RV180W Do not allow VLANs to communicate
Hello All!
I just recently switched from the WRVS4400N to the RV180W. I have 4 VLANs, and I want VLANs 1, 2, 3 to communciate freely, but I DONT want VLAN 4 to communicate with anybody, just Internet access. On the WRVS4400N, I was able to do this using the Firewall > IP Based ACL. I notcied that the RV180W, does not have such an option. I am sure there is something I am missing, I just cant find out how to isolate VLAN 4. Any ideas would be greatly appreicated.
Thank you!
Can you send me a copy of your router config by PM or email at [email protected] Change the passwords and any other sensitive details first of course. That config should work though so I'd like to have a look at your config and see if we are missing something. Also, are you running the 1.0.1.9 firmware?
Cheers,
Dave.
Similar Messages
-
I just added 2 vlans Port-channel10 on two of my Nexus 5000's that go from the to a 6509 Catalyst switch. I get this error when I do a show log:(VLANs 133-134 on Interface port-channel10 are being suspended. (Reason: Vlan is not allowed on Peer-link) When I do a sh int trunk I see Po10 (int Eth1/3) that Vlans Err-disabled on Trunk. Another odd thing when I do an spanning tree summary neith 133 or 134 is added in to the summary? Why would spanning-tree be ignoring these two new vlans?
They are configured as so:
interface port-channel10
description "vpc 10 eth1/3 to 6506 po10 ten5/4"
switch port mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 130.,133-134,139,145,155,160-175,239,242,254,999
vpc10
What can I do to get 133 and 134 vlans to stop erroring on Port-channel 10 on both Nexus 5000's?Firstly I should say I have not used Nexus switches so the following advice should be treated with caution.
Have you added the same vlans to the allowed vlans on your vPC peer link. That is what the error message seems to be telling you ie. they are not currently allowed.
They need to be allowed otherwise the vlans are suspended which is what is happening.
As I say I haven't used these switches so I can't say for sure if there is any downtime/disruption when you modify the allowed list but I think that is your problem from what I can see.
Jon -
Nexus 3548 : vlan is not allowed on peer-link
Hi, I had posted earlier but I think I have almost figured out the issue.. just not how to resolve it.
I have two nexus switches connected together with PO5.
Each nexus has a PO6 to connect to a single Cat3750
VLAN 46 on one of the switches is showing
%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 46 on Interface port-channel6 are being suspended. (Reason: Vlan is not allowed on Peer-link)
Oddly the other switch seems to ok with VLAN 46.
I also see this
show vpc consistency-parameters vpc 6
... Local Remote.
Allowed VLANs - 1,31,34,46,200,600-605 1,31,34,46,200,600-605
Local suspended VLANs - 46 -
I just dont get it. Both switches are almost identical in their running configs.
Any thoughts?well the funny thing about the nexus configs is that I compared them in notepad ++ and they are the same.
vrf context management
ip route 0.0.0.0/0 10.31.0.9
vlan 1
vlan 31
name VLAN0031-VOIP
vlan 34
name vlan_nutanix
vlan 46
name VLAN0046-MITEL
vlan 200
name VLAN0200-ExchDAG
vlan 600
name VLAN0600-VMOTION
vlan 601
name VLAN0601-DMZ1
vlan 602
name VLAN0602-DMZ2
vlan 603
name VLAN0603-DMZ3
vlan 604
name VLAN0604-DMZ4
vlan 605
name VLAN0605-PNET
vpc domain 1
role priority 110
peer-keepalive destination 10.31.61.11 source 10.31.61.12
auto-recovery
interface port-channel5
switchport mode trunk
spanning-tree port type network
speed 10000
vpc peer-link
interface port-channel6
switchport mode trunk
spanning-tree port type normal
speed 1000
vpc 6
interface port-channel11
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 11
interface port-channel12
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 12
interface port-channel13
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 13
interface port-channel14
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 14
interface port-channel15
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 15
interface Ethernet1/1
switchport mode trunk
speed 1000
channel-group 6 mode active
interface Ethernet1/2
switchport mode trunk
speed 1000
channel-group 6 mode active
interface Ethernet1/3
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
channel-group 11
interface Ethernet1/4
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge
channel-group 12
interface Ethernet1/5
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge
channel-group 13
interface Ethernet1/6
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge
channel-group 14
interface Ethernet1/7
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
channel-group 15
interface Ethernet1/47
switchport mode trunk
channel-group 5 mode active
interface Ethernet1/48
switchport mode trunk
channel-group 5 mode active
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
3750 confing
interface Port-channel6
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/0/33
description ch nexus1-1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface GigabitEthernet1/0/34
description ch nexus1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface GigabitEthernet1/0/35
description ch nexus2-1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface GigabitEthernet1/0/36
description ch nexus2-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface Vlan46
ip address 172.17.16.1 255.255.255.0 -
UPS and our iMac // Will not allow iMac to sleep.
Hello,
We have a Cyberpower UPS (CP685AVR) for our 20" iMac 2.66Ghz (last gen)and it works great. It has a USB interface to communicate with the iMac's power manager, and tells me how much juice is left, how the cells are doing, etc.
The only problem is the UPS will not allow the iMac to sleep; if I try to manually put it to sleep, it will wake again in 10-15sec. If I disconnect the UPS, the iMac works just fine. There are no third-party drivers, either. Cyberpower relies on Apple's built-in UPS support. I've been leaving the USB cable unplugged but would like like to use it if possible.
Has anyone had an issue like this, and what has been your experience? Thanks.I won't buy Cyberpower anymore since I had one burn up on me so I have not had any experience with their newer models. I have 2 APC's and they work fine with the built in Energy Saver settings.
Are you connecting the USB directly to the back? I'm not sure if it will help but you might try resetting the SMC: http://support.apple.com/kb/HT1543?viewlocale=en_US
George -
Server 2012 and 2012 R2 do not allow access to all 7 optical SAS drives?
The following problem occurs with Windows Server 2008 R2, 2012 and 2012 R2, Datacenter or Standard.
I have an external SAS enclosure with seven optical drives and one hot-swap SAS/SATA bay that connects using two SFF-8088 connectors (no internal SAS expander, etc.). The purpose is to use the seven bluray writers to write multiple copies of a large
database simultaneously. The optical drives are also occasionally used to read datasets that come on multiple discs (usually 8-12 per dataset and up to 15 datasets at a time). Because of the volume, more optical drives are definitely better.
Regardless of the type of SAS controller used to connect this enclosure, some significant functionality is always missing.
For writing, it is best to connect directly to the optical drives (which do their own buffering) so a HBA would seem better than a hardware RAID controller. I have tried several HBAs, including LSI-9211, LSI-9240-IT, Dell H310-IT. In all cases,
Windows only sees four DVD drives and the hot-swap bay. The drives Windows sees work perfectly for reading and writing. MegaRAID Storage Manager (LSI controller software) sees all seven optical drives and the hot-swap bay. LSI says this
must be a Windows problem. Strangely, if I remove (any) three optical drives and replace them with hot-swap bays, all eight devices are recognized by Windows.
If I use a true RAID controller (tried LSI-9260, Dell H800, Dell H810, HP 812P, IBM 5015), windows and MSM see all seven drives and the hot-swap bay, reads from the optical drives are fine, but writing large discs times out (presumably because of buffering
by the RAID card) so I can't write DVDs.
Is there a way to get Server to recognize all seven optical drives on an HBA? Ideally, I'd like to add several of these enclosures but I can't even get one working properly!
The system is a Tyan (Dell) MB with dual Xeon E5-2620s and 64Gb RDIMM. Currently includes LSI-9260 (2Tb SAS 10k in RAID 0), Dell H810 (32Tb SAS in RAID 6), and LSI-9211 (optical enclosure + 3Tb hot-swap). Just installed Server 2012 R2 Datacenter
for testing.
Any help would be greatly appreciated.I've had the experience of working as a validation engineer for Intel, who at the time was developing a SAS/SATA storage controller chipset for thier new xeon processors. The chipset was included in their motherboard offerings. I validated the linux driver,
which is now included in the linux kernel as of the 3.x series kernel.
My first question is, what type of SAS enclosure are you using for your optical drives/hot swap bay? You will be surprised at how many enclosures don't actually provide a 100% direct-attached storage configuration, and instead opt to work as a mini expander
instead. In our validation, we tested several SAS enclosures, and we found several that even though they were advertised as direct-attached enclosures, by inspecting the data transmission with a SAS protocol analyzer we found communication over SMP (Serial
Management Protocol).
To ensure it is NOT the enclosure causing the anomaly, i'd connect the 7 optical drives directly to each storage controller unit (or sff-8087). These cards can support around 256 devices via expander attached configuration, as that is how many sas addresses
the scu's can support. Either way, they can only support a maximum of 8 devices direct-attached (4 per SCU). I would use a multi-line SFF-8087 SATA breakout cable to directly connect your optical drives to the HBA, 4 on SCU0 and the other 3 on SCU1.
I find it strange that LSI's storage manager can see all of the drives, but windows cannot. Since the SAS protocol allows for the ATAPI cmd set to be sent via scsi commands, the only thing I can think of is if windows can only recognize a certain amount
of SAS-addresses utilizing the ATAPI cmd set. Technically, it should only be limited by the number of devices the hba can support, and in either LSI thats 256. Otherwise the enclosure may be doing something funny with the initiator (SCU), where one initiator
may take precedence over the other. Again, testing a direct connection with a SFF-8087 SATA breakout cable will eliminate the enclosure as a factor.
I can understand from a developer perspective for the desire to have windows recognize the devices instead of relying on the lsi storage app. Firstly, that app is monstrous and unwieldy. Secondly, it does not allow for customized solutions/scripting to fully
access the optical devices, since you have to interact w/ lsi's storage mgr. 3rd, this should simply work if MS is fully compliant with the SAS protocol.
Finally, I want to make sure everyone is aware that a fully compliant 6G SAS compliant device will support SSP (Serial SCSI protocol), SMP (Serial Management Protocol), and STP (Sata Tunneling Protocol). STP basically defines how SATA devices can inter-operate
within the sas fabric by tunneling ATA commands via the SCSI cmd set. This is a basic functionality guaranteed within the overall SAS protocol; if your HBA supports SAS & SATA, it will support SSP, SMP, and STP frames (this is usually always listed on
the HBA), and therefore it will fully support SATA devices. A SAS device will support SSP & SMP. A SATA-only HBA will support the ATA cmd set only (and thus, cannot inter-operate within a SAS fabric).
Please note that at the very least, a direct-attached configuration should provide the number of Storage Controller Units x 4 fully working SATA devices (generally each internal SFF-8087 is a scu, most HBA's have a min of 2 SCU's, and 4 directly addressable
devices per SCU (8 direct attached devices total). Generally, any issues that will arise from SATA devices will be the result of expander-attached configurations. There are many points a SATA device can experience errors in a expander-attached configuration,
from the routing mechanism being utilized (table vs subtractive), to the type of expander being used (fan-out vs edge expander). Expanders will generally at least support 1 method of routing, if not both, and may or may not support multi-level configurations
(this is specifically dependent on the hba). It was not uncommon in our testing to come across expanders that would work great w/ SAS & SATA w/ 1 level expander, but fail to communicate with SATA devices past 2 or more levels. This falls on the responsibility
of the HBA, specifically the driver for the OS.
More Info on SATA Tunneling Protocol (STP):
http://www.serialstoragewire.net/Articles/2004_0225/developer_article_2_feb.html -
I have purchased the Adobe Creative Suite 6 Design & Web Premium but will not allow me to register?
I have purchased the Adobe Creative Suite 6 Design & web Premium & it will not allow me to register the software --- I'm having to use the trial version --- will you please help me in updating --- the products that I have paid lots of money for?
And I currently have Adobe Audition 1.5 --- please contact me via [email address removed]
but I would like to get this registered immediately ---
Currently I have been the recipient of a very bad experience regarding the manner in which Adobe is forcing me to spend more money on products without allowing me to upgrade accordingly --- or in having to speak to a FOREIGNER --- who cannot communicate properly .... please respond as soon as possible ... please.
My experience in trying to speak to someone with a 'Extremely Thick Accent' was very unpleasant and aggrivating ... and ended up 'going no where.'
I need to speak/communicate with someone who can help in using the product that I have paid a lot of money for.
Mason Ramsey
p.s. my current purchse of Adobe Creative Suite 6 Design & Web PremiumWell, what exactly isn't working? Do you get any errors? What system are you on? As a start, check this:
Sign in or activation errors | CS6, CS5.5 Subscriptions, CS6 Perpetual
Mylenium -
WAP561 - After 2-3 days the AP will not allow clients to fully authenticate (628911547)
Have a total of 5 APs and every 2-3 days these devices seem to not allow clients to connect. Clients appear to associate but never authenticate. I have opened a case with Cisco (Case number in title) but want to see if anyone else is having this issue and how you may have resolved this.
I received an email from an engineer and one of the options he asked me to change was not even an option on the screen. I have UNTAGGED VLAN selected however MANAGEMENT VLAN is not an option. Below is his email.
Making a bit of reasearch i discovered that maybe you have fallen into a firmware bug.
It should be related to VLAN.
If you go on VLAn and IPv4 setting you should see somewhere the MANAGEMENT VLAN and UNTAGGED VLAN settings.
Both of them should be ENABLED.
On the next fw release this should be fixed because it’s normal to have both disabled, but just to workaround the problem you could try with this settings enabled and see if the “freeze” is not happening again.
Please update me so i can close this case or go on with the process.The Fix Multicast rate setting can be found on the Wireless - Radio Page. In the advanced settings section. Below the
Transmit Power settings.
Thanks
Eric Moyers .:|:.:|:.
Cisco Small Business US STAC Advanced Support Engineer
Wireless Subject Matter Expert
CCNA, CCNA-Wireless
866-606-1866
Mon - Fri 09:30 - 18:30 (UTC - 05:00)
*Please rate the Post so other will know when an answer has been found. -
Unable to add allowed VLANs to TenGig trunk port
Hi,
I've got a ten gig interface on a 6509 running 12.2(33) configured as a trunk, but I've not been able to add any allowed VLANs as I've done before on other ten gig ports on different 6509 chassis. Am I missing something obvious?
I'm assuming that the reason I'm unable to set the encapsulation to dot1q is because the new hardware doens't support ISL, hence no need. The command to add the VLANs however doesn't get rejected, it just doesn't appear to do anything.
I've tried adding single VLANs and multiples, but no joy. Any ideas?
Here's what I've done:
SWITCH_1631(config)#default int t4/1
Interface TenGigabitEthernet4/1 set to default configuration
SWITCH_1631#sh ru int t4/12
Building configuration...
Current configuration : 65 bytes
interface TenGigabitEthernet4/12
no ip address
shutdown
end
SWITCH_1631(config)#int t4/1
SWITCH_1631(config-if)#switchport
SWITCH_1631(config-if)#switchport mode trunk
SWITCH_1631(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
SWITCH_1631(config-if)#switchport trunk allowed vlan add 700
SWITCH_1631(config-if)#
SWITCH_1631#sh vlan id 700
VLAN Name Status Ports
700 VLAN_NAME active <snip>
SWITCH_1631#sh ru int t4/1
Building configuration...
Current configuration : 74 bytes
interface TenGigabitEthernet4/1
switchport
switchport mode trunk
endSteve,
Thanks for getting back to me. You're right that it is by default a dot1q trunk allowing all VLANs, therefore it should work for what I want to do.
Port Mode Encapsulation Status Native vlan
Gi3/39 on 802.1q trunking 1
Te4/1 on 802.1q trunking 1
Po1 on 802.1q trunking 50
Po2 on 802.1q trunking 50
Po3 on 802.1q trunking 50
Po4 on 802.1q trunking 50
Po5 on 802.1q trunking 50
Port Vlans allowed on trunk
Gi3/39 15-16,20-23,30,401,608
Te4/1 1-4094
Po1 10,13,20-21,25,30,50,52,61,70,600,700-701,950
Po2 10,20,30,50,52,61,70,600,700-701,950
Po3 10,20,30,50,61,70,600,700-701,950
Po4 10,20,30,50,61,70,600,700-701,950
Po5 2-3,10-23,25-26,30,35-36,40,50-53,56,58,61,65,70,77,101-102,145-146,155-158,401-402,600-602,608,700-701,800,950
The problem was that I've always been advised that best practise is to only allow the VLANs that are actually required on a trunk to avoid broadcasting traffic unnecessarily. I worked out what the issue was though, and it was a pretty simple one!
Once I saw that 1-4094 was allowed I tried "switchport trunk allowed vlan remove 700" which worked and left me with 1-699,701-4094.
Then I realised what the problem was trying to use the "add" command when all possible VLANs had already been added. As soon as I got rid of it and used "switchport trunk allowed vlan 700" followed by "switchport trunk allowed vlan add 701" I was back in business.
So it was a very simple issue, but thank you Steve for pointing me in the right direction and confirming that all the VLANs were already allowed! -
Why is trunk not showing vlan membership?
I setup corectly a LACP etherchannel with all VLANS allowed. This interface is called Po10.
Then I set up another one, Po20, consisting of interfaces 33 and 34, but this time restricting VLANs to only VLAN 20 (all config is below).
But when I do a sh int trunk and sh vlan brief, it only shows vlans for Po10. Is this because nothing is connected to the new port-channel, yet?
And what about the "no shut" command. I have not run this command. I thought I had to run this command, since all ports are shut per default in a Cisco switch? The config does not show this for any of my ports (I might have done this for the working port-channel).
Here is the config:
3750G-A#sh run int gi1/0/33
Building configuration...
Current configuration : 228 bytes
interface GigabitEthernet1/0/33
description iSCSI LACP interface
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20
switchport mode trunk
channel-group 20 mode active
spanning-tree portfast trunk
end
3750G-A#sh run int gi1/0/34
Building configuration...
Current configuration : 228 bytes
interface GigabitEthernet1/0/34
description iSCSI LACP interface
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20
switchport mode trunk
channel-group 20 mode active
spanning-tree portfast trunk
end
3750G-A#sh run int po20
Building configuration...
Current configuration : 202 bytes
interface Port-channel20
description LACP Port-Channel for VNX iSCSi
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20
switchport mode trunk
spanning-tree portfast trunk
end
3750G-A#sh int trunk
Port Mode Encapsulation Status Native vlan
Po10 on 802.1q trunking 1
Port Vlans allowed on trunk
Po10 1-4094
Port Vlans allowed and active in management domain
Po10 1,3,20,30,40,50,60,99
Port Vlans in spanning tree forwarding state and not pruned
Po10 1,3,20,30,40,50,60,99
3750G-A#sh vlan brief
VLAN Name Status Ports
1 default active Gi1/0/6, Gi1/0/7, Gi1/0/8
Gi1/0/9, Gi1/0/10, Gi1/0/11
Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/19
Gi1/0/20, Gi1/0/21, Gi1/0/22
Gi1/0/23, Gi1/0/24, Gi1/0/25
Gi1/0/26, Gi1/0/27, Gi1/0/28
Gi1/0/29, Gi1/0/30, Gi1/0/31
Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48, Gi1/0/49
Gi1/0/50, Gi1/0/51, Gi1/0/52
3 Management active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5
20 iscsi-A active
30 iscsi-B active
40 vMotion active3560-B#sh int status
Port Name Status Vlan Duplex Speed Type
Gi0/1 Management interfa notconnect 3 auto auto 10/100/1000BaseTX
Gi0/2 management vlan 3 notconnect 3 auto auto 10/100/1000BaseTX
Gi0/3 Mangement switch notconnect 3 auto auto 10/100/1000BaseTX
Gi0/4 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/5 VNX Management notconnect 3 auto auto 10/100/1000BaseTX
Gi0/6 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/7 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/8 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/9 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/10 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/11 notconnect 1 auto auto 10/100/1000BaseTX
Port Name Status Vlan Duplex Speed Type
Gi0/12 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/13 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/14 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/15 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/16 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/17 UCS FI-B uplinks connected trunk a-full a-1000 10/100/1000BaseTX
Gi0/18 UCS FI-B uplinks connected trunk a-full a-1000 10/100/1000BaseTX
Gi0/19 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/20 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/21 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/22 notconnect 1 auto auto 10/100/1000BaseTX
Port Name Status Vlan Duplex Speed Type
Gi0/23 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/24 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/25 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/26 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/27 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/28 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/29 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/30 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/31 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/32 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/33 iSCsi fra VNX notconnect 1 auto auto 10/100/1000BaseTX
Port Name Status Vlan Duplex Speed Type
Gi0/34 iSCsi fra VNX notconnect 1 auto auto 10/100/1000BaseTX
Gi0/35 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/36 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/37 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/38 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/39 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/40 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/41 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/42 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/43 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/44 notconnect 1 auto auto 10/100/1000BaseTX
Port Name Status Vlan Duplex Speed Type
Gi0/45 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/46 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/47 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/48 notconnect 1 auto auto 10/100/1000BaseTX
Gi0/49 notconnect 1 auto auto Not Present
Gi0/50 notconnect 1 auto auto Not Present
Gi0/51 notconnect 1 auto auto Not Present
Gi0/52 notconnect 1 auto auto Not Present
Po10 Port-channel for U connected trunk a-full a-1000
Po20 iSCSi LACP Port-ch notconnect unassigned auto auto -
2960 will not allow "switchport trunk encapsulation dot1q" CLI
I have a Cisco 2960 switch that is not allowing me to setup switchport trunk encapsulation dot1q on a trunking interface.
The show capabilities shows that the interface can use 802.1q, but when I try to CLI the command the work encapsulation is not an option.
Please advise with a solution.
Thanks, S
Model - WS-C2960G-24TC-L
SW Version - 12.2(44)SE6
SW Image - C2960-LANBASEK9-M
S1#
S1#sh int gi0/23 capabilities
GigabitEthernet0/23
Model: WS-C2960G-24TC-L
Type: 1000BaseLX SFP
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
Multiple Media Types: rj45, sfp, auto-select
S1#
S1#
S1#
S1(config-if)#switchport ?
access Set access mode characteristics of the interface
backup Set backup for the interface
block Disable forwarding of unknown uni/multi cast addresses
host Set port host
mode Set trunking mode of the interface
nonegotiate Device will not engage in negotiation protocol on this
interface
port-security Security related command
priority Set appliance 802.1p priority
protected Configure an interface to be a protected port
trunk Set trunking characteristics of the interface
voice Voice appliance attributes
S1#
S1#
S1#
S1(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
pruning Set pruning VLAN characteristics when interface is in trunking mode
S1#
S1#
S1#Newer devices don't support ISL so you can only run 802.1Q. That means that there is no need for an encapsulation command because only one encapsulation is supported. If the device had support for ISL then you would also have that command.
Daniel Dib
CCIE #37149
Please rate helpful posts. -
So the situation here is :
I have a layer 3 switch who is connected to a layer 2 ( d-link) switch via trunk line on the gi0/46 of the layer 3 switch.
I implement my ACL on this gi0/46 port inbound but I can't do this outbound on this port? it says "invalid input detected"
If I type: "ip access-group VTI ?" than it only show inbound as an option. How does this come ?
Another question I have is :
I have this access-list on the gi0/46 port inbound:
10 permit udp any any
20 permit ip any 10.1.40.192 0.0.0.63
30 permit ip any 10.1.40.0 0.0.0.127
40 deny ip any 10.1.0.0 0.0.255.255
50 permit ip any any
If I do this I can't access the layer 2 D-link anymore who has an ip address (10.1.40.145).
I can access the D-link switch if i'm in the vlan 10 which is (10.1.40.0 0.0.0.127) that's because that one is allowed in my ACL above here.
But what must I do if i want that vlan 10 can access the D-link but the computers behind the D-link aren't allowed to access vlan 10 ?
Thanks
Jonas VanraesHi !
Thank you for you very clear information on the PACL. The switch is an cisco 3560x switch
But for my second question forget what I said earlier.
The situation is like this:
- They are 6 schools connected via VPN.
- In the image you can see the VLANs for one school
- Every school has his own system vlan which is always vlan 10 and always the first vlan in the subnet of the school
What do I want to succeed ?
- only vlan10 of every school must be able to access the switches who are in vlan999 , you can see that in the image
- my problem is if I implement the access-list I showed you above, only the vlan10 of the school where the switch(d-link) ispresent can access the switch but the other schools vlan 10 aren't able to access the switches. If I remove the ACL they can access the switch so the problem is definitely with the ACL
- So my question is if you still folow me: How can I allow the vlan10 of every school to access the switches but the computers behind the switches are not allowed the access the vlan 10 of every school except but their own vlan10 cause their Domain controller etc. is there.
Maybe this is more understandable
This are the vlan10 of every school
- 10.1.0.0 255.255.255.128 - school 1
- 10.1.8.0 255.255.255.128 - school 2
- 10.1.16.0 255.255.255.128 - school 3
- 10.1.24.0 255.255.255.128- school 4
- 10.1.32.0 255.255.255.128 - school 5
- 10.1.40.0 255.255.255.128 - school 6
If i do this : permit ip any 10.1.8.0 0.0.0.127 in my ACL on that gi0/46 port than the ip address range (10.1.8.0 ...) can access that d-link but the problem with this is that the computers behind the d-link also can access (10.1.8.0 ...)
If you don't understand I completely understand cause it's hard to explain
Jonas Vanraes -
Switch Port Trunk allowed Vlan
Hi Guys
Request your help on my query :
I have a distribution switch and access switch and port channel between them.
Dist switch is the VTP server
lets assum I have 25 vlan
when I do show vlan brief on the access switch I can see all 25 vlans listed now
no when I configure switch port trunk allowed vlan (ex : permitting 10 vlans )on the link connecting to access switch at Dist switch
Dist switch po1 -- connecting to - po Access switch
Dist switch #
int po1
switch port trunk alllowed vlan x,x,x,x,x,x,x,x,x,
After permitting 10 vlan through trunk allowed vlan and then when I do show vlan brief on the access switch , I should see only the 10 vlan whcih I have permiited right ?
Thanks in advanceHi,
John is absolutely correct - even if you do not permit a VLAN on a trunk, it can still provide communication among local ports on a switch that are all assigned to the same VLAN.
I have a feeling that your original question was focused on a different aspect, though: You probably expected that if you exclude some VLANs from trunks, these VLANs will not be propagated via VTP to surrounding switches. Sadly, this is not the case. The switchport trunk allowed vlan command only affects data traffic in individual VLANs but it has no impact on the operation of VTP protocol. The VTP still advertises all VLANs, regardless of which VLANs are allowed on a trunk. To put it plainly, in a VTP domain, all server/client switches will know about all VLANs. THere is no legal possibility of having a single VTP domain consisting of server/client switch and yet have the switches differ in their VLAN database contents. It's as easy as that: one VTP domain = one big common VLAN database.
Best regards,
Peter -
WRT160NL not allowing Xbox 360 to stream files from PC
I have just purchased a WRT160NL and have hooked it up and it will allow me to access the internet fine on my PC and also allow me to connect to xbox live fine on my xbox 360. When I try to stream media files from my PC from Zune though it will no longer work like it did with my previous version of Linksys router (BEFW11S4). I have followed several troubleshooting steps including trying to open several ports on my firewall but have had no success. When I try to connect to my PC with my xbox 360 I can see that it is communicating with the router fine but it is not allowing the xbox to in turn communicate with the computer. Anyone have any ideas on to what might be causing this issue?
Follow this link and change the settings on your Computer as well as on your XBOX360. Once you are done with the settings you should be able to play media files from your XBOX
-
ASA5550 port channel configuration ERROR: nameif not allowed on empty etherchannel interface
Hi All,
I am having problem when configure port channel on asa5550
IOS ver asa914-k8.bin also in ver 9.02 and 8.47.
Please let me know how can I solve this problem.
UK-LON-FW(config)# int port-channel 3
UK-LON-FW(config-if)# vlan 245
^
ERROR: % Invalid input detected at '^' marker.
UK-LON-FW(config-if)# nameif secure
ERROR: nameif not allowed on empty etherchannel interface.
UK-LON-FW(config-if)#
here is my interfaces configuration:
interface GigabitEthernet0/0
description fw1:G0/0 to uk-lon-gw1:e1/8 fw2:G0/0 to uk-lon-gw2:e1/9 outside zone
channel-group 1 mode on
no nameif
no security-level
no ip address
interface GigabitEthernet0/1
description fw1:G0/1 to uk-lon-gw2:e1/8 fw2:G0/1 to uk-lon-gw1:e1/9 outside zone
channel-group 1 mode on
no nameif
no security-level
no ip address
interface GigabitEthernet0/2
description fw1:G0/2 to uk-lon-sw1a:1 fw2:G0/2 to uk-lon-sw1a:2 dmz
channel-group 2 mode on
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
description fw1:G0/3 to uk-lon-sw1b: fw2:G0/3 to uk-lon-sw1b:2 dmz
channel-group 2 mode on
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 0
ip address 10.10.51.18 255.255.254.0
interface GigabitEthernet1/0
description fw1:G1/0 to uk-lon-sw1a:3 fw2:G1/0 to uk-lon-sw1a:4 secure zone
no nameif
no security-level
no ip address
interface GigabitEthernet1/1
description fw1:G1/1 to uk-lon-sw1b:3 fw2:G1/1 to uk-lon-sw1b:4 secure zone
no nameif
no security-level
no ip address
interface GigabitEthernet1/2
description LAN Failover Interface
no nameif
no security-level
no ip address
interface GigabitEthernet1/3
description STATE Failover Interface
no nameif
no security-level
no ip address
interface Port-channel1
description outside zone
no nameif
no security-level
no ip address
interface Port-channel1.5
description outside zone Bundle FW:G0/0-G0/1 connect to GW1:e1/8-GW2:e1/8
vlan 5
nameif outside
security-level 0
ip address 216.239.105.5 255.255.255.128 standby 216.239.105.6
interface Port-channel2
description dmz Bunlde uk-lon-fw:G0/2-3 to sw1a:1-2 sw1b:1-2
no nameif
no security-level
no ip address
interface Port-channel2.105
description dmz
vlan 105
nameif dmz
security-level 50
ip address 216.239.105.193 255.255.255.192 standby 216.239.105.194
interface Port-channel3
description secure zone Bunlde uk-lon-fw:G1/0-1 to sw1a:3-3 sw1b:3-4
no nameif
security-level 100
ip address 10.254.105.1 255.255.255.0 standby 10.254.105.2
UK-LON-FW(config-if)#Hi Marvin,
Thank you for your answer. I did everything but it did not work. Turn out it is a bug ver 8.45 will let you created the sub logical interface but actually it did not work right. Verson 9.x doesn't let you create more than 2 port channel (limitation of ASA5550 hardware).
https://tools.cisco.com/bugsearch/bug/CSCtq62715/?reffering_site=dumpcr
Also, you can see the 8.4 release notes were you can see that it is not supported:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html#pgfId-522232
Interface Features
EtherChannel support (ASA 5510 and higher)
You can configure up to 48 802.3ad EtherChannels of eight active interfaces each.
Note You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.
We introduced the following commands: channel-group , lacp port-priority , interface port-channel , lacp max-bundle , port-channel min-bundle , port-channel load-balance , lacp system-priority , clear lacp counters , show lacp , show port-channel . -
Missing Allowed vlans on trunk on Standby ACE.
Guys,
I would like to know if allowing vlans under portchannel will replicate on standby unit.Somehow I see all configuration is sync except switchport trunk allowed vlan under Portchannel.
Thanks
AjayHi Siva,
I remove 3rd port from port channel but still vlans are not getting sync.
ACE1/Admin# sh vlan
Vlans configured on physical port(s)
vlan3001 vlan3060 vlan3200-3201 vlan3208 vlan3260-3262 vlan3264-3265 vlan3270-3272 vlan3274-3275 vlan3280 vlan3300-3302 vlan3650-3652 vlan3661-3663 vlan3668-3669 vlan4090
ACE1/Admin#
ACE2/Admin# sh vlan
Vlans configured on physical port(s)
vlan3001 vlan3200-3201 vlan3208 vlan3260-3262 vlan3264-3265 vlan3270-3272 vlan3274-3275 vlan3300-3302 vlan3650-3652 vlan3661 vlan3668-3669 vlan4090
ACE2/Admin#
ACE1/Admin# sh ft group status
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Id : 1
No. of Contexts : 1
Running cfg sync status : Running configuration sync has completed
Startup cfg sync status : Startup configuration sync has completed
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 4090
query-interface vlan 3001
ft group 1
peer 1
no preempt
priority 150
associate-context Admin
inservice
any suggestion/ next steps to troubleshoot ?
Thanks
Ajay
Maybe you are looking for
-
Hi, Can't get it to work log says:Syslog ID: 716023 Group <DfltGrpPolicy> User <wmdata> IP <217.xx.xx.xx> Session could not be established: session limit of 2 reached. And license tab says "Clientless SSL VPN Peers: 2 " But active VPN Tunnels is 0 on
-
WRT54GL randomly resets settings back to default
I've had my WRT54GL for a couple of months now, and it keeps wiping my saved settings and reverting back to the default. It works fine with all devices for a week or so after the initial set-up, then will only work on the system that is wired. Thanks
-
12.1 SPC Chart: Using Nelson rules instead of WECO?
Hi, I want to apply the Nelson rules to the SPC chart instead of WECO? How and where is that configured in 12.1? (I believe it was a server level configuration in 11.5 but can't find it in 12.1 or the help). The 12.1 help just refers to how WECO ru
-
Rogue detection with Prime 2.1
Hi@all, i know many questions in the last days, but i must say, the last WCS works better as the compination Prime 2.1 and 5760 ;). My problem, we have a huge campus and at peaks ~ 1500 rogue-aps. In my new configuration (2x 5760 and Prime 2.1), the
-
Track the progress of a URL loading
I want to know the progress of a URL I load. The file is about 5mb. I create a new url : new URL ( "http://<the file>" ); But I want to display a progress bar for the loading. How can I proceed, I don't know the file size (it can be 5mb, 6mb or 7mb).