Traffic on interfaces trunk - Network Ingraestructure
I wanted to know if it is normal that all traffic on my network this through all trunk ports of switches
I set a sniffer and a switch connected without any connection trunk only to validate, the sniffer see that you are getting all network traffic through the trunk.
What can be causing this behavior and what considerations should be taken apart filtering vlans?
Regards.
Now I might have misunderstood your concern but I'll give it a shot:
Trunks carry traffic for multiple vlans and with no filtering in place they carry traffic for all vlans configured, normally you will see broadcasts e.g. DHCP or ARP requests going through all the trunk ports on a switch (that are not STP Blocking). This is normal behaviour.
However if your sniffer is picking up a lot of packets that are meant for unicast destinations going out all trunk ports and also being captured by your sniffer over some time, then could be something else. CAM Overflows result in the switch flooding packets out all ports that are in the same vlan and out all trunk ports on which the vlan is allowed. This would result in the behaviour you observed. you can use the show mac address-table count to verify mac address space.
Hope this helps
Similar Messages
-
UBLR dosen´t work in an interfaces trunk?
I´m configuring Aggregate policer in a Sup720-3B, I need to configure Aggregate Policer in a Trunk interfaces, It´s required to limit the bandwidth for vlan to L2 through an interface trunk, between two catalyst. But it´s dosen´t work. The configuration that I am using is:
S6509#run int giga 3/2
Building configuration...
Current configuration : 167 bytes
interface GigabitEthernet3/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
service-policy input LIMIT
end
S6509#
S6509#show ip access-lists TRAFFIC
Extended IP access list TRAFFIC
10 permit ip any any
S6509#
S6509#show class-map Daniel
Class Map match-all Daniel (id 1)
Match access-group name TRAFFIC
S6509#
S6509#
S6509#show policy
S6509#show policy-map
Policy Map LIMIT
Class Daniel
police flow mask src-only 2000000 200000 conform-action transmit exceed-action drop
S6509#
S6509#
hostname S6509
boot system flash disk1:s72033-advipservicesk9_wan-mz.122-18.SXF14.bin
logging buffered 32768 debugging
logging rate-limit all 1000
enable secret 5 $1$Oewp$4FbojEBx0Nn.sXO1ZzhIj/
class-map match-all Daniel
match access-group name TRAFFIC
policy-map LIMIT
class Daniel
police flow mask src-only 2000000 200000 conform-action transmit exceed-action drop
S6509#show mls qos
QoS is enabled globally
Policy marking depends on port_trust
QoS ip packet dscp rewrite enabled globally
Input mode for GRE Tunnel is Pipe mode
Input mode for MPLS is Pipe mode
QoS Trust state is DSCP on the following interface
Gi3/4
Vlan or Portchannel(Multi-Earl) policies supported: Yes
Egress policies supported: Yes
----- Module [5] -----
QoS global counters:
Total packets: 233
IP shortcut packets: 0
Packets dropped by policing: 0
IP packets with TOS changed by policing: 0
IP packets with COS changed by policing: 0
Non-IP packets with COS changed by policing: 0
MPLS packets with EXP changed by policing: 0
S6509#
S6509#
S6509#show policy-map interface gigabitEthernet 3/2
GigabitEthernet3/2
Service-policy input: LIMIT
Class-map: Daniel (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name TRAFFIC
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
S6509#Contact the wireless carrier to which the iPhone is locked and
ask that carrier if they provide unlocking and if you qualify.
What is the exact wording of any error message you receive? -
My question is..
interface Gi0/1 on access switch (Switch A) configured as trunk port allowing multiple vlans (say vlan 100-105)
Now, this interface Gi0/1 on switch A has no issues and configured fine.
Another switch B connected to Switch A and working fine. both sw A & sw B up and working fine
But, switch B is now say disconnected from Switch A which causes the interface Gi0/1 on SW A go down.
when I do a "show interface trunk" on Switch A, will the output show trunked vlans 100-105 or the output will not show the trunked vlans as the interface on Switch A is down because the Switch B is disconnected???
Basically, all I want to know is when an interface configured for trunking multiple vlans go down will the "show interface trunk" command list those vlans 100-105 in the output ???
Thanks for looking into my qWhen the link is down, you will get a "blank" output to the command "sh interface trunk".
-
How much VLAN traffic on .1Q trunk
Hi guys, we have two 6509 connecting to each other with eight L2 links which are .1q trunks. There are VLAN interfaces on both 6509 for vlan10 and vlan20. My question is how to find out how much vlan10 and vlan20 traffic going through on link1? I know we can get the stat on vlan interface, but are there any other ways to check it out on trunk interface?
6509 - eight .1Q trunks - 6509
Thanks. LeoHi rapper36,
From:
http://blogs.catapultsystems.com/cfuller/archive/2012/06/22/opsmgr-2012-resource-requirements-and-usage-recommendations-for-agent-and-agentless-monitoring-scom.aspx
OpsMgr 2012 Agentless Monitoring resource requirements:
Processor: < 1% average increase in processor utilization
Disk: < 1 average increase in pages per second
Disk: < 1 MB data (as there is no %programfiles%\System Center Operations Manager folder created)
Network: < 1 MB data sent and received to the system during installation
Memory: 14 MB less available memory
Time to Deploy to Monitored state: 2.5 minutes
After the agent was appearing as monitored the performance counters gathered prior to the installation were compared to those gathered after installation. The results indicate additional overhead associated with the Operations Manager 2012 agentless monitoring
after the agent was appearing as monitored.
Processor: < 1% average increase in processor utilization
Disk: < 1 average increase in pages per second
Disk: < 10 MB
Network: < 1 MB/min additional traffic
Memory: < 1 MB less available memory
Natalya
### If my post helped you, please take a moment to Vote as Helpful and\or Mark as an Answer -
Having issues on ASA 5510 pass traffic between interfaces
I am trying to pass traffic between two internal interfaces but am unable to. Been searching quite a bit and have tried several things to no avail. I feel like there is a simple solution here I am just not seeing. Here is the relevant portion of my config:
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.5.1 255.255.255.0
interface Ethernet0/2
nameif ct-users
security-level 100
ip address 10.12.0.1 255.255.0.0
same-security-traffic permit inter-interface
access-list inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.12.0.0 255.255.0.0
access-list inside_access_in extended permit ip any any
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (ct-users) 0 access-list inside_nat0_outbound
nat (ct-users) 1 0.0.0.0 0.0.0.0
static (inside,ct-users) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
access-group outside_access_in in interface outside
access-group outside_access_ipv6_in in interface outside
access-group inside_access_in in interface inside
access-group inside_access_ipv6_in in interface inside
access-group inside_access_in in interface ct-users
access-group inside_access_ipv6_in in interface ct-users
On both networks I am able to access the internet, just not traffic between each other.
A packet-tracer reveals the following (it's hitting some weird rules on the way):
cybertron# packet-tracer input inside tcp 192.168.5.2 ssh 10.12.0.2 ssh detailed
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab827020, priority=1, domain=permit, deny=false
hits=8628156090, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
match ip ct-users 10.12.0.0 255.255.0.0 inside any
static translation to 10.12.0.0
translate_hits = 0, untranslate_hits = 6
Additional Information:
NAT divert to egress interface ct-users
Untranslate 10.12.0.0/0 to 10.12.0.0/0 using netmask 255.255.0.0
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad5bec88, priority=12, domain=permit, deny=false
hits=173081, user_data=0xa8a76ac0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab829758, priority=0, domain=inspect-ip-options, deny=true
hits=146139764, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad48c860, priority=6, domain=nat-exempt-reverse, deny=false
hits=2, user_data=0xad4b5e98, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=192.168.5.0, mask=255.255.255.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any ct-users 10.12.0.0 255.255.0.0
NAT exempt
translate_hits = 2, untranslate_hits = 2
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad3b1f70, priority=6, domain=nat-exempt, deny=false
hits=2, user_data=0xad62b7a8, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=10.12.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
static (inside,ct-users) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
match ip inside 192.168.5.0 255.255.255.0 ct-users any
static translation to 192.168.5.0
translate_hits = 1, untranslate_hits = 15
Additional Information:
Forward Flow based lookup yields rule:
in id=0xadf7a778, priority=5, domain=nat, deny=false
hits=6, user_data=0xad80cfd0, cs_id=0x0, flags=0x0, protocol=0
src ip=192.168.5.0, mask=255.255.255.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) udp 184.73.2.1 1514 192.168.5.2 1514 netmask 255.255.255.255
match udp inside host 192.168.5.2 eq 1514 outside any
static translation to 184.73.2.1/1514
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab8e2928, priority=5, domain=host, deny=false
hits=9276881, user_data=0xab8e1d20, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=192.168.5.2, mask=255.255.255.255, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 9
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
match ip ct-users 10.12.0.0 255.255.0.0 inside any
static translation to 10.12.0.0
translate_hits = 0, untranslate_hits = 6
Additional Information:
Forward Flow based lookup yields rule:
out id=0xad158dc0, priority=5, domain=nat-reverse, deny=false
hits=6, user_data=0xac0fb6b8, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=10.12.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 10
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
match ip ct-users 10.12.0.0 255.255.0.0 inside any
static translation to 10.12.0.0
translate_hits = 0, untranslate_hits = 6
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xada0cd38, priority=5, domain=host, deny=false
hits=131, user_data=0xac0fb6b8, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=10.12.0.0, mask=255.255.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 11
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xad5c1ab0, priority=0, domain=inspect-ip-options, deny=true
hits=130, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 12
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 189385494, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: ct-users
output-status: up
output-line-status: up
Action: allowhow are you testing? if you are pinging between the subnets, make sure you have disabled windows firewall and/or any other firewall that is installed on the PCs (remember to re-enable it later).
Are the NAT commands there because you were trying different things to get this working? I suggest you use the command no nat-control instead. Depending on the version of ASA you are running it may already be disabled by default. In version 8.4 and later nat-control has been removed completely.
Please remember to select a correct answer and rate helpful posts -
Cisco 2950 Gigabit interface trunking
This is the small part of the network design that i want to seek advice from the forum .
++ we have two cisco 2950 switch
switch1 ==gigabit trunk == switch2 .
we want trunking to enable between these two two switches by using there gigabit ethernet interface ie
switch 1 interface GigabitEthernet0/1 is connected to switch 2 interface GigabitEthernet0/1 and switch 1 interface GigabitEthernet0/2 is connected to switch 2 interface GigabitEthernet0/2.
i need advice in following areas
++ what cable do we need to connect these switches (i guess cross over cable will do )
++ do we have configuration on the tech tip page
for achieving the same ?Hello,
for the trunk connection you need a four twisted-pair crossover cable:
Figure B-11 Four Twisted-Pair Crossover Cable Schematics for 10/100/1000 and 1000BASE-T Ports
http://www.cisco.com/en/US/partner/products/hw/switches/ps628/products_installation_guide_chapter09186a0080346679.html#wp1020386
You can either configure 802.1Q or an ISL trunks between your switches. For 802.1Q the configuration would look like this:
Switch1
interface GigabitEthernet0/1
switchport trunk encapuslation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
Switch2
interface GigabitEthernet0/1
switchport trunk encapuslation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
And for ISL encapsulation, the configuration would look like this:
Switch1
interface GigabitEthernet0/1
switchport trunk encapuslation isl
switchport mode trunk
interface GigabitEthernet0/2
switchport trunk encapsulation isl
switchport mode trunk
Switch2
interface GigabitEthernet0/1
switchport trunk encapuslation isl
switchport mode trunk
interface GigabitEthernet0/2
switchport trunk encapsulation isl
switchport mode trunk
You could also configure a GigaChannel to bind both interfaces into one logical link, for better throughput. For 802.1Q:
Switch1
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/1
switchport trunk encapuslation dot1q
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
Switch2
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/1
switchport trunk encapuslation dot1q
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
And for ISL:
Switch1
interface Port-channel1
switchport trunk encapsulation isl
switchport mode trunk
interface GigabitEthernet0/1
switchport trunk encapuslation isl
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/2
switchport trunk encapsulation isl
switchport mode trunk
channel-group 1 mode on
Switch2
interface Port-channel1
switchport trunk encapsulation isl
switchport mode trunk
interface GigabitEthernet0/1
switchport trunk encapuslation isl
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/2
switchport trunk encapsulation isl
switchport mode trunk
channel-group 1 mode on
HTH,
GP -
ISCSI & Server LAN Traffic in Same Trunk Port
Hi,
I plan to use a Cisco UCS Rack mountable C200 server with a dual port PCIe card with TOE iSCSI. Is it acceptable to:
To use just one dual port PCIe card for both iSCSI storage traffic and server LAN traffic - separated by VLANs? - With the ports connected two upstream swtches (for redundancy) and the switch ports configured as Trunks for both iSCSI & data VLANs??
To use 1GE TOE iSCSI ports instead of 10GE TOE iSCSI ports
To use a TOE iSCSI port for server data VLAN traffic??Yes doable. Also you can mark iSCSI with cos 2 and 9000 MTU with certain badwidth gaurantee for your iSCSI traffic and rest stays in default queue.
class-map type qos iSCSI-qos-class
match cos 2
policy-map type qos iSCSI-qos-policy
class iSCSI-qos-class
set qos-group 2
class class-default
set qos-group 0
class-map type queuing iSCSI-queuing-class
match qos-group 2
policy-map type queueing iSCSI-queuing-policy
class type queuing iSCSI-queuing-class
bandwidth percent 30
class type queuing class-default
bandwidth percent 70
class-map type network-qos iSCSI-network-class
match qos-group 2
policy-map type network-qos iSCSI-network-policy
class type network-qos iSCSI-network-class
mtu 9216
class type network-qos iSCSI-network-class
mtu 1500
system qos
service-policy type qos input iSCSI-qos-policy
service-policy type queueing output iSCSI-queuing-policy
service-policy type network-qos iSCSI-network-policy -
Checking L2/L3VPN traffic path through SP network (for ECMP)
Folks,
Scenario:
CE1-----PE1=====P1=====P2=====PE2-------CE2
Lets say CE1 and CE2 are doing L2VPN and all hops between PE1, P1,P2 and PE2 have more than one equal cost paths (ECMP).
I am trying to ascertain a way of knowing what path the EoMPLS traffic would take inside the SP core.
Some vendors say the way the hashing works is that if a PE finds its got more than one path to the egress PE, it would do hashing based on src/dst MAC and in other cases if a P device finds its got more than one path to egress PE, it would do hashing based on VC-label.
In either case, lets say we know what hashing method the P or PE device is using, obviously we would need an easier method to determine what path a pseudowire would take inside the provider network - Again, some vendors use what is called a "pseudowire traceroute" to determine this path. A pre-requisite of this is that at the time of setting up of the PW, the control word needs to be turned on.
I am looking for more knowledge on whether someone knows how the pseudowire traceroute would work and the process behind the PW traceroute which uses the control word ? more like how we know a normal traceroute works is through UDP pakcets with incremenyting TTL... and so forth
Anyone ??Hello Ulatif,
it looks like that mpls traceroute for a pseudowire is not possible.
Actually the VCCV should be under the implementation of ping mpls and ping mpls pseudowire. The following document is a little old but explains the basic concepts under ping mpls and traceroute mpls.
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/gslsppt.html#wp1156080
However, sh mpls l2transport vc detail provides the choice for a specific pseudowire between two parallel paths
see this example from our network:
sh mpls forw 10.80.0.25
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
21 295 10.80.0.25/32 0 Te1/2 10.82.0.233
341 10.80.0.25/32 0 Te1/6 10.82.0.237
sh mpls l2transport vc det
Local interface: Te1/7 up, line protocol up, Ethernet up
Destination address: 10.80.0.25, VC ID: 1, VC status: up
Output interface: Te1/2, imposed label stack {295 372}
Preferred path: not configured
Default path: active
Next hop: 10.82.0.233
Create time: 7w4d, last status change time: 6w4d
Signaling protocol: LDP, peer 10.80.0.25:0 up
Targeted Hello: 10.80.0.24(LDP Id) -> 10.80.0.25
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 1429, remote 372
Group ID: local 0, remote 0
MTU: local 9216, remote 9216
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 5172156, send 5361948
byte totals: receive 676971483, send 917397631
packet drops: receive 0, seq error 0, send 610
This solves the question at source PE or destination PE of the pseudowire but I agree that in the middle in your scenario there are other possible choices of intermediate nodes.
All I can say is that once a path is chosen by source PE it determines a complete path because intermediate nodes will make a choice and keep it.
Hope to help
Giuseppe -
Cisco ASA 5520 traffic between interfaces
Hello,
I am new in the Cisco world , learning how everything goes. I have a Cisco ASA 5520 firewall that i am trying to configure, but i am stumped. Traffic does not pass trough interfaces ( i tried ping ) , although packet tracer shows everything as ok. I have attached the running config and the packet tracer. The ip's i am using in the tracer are actual hosts.
ciscoasa# ping esx_management 192.168.10.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.100, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa# ping home_network 192.168.10.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.100, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Thank you in advance.Hi,
Is this just a testing setup? I would suggest changing "internet" interface to "security-level 0" (just for the sake of identifying its an external interface) and not allowing all traffic from there.
I am not sure what your "packet-tracer" is testing. If you wanted to test ICMP Echo it would be
packet-tracer input home_network icmp 10.192.5.5 8 0 255 192.168.10.100
I see that you have not configured any NAT on the ASA unit. In the newer ASA software that would atleast allow communication between all interface with their real IP addresses.
I am not so sure about the older ASA versions anymore. To my understanding the "no nat-control" is default setting in your model which basically states that there is no need for NAT configurations between the interfaces the packet is going through.
Have you confirmed that all the hosts/servers have the correct default gateway/network mask configurations so that traffic will flow correctly outside their own network?
Have you confirmed that there are no firewall software on the actual server/host that might be blocking this ICMP traffic from other networks?
Naturally if wanted to try some NAT configurations you could try either of these for example just for the sake of testing
Static Identity NAT
static (home_network,esx_management) 192.168.5.0 192.168.5.0 mask 255.255.255.0
static (home_network,DMZ) 192.168.5.0 192.168.5.0 mask 255.255.255.0
static (home_network,management) 192.168.5.0 192.168.5.0 mask 255.255.255.0
OR
NAT0
access-list HOMENETWORK-NAT0 remark NAT0 to all local networks
access-list HOMENETWORK-NAT0 permit ip 192.168.5.0 255.255.255.255.0 192.168.10.0 255.255.255.0
access-list HOMENETWORK-NAT0 permit ip 192.168.5.0 255.255.255.255.0 192.168.20.0 255.255.255.0
access-list HOMENETWORK-NAT0 permit ip 192.168.5.0 255.255.255.255.0 192.168.1.0 255.255.255.0
nat (home_network) 0 access-list HOMENETWORK-NAT0
Hope this helps
- Jouni -
Hi ,
Can someone please explain me why a trunk link, between two cisco switch, not allow a vlan x traffic if vlan x is not locally configured ?
In my lab I have three switch (2950 but it is the same with 2960 3750 etc).
Switch 1 is connected by trunk to switch 2 and switch 2 is connected by trunk to switch 3.
Switch 1 and switch 3 has configured vlan 10 and interfaces vlan 10 instead Switch 2 has not configured vlan 10
Vtp is disabled (transparent mode) in all switch
Switch 2 not permit switch1 to ping switch3 until I not configure vlan 10.
2950#sh int fa 0/9 status
Port Name Status Vlan Duplex Speed Type
Fa0/9 connected trunk a-full a-100 10/100BaseTX
2950#sh int fa 0/9 trun
Port Mode Encapsulation Status Native vlan
Fa0/9 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/9 1-4094
Port Vlans allowed and active in management domain
Fa0/9 1-2,11,101
Port Vlans in spanning tree forwarding state and not pruned
Fa0/9 1-2,11,101
2950#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 128
Number of existing VLANs : 8
VTP Operating Mode : Transparent
VTP Domain Name : daniele
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x63 0x6C 0xF9 0xF6 0xB9 0xDC 0xBE 0xF3
Configuration last modified by 192.168.0.103 at 0-0-00 00:00:00
2950#
It seem that vlan 10 is pruned but I don't understand why (vtp is disabled)
Thanks a lot for you help
DanieleHi lnrdnl78d,
so will give this ago not quite sure how a uploaded images looks,
i have mocked up what i have understood from your explanation so feel free to correct me if i have got this wrong :)
however assuming in this situation that VTP is enabled (which i know you have disabled in yours, but hoping this helps)
in this situation client 1 sends a broadcast to client two.
with VTP pruning enable switch 2 will learn that switch 4 has no ports connected to VLAN 2
so the trunk link to Switch 4 will have VLAN 2 pruned from the trunk link
but 2 and 3 will receive the broadcast and switch 3 will be the only one to forward it out the connected port
from my understanding this is what you have configured in your lab apart from switch 4 but added it to fit the example
does this help demonstrate it at all or am i way off ? -
New network interfaces appear / networking fails
Hi
I have a strange behaviour of my ethernet networking interface. Every time I restart the mac the network connection is lost (I usally keep it in sleep and have no problems for days and weeks).
As soon as I enter the network setup I get the message that a new network connection has been found, called "Ethernet (integrated) 1 (or 2, 7, 8 number increases)"
If I look at my network configuration I see a long list of "Ethernet interface ((null))" and in beetween some "Ethernet (integrated) 1)" and the like
It usally takes a couple of restarts of the network preferences and then the interface appears in the "network status" view and the mac connects to the router.
I don't have any external networking cards and the like, just the ibook and a standard router. The router also connects to our mac mini without any problems I it ran for at least half a year with the ibook before this occured.
I would be very thankfull for any help since this is very annoying.
BTW I don't move the computer around and it is connected with a network cable.
Cheers
Peter1st step, get Applejack...
http://www.versiontracker.com/dyn/moreinfo/macosx/19596
After installing, reboot holding down CMD+s, then when the prompt shows, type in...
applejack AUTO
Then let it do all 5 of it's things.
At least it'll eliminate some questions if it doesn't fix it.
2nd step, trash, (or drag to the desktop), these files...
/Users/nnnn/Library/Preferences/com.apple.internetconnect.plist
/Library/Preferences/SystemConfiguration/preferences.plist
/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist
/Library/Preferences/com.apple.networkConfig.plist -
Standard traffic flow in a network
HI
when we work in a network then we face a problem overflow of trafic/packet .
so If normal 100 user in a network work then how packet flow in a second ?.
Like example normal condition in a router
processor 30% and when it ups 50% or avobe then wrong something.
so anyone advice me standerd flow of packet in a network ?.
Thanks
BiplobOther things to keep in mind are things that drive the processor utilization up, like access lists, and things that (may) unnecessarily use the bandwidth, like routing updates.
Depending on the topology / layout of your network, you may be better off using static routes.
Also check to see that only the features you are using are enabled on the router ... every additional process adds some load to the processor.
Other sources may be excessive broadcasts. Have you checked the hosts for worms and viruses?
Similar problem; Are any of your hosts allowed to use applications like BitTorrent or other streaming services? Many of those applications will bring up a server process and (server or not) eat a large chunk of the bandwidth.
Post some of your interface stats and a typical router config. Some description or diagrams of the network would also be helpful.
Good Luck
Scott -
Traffic prioritisation on trunked switch port
Good afternoon all. I am looking into traffic policing and shaping and neither seem to do what I need to do. Basically on a trunked switch port, I would like to prioritise traffic coming into a port by it's VLAN tag, the trunk connects to an ESX host.
The above options seem to be more about prioritising certain traffic for passing on to downstream devices. Can anyone shed any light on whether this is possible please? I am thinking it would need to be done on the ESX host at the moment...
Thanks!Hi Colhignett,
Hope the below link might help your query.
http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/vlntgqos.html#wp1049430
Regards
Karthik -
Unauthenticated traffic allowed into corporate network by Reverse Proxy
The mobility solution for Lync 2013 requires unauthenticated traffic to be passed into the corporate network, where it is then authenticated by Lync web services. So how do I convince my "security guys" that allowing this unauthenticated
traffic through a reverse proxy is safe?You can say the Microsoft Lync and Exchange 2013 were designed with security in mind and so on and so forth, and it's true. The security risk is slim, and there are much easier attack vectors to target. But you're right, the Lync 2013 client
does not support pre-authentication and users connecting to the Lync Web App anonymously require no authentication. I don't think you'll be able to convince them if they just don't like the idea of sending traffic to Internal servers unauthenticated.
In the end, someone will have to make a business decision, do you want to enable this functionality or not?
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Catalyst 6500 L3 interface trunk
We have a catalyst 6509 with IOS version 12.1(26)E6. On a layer 3 interface can we configure trunking as normal router?
So, then you need to create 1 interface vlan for each subnet
int vlan 10
ip address 10.10.1.0 255.255.255.0
int vlan 20
ip address 10.10.2.0 255.255.255.0
create the vlans
vlan 10
vlan 20
use trunk on the interface giga...
and you'll have inter-vlan routing.
check this link:
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml
Please rate all helpful post.
Vlad
Maybe you are looking for
-
If I buy the Creative Cloud, will I have access to the CS6 apps as well?
I was just wondering if the Creative Cloud Student bundle comes with both the CC versions and the CS6 versions of the apps. I am most interested in the CS6 version of Photoshop.
-
How can I access HTTP services via Extendscript from PPro CC
I attempting to build an HTML5 panel for Premiere Pro that retrieves assets from a third party REST API but there seems to be no support for Socket or XMLHttpRequest objects in this application which there is for others. (I get Error: Socket does not
-
XML Tag Name too long, won't run from a procedure
I have a select statement that creates an xml file using the xmlelement syntax. When I run the select statement on its own it runs fine and the xml file is generated with no errors. I'm building a procedure that does a bunch of stuff, with the end pr
-
Radio button problem in jdeveloper.
Hello all.. I am new to Jdeveloper and infact to CSS and stuffs. In a fix now regarding <tr:selectOneRadio> styling. For brevity.. <tr:selectOneRadio styleClass="radioClass" contentStyle="font:25px bold;"> the above is the code i have, but the proble
-
ITunes won't recognize my Logitech devices?
On previous versions of iTunes, I was able to control songs (forward/back/pause), but with the newest version these functions no longer work. Is there any way I can make this work again? Thanks.