Voice solution between 2 directly connected LAN

Similar Messages

• Voice solution for 2 directly connected LANs

  hi,
  we have 2 offices connected using microwave link p2p(using cisco routers at both ends).And we are about to deploy voice solution that will enable staff at both offices to make calls between the 2 offices using softphone technology. i need someone who have deployed this kind of solution before or have an idea of what it takes to help me with the tips of how to go about it.i wouldnt mind if diagram is attached.
  thanks

  You can download CME 4.0 by downloading the right IOS image. (I am not sure of licensing, if you do this).
  The IOS version for CME 4.0 that I have seen is 12.4(9)T, although later versions may have for example CME 4.01 (??)
  For configuring CIPC,
  ephone 10
  description CIPC softphone
  mac-address 0000.0000.7A6A
  type CIPC
  button 1:5
  (Obviously, you have to define ephone-dn 5)
  Hope this helps.
  Please RATE this post !!!

• Sharer folder issue between two directly connected PC

  Dear All, I have an issue regarding folder sharing. need your help to resolve this. the scenario is
   two PC's are connected directly to share a folder, to open *.mdb file of a accounting software. this problem start when I moved windows XP PC's and installed windows 7 64 bit PC's. there is no compatibility issue as I run the same software on other
  locations
  PC A (192.168.1.200) has that *.mdb file and PC B (192.168.1.100) has to open this file through a network.
  when I configured the folder share  and network setting, all done well and PC B can connect with PC A and that software work well. After two days, when we start the software at PC B, its not responding when  it try's to open that database file.
  while analyzing, I found out that PC B can open the share folder of PC A but when open the desired database folder explore starts not responding and need to quit it by force. I also tried to share another folder of PC A but results are same.
  PC A run the software with out any problem.
  It seems like network issue, so I check the cable with cable tester, found it good, than I check the connectivity by ping command, it giving me <1ms time. but still change the connectors.
  the hard part is that, this share folder issue arises 3-4 days a week and 2-3 days it works well, and this is happening from last 28 days. I mean, one day we start the the PC B and use the software via network, the next day we start the PC B and we don't
  able to use the software,..strange.
  I also change the cable connection from cross to straight as both new PC's have gigabit Ethernet but results are same.
  I already contact with software company, as per them its network issue as we can use the software on local PC (PC A) and there is no error messages popup.
  please help me out in this regard.
  Thanks Tanveer

  Hi,
  Firstly, we need to identify is this file sharing or netowrking problem. If you can access to the shared folder and modify its files which locate at PC B through PC A, it indicates file sharing works with no problem.
  After that, we need to check if its networking or software itself problem when reading the .mdb file.
  Put the .mdb file at PC A, then using the software open it for test. If no problem, we need to use Process Monitor to capture the access trace of the software process, we should be able to find some clues.
  You can access to the link below to download Process Monitor:
  https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
  How to capture a Process Monitor trace:
  http://blogs.msdn.com/b/dswl/archive/2010/01/10/how-to-capture-a-process-monitor-trace.aspx
  Learning Example:
  Using Process Monitor to Troubleshoot and Find Registry Hacks:
  http://www.howtogeek.com/school/sysinternals-pro/lesson5/all/
  Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Roger Lu
  TechNet Community Support

• Traceroute issue- MPLS VPN on directly connected interfaces

  I have 2 Catalyst 6509 Switches that Im trying to bring up and MPLS VPN connection between.  The loopbacks can ping each other, as well as the directly connected interfaces (the interfaces travel through 2 switches, but no routing etc in between).  An OSPF neighbor relationship DOES come up, and the routing tables appear normal.  However, the MPLS VPN does NOT come up.  
  After further review, I found that the routing tables are correct on either side for the loopbacks (public addresses X’d out on first 3 octets):
  SWITCH A:
  Bryan-26th-CAT-2#sh ip route 10.255.2.2
  Routing entry for 10.255.2.2/32
    Known via "ospf 23532", distance 110, metric 2, type intra area
    Last update from X.X.X.70 on Vlan65, 00:10:25 ago
    Routing Descriptor Blocks:
    * X.X.X.70, from 10.255.2.2, 00:10:25 ago, via Vlan65
        Route metric is 2, traffic share count is 1
  SWITCH B:
  DAL-COLO-6509-1#sh ip route 10.255.2.3
  Routing entry for 10.255.2.3/32
    Known via "ospf 23532", distance 110, metric 2, type intra area
    Last update from X.X.X.69 on Vlan65, 02:26:50 ago
    Routing Descriptor Blocks:
    * X.X.X.69, from 10.255.2.3, 02:26:50 ago, via Vlan65
        Route metric is 2, traffic share count is 1
  This is exactly the same for the directly connected interfaces on VLAN65.  (X.X.X.69 and X.X.X.70).  The ARP cache also shows to be correct:
  SWITCH A:
  Bryan-26th-CAT-2#sh arp
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  X.X.X.70           147   0009.b6a4.b800  ARPA   Vlan65
  Internet  X.X.X.69             -   001c.b144.5800  ARPA   Vlan65
  SWITCH B:
  DAL-COLO-6509-1#sh arp
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  X.X.X.70             -   0009.b6a4.b800  ARPA   Vlan65
  Internet  X.X.X.69           141   001c.b144.5800  ARPA   Vlan65
  And once again, the OSPF Neighbor relationship does come up:
  SWITCH A:
  Bryan-26th-CAT-2# sh ip ospf neigh
  Neighbor ID     Pri   State           Dead Time   Address         Interface
  10.255.2.2        1   FULL/BDR        00:00:30    X.X.X.70     Vlan65
  SWITCH B:
  DAL-COLO-6509-1#sh ip ospf neig
  Neighbor ID     Pri   State           Dead Time   Address         Interface
  10.255.2.3        1   FULL/DR         00:00:33    X.X.X.69     Vlan65
  In the Troubleshooting MPLS VPN manuals- it shows to test trace routes.  All of our other connections like this the trace routes work fine.  In this case though, I cannot trace route not only between the loopback interfaces, but between the DIRECTLY CONNECTED interfaces.  I don’t know what this is.  It should simply be a one hop trace route.  I believe this is what is keeping the MPLS VPN from coming up.  Any ideas?  Here are the relevant OSPF configs and interface configs as well:
  SWITCH A:
  interface Vlan65
   description Connection to DAL-COLO-6509-2
   mtu 1580
   ip address X.X.X.69 255.255.255.252
   no ip redirects
   no ip unreachables
   ip pim sparse-dense-mode
   ip ospf mtu-ignore
   mpls label protocol ldp
   mpls ip
  router ospf 23532
   log-adjacency-changes
   redistribute connected subnets
   redistribute static subnets
   passive-interface default
   no passive-interface Vlan65
   network 10.255.2.3 0.0.0.0 area 0
   network X.X.X.69 0.0.0.0 area 0
  SWITCH B:
  interface Vlan65
   description Connection to Bryan-26th-CAT-2
   mtu 1580
   ip address X.X.X.70 255.255.255.252
   no ip redirects
   no ip unreachables
   ip pim sparse-dense-mode
   ip ospf mtu-ignore
   mpls label protocol ldp
   mpls ip
  router ospf 23532
   log-adjacency-changes
   redistribute connected subnets
   redistribute static subnets
   passive-interface default
   no passive-interface Vlan65
   network 10.255.2.2 0.0.0.0 area 0
   network X.X.X.70 0.0.0.0 area 0
  Any ideas would be appreciated.
  Thanks
  Greg

  Greg,
  Can you explain more about your issue?. When you say MPLS VPN is not coming up, do you mean the ping (or traffic) from CE connected to one 6509 is not traversing the MPLS cloud to otehr CE connected to remote 6509?.
  Do you have VRF enabled with respective RT import/export?. Do you have MP-BGP with VPNv4 AF enabled?.
  To confirm if basic MPLS is working fine, Can you check if you have LDP neighborship up and running?. Use "show mpls ldp neighbor" to see the session.
  Also do a "ping mpls ipv4 <remote-loopback> <mask>" and see if it works?.
  -Nagendra

• Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

  Hii frnds,
  here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
  Below is the out put from the router
  r1#sh run
  Building configuration...
  Current configuration : 3488 bytes
  ! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
  ! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
  version 15.1
  service config
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname r1
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
  aaa new-model
  aaa authentication login local-console local
  aaa authentication login userauth local
  aaa authorization network groupauth local
  aaa session-id common
  dot11 syslog
  ip source-route
  ip cef
  ip domain name r1.com
  multilink bundle-name authenticated
  license udi pid CISCO1841 sn FHK145171DM
  username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
  username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group ra-vpn
  key xxxxxx
  domain r1.com
  pool vpn-pool
  acl 150
  save-password
    include-local-lan
  max-users 10
  crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
  crypto dynamic-map RA 1
  set transform-set my-vpn
  reverse-route
  crypto map ra-vpn client authentication list userauth
  crypto map ra-vpn isakmp authorization list groupauth
  crypto map ra-vpn client configuration address respond
  crypto map ra-vpn 1 ipsec-isakmp dynamic RA
  interface Loopback0
  ip address 10.2.2.2 255.255.255.255
  interface FastEthernet0/0
  bandwidth 8000000
  ip address 117.239.xx.xx 255.255.255.240
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map ra-vpn
  interface FastEthernet0/1
  description $ES_LAN$
  ip address 192.168.10.252 255.255.255.0 secondary
  ip address 10.10.10.1 255.255.252.0 secondary
  ip address 172.16.0.1 255.255.252.0 secondary
  ip address 10.10.7.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpn-pool 172.18.1.1   172.18.1.100
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip dns server
  ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
  ip nat inside source list 100 pool INTERNETPOOL overload
  ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
  access-list 100 permit ip 10.10.7.0 0.0.0.255 any
  access-list 100 permit ip 10.10.10.0 0.0.1.255 any
  access-list 100 permit ip 172.16.0.0 0.0.3.255 any
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
  access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
  access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
  control-plane
  line con 0
  login authentication local-console
  line aux 0
  line vty 0 4
  login authentication local-console
  transport input telnet ssh
  scheduler allocate 20000 1000
  end
  r1>sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
        10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
  C        10.2.2.2/32 is directly connected, Loopback0
  C        10.10.7.0/24 is directly connected, FastEthernet0/1
  L        10.10.7.1/32 is directly connected, FastEthernet0/1
  C        10.10.8.0/22 is directly connected, FastEthernet0/1
  L        10.10.10.1/32 is directly connected, FastEthernet0/1
        117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
  L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        172.16.0.0/22 is directly connected, FastEthernet0/1
  L        172.16.0.1/32 is directly connected, FastEthernet0/1
        172.18.0.0/32 is subnetted, 1 subnets
  S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
        192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.10.0/24 is directly connected, FastEthernet0/1
  L        192.168.10.252/32 is directly connected, FastEthernet0/1
  r1#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
  IPv6 Crypto ISAKMP SA
  r1 #sh crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: giet-vpn, local addr 117.239.xx.xx
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
     current_peer 49.206.59.86 port 50083
       PERMIT, flags={}
      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0x550E70F9(1427009785)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x5668C75(90606709)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550169/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550E70F9(1427009785)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550170/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:

  hi  Maximilian Schojohann..
  First i would like to Thank you for showing  interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF "  Router cpu processer goes to 99% and hangs...
  In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
  so plz give me an alternate solution ....thanks in advance....

• Direct connection between 2 clients without any configuration!

  I wan to make a system act like hamachi or logmein (websever & clients).
  I have a webserver on the internet and two client from different networks connected to this webserver, now i want to make directly connection between these clients without any configuration on router. I think it is possible because all infomation about clients network could be got from http request which they send to server. But i don't know what exact fields in the header of http request that i need and how to set them to create connection between clients. I need some ideas about this issue.
  Edited by: tulous on Nov 20, 2008 7:40 PM
  Edited by: tulous on Nov 20, 2008 7:41 PM

  tulous wrote:
  I know, so if you want to use a remote control tool such as: VNC, remote desktop you must config on router or server. But even if you had a proxy(permit port 80) when you type www.sun.com you will get data from it, this data was sent from Sun to your proxy and in some way the data was return to your browser. So i think if we have enough information(it come from the webserver) we could init a connection between 2 client. An example of this is Hamachi.
  At first 2 hamachi clients connect to a server of hamachi, when they have their id, a tunnel between 2 clients was established without any configuration on proxy(certainly that server did not deny port of hamachi). From now 2 clients can exchange data not through the server. The same in logmein, you can remote desktop any where with zero configuration, but the speed is guarantee because they contact to server for query information, but the data was transmited directly. Sorry if i make mistake.It doesn't work the way you think.
  There is a proxy or you have to have one side listening with a ServerSocket and have ports opened as needed. You can't create a Socket connection on server A between clients B and C and then pass it off to clients B and C and magically they just talk to each other.
  It does not work that way. It is impossible to do it that way.

• Direct Connection between clients using sockets

  Hi, I'm a new user and i have a problem with sockets:
  The question is how can i directly connect two users that are already connected to a server in other machine???
  I mean
  user1 is connected to server
  user2 is connected to server
  user1 tries to communicate with user1 but don't want to use the server, and the server only provides the client1's ip
  I first thought to do this:
  user2 asks to server for the info of a client1-server waiting for connections, and i think it could work fine, but only if the ports are not closed by firewall, because client-server will be running in a transparent mode for user and user may not know anything about servers, sockets, ports, etc. the user only will work with a gui or something else and that's all
  Does anybody know what can i do to make this possible???
  PD
  Sorry for my bad English

  It can be implemented like you said. Make one of the clients open a serversocket and pass the ip and port number through the server to the other client with information on where to connect.
  If you're going to use direct connection between clients a lot then I would recommend that every client open a default serversocket at startup and register that information with the server and then every other client can ask the server for the ip and port to whatever client they wish to open a direct connection to.
  Be aware that clients often are behind NATs and firewalls, so if need to deal with those issues you got to use hole punching (http://en.wikipedia.org/wiki/hole_punching) - pref on a known port like 80 - and to deal with the less frequently used application firewalls you can use http encapsulation in addition.

• HT5731 I forgot about slow download speed's negative effects... hence (I think) the videos I downloaded stop in the middle. I have a better download speed if I connect directly to LAN.  Is there anyway for me to fix the videos previously purchased?

  I forgot about slow download speed's negative effects... hence (I think) the videos I downloaded stop in the middle. I can get a better download speed if I connect directly to LAN.  Is there anyway for me to fix the videos previously purchased or re download them without having to re purchase them?  I'm attempting to play the video's directly from iTune "purchased" folder on my Win7 Home Premium PC.

  Never mind.. I found instructions on how to re download purchased items.  I only need help downloading 2 more items.  I love the attention I've recieeved (I guess silly questions go unoticed... sigh)

• Direct connect NFS/CIFS with 1.4

  I see how 1.4's appliance ports can help with direct connect multipath iSCSI. Each fabric gets a VLAN/subnet, iSCSI has multiple targets via each fabric, etc.
  But I don't see how appliance ports help with direct connect NFS/CIFS. E.g.,
  In this diagram, traffic from hosts active on fabric B must go over the northbound LAN to reach the NAS. Even if every host and appliance has its NIC failover configured to prefer fabric A and perform preemption, you'll still have failures like NAS NIC's and IOM's that will cause some/all NAS traffic to go across the northbound LAN. Thus, you've got one of two situations:
      1) The LAN can handle the NAS traffic. If so, why not plug the NAS into the LAN in the first place?
      2) The LAN cannot handle the traffic, in which case you haven't built real fault-tolerance and, worse, a UCS problem can impact the LAN.
  Am I missing something here? How are appliance ports better than using switch mode, shown below?

  Yes - you have a valid point on the traffic pattern depending on what fails etc.
  Just to back up for a moment..
  Version 1.3 and below has 2 types of Ethernet ports - Uplink and Server port.
  Version 1.4 has 4 types of Ethernet ports - Uplink, Server, Appliance, Monitoring port
  In 1.3, to directly connecting a NAS to the FI's meant that you move to switch mode on the FI's and then set the port connecting to the NAS as an uplink port. What that did is that the port connecting to the NAS was a a trunk port at the FI end allowing all VLANs (i.e no VLAN filtering), no QoS settings etc.
  So if you wanted to stay in End Host mode AND not liking the above caveats, you connected the NAS to an upstream switch and not UCS and that option remains wit you today.
  What the appliance port gives you now is that the VLAN(s) the NAS belongs to can be filtered, QoS settings possible and most importantly, it works in End Host Mode (most deployments are based on it).
  The above is the rationale for the Appliance port and the port type was neeeded even if it works today in switch mode.
  Now the question comes, appliance port in EHM or Switch mode (which is what the question is).
  In EHM you are right, east-west traffic between NAS-blades could utilize the upstream network.
  You can design efficiently by specifying the fabric id (A or B as primary) or set fabric affinity if using a soft switch but  guaranteed total localization (not using upstream network) cannot be made as you correctly said depending on "what" fails.
  If all the uplinks on A fail, yes the whole thing should fail over but if a link between the IOM and the FI fails, then the servers pinned to that link will start using the external network.
  So yes, the network needs to be designed keeping the flows and what if scenarios in mind. East-west traffic not hitting upstream at all cannot be assumed.
  The long term solution is to have data links between the FI's in EHM or they are vPC peers and hence both links to the NAS from the FI's will be active/active.
  Appliance port in switch mode can be used but that also depends on which links are STP blocked etc to guarantee that.
  The topology you mentioned does that ..but then you also need to keep in mind on failurea what happens etc i.e the ISL between the FI's should always be forwarding for that VLAN.
  Thanks
  --Manish

• How do you promote a static route over a directly connected?

  Hi all,
  I have a need for a static route to be used instead of a directly connected route. (Long story - involving firewalls and anti-spoofing.. but can go further if required)
  I am using a Cisco 3750 switch. I notice directly connected routes have a metric of 0, and the highest metric I can give a static route is 1.
  Therefore, how is it possible for me to make the switch use the static route and not the directly connected?
  Any help would be appreciated!
  Cheers,
  Ben

  Hi Rick,
  Thanks for your patience.
  Maybe I should start again.
  Initially we had 16 VLANs within the 10.0/16 address space. We have some Cisco 3750's connected by dark fibre accross a couple of kms and then lower access switches all hanging of these by some means. The network is flat.
  We have a checkpoint firewall hanging off one of the 3750s connected using a TRUNK port. The firewall has an IP address on all VLANs and is used to route traffic between VLANs based on its ruleset.
  So if I have a user in VLAN 10 who wants to talk to VLAN 20, they travel to the firewall, if a rule permits the access, the firewall routes the packet on to VLAN 2 and the switches deliver at Layer 2.
  The switches all have their default VLAN 1 disabled, and have an IP address on our management VLAN to allow us to manage the switches.
  Its quite important that this IP is on a secured management VLAN as we don't want just anyone being able to snoop switch logins etc..
  If we need to login to a switch, the firewall routes our traffic from whatever VLAN we are on to the Management VLAN.
  One of our VLANs (the Desktop VLAN) is quite large (approx 1300 hosts) and suffers a great deal from too much arp broadcast traffic.
  As we have a flat switched network across several kms, the cost of putting in routers to subnet this large VLAN is excessive.
  However, the 3750's we have are perfectly capable of routing between VLANs, so we decide to create a load of new VLANs instead of subnetting our large VLAN. We don't want to use the firewall to route between these new VLANs as thats just giving the firewall more to do, and previously all these hosts were on a single subnet, so we have no need for any strict security - at most we can use ACLs on the switches if we even need that!
  So far so good.
  With 1300 hosts, we obviously can't make sudden topology changes. Therefore we need to be able to route between the Desktop VLAN and the new VLANs.
  We therefore introduce the static routes between the firewall and the switches.
  So the firewall says:
  route 10.1.0.0/16 via Multilayer switch IP on 10.1.0.0/16
  The multilayer switch says:
  route 10.0.0.0/16 via Firewall IP on 10.1.0.0/16
  This allows routing perfectly between the Desktop VLAN and the new VLANs.
  However the moment we enable ip routing on the switches we break access between the desktop VLAN and the Management VLAN.
  A packet leaves the desktop VLAN through the default gateway on the firewall. This is then routed to the Management VLAN. The return packet doesn't use the Management VLAN default gateway (firewall), it follows the static route on the switch and ends up at the firewall on 10.1.0.0/16. This is subsequently dropped as the firewall knows the packet hasn't come from the 10.1.0.0/16 network, it originally came from the desktop VLAN on 10.0.0.0/16.
  It might seem we can define a route on the switch to say:
  route 10.0.50.0/24 (management VLAN) via 10.0.50.254 (firewall). However, this would result in all packets from 10.1.0.0/16 being dropped by the firewall.
  The other problem is that if we are on a new VLAN and want to talk to the management VLAN. The packet goes to its default gateway on the switch. The switch says - "I have an IP on the management VLAN, its directly connected" - therefore it ignores the static route, and passes the packet on its way. We have now bypassed the firewall, which is bad.
  Incidentally the return packets get routed through the firewall and dropped, as the original packet didn't come through the firewall, there is no entry in the state table for its return.
  I think if we turned off the management interface on the switch and managed it through the interface on 10.1.0.0/16, I assume everything would work. However, we don't want to do this for a whole load of other reasons I wont go into.
  Im sure there must be a fairly simple solution - I just don't have enough experience!
  Cheers,
  Ben

• Direct connect PC to Openreach Modem

  Set network card ip to 192.168.1.75 /255.255.255.0
  set gateway to 0.0.0.0
  set dns to auto
  New network connection wizard.
  1/ connect to internet : next
  2/ set up my connection manualy :next
  3/ pppoe connection :next
  4/name of connection :- Infinity :next
  5/ phone number , none :next
  6/ user name : take from modem user name , no password  :next
  7/ add short cut to desktop :next
  8 finish.
  put cat 5 lead into modem
  click on link and will connect .

  direct connection means you could use a old pc as a router/firewall which will have far more power to route packets than most simple routers - do that myself at work, cable modem > router pc that splits the connection between the 6 different lans at work (yes 6 lan cards in one pc

• Hosted Voice Solution

  Hi Guys,
  Any one of you have worked on hosted voice solution? Can you please let me know what kind of hosted solution is available and it positive and negetive aspect?

  Cisco's formal HCS offering, supplied by approved partners*, is the only official one these days. There used to be partners offering other options where multiple customers would co-exist on one CUCM cluster but the CSS/partitions would keep them separated. To my knowledge, these are all deprecated since the HCS announcement. Of course, there are non-Cisco offerings out there too.
  The HCS offering is actually pretty decent, mostly because it's the same CUCM/CUC/IM&P/etc. products that customers can install on-premise. There are essentially two differences:
  The required infrastructure to setup an HCS pod is prohibitively expensive for anyone except the big players. It's mostly carrier-grade equipment that an end customer would never buy.
  The products are abstracted behind a provisioning/billing application (telecom parlance calls this Operations Support System or OSS). Last I checked this was Voss product that Cisco was OEMing. This is the only difference that really matters to you because it sets up the dial plan and such with some assumptions that you wouldn't otherwise be confined to if programming CUCM directly.
  Editorial comment: Whether this is good or bad depends on the customer. CUCM is very flexible because it has such a huge install base across so many market sizes/verticals. It can be shaped to fit most custom requirements; however, the OSS toolset takes a far more cookie-cutter approach.
  Other than the OSS toolset, it's essentially a normal Cisco UC deployment: they simply connect the VRF instance for you as a tenant in HCS into your WAN. After that it's effectively a Centralized Call Processing model. Normal voice gateway/SRST options at the offices and IP phones or Jabber for users.
  *Full disclosure: my employer is one of those partners.

• Direct connection network problem

  hi. I've just set up a network using a direct connection cable between 2 computers. Currently the cable (15meters) is connected to the Realtek lan port with the other side connected to a SMS (100mps) network card in the other machine( pentium 2.4 GHz 640MB ram). Every few minutes or so the "network cable is disconnected" blob in the system tray appears. Also this problem persists when playing network games using a TCP connection. My IP addresses are manually set up to 197.197.197.1 & 197.197.197.2 on the other machine. All firewalls are off and both the nVidia & realtek ports give the same problem. What could be the problem?

  slaska,
  Just make sure you use the Port that you loaded the Drivers for. I would suggest using the nVidia one since when you load the nVidia nForce Drivers, it will active that NIC.
  Are you sure you are plugging the CAT-5 Crossover into the correct NIC?
  Take Care,
  Richard

• Direct Connection ABAP Proxy and Java Proxy possible ????

  Hi Folks ,
  As i read as direct connection possible between 2 SAP systems only ..
  and also i read as WS Direct Connection u2013 (Java) ..
  What it means ?? is it ABAP Proxy to Java Proxy using Direct connection ??  Like Java Client Proxy and ABAP Server proxy
  I am not clear on this.. Could you please explain or help me on this . ??
  Siva..

  Hi ,
  +You can do both for java proxies as well Abap proxies.+
  As per the following points
  1. Point-to-point connection is a new capability available with SAP NW PI 7.1. It allows applications or systems to send messages using WS-RM without going through a middleware, e.g. PI, but still using a centralized tool to design and
  configure the interfaces and connection properties.
  2. SAP XI 3.0/PI 7.00 or higher releases can be licensed based on the total volume of messages in
  gigabytes (GB) that is processed per month. The size of the payload is determined in the integration
  server. The information is then aggregated according to sender and receiver system.
  Question :
  1. If Message exchange between 2 SAP applications using direct connection .. Then dont we need to consider about licencing cost for volume of messages per month ?
  2. So if i use ABAP Client Proxy to Java Server proxy  scenario.. can i use direct connection  ? Eg., SAP ECC to java application ?
  In both the cases PI Runtime is not required  .. Am i right ?
  Please clarify..
  Siva..

• Regarding Direct Connections in PI 7.1 EHP1

  Hi
  I have two integrate two SAP ECC systems using Direct connections  I have  gone through the WiliamLI  Blog
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b00bbb77-75bc-2a10-6b9a-a6f8161515a6?quicklink=index&overridelayout=true
  and also the documentation
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/ce5bf1a0d7154ee10000000a421937/frameset.htm
  I have 1 doubt
  If the proxies are generated on ABAP backend of PI system ( inbound and outbound both as per the blog )
  How do I integrate  two ECC systems ( Normally proxies are created on ECC system )
  Or it is not possible to talk between two SAP ECC system using direct connections and I am going a wrong way
  I am confused .
  Please  help in this regard
  Thanks
  Ninad

  Hi,
  You are correct, Instructor has used SAP PI system ABAP stack to create proxies.
  Let me explain you how he has used SAP PI system to illustrate the Direct Connection with in PI itself.
  ->  Created Proxies both Server and Client in PI itself.
  ->  Uses Client 200 as SYS1 and SYS2 as 300 (see Receiver Communication Channel creation) other than these, he must
        have 001 client for Integration server itself.
  ->   Executes client proxy from Client 200 and gets data from client 300 as this is the receiver.
  ->   Used client 200 and 300 as two different ABAP Back end systems (Integration Engines) but they are within PI itself.
  ->   To create proxy he must have ABAP developer license for client 200.
  This never happens in any Implementation Projects, As Rajesh said they will be two different ERP systems which pass through PI.
  Hope you understood now.
  Regards
  Praveen K