Two SA520 VLAN Scenario Question

Similar Messages

• Two quick VLAN routing questions

  lets say I have a L3 switch routing 4 VLANs
  VLAN 1 is 192.168.10.0/24, the switch's virtual interface is 192.168.10.254 inside this vlan
  VLAN 2 is 192.168.20.0/24, the switch's virtual interface is 192.168.20.254 inside this vlan
  VLAN 3 is 192.168.30.0/24, the switch's virtual interface is 192.168.30.254 inside this vlan
  VLAN 4 is 192.168.40.0/24, the switch's virtual interface is 192.168.40.254 inside this vlan
  there is only one router going out from this switch to the net, and lets say it is in VLAN 1 and it's address is 192.168.10.1
  first question-- inside of the L3 switch I will need to add a default route of 0.0.0.0 0.0.0.0 192.168.10.1
  so that all traffic not corresponding to a 192.168.x.x address knows where to get out to the net, correct?
  secondly- when configuring that router, is there a difference if I use the following static route:
  192.168.20.0 255.255.255.0 192.168.10.254
  instead of
  192.168.20.0 255.255.255.0 192.168.20.254
  either way, the packet gets to the L3 switch, but in one case it gets there via the VLAN interface inside of VLAN 1, and in the other case, it gets there via the VLAN interface inside of the VLAN for which the traffic is destined anyway. what im trying to figure out is, will this make any difference at all? especially in terms of broadcast packets?
  if it makes no difference, then is it safe to say that the following static route would be optimal?
  192.168.0.0 255.255.0.0 192.168.10.254
  Solved!
  Go to Solution.

  Re "firstly". Correct. The L3 switch will route traffic according to its routing table. By default it knows all IP subnets to which it is directly connected to, i.e. all the VLAN subnets. If you have to add a default route manually or not depends on the exact implementation. It may well be that the L3 switch will use the any default gateway for routing which you use for the IP settings of the switch itself (if there is an option in the web interface to set a default gateway). If you cannot define a default gateway on the L3 switch you probably have to add a static route manually. The easiest way should be to check the current routing table and see if there is a default gateway or not.
  Re "secondly". A router can only forward packets to the next hop router. The next hop router must be connected to that router. The route "192.168.20.0 255.255.255.0 192.168.10.254" is correct for a router with IP address 192.168.10.1 and subnet mask 255.255.255.0 as 192.168.10.254 is connected to the router. "192.168.20.0 255.255.255.0 192.168.20.254" is not correct. The router cannot learn the path to a specific subnet 192.168.20.0/255.255.255.0 by using a gateway in that subnet. It is not correct to use that kind of a route and you should not use it even if it might even work (because the router does a plain ARP request to find the MAC address of 192.168.20.254 and your L3 switch will respond to the ARP request even if it is on the internet of 192.168.10.254). The very moment when there would be another router between the 10 and 20 subnets it would not work anymore...
  Re your conclusion: I would recommend to keep four static routes for the existing subnets on the L3 switch instead of putting everything into a larger single subnet which includes a lot of addresses which are not connected there. Technically it works if you only use working IP addresses. But you will see some loops if you send something to 192.168.55.50 or similar. The gateway router will send it to the L3 switch which will send it back to the gateway. They should figure it's a loop but still I would not recommend this kind of setup... Add routes for each of the L3 switch subnet...

• Connecting two untagged VLANS from two different switches

  I have a Cisco SG300-52P Small Business switch and hopefully I can explain well what's going on. We have a Juniper EX4200 L3 switch that has a bunch of our corporate VLANs (they are routed VLANs) and that allows communication between all of our corporate networks. We have several other L2 Netgear, HP Procurve, etc... on which we have split the ports down the middle and divided them into two broadcast domains by setting them as untagged VLANs. One cable goes from each of the different VLANs on the L2 switches into different VLANs on the L3 switch. As long as STP is disabled this seems to work fine. However, we tried this same scenario on this Cisco Small Business switch and only one of the two untagged VLANs on the Cisco will pass traffic at a time. I believe that whenever the VLAN that is on the default (VLAN 1) is plugged in, the other (the one we created) shuts down but when VLAN 1 is unplugged, the other VLAN immediately starts to work. What seems weird is that the Cisco seems to learn the Juniper's MAC on the VLAN that doesn't work and the Juniper learns the MAC on the one that does work. In other words, the Juniper does not learn the Cisco's MAC on both of the VLANs that the Cisco is plugged into, as it does with the other L2 switches that we have, and the Cisco does not learn the MACs of the Juniper on both of its VLANs. I hope this is making sense and please let me know if there is any way I can further clarify. I'm sure I'm just doing something dumb that I'm overlooking so feel free to slap me in the face. :-)
  Thank you in advance for your time!

  It sounds like there is a layer 2 loop in your network if spanning tree is shutting down the ports.  You should be able to do a show spanning-tree on the switch, or look in spanning tree rstp interface status.
  are there any other interconnects between devices?  Like un-managed hubs, WAPs with bridging, virtual servers with multiple NIC cards?
  Show spanning tree on each device might show what is going on, or at least tell you which ports are root ports, which ones are forwarding or blocking.  Best practice is to configure your spanning tree if you have more than 1 or 2 switches.
  A detail topology showing port numbers, (sanitized) IP addresses, vlans and purpose, trunks with what vlans are tagged, and  untagged .
  from your description,  your network looks like
  multiple vlans - layer 3 Juniper swtich - netgearS1 vlan`1 --procurveS2 vlan 1 -- ciscoS3 vlan1
                                                         \-- netgearS1 vlan2 - - procurveS2 vlan --  ciscoS3 vlan 2
  I'm having trouble visiualizing <<One cable goes from each of the different VLANs on the L2 switches into different VLANs on the L3 switch. >>
  are the cables for vlan 1 going to vlan 1 or are the cables for vlan1 going to a different vlan on the other switch?
  Can you reduce the complexity and number of interconnects by using trunking?
  What are the IPs and default gateway of all devices, L3 switch?
  These switches do STP, RSTP and multiple spanning tree, but will not do per vlan spanning tree.  so there may be some configuration required on all switches to get the correct root bridge (the Juniper I assume)

• One Sender system and two receivers system scenario. Pls help

  Hello,
  I have One Sender system and two receivers system scenario.
  My sender is RFC (sync) in nature.
  My one receiver is RFC (sync) in nature.
  My second receiver is RFC (sync) in nature.
  Pls tell me and send me links/docs for this scenario.
  Regards

  Hi Rick,
  For two receivers you require 2 interface determination, receivers determinations etc.
  Go through these threads for one sender and multiple receivers:
  one sender and two receiver
  /people/shabarish.vijayakumar/blog/2005/08/03/xpath-to-show-the-path-multiple-receivers
  Then configure your RFC communication channel in XI system + activate it and after that using all same parameters make an TCP/IP RFC destinatioon on R3 side.
  Rewrads if found helpful.
  BR,
  Alok

• I have One Sender system and two receivers system scenario. Pls help

  Hello,
  I have One Sender system and two receivers system scenario.
  My sender is RFC (sync) in nature.
  My one receiver is RFC (sync) in nature.
  My second receiver is RFC (sync) in nature.
  How to proceed with this.
  If my second receiver is async then how to proceed with this.
  Regards

  Hi Rick !
  Depending on your requierements, you can create a BPM that
  1) receives request from sender
  2) sends request to receiver 1 / receives response from receiver 1
  3) sends request to receiver 2 / receives response from receiver 2
  4) do some processing with both responses
  5) sends response to sender.
  If your second receiver is async, just use an async send step in step 3. As far as I know, you cannot use multimapping with sync scenarios.
  Regards,
  Matias.
  ps: please award points if helpful

• Using two Incoming VLANs

  Hi All,
  having trouble to configure the Cisco SRP527w where we have two incoming VLAN's.
  1. vlan1 is for internet (20mbps)
  2. vlan2 is for a specific application (Specific IP Address - 10mbps)
  Somehow we are unable to configure the router to enable PC's connected to the router to access both vlan based to the application specific vlan. Its always routing it through the internet.
  Any help would be appreciated.
  thanks
  arjun

  Yitz, I have labbed your topology.
  I have a SG300 switch acting as a router with 2 vlan interfaces.
  I also have 2 SG200 switches.
  Port 1 from SG300 to port 1 of SG200 = vlan 1 access ports
  Port 48 from SG300 to port 48 of SG200 = vlan 200 access ports
  SG200#1 has LAG #1 port 2,3
  SG200#1 has LAG #2 port 4,5
  SG200#2 has LAG #1 port 2,3
  SG200#2 has LAG #2 port 4,5
  LAG #1 = vlan 1
  LAG #2 = vlan 2
  Oddly enough, spanning tree put my connections in vlan 200 in to discarding state, for both the lag and individual connection.  This is very odd behavior for me as it is pretty common practice to separate networks in this manner especially if you have 2 gateways, but it is also not rare to have a single router with 2 distinct interfaces. Additionally, on the spanning-tree pages, the status will record "N/A" for the LAG ports.

• SA520 Multiple VLAN Subnet Question

  I am trying to configure my SA520 with 4 VLANS
  VLAN-1 is configured as the default with 192.168.75.1/255.255.255.0 and DHCP Range of 192.168.75.100-254
  I thought I could create VLAN 2,3, and 4 with the pattern of 192.168.x.1 and DHCP of 192.168.x.100-254 where x=the VLAN ID
  When I do this, strange things seem to occur with connected DHCP clients on those VLANS, and I can not "see" DHCP leased clients in the config screen
  The system happily accepted the above config.  So after reading the docs -- I noted that VLANS need to exist in the same DHCP scope.
  I tried changing VLAN 2,3 and 4 to match the following pattern
  VLAN IP = 192.168.75.x/255.255.255.0 with DHCP of 192.168.75.1x0->1x9
  I get an error for the VLAN IP address stating that "IP in the same subnet is already configured"
  Thoughts?
  Firmware .39

  Hi Jason,
  Before the 1.0.39 firmware, the VLANs required the same subnet.  In 1.0.39, you can create your own subnets and DHCP scopes for each VLAN, which in fact is required in 1.0.39.  I am not sure if they will show up in the DHCP clients page, but I can look into this.

• FWSM can not show sessions in xlate between two specific vlans

  Dear Experts ,
  I have FWSM running version 3.2(23) , configured with interface vlans , all having the same security level , except outside interface vlan which has security level 0 , also same-security-traffic permit inter-interface and same-security-traffic permit intra-interface are configured, my problem is when establishing sessions (I tried TCP only using ssh and telnet , in addition of ping ) from one specific vlan (172.16.1.0/28)  to other vlan (172.16.1.16/28) , I can not see the established sessions  in "show xlate debug" output ! although I can see these sessions from capture !  the two subnets are separate , two different /28.
  I can see the session established from the remaining interface vlans with same security level toward  172.16.1.16/28 , my question is what is the exception with vlan having this subnet172.16.1.0/28, how it can reach other vlan with subnnet 172.16.1.16/28 without showing anything in xlate table ? do you thing it is bug ? please advise
  Regards

  Red1,
  Need to make sure the packets are arriving on the correct interface.  Need to grab captures and the debug level syslogs at the same time. Hope you are not running into the xlate limitation of the module.
  Pls. check the limitation link here:
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1056716
  -Kureli
  https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
  Upcoming Live Webcast in English: January 15, 2013
  Troubleshooting ASA and Firewall Service Modules
  Register today: http://tools.cisco.com/squish/42F25

• VLAN Tagging Question???

  Hi friends,
  I attached a simple diagram which modelize my question.
  As u will see in the sample diagram. I have two networks one has 192.168.1.0/23 as a network address and the other has 10.10.10.0 /24.
  I wanna connect these two networks to ASA 5510. But i dont have enough interfaces so i have to use single interface. lets say E1. Also i have an unmanaged switch.
  Here is the question: If i configured subinterfaces as E1.100 and E1.200 on ASA. Do i need to set the port on Switch which is connected to ASA as a trunk port? (well.. i couldnt do it... its unmanageable)
  Is the following configuration enough to use for my question?
  interface ethernet1.100
  vlan 100
  ip address 192.168.1.1 255.255.254.0
  nameif networkA
  interface ethernet1.200
  vlan 200
  ip address 10.10.10.1 255.255.255.0
  nameif networkB
  or do i need to set any port as trunk?
  Thanks alot?

  You need trunk port on your switch anyway only one vlan (vlan 100 or vlan 200) can be transfered to ASA.
  Over a trunk port you can transfer more than one VLAN traffic.
  bye
  FCS
  Please rate me if I helped.

• Multi site, multi vlan configuration question

  Hi Brian,Good questions.If the router connects to the switch on a VLAN 1 access port then it is a non-issue since the packets are not tagged.If there is a trunk between the router and the switch with tagged traffic, then I would recommend using inside and outside VLANs on the switch. Essentially this is just two VLANs, one for each Wanos interface so that it sits in the middle of the traffic flow. For example the gateway would say be in a VLAN 100 sub-interface on the router. Wanos wan0 would be in VLAN 100 and the lan0 interface remain in VLAN 1 along with the devices. The only way to the gateway is through the bridge. The bridge deployment is almost always the simplest way to get going, but where it is not possible, router mode is also available.Express will be ok for one remote location and if either direction across the WAN is...

  Ok, I'm getting ready to setup Wanos for a test run at one of our remote locations. I'm seeing packet loss on the circuit to this specific site and I want to test the packet loss recovery capability of Wanos. Our network topology is point to multipoint with MPLS connections between our main location and each of our 7 remote offices. So at our main location if I read correctly I would have to add a bypass rule for all the other offices that do not have a Wan optimization device.I have to preface my question with this... we have VLAN tagging going on at the remote locations for data and voice. The switch is ultimately responsible for the tagging of the packets. The IP phones and computers are both on completely different networks. The devices are assigned their IP's from the router through DHCP with the data VLAN 1 as the default. The...
  This topic first appeared in the Spiceworks Community

• IDOC-XI-XML Scenario Questions

  Hi everyone,
  I am actually trying to configure a scenario starting from SAP and finishing creating a XML file.
  R/3 IDOC -> XI -> XML file
  The XI is receiving IDOCs from SAP correctly, but when it try to send to third party system, the monitor engine (SXMB_MONI) are showing the following error: HTTP_RESP_STATUS_CODE_NOT_OK.
  I am currently using the File Adapter, please take a look at the config for the communication channel:
  Adapter Type: File
  http://sap.com/xi/XI/System
  SAP BASIS 6.4
  Transport Protocol: File Protocol(FTP)
  Message Protocol: File
  Adapter Engine: Integration Server
  Target Directory: /  (root)
  File Name Scheme: mptest_xi_output.dat
  File Construction: Create
  Overwrite File: X
  File type: Binary
  Adapter Status: Active
  Regards,
  Gabriel Santana

  If you have enough authorization, then click on the last button which is change button.
  Otherwise, open two windows of SAP and try to do the above step and when you get the authorization error, go to the second window and enter transaction /nSU53. Send that info to your security team.
  Once you have authorization you should be fine.
  One other thing, in which client you are doing this ?
  Do not use DDIC user to change it.
  regards
  Shravan

• Two really quick/dumb questions!

  Hi All,
  I have just bought a new Mac Mini and hooked it up to my Samsung 55 inch TV via HDMI and everything seems do be working great.
  My two dumb questions are:
  1: where on the new OS (I had a Mac 5 years ago and things have changed) is the top "Finder" bar and "disc" icon to save files?
  2: In Safari I do not seem to have a tools bar where I can for example open another tab for a new web page.
  Hope you can help a nubby :-)

  You are running a Mini so it might be that the screen resolution is not exact for your display. I have used a Mini with a conventional display but not HDTV. You might need to go into the settings for the TV to set the screen resolution to accommodate the mini's capabilities. Sorry that  I can't offer more on that score; when I use my Sony Bravia HDTV  it is with the iPad2 and HDMI and I have encountered no issues. Perhaps someone else on the forum has better insight into the Menu Bar problem on the Samsung as the principal display. 

• 802.1x Dynamic VLAN Switching Question

  Trying to set up 802.1x dynamic VLAN switching, and have a question. I think I've gotten it working except for one part. The VLAN on a protected interface is never getting switched. I can see an entry in the ACS stating that it applied the appropriate VLAN via RADIUS response, but it never changes on the switch.
  Environment:
  ACS Express 5.0.1
  C3550 running c3550-ipbasek9-mz.122-44.SE6.bin
  Switch config:
  aaa new-model
  aaa group server radius dot1x
  server-private 10.10.1.4 auth-port 1645 acct-port 1646 key 7 071C244F5C0C0D544541
  aaa authentication dot1x default group dot1x
  dot1x system-auth-control
  dot1x guest-vlan supplicant
  interface FastEthernet0/3
  switchport access vlan 3
  switchport mode access
  speed 100
  duplex full
  dot1x pae authenticator
  dot1x port-control auto
  dot1x violation-mode protect
  dot1x timeout tx-period 5
  dot1x timeout supp-timeout 5
  spanning-tree portfast
  ip radius source-interface FastEthernet0/1 vrf default!
  radius-server host 10.10.1.4 auth-port 1645 acct-port 1646 key 7 01000307490E125E731F
  Am I missing something easy?

  It looks like "aaa authorization network default group dot1x" was the missing command I needed to get this working.
  The only issue I'm having now is that if the client fails to meet the authentication requirements, the line status gets set as "down"

• Receiver RFC synchronouse scenario question:

  Dear All,
  I have a doubt in Receiver RFC sync scenario. for example file to XI to RFC.
  Question: when ever Response RFC is triggered in R/3 Side. How the data reaches XI.
  By just creating Synch Communication channel for the RFC in XI, will  the data to come to XI for RFC respose.
  How when a Respose RFC is Triggered in R/3 Server, how the data points or reaches XI port?
  How the Auto Triggered RFC Respose data points to XI and Comes to XI in a Synchronous RFC Receiver scenario.
  PS: I am not from ABAP background. if any code has to be written in R/3 side for making the response RFC point to XI, please provide a generalized code also if possible.
  Please Advice,
  Prakash.

  RFC destination,port at XI would help to get response data
  No need to write any code,because RFC provide sync communication.
  use links RFC Scenario using BPM --Starter Kit
  https://weblogs.sdn.sap.com/pub/wlg/1403 [original link is broken] [original link is broken] [original link is broken]
  Exposing BAPI as Web Services through SAP XI
  RFC Scenario using BPM --Starter Kit
  The specified item was not found.
  The specified item was not found.
  HTTP to RFC - A Starter Kit

• SRM, ROS and SUS scenario question

  Hello Experts,
  We are in the process of implementing MDM, ROS, EBP and SUS scenario in our present project. I went through the documentation. I have couple of questions.
  1. Do we need to have seperate clients for ROS and SUS. What is the best practise.
  2. Since we have SUS, once I transfer BP from ROS to EBP, check the portal vendor box, I would like to know how the registration code will be sent to supplier. Do we need to create the userid in EBP or with the receipt of registration code supplier will be able to create his first initial userid? Also how we can implement this with CUA and EP as part of landscape?
  3. Also since we have MDM, how the new BP information can be migrated or mapped in MDM and how new BP can be sent to backend system? I understand there is BP monitor to check and approve the changes, but how the new BP will be transferred? Do we need to develop new XI message for this? if Yes, from where that can be managed? from EBP or MDM?.
  I searched through help.sap.com for any documentation but no success.
  Thanks in advance
  Vijay.

  Hi,
  1.Refer the foll thread:
  Re: Supplier Registration without SUS or XI?
  2.For supplier registration,SUS is not mandatory.You need to configure ROS for this scenario.The extrenal vendors will register in ROS and then be replicated to R/3.
  You can use EBP only for Supplier registration.
  SUS,ROS and Bidding engine make up the SRM server 5.5/EBP component of SRM 5.0.
  Pls refer the foll link for the complete process:
  http://www50.sap.com/businessmaps/8F152C1AE8F1426FA3B442F905815F54.htm
  For detailed settings/config  of supplier registration,refer the foll threads:
  Re: Not able to transfer suppliers from ROS to EBP
  problems with ROS_PRESCREEN application for screen suppliers and manage bp
  Re: SUPPLIER DIRECTORY (ROS) link not appearing in EBP in "SCREEN SUPPLIERS"
  Supplier Directory
  Re: Supplier Self registration
  Re: SRM Supplier registration config
  Re: External Web Service setting for Supplier Registration ROS to EBP
  Re: Problems when transferring supplier from ROS to EBP...
  3.Not worked on MDM so cant help you on this.
  BR,
  Disha.
  Do  reward points for useful answer