[Solved] VLAN: 2 IPs 1 NIC (Unreachable)

Similar Messages

• Issue - Inline VLAN pair IPS

  Hello everyone,
  I have an issue with an 4255 IPS using an inline VLAN pair. Here's the rough sketch of the topology:
  SW1
  port 1 access vlan 10 - PC (10.20.30.2/24)
  port 48 trunk to SW2 - all vlans allowed and forwarding
  SW2
  port 48 trunk to SW1 - all vlans allowed and forwarding
  port 1 trunk allowed vlan 10,20 to IPS g0/1 configured in inline VLAN pair; assigned to sensor etc.
  SVI vlan 20 for network 10.20.30.1/24 (up/up)
  I'm unable to ping SVI from PC. Anyone have any suggestions? Running packet display on IPS interface I only see BPDUs hitting the interface. VTP is enabled but pruning is disabled. Both vlans exist on both switches.
  I'm only seeing ARP requests from SVI on the IPS, but no replies coming from the remote switch.
  Alternatively the PC is sending ARP requests to the SVI IP, but those aren't getting resolved, nor are they getting to the IPS interface.

  Hello Yuriy
  So Topology is something like
  PC-----ACCESSPORT----SW1----TRUNK----SWITCH2
                                                                   |
                                                                   |
                                                                 IPS Inile vlan pair
  The thing is that if you already allow the vlans on the trunk link then traffic will not get inspect by the IPS,
  Do you see what I mean, you must force it to go to the IPS.
  Let me know if I was clear enough

• NIC Unreachable on Solaris 10 zone

  Hello
  We currently have a problem with multi-zoned M5000 series servers:
  Server M5000-3A has 3 zones - z1 is the global zone, z2 and z3 are non-global zones. Each zone uses physical NIC nxge5 for backups z1 = nxge5:1, z2 = nxge5:2 and z3 = nxge5:3.
  The problem is that once any one of these has been used the others become unavailable eg
  ssh z1 - connects ok
  logoff z1
  ssh z2 - hangs no error and no connection (z3 would be the same)
  A telnet to the 'sleeping' NIC will wake it up - eg telnet z2 bpcd (the NetBackup port). after about 90 secs the NIC responds.
  At this point both z1 and z2 are OK. It almost seems as if the NIC is 'going to sleep' after a period of time.
  I have searched through a number of forums etc but can not find any similar case.
  Any suggestions would be gratefully received.
  Thanks in advance.

  if your application uses the getipnodebyname(3SOCKET) API, then you might also consider making sure there is an entry (in the same format to /etc/inet/hosts) in /etc/inet/ipnodes. When a lookup fails to resolve in /etc/inet/ipnodes , it'll fall back to /etc/inet/hosts and try to resolve there, so your application will still work providing there is the requisite entry in /etc/inet/hosts. Synch'ing the 2 files will avoid introducing unecessary delays and overheads.
  Cheers.

• VLAN ID, add irtual NIC in Windows like I do in OS X

  I have a Macbook 13''.
  I am able to add VLAN ID in OS X like this video show's :
  http://screencast.com/t/fJBMWrckmbE
  However, I am not able to do the same in Windows...
  How should I be able to do the same on Windows on my MacBook.
  Please, this is really important !!
  Best Regards and thanks in advance for a answer....

  I currently do this with an iMac along with EyeTV and Time Machine. There used to be limitations with older versions of iLife, but I think it was just the installer being difficult, but those are no longer present in the shipping versions of Server and iLife. Time Machine might be considered an issue because by default, Time Machine doesn't back up a few directories which would not have any bearing on normal OS X, but is a bit daunting with OS X Server, specifically /var/spool/ as this is where all mail is stored. You can override this behavior by modifying the Exclusion file in /System/ which some would consider a no no.

• HP 620 notebook PC, Ethernet NIC Driver, VLAN issue

  Dears;
  I have HP 620 notebook running on WIN-7 32 bit, I need to use VLAN on my Ethernet NIC the problem that I don't know what's my NIC exactly and if it does support VLAN on WIN7 or not
  I searched a lot on that topic and i found below:
  1- my laptop is currently running with driver name RLT8102E/RLTK8103E;
   Physical Address. . . . . . . . . : 64-31-50-80-6C-DA
  2- in the below web site the driver is for     another NIC named  Realtek RTL8191SE 
  http://h20566.www2.hp.com/portal/site/hpsc/public/psi/home/?sp4ts.oid=4158863
  3- below link I found another card type named RTL8153EH and it support VLAN and i didn't find any driver for it
  http://www8.hp.com/h20195/v2/GetPDF.aspx/c04290703.pdf?ver=7
  Please support which of these is my proper driver and HOW CAN I USE VLAN on my NIC on WIN7
  Regards

  Hi,
  There's nothing wrong with your machine - the business portal you're trying to access has been down for most of the weekend ( probably for maintenance ).
  I don't work for HP, so the only advice I can offer would be to try again later as I would expect it to be up and running sometime today.
  Regards,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience

• Hyper-V V2 API - changing VLAN of a NIC

  Does anyone know how to change the VLAN of a NIC via the V2 API? I appreciate there are now cmdlets for this, I need to modify some v1 scripts, long story. 
  Before, i'd get an instance of Msvm_VLANEndpointSettingData from a prexisting port, but the whole flow seems different now. 
  I see Msvm_EthernetSwitchPortVlanSettingData is the way to go, but a couple of the methods i've tried don't work 
  Thanks.

  Hi Hob_Gadling,
  Thanks for your posting.
  To change the VLAN ID of a NIC, the cmdlet Set-VMNICVLAN in this module may be helpful for you, which can be used to manage the Hyper-V:
  Get-VMNICVLAN and Set-VMNICVLAN do not run remote:
  http://pshyperv.codeplex.com/workitem/6013
  Import the module, and use like this:
  Get-VM "P2V" |Get-VMNIC |Set-VMNICVLAN -VLANID "11"
  I hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• TCP flow get slower with IPS 4255 5.1(3) in inline mode

  I have an IPS 4255 with 5.1(3).
  The logical setup is the following:
  Internet
  |
  ServerA --- IPS --- PIX --- IPS --- ServerB
  The physical setup is the following:
  ServerA --- SwitchA --- IPS --- SwitchB --- PIX --- Internet
  ServerB ---/
  (ServerA and ServerB are in different DMZs -> in different VLAN-s)
  My goal is to protect many segments by one inline IPS, therefore the connection
  between SwitchA and SwitchB is an ethernet trunk (for performance reasons this is
  an etherchannel trunk (load sharing is src-dst-ip)).
  The problem is that ServerA and ServerB have to communicate, and this is done via the PIX.
  The communication is very slow and there are many fired TCP Drop and TCP normalization related
  signatures. When the IPS is in bypass on mode or one of ther server segment is not watched by the
  IPS the communcation speed is ok. I think the speed degradation is because every packet between ServerA and
  ServerB travels through the IPS twice. It seems to me that altough they are in seperate VLANs the IPS can not handle
  them.
  Has someone idea how to solve this issue?

  Hello,
  The traffic is about 1-2 megabit/sec through the IPS, so this does not count.
  I tried to use the norandomseq but it does not help.(Is it ok that the norandomseq does not appear in the configuration? - I used in this form: nat (APPL) 0 access-list ACL_NONAT_APPL norandomseq).
  I switched off all of the signatures except the normalizers. I switched them just to produce alert and verbose alert no to drop or modify packet.
  The two relevant server are Takson (172.31.5.1) and Keve (172.31.6.1)
  The alarms are attached. I see that there is alarm between them :TCP session tracking stopped due to timeout
  It seems to me very strange.
  Akos

• Best Practice setting up NICs for Hyper V 2008 r2

  I am looking at some suggestions for best practice for setting up a hyper V 2008 r2 at a remote location with 5 nics, one for managment vlan and other 4 on the data vlan.  This server will host  2 virtual machines, one is a DC and the other
  is a member local DHCP server.  The server is setup now with one nic on the management Vlan and the other nic's set to get there ip from the local dhcp server on on the host.   We have the virtual networks setup in Hyper V to
  point to each of the nics using the "external connection".  The virtual servers 'DHCP and AD" have there own ip set within them.  Issues we are seeing,  when the site looses external connections for a while they cannot get ip
  addresses from the local dhcp server anymore.
  1. NIC on management Vlan -- IP Static -- Physical host
  2. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V  -- virtual server DHCP
  3. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V -- Virtual server domain controller
  4. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V -- extra
  5. NIC on the Data network Vlan -- DHCP linked as a connection "external" in Hyper V -- extra
  Thanks in advance

  Looks like you may be over complicating things here.  More and more of the recommendations from Microsoft at this point would be to create a Logical Switch and then layer on Logical Networks for your management layers, but here is what I would do for
  you simple remote office.  
  Management NIC:  Looks good (Teaming would be better, but only if you had 2 different switching to protect against link failures at the switch level.  Doesn't seem relevant in this case however.
  NIC for Data Network VLAN:  I would use one NIC in your case if you can have the ability to Trunk multiple VLANs at the switch level to the NIC.  That way you are setting the VLAN on the VMs NIC that you want to access and your
  Virtual Switch configuration is very simple.  On this virtual switch however, I would uncheck IPv4 and IPv6.  There is no need to give this NIC an address as you are just passing traffic through them from the VMs that are marked with VLAN tags.  Again,
  if you have multiple physical switches in the building teaming could be an option, but probably adds more complexity than is necessary for a small office. 
  Even if you keep your Virtual Switches linked to separate NICs unchecking IPv4 and IPv6 makes sense. 
  Disable all the other NICs
  Beyond that, check your routing.  Can you ping between all hosts when there is not interruption? What DHCP server are they getting there addresses on normally?  Where are your name resolution servers (DNS, WINS)?  
  No silver bullet here, but maybe a step in the right direction.
  Rob McShinsky (VirtuallyAware.com)
  VirtuallyAware - Experiences in a Virtual World (Microsoft MVP - Virtual Machine)

• Windows Load Balancing on Multiple VLAN?

  Hi all.  Just wondering if any of you having this same issue as I did.  I've got NLB configured on 2 VM running on Hyper-V.  Each of the VM equiped with 2 NIC.  The NIC for heart beat purpose is configured
  with Static MAC and with the option "Enable Spoofing for MAC Address" enabled.  Another NIC is for LAN communication purose.  Each of the NIC is reside on a different VLAN (VLANx and VLANy).  After I've got the NLB configured,
  with "unicast" mode.  I've noticed I am not able to ping the NLB virtual IP address from any of the clients.  Ping works between the NLB hosts, and is accessible.  Once I've put all the NIC into the same VLAN, NLB works
  fine; I can ping the NLB virtual IP, and test on IIS works good.  My question, does NLB requires all the host to reside in the same VLAN?  If NLB support mulitple VLAN, then how can I configure it to support multiple VLAN (eg: production LAN
  NIC on VLANx, and heart beat NIC on VLANy)?  Thank you.

  Hi,
  It seems that we need to use Multicast mode.
  Configure Network Load Balancing Cluster Operation Mode
  http://technet.microsoft.com/en-us/library/cc731616.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to enable VLAN traffic in Mac book Pro

  Hi
  i am running Yosemite OS on MACBOOK PRO 13" also windows 8.1 running on parallel V10 (the latest one).
  in my line of work, we use custom tools to communicate with our products, all the tools are based on windows and running in layer 2.
  some of the tools transmits with VLAN ID, i can see that the packets are sent with VLAN but nothing is returned, deeper inspection i found that the retuned packet , that it is also tagged with VLAN, is simply dropped and doesn't reach the windows.
  on a regular windows machine, i can control the VLAN setting in the NIC configuration and typically what the NIC is doing is decapsulation the VLAN.
  How do i do the same on a MAC?
  Please help.
  thanks

  iPhoto does NOT come with the OS. It is a separate App. Yes it is included on every Mac when new.
  Since you are running Snow Leopard 10.6.8 you got 2 DVDs witrh your system. One is for installing the operating system, OS X, and the other is for reinstalling the iLife Apps that come with every Mac.
  So find your original system discs and the Applications disc in particular. Delete, "Move To Trash", the current iPhoto app then reinstall from that Applications disc. Then use Software update to update it to the most current version.

• VLAN Configuration

  I just wanted to ask a question about how other organizations have their VLAN setup. With my organization, we have each of our different VLANS. If we want to lets say a server be able to access all the VLANs, then we have to trunk the port the server is connected to and enable VLAN support on the NIC. In other words we have VLAN 1,2 set on the port, and then we create VLANS with our NIC software for VLAN 1,2. So the NIC has VLAN 1,2 with an ip address for each VLAN. Correct me if Im wrong, but you have to have an ip address for each VLAN your server or computer is connected to? In other words, I couldn't just enable trunking on the port and then set up the server NIC with an ip address that is a VLAN1 IP address?

  My question is more of what other companies use in their VLAN setup. Every single person I talk to said that our setup is unique. When they open up out network connections for one of our servers, and see 8 differenent virtual connections (VLANs), they dont understand why we do this. Thats why Im asking? If this is unique, how do other companies set up their vlans on their servers. If they want their server to be able to talk to every vlan, then how do other companies implement this. Like I said, we trunk it on the port and then set up VLANS using the nic software for each of the vlans we added to the trunk. So, each server has a virtual connection (ip address,SM, DG for that network (VLAN)). This doesnt seem to be the norm from other network prof. Ive talked to. So...do other companies just attach their server to one vlan (no trunking on the switch port and no nic multiple VLAN setup on the sever) and then enable inter-vlan routing. This then enables servers to talk to any vlan that is enabled through inter-vlan routing?

• [SOLVED] syslinux menu just keeps looping

  The computer boots, the syslinux menu shows up, and selecting the Arch partition nothing happens. Syslinux counts down to zero and just keeps looping.
  syslinux.cfg
  DEFAULT arch
  PROMPT 0 # Set to 1 if you always want to display the boot: prompt
  TIMEOUT 50
  # You can create syslinux keymaps with the keytab-lilo tool
  #KBDMAP de.ktl
  # Menu Configuration
  # Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux
  UI menu.c32
  #UI vesamenu.c32
  # Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
  MENU TITLE Arch Linux
  #MENU BACKGROUND splash.png
  MENU COLOR border 30;44 #40ffffff #a0000000 std
  MENU COLOR title 1;36;44 #9033ccff #a0000000 std
  MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all
  MENU COLOR unsel 37;44 #50ffffff #a0000000 std
  MENU COLOR help 37;40 #c0ffffff #a0000000 std
  MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std
  MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std
  MENU COLOR msg07 37;40 #90ffffff #a0000000 std
  MENU COLOR tabmsg 31;40 #30ffffff #00000000 std
  LABEL arch
  MENU LABEL Arch Linux
  LINUX ../vmlinuz-linux
  APPEND root=UUID=55f7071d-93b2-4b34-9119-d41bc3c33225 ro
  INITRD ../initramfs-linux.img
  LABEL archfallback
  MENU LABEL Arch Linux Fallback
  LINUX ../vmlinuz-linux
  APPEND root=UUID=55f7071d-93b2-4b34-9119-d41bc3c33225 ro
  INITRD ../initramfs-linux-fallback.img
  LABEL hdt
  MENU LABEL HDT (Hardware Detection Tool)
  COM32 hdt.c32
  LABEL reboot
  MENU LABEL Reboot
  COM32 reboot.c32
  LABEL off
  MENU LABEL Power Off
  COMBOOT poweroff.com
  Last edited by boast (2012-10-23 23:37:27)

  If you solved it, it would be nice to post what you did for the benefit of others.

• IDSM-2 Inline Vlan Pair - Duplicate Packets

  Dear All
  We have a setup where two IDSM-2 modules are ether-channeled together in a single 6513 Chassis.
  There is an FWSM module also, which acts as the default gateway for all internal VLANs.
  Problem: IDSM show stat virtual-sensor command is showing tons of 'Duplicate Packets'
  show statistics virtual-sensor | inc Duplic
  Duplicate Packets = 2950967
  Inline TCP Tracking Mode: Interface and VLAN
  Topology:
  Assume Client VLAN = 10 and Server VLAN = 60
  IPS Inline VLAN Pairs:
  10 >> 110 (Client VLAN)
  60 >> 160 (Server VLAN)
  Client >> Server Flow: (Layer 2):
  [ClientPC] >>>> Access Switch (VLAN 10) >>>> Core SW >>>> IDSM-2 (VLAN 10--110 Pair) >>>> Core Sw >>>> FWSM VLAN 110 >>>>
  FWSM VLAN 160 >>>> Core Sw >>>> IDSM-2 (VLAN 160--60 Pair) >>>> Server Switch (VLAN 60) >>>> [Server]
  Core Switch IPS Etherchannel Setup:
  Group 5: IDSM(A) and IDSM(B) Port x/7
  Group 6: IDSM(A) and IDSM(B) Port x/8
  Some VLAN Pair(s) are on interface x/7 and others are on x/8
  Because of the above issue, we see a lot of TCP normalization signatures being fired (as the IPS gets confused with duplicate packets seen for the same flow). Specially signatures 1330:12 :17 and :18.
  It is also causing some applications to break (e.g. Veritas Netbackup 6.5). When I removed the DENY action from these signatures, our IPS started having stability issues (This could also be due to E3 upgrade)
  Should we change the Tracking mode to 'VLAN' only, OR any other possible solution?. Should not the 'interface and vlan' setting be sufficient?.
  Regards
  Farrukh

  This will take some traffic analysis to determine what is going wrong.
  You might need to place a sniffer to watch the traffic on the client where the backup software is running at the same time that you capture the traffic on the sensor.
  Look to see if there are any differences in the traffic.
  Look for any anomalies in the traffic.
  Look to see if maybe the backup software is not using a standard TCP connection (is it jumping the tcp sequence numbers in any abnormal way?)
  You might also try some things on the sensor to determine if the sensor itself might have an issue.
  Determine if the connction passes through 2 connections (inline vlan pairs) monitored by the sensor.
  If you can, you might try removing both of the pairs from the virtual sensor. (don't delete the pairs, just remove them from the virtual sensor so they won't be analyzed)
  And see if the backup works.
  If it does then just add in one pair, and see if it keeps working.
  If it has errors with just the one pair, then the problem is likely not because of the connection being monitored twice.
  Something else must be weird about the connection.
  If the problems are only seen when having both pairs in the same virtual sensor, then try placing the pairs in different virtual sensors and see if the problem goes away.
  If the problem goes away when in different virtual sensors, then there may be an error in the inline tcp session tracking code that should track connections separately for each interface/vlan.

• VLAN Setup for VMware

  I'm new to creating VLANs on a Cisco switch, and I'm trying to create VLANs using the SG 300-10 for a VMware environment.  I'd like to use Virtual Switch Tagging on the ESX hosts, so I can use many VLANs over few physical NICs.  Plus using VST, I can just specify the VLAN ID (setup on the physical switch), on the port group for each VLAN.
  I've changed the SG 300 to layer 3, as I'd like inter-routing between my VLANs.  This is the type of setup I'm looking for:-
  VLAN1 - Default
  VLAN 10 (192.168.10.1) to 20 (192.168.20.1) linked to ports GE3 & GE4.  I've connected port GE3 to ESX1 (vmnic2) and port GE4 to ESX2 (vmnic2)
  The problem is when I check my physical network adapters (i.e. vmnic2) in vSphere, the IP Ranges for observed traffic in every VLAN specified for the configured port are not showing (i.e. networks 192.168.10.1 to 192.168.20.1) 
  I have attached screen captures of all my setup & configuration so far, I'm obviously making a mistake...
  Could someone please advise what I'm missing?
  Thank you

  I'm new to creating VLANs on a Cisco switch, and I'm trying to create VLANs using the SG 300-10 for a VMware environment.  I'd like to use Virtual Switch Tagging on the ESX hosts, so I can use many VLANs over few physical NICs.  Plus using VST, I can just specify the VLAN ID (setup on the physical switch), on the port group for each VLAN.
  I've changed the SG 300 to layer 3, as I'd like inter-routing between my VLANs.  This is the type of setup I'm looking for:-
  VLAN1 - Default
  VLAN 10 (192.168.10.1) to 20 (192.168.20.1) linked to ports GE3 & GE4.  I've connected port GE3 to ESX1 (vmnic2) and port GE4 to ESX2 (vmnic2)
  The problem is when I check my physical network adapters (i.e. vmnic2) in vSphere, the IP Ranges for observed traffic in every VLAN specified for the configured port are not showing (i.e. networks 192.168.10.1 to 192.168.20.1) 
  I have attached screen captures of all my setup & configuration so far, I'm obviously making a mistake...
  Could someone please advise what I'm missing?
  Thank you

• IPS and Switching

  Hello I have a theoretical question about vlan and IPS
  suppose have an 4215 and a router. I want to run the ips with interface inline mode.
  Would this here work fine ?
  Router - WAN
  - Ethernet Vlan 2
  4215
  -Ethernet 2 -> Vlan 2
  -Ethernet 3 Vlan 3
  -Inside network all in Vlan 3
  Would the IPS bridge if all were in the same subnet ?
  Cisco says
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517bb.html#wp1046883
  If the paired interfaces are connected to the same switch, you should configure them on the switch as access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the inline interface.
  Since I haven't read anything about deployment I had to ask to be 100% sure

  Yes - you are approaching this correctly.
  On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.
  The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.
  Let us know how your project proceeds.
  thxs
  peter