RV110W Blocks all inbound traffic

Similar Messages

• Block all incoming traffic and Active FTP

  Will setting the firewall to Block all incoming traffic break Active FTP Connections?
  The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?

  Hi TribleTrouble,
  Do you have any issue about FTP active mode?
  If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Blocking all IGMP traffic

  Hello,
  I?m hoping someone may have the answer to this. I am trying to block ALL types of IGMP traffic on a particular interface on at 3560-24-TS-S.
  We have a Summit 5i switch acting as a core switch for 400 users which all (VLAN 3) participate in a multicast group sourced from one of the servers on the same VLAN 3. All the equipment is managed via VLAN 3. From this Summit 5i core switch we have an untagged hand off to a Cisco 3560 - 24-TS-S which also has 400 DIFFERENT users participating in a multicast group sourced from a server physically connected to this Cisco switch but on VLAN 6. All equipment on this switch is also managed via VLAN 3. The problem I believe is that this handoff between the Summit 5i and the Cisco 3560 are having IGMP querying conflicts and it?s causing multicast troubles on both VLAN 3 and VLAN 6. I did setup the port as protected, blocked "unknown" unicast, multicast traffic and issued a no IP IGMP snooping vlan 3. But still having troubles.
  I am using IGMP v2 and source filtering is not available until v3 so I am not sure how to block ALL IGMP traffic to try and help isolate this as 2 separate networks but still being managed on the same.
  Any help is greatly appreciated...
  Regards,
  Robert

  You can try this and control the IGMP queries on a given interface.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swmcast.htm#wp1177268
  To disable groups on an interface, use the no ip igmp access-group interface configuration command.
  This example shows how to configure hosts attached to a port as able to join only group 255.2.2.2:
  Switch(config)# access-list 1 255.2.2.2 0.0.0.0
  Switch(config-if)# interface gigabitethernet0/1
  Switch(config-if)# ip igmp access-group 1
  HTH-Cheers,
  Swaroop

• Blocking all ipv6 traffic

  Good morning -  I have an issue that has happened twice - and I need some advice.  I have a 4506 running version 12.2(46)SG. We recently encountered an issue where I BELIEVE the issue to be IPV6 sending out a broadcast storm, and completely flooded the core switch  - bad enough that I couldn't even console into the device.  After removing all connections that were plugged in when the switch went down.  After everything was back up, we found that it was a laptop with ipv6 enabled - exactly the same scenario as last time.  What we found after the first incident was that a faulty NIC driver caused the ipv6 broadcast storm.
  At any rate, as we do not use IPv6 for anything at all, I want to block all IPv6 traffic.  I know there are different ways to do it, but I'm reaching out to see what ideas you may have also...
  Thx in advance for any input!

  Joel,
  If VACLs with IPv6 ACLs are supported on your platform then I would probably use VACLs, as they allow a filter to be applied flatly to the entire VLAN. Your other option would be to configure per-port ACLs which is cumbersome and bloats the configuration unnecessary.
  With IPv6 ACLs, be sure to block ICMPv6 explicitly. As far as I remember, some ICMPv6 messages are allowed even if they are not explicitly permitted in the ACL (usually the RD and ND messaging).
  If your platform allowed filtering all incoming packets by MAC ACLs, yet another way would be to use VACLs with MAC ACLs, blocking all traffic with the EtherType of 0x86DD. However, newer platforms apply MAC ACLs only to non-IP traffic so they would have no effect on frames carrying IPv6 packets. You need to consult the documentation to your device.
  In any way, VACLs would be my personal preferred choice at this point.
  Best regards,
  Peter

• CoreSync.exe blocks all network traffic while (slowly) syncing my Creative Cloud files

  Hello folks,
  Since the latest Creative Cloud update (I'm using version 1.9.0.465 as of this writing), I've been unable to successfully sync my Creative Cloud Files folder.
  First things first, as other forum users have posted elsewhere, when the update installed itself, my Creative Cloud Files folder was moved from my chosen location to its default location (C:\Users\MyUserName) and I've been unable to put it back where I wanted it.
  However, more pressingly, I noticed that every time I booted my computer, neither my wife nor I were able to access the Internet.  After a couple days' trial and error I realized that Creative Cloud was trying (unsuccessfully) to sync about seven files (totaling about 750MB) to the cloud, and anytime the sync was actively working, my network access was completely blocked.  Even the Creative Cloud desktop app itself couldn't access the Internet to authenticate my apps or Typekit fonts.
  I have managed to get much smaller files (1MB, 5MB, up to 15MB) to sync successfully, however this takes a really long time, and no one on my network can manage to load a web page on their device until the sync is complete.
  Right now I've got syncing paused, and everything on my network is working fine.
  For some additional info, I've attached a screen grab of my Networking tab from Task Manager:
  The big spikes in that graph are me and my wife loading up tons of web content-- YouTube videos, a million tabs of who-knows-what, all acting normally.  Then I hit Resume on CC's sync operation, my activity line clamps way down, and no one can load any Internet content anywhere.  After that, I released my computer's IP address from the command prompt, at which point Creative Cloud Desktop returned a connection failure, and I quit the app.  When I renewed my IP address, I noticed our network access was still blocked, even though Creative Cloud was not running.  I traced the problem back to CoreSync.exe, which had continued running even after I'd quit Creative Cloud.  The moment I ended the CoreSync.exe process, everything was back to normal... until I restarted the Creative Cloud app, which in turn restarted CoreSync.exe.  It was only after pausing CC's sync operation that we were able to use the Internet again.
  So!  To sum up, here are my two issues:
  Syncing is entirely broken, and prevents everyone on my network from using the Internet while CC spins its wheels.
  For some reason, following the same update, I'm unable to change the location of my Creative Cloud Files folder.
  Some things I've tried:
  Uninstalling & reinstalling the Creative Cloud Desktop app-- no change
  Clearing my archived files on creative.adobe.com in case there was some weird argument happening between my live/syncing files and my archived files-- no change
  Manually adding CoreSync.exe to my Windows Firewall whitelist-- no change
  Finally, I can recreate this issue on my second computer, running the same version of Creative Cloud but running off wireless instead of Ethernet.  Same symptoms-- feed it a file to sync, and everyone's Internet access is gone until the sync operation [eventually] finishes.
  I'm completely stumped and very frustrated.  I rely heavily on CC's file syncing feature, and as it's the only cloud storage product I'm actually paying for, I'm not willing to abandon it for another service like DropBox.  I'm willing to try just about anything-- and in the meantime I'm just wishing Creative Cloud Desktop app updates weren't compulsory; the last build I'd installed here was working perfectly fine.
  My basic system specs in case it's helpful:
  Windows 7 Professional x64 SP1
  2x Intel Xeon E5-2670 @ 2.6GHz
  64GB DDR3 RAM
  nVidia Quadro 4000
  Any insights would be incredibly appreciated!  Thanks in advance.

  Heyo Dave,
  Thanks so much for your reply and suggestions.  Here's what I've discovered after some more noodling.
  I'm no networking guy, but I can't seem to find anything about my modem or router that would explain why my upstream traffic is being throttled using CC-- especially since it's all the same hardware I was using last week before I updated CC.
  In addition, I've tried test uploading a couple of files using DropBox, Google Drive, and WeTransfer.com, and neither process interrupts Internet use on my network.
  With all that said, I did go in and pull back my Transfer Speed settings in CC from Maximum to Low, and that made a big difference!  Syncing continued to work, and our other network requests were working just fine.  I managed to get my upload speed set as high as Medium; High and Maximum both kill my network within seconds of being set.
  So I'm not sure what was done to the CC application in this release to supposedly enable us to "Sync Files and Fonts faster" (from the release notes), but whatever it is, it's got my uploads capping at 100Kbps (compared to a minimum 350Kbps using Google Drive) unless no one in my home wants to check their email for the next hour.  That's a significant bummer for me, as my After Effects projects regularly swell to ~50MB toward the end of a project.
  I'd like to submit a big report here, since really the only variable at play in this situation was the Creative Cloud update.  However, unfortunately it looks like the bug report form is down...  I'll have to try again later.
  In the meantime, if there are any other suggestions for experiments I can run on this beast, I'm happy to oblige and report back in case other folks with similar issues can get some relief!
  Thanks again,
  Jared

• Howto allow all inbound traffic on 678?

  I have a 501 behind a 678 (CBOS 2.4.6) The 678 does not allow inbound connection by default. How can I config the 678 to simply terminate the ADSL and allow all traffic both in and out, so that I can let the 501 do all the access control?

  Try:
  http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/products_user_guide_book09186a008007ce34.html
  http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/prod_release_note09186a00800eac45.html

• ACLs on Dot11Radio interface blocks ALL traffic

  On an AP1220 w/IOS 12.2(11)JA1, all traffic is blocked when an ACL is applied on either the RF interface or the FastE interface, even explicitly permitted traffic. Also, using the "log" command after an ACL line fails to log anything. Below is the ACL I want to apply to the Dot11Radio 0 interface. It blocks ALL traffic:
  access-list 100 permit udp any any eq bootpc log
  access-list 100 permit tcp any host 10.0.0.1 eq 1723 log
  access-list 100 permit gre any host 10.0.0.1 log
  access-list 100 deny ip any any log
  Here is a test ACL that blocked ALL traffic, as well:
  access-list 101 permit udp any any log
  access-list 101 permit tcp any any log
  access-list 101 permit icmp any any log
  access-list 101 permit ip any any log
  Both ACLs blocked all traffic and failed to log a single event. If the ACL is removed, everything works. HELP!

  It's a known bug CSCec28612 - AP1200 access-list doesnt work on radio int with a log keyword

• How can I get Verizon to block all outgoing messages on my email?

  My email was apparently hacked, it is the main account that I have used for the past seven years and all of my bill notifications and important things come to this address.  I have changed the password repeatedly, run several scans on my main computer, laptop, kindle fire, and cell phone (every device I access the email on) using Norton and Norton Power Eraser on the computers.  Nothing showing up.  
  I chatted with support just now asking them to block all outgoing email and they said it isn't possible and I find that impossible to believe.  I am seeing all kinds of messages here saying that people are being blocked but I can't add an email address to that list?  I need to keep it active for inbound email for a month or so just to make sure that I haven't missed any bill notices or other important stuff.  Any ideas?
  Thanks!

  Pretty hard to do without shutting down the account.
  Assuming you have properlly changed your password, and checked your PC and other devices for viruses/trojatns/etc. Then the person using your email is probably NOT even using Verizon.  \
  Unfortunately the basic SMTP protocol is totally different then most people think.  Who you say you are is not a protected value and you can say you are anyone, yes verizon's servers when initially accepting input do check, but that is about it.  And the displayed sender and addresses in the smtp protocol do not have to match any text in the mail. that you see.
  Typical smtp conversation
  EHLO
  a bunch of auth commands
  MAIL and whoever i claim to be
  RCPT
  [email protected]
  [email protected]
  DATA
  this is what most people is the email and its headers, but can really be anything.
  FROM:  SOMEone
  TO:  you and everyone else they can think of

• How to configure DNS server to redirect all web traffic to one external website?

  I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
  (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

  Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
  If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
  A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

• How to create a new rule in Windows Firewall to permit some specific IPs and block all other computers

  Hello,
  I have a Win7 PC. I want to block all incoming connections except 3 or 4 IPs. How can i do this?
  I created a new rule to block all connections using this steps:
  Inbound rules > New Rule > Custom > All Programs > All Protocols / Ports > All Local/Remote IPs > Block the connectiion > All profiles > Then i gave a name
  This rule works fine and blocks all incoming connections.
  Then i want to create a new rule to allow specific IPs using this steps:
  Inbound rules > New Rule > Custom > All Programs > All Protocols / Ports > Remote IPs: 192.168.10.5, 192.168.10.10 > Allow the connection > All profiles > Then i gave a name
  But 192.168.10.5 and 192.168.10.10 couldn't reach W7 machine. 
  (If rules are disabled or FW is off; both IPs could reach W7 machine)
  Thanks

  Hi,
  How did you check these two IP address? Through remote access? According to your description, it should only allow remote IP could access this computer. Please also allow local IP for test.
  Roger Lu
  TechNet Community Support

• Blocking all MAC addresses except for the ones you allow

  I have a Cisco Aironet 1200 Access Point. I want to block all MAC addresses from accessing the access point, except for the ones I've allowed. First I went to the Address Filters page and clicked on Allowed, then listed all the MAC address I want to be able to access the access point. Then I went to the Ethernet Advanced page, and set the Default Multicast Address Filter to Disallowed, and the Default Unicast Address Filter to Disallowed. Then I went to the AP Radio: Internal Advanced page, clicked on the Advanced Primary SSID Setup link, and set the Default Unicast Address Filter to Disallowed. Accept Authentication Type is set to Open with Shared and Network-EAP cleared, and the Require EAP check boxes are all cleared.
  When using a computer whose MAC address is not listed on the Address Filters page, I am still able to connect to the network through the access point. I am also able to connect to the access point from any pc on my network by entering its IP address in Internet Explorer.
  What do I need to do to block any pc without a listed MAC address from connecting to the access point?
  Thanks, Jeff

  Here's the instructions and URL on how to create an MAC based filter:
  Follow these steps to create a MAC address filter:
  Step 1 Follow the link path to the Address Filters page.
  Step 2 Type a destination MAC address in the New MAC Address Filter: Dest
  MAC Address field. You can type the address with colons separating the character pairs
  (00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).
  Note If you plan to disallow traffic to all MAC addresses except
  those you specify as allowed, put your own MAC address in the list of allowed MAC
  addresses. If you plan to disallow multicast traffic, add the broadcast MAC address
  (ffffffffffff) to the list of allowed addresses.
  Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed
  to discard traffic to the MAC address.
  Step 4 Click Add. The MAC address appears in the Existing MAC Address
  Filters list. To remove the MAC address from the list, select it and click Remove.
  Step 5 Click OK. You return automatically to the Setup page.
  Step 6 Click Advanced in the AP Radio row of the Network Ports section at
  the bottom of the Setup page for the radio you want to configure. The AP Radio Advanced page appears.

• Inbound traffic alert (ESET) - Application: System

  I have a MacBook Pro (Retina, 15-inch, Mid 2014) running OS X Yosemite 10.10.2
  I have installed ESET Cyber Security Pro a while ago, and an inbound traffic alert just popped up. "A remote computer is attempting to communicate with an application running on this computer. Do you wish to allow this communication?"
  The application involved is "System", local port is TCP 8770. The remote computer is fe80::4c8d:97ff:feb4:5d8d, remote port is 56398.
  I am still new to Mac, and therefore I'm not sure if I should allow or block. I thought that it might be system updates, but not too sure about that so I'd rather wait for an answer before proceeding.

  Port 8770 is used for the Digital Photo Access Protocol, which in the case of a Mac means sharing of photos. I'm not sure exactly how this port is used in Yosemite, but you can bet this is just another Mac or iOS device on your local network querying your Mac to see if it is sharing any photos. It is very unlikely that you have a network configuration that would even allow a truly "remote" computer to connect to yours over the internet.
  ESET is wasting your time here. Uninstall it, and see my Mac Malware Guide for more information about protecting yourself from malware.
  (Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

• Nexus1000v local SPAN can't capture inbound traffic

  hi all,
  I just configured local SPAN on nexus1000v (version 1.3d).
  local SPAN source and destination is on same VEM.
  my config is like below:
  monitor session 3
    source interface Vethernet13 both
    destination interface Vethernet170
    destination interface Vethernet36
    no shut
  SPAN session is up.
  But we can't see any inbound traffic to the source VM.
  (10.16.185.4,5,6 is the IPs of SPAN source)
  [root@davidzhangRHEL ~]# tcpdump -i eth1
  tcpdump: WARNING: eth1: no IPv4 address assigned
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
  11:46:07.644551 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta                                                ndby group=1 addr=10.16.185.1
  11:46:07.654771 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act                                                ive group=1 addr=10.16.185.1
  11:46:07.961735 IP 10.16.185.6.https > 10.16.184.196.50254: S 3897896960:3897896                                                960(0) ack 1838046824 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329579                                                 2654766205>
  11:46:07.962955 IP 10.16.185.6.https > 10.16.184.196.50254: R 1:1(0) ack 2 win 0
  11:46:10.644950 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta                                                ndby group=1 addr=10.16.185.1
  11:46:10.657615 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act                                                ive group=1 addr=10.16.185.1
  11:46:11.081231 IP 10.16.185.5.https > 10.16.184.197.58538: S 1850399261:1850399                                                261(0) ack 3055844595 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329891                                                 2654662655>
  11:46:11.081970 IP 10.16.185.5.https > 10.16.184.197.58538: R 1:1(0) ack 2 win 0
  11:46:11.957381 IP 10.16.185.5.https > 10.16.184.196.42161: S 1862096740:1862096                                                740(0) ack 970410175 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329978 2                                                654770202>
  11:46:11.958705 IP 10.16.185.5.https > 10.16.184.196.42161: R 1:1(0) ack 2 win 0
  11:46:12.089401 IP 10.16.185.6.https > 10.16.184.197.45604: S 2733719434:2733719                                                434(0) ack 3290215780 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329992                                                 2654663683>
  11:46:12.090735 IP 10.16.185.6.https > 10.16.184.197.45604: R 1:1(0) ack 2 win 0
  11:46:12.956018 IP 10.16.185.6.https > 10.16.184.196.50302: S 2275642708:2275642                                                708(0) ack 3286673454 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74330078                                                 2654771200>
  11:46:12.956838 IP 10.16.185.6.https > 10.16.184.196.50302: R 1:1(0) ack 2 win 0
  11:46:13.552716 IP 10.16.185.4.61913 > 10.2.222.111.5723: P 3867141198:386714222                                                3(1025) ack 4146771556 win 508
  11:46:13.645770 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta                                                ndby group=1 addr=10.16.185.1
  11:46:13.654427 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act                                                ive group=1 addr=10.16.185.1
  11:46:13.817143 IP 10.16.185.4.61913 > 10.2.222.111.5723: . ack 180 win 508
  1000v# module vem 12 execute vemcmd show span
  VEM SOURCE IP NOT CONFIGURED.
  HW SSN ID            DST LTL/IP  ERSPAN ID  HDR VER
          0                    68      local
  1000v# show monitor internal errors
  1) Event:E_DEBUG, length:96, at 163774 usecs after Thu Sep 22 15:12:17 2011
      [102] eth_span_phy_if_init_runtime_info(1051): im_get_ifindex_span_mode_list returned 0x40e30005
  2) Event:E_DEBUG, length:96, at 684704 usecs after Thu Sep 22 15:12:04 2011
      [102] eth_span_phy_if_init_runtime_info(1051): im_get_ifindex_span_mode_list returned 0x40e30005
  anybody any suggestion. Your help is highly appreciated.

  Hi Michael,
  Thanks. You are correct. We are able to see outbound traffic from SPAN source but not inbound traffic to SPAN source.
  Note: I have done vmotion for the SPAN source and SPAN destination virtual machines.
  Please see the below output which you requested.
  1000v# show monitor session 1
     session 1
  type              : local
  state             : up
  source intf       :
      rx            : Veth13
      tx            : Veth13
      both          : Veth13
  source VLANs      :
      rx            :
      tx            :
      both          :
  filter VLANs      : filter not specified
  destination ports : Veth170   Veth36
  1000v#
  show monitor internal info session 1
  Session 1 info:
  FSM state: SESSION_STATE_OPER_ACTIVE
  State reason: 0
  *** ADMIN DATA ***
  Session state: NO SHUT
  Ingress sources
  phy if: Veth13
  port ch:
  vlans:
  Egress sources
  phy if: Veth13
  port ch:
  vlans:
  Destinations:
  Veth170, Veth36
  PSS source list:
  Veth13
  PSS destination list:
  Veth170, Veth36
  *** RUNTIME DATA ***
  hw_ssn_id: 0
  destination index: 0x4fa3 (multicast di)
  oper rx: Veth13
  oper tx: Veth13
  oper dest: Veth170, Veth36
  oper dest for di: Veth170, Veth36
  programmed rx: Veth13
  programmed tx: Veth13
  programmed dest: Veth170, Veth36
  programmed dest for di: Veth170, Veth36
  programmed filter rx:1500
  programmed filter tx:
  Lock Info: resource [Session ID(0x1)]
    type[0] p_gwrap[(nil)]
        FREE @ 97236 usecs after Sun Sep 25 12:14:25 2011
    type[1] p_gwrap[(nil)]
        FREE @ 580143 usecs after Tue Sep 27 01:53:06 2011
    type[2] p_gwrap[(nil)]
        FREE @ 520203 usecs after Sun Sep 25 12:48:23 2011
  0x1
  Use lock event history for more details
  1000v# terminal length 0
  1000v# show monitor internal info interface vethernet 13
  Interface info:
  if_index: 1c0000c0
  source for ssn 1, src_dir 3
  state: up
  layer: 2
  mode: access
  Access vlan: 1500
  Interface is not in switchport monitor mode
  No Entries in SDB for if_index 0x1c0000c0
  1000v# show monitor internal info interface vethernet 36
  Interface info:
  if_index: 1c000230
  destination for ssn 1
  state: up
  layer: 2
  mode: access
  Access vlan: 1500
  Interface is not in switchport monitor mode
  The port is MISCONFIGURED, being not span destination but used as such
  No Entries in SDB for if_index 0x1c000230
  1000v# show monitor internal info interface vethernet 170
  Interface info:
  if_index: 1c000a90
  destination for ssn 1
  state: up
  layer: 2
  mode: access
  Access vlan: 1500
  Interface is not in switchport monitor mode
  The port is MISCONFIGURED, being not span destination but used as such
  No Entries in SDB for if_index 0x1c000a90
  1000v# show interface virtual | egrep "(13|36|170)"
  Veth13      Net Adapter 1  VM451             11  esx905
  Veth36      Net Adapter 4  VM510             11  esx905
  Veth113     Net Adapter 2  VM808             12  esx902
  Veth130     Net Adapter 1  VMSDE449          12  esx902
  Veth131     Net Adapter 3  VM809             10  esx904
  Veth132     Net Adapter 2  VMSDE449          12  esx902
  Veth134     Net Adapter 2  VM510             11  esx905
  Veth135     Net Adapter 2  VM511             8   esx901
  Veth136     Net Adapter 2  VM465             9   esx903
  Veth137     Net Adapter 1  VM472             11  esx905
  Veth138     Net Adapter 3  VM470             10  esx904
  Veth139     Net Adapter 3  VM472             11  esx905
  Veth151     Net Adapter 1  VMSDE436          11  esx905
  Veth152     Net Adapter 2  VMSDE436          11  esx905
  Veth170     Net Adapter 2  RHEL5             11  esx905
  1000v# module vem 11 execute vemcmd show port
    LTL    IfIndex   Vlan    Bndl  SG_ID Pinned_SGID  Type  Admin State  CBL Mode   Name
      8          0   3969       0     32          32  VIRT     UP    UP    4 Access
      9          0   3969       0     32          32  VIRT     UP    UP    4 Access
     10          0   1513       0     32           7  VIRT     UP    UP    4 Access
     11          0   3968       0     32          32  VIRT     UP    UP    4 Access
     12          0   1514       0     32           8  VIRT     UP    UP    4 Access
     13          0      1       0     32          32  VIRT     UP    UP    0 Access
     14          0   3971       0     32          32  VIRT     UP    UP    4 Access
     15          0   3971       0     32          32  VIRT     UP    UP    4 Access
     16   1a0a0000   1600 T   307      0          32  PHYS     UP    UP    4  Trunk vmnic0
     18   1a0a0200    616 T   306      2          32  PHYS     UP    UP    4  Trunk vmnic2
     19   1a0a0300      1 T   305      3          32  PHYS     UP    UP    1  Trunk vmnic3
     20   1a0a0400      1 T   305      4          32  PHYS     UP    UP    1  Trunk vmnic4
     21   1a0a0500   1600 T   307      5          32  PHYS     UP    UP    4  Trunk vmnic5
     23   1a0a0700      1 T   304      7          32  PHYS     UP    UP    1  Trunk vmnic7
     24   1a0a0800      1 T   304      8          32  PHYS     UP    UP    1  Trunk vmnic8
     25   1a0a0900    616 T   306      9          32  PHYS     UP    UP    4  Trunk vmnic9
     48   1b0a0000   1500       0     32           3  VIRT     UP    UP    4 Access VM510 ethernet3
     49   1b0a0010    620       0     32           9  VIRT     UP    UP    4 Access VM510 ethernet2
          pvlan isolated 616 620
     50   1b0a0020   1500       0     32           4  VIRT     UP    UP    4 Access VM510 ethernet1
     51   1b0a0030   1620       0     32           0  VIRT     UP    UP    4 Access VM480 ethernet2
          pvlan isolated 1600 1620
     52   1b0a0040    620       0     32           2  VIRT     UP    UP    4 Access VM480 ethernet1
          pvlan isolated 616 620
     53   1b0a0050   1502       0     32           3  VIRT     UP    UP    4 Access VM480 ethernet0
     54   1b0a0060   1509       0     32           4  VIRT     UP    UP    4 Access fiserv-f5 ethernet2
     55   1b0a0070    620       0     32           9  VIRT     UP    UP    4 Access fiserv-f5 ethernet1
          pvlan isolated 616 620
     56   1b0a0080   1512       0     32           7  VIRT     UP    UP    4 Access fiserv-f5.eth0
     57   1b0a0090   1620       0     32           5  VIRT     UP    UP    4 Access VM459 ethernet2
          pvlan isolated 1600 1620
     58   1b0a00a0    620       0     32           2  VIRT     UP    UP    4 Access VM459 ethernet1
          pvlan isolated 616 620
     59   1b0a00b0   1501       0     32           3  VIRT     UP    UP    4 Access VM459 ethernet0
     60   1b0a00c0    620       0     32           2  VIRT     UP    UP    4 Access VM476 ethernet2
          pvlan isolated 616 620
     61   1b0a00d0   1501       0     32           4  VIRT     UP    UP    4 Access VM476 ethernet1
     62   1b0a00e0   1620       0     32           0  VIRT     UP    UP    4 Access VM476 ethernet0
          pvlan isolated 1600 1620
     63   1b0a00f0    620       0     32           2  VIRT     UP    UP    4 Access VM451 ethernet3
          pvlan isolated 616 620
     64   1b0a0100   1620       0     32           5  VIRT     UP    UP    4 Access VM451 ethernet2
          pvlan isolated 1600 1620
     65   1b0a0110   1500       0     32           3  VIRT     UP    UP    4 Access VM451 ethernet0
     66   1b0a0120   1620       0     32           0  VIRT     UP    UP    4 Access VMSDE440 ethernet1
          pvlan isolated 1600 1620
     67   1b0a0130   1508       0     32           4  VIRT     UP    UP    4 Access VMSDE440 ethernet0
     68   1b0a0140   1509       0     32           3  VIRT     UP    UP    4 Access VM501 ethernet0
     72   1b0a0180   1620       0     32           0  VIRT     UP    UP    4 Access VMSDE436 ethernet1
          pvlan isolated 1600 1620
     73   1b0a0190   1508       0     32           3  VIRT     UP    UP    4 Access VMSDE436 ethernet0
     74   1b0a01a0    620       0     32           2  VIRT     UP    UP    4 Access VM477 ethernet3
          pvlan isolated 616 620
     75   1b0a01b0   1620       0     32           5  VIRT     UP    UP    4 Access VM477 ethernet1
          pvlan isolated 1600 1620
     76   1b0a01c0   1501       0     32           3  VIRT     UP    UP    4 Access VM477 ethernet0
     77   1b0a01d0   1620       0     32           0  VIRT     UP    UP    4 Access VMSDE434 ethernet1
          pvlan isolated 1600 1620
     78   1b0a01e0   1508       0     32           4  VIRT     UP    UP    4 Access VMSDE434 ethernet0
     79   1b0a01f0   1620       0     32           5  VIRT     UP    UP    4 Access VM454 ethernet3
          pvlan isolated 1600 1620
     80   1b0a0200    620       0     32           9  VIRT     UP    UP    4 Access VM454 ethernet2
          pvlan isolated 616 620
     81   1b0a0210   1501       0     32           4  VIRT     UP    UP    4 Access VM454 ethernet0
     82   1b0a0220   1620       0     32           0  VIRT     UP    UP    4 Access VM815 ethernet1
          pvlan isolated 1600 1620
     83   1b0a0230   1507       0     32           3  VIRT     UP    UP    4 Access VM815 ethernet0
     87   1b0a0270   1620       0     32           0  VIRT     UP    UP    4 Access VMSDE405 ethernet1
          pvlan isolated 1600 1620
     88   1b0a0280   1509       0     32           3  VIRT     UP    UP    4 Access VMSDE405 ethernet0
     89   1b0a0290   1620       0     32           5  VIRT     UP    UP    4 Access VMSDE424 ethernet1
          pvlan isolated 1600 1620
     90   1b0a02a0   1509       0     32           3  VIRT     UP    UP    4 Access VMSDE424 ethernet0
     91   1b0a02b0    620       0     32           9  VIRT     UP    UP    4 Access VM472 ethernet2
          pvlan isolated 616 620
     92   1b0a02c0   1620       0     32           0  VIRT     UP    UP    4 Access VM472 ethernet1
          pvlan isolated 1600 1620
     93   1b0a02d0   1500       0     32           4  VIRT     UP    UP    4 Access VM472 ethernet0
     94   1b0a02e0   1508       0     32           4  VIRT     UP    UP    4 Access VMSDE431 ethernet1
     95   1b0a02f0   1620       0     32           5  VIRT     UP    UP    4 Access VMSDE431 ethernet0
          pvlan isolated 1600 1620
     96   1b0a0300   1620       0     32           0  VIRT     UP    UP    4 Access VM496 ethernet2
          pvlan isolated 1600 1620
     97   1b0a0310   1501       0     32           3  VIRT     UP    UP    4 Access VM496 ethernet1
     98   1b0a0320   1500       0     32           4  VIRT     UP    UP    4 Access VM496 ethernet0
     99   1b0a0330   1620       0     32           5  VIRT     UP    UP    4 Access VM510 ethernet0
          pvlan isolated 1600 1620
    100   1b0a0340   1500       0     32           4  VIRT     UP    UP    4 Access RHEL5 ethernet1
    101   1b0a0350   1512       0     32           8  VIRT     UP    UP    4 Access RHEL5.eth0
    102   1b0a0360   1620       0     32           0  VIRT     UP    UP    4 Access VM452 ethernet3
          pvlan isolated 1600 1620
    103   1b0a0370    620       0     32           2  VIRT     UP    UP    4 Access VM452 ethernet2
          pvlan isolated 616 620
    104   1b0a0380   1500       0     32           3  VIRT     UP    UP    4 Access VM452 ethernet0
    304   16000028      1 T     0     32          32  VIRT     UP    UP    1  Trunk
    305   16000029      1 T     0     32          32  VIRT     UP    UP    1  Trunk
    306   1600002a    616 T     0     32          32  VIRT     UP    UP    4  Trunk
    307   1600002b   1600 T     0     32          32  VIRT     UP    UP    4  Trunk
  1000v# module vem 11 execute vemcmd show span
  VEM SOURCE IP NOT CONFIGURED.
  HW SSN ID            DST LTL/IP  ERSPAN ID  HDR VER
          0                  4408      local
  1000v#

• Block all ip addresses except one

  I want to block all ip addresses except one from connecting to the computer. Is there a device (firewall) for the same?

  Hi,
  If you have an existing firewall and the traffic destined for that host is going through the firewall then naturally you can use the firewall to block the traffic. The firewall however wont be able to control the traffic between the devices in the same network.
  It would seem to me though that you are probably looking for something to enable blocking connections on a certain host/PC from all but one source IP address. This would sound more like a situation where you would use some software on the host/PC itself to control the access.
  Cant say much more with the provided information which was minimal.
  - Jouni

• Why WRT54G ver 7 blocks all UDP broadcasts?

  My WRT54G seems to be blocking all UDP broadcasts in the intranet side. Is there an option somewhere, which controls this behaviour, because I have not found one.
  It does not matter, if I connect my laptop with a cable or by WLAN, no UDP broadcast packets from my server to the laptop go through.
  If I connect to either one of my regular switches, UDP broadcast works perfectly.
  Note that I'm not using the WAN port at all, so I would expect no filtering on the traffic.

  Interesting! 
  For sake of argument, can you try using the broadcast address of 255.255.255.255 - this is a limited (local network only) broadcast.
  Can you see the MAC (layer 2/ethernet) portion with your tool? 
  The MAC of the destination needs to be all FFs (all ones) for broadcasts. 
  I am wondering if something is happening at a lower level - like in how switching is implemented in the linksys.  I wonder if a linksys switch (only) also does this.
  NOTE - ICMP echo (PINGS) do go through my WRV54G to specific addresses and broacdcast the x.x.x.255 addresses.