Switch and Broadcast filtering

Similar Messages

• AE Switch AND broadcasting wifi network?

  My current network is:
  router > homeplug... | Different part of house | ...homeplug with its own Wi-Fi network & 2 LAN ports
  as everything I have is Apple, and wanted to upgrade to more reliable equipment, would this work?
  router > homeplug... | Different part of house | ...homeplug > airport express (With its own wi-Fi network)> LAN >netgear 5 hub switch > AV/Mac Mini/Hue

  would this work?........router > homeplug... | Different part of house | ...homeplug > airport express (With its own wi-Fi network)> LAN >netgear 5 hub switch > AV/Mac Mini/Hue
  Yes, assuming that the homeplug devices are working well at the present time.

• ACL restriction of multicast and broadcast on SRW2016

  Hello all,
  I seem to be having difficulty setting up an ACL that restricts multicast and broadcast packets to a specified port on the SRW2016.
  In brief, I have one (physical) port that I need to prevent any broadcast or multicast packets from being sent to.  I need to allow clients which are on that port to send broadcast, however.  My take on this was to create an ACL with one rule of the type:
  Type: Deny
  Protocol: Any
  Source IP: 10.0.0.0/255.255.255.255
  Destination IP: 224.0.0.0/0.255.255.255
  Another type I tried was a 2-rule ACL to explicitly allow only a valid sender and deny all:
  Type: Allow
  Protocol: UDP
  Dest Port: 1234
  Source IP: 10.1.0.100/0.0.0.0
  Dest IP: 10.1.0.101/0.0.0.0
  Type: Deny
  Protocol: All
  I have tried various permutations these types of ACL (changing ordering, etc) but everything I have tried so far has allowed the multicast packets through unless I block it at the sending port (which obviously blocks it from all ports).
  Any suggestions or comments would be appreciated.  Is what I'm trying to do even possible in the SRW2016?
  Thanks,
  Mike

  Just to make sure I was creating/applying the ACLs correctly, I did a simple test with a very basic rule: I just set type to deny (basically a deny all rule).  I applied this rule to one port of the switch and verified that it was working by attempting to access the switch's web configuration interface (which correctly was inaccessable).  However, the multicast packets were still being delivered (verified via both an Ethernet dump and visual inspection of the switch's LED).
  Based on the above information, I feel it's fairly safe to say that Multicast is not filtered correctly via ACLs on the SRW2016.  Apparently Multicast packets take a different logical path than "normal" packets.  Since I don't expect an immediate firmware patch, I suspect that I need to see if I can get a router in addition or as a replacement for the switch.
  Edit: I found a method that appears to restrict the multicast packets via the "Bridge Multicast" interface (basically created a rule for the MAC related to my multicast address, set to Forbidden on one port, but this is not a generic solution for all multicast and I don't seem to be able to have more than 1 MAC address in the list...), but broadcast still gets through, regardless of the ACL I set up for the port.
  I'm beginning to wonder if my understanding of ACLs is flawed - does anyone know if they're applied to incoming packets for a port, outgoing packets for a port or both?  My assumption was both, but if the rule were only applied to incoming packets, it would explain the behavior I'm observing.
  Message Edited by michael.beresford on 03-02-2009 02:46 PM

• ISA570 - SPAM and Web Filtering Only

  I want to use my new IAS570 for SPAM and Web filtering but not as a firewall or VPN endpoint at this time.  I want to contune to use my existing firewall for the other 2 services.  Is it possible to do this and does the ISA570 need an external IP address in order to leverage the other functions?

  Steve,
  I believe you can accomplish what you are wanting by enabling Routing Mode (Networking -> Routing -> Routing Mode).  Routing mode basically turns off NAT on the device but allows the other security functions to still continue working.  So for example, this would be your configuration to add the ISA.
  Placement
  Internet -> Current Firewall -> ISA -> Network Switch(s) -> Workstations/Servers
  Example configs
  Current Firewall
  Outside IP - 1.1.1.1 /24
  Inside IP - 10.0.0.1 /24
  ISA
  WAN1 IP - 10.0.0.2 /24
  WAN Gateway - 10.0.0.1
  LAN IP - 10.1.0.1 /24
  Workstation/Server Gateway - 10.1.0.1
  Additional Configuration
  ISA
  Networking -> Routing -> Routing Mode
  Enable
  Firewall -> Access Control -> ACL Rules
  Add ACL Rule to Permit Any Any and ensure it's at the top of the list
  Security -> Dashboard
  Disable everything except SPAM and Web Filtering
  The ISA doesn't require you to configure an External IP on it.  You just need to ensure it has Internet Access to it can continue to get updates for the services you are utilizing.
  Shawn Eftink
  CCNA/CCDA
  Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• Home setup - network switch and 2 Time Capsules

  I have an ADSL modem/router (Billion BIPAC 5200G). I have used it previously with wireless turned off. I then used a time capsule  in bridge mode so that NAT etc is turned off, and then use it to broadcast wifi and as a backup. It is attached to the modern with ethernet. It worked fine.
  I am now in a house with a lot of ethernet ports, linked to a massive hub thing. But it needs a switch to link it all together.
  So I am thinking of this setup:
  PHONE LINE
  to
  BILLION ROUTER (Set as a router with wifi turned off)
  to
  NETWORK SWITCH
  to
  VARIOUS ethernet enabled devices in different rooms (i.e. printers, Apple TV, TV, Time capsule)
  Then I want to use my 2nd time capsule to extend my ground floor network by plugging it in essentially directly into the time capsule via ethernet in roaming mode.
  Is this the optimal setup for this? My other idea was to forgo the network switch and do it this way:
  PHONE LINE
  to
  BILLION ROUTER (Set as a router with wifi turned off)
  to
  VARIOUS ethernet enabled devices INCLUDING the TIME CAPSULE and PRINTER.
  then:
  To the TIME CAPSULE:
  to
  VARIOUS ethernet enabled devices INCLUDING Imac, Apple TV and another TIME CAPSULE in roaming mode.
  My main questions are: which setup will give me better speeds to all devices. Ie: is the switch even necessary? In my 2nd example, will the first time capsule and printer be available to the Imac.
  There seems to be no real advantage to having the TIME CAPSULE in router mode while keeping the BILLION ROUTER as a pass through with NAT off (To avoid Double NAT) except for the guest network capabilities.
  If its just simpler to have the network switch, then perhaps that's the way to go. If so: any suggestions on network switches that work well?

  It doesn't allow me to select ethernet as an option for internet connection, only dchp, ppoe and one more which isn't ethernet.
  DHCP is correct setting. .it will use ethernet but the new AC TC has problems.. it needs a crossover cable with some switches. Or you need to return it and get it replaced as there is something wrong with its wan port.. the new AC model needs a hardware revision and about 3 or 4 firmware upgrades before it hits the status of the Gen4 it replaced.
  My questions are: should I connect my time capsules together directly with ethernet using another available port in my new time capsule. I thought my switch would work better. Also, does one time capsule have to be in router mode instead of having both of them in bridge.
  Both should be in bridge.. but you can rearrange things to see if any of the other devices works better.
  You can use the billion or the old TC.. plug the new TC into those.
  Bob is correct though.. the switch is the correct thing for everything to be plugged into .. but in home situation what works is more important than what is best. It if fails in all of them then the WAN port is proven faulty.
  Should I be able to use the hdd on the 2nd (older) time machine as essentially a networked hdd for putting movies and music on, and use my new time capsule as the sole backup (occurring both over ethernet for my iMac and wifi for our laptops)
  Yes, that is ok.. you just need to get the AC version TC actually working properly.
  Give us a few screenshots of things.. that really helps to see.
  Click on each unit and show the summary pages.

• WRT54GXv-2 and ActiveX filtering

  Hello all,
  I have a WRT54GXv-2 and I just upgraded to Vista Ultimate from Win XP Pro. I'm having a problem with windows update and after trying everything I can through windows I found someone who solved the problem by turning off ActiveX filtering through his Linksys router, not sure of the model, but this leads me to believe this may be where I should focus.
  My question is this, aside from turning off the router firewall is there anything else I can try? I have not found a switch for ActiveX filtering so any help would be greatly appreciated.
  Jacks

  Since your router does not have a switch to enable or disable ActiveX, I would assume that ActiveX is always enabled (i.e. I would assume that the router does not filter ActiveX).
  ActiveX is such a standard part of the way some Internet services are provided, that I cannot imagine a router that would permanently disable (block) ActiveX.  If this were the case with your router, I am sure that we would have heard lots of complaints about it.  I have not seen this come up before as an issue.
  I do not know much about Vista, but when ActiveX tries to work in Windows XP, you see a thin bar appear, just above your Internet window pane.  You have to click on this bar and give specific permission for ActiveX to work.  Its easy to miss the bar.  If you don't click the bar, nothing happens, and the ActiveX will not work.   Perhaps Vista works in a similar way. 
  Message Edited by toomanydonuts on 02-05-200701:18 AM
  Message Edited by toomanydonuts on 02-05-200702:39 AM
  Message Edited by toomanydonuts on 02-05-200702:41 AM
  Message Edited by toomanydonuts on 02-05-200705:56 AM
  Message Edited by toomanydonuts on 02-05-200705:59 AM
  Message Edited by toomanydonuts on 02-05-200706:00 AM

• How do I get the 1121 card to read the switch and make it a 1 or 0 to count pulses?

  Hello,
  I am developing a test stand to test tires. We have LabView 7.1 and the SCXI chassis with an 1121 transducer card. I am trying to count the rate and total number of revolutions made by the tire. The signal is acquired from a 12V-proximity switch that is actuated once per RPM. The tire turns at 1,000 RPM or a little more.
  The signal will have to go through a 100-foot cable to get to the LabView chassis, will this be a problem?
  How do I get the 1121 card to read the switch and make it a 1 or 0 to count pulses?
  Will LabView be able to read this many pulses per second?
  How do I get MPH and a RPM reading out of it?
  Thank you,
  James Happe

  Hi James,
  Since you are cabling your DAQ board to an SCXI chassis with an 1121, you will not be able to use your counters without additional hardware.
  The 1121 is an analog input signal conditioning module. It performs filtering and attenuation to help measure analog signals. What it does not have is access to your board's counter pins.
  In order to use your counter pins you will need to get the necessary hardware. You have two options:
  1) Buy and SCB-68. This is a breakout box that will cable directly to your DAQ board replacing your SCXI chassis. You can connect your signals directly to your counter with this. However, I would advise against this because your application has a 12 volt signal. This will overload the 5v maximum voltage for your counter pins.
  2) Buy a 1180 feedthrough panel. This will allow you to use all of your DAQ board's functions with the SCXI chassis. Withouth the 1180 feedthrough panel, the SCXI-1121 is the only thing connected to your DAQ board. Since the 1121 only performs conditioning on the analog inputs, that is all you can access. The other pins cannot be used (no access). With the 1180 feedthrough panel, you can put a connector block on and access all of your other pins (including the counter pins). Again, I would advise against this since your 12 volt signal will overload your counter pins.
  My suggestion would be to perform an analog input task. Set up your 1121 in MAX and use a LabVIEW shipping example. In the shipping example select an analog input channel from your SCXI-1121 module. Set the appropriate voltage range and take some measurements. Once your signal is connected and you can read it using an analog input example you are half way there.
  Take the analog input shipping example and modify it to perform frequency analysis on the voltage readings. You can simply wire the data from the DAQmxRead VI into one of the frequency analysis VI's (noted in my first post). The output if that VI will give you the frequency of your signal.
  -Sal

• FlexConnect local/central switched and Access-Accept Packets

  For our branch offices’s wireless access, we would like to use FlexConnect with one SSID and two distinct user profiles:
  •  Full network access, local switched.
  •  Limited network access, central switched:
  ◦       To isolate traffic from the branch’s LAN.
  ◦       To force traffic through a firewall at the central site.
  ▪       To ease access rules management.
  ◦       Internet access only by default.
  ▪       Internet access is located at the central site.
  ▪       We expect to manage some exceptions to the rule.
  We know that it’s not possible to switch from local to central switched using the same SSID with FlexConnect and AAA Override.
  However, we found an interesting bit in the documentation pages regarding RADIUS attributes:
  Authentication Attributes Honored in Access-Accept Packets (Airespace)
  VAP ID
  This attribute indicates the WLAN ID of the WLAN to which the client should belong. When the WLAN-ID attribute is present in the RADIUS Access Accept, the system applies the WLAN-ID (SSID) to the client station after it authenticates. [...]
  Source:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76/b_cg76_chapter_0101000.html#reference_327F94A40AAE46E48153B265E521DDCF
  We then made an assumption that the following was possible:
  •  Create a second SSID
  ◦       Broadcast not enabled
  ◦       Central Switched
  •  Users would authenticate using the first SSID
  •  In it’s access-accept packet, the RADIUS server would return an
  Airespace-WLAN-Id attribute with the value of the second SSID.
  •      The WLC would then assign the second SSID to the users so they’re central switched and forwarded through the firewall at the main site.
  So far, our tests showed no results.
  •  Is that solution achievable at all? It seemed so from the documentation, but we haven’t found any documented evidence that someone actually tried it.
  •  If not, what would you recommend?
  For RADIUS, we are using Microsoft 2012r2 NPS servers. Everything’s been working fine with them so far. We can do AAA vlan override for our main site and with FlexConnect also, without any problems. What’s not working is the local/central switched scenario we’re trying to pull off. The RADIUS server sends the Airespace-WLAN-Id attribute from what I see with Wireshark, but the WLC does not seem to react to it like I thought it would. I couldn’t find a debug command that would tell me what the WLC does with the attributes from the access-accept packet. Maybe the behaviour I’m experiencing is to be expected, that’s what I would like to know.
  Thank you very much,

  Your WLAN is defined with as centrally switched or locally switched, AAA override will not chage that value.  AAA attributes can change a users vlan, acl and QoS.  The other attributes are intended to use for rules... example:
  Is the user part of this AD group and is this user on WLAN ID=1.
  You will not be able to go from centrally switched to locally swithed and vice versa.  I don't know how you would be able to achieve what your trying to acomplish with one SSID to be honest.

• ESW Switches and Smartports

  Hi All,
  Just going through the ESW switches, and it looks like their is no option for 'Server' on these switches (I have noted this on the 2960G's as well).
  Is this a shortcoming of CCA, or has this been excluded on purpose.  I know that for the 520 and 500 switches it was there.
  Thanks!
  Chris

  John,
  I do understand that you can use a server in a non server port... but based on the macro below:
  Macro name : cisco-desktop
  Macro type : default interface
  # macro keywords $access_vlan
  # desktop port role
  switchport mode access
  switchport port-security maximum 1
  no macro description
  macro description cisco-desktop
  queue-set 2
  service-policy input general-map
  srr-queue bandwidth share  5  5 40 50
  switchport access vlan $access_vlan
  switchport port-security
  switchport port-security violation restrict
  switchport port-security aging time 2
  switchport port-security aging type inactivity
  spanning-tree portfast
  storm-control broadcast level 10.0
  cdp enable
  spanning-tree bpduguard enable
  And then this macro:
  Macro name : cisco-server-critical
  Macro type : default interface
  # macro keywords $access_vlan
  # server port role critical
  switchport mode access
  switchport port-security maximum 1
  no macro description
  macro description cisco-server-critical
  queue-set 1
  service-policy input critical-server-map
  srr-queue bandwidth share  5  5 70 20
  switchport access vlan $access_vlan
  switchport port-security
  switchport port-security violation restrict
  switchport port-security aging time 2
  switchport port-security aging type inactivity
  spanning-tree portfast
  storm-control broadcast level 10.0
  cdp enable
  spanning-tree bpduguard enable
  It doesn't set the qos the same ways.  I assume we would have a noticable difference in speed to the server, and since the esw's are not ios, I dont' see there is anyway to set these manually.
  Now I do realize that these switches are base switches, but in my opinion we are penalizing SMB with substandard options.  I got these macro definitions from my CE520-24PC.
  Thanks!

• DHCP config in switch and router

  Hi,
  I was wondering if we can configure dhcp in switch and routers such that the IP of device assigned with IP address would change if we assign same static IP to another device in the same network. does cisco support such kind of configuration?
  Thanks,
  Vish

  Consider this (I will not use in a production network): if you statically assign the IP add 192.168.1.1. to the PC both host will detect a uplicate ip address. After this the first host (the one using DHCP)  will not renew the lease, instead it send a:
  DHCPDECLINE - Client to server indicating network address is already
  in use.
  DHCP server will  offer a new IP address and put the old one in the conflict database.
  If you set a very short lease in some way you have the desired behavior but, again, it's nothing I wolud like to use ina production network
  A little test with lease 1mnute
  *Mar  1 01:31:01.183: DHCPD: DHCPDECLINE received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
  *Mar  1 01:31:01.187: DHCPD: Sending notification of TERMINATION:
  *Mar  1 01:31:01.187:  DHCPD: address 192.168.123.7 mask 255.255.255.0
  *Mar  1 01:31:01.191:  DHCPD: reason flags: DECLINE
  *Mar  1 01:31:01.191:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:01.195:   DHCPD: lease time remaining (secs) = 57
  *Mar  1 01:31:01.195: DHCPD: returned 192.168.123.7 to address pool DP.
  *Mar  1 01:31:01.199: %DHCPD-4-DECLINE_CONFLICT: DHCP address conflict:  client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 declined 192.168.123.7.
  *Mar  1 01:31:01.207: DHCPD: Sending notification of DISCOVER:
  *Mar  1 01:31:01.207:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:01.211:   DHCPD: remote id 020a0000c0a87b0100000000
  *Mar  1 01:31:01.211:   DHCPD: circuit id 00000000
  *Mar  1 01:31:01.215: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 on interface FastEthernet0/0.
  *Mar  1 01:31:01.219: DHCPD: Seeing if there is an internally specified pool class:
  *Mar  1 01:31:01.219:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:01.223:   DHCPD: remote id 020a0000c0a87b0100000000
  *Mar  1 01:31:01.223:   DHCPD: circuit id 00000000
  *Mar  1 01:31:01.223: DHCPD: Allocate an address without class information (192.168.123.0)
  R1#
  R1#
  *Mar  1 01:31:03.227: DHCPD: Adding binding to radix tree (192.168.123.8)
  *Mar  1 01:31:03.227: DHCPD: Adding binding to hash tree
  *Mar  1 01:31:03.231: DHCPD: assigned IP address 192.168.123.8 to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
  *Mar  1 01:31:03.235: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 (192.168.123.8).
  *Mar  1 01:31:03.239: DHCPD: broadcasting BOOTREPLY to client c202.1d24.0000.
  *Mar  1 01:31:03.267: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
  R1#
  *Mar  1 01:31:03.271: DHCPD: Sending notification of ASSIGNMENT:
  *Mar  1 01:31:03.275:  DHCPD: address 192.168.123.8 mask 255.255.255.0
  *Mar  1 01:31:03.275:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:03.279:   DHCPD: lease time remaining (secs) = 60
  *Mar  1 01:31:03.279: DHCPD: No default domain to append - abort update
  *Mar  1 01:31:03.283: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 (192.168.123.8).
  *Mar  1 01:31:03.283: DHCPD: broadcasting BOOTREPLY to client c202.1d24.0000.

• Differences between VMware virtual switches and HyperV virtual switches

  Hello,
  I've deployed an OpenVpn infrastructure (configured in bridging mode) within a VMmare ESX4 environment.
  The scenario is this:
  A remote client connects to the OpenVpn server (VM1), VM1 also owns an interface where traffic passes in tagged mode complaint to vlan 8021q, VM2 owns a interface on the vlan10. VM1 can ping VM2 without any problem (supposing vlan 10 traffic), but the remote
  client cannot ping VM2.
  The scenario works perfectly in a physical environment (without any virtual machine).
  The scenario is like this:
  Analizing traffic with Wireshark on the VM2 I've noticed that an ARP request leaves from the remote client MAC to the destination host interface of VM2 (broadcast ARP request).
  The host VM2 sends an ARP reply directly to the MAC address of the remote client.
  This last packet doesn't pass the vSwitch, so it isn't received by the remote client and the ping fails.
  This occurs because the VMware ESX vSwitch only knows all the MACs of virtual machines within the ESX environment, it doesn't learn MAC addresses like a physical real switch and it discards packets sent to unknown unicast MAC addresses (broadcast traffic instead
  is passed). Within the VMware infrastructure this is solvable only by using of the Promiscuos mode feature of the virtual switch port.
  I would like to ask if HyperV virtual switches work like VMware ESX virtual switches. So in Hyper-V virtual switches do learn mac addresses actually like a physical switch?

  This last packet doesn't pass the vSwitch, so it isn't received by the remote client and the ping fails. This occurs because the VMware ESX vSwitch only knows all the MACs of virtual machines within the ESX environment, it doesn't learn MAC addresses
  like a physical real switch and it discards packets sent to unknown unicast MAC addresses (broadcast traffic instead is passed). Within the VMware infrastructure this is solvable only by using of the Promiscuos mode feature of the virtual switch port.
  Thank you; I did the same in Wireshark and noticed the ARP reply was not being received by my VMware guest Hyper-V host, so I did an Internet search and found this document at the top of the list. For other people that came here because their VMware guest
  Hyper-V lab server's SCVMM 2012 SP1 logical switch virtual network adapter combination could not ping other VMware guests; In addition to "Accept" for your VMware vSwitch (described above), you will need to change your VM Network VLAN ID to "All".

• HT5012 I am having difficulty XMIT/REC text messages to family members using Android phones?  I have a 3GB data plan and all switches and buttons are set properly.  Any suggestions?

  I am having difficulty XMIT/REC text messages to family members using Android phones?  I have a 3GB data plan and all switches and buttons are set properly.  Any suggestions?

      Hello APVzW, we absolutely want the best path to resolution. My apologies for multiple attempts of replacing the device. We'd like to verify the order information and see if we can locate the tracking number. Please send a direct message with the order number so we can dive deeper. Here's steps to send a direct message: http://vz.to/1b8XnPy We look forward to hearing from you soon.
  WiltonA_VZW
  VZW Support
  Follow us on twitter @VZWSupport

• What is the diffrence between multicasting and broadcasting?

  hi friends
  What is the diffrence between multicasting and broadcasting?
  i'm bit confused in multicasting and broadcasting.

  Broadcasts go everywhere within a range determined by the sender.
  Broadcasting is deprecated and unliikely to go beyond the nearest router.
  Multicasts go everywhere where receivers have declared they are present.
  Multicast can be implemented beyond routers in a WAN which you control but ISP routers generally don't support it.

• Security and/or filtering error in data form creation

  Hi,
  I am getting this error when I am trying to preview my data form.
  This is the first time I am creating an application and data form in Hyperion.
  The data form is multicurrency and plan type is Plan1.
  Row:
  Account members: Descendants(Account)
  Column:
  Year:Descendants(FY10)
  Period:Descendants(YearTotal)
  Page Dimension(s)
  Entity:Descendants(Entity)
  Scenario:Current
  Version:BU Version_1
  POV:
  Currency:USD
  Disabled all options in "Other options" and Not selected any business rukes.
  When selecting preview data form I am getting below error:
  Security and/or filtering has resulted in a required dimension not being represented on this data form
  I have not selected any security/filter settings as of now. Please suggest whats causing this.
  Thanks,

  Hi Jake,
  I did what you suggested,but I am still getting same error.
  Here I would like to point out that. I have selected my application to support multicurrency, but 'HSP_RATES' does not come in Dimension selection drop down. I can see 'HSP_RATES' in Performance settings tab, but I cant see it in Dimensions tab or Evaluation order tab.
  Is this causing problem? Should I add it manually?
  Thanks,
  Rajni.