  Thanks

  It might also be a DCHS/NAT problem...
  Here's a post I added this morning...
  http://discussions.apple.com/thread.jspa?threadID=1320615&tstart=0

• HTTP Installation & Port Number Questions?

  Hi All,
  I am trying to install the HTTP server from the companion cd I only select the HTTP server to be installed, is this correct??
  When configuring the DAD file for the apex 3.1, what is the port number that I have to write is it 7777 or 8080?
  Regards

  Hello,
  The default is 7777, but you can verify that by opening the httpd.conf file in your Apache directory.
  You'll see a line with Port there.
  Also when you run for ex. http://localhost:7777/ do you see Apache? If not it's probably using a different port.
  Regards,
  Dimitri
  -- http://dgielis.blogspot.com/
  -- http://apex-evangelists.com/
  -- http://apexblogs.info/

• Access-list port range question

  Hi,
  I would like to clarify the exact operation of the below command:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  ip access-list extended VoiceACL
  permit udp any any range 16384 16387
  Thus the range statement in the above access list specify that it allow only three ports "16384 to 16387". Is that correct ? Bit confused with this command. One of my friend said that the range statement not just specify 3 ports,but it specify the starting port as 16384 and the end port number 32771 [16384+16387].
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Value1] = starting port number
  [Value2] + [Value1] = end port number
  Thanks
  Nachi

  Hi Nachi,
  This represent the ports ranging between the first number and the last number included, in your case this is actually 4 ports: 16384, 16385, 16386 and 16387
  Regards,
  Raphael

• 2960 Stack Port Channel Question

  I have a 2960 stack with 2 WS-C2960S-48FPD-L distribution switches running c2960s-universalk9-mz.150-2.SE2.bin.
  I then have three stand alone 2960S-48 access switches running the same code.
  I will have two ten Gig uplinks in a port-channel back to a 6500. I have this config. however 
  I  would like to have port-channel between each of the distribution  switches in the stack and each of the stand alone access switches.
  So as an example:
  distribution switches: port 1/0/48 and 2/0/48 in port channel 1
  access switches: 1/0/51 and 1/0/52 in channel-group 1 active
  Am I right in thinking that because these port channels come off of two different switches in a 2960 stack that they need to be LACP and the ports on the access switches need to be in "channel-group X active". And does it need to be in active mode on both sides?
  Thank You in advance

  Yes, both sides must have identical channel mode.