RV110W Blocks all inbound traffic
I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly. Anybody seen this before?
Hi David,
Please call the Small Business Support Center and speak with an engineer. The phone numbers for the support center is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport
Similar Messages
-
Block all incoming traffic and Active FTP
Will setting the firewall to Block all incoming traffic break Active FTP Connections?
The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?Hi TribleTrouble,
Do you have any issue about FTP active mode?
If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hello,
I?m hoping someone may have the answer to this. I am trying to block ALL types of IGMP traffic on a particular interface on at 3560-24-TS-S.
We have a Summit 5i switch acting as a core switch for 400 users which all (VLAN 3) participate in a multicast group sourced from one of the servers on the same VLAN 3. All the equipment is managed via VLAN 3. From this Summit 5i core switch we have an untagged hand off to a Cisco 3560 - 24-TS-S which also has 400 DIFFERENT users participating in a multicast group sourced from a server physically connected to this Cisco switch but on VLAN 6. All equipment on this switch is also managed via VLAN 3. The problem I believe is that this handoff between the Summit 5i and the Cisco 3560 are having IGMP querying conflicts and it?s causing multicast troubles on both VLAN 3 and VLAN 6. I did setup the port as protected, blocked "unknown" unicast, multicast traffic and issued a no IP IGMP snooping vlan 3. But still having troubles.
I am using IGMP v2 and source filtering is not available until v3 so I am not sure how to block ALL IGMP traffic to try and help isolate this as 2 separate networks but still being managed on the same.
Any help is greatly appreciated...
Regards,
RobertYou can try this and control the IGMP queries on a given interface.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swmcast.htm#wp1177268
To disable groups on an interface, use the no ip igmp access-group interface configuration command.
This example shows how to configure hosts attached to a port as able to join only group 255.2.2.2:
Switch(config)# access-list 1 255.2.2.2 0.0.0.0
Switch(config-if)# interface gigabitethernet0/1
Switch(config-if)# ip igmp access-group 1
HTH-Cheers,
Swaroop -
Good morning - I have an issue that has happened twice - and I need some advice. I have a 4506 running version 12.2(46)SG. We recently encountered an issue where I BELIEVE the issue to be IPV6 sending out a broadcast storm, and completely flooded the core switch - bad enough that I couldn't even console into the device. After removing all connections that were plugged in when the switch went down. After everything was back up, we found that it was a laptop with ipv6 enabled - exactly the same scenario as last time. What we found after the first incident was that a faulty NIC driver caused the ipv6 broadcast storm.
At any rate, as we do not use IPv6 for anything at all, I want to block all IPv6 traffic. I know there are different ways to do it, but I'm reaching out to see what ideas you may have also...
Thx in advance for any input!Joel,
If VACLs with IPv6 ACLs are supported on your platform then I would probably use VACLs, as they allow a filter to be applied flatly to the entire VLAN. Your other option would be to configure per-port ACLs which is cumbersome and bloats the configuration unnecessary.
With IPv6 ACLs, be sure to block ICMPv6 explicitly. As far as I remember, some ICMPv6 messages are allowed even if they are not explicitly permitted in the ACL (usually the RD and ND messaging).
If your platform allowed filtering all incoming packets by MAC ACLs, yet another way would be to use VACLs with MAC ACLs, blocking all traffic with the EtherType of 0x86DD. However, newer platforms apply MAC ACLs only to non-IP traffic so they would have no effect on frames carrying IPv6 packets. You need to consult the documentation to your device.
In any way, VACLs would be my personal preferred choice at this point.
Best regards,
Peter -
Hello folks,
Since the latest Creative Cloud update (I'm using version 1.9.0.465 as of this writing), I've been unable to successfully sync my Creative Cloud Files folder.
First things first, as other forum users have posted elsewhere, when the update installed itself, my Creative Cloud Files folder was moved from my chosen location to its default location (C:\Users\MyUserName) and I've been unable to put it back where I wanted it.
However, more pressingly, I noticed that every time I booted my computer, neither my wife nor I were able to access the Internet. After a couple days' trial and error I realized that Creative Cloud was trying (unsuccessfully) to sync about seven files (totaling about 750MB) to the cloud, and anytime the sync was actively working, my network access was completely blocked. Even the Creative Cloud desktop app itself couldn't access the Internet to authenticate my apps or Typekit fonts.
I have managed to get much smaller files (1MB, 5MB, up to 15MB) to sync successfully, however this takes a really long time, and no one on my network can manage to load a web page on their device until the sync is complete.
Right now I've got syncing paused, and everything on my network is working fine.
For some additional info, I've attached a screen grab of my Networking tab from Task Manager:
The big spikes in that graph are me and my wife loading up tons of web content-- YouTube videos, a million tabs of who-knows-what, all acting normally. Then I hit Resume on CC's sync operation, my activity line clamps way down, and no one can load any Internet content anywhere. After that, I released my computer's IP address from the command prompt, at which point Creative Cloud Desktop returned a connection failure, and I quit the app. When I renewed my IP address, I noticed our network access was still blocked, even though Creative Cloud was not running. I traced the problem back to CoreSync.exe, which had continued running even after I'd quit Creative Cloud. The moment I ended the CoreSync.exe process, everything was back to normal... until I restarted the Creative Cloud app, which in turn restarted CoreSync.exe. It was only after pausing CC's sync operation that we were able to use the Internet again.
So! To sum up, here are my two issues:
Syncing is entirely broken, and prevents everyone on my network from using the Internet while CC spins its wheels.
For some reason, following the same update, I'm unable to change the location of my Creative Cloud Files folder.
Some things I've tried:
Uninstalling & reinstalling the Creative Cloud Desktop app-- no change
Clearing my archived files on creative.adobe.com in case there was some weird argument happening between my live/syncing files and my archived files-- no change
Manually adding CoreSync.exe to my Windows Firewall whitelist-- no change
Finally, I can recreate this issue on my second computer, running the same version of Creative Cloud but running off wireless instead of Ethernet. Same symptoms-- feed it a file to sync, and everyone's Internet access is gone until the sync operation [eventually] finishes.
I'm completely stumped and very frustrated. I rely heavily on CC's file syncing feature, and as it's the only cloud storage product I'm actually paying for, I'm not willing to abandon it for another service like DropBox. I'm willing to try just about anything-- and in the meantime I'm just wishing Creative Cloud Desktop app updates weren't compulsory; the last build I'd installed here was working perfectly fine.
My basic system specs in case it's helpful:
Windows 7 Professional x64 SP1
2x Intel Xeon E5-2670 @ 2.6GHz
64GB DDR3 RAM
nVidia Quadro 4000
Any insights would be incredibly appreciated! Thanks in advance.Heyo Dave,
Thanks so much for your reply and suggestions. Here's what I've discovered after some more noodling.
I'm no networking guy, but I can't seem to find anything about my modem or router that would explain why my upstream traffic is being throttled using CC-- especially since it's all the same hardware I was using last week before I updated CC.
In addition, I've tried test uploading a couple of files using DropBox, Google Drive, and WeTransfer.com, and neither process interrupts Internet use on my network.
With all that said, I did go in and pull back my Transfer Speed settings in CC from Maximum to Low, and that made a big difference! Syncing continued to work, and our other network requests were working just fine. I managed to get my upload speed set as high as Medium; High and Maximum both kill my network within seconds of being set.
So I'm not sure what was done to the CC application in this release to supposedly enable us to "Sync Files and Fonts faster" (from the release notes), but whatever it is, it's got my uploads capping at 100Kbps (compared to a minimum 350Kbps using Google Drive) unless no one in my home wants to check their email for the next hour. That's a significant bummer for me, as my After Effects projects regularly swell to ~50MB toward the end of a project.
I'd like to submit a big report here, since really the only variable at play in this situation was the Creative Cloud update. However, unfortunately it looks like the bug report form is down... I'll have to try again later.
In the meantime, if there are any other suggestions for experiments I can run on this beast, I'm happy to oblige and report back in case other folks with similar issues can get some relief!
Thanks again,
Jared -
Howto allow all inbound traffic on 678?
I have a 501 behind a 678 (CBOS 2.4.6) The 678 does not allow inbound connection by default. How can I config the 678 to simply terminate the ADSL and allow all traffic both in and out, so that I can let the 501 do all the access control?
Try:
http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/products_user_guide_book09186a008007ce34.html
http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/prod_release_note09186a00800eac45.html -
ACLs on Dot11Radio interface blocks ALL traffic
On an AP1220 w/IOS 12.2(11)JA1, all traffic is blocked when an ACL is applied on either the RF interface or the FastE interface, even explicitly permitted traffic. Also, using the "log" command after an ACL line fails to log anything. Below is the ACL I want to apply to the Dot11Radio 0 interface. It blocks ALL traffic:
access-list 100 permit udp any any eq bootpc log
access-list 100 permit tcp any host 10.0.0.1 eq 1723 log
access-list 100 permit gre any host 10.0.0.1 log
access-list 100 deny ip any any log
Here is a test ACL that blocked ALL traffic, as well:
access-list 101 permit udp any any log
access-list 101 permit tcp any any log
access-list 101 permit icmp any any log
access-list 101 permit ip any any log
Both ACLs blocked all traffic and failed to log a single event. If the ACL is removed, everything works. HELP!It's a known bug CSCec28612 - AP1200 access-list doesnt work on radio int with a log keyword
-
How can I get Verizon to block all outgoing messages on my email?
My email was apparently hacked, it is the main account that I have used for the past seven years and all of my bill notifications and important things come to this address. I have changed the password repeatedly, run several scans on my main computer, laptop, kindle fire, and cell phone (every device I access the email on) using Norton and Norton Power Eraser on the computers. Nothing showing up.
I chatted with support just now asking them to block all outgoing email and they said it isn't possible and I find that impossible to believe. I am seeing all kinds of messages here saying that people are being blocked but I can't add an email address to that list? I need to keep it active for inbound email for a month or so just to make sure that I haven't missed any bill notices or other important stuff. Any ideas?
Thanks!Pretty hard to do without shutting down the account.
Assuming you have properlly changed your password, and checked your PC and other devices for viruses/trojatns/etc. Then the person using your email is probably NOT even using Verizon. \
Unfortunately the basic SMTP protocol is totally different then most people think. Who you say you are is not a protected value and you can say you are anyone, yes verizon's servers when initially accepting input do check, but that is about it. And the displayed sender and addresses in the smtp protocol do not have to match any text in the mail. that you see.
Typical smtp conversation
EHLO
a bunch of auth commands
MAIL and whoever i claim to be
RCPT
[email protected]
[email protected]
DATA
this is what most people is the email and its headers, but can really be anything.
FROM: SOMEone
TO: you and everyone else they can think of -
How to configure DNS server to redirect all web traffic to one external website?
I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
(BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof. So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc.
If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address. This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server. Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests. There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want. Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too. But this is also rather more pieces than a DNS redirect, too. -
Hello,
I have a Win7 PC. I want to block all incoming connections except 3 or 4 IPs. How can i do this?
I created a new rule to block all connections using this steps:
Inbound rules > New Rule > Custom > All Programs > All Protocols / Ports > All Local/Remote IPs > Block the connectiion > All profiles > Then i gave a name
This rule works fine and blocks all incoming connections.
Then i want to create a new rule to allow specific IPs using this steps:
Inbound rules > New Rule > Custom > All Programs > All Protocols / Ports > Remote IPs: 192.168.10.5, 192.168.10.10 > Allow the connection > All profiles > Then i gave a name
But 192.168.10.5 and 192.168.10.10 couldn't reach W7 machine.
(If rules are disabled or FW is off; both IPs could reach W7 machine)
ThanksHi,
How did you check these two IP address? Through remote access? According to your description, it should only allow remote IP could access this computer. Please also allow local IP for test.
Roger Lu
TechNet Community Support -
Blocking all MAC addresses except for the ones you allow
I have a Cisco Aironet 1200 Access Point. I want to block all MAC addresses from accessing the access point, except for the ones I've allowed. First I went to the Address Filters page and clicked on Allowed, then listed all the MAC address I want to be able to access the access point. Then I went to the Ethernet Advanced page, and set the Default Multicast Address Filter to Disallowed, and the Default Unicast Address Filter to Disallowed. Then I went to the AP Radio: Internal Advanced page, clicked on the Advanced Primary SSID Setup link, and set the Default Unicast Address Filter to Disallowed. Accept Authentication Type is set to Open with Shared and Network-EAP cleared, and the Require EAP check boxes are all cleared.
When using a computer whose MAC address is not listed on the Address Filters page, I am still able to connect to the network through the access point. I am also able to connect to the access point from any pc on my network by entering its IP address in Internet Explorer.
What do I need to do to block any pc without a listed MAC address from connecting to the access point?
Thanks, JeffHere's the instructions and URL on how to create an MAC based filter:
Follow these steps to create a MAC address filter:
Step 1 Follow the link path to the Address Filters page.
Step 2 Type a destination MAC address in the New MAC Address Filter: Dest
MAC Address field. You can type the address with colons separating the character pairs
(00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).
Note If you plan to disallow traffic to all MAC addresses except
those you specify as allowed, put your own MAC address in the list of allowed MAC
addresses. If you plan to disallow multicast traffic, add the broadcast MAC address
(ffffffffffff) to the list of allowed addresses.
Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed
to discard traffic to the MAC address.
Step 4 Click Add. The MAC address appears in the Existing MAC Address
Filters list. To remove the MAC address from the list, select it and click Remove.
Step 5 Click OK. You return automatically to the Setup page.
Step 6 Click Advanced in the AP Radio row of the Network Ports section at
the bottom of the Setup page for the radio you want to configure. The AP Radio Advanced page appears. -
Inbound traffic alert (ESET) - Application: System
I have a MacBook Pro (Retina, 15-inch, Mid 2014) running OS X Yosemite 10.10.2
I have installed ESET Cyber Security Pro a while ago, and an inbound traffic alert just popped up. "A remote computer is attempting to communicate with an application running on this computer. Do you wish to allow this communication?"
The application involved is "System", local port is TCP 8770. The remote computer is fe80::4c8d:97ff:feb4:5d8d, remote port is 56398.
I am still new to Mac, and therefore I'm not sure if I should allow or block. I thought that it might be system updates, but not too sure about that so I'd rather wait for an answer before proceeding.Port 8770 is used for the Digital Photo Access Protocol, which in the case of a Mac means sharing of photos. I'm not sure exactly how this port is used in Yosemite, but you can bet this is just another Mac or iOS device on your local network querying your Mac to see if it is sharing any photos. It is very unlikely that you have a network configuration that would even allow a truly "remote" computer to connect to yours over the internet.
ESET is wasting your time here. Uninstall it, and see my Mac Malware Guide for more information about protecting yourself from malware.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.) -
Nexus1000v local SPAN can't capture inbound traffic
hi all,
I just configured local SPAN on nexus1000v (version 1.3d).
local SPAN source and destination is on same VEM.
my config is like below:
monitor session 3
source interface Vethernet13 both
destination interface Vethernet170
destination interface Vethernet36
no shut
SPAN session is up.
But we can't see any inbound traffic to the source VM.
(10.16.185.4,5,6 is the IPs of SPAN source)
[root@davidzhangRHEL ~]# tcpdump -i eth1
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:07.644551 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta ndby group=1 addr=10.16.185.1
11:46:07.654771 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act ive group=1 addr=10.16.185.1
11:46:07.961735 IP 10.16.185.6.https > 10.16.184.196.50254: S 3897896960:3897896 960(0) ack 1838046824 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329579 2654766205>
11:46:07.962955 IP 10.16.185.6.https > 10.16.184.196.50254: R 1:1(0) ack 2 win 0
11:46:10.644950 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta ndby group=1 addr=10.16.185.1
11:46:10.657615 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act ive group=1 addr=10.16.185.1
11:46:11.081231 IP 10.16.185.5.https > 10.16.184.197.58538: S 1850399261:1850399 261(0) ack 3055844595 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329891 2654662655>
11:46:11.081970 IP 10.16.185.5.https > 10.16.184.197.58538: R 1:1(0) ack 2 win 0
11:46:11.957381 IP 10.16.185.5.https > 10.16.184.196.42161: S 1862096740:1862096 740(0) ack 970410175 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329978 2 654770202>
11:46:11.958705 IP 10.16.185.5.https > 10.16.184.196.42161: R 1:1(0) ack 2 win 0
11:46:12.089401 IP 10.16.185.6.https > 10.16.184.197.45604: S 2733719434:2733719 434(0) ack 3290215780 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329992 2654663683>
11:46:12.090735 IP 10.16.185.6.https > 10.16.184.197.45604: R 1:1(0) ack 2 win 0
11:46:12.956018 IP 10.16.185.6.https > 10.16.184.196.50302: S 2275642708:2275642 708(0) ack 3286673454 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74330078 2654771200>
11:46:12.956838 IP 10.16.185.6.https > 10.16.184.196.50302: R 1:1(0) ack 2 win 0
11:46:13.552716 IP 10.16.185.4.61913 > 10.2.222.111.5723: P 3867141198:386714222 3(1025) ack 4146771556 win 508
11:46:13.645770 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta ndby group=1 addr=10.16.185.1
11:46:13.654427 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act ive group=1 addr=10.16.185.1
11:46:13.817143 IP 10.16.185.4.61913 > 10.2.222.111.5723: . ack 180 win 508
1000v# module vem 12 execute vemcmd show span
VEM SOURCE IP NOT CONFIGURED.
HW SSN ID DST LTL/IP ERSPAN ID HDR VER
0 68 local
1000v# show monitor internal errors
1) Event:E_DEBUG, length:96, at 163774 usecs after Thu Sep 22 15:12:17 2011
[102] eth_span_phy_if_init_runtime_info(1051): im_get_ifindex_span_mode_list returned 0x40e30005
2) Event:E_DEBUG, length:96, at 684704 usecs after Thu Sep 22 15:12:04 2011
[102] eth_span_phy_if_init_runtime_info(1051): im_get_ifindex_span_mode_list returned 0x40e30005
anybody any suggestion. Your help is highly appreciated.Hi Michael,
Thanks. You are correct. We are able to see outbound traffic from SPAN source but not inbound traffic to SPAN source.
Note: I have done vmotion for the SPAN source and SPAN destination virtual machines.
Please see the below output which you requested.
1000v# show monitor session 1
session 1
type : local
state : up
source intf :
rx : Veth13
tx : Veth13
both : Veth13
source VLANs :
rx :
tx :
both :
filter VLANs : filter not specified
destination ports : Veth170 Veth36
1000v#
show monitor internal info session 1
Session 1 info:
FSM state: SESSION_STATE_OPER_ACTIVE
State reason: 0
*** ADMIN DATA ***
Session state: NO SHUT
Ingress sources
phy if: Veth13
port ch:
vlans:
Egress sources
phy if: Veth13
port ch:
vlans:
Destinations:
Veth170, Veth36
PSS source list:
Veth13
PSS destination list:
Veth170, Veth36
*** RUNTIME DATA ***
hw_ssn_id: 0
destination index: 0x4fa3 (multicast di)
oper rx: Veth13
oper tx: Veth13
oper dest: Veth170, Veth36
oper dest for di: Veth170, Veth36
programmed rx: Veth13
programmed tx: Veth13
programmed dest: Veth170, Veth36
programmed dest for di: Veth170, Veth36
programmed filter rx:1500
programmed filter tx:
Lock Info: resource [Session ID(0x1)]
type[0] p_gwrap[(nil)]
FREE @ 97236 usecs after Sun Sep 25 12:14:25 2011
type[1] p_gwrap[(nil)]
FREE @ 580143 usecs after Tue Sep 27 01:53:06 2011
type[2] p_gwrap[(nil)]
FREE @ 520203 usecs after Sun Sep 25 12:48:23 2011
0x1
Use lock event history for more details
1000v# terminal length 0
1000v# show monitor internal info interface vethernet 13
Interface info:
if_index: 1c0000c0
source for ssn 1, src_dir 3
state: up
layer: 2
mode: access
Access vlan: 1500
Interface is not in switchport monitor mode
No Entries in SDB for if_index 0x1c0000c0
1000v# show monitor internal info interface vethernet 36
Interface info:
if_index: 1c000230
destination for ssn 1
state: up
layer: 2
mode: access
Access vlan: 1500
Interface is not in switchport monitor mode
The port is MISCONFIGURED, being not span destination but used as such
No Entries in SDB for if_index 0x1c000230
1000v# show monitor internal info interface vethernet 170
Interface info:
if_index: 1c000a90
destination for ssn 1
state: up
layer: 2
mode: access
Access vlan: 1500
Interface is not in switchport monitor mode
The port is MISCONFIGURED, being not span destination but used as such
No Entries in SDB for if_index 0x1c000a90
1000v# show interface virtual | egrep "(13|36|170)"
Veth13 Net Adapter 1 VM451 11 esx905
Veth36 Net Adapter 4 VM510 11 esx905
Veth113 Net Adapter 2 VM808 12 esx902
Veth130 Net Adapter 1 VMSDE449 12 esx902
Veth131 Net Adapter 3 VM809 10 esx904
Veth132 Net Adapter 2 VMSDE449 12 esx902
Veth134 Net Adapter 2 VM510 11 esx905
Veth135 Net Adapter 2 VM511 8 esx901
Veth136 Net Adapter 2 VM465 9 esx903
Veth137 Net Adapter 1 VM472 11 esx905
Veth138 Net Adapter 3 VM470 10 esx904
Veth139 Net Adapter 3 VM472 11 esx905
Veth151 Net Adapter 1 VMSDE436 11 esx905
Veth152 Net Adapter 2 VMSDE436 11 esx905
Veth170 Net Adapter 2 RHEL5 11 esx905
1000v# module vem 11 execute vemcmd show port
LTL IfIndex Vlan Bndl SG_ID Pinned_SGID Type Admin State CBL Mode Name
8 0 3969 0 32 32 VIRT UP UP 4 Access
9 0 3969 0 32 32 VIRT UP UP 4 Access
10 0 1513 0 32 7 VIRT UP UP 4 Access
11 0 3968 0 32 32 VIRT UP UP 4 Access
12 0 1514 0 32 8 VIRT UP UP 4 Access
13 0 1 0 32 32 VIRT UP UP 0 Access
14 0 3971 0 32 32 VIRT UP UP 4 Access
15 0 3971 0 32 32 VIRT UP UP 4 Access
16 1a0a0000 1600 T 307 0 32 PHYS UP UP 4 Trunk vmnic0
18 1a0a0200 616 T 306 2 32 PHYS UP UP 4 Trunk vmnic2
19 1a0a0300 1 T 305 3 32 PHYS UP UP 1 Trunk vmnic3
20 1a0a0400 1 T 305 4 32 PHYS UP UP 1 Trunk vmnic4
21 1a0a0500 1600 T 307 5 32 PHYS UP UP 4 Trunk vmnic5
23 1a0a0700 1 T 304 7 32 PHYS UP UP 1 Trunk vmnic7
24 1a0a0800 1 T 304 8 32 PHYS UP UP 1 Trunk vmnic8
25 1a0a0900 616 T 306 9 32 PHYS UP UP 4 Trunk vmnic9
48 1b0a0000 1500 0 32 3 VIRT UP UP 4 Access VM510 ethernet3
49 1b0a0010 620 0 32 9 VIRT UP UP 4 Access VM510 ethernet2
pvlan isolated 616 620
50 1b0a0020 1500 0 32 4 VIRT UP UP 4 Access VM510 ethernet1
51 1b0a0030 1620 0 32 0 VIRT UP UP 4 Access VM480 ethernet2
pvlan isolated 1600 1620
52 1b0a0040 620 0 32 2 VIRT UP UP 4 Access VM480 ethernet1
pvlan isolated 616 620
53 1b0a0050 1502 0 32 3 VIRT UP UP 4 Access VM480 ethernet0
54 1b0a0060 1509 0 32 4 VIRT UP UP 4 Access fiserv-f5 ethernet2
55 1b0a0070 620 0 32 9 VIRT UP UP 4 Access fiserv-f5 ethernet1
pvlan isolated 616 620
56 1b0a0080 1512 0 32 7 VIRT UP UP 4 Access fiserv-f5.eth0
57 1b0a0090 1620 0 32 5 VIRT UP UP 4 Access VM459 ethernet2
pvlan isolated 1600 1620
58 1b0a00a0 620 0 32 2 VIRT UP UP 4 Access VM459 ethernet1
pvlan isolated 616 620
59 1b0a00b0 1501 0 32 3 VIRT UP UP 4 Access VM459 ethernet0
60 1b0a00c0 620 0 32 2 VIRT UP UP 4 Access VM476 ethernet2
pvlan isolated 616 620
61 1b0a00d0 1501 0 32 4 VIRT UP UP 4 Access VM476 ethernet1
62 1b0a00e0 1620 0 32 0 VIRT UP UP 4 Access VM476 ethernet0
pvlan isolated 1600 1620
63 1b0a00f0 620 0 32 2 VIRT UP UP 4 Access VM451 ethernet3
pvlan isolated 616 620
64 1b0a0100 1620 0 32 5 VIRT UP UP 4 Access VM451 ethernet2
pvlan isolated 1600 1620
65 1b0a0110 1500 0 32 3 VIRT UP UP 4 Access VM451 ethernet0
66 1b0a0120 1620 0 32 0 VIRT UP UP 4 Access VMSDE440 ethernet1
pvlan isolated 1600 1620
67 1b0a0130 1508 0 32 4 VIRT UP UP 4 Access VMSDE440 ethernet0
68 1b0a0140 1509 0 32 3 VIRT UP UP 4 Access VM501 ethernet0
72 1b0a0180 1620 0 32 0 VIRT UP UP 4 Access VMSDE436 ethernet1
pvlan isolated 1600 1620
73 1b0a0190 1508 0 32 3 VIRT UP UP 4 Access VMSDE436 ethernet0
74 1b0a01a0 620 0 32 2 VIRT UP UP 4 Access VM477 ethernet3
pvlan isolated 616 620
75 1b0a01b0 1620 0 32 5 VIRT UP UP 4 Access VM477 ethernet1
pvlan isolated 1600 1620
76 1b0a01c0 1501 0 32 3 VIRT UP UP 4 Access VM477 ethernet0
77 1b0a01d0 1620 0 32 0 VIRT UP UP 4 Access VMSDE434 ethernet1
pvlan isolated 1600 1620
78 1b0a01e0 1508 0 32 4 VIRT UP UP 4 Access VMSDE434 ethernet0
79 1b0a01f0 1620 0 32 5 VIRT UP UP 4 Access VM454 ethernet3
pvlan isolated 1600 1620
80 1b0a0200 620 0 32 9 VIRT UP UP 4 Access VM454 ethernet2
pvlan isolated 616 620
81 1b0a0210 1501 0 32 4 VIRT UP UP 4 Access VM454 ethernet0
82 1b0a0220 1620 0 32 0 VIRT UP UP 4 Access VM815 ethernet1
pvlan isolated 1600 1620
83 1b0a0230 1507 0 32 3 VIRT UP UP 4 Access VM815 ethernet0
87 1b0a0270 1620 0 32 0 VIRT UP UP 4 Access VMSDE405 ethernet1
pvlan isolated 1600 1620
88 1b0a0280 1509 0 32 3 VIRT UP UP 4 Access VMSDE405 ethernet0
89 1b0a0290 1620 0 32 5 VIRT UP UP 4 Access VMSDE424 ethernet1
pvlan isolated 1600 1620
90 1b0a02a0 1509 0 32 3 VIRT UP UP 4 Access VMSDE424 ethernet0
91 1b0a02b0 620 0 32 9 VIRT UP UP 4 Access VM472 ethernet2
pvlan isolated 616 620
92 1b0a02c0 1620 0 32 0 VIRT UP UP 4 Access VM472 ethernet1
pvlan isolated 1600 1620
93 1b0a02d0 1500 0 32 4 VIRT UP UP 4 Access VM472 ethernet0
94 1b0a02e0 1508 0 32 4 VIRT UP UP 4 Access VMSDE431 ethernet1
95 1b0a02f0 1620 0 32 5 VIRT UP UP 4 Access VMSDE431 ethernet0
pvlan isolated 1600 1620
96 1b0a0300 1620 0 32 0 VIRT UP UP 4 Access VM496 ethernet2
pvlan isolated 1600 1620
97 1b0a0310 1501 0 32 3 VIRT UP UP 4 Access VM496 ethernet1
98 1b0a0320 1500 0 32 4 VIRT UP UP 4 Access VM496 ethernet0
99 1b0a0330 1620 0 32 5 VIRT UP UP 4 Access VM510 ethernet0
pvlan isolated 1600 1620
100 1b0a0340 1500 0 32 4 VIRT UP UP 4 Access RHEL5 ethernet1
101 1b0a0350 1512 0 32 8 VIRT UP UP 4 Access RHEL5.eth0
102 1b0a0360 1620 0 32 0 VIRT UP UP 4 Access VM452 ethernet3
pvlan isolated 1600 1620
103 1b0a0370 620 0 32 2 VIRT UP UP 4 Access VM452 ethernet2
pvlan isolated 616 620
104 1b0a0380 1500 0 32 3 VIRT UP UP 4 Access VM452 ethernet0
304 16000028 1 T 0 32 32 VIRT UP UP 1 Trunk
305 16000029 1 T 0 32 32 VIRT UP UP 1 Trunk
306 1600002a 616 T 0 32 32 VIRT UP UP 4 Trunk
307 1600002b 1600 T 0 32 32 VIRT UP UP 4 Trunk
1000v# module vem 11 execute vemcmd show span
VEM SOURCE IP NOT CONFIGURED.
HW SSN ID DST LTL/IP ERSPAN ID HDR VER
0 4408 local
1000v# -
Block all ip addresses except one
I want to block all ip addresses except one from connecting to the computer. Is there a device (firewall) for the same?
Hi,
If you have an existing firewall and the traffic destined for that host is going through the firewall then naturally you can use the firewall to block the traffic. The firewall however wont be able to control the traffic between the devices in the same network.
It would seem to me though that you are probably looking for something to enable blocking connections on a certain host/PC from all but one source IP address. This would sound more like a situation where you would use some software on the host/PC itself to control the access.
Cant say much more with the provided information which was minimal.
- Jouni -
Why WRT54G ver 7 blocks all UDP broadcasts?
My WRT54G seems to be blocking all UDP broadcasts in the intranet side. Is there an option somewhere, which controls this behaviour, because I have not found one.
It does not matter, if I connect my laptop with a cable or by WLAN, no UDP broadcast packets from my server to the laptop go through.
If I connect to either one of my regular switches, UDP broadcast works perfectly.
Note that I'm not using the WAN port at all, so I would expect no filtering on the traffic.Interesting!
For sake of argument, can you try using the broadcast address of 255.255.255.255 - this is a limited (local network only) broadcast.
Can you see the MAC (layer 2/ethernet) portion with your tool?
The MAC of the destination needs to be all FFs (all ones) for broadcasts.
I am wondering if something is happening at a lower level - like in how switching is implemented in the linksys. I wonder if a linksys switch (only) also does this.
NOTE - ICMP echo (PINGS) do go through my WRV54G to specific addresses and broacdcast the x.x.x.255 addresses.
Maybe you are looking for
-
Send Adobe form as PDF via E-mail
Hi, I am doing one interacive adobe form where i need to send that filled form in PDF format via email. I tried using below options but unfortunately its not working: 1.I used "Email Submit Button" but its sending attachment as XML which I dont want.
-
IMac is starting with only 2 cpus
Hello, Two weeks ago my iMac started restarting by itself. It couldn't start the OSX, but restarting just before the login screen. I was investigating this issue for a whole day until I found that if I set boot arguments to CPU=1 it starts just fine.
-
HttpURLConnection simply doesn't work as it should!
Hi everybody. I've been stuck for a week with these related problems. answers to any of them would be very, very appreciated (i'm working in Java 1.2.2) I am sending a POST request from a client applet to a Web server (a CGI made in Perl). I have che
-
Two different document types in MIRO
Hi Gurus, Can we have two different FI document types in MIRO for Service PO and Normal PO? Standard is RE but we want one more. Can you please suggest something? Regards,
-
I have bought a game (real racing 2) and it won't download onto my ipod.
I have bought a game (real racing 2) and it won't download onto my ipod.