VLAN, Inter-Vlan I need help...
Hi guys. I just wanna ask if it's possible to block 192.168.98.2 pc from accessing the 192.168.99.11?
Router 0
interface GigabitEthernet0/0.98
encapsulation dot1Q 98
ip address 192.168.98.254 255.255.255.0
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.99.254 255.255.255.0
VLAN 98 and VLAN 99 is already connect via Inter-Vlan. My problem now is, how can I block PC 192.168.98.2 from accessing PC 192.168.99.11?
Thanks
Best Regards,
Jaycer
[email protected]
Hello
access-list 100 deny ip host 192.168.98.2 host 192.168.99.11
access-list 100 permit ip any any
interface GigabitEthernet0/0.98
ip access-group 100 in
or
interface GigabitEthernet0/0.99
ip access-group 100 out
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
Similar Messages
-
NEED HELP PLEASE Setting up 2 VLANS and a redundant WAN connection
I have a remote branch office which is actually a huge bar/lounge. The bar wants to enable patrons to access the Internet with their wireless laptops. I want to prevent those patrons from accessing our private network, and also prevent them from traversing our static VPN tunnel back to HQ.
The bar processes all credit cards via the T1 connection, and this has caused us to lose money every time the T1 goes down while we're open, since there is no WAN redundancy right now.
Here is my current hardware configuration:
1) one PIX 501 50-user 3des.
2.) two Dell 3024
3.) one Aironet 1100(g) AP.
Current LAN Network: 10.35.35.0
(internal employees only, static VPN tunneled to remote HQ network)
Current Wireless SSID's:
SSID1=PRIVATESSID
SSID2=PUBLICSSID (not currently in use, waiting to figure this out)
Current WAN: one T1 connection.
WHAT I WOULD LIKE TO DO AND NEED HELP FIGURING OUT:
#1a) I want to create two separate VLAN's that are able to share the WAN connection, but not be able to "see" each other.
#1b) These VLAN's would be mapped to their respective SSID's on the AP (PRIVATESSID>10.35.35.0 and PUBLICSSID>192.168.1.0).
#1c) The 192.168.1.0 network should not be able to traverse the static tunnel between the branch site and HQ.
#2) I would like to install a backup WAN connection such as a modem 56k dial-up to an ISP or a cable modem to an ISP. In case the primary T1 goes down, I would like the router to automatically dial out over the modem conection and route all Internet bound traffic over that backup WAN connection, until the primary comes back online.
Question 1:
I'm assuming I need a router to do the intervlan routing. Could this router also do the on-demand WAN backup dialing to an ISP via analog modem?
What IOS version and flavor (IP base, IP+, etc.) would I need? What is the cheapest router I can do all that with (i.e. 2620/2621/1720/3600 series)? What WIC's or NM's would I need?
Question Two:
I would like to prioritize PRIVATESSID's traffic over PUBLICSSID's traffic, which I know I can do on the access point. Can I do this on the router so that any 10.35.35.0 traffic takes priority over any 192.168.1.0 traffic?
Question Three
If the primary T1 WAN connection goes down, I don't want the router to re-route the 192.168.1.0 traffic over the backup 56k dial-up WAN connection. That traffic can wait until the T1 comes back up.
Any help you can provide would be very much appreciated.Assuming your access points can place SSID into separate vlans and support 802.1q trunks then I can attempt to answer your questions. There are seperate secuity issues with both SSID for protection and VLANs for seperation but in your case in may be minimal.
q1
Any cisco router that will run 802.1q trunking will work. Since you are looking at older routers you will need IP+ to get it. Even 2610's will support 802.1q on their 10m ethernet at the correct code level but 10m and 802.1q is sorta nonstandard. Since your backup is only 56k you can use the internal modem port as a dial backup. A wic-2a/s will also work if you prefer not to use the modem port. You will need some wic to run your t1 line. If you are planning to leave the t1 on another router it makes the next 2 questions much harder.
q2
This is fairly simple and depends on your ios level. "priority queing" is supported on even the older software. I assume you do not control the far end of the t1 line since it sounds as if this goes to a ISP.
You will need to have them do the QoS since most issues with the internet are inbound and not outbound. You can only control outbound traffic.
q3
If the T1 is on the same router then this is fairly simple. You can just put a floating static default route in that will cause the dialer to come up if the the t1 goes down. There is no easy way to protect against the line being up but no traffic passing. This is also why it would be best to have the t1 on the same router. If its not you will need to get very creative to solve this. You could build a GRE tunnel to a remote location and montior the tunnel or run a routing protcol over the tunnel. In the newest software you could use SAA and policy routing to force the traffic over the dialer but the router must support ios 12.4.
3a. You mentioned a cable modem as a backup. That can be much easier sometimes since it is all routing and no dialer interfaces with nasty modem issues. This does not make the issue of the t1 not on the same router easier. -
Need help configuring multiple VLANs and SSIDs
Hi,
We bought a Cisco SGE2000P 24Port switch and 10 WAP4410N access points. Our intent is to provide a secure network to our LAN, and a guest network to the Internet.
We are thinking 3 VLANs would be best for this: VLAN 100 connected to the LAN, VLAN 1000 for the Internet Router and Filter, and VLAN 1100 for the Guest Wireless access.
We have the switch configured for all three of these, and 1 initial access point configured for the VLANS, too.
We have not yet moved the current Internet connection to VLAN 1000 because we aren't sure how to setup routing between VLANS.
Here are some specifics on how the traffic needs to route:
1. We have the DHCP server, which is the PDC, handling both scopes for the LAN and Guest VLAN.
2. The web filter in VLAN 1100 needs to authenticate with the DHCP server as there are different filter rules based on authenticated user. Any users coming from VLAN 1100 will have a default filter rule without requiring any authentication.
3. Certain traffic coming in from the Internet needs to be able to get to VLAN 100. The router has a built-in firewall that handles NAT and port forwarding, so as long as traffic can be forwarded to VLAN 100 we should be good.
4. Traffic on VLAN 1100 (guest Wireless network) should only be allowed to go to Internet (VLAN 1000).
Right now I have the VLANs configured and the ports assigned to the Access Points are set for TAGGED and on VLAN 100 and VLAN 1100.
The SGE2000P has the following IP addresses assigned to the VLANS:
10.7.3.252 - VLAN 100
10.7.40.254 - VLAN 1000
192.168.254.254 - VLAN 1100
Has anyone been able to setup a similar configuration? We have scoured the Internet for documentation but it seems to be very difficult to find!
Thank you!
Gary SmithBased on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
switchport voice vlan 100
This results in the same configuration as:
interface FastEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 100
With the exception of CDP packets being sent advertising the Voice VLAN.
With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
HTH
Andy -
4503 Sup IV
We have 3 VLans,
VLAN 10 10.150.0.0/24
IPHELPER 10.150.0.117
VLAN 11 10.150.1.0/24
IPHELPER 10.150.0.117
VLAN 12 10.150.2.0/24
IPHELPER 10.150.0.117
On 10.150.0.117 we have two scopes set up. One for 10.150.1.x and another for 10.150.2.x.
DHCP clients on VLAN 12 are getting DHCP addresses but not on VLAN 11? HELP PLEASEDid you activate both scopes on the DHCP server ?
Do you see anything on the DHCP Server log regarding clients requesting IP from that subnet ?
At the 4503 switch issue the following commands:
debug ip dhcp server events
debug ip dhcp server packets
do an ipconfig /renew from a workstation on that subnet
then post the log here.
Please rate helpful posts.
Thanks -
Need help InterVlan Routing on SF300-24P? .
Hello
I really need help with Inter vlan routing via Kerio Controll 7.4.1.
I have several SF300-24P switches (IOS 1.3.0.62) and i have created a several VLAN's.
Vlans: Vlan 10, 100, 200 and interface vlan 213 (for management).
I can ping hosts in the same Vlan via this switches. From switch to host, port is in access mode and between switches ports is in Trunk mode
(also i had a problem here, trunk wasn't working untill i used command: switchport trunk allowed vlan add all).
Also port is in Trunk mode between KERIO and SW1 (switch). interface is in TRUNK mode from switch's side because i don't know how configure interface TRUNK mode on kerio.
On kerio i have configed one physical interface with IP - 172.16.0.1 255.255.255.0 and on the same interface i have created
VLAN 10, VLAN 100 and VLAN 200.
static IP's for this interfaces:
10.0.0.1 255.255.255.0 VLAN 10
192.168.100.1 255.255.255.0 VLAN 100
192.168.200.1 255.255.255.0 VLAN 200
On KERIO i have created DHCP Lease for each VLAN, but i cannot get IP's from DHCP. So i assigned static IP's to computers
(for example for VLAN100 PC, VLAN 200 PC and so on) but they cannot ping each other when they are in different vlans, so inter vlan routing itsnot working. but with static IP on the PC, i can ping every VLAN's IP address on KERIO.
so pls tell me how i must configure inter vlan routing on kerio, is it possible?
or what must i do? where is my mistake? maybe when i put IP on pysical interface?
here is my configs and pls help and give me config example.
config-file-header
SW1
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator plaintext
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW1
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
interface vlan 10
name Staff
interface vlan 100
name Cards
interface vlan 200
name AP's
interface vlan 213
name Management
ip address 172.16.213.1 255.255.255.0
no ip address dhcp
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
interface gigabitethernet1
description Direction-To-SW2 <--- This port is Trunk, but its not showing here for some reason.
spanning-tree disable
interface gigabitethernet2
description Direction-To-KERIO <--- This port is Trunk also. i used: switchport mode trunk on both interfaces
spanning-tree disable
exit
banner login
SW1
config-file-header
SW2
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 10,100,200,213
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname SW2
username administrator password encrypted 7fc3774d79570c81cda124d5dcf80b8ae0fcdd6c privilege 15
username cisco password encrypted 1defefd1f4a214009775b2c2b6b961a77da384b5 privilege 15
interface vlan 10
name Staff
interface vlan 100
name Cards
interface vlan 200
name AP's
interface vlan 213
name Management
ip address 172.16.213.2 255.255.255.0
no ip address dhcp
interface fastethernet1
description MANAGEMENT-VLAN
spanning-tree disable
switchport mode access
switchport access vlan 213
interface fastethernet2
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet3
spanning-tree disable
switchport mode general
switchport general acceptable-frame-type untagged-only
interface fastethernet4
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet5
spanning-tree disable
switchport mode access
switchport access vlan 200
interface fastethernet6
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet7
spanning-tree disable
switchport mode access
switchport access vlan 100
interface fastethernet8
spanning-tree disable
switchport mode access
switchport access vlan 100
interface gigabitethernet1
description Direction-To-SW1 <--- This port is Trunk also. i used: switchport mode trunk
exit
banner login
SW2
i have excluded many interfaces because hey have same configs.Yes Kerio is capable for routing. i wanted to make InterVlan routing via kerio Ccontroll, but i can't and that's i asked here, i need to know reason.
I have modified 1 switch to L3, and inter vlan routing its now working (without Kerio) and i hope this switches dont have problem when they are DHCP server also.
thanx for help. I Hope i didnot have much mistakes in config. -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
802.1x EAP-PEAP over Ethernet need help !!!
I am trying to get wired 802.1x EAP-PEAP to work and after spending about 8 hours
troubleshooting this, I am not sure what else to do. Need help. Here
is the scenario:
- Cisco Catalyst 3350 switch running IOS versionc3550-ipservicesk9-mz.122-44.SE6.bin,
- Steelbelted/JUniper Radius Server version 6.1.6 on a windows 2003 server
with IP address of 129.174.2.7. This device is connected to the same switch above.
Firewall is OFF on the server, allow ALL,
- Windows 2003 Enterprise Server supplicant with the latest Service pack and patches. Again,
Firewall is OFF on the server, allow ALL. Juniper has verified the configuration settings
on the Supplicant machine. The supplicant has a static IP address of 129.174.2.15, same subnet
as the radius server, I just want enable EAP-PEAP so that user is forced to authenticate before
the port is activate to be "hot".
- Juniper TAC has verified the configuration on the Steelbelted radius for eap-peap
and that everything is looking fine,
I have verified that the switch can communicate fine with the radius server.
- Configuration on the switch for 802.1x:
aaa new-model
aaa authentication dot1x default group radius
radius-server host 129.174.2.7 auth-port 1812 acct-port 1813 key 123456
interface FastEthernet0/39
description windows 2003 Supplicant
switchport access vlan 401
switchport mode access
dot1x port-control auto
no spanning-tree portfast (does not matter if this is enable or disable)
lab-sw-1#
.May 20 07:52:47.334: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
.May 20 07:52:47.338: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1 data:
.May 20 07:52:47.338: EAPOL pak dump Tx
.May 20 07:52:47.338: EAPOL Version: 0x2 type: 0x0 length: 0x0005
.May 20 07:52:47.338: EAP code: 0x1 id: 0x2 length: 0x0005 type: 0x1
.May 20 07:52:47.338: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
lab-sw-1#
lab-sw-1#sh dot1x interface f0/39
Dot1x Info for FastEthernet0/39
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
Violation Mode = PROTECT
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
lab-sw-1#
I am at a complete lost here. don't know what else to do. Someone with expertise in this realm please
help me how to make this work.
Many thanks in advance,#1: dot1x system-auth-control is already in the switch configuration
#2: Not sure if you're already aware, the minute I entered "dot1x port-control auto", the command "dot1x pae authenticator" automatically appears on the interface configuration
The case is being worked on by Cisco TAC. One of the issues is the windows 2003 server supplicant refuses to work. Windows XP supplicant uses machine-authentication instead of user-authentication. Cisco TAC is looking into this issue. -
Need help - Catalyst 3550 on CCM4.1 Voip
Guys.
We had a Catalyst 3550 switch fail last week, and the guy who really knows this system has left the company.
The switch has a non-free molecules error, which i believe is terminal.
I've sourced a replacement switch and need help configuring it.
I copied the running config from it's sister switch (there are only 2 switches on this ccm), however, the sister switch is a 3560.
I changed the I.P address and switch name before uploading it to the 3550 on the off chance it might just work.
Show run on the 3550 shows that it might be configured, but when i connected it, it took the gateway down.
I'm really up the creek at the moment unless i can get someone to either look at it, find an old config or get this guy back in for a few hours.
Any advice would be greatly received.
Looking at show run, i see two refernces to VLAN's
interface Vlan1
ip address 170.205.238.3 255.255.255.0
interface Vlan10
ip address 10.10.0.254 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 170.205.238.1
no ip http server
The I.P address 170.205.238.1 is alien to me.. i don't know what this is. However, what i do know is that i never changed this. This IP address is the same in the 3560.
Could this cause an issue ?. I'm not aware of anything on a 170.X.X.X subnet, this could have been some legacy from the previous owners of the building.
The first 3 ports in the switch are connected to the publisher, subscriber and gateway router.
Does it matter which port is connected to which component. ?
I believe that i can't be too far away from configuring this, but without any help, i'm a bit stuck.
LEE-SW-CC_VOIP-01#show run
Building configuration...
Current configuration : 6147 bytes
version 12.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LEE-SW-CC_VOIP-01
enable secret 5 $1$2BRP$UtiYkRMAsp7roykkfRDo3/
username cisco privilege 15 secret 5 $1$mh3w$w8H5ygAfDUOBdiE2UftB8.
ip subnet-zero
ip routing
vtp domain LEE
vtp mode transparent
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan 10
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/7
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/8
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/9
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/11
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/12
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/13
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/14
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/15
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/16
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/17
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/18
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/19
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/20
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/21
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/22
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/23
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/24
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
mls qos trust cos
udld port aggressive
auto qos voip trust
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
mls qos trust cos
udld port aggressive
auto qos voip trust
priority-queue out
interface Vlan1
ip address 170.205.238.3 255.255.255.0
interface Vlan10
ip address 10.10.0.254 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 170.205.238.1
no ip http server
logging trap debugging
line con 0
exec-timeout 0 0
privilege level 15
login local
line vty 0 4
privilege level 15
login local
length 0
line vty 5 15
privilege level 15
login local
length 0
end
LEE-SW-CC_VOIP-01#Always wanting to learn more, I re-instated the test config and ran those commands.
LEE-SW-CC_VOIP-01#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
LEE-SW-CC_VOIP-01#show ip int brief
Interface IP-Address OK? Method Status Prot
ocol
Vlan1 170.205.238.2 YES NVRAM up down
Vlan10 10.10.0.254 YES NVRAM up down
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down
FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
LEE-SW-CC_VOIP-01# -
I am Stuck! Need Help With Multicast Streaming Using VLC Player
I have a Multicast network topology shown below
and my configs
HUB ROUTER
no ip domain lookup
ip domain name primestarhotel.com
ip multicast-routing
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip pim sparse-dense-mode
interface FastEthernet0/0
ip address 200.0.0.2 255.255.255.240
ip pim sparse-dense-mode
ip virtual-reassembly
speed 100
full-duplex
interface FastEthernet0/1.65
description "Server Vlan"
encapsulation dot1Q 65
ip address 10.1.65.1 255.255.255.0
ip pim sparse-dense-mode
ip virtual-reassembly
router ospf 200
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 10.1.65.0 0.0.0.255 area 0
network 200.0.0.0 0.0.0.15 area 0
ip route 200.1.1.0 255.255.255.252 200.0.0.1
ip route 200.2.2.0 255.255.255.252 200.0.0.1
no ip http server
no ip http secure-server
ip pim send-rp-announce Loopback0 scope 6
ip pim send-rp-discovery Loopback0 scope 6
ISP ROUTER
interface FastEthernet1/0
interface FastEthernet1/1
no switchport
ip address 200.0.0.1 255.255.255.240
ip pim sparse-dense-mode
duplex full
speed 100
interface FastEthernet1/2
no switchport
ip address 200.1.1.1 255.255.255.252
ip pim sparse-dense-mode
duplex full
speed 100
interface FastEthernet1/3
no switchport
ip address 200.2.2.1 255.255.255.252
ip pim sparse-dense-mode
duplex full
speed 100
router ospf 200
log-adjacency-changes
network 200.0.0.0 0.0.0.15 area 0
network 200.1.1.0 0.0.0.3 area 0
network 200.2.2.0 0.0.0.3 area 0
SPOKE 1 Router
interface FastEthernet0/0
ip address 200.1.1.2 255.255.255.252
ip pim sparse-dense-mode
speed 100
full-duplex
interface FastEthernet0/1
no ip address
ip pim sparse-dense-mode
ip virtual-reassembly
speed 100
full-duplex
interface FastEthernet0/1.12
description "Workstation pc"
encapsulation dot1Q 12
ip address 10.1.12.1 255.255.255.0
ip pim sparse-dense-mode
router ospf 200
log-adjacency-changes
network 10.1.12.0 0.0.0.255 area 0
network 200.1.1.0 0.0.0.3 area 0
ip route 0.0.0.0 0.0.0.0 200.1.1.1
SPOKE 2
interface FastEthernet0/0
ip address 200.2.2.2 255.255.255.252
ip pim sparse-dense-mode
speed 100
full-duplex
interface FastEthernet0/1
ip address 10.2.22.1 255.255.255.0
ip pim sparse-dense-mode
speed 100
full-duplex
router ospf 200
log-adjacency-changes
network 10.2.22.0 0.0.0.255 area 0
network 200.2.2.0 0.0.0.3 area 0
ip route 0.0.0.0 0.0.0.0 200.2.2.1
ip route 200.2.2.0 255.255.255.252 200.0.0.1
I have implemented multicast on the network in a hub and spoke topology. i have set up ospf routing protocol and broadcast all network and can successfully ping.
I am currently using VLC player as my media streaming server and client. i have set up rtp streaming from the HUb router using multicast ip 224.2.2.2 and unable to broadcast the multicast traffic across the spokes 1 and 2 PC's
I have never used vlc player never set up multicast network before and i am struggling with this and need help.
these are my router configs below
http://dl.dropbox.com/u/20145606/ip%20video%20config.txt
Message was edited by: Louis OjuwuI have edited the message and the configs and topology are visible above now. instead of the links i provided
-
Need Help for redirect to HTTPS
Hello forum members,
i have difficulty while configuring http to https while accessing specific url.
the case:
i have www.foo-bar.com.god in http, in the web page there is www.foo-bar.com.god/trust/* that must be accessing in https
is there any spesific line of config to apply in my config,
my config is below.
### start
access-list INBOUND line 8 extended permit ip any any
parameter-map type http PERSISTENCE-REBALANCE
persistence-rebalance
parameter-map type ssl SSL_END_to_END
cipher RSA_WITH_RC4_128_SHA priority 10
cipher RSA_WITH_3DES_EDE_CBC_SHA priority 7
cipher RSA_WITH_AES_128_CBC_SHA priority 9
cipher RSA_WITH_AES_256_CBC_SHA priority 8
session-cache timeout 600
rserver host PORTAL-A
ip address 10.49.30.200
inservice
action-list type modify http FORCE-HTTPS
ssl url rewrite location "www\.foo\-\bar\.com\.god\trust\*"
header insert response Cache-Control header-value "private, no-cache, no-store, must-revalidate"
header rewrite response Server header-value "" replace "BLANK"
serverfarm host PORTAL-SFARM
rserver PORTAL-A 80
inservice
ssl-proxy service PORTAL-CERT
key portal.key
cert portal.crt
sticky ip-netmask 255.255.255.255 address source SOURCEIP-STICKY-HTTP-SFARM
replicate sticky
serverfarm PORTAL-SFARM
class-map match-all SSL-VIP
2 match virtual-address 10.49.30.230 tcp eq https
class-map match-all HTTP-VIP
2 match virtual-address 10.49.30.230 tcp eq www
class-map type management match-any remote_access
202 match protocol icmp any
204 match protocol ssh any
207 match protocol snmp any
208 match protocol telnet any
209 match protocol http any
210 match protocol https any
211 match protocol xml-https any
policy-map type management first-match management
class remote_access
permit
policy-map type loadbalance first-match LB-PORTAL-L7-POLICY
class class-default
sticky-serverfarm SOURCEIP-STICKY-HTTP-SFARM
action FORCE-HTTPS
policy-map multi-match LB-PORTAL-L4-POLICY
class SSL-VIP
loadbalance vip inservice
loadbalance policy LB-PORTAL-L7-POLICY
loadbalance vip icmp-reply
nat dynamic 1 vlan 260
appl-parameter http advanced-options PERSISTENCE-REBALANCE
ssl-proxy server PORTAL-CERT
interface vlan 260
description "User-Access"
ip address 10.49.30.231 255.255.255.192
peer ip address 10.49.30.232 255.255.255.192
access-group input INBOUND
nat-pool 1 10.49.30.252 10.49.30.252 netmask 255.255.255.255
service-policy input management
service-policy input LB-PORTAL-L4-POLICY
no shutdown
### End
need for review the config
thanks and regards
hamzahHi Singh,
thank you for reply,
i just change the config so hope fully the web can redirecting properly.
but when i apply the config, the Browser say, the connection was reset.
Need help
here is my full config
crypto chaingroup portal-verySign
cert portal.pem
access-list everyone line 8 extended permit ip any any
rserver host PORTAL-A
ip address 10.49.30.200
inservice
rserver redirect PORTAL_REDIR_HTTPS
webhost-redirection https://%h%p 302
inservice
serverfarm redirect PORTAL_HTTPS_SFARM
rserver PORTAL_REDIR_HTTPS
inservice
serverfarm host WWW_PORTAL_SFARM
rserver PORTAL-A 80
inservice
parameter-map type http PERSISTENCE-REBALANCE
persistence-rebalance
parameter-map type ssl SSL_END_to_END
cipher RSA_WITH_RC4_128_SHA priority 10
cipher RSA_WITH_3DES_EDE_CBC_SHA priority 7
cipher RSA_WITH_AES_128_CBC_SHA priority 9
cipher RSA_WITH_AES_256_CBC_SHA priority 8
session-cache timeout 600
sticky http-cookie PORTAL-STICKY STICKY-PORTAL-1
serverfarm WWW_PORTAL_SFARM
sticky ip-netmask 255.255.255.255 address source SOURCEIP-STICKY-HTTP-SFARM
replicate sticky
serverfarm WWW_PORTAL_SFARM
action-list type modify http HTTP_MODIFICATION
header insert request X-Forwarded-Proto header-value "%pd"
header insert request Via header-value "1.1 web:%pd"
header insert response Via header-value "1.1 web:ps"
ssl url rewrite location ".*"
ssl header-insert session Id
ssl-proxy service CLIENT_PORTAL
ssl advanced-options SSL_END_to_END
ssl-proxy service SERVER_PORTAL
key portal-key.pem
cert portal.pem
chaingroup portal-verySign
ssl advanced-options SSL_END_to_END
class-map type http loadbalance match-any PORTAL-SSL
2 match http url .*
class-map match-all VIP-SSL-PORTAL
2 match virtual-address 10.49.30.230 tcp eq https
class-map match-all VIP-WWW-PORTAL
2 match virtual-address 10.49.30.230 tcp eq www
policy-map type loadbalance first-match PORTAL_HTTPS_DEFAULT
class class-default
compress default-method gzip
sticky-serverfarm SOURCEIP-STICKY-HTTP-SFARM
action HTTP_MODIFICATION
ssl-proxy client CLIENT_PORTAL
policy-map type loadbalance first-match PORTAL_HTTP_DEFAULT
class class-default
serverfarm PORTAL_HTTPS_SFARM
policy-map multi-match L4_PORTAL_LB
class VIP-WWW-PORTAL
loadbalance vip inservice
loadbalance policy PORTAL_HTTP_DEFAULT
loadbalance vip icmp-reply active
nat dynamic 1 vlan 260
class VIP-SSL-PORTAL
loadbalance vip inservice
loadbalance policy PORTAL_HTTPS_DEFAULT
loadbalance vip icmp-reply active
nat dynamic 1 vlan 260
appl-parameter http advanced-options PERSISTENCE-REBALANCE
ssl-proxy server SERVER_PORTAL
interface vlan 260
description User-Access
ip address 10.49.30.231 255.255.255.192
peer ip address 10.49.30.232 255.255.255.192
access-group input everyone
nat-pool 1 10.49.30.252 10.49.30.252 netmask 255.255.255.255
service-policy input L4_PORTAL_LB
no shutdown
ip route 0.0.0.0 0.0.0.0 10.49.30.195
ip route 10.0.0.0 255.255.255.0 10.49.30.193
need your advice -
Retail Inter company Consignment process-Help
Hi Everybody,
We need to implement the Inter Company Consignment Processs Between DC & Store since they belong to different company codes. The Process would be Consignment articles will be received from Vendor to DC >; then Intercompany Consignment PO from DC To Store >,Outbound delivery > Goods issue from DC > GR at Store > Sale from Store .
Need help for setting this up so that settlement works correctly -
1) What way it should be configured or processes should be followed so that Vendor Consignmnet stock is available in Store under the same Consignment vendor no through which DC procures consignment.
In our current prototye when the Stocks are being issue against Inter company Consignment PO from DC to Store & received at Store ,consignment stocks are posted under vendor no (DC) . Now how the consignment settlement work in this case as we would like to settle against the external vendor from whom DC procured consignment articles?
Are we doing correctly ? Or what should be the correct process ( config & relevent data) to support the Intercompany Consignment process ? We have maintained the other setting with reference to stock determination, article master settings etc.
Any help on this will be highly rewared as its the critical need of business,.
Pls share useful guidance to support the Intercompany Consignment process & settlement through sale at store .
WE also need to make the return process from store > DC > Vendor for customer return of consignment articles.
Pls share your experience or guidance on this....will be rewarded..
Thanks in advance for this.
KrishHi,
How did you solve the scenario can u explain.
Thanks
sreenivas -
Need Help:Reading Data from RU payroll cluster for table GRREC
Hi...
I need help on how to read data from RU cluster table for table GRREC for the employee & run date and get the value from structure PC292 .
Please let me know about the includes and the import and export statements to be used.
Thanks in advance,
RAVI.Hi,
Here goes pseudocode
Includes:
include: rpppxd00 ,
rpppxd10 ,
rpc2cd09 ,
rpc2rx02_ce , "if ldb pnp_ce is used else use the same include with out _ce
rpc2rx29 ,
rpc2rx39 ,
rpppxm00 ,
rpc2ruu0_ce ,
Declare:
DATA : i_rgdir LIKE pc261 OCCURS 0 WITH HEADER LINE ,
i_result TYPE pay99_result OCCURS 0 WITH HEADER LINE ,
i_grrec LIKE pc292 OCCURS 0 WITH HEADER LINE .
start-of-selection:
GET pernr.
Get the RGDIR VALUE for the current PERNR & selected Molga
get rgdir data TABLES i_rgdir
USING pernr-pernr
p_molga " parameter
CD-KEY-PERNR = PERNR-PERNR.
RP-IMP-C2-CU.
i_rgdir [] = rgdir[].
LOOP AT i_rgdir WHERE fpbeg LE pn-endda
AND fpend GE pn-begda
AND srtza EQ 'A'
AND void NE 'V'.
get_result_tabs TABLES i_result
USING 'RU' " US cluster
pernr-pernr
i_rgdir-seqnr
RX-KEY-PERNR = PERNR-PERNR.
UNPACK i_RGDIR-SEQNR TO RX-KEY-SEQNO.
RP-IMP-C2-RU.
i_grrec[] = i_result-inter-grrec[].
LOOP AT i_grrec.
case i_grrec.
use wage types required here and pass the data to output table.
endcase.
endloop.
endloop
end-of-selction. -
Need help to develop Pythagoras theorem-
Hi i need help to develop proofs 2,3,4
of pythagoras theorems in java as demonstrations
These are applets can anyone help me with it or give me an idea of how to go about developing it -
the site is the following
http://www.uni-koeln.de/ew-fak/Mathe/Projekte/VisuPro/pythagoras/pythagoras.html
then double click on the screen to make it startPardon my ASCII art, but I've always liked the following, simple, geometric proof:
a b
---------------------------------------+
| | |
a| I | II |
| | |
---------------------------------------+
| | |
| | |
| | |
| | |
| | |
b| IV | III |
| | |
| | |
| | |
| | |
| | |
| | |
---------------------------------------+It almost goes without saying that I+II+III+IV == (a+b)^2, and II == IV == a*b,
I == a*a and III == b*b, showing that (a+b)^2 == a^2+a*b+a*b+b^2.
I hope the following sketch makes sense, stand back, ASCII art alert again: a b
---------------------------------------+
| . VI |
| . . |a
| V . |
| +
| |
| . |
b| . |
| |
| IX |
| . |
| . |b
| |
+ |
| . |
a| . . VII |
| VIII . |
---------------------------------------+
a bThe total area equals (a+b)^2 again and equals the sum of the smaller areas:
(a+b)^2 == V+VI+VII+VIII+IX. Let area IX be c^2 for whatever c may be.
V+VII == VI+VIII == a*b, so a^2+b^2+2*ab= c^2+2*a*b; IOW a^2+b^2 == c^2
Given this fundamental result, the others can easily be derived from this one,
or did I answer a question you didn't ask?
kind regards,
Jos -
I need help to find and open a job app that I exported, was able to fill out and sign and saved and now can't open it? What did I do wrong?
What file format did you export it to?
-
Need help to open audios attached in a PDF file
Hello
I just need help. I have ordered a reviewer online that has audios and texts in a pdf file. I was told to download the latest adobe reader on my computer. I have done the same thing on my ipad mini. I am not so technical with regards to these things. Therefore I need help. I can access the audios on my computer but not on my ipad.
I want to listen to audios with scripts or texts on them so i can listen to them when i am on the go. I was also informed that these files should work in any device. How come the audios doesnt work on my ipad.
Please help me on what to do.
ThanksAudio and video are not currently support on Adobe Reader. :-<
You need to buy a PDF reader that supports them. My suggestion is PDF Expert from Readdle ($US 9.99)
Maybe you are looking for
-
Hai.. i had a problem regarding the creation of function.. the problem is: i need to compare the column values to get the minimum rate.. i.e my problem goes like this.. i have a view with four fields of number datatype how to get minimum valu of each
-
Battery performance on vista v osx
Hi there I have a macbook which runs vista and osx and am finding that the battery performance on vista is pretty poor compared to running osx - has anybody else experienced this and what would be causing it? cheers
-
Download Error for 4.1.2 GB on OSX 10.4.11
Checking for updates, the dialog says 3.0.4 is the current version for this OS. After downloading 4.1.2, installation shows "valid GB version not found in Applications." So we tried putting the .pkg into applications to install. Same message. We are
-
I have been using itunes 6 with Windows xp for months with no problems. Suddenly any track i try to play comes up 'original file cannot be found'. My entire library seems to be disconnected from the original files. The track files folder is still on
-
Wrong journal on Sales Return, how to correct it.
Hi all, When create the Sales Return, produce the wrong journal : Variance HPP (DB) COGS (CR) It should be: Inventory (DB) COGS (CR) How to correct it ? If we use JE to reclass it, it will cause not match betw