Secure Tunneling Between Two Switches

Similar Messages

• Enable port security between Two switches

  Hi Everyone,
  I connected two switches together  via below config
  Switch A
  int gi0/1
  switch mode access
  switchport access vlan 10
  Switch B
  int gi0/1
  switch mode access
  switchport access vlan 10
  They work fine with above config.
  I did the Test below
  However when i changed Config of Switch B  as below
  int gi0/1
  switch mode access
  switchport access vlan 10
  switchport port-security  
  Switch B is unable to ping its default gateway.
  Also Switch B is not reachable via SSH.
  Port is up up and in STP forwarding state.
  Switch B can see Switch A as a neighbour.
  Also Switch B is not reachable via SSH.
  I know that switchport port-security we use only when connecting to PC.
  S does this mean that  on above scenario layer 1 and layer 2 are up but layers beyond 3 and above are not reachable like ping,ssh etc??
  Regards
  MAhesh

  I was just trying to see how the switches behave with this config.Nothing much just  exploring the options in the network world
  Ideally if you want to connect two switches together in Layer 2, Dot1Q trunking is the way to go.  You do not want to put port security because it is useless. 

• Virtual tunnel between 2950 switches

  I would like to creat a virtual trunk between two 2950, both are far from each other i mean many switches install between them, how can i creat a tunnel between or Virtual trunk port.

  Hi Mansoor,
  Yes you have to establish new vlan but you should allow all the vlans from customer to pass through cause tunneling is done on 3550 till thee all vlans should be allowed. But I have not tested it with vlan restrictions.
  Also make sure the vtp domain name server and password does not matches the customer or else it will do disaster.
  Have a look at this link and the one I posted above for configuration guidelines
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/dot1qtnl.htm#wp1001228
  HTH, if yes please rate the post.
  Ankur

• Fiber connection between two switches

  Hi All,
  Here is the situation, I have two switches which are SF200 and SG300 and trying to link them up using sfp module ( fiber).
  They are both in trunk mode and the connection is up but nothing or no ip traffic goes through it .
  I have ensured allowed vlans are correct, native vlan do match but still nothing .
  Then i did a port monitor on it ( replicate it to another port) but all I could see was bunch of stp,arp , mdsn and llc traffic. nothing to do with do1q extension.
  I used wireshark , would I be able to monitor trunk traffic at all? would the protocol be dot1q ?
  However the fiber link works if I plug one of the connection which goes to the sg300 to a fiber convertor and then connect a rj45 cable from the convertor to the sg300 rj45 port. that is the only way which it works. This suggest to me a possible issue with the fiber module on the sg300 however I have tried few differnet modules and still nothing , I did even try the one which is on the sf200 ( working ) and still nothing .
  What boggles me is the fact that the link is seen as up and all good by both switches but nothing does go through them.
  Any one know what the cause could be ?
  Thanks

  Wrong forum, post in "Small Business switches". You can move your posting with the Actions panel on the right.

• Use one IPS port to create tunnel to two remote MDS switches?

  is it possible to use one gigabit port on MDS IPS 14+2 linecard to create FCIP tunnels between two other remote MDS switches?
  each tunnel will  allow a different VSAN. this is kindda crude but gotta do it, if it can be done

  yes it can be done, make 1 FCIP profile defining the Ip address of the GE interface.  Then create 2 different FCIP interfaces ( tunnels )  each one will use the same profile, but have different peers.

• Link two switch together?

  Hi
  I have two switchs (cat3750) and both them back to cat6500.
  one of our client, accidentally link one access port on one machine, and to another access port on another machine.
  the access port configuration is:
  interface FastEthernet1/0/2
   description standard Ports
   switchport access vlan 006
   switchport mode access
   switchport voice vlan 906
   switchport port-security maximum 2
   switchport port-security
   switchport port-security aging time 2
   switchport port-security violation restrict
   switchport port-security aging type inactivity
   srr-queue bandwidth share 1 30 35 5
   priority-queue out
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   macro description cisco-phone
   spanning-tree portfast
   spanning-tree bpduguard enable
   service-policy input AUTOQOS-STANDARD-POLICY
  And this link cause big multicast storm. and case eigrp routing unstable until the link is removed. I hardly to believe link a cable between two switch on access port will cause such big issue; only thing I know is at same time a multicast application also running in this area. and after I broke the link the application is still running without any problem.
  Could I get advice? if there is any possible to make configuration on access ports more secury on this case?  Could I get advice, priciply what is possible reason for this case?
  Any comments will be appreciated
  Thanks in advance
  Julxu

  both same. there is standard configuration. no different.

• Bonding two ethernet cards to two switches

  We have a corporate secure network setup relying on VLANs. And a requirement to connect all VLANs over a bond (team of network cards) that are connected to two separate switches for fail-over security. This, (two switches) makes the usage of Link Aggregation (IEEE 802.3ad) impossible. So, I set the mode of the bond to static using ifconfig (bondmode static) and get a link and a DHCP adress from the native lan.
  We configure our servers using a management lan and have this lan set as default gateway (at the top in Network/System Prefs). I create the bond using networksetup -createBond xxx en1 en2. Then set this bond to static and now have a DHCP adress.
  Then I add two VLANs, on top of the bond. One of these VLANs is to become the Default Gateway as our clients will get OD info and other goodies form this server. Al is well, the VLANs recive a DHCP address and I configure these with the static IP addresses.
  Now the problem arises. As i change the order of the networks, using networksetup -ordernetworkservices and put the correct VLAN as default Gateway the network connection fails. If I reset to dhcp the VLAN does not receive a DHCP address.
  If I create the bond using just one network card everything works as expected. If I add a network card to the bond and rerun it fails.
  Any ideas?
  IEEE 802.3ad is of on the switches, maybee turn it on just to see if it changes anything?
  Switch is a cisco with IEEE 802.3ad support but turned of.

  I've found bonding to be reliable when set via the
  GUI, but I've yet to find a stable command line
  method.
  Note that any ifconfig commands would be transient,
  and lost at the next reboot. In any case your syntax
  is incorrect. It should be:
  ifconfig bond0 bonddev
  en1
  in other words, add device en1 to the existing bonded
  interface bond0. You're passing in a physical
  interface as the first parameter instead of the
  virtual bonded interface.
  The networksetup command should work, and should be
  persistent. It's not clear why it isn't working.
  If you have ARD or a monitor on this box I'd just go
  ahead and do it via the GUI. Maybe not the answer you
  wanted, but it works for me.
  If I don't have an existing bond0, do I simply use same line above but with en0 to create it.
  For example: ifconfig bond0 bonddev en0
  And is there anything else that would require tweaking after the bond is setup.
  G4 Xserver Mac OS X (10.4.4)

• How do I quickly* switch between two Skype account...

  I have a need to be able to quickly* switch between two Skype accounts on my Windows 7 desktop computer.
  Both accounts have high-security difficult-to-remember and hard-to-type passwords.
  Many products have a facility for doing this, remembering recent account/password combinations, or having linked accounts.
  Does Skype have a way of doing this?
  And if it doesn't, how do I request it get one be developed?
  I use a password manager, LastPass, but of course Skype isn't a browser so it doesn't work with Lastpass.
  * "Quickly switch" means without switching computer sign-on accounts and without re-typing the high-security difficult-to-remember and hard-to-type passwords many times per day.
  I understand you're all volunteers.  Thank you very much for your efforts on this.
  - Keith
  Solved!
  Go to Solution.

  This can be done by setting up an another Skype client in a separate directory and with a shortcut containing the extra /datapath, /removable and /secondary switches.
  http://community.skype.com/t5/Windows-desktop-client/Why-did-Microsoft-have-to-go-and-ruin-Skype-lik...
  For your purpose you can make use of a copy of Skype.exe of the already installed Skype application.

• Two separate L2L tunnels between same two ASA

  I have a large MPLS fully meshed network with two main locations, both of which have an ASA with internet access as well as the MPLS access.  I need to be able to provide a backup connection between the two main locations in the event one of the MPLS links to one or the other goes down.
  I am considering using a L2L IPSEC tunnel between the two ASA's but the interesting traffic for the tunnel is different depending on which of the links is down and there fore I would need two different tunnels.  I have my servers and remote desktop servers at one of the main sites and the other main site has another organization attached to it externally that the servers must be able to access.
  Is there a way of creating two separate L2L tunnels between the two ASA's?  Could I perhaps assign two public IP addresses to each of the ASA's and then create the tunnels between different endpoints on each ASA?
  Does anyone have another possible solution to the problem? 
  Gene

  You should be able to do what you want using IP SLA. Please see this excellent blog post which documents one way to accomplish it.
  Hope this helps.

• How to switch between two query in Web templete.

  Hi all,
    Here i am facing problem to switch between two query in web template by using one 'table' web item. is there any way to use hyperlink 'SAP_BW_URL' and we can switch to query. here i am using these HTML code..
  <table><tr><td class="SAPBEXBtnStdBorder" cellspacing="0" cellpadding="0" border="0"><tr><td>
  <table><tr><td class="sapbexbtnstd" ><A href="<SAP_BW_URL cmd='reset_item' item='table_data' query_ID='ZSD_ZSD_M01_Q20' apply_cmd_on_target= "X">" >Switch to other query</A></td></tr></table>
  but i am not getting correct functionality.
  please help me to solve this problem.
  I know the best way to say thanks in SDN.
  thanks
  Kiran Patel

  Kiran,
    Use the web api reset_data_provider as links or in select option in HTML.
     Onchange event of this select option should call JAVASCRIPT method and
     this in turn resets the current dataprovider to your concerned one.
     How to change graphs:
     The graph item has the default data provider:
     <object>
           <param name="OWNER" value="SAP_BW"/>
           <param name="CMD" value="GET_ITEM"/>
           <param name="NAME" value="CHART_1"/>
           <param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_CHART"/>
           <param name="DATA_PROVIDER" value="DATAPROVIDER_1"/>
           <param name="TMP_CHART_DATA_HANDLE" value="IIP_49MOXB0UVNOMM6JOZMZU7QO21"/>
           ITEM:            CHART_1
     </object>
    So if you change the DATAPROVIDER_1 using RESET_DATA_PROVIDER to your concerned DP, this changes chart as well !!
     Please use this method and refer to sample code for Onchange Event on SELECT OPTION:
    <HTML>
  <HEAD>
  <script>
  function callDP() {
       if(document.forms[0].dp.value == "1") {
          //form your URL here..
         url = SAP_BW_URL_Get() + "&CMD=RESET_DATA_PROVIDER&DATA_PROVIDER_1=..&...";
          SAPBWOpenURL(url);
          //or docuemtn.location.href = url..
          //etc..
  </script>
  </HEAD>
  <BODY>
  <form>
  <select name="dp" onChange="javascript:callDP();">
  <option value="1">1</option>
  <option value="2">2</option>
  </select>
  </form>
  </BODY>
  </HTML>
  HOPE THIS HELPS !!!

• White box appears while switching between two desktops

  Hello all,
  Since few weeks I have a problem when I switch between two Desktops. Everytime I switch between them a white box appears in the left corner of my screen (see screenshot).

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches. 
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled on some models, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and  Wi-Fi on certain iMacs. The next normal boot may also be somewhat slow.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin. Test while in safe mode. Same problem? After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

• HT1918 hi I'm travelling between two countries and i have a credit card and address in both, can i set up my itunes account to switch between the respectice i tunes stores

  hi I'm travelling between two countries and i have a credit card and address in both, can i set up my itunes account to switch between the respectice i tunes stores

  Not a single account, no, at least not easily. It would be better to set up individual iTunes Store accounts, one in each country. Your computer and devices can quite happily deal with two accounts, and then you can just log into the appropriate account when you're in the applicable country. You'll need a second email address to able to create a new Apple ID.
  Regards.

• Switching between two Apple IDs - 90 day wait?

  I have been smoothly transitioning between two apple IDs on iTunes for the last year. I have just switched from PC to Mac and suddenly there's a message that states I have to wait 90 days before I can associate another Apple ID with this device. I don't really understand what this means, especially since I've already successfully logged in to both Apple ID accounts in iTunes on my new Mac.  I don't want to wait 90 days every time I buy something from one account before it will let me buy something from the other (is this what this means?)  I'd really appreciate an explanation from the learned Mac-user community.  Thanks so much for your help!

  annikaaus wrote:
  Thank you, I did find that information myself, but it didn't really make things clearer to me.  Once the 90 days is up will I be able to switch back and forth as I please? Or do I have to wait 90 days every time I want to switch IDs?
  You can switch back & forth now as you please for new purchases (not for redownloading). 90 days is for redownloading.
  iTunes prefs > Store.
  Uncheck Automatic Downloads.
  And why wasn't I aware of this wait time on my old PC device?
  You never saw this because Automatic Downloads was not ticked.

• Absolute time between two sets of switches

  Hi!
  I am trying to write a VI that will find the time difference between two sets of switches. I have attached what I currently have which only gets the time for one set of switches.
  What I am trying to include in my VI includes inputing data from two different ports and finding the resulting time difference. The two sets of switches go into different ports on the usb. The starting switches are in port 2 whereas the stoping switches are in port 1. Switch one from the first set should start the timer and switch one from the second set should stop the timer. And this logic continues for the remaining sets. Switch 2 from the first set starts the time and switch 2 from the second set stops the timer...All six switches are completely independant so they can stop in any order.
  I was also wondering how to just have the absolute time from start to stop in hrs/min/sec? And then how to I write the resulting 6 times in hrs/min/sec to a spreadsheet?
  Thanks so much for your help! I apologize for my simple questions! I am new to labview and computer programming in general.
  Attachments:
  patch_six.vi ‏25 KB

  Please don't start a new thread with the same question.  I already gave you an answer in the original thread.

• Etherchannel between two 2950 switches

  I have a etherchannel defined between 2 L2 switches using LACP as shown below. The etherchannel works fine, however when I hard code speed/duplex on both ends the etherchannel fails. What is causing this behaviour?
  SW02:
  interface Port-channel5
  interface GigabitEthernet1/0/1
  switchport mode trunk
  channel-group 5 mode active
  interface GigabitEthernet1/0/2
  switchport mode trunk
  channel-group 5 mode active
  SW02:
  interface Port-channel5
  interface GigabitEthernet1/0/1
  switchport mode trunk
  channel-group 5 mode active
  interface GigabitEthernet1/0/2
  switchport mode trunk
  channel-group 5 mode active

  Thank you for the rating.
  Regarding your replacement scenario, I'll give the standard engineering answer ("it depends"), but actually follow up with something I hope is more helpful.    I'm sincerely interested to see other's viewpoint on this as well, as it has changed over the years.
  Many years ago (let's say a decade) I ran into problems with some devices not being able to auto-negotiate properly.  There was a tendancy for devices to fail or negotiate to half-duplex mode when a full-duplex connection was warranted.  At the time, the problems we experienced were mainly with traffic shaping devices and some other gear.  There were others using fixed settings as a standard practice, and we did the same since we had verifiable issues.
  Fast forward to now.  I personally have not experienced auto-negotiation problems in a long time and am reading more from others in the field that auto-negotiation is the way to go (such as from the link provided).  Indeed, I've now run into the opposite scenario: I had a particular situation where a link between two devices defaulted to half-duplex EVEN THOUGH they were both set to 100/Full.  It turned out to be a race condition between a device and a Cisco router...the other device booted faster, didn't see anything on the link, and "helpfully" dropped down to half-duplex.  I confirmed the issue with the device vendor, who recommended setting ports to auto-negotiate as the fix (their software would not be updated for a bit of time).
  I would recommend auto-negotiate as a standard practice, with the exception of areas where you have encountered specific problems.  Those latter cases should be caught through your pre-deployment testing, and discussed with the respective vendors so that you fully understand why the devices are behaving the way they are so that the proper mitigation measures can be put in place (i.e. - It is going to act the same way every time, and you can work with that).
  Good luck!  -Ed