VLANs - Default, Native and Management

Similar Messages

• 1300 bridge with native and management vlan in different vlans

  Hello,
  We are going to set up a wireless bridge between two 1300 accesspoints. In our network the native vlan and the management vlan are different vlan's. Will we be able to manage the ap and switch at the "remote" site? Do we have to set up two ssid's, one for native and one for management?
  regards,
  Rutger

  Too answer my own question:
  I don't think it is possible. Things work fine by making our management vlan the native vlan on switches and ap's involved. Management IP address on the BVI1 interface and everything works!
  Rutger

• Users VLAN and Management VLAN

  is it possible to separate two VLANs:
  one is running for the users VLAN connects to the clients
  one is for management purpose.
  Is there a sample code available for access points, bridges, and switches?
  I am really appreciated that

  Hi,
  You can configure VLANs on enterprise access points.
  What you need to do is configure the access point with its managment IP address, set this as the native vlan and then add the other VLAN or VLANs.
  Then on the switch that the access point is connected to you need to configure a trunk port and make sure that the native vlan is the same VLAN you set as native on the access point.
  As an example if the Access point has an IP address for managment vlan 20, we set this VLAN as native and then we add the other VLAN or VLANs, and on the switch you configure the port as a trunk port with the same native VLAN 20.
  Note, native vlan is the same as untagged vlan. When we confgure a trunk port this will tag all vlans except the native vlan or untagged vlan that needs to be the same between directly connected devices.

• About the Native Vlan and Management Vlan.

  I wanted to know that Management vlan and Native vlan can be different vlan id or  both should be same vlan id. Why should not be native vlan 1.

  The use of a native VLAN is generally frowned upon now as there are some well known security exploits that leverage this untagged VLAN. Cisco often recommends setting the Native VLAN to an unused VLAN in your infrastructure in order to render it useless for attacks.
  It is also recommended that you create a separate VLAN for your Management traffic and that this VLAN be tagged (therefore not a Native VLAN).
  Native Vlan is the vlan which will be sent untagged even in Trunk links. Consider a Trunk link configured between two switches SWA and SWB, if a system in vlan1 of SWA is sending a frame via SWB, then this frame will be received as untagged by SWB, then switch B decides that the untagged frame is from native vlan 1 and handles accordingly. By default native vlan is 1, this can also be changed as per requirement.
  Example: In the below figure if a IP phone and system are connected toa switch port as below, the the Phones will  send its frames tagged with vlan 10 where as the frames sent by system will be untagged. So here the the corresponding switch port should be configured as native vlan 20. So that it can recognise and handle the frames from system and IP phone properly.
  a
  Management vlan is different, it means that this vlan will be used for management purposes like Logging into the switch for management, Monitoring the switch,collecting Syslog ans SNMP traps, etc will be done by management vlan IP. This also by default vlan 1 in cisco. So as Antony said the it is always a Best practice and security measure to not use the default vlan and use custom vlans.
  Hope this helps !

• VLAN trunking, native vlan and management vlan

  Hello all,
  In our situation, we have 3 separate vlans: 100 for management vlan and 101 for data and 102 for voice.
  We have an uplink which is trunked using .1Q. Our access ports has the data vlan as the native. Based on our design, what should be the native vlan for this uplink trunk? Should it be the management vlan or the data vlan? Thanks for your help.

  To answer this question you must remember what the native vlan is. Native is where untagged packets are sent, i.e. packets without a dot1Q tag. It is there mainly for compatibility. On an access port it has no function while normal traffic is not tagged and sent to the vlan that is configured for the port. Traffic for the voice vlan is an exception to this general rule.
  Native vlan setting only plays a role on trunk links where most of the traffic carries a tag. As explained, it is then used as the vlan for untagged traffic.
  When you do not consider this a security breach, you may configure the data-vlan as native. Use another vlan (why not vlan1?) in the case where you want to isolate this traffic.
  I find it good design practice to use the same native vlan throughout the network. This keeps things clear and it's better for anyone who is not completely obsessed with security. The latter kind of people can always find a reason to mess things up, both for themselves and for others;-)
  Regards,
  Leo

• Default/native vlan- voip data question- cisco sf300

  hi everybody,
  I have to set up voip and data vlans on cisco sf 300-24P. I will set up phones over LLDP and
  on the same port (on switch) I will have untagged vlan 10 for data, so PC will be connected
  through IP phones on network.
  So what confuses me that on SF 300 under VLAN mgmt--> Default VLAN settings you got
  options to change default VLAN id (which is of course VLAN1) which will be active after reboot.
  How come that you can change default vlan? Isnt that default vlan is always vlan 1 and you can
  change native vlan to be something else- let say vlan 10 which will be untagged vlan for data?
  So what is best practise- should I just leave default vlan 1 and use it for data also or I sholud
  change it to let say VLAN 10 to be native and use it for data.
  And what will be with default VLAN 1 if I change it with above mentioned procedure?
  Thx!

  Hi,
  Best Practice is to leave Vlan 1 for management purposes only. Create yourself a DATA and VOICE vlan. Usually Management vlan does not have DHCP enabled and have to static assigned pc within your management vlan for access. I would say that it really depends on how the rest of your network is configured depending on configuration of switch now. Unless this is a clean install. 
  Hope this helps,
  Jasbryan

• Any advantages to setting the AP-Manager and Management interface to an untagged vlan?

  Any advantages to setting the AP-Manager and Management interface to an untagged vlan? Currently, our controllers have their management and ap-manager interfaces on the same untagged vlan. Would it be wise to change this? Are there any gotchyas I should be aware of?

  No really, there won't be a problem. Management an AP-manager can be on different vlans.
  The vlan you chose to untag is the vlan you should declare as native on the switch, that's it.
  No advantage in having interfaces configured in a way or another.
  Some people want the management to be in a "management" subnet and the ap-manager will be in the subnet with all the APs. Some others have several AP subnets so the ap-manager is in the same as management ... no importance whatsoever as long as the config is coherent.
  The only thing that is worth considering is the size of AP subnet to me. If you give a /16 for APs and have 1000 APs in a single subnet, ARP and broadcast storms will be hitting the fan. But the vlan tag/untags that you chose are not important
  To rate an answer, click on the stars below it. 1 for not so useful and 5 for very useful.
  Nicolas
  ===
  Don't forget to rate answers that you find useful.

• Cisco 3750x DHCP and Management VLAN

  We use 3750x switches in the stack, it has management VLAN (IP Address and Gateway configured correctly). I can ssh to switch fine. However we also use this switch as DHCP server for a number of different VLANS. So, I would create a DHCP pool, interface in this VLAN. Now, if I'm in VLAN3 that gets DHCP address on this switch I'm not able to ssh to this switch via Management VLAN IP Address 192.168.5.253 (can ping it fine), but I can ssh into this switch using Interface IP Address from the VLAN that I'm sitting on 192.168.3.253. For example
  ip dhcp excluded-address 192.168.3.253 192.168.3.254
  ip dhcp excluded-address 192.168.5.253 192.168.5.254
  ip dhcp pool VLAN_3
     network 192.168.3.0 255.255.255.0
     dns-server 8.8.8.8
    default-router 192.168.3.254
  ip default-gateway 192.168.5.254
  interface Vlan3
    description Test
    ip address 192.168.3.253  255.255.255.0
  interface Vlan5
    description Management
    ip address 192.168.5.253  255.255.255.0

  Hi,
  can you post "sh run"?

• Changing Default Native VLAN

  Hi,
       We are using CISCO 3750-G Switch as Core Switch. VLAN1 is being our Native VLAN since the implementation.
  This switch is connected with 10 numbers of CISCO 2960 Switches by trunking ports. IP addresses assigned for L2 Switches from VLAN1 only.
  Now I want to change the Default Native VLAN from 1 to some other.
  My query is is there any pre-requesties to change Native VLAN or Can I change to Native VLAN ID simply?
  Looking forward support.
  Regards,
  Ramesh Balachandran

  HI Ramesh,
  Native VLAN will come into picture if you use trunks in your switches. Procedure to change the native VLAN.
  1) conf ter
      interface
      switchport trunk native vlan
  CAUTION: If you are chaning the native VLAN only one end the spanning-tree for the orginal native vlan and the changed native vlan will go into inconsistency state and will be blocked.
  In the below example on the local end(Native VLAN chosen is 2 and the remote end is 1)
  3750#sh spanning-tree int gi1/8
  Vlan                Role Sts Cost      Prio.Nbr Type
  VLAN0001            Desg BKN*4         128.8    P2p *PVID_Inc
  VLAN0002            Desg BKN*4         128.8    P2p *PVID_Inc
  Thanks & Regards,
  Karthick Murugan
  CCIE#39285

• Transparent vlan and management of remote switch

  Hi,
  I'm a bit confused regarding the native Vlan of 1262 bridge ...
  My design is LAN---RAP ---- MAP---remote-SWITCH with two Vlan : one for the data and one for the management.
  I keep the vlan 1 for management at this point, but I'm still unable to access the remote switch.
  On LAN side, the switch port is on trunk mode (native vlan 1 and vlan 2 allowed)
  On RAP the Gigabit Ethernet is on normal mode
  On MAP the Gigabit Ethernet is on normal mode
  On remote-SWitch, the switch port is on trunk mode (native vlan 1 and vlan 2 allowed)
  Transparent vlan is disabled on WLC and Ethernet Bridging is checked for both AP.
  It seems that it's not possible to bridge the Vlan1 as it used for the backhaul so does it means
  that for management purpose I must use a specific Vlan-id ? And if my understanding is correct, to define this vlan-id
  as native on MAP with the Ethernet Port set as Trunk and on others switchs ( LAN side and remote-Switch).
  thks for your reply

  If you have Ethernet bridging enabled and have defined the vlan for the bridging, then the rap has to be connected to a trunk port and the traffic from the device that is connected to the MAP will egress out of the RAP's Ethernet port onto the trunk port. If you don't define and vlan for bridging then the traffic will be placed on the vlan the RAP is assigned to.
  https://supportforums.cisco.com/servlet/JiveServlet/downloadBody/21766-102-1-53166/Understanding%20mesh%20ethernet%20bridging.pptx
  https://supportforums.cisco.com/docs/DOC-21766
  Sent from Cisco Technical Support iPhone App

• How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .

  How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .

  Hi Ramy,
  As a work around , you can create a VM without installing OS and  configure the Vlan of VNic , then export it .
  The new VM will be with Vlan ID when you import the "export file".(note : you need to select "copy the virtual machine " in the tab "choose import type" during importing ) .
  Hope this helps
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• WLS Admin and managed server startup issue

  Hi ,
  In one of WLS Domain both the Admin Server and Managed Server startup is just hanging at the below mentioned point :
  <Security> <BEA-090082> <Security initializing using security realm myrealm.>
  After this there are no error messages or logs being generated and the server start up is not proceeding .
  Only message shown a while after this is :
  Warning : domain runtime mbean server has not been found after trying for 600 seconds
  Please provide some inputs on how to troubleshoot this issue .
  Checked the AdminServer.log and there are no errors reported there as well .
  Some more data from AdminServer.log :
  <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1336448845368> <BEA-090516> <The Authenticator provider has preexisting LDAP data.>
  <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1336448845632> <BEA-090516> <The Authorizer provider has preexisting LDAP data.>
  <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1336448846193> <BEA-090516> <The CredentialMapper provider has preexisting LDAP data.>
  <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1336448846208> <BEA-090516> <The RoleMapper provider has preexisting LDAP data.>
  <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1336448846433> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server AdminServer for security realm myrealm.>
  <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1336448846433> <BEA-090082> <Security initializing using security realm myrealm.>
  Thanks
  Srinath
  Edited by: Srinath Menon on May 8, 2012 9:36 AM

  Hi Ashish ,
  Thanks for the inputs.
  Tried the same steps as mentioned but the issue still remains like that .
  Posting the thread dump collected for AdminServer:
  ===== FULL THREAD DUMP ===============
  Tue May 8 10:04:58 2012
  Oracle JRockit(R) R28.1.3-11-141760-1.6.0_24-20110301-1430-linux-ia32
  "Main Thread" id=1 idx=0x4 tid=9341 prio=5 alive, waiting, native_blocked
  -- Waiting for notification on: weblogic/t3/srvr/SubsystemRequest@0x9f81d3c0[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at syncWaitForSignal+157(synchronization.c:85)@0xb7ee7dbe
  at syncWaitForJavaSignal+53(synchronization.c:93)@0xb7ee7ea6
  at RJNI_jrockit_vm_Threads_waitForNotifySignal+53(rnithreads.c:72)@0xb7eb78a6
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at weblogic/t3/srvr/SubsystemRequest.rendezvouz(SubsystemRequest.java:100)
  ^-- Lock released while waiting: weblogic/t3/srvr/SubsystemRequest@0x9f81d3c0[fat lock]
  at weblogic/t3/srvr/SubsystemRequest.action(SubsystemRequest.java:81)
  at weblogic/t3/srvr/SubsystemRequest.start(SubsystemRequest.java:51)
  at weblogic/t3/srvr/ServerServicesManager.startService(ServerServicesManager.java:459)
  at weblogic/t3/srvr/ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
  ^-- Holding lock: java/lang/Class@0x9fa95598[biased lock]
  at weblogic/t3/srvr/T3Srvr.initializeStandby(T3Srvr.java:879)
  at weblogic/t3/srvr/T3Srvr.startup(T3Srvr.java:566)
  at weblogic/t3/srvr/T3Srvr.run(T3Srvr.java:467)
  at weblogic/Server.main(Server.java:71)
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  -- end of trace
  "(Signal Handler)" id=2 idx=0x8 tid=9342 prio=5 alive, native_blocked, daemon
  at <unknown>(???.c)@0xb7fe9410
  at sigiSignalHandlerThread+135(signalhandler.c:131)@0xb7ec2fd8
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "(OC Main Thread)" id=3 idx=0xc tid=9343 prio=5 alive, native_waiting, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at innerNativeDoWait+894(nativelock.c:614)@0xb7e78caf
  at nativeWait+71(nativelock.c:721)@0xb7e79008
  at ocMainThread+663(gcthreads.c:581)@0xb7d8a098
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "(GC Worker Thread 1)" id=? idx=0x10 tid=9344 prio=5 alive, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at eventTimedWaitNoTransition+62(event.c:72)@0xb7d6bb3f
  at eventWaitNoTransition+32(event.c:62)@0xb7d6bc31
  at mmGCWorkerThread+134(gcthreads.c:797)@0xb7d89d67
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "(GC Worker Thread 2)" id=? idx=0x14 tid=9345 prio=5 alive, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at eventTimedWaitNoTransition+62(event.c:72)@0xb7d6bb3f
  at eventWaitNoTransition+32(event.c:62)@0xb7d6bc31
  at mmGCWorkerThread+134(gcthreads.c:797)@0xb7d89d67
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "(Code Generation Thread 1)" id=4 idx=0x18 tid=9348 prio=5 alive, native_waiting, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at innerNativeDoWait+894(nativelock.c:614)@0xb7e78caf
  at nativeWait+71(nativelock.c:721)@0xb7e79008
  at cg_thread+380(compilerqueue.c:203)@0xb7d4be5d
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "(Code Optimization Thread 1)" id=5 idx=0x1c tid=9349 prio=5 alive, native_waiting, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at innerNativeDoWait+894(nativelock.c:614)@0xb7e78caf
  at nativeWait+71(nativelock.c:721)@0xb7e79008
  at cg_thread+380(compilerqueue.c:203)@0xb7d4be5d
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "(VM Periodic Task)" id=6 idx=0x20 tid=9350 prio=10 alive, native_blocked, daemon
  at <unknown>(???.c)@0xb7fe9410
  at block_for_safepoint+106(safepoint.c:34)@0xb7ebad5b
  at eventTimedWait+239(event.c:83)@0xb7d6bd30
  at periodic_task_thread+627(periodictask.c:367)@0xb7e90dd4
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "Finalizer" id=7 idx=0x24 tid=9351 prio=8 alive, native_waiting, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at innerNativeDoWait+894(nativelock.c:614)@0xb7e78caf
  at nativeWait+71(nativelock.c:721)@0xb7e79008
  at RJNI_jrockit_memory_Finalizer_waitForFinalizees+211(finalhandles.c:1007)@0xb7d751f4
  at jrockit/memory/Finalizer.waitForFinalizees(J[Ljava/lang/Object;)I(Native Method)
      at jrockit/memory/Finalizer.access$700(Finalizer.java:12)
      at jrockit/memory/Finalizer$4.run(Finalizer.java:189)
      at java/lang/Thread.run(Thread.java:662)
      at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
      -- end of trace
  "Reference Handler" id=8 idx=0x28 tid=9352 prio=10 alive, native_waiting, daemon
      at <unknown>(???.c)@0xb7fe9410
      at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
      at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
      at innerNativeDoWait+894(nativelock.c:614)@0xb7e78caf
      at nativeUnlockAndWait+71(nativelock.c:686)@0xb7e790a8
      at RJNI_java_lang_ref_Reference_waitForActivatedQueue+38(semiref.c:342)@0xb7ebd9b7
      at java/lang/ref/Reference.waitForActivatedQueue(J)Ljava/lang/ref/Reference;(Native Method)
      at java/lang/ref/Reference.access$100(Reference.java:11)
      at java/lang/ref/Reference$ReferenceHandler.run(Reference.java:82)
      at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
      -- end of trace
  "(Sensor Event Thread)" id=9 idx=0x2c tid=9353 prio=5 alive, native_blocked, daemon
      at <unknown>(???.c)@0xb7fe9410
      at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
      at eventTimedWaitNoTransition+62(event.c:72)@0xb7d6bb3f
      at eventTimedWait+138(event.c:56)@0xb7d6bccb
      at eventWait+32(event.c:50)@0xb7d6bd81
      at sensor_event_loop+37(sensor.c:68)@0xb7ebfda6
      at thread_stub+146(lifecycle.c:808)@0xb7e2c333
      at start_thread+225(:0)@0x515832
      at __clone+93(:0)@0x46ae0e
  "VM JFR Buffer Thread" id=10 idx=0x30 tid=9354 prio=5 alive, in native, daemon
      at <unknown>(???.c)@0xb7fe9410
      at bufferthread+2135(vmjfr.c:1008)@0xb71744b8
      at run_agent_thread+128(jvmtithreads.c:524)@0xb7e1f361
      at thread_stub+146(lifecycle.c:808)@0xb7e2c333
      at start_thread+225(:0)@0x515832
      at __clone+93(:0)@0x46ae0e
  "Timer-0" id=13 idx=0x34 tid=9358 prio=5 alive, waiting, native_blocked, daemon
      -- Waiting for notification on: java/util/TaskQueue@0x9f9fc350[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at syncWaitForSignal+157(synchronization.c:85)@0xb7ee7dbe
  at syncWaitForJavaSignal+53(synchronization.c:93)@0xb7ee7ea6
  at RJNI_jrockit_vm_Threads_waitForNotifySignal+53(rnithreads.c:72)@0xb7eb78a6
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at java/lang/Object.wait(Object.java:485)
  at java/util/TimerThread.mainLoop(Timer.java:483)
  ^-- Lock released while waiting: java/util/TaskQueue@0x9f9fc350[fat lock]
  at java/util/TimerThread.run(Timer.java:462)
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  -- end of trace
  "Timer-1" id=14 idx=0x38 tid=9363 prio=5 alive, waiting, native_blocked, daemon
  -- Waiting for notification on: java/util/TaskQueue@0xa20ee240[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at java/util/TimerThread.mainLoop(Timer.java:509)
  ^-- Lock released while waiting: java/util/TaskQueue@0xa20ee240[fat lock]
  at java/util/TimerThread.run(Timer.java:462)
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  -- end of trace
  "[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'" id=15 idx=0x3c tid=9364 prio=5 alive, waiting, native_blocked, daemon
  -- Waiting for notification on: netscape/ldap/LDAPResponseListener@0x9724f0c8[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at syncWaitForSignal+157(synchronization.c:85)@0xb7ee7dbe
  at syncWaitForJavaSignal+53(synchronization.c:93)@0xb7ee7ea6
  at RJNI_jrockit_vm_Threads_waitForNotifySignal+53(rnithreads.c:72)@0xb7eb78a6
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at java/lang/Object.wait(Object.java:485)
  at netscape/ldap/LDAPMessageQueue.waitForMessage(LDAPMessageQueue.java:200)
  ^-- Lock released while waiting: netscape/ldap/LDAPResponseListener@0x9724f0c8[recursive]
  at netscape/ldap/LDAPMessageQueue.waitFirstMessage(LDAPMessageQueue.java:101)
  ^-- Lock released while waiting: netscape/ldap/LDAPResponseListener@0x9724f0c8[fat lock]
  at netscape/ldap/LDAPConnection.sendRequest(LDAPConnection.java:1796)
  ^-- Holding lock: netscape/ldap/LDAPConnection@0x9721f310[biased lock]
  at netscape/ldap/LDAPConnection.simpleBind(LDAPConnection.java:1763)
  at netscape/ldap/LDAPConnection.authenticate(LDAPConnection.java:1264)
  at netscape/ldap/LDAPConnection.authenticate(LDAPConnection.java:1273)
  at netscape/ldap/LDAPConnection.bind(LDAPConnection.java:1562)
  at weblogic/security/providers/authentication/LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4134)
  at weblogic/security/utils/Pool.newInstance(Pool.java:37)
  at weblogic/security/utils/Pool.getInstance(Pool.java:33)
  at weblogic/security/providers/authentication/LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3478)
  at weblogic/security/providers/authentication/LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3470)
  at weblogic/security/providers/authentication/LDAPAtnDelegate.authenticate(LDAPAtnDelegate.java:3522)
  at weblogic/security/providers/authentication/LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:227)
  at com/bea/common/security/internal/service/LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at jrockit/vm/AccessController.doPrivileged(AccessController.java:254)
  at jrockit/vm/AccessController.doPrivileged(AccessController.java:268)
  at com/bea/common/security/internal/service/LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  at jrockit/vm/Reflect.invokeMethod(Ljava/lang/Object;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;(Native Method)
      at sun/reflect/NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;(Native Method)
      at sun/reflect/NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun/reflect/DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java/lang/reflect/Method.invoke(Method.java:597)
      at javax/security/auth/login/LoginContext.invoke(LoginContext.java:769)
      at javax/security/auth/login/LoginContext.access$000(LoginContext.java:186)
      at javax/security/auth/login/LoginContext$4.run(LoginContext.java:683)
      at jrockit/vm/AccessController.doPrivileged(AccessController.java:254)
      at jrockit/vm/AccessController.doPrivileged(AccessController.java:268)
      at javax/security/auth/login/LoginContext.invokePriv(LoginContext.java:680)
      at javax/security/auth/login/LoginContext.login(LoginContext.java:579)
      at com/bea/common/security/internal/service/JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
      at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
      at jrockit/vm/Reflect.invokeMethod(Ljava/lang/Object;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;(Native Method)
      at sun/reflect/NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;(Native Method)
      at sun/reflect/NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun/reflect/DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java/lang/reflect/Method.invoke(Method.java:597)
      at com/bea/common/security/internal/utils/Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
      at $Proxy28.login(Ljava/lang/String;Ljavax/security/auth/callback/CallbackHandler;Lweblogic/security/service/ContextHandler;)Lcom/bea/common/security/service/Identity;(Unknown Source)
      at weblogic/security/service/internal/WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
      at com/bea/common/security/internal/service/JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
      at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
      at jrockit/vm/Reflect.invokeMethod(Ljava/lang/Object;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;(Native Method)
      at sun/reflect/NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;(Native Method)
      at sun/reflect/NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun/reflect/DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java/lang/reflect/Method.invoke(Method.java:597)
      at com/bea/common/security/internal/utils/Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
      at $Proxy46.authenticate(Ljavax/security/auth/callback/CallbackHandler;Lweblogic/security/service/ContextHandler;)Lcom/bea/common/security/service/Identity;(Unknown Source)
      at weblogic/security/service/WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
      at weblogic/security/service/PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
      at weblogic/security/service/CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
      at weblogic/security/service/CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
      at weblogic/security/service/SecurityServiceManager.initialize(SecurityServiceManager.java:873)
      at weblogic/security/SecurityService.start(SecurityService.java:141)
      at weblogic/t3/srvr/SubsystemRequest.run(SubsystemRequest.java:64)
      at weblogic/work/ExecuteThread.execute(ExecuteThread.java:207)
      at weblogic/work/ExecuteThread.run(ExecuteThread.java:176)
      at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
      -- end of trace
  "JFR request timer" id=16 idx=0x40 tid=9365 prio=5 alive, waiting, native_blocked, daemon
      -- Waiting for notification on: java/util/TaskQueue@0xa2049280[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at syncWaitForSignal+157(synchronization.c:85)@0xb7ee7dbe
  at syncWaitForJavaSignal+53(synchronization.c:93)@0xb7ee7ea6
  at RJNI_jrockit_vm_Threads_waitForNotifySignal+53(rnithreads.c:72)@0xb7eb78a6
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at java/lang/Object.wait(Object.java:485)
  at java/util/TimerThread.mainLoop(Timer.java:483)
  ^-- Lock released while waiting: java/util/TaskQueue@0xa2049280[fat lock]
  at java/util/TimerThread.run(Timer.java:462)
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  -- end of trace
  "weblogic.time.TimeEventGenerator" id=18 idx=0x44 tid=9366 prio=9 alive, waiting, native_blocked, daemon
  -- Waiting for notification on: weblogic/time/common/internal/TimeTable@0xa2089c70[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at weblogic/time/common/internal/TimeTable.snooze(TimeTable.java:286)
  ^-- Lock released while waiting: weblogic/time/common/internal/TimeTable@0xa2089c70[fat lock]
  at weblogic/time/common/internal/TimeEventGenerator.run(TimeEventGenerator.java:117)
  at java/lang/Thread.run(Thread.java:662)
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  -- end of trace
  "JMAPI event thread" id=19 idx=0x48 tid=9367 prio=5 alive, in native, daemon
  at <unknown>(???.c)@0xb7fe9410
  at eventTimedWaitNoTransitionImpl+79(event.c:90)@0xb7d6bae0
  at syncWaitForSignalNoTransition+81(synchronization.c:28)@0xb7ee7c62
  at innerNativeDoWait+526(nativelock.c:614)@0xb7e78b3f
  at nlMonitorWaitInner+79(nativelock.c:1112)@0xb7e78df0
  at nlMonitorWaitNoTransition+38(nativelock.c:1132)@0xb7e78e47
  at nativeRawMonitorWait+78(rawmonitor.c:161)@0xb7ea8caf
  at jvmti_RawMonitorWait+111(jvmtirawmonitors.c:95)@0xb7e1b420
  at threadProc+291(jmapi.c:305)@0x90452bd4
  at run_agent_thread+128(jvmtithreads.c:524)@0xb7e1f361
  at thread_stub+146(lifecycle.c:808)@0xb7e2c333
  at start_thread+225(:0)@0x515832
  at __clone+93(:0)@0x46ae0e
  "weblogic.timers.TimerThread" id=20 idx=0x4c tid=9368 prio=9 alive, waiting, native_blocked, daemon
  -- Waiting for notification on: weblogic/timers/internal/TimerThread@0xa203dbf0[fat lock]
  at <unknown>(???.c)@0xb7fe9410
  at jrockit/vm/Threads.waitForNotifySignal(JLjava/lang/Object;)Z(Native Method)
  at java/lang/Object.wait(J)V(Native Method)
  at weblogic/timers/internal/TimerThread$Thread.run(TimerThread.java:262)
  ^-- Lock released while waiting: weblogic/timers/internal/TimerThread@0xa203dbf0[fat lock]
  at jrockit/vm/RNI.c2java(IIIII)V(Native Method)
  -- end of trace

• Vlan config 1242ag and HP 2824 switch

  Our new phone system has been put in place as of yesterday, how ever someone forgot to mention that we will have wireless handsets...my main issue is that i cant get the phones and the pc clients to connect at the same time.
  The AP (1242ag configuration attached) is allowing only the native traffice through either if its on vlan 1 or 20.
  Vlan 1 is Voice (I know this is a big no no though, The phone comp that installed the phone system did not do their homework) and the data is on vlan 20, if i leave vlan 1 native the wireless handsets will connect, and my pc clients are associate with the access point but do not get an ip address only the default one from the client adapter. if i move the native over to vlan 20 the computers get associated and an ip address are assigned but the phones will not connect. the PC clients are using WEP with static key, the phones are using AES CCM. I am not a cisco god but know my way around the cli interface, and with this issue i am getting better at it. any help would be great.

  Robert
  my suggestion is to save your current configuration using the GUI. then use the GUI to configure your Vlans. you may still need to use the CLI to tune hte configuration as not all the functions or options are available through the GUI but for configuring hte SSID's, Vlan's and encryption the GUI is the way to go.
  Here is the reference
  http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32vlan.html
  One thing i noticed is you have an IPaddress in the Radio config generally the only place the ipaddress is used in the AP config is for the BVI1.
  also make sure your swtch port is configured for dot1Q trunking.
  the reference has good examples for both GUI and CLI configuration.
  Bill

• VLAN on SRW2024 and Cisco ASA5505

  Hello All,
  Here is my current situtation:
  3 SRW2024s in one building and a Cisco ASA5505 to the Internet
  SRW2024 #1 and #2 are in the same room with one port each connected directly to the ASA. No VLANs setup at all.
  SRW2024 #3 is in another room with a direct connection to SRW2024 #1. Again no VLANs at all.
  So at this time all internal equipment has Internet access through the ASA. Nothing fancy there except NATing from external IPs to the internal IPs.
  This is what I am looking for:
  SRW2024 #3 is in a different room and will be what all the server equipment is connected to, so I would like a VLAN solely for that, so that the computer VLAN can talk back and forth to it. And also allow Internet access through the Internet VLAN
  SRW2024 #1 is almost completely full with Computers and VoIP phones
  SRW2024 #2 has plenty of free space, so what I wanted to create was a VLAN containing the first 4 ports that will be my Internet VLAN (this will be my connection to the Internet (port1), my VoIP PBX that needs direct Internet access (since I have failed multiple times to get it to work behind the ASA) (port2), and the outside interface of the ASA (port3). Then have the inside interface of the  ASA connected directly to the Computer VLAN so that all my computers (on the Computer VLAN)will be able to get Internet access and the ASA will do proper NATing to my e-mail server and a couple of other internal servers (on the Server VLAN).
  So how do I set this up properly in the SRW2024 and do I have to get the ASA involved in any capacity beyond the firewall/gateway functionality I am currently using now?

  1. Create you desired VLAN on the SRW2024. The default VLAN on the SRW2024 is VLAN 1, meaning this is the untagged VLAN. Configure a trunk port that connects SRW2024 #1 and SRW2024 #3, another trunk port that connects the ASA--- SRW2024 #1 and ASA --SRW2024#2. Make sure that all the trunk ports are member of all the VLANS that you have created on all the switch.
  2. Create VLANS on the Cisco ASA and create a trunk port that connects it to both the SRW2024#1 and SRW2024#2. You will also have to create a sub interface on the ASA that will router internet traffic between VLAN's.
  Note:if the ASA router has different default VLAN or native VLAN as the SRW2024 which is VLAN 1, you will have to set all the trunk ports on all the SRW2024 to general and indicate the VLAN ID that the ASA is using.

• How to change DEFAULT font and font size on new Pages document

  When I open a new Page document, it always comes in with a default font and font size. I know how to change those settings on the open document.
  I want to know how to change the ~default~ font and font size so that a new Page document always opens with those default settings.
  -Thanks for your service to the community.

  Hi Lionate
  Welcome to the forum.
  Make a document to your liking.
  Change the Body style and any other styles in :
  +Menu > Show Styles Drawer > click on the little triangle next to Body > redefine Style from Selection+
  Capture the page:
  +Menu > Format > Advanced > Capture Pages… > Name it > OK+
  +Menu > Format > Advanced > Manage Pages… > Delete other Sections/Pages > OK+
  Save as a template:
  +Menu > File > Save as Template…+
  +Menu > Pages > Preferences > General Preferences > For New Documents > click Use template: > Choose > browse to the template above+
  Peter