Vlan database vs vlan config, rpr-plus...

Similar Messages

• "VLAN Database Mode" to "Config Mode" conversion

  How can we convert an existing VLANs created in "VLAN Database Mode" to "Config mode? what is the right procedure?

  Hello,
  I would just add the VLAN's using the config mode.
  As with regard to your FWSM, keep in mind that, prior to IOS 12.2(14)SY, only one SVI is supported on the FWSM. If you have a later version, use the command 'firewall multiple-vlan-interfaces' to enable support for multiple VLAN's.
  Not sure if you already know this link, but you might want to check the FWSM FAQ:
  Firewall Services Module Frequently Asked Questions
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml
  Regards,
  GP

• Solaris 10 X2100 VLAN config

  What are my options for configuring a virtual interface on an x2100 server with Sol10 Because the interface shows up as the type " nge0" I am assuming
  that the hardware does not support it per the info below. Is there another alternative or a software workaround ?
  -john
  The Solaris OS now supports VLANs on the following interface types:
  ce
  bge
  xge
  e1000g

  Looks like I just had the wrong VLAN config syntax.. and miss read the documentation. this works !
  bash-3.00# ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 128.111.207.230 netmask ffffff00 broadcast 128.111.207.255
  ether 0:e0:81:5c:d3:6
  nge829000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
  inet 10.0.0.62 netmask ffffff00 broadcast 10.0.0.255
  ether 0:e0:81:5c:d3:6

• Config view for VLAN config is not supported

  Hi folks,
  I have the following error when I try to view the VLAN config from RME->ConfigManagement->Version Tree.
  "Config view for VLAN config is not supported"
  I didn't found any information over the RME and Campus documentation.
  Anybody know what kind of error I'm issuing
  Thanks and Regards.
  Leonardo

  Hi Pablo,
  The VLAN.dat file cannot be used to be deployed via CiscoWorks, but it can be done manually:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/config.html#wp1311740
  The problem with viewing the VLAN.dat contents in the config viewer or change audit reports is also mentioned in the link below:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/chgaud.html#wp1060886
  Look for the "Details" row and there you will see the following:
  VLAN configurations cannot be compared because they are in binary format. In this case, the Details link will not be available and will be shown as NA.
  Hope this helps!

• 1250AP VLAN config

  I am trying to configure VLANs on my 1250 autonomous AP. I have the sub-interfaces setup but still cannot connect to the LAN. I use 432 for my native vlan and then want to assign clients to vlan 543. Being a security guy, I do not use vlan 1, nor do I trunk vlan 1. Here's a snippet of my config, so tell me what I am missing. All interfaces are showing up-up.
  Thanks.
  int d0
  no ip add
  int d0.432
  encap dot1q 432 native
  bridge-group 1
  int d0.543
  encap dot1q 543
  bridge-group 2
  int g0
  no ip add
  int g0.432
  encap dot1q 432 native
  bridge-group 1
  int g0.543
  encap dot1q 543
  bridge-group 2

  I'd prefer to not post the entire config as it would take a lot of editing. :-)
  Both statements are there, and there is no issue with the SSID config. I'm just trying to get a connection to my RADIUS server, which the AP cannot connect to. I am not able to ping the server from the AP, so it has something to do with the vlan config, but I don't know where. The switch where the AP is connected is trunking and allows all vlans (at this point) except for 1.
  This is a head scratcher. :-)

• Private Vlan config

  I have a question regarding private Vlan config. I have a DMZ switch where I need to be able for a particuilar server to communicate to the reset of the servers on port 8686 and deny the rest of the communications between them. I have this server on a poremiscuios mode and the other servers on isolated ports.For security reason how can apply this access list? on which vlan? I am running IOS on the switch connecting these servers. Thanks for your help

  the port is that the server(10.3.1.50. 255.255.0.0) that need to talk to all server is attached to:
  interface GigabitEthernet1/0/18
  description DZ1WEBSD001
  switchport private-vlan host-association 50 51
  switchport mode private-vlan promiscuous
  speed 100
  duplex full
  no mdix auto
  The subnet is 10.3.1.0 255.255.0.0
  Basically the 10.3.1.50 need to talk to all servers on this subnet on port 8686 and deny evrything else
  Thanks

• New VLAN config on Cisco router

  We are in the process of rolling out VOIP with new Cisco router
  configurations. When the VLAN config is changed on the router it can no
  longer ping the server. The router config is setup with secondary IP info
  so that we don't have to go thru the process of changing IP config on the
  NW 6.5 SP 6 servers.
  Has anyone seen this issue? Do I need to bind new VLAN ti IP NICs? Any
  other thoughts?
  Thanks for any help received,
  Todd W Carter

  On 6/5/2007 Todd W Carter wrote:
  > We are in the process of rolling out VOIP with new Cisco router
  > configurations. When the VLAN config is changed on the router it can no
  > longer ping the server. The router config is setup with secondary IP info so
  > that we don't have to go thru the process of changing IP config on the NW 6.5
  > SP 6 servers.
  >
  > Has anyone seen this issue? Do I need to bind new VLAN ti IP NICs? Any other
  > thoughts?
  When pinging from the router, the packets will be source from its primary
  ip address. If the server's subnet is part of the secondary IP address on the
  router, you must use an extended ping in the router for it to work.
  However, I recommend implementing router-in-a-stick instead of secondary IP
  addressing when creating multiple VLANs.
  On the router, you can create sub-interfaces under the LAN interface and deploy
  dot1q trunking. At the switch-port, configure dot1q trunking as well and the
  router
  will route between VLANs while providing a better design.
  This is outside of the scope of this forum so I recommend posting in the Cisco
  forums at http://forum.cisco.com/eforum/servlet/NetProf?page=main
  Thanks !
  Edison Ortiz
  (Routing & Switching, CCIE # 17943)

• LMS 4: VLAN config fetch failing for all devices

  LMS 4.0.1, standalone on W2K8 R2, new install
  Vlan config fetch is failing for all devices.  If I attempt to put a vlan.dat file in tftpboot and then manually copy a vlan.dat file from a device, the following is returned:
  TFTP: error code 2 received - 16739
  %Error opening tftp://server_name/vlan.dat (Permission denied)
  The Windows application logs ont the server log this:
  Log Name:      Application
  Source:        CRMtftp
  Date:          6/15/2011 2:07:49 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      server_name
  Description:
  GetEffectiveRightsFromAcl failed: Overlapped I/O operation is in progress.
  (997)
  I tried restarting crmtftp, but no luck.  Any ideas what may be causing this?
  -Jeff

  I have the same issue with a freshly installed 4.2 version now:
  Log Name:      Application
  Source:        CRMtftp
  Date:          2/24/2012 12:30:50 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      srvwienlms.nts.local
  Description:
  GetNamedSecurityInfo failed failed: The operation completed successfully.
  (0)
  I will also open a TAC case, lets see if we still have to stick with a3.x TFTP binary...
  br.herwig

• Oracle Database Express Edition 2 Day Plus Java Developer Guide??

  I posted in the JDeveloper forum, as well as sending email via your feedback link found on the tutorial but I am a little disappointed by this:
  The Oracle® Database Express Edition 2 Day Plus Java Developer Guide has some errors in it.
  in Windows, I simply chose, start
  -> programs -> Oracle Database Express Edition -> Go To Database Home Page -> click documentation from the link -> and run the Oracle® Database Express Edition 2 Day Plus Java Developer Guide tutorial.
  the problem is there are mistake(s) in the tutorial, for example: section 4-19 is this:
  "The complete code for the method should now be as follows:
  public boolean authenticateUser(String userid, String password,
  HttpSession session) throws SQLException { "
  it needs to be this:
  public boolean authenticateUser(String jdbcURL, String userid, String password,
  HttpSession session) throws SQLException {
  Also:
  there is no mention that :
  the port and SID must also be passed in the
  ds.setURL(jdbcUrl) found in the authenticateUser() method, or an exception is thrown. This differs from value of the jdbcUrl string found in the getDBConnection() , which makes it hard to figure out
  The tutorial is great even if it doesn't work out of the box, but I am disappointed that errata or completed code for this project is not available, especially when you explicitely point to it via the steps mentioned above.
  Thanks,
  Patrick

  The tutorial seems to be using the old JDeveloper 10.1.2.
  If you are aiming to learn JDeveloper then just use the tutorials linked from the JDeveloper home page.
  http://www.oracle.com/technology/obe/obe1013jdev/index.htm

• Dump database dbname using config

  Hi,
  By using sp_config_dump stored procedure have taken backup of database:
  sp_config_dump @config_name='sampleDB',
  @stripe_dir = '/sybase/backup' ,
  @compression = '101' ,
  @verify = 'header'
  Have dump the database using following syntax: dump database sample using config = 'sampleDB'
  Now what is the syntax for loading database as following syntax is Incorrect:
  1)load database from "dump_path" with compression
  OR
  2)load database from "compress::dump_path"

  Hi,
  I guess you are running SAP application on ASE (this is the comunity for SAP applications running on ASE), therefore the 'enable dump history' parameter is set by default, so you might find the answer about which would be the correct load command to execute using the "listonly='LOAD_SQL' " option on your load database command. This is specified on SAP Note "1611715 - SYB: How to restore an SAP ASE database server (Windows) " or SAP Note "1618817 - SYB: How to restore an SAP ASE database server (UNIX) ":
  On the "Load user databases" part (existent on both notes), you have this item:
  >>>>
  2. Load the database and transaction logs.
  Log in to ASE with isql as user 'sapsa' and execute the command:
  1> load database <DB_NAME> with listonly = 'LOAD_SQL'
  2> go
  Save the output to an SQL command file and execute it in isql.
  <<<<
  Regards,
  Victoria.

• Moving VLAN config from catalyst 2960 to SG300

  Dear all,
  my existing catalyst 2960 config for vlans:
  interface FastEthernet0/2
   description 3Com Switch
   switchport access vlan 10
   switchport mode access
  interface FastEthernet0/5
   description to Cyberoam
   switchport mode trunk
  interface FastEthernet0/18
   switchport access vlan 40
   switchport mode access
  interface FastEthernet0/19
  interface FastEthernet0/20
   switchport access vlan 20
   switchport mode access
  interface FastEthernet0/21
  interface FastEthernet0/22
  interface Vlan1
   no ip address
   no ip route-cache
  interface Vlan10
   ip address 192.168.0.51 255.255.255.0
   no ip route-cache
  Inside trunk there are VLAN10 (native), VLAN20,30,40
  now, when I try to configure the same on SG300 I get trunk issues - no VLAN10 (native) inside trunk.
  Regards
  GN

  Hi Mlechte, I cheated on your question a bit. I have used two SG300-52 switches. I am able to accomplish what you're asking with these models.
  On my master switch the configuration fundamental is simple. For argument sake, I disabled all CDP. I create vlan 100 for voice. Assigned my voice vlan 100. I enabled LLDP on every port. I enabled every optional TLV on every individual port.
  I then connected a 100% factory default SG300-52 to the 'master switch'. After about 3 minutes the VSDP created the voice vlan, the link between switches became 1u, 100t. The vlan database populated the vlan 100 and everything just worked nicely.
  So, to answer your inquiry, if your 2960 supports the same TLVs it should work okay.
  I do recommend you use the SX300 series, it is a much more robust switch, supports full CLI and has a lot better feature set. A SG300-08 (srw2008-k9-na) is around $250. The SG200-08 is about a $100 cheaper. The difference between models is astronomical and a much better investment.
  Please review
  console_log_master  <--This is the switch that will advertise to the downstream
  console_log_receive <-- This is a default switch that received the LLDP information
  -Tom
  Please rate helpful posts

• SF 300 Vlan Config

  Hi
  need help with Vlan's config on a SF300, i have created 5 vlans, the switch is dhcp enabled, created network pools, i assigned one port for testing to vlan 20, but cant get an ip address, dont know if i'm missing something (switch is in layer 2)
  basically what i am trying to achieve is that each vlan can obtain an ip address via dhcp and have access to the Internet
  any help much appreciated, current config below
  switch0ec151#sh run
  config-file-header
  switch0ec151
  v1.3.5.58 / R750_NIK_1_35_647_358
  CLI v1.0
  set system mode switch
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  vlan database
  vlan 10,20,30,40,50
  exit
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  ip dhcp server
  ip dhcp excluded-address 192.168.168.200 192.168.168.254
  ip dhcp excluded-address 192.168.168.24 192.168.168.24
  ip dhcp pool network DATA
  address low 192.168.168.10 high 192.168.168.252 255.255.255.0
  lease infinite
  domain-name 192.168.168.254
  default-router 192.168.168.254
  dns-server 192.168.168.254
  exit
  ip dhcp pool network Offce B
  address low 192.168.170.1 high 192.168.170.254 255.255.255.0
  lease infinite
  domain-name 192.168.170.254
  default-router 192.168.170.254
  exit
  ip dhcp pool network Office A
  address low 192.168.169.1 high 192.168.169.254 255.255.255.0
  lease infinite
  exit
  hostname switch0ec151
  no passwords complexity enable
  username cisco password encrypted 55c2f525a1900b76e8c633c118ffc2ea8a012277 privilege 15
  snmp-server server
  ip name-server  192.168.168.254
  ip telnet server
  interface vlan 1
  ip address 192.168.168.253 255.255.255.0
  interface vlan 10
  name DATA
  interface vlan 20
  name "Office A"
  interface vlan 30
  name "Office B"
  interface vlan 40
  name "Office C"
  interface vlan 50
  name "Office D"
  interface fastethernet11
  switchport trunk native vlan 20
  exit
  switch0ec151#
  switch0ec151#

  Hi Tom
  thanks, i will change it to layer 3, if i configure the switch to give out dhcp, just on one range (192.168.168.x) can i assign dhcp pools to each vlan for example
  vlan1      192.168.168.2 - 50
  vlan2     192.168.168.51 - 70
  vlan3     192.168.168.71 - 100
  vlan4     192.168.168.100 - 200
  or does each vlan have to have a seperate range and does i have to create a static route for each vlan to my router (draytek 2830n)?
  thanks

• Vlan config issues

  I have a 6509 with a vlan 105 configure. I have also added a vlan 100. vlan 100 and 105 work for internal routing. vlan 105 workstation can get to the internet. however any vlan 100 workstation can not access the internet. A tracert from a workstation on vlan 100 stops at the 6509. attached is the 6509 config, i have included IP just because they already have changed.
  any ideas? Does the port connecting to my firewall have to allow all vlan traffic? if so how do i do this.
  thanks,

  Hi,
  Please provide more information on setup( other devices, connectivity diagram) to have a clear idea, so that we can help you.
  From the config provided, i could see the following default route
  ip route 0.0.0.0 0.0.0.0 10.175.105.3
  What is 10.175.105.3 ? Is this your firewall / WAN router??
  Also what is the need for this static route.?
  ip route 10.175.100.0 255.255.255.0 10.175.105.3
  10.175.100.0/24 is the subnet for vlan 100, which a directly connected network on this switch. Hence you dont need that route. Remove that route.
  Finally whatever device is 10.175.105.3, please add a route in that device for vlan 100 so that traffic can reach vlan 100.
  The route that you should add in 10.175.105.3 is
  ip route 10.175.100.0 255.255.255.0 10.175.105.1.
  Hope this helps.
  -VJ

• SF300-24P VLAN CONFIG QUESTION

  Hi please excuse my ignorance and lack of knowledge in this field as I am a complete newbie when it comes to Cisco switches and VLANS etc. but trying to learn.
  I have a Cisco 300-24P and need to create two separate networks (private and public) ports 1 - 10 for Private and ports 11 - 20 for Public. I then to need ports 21 - 24 for access points and that can access both private and public.
  I am assuming that would need to create two vlans (e.g. VLAN100 for private and VLAN200 for public). After reading a little I think I need to set ports 1- 20 to "access" and ports 21- G4 to "trunk".
  I have attempted this but don't think I have things quite right. Would it be possible for someone to either point me in the right direction or even send me a saved config that I could load and examine.
  Many thanks in advance for your help.

  Hello, 
  I think I can clarify a few things for you:
  1- The ports that are going to connect directly to end stations will need to be configured as access ports with the respective VLAN as untagged.
  2- The ports that are going to be connected to the AP's will need to be configured as trunks with VLAN 100 un-tagged and 200 tagged. The AP should be able to understand VLAN's, they should be configured with and IP address on VLAN 100.
  3- By default, the un-tagged VLAN is the same PVID.
  Notes:
  A few things to keep in mind:
  1- I see you already have a router on the network, this is the one that will determine if the VLAN's can talk to each other based on the Inter VLAN configuration. In general terms, if inter VLAN is enabled on the router then Public and Private will be able to share traffic, otherwise they wont.
  2- When creating VLAN's on the SG300 make sure that you are not assigning IP addresses to any other VLAN than your management VLAN, otherwise you could have issues with the routing.
  3- To make sure the connectivity between the VLANs is working as you expect, make sure to do all the testing from the hardwired PC's first, that way you will know if the issue is on the router or the switch.
  I hope this was helpful.

• Multiple VLAN config help

  I need to configure our Cisco Aironet 1200's for multiple VLANs. VLAN101 is for public use & VLAN2 is for employees only. Existing config is attached.
  I need:
  1. To disable the broadcast of VLAN2's SSID so that only VLAN101 shows up in the SSID list for visitors. Right now both are showing up.
  2. To ensure the WEP key is setup correctly for VLAN2
  Thanks in advance for your help!

  So are you saying both SSID's are currently broadcasting?
  I would delete and re-create your client configurations. I don't think it's on the AP side.