Vrf config for virtual interface

Similar Messages

• Switch config for Inline Interface Pair

  Hello all
  Am having a doubt here, so need your help.
  I want to configure an IPS in inline interface mode. What I have is
  internet rtr---->Switch----->outside intrface of ASA
  Here, I want to monitor/inspect the traffic coming from the internet.
  I am planning to connect the inline interfaces to the same switch.
  What am not sure is what will be the switchport configuration for the inline interface pair?
  Also, How the switch will forward traffic to the IPS and then IPS to the ASA?
  Thanks in advance
  ..Abhi

  What are you using for an IPS, an appliance? an IOS IPS in the Internet router or the ASA?
  If you want to feed the output of your IPS into the same switch as the input, you'll need to create two separate VLANS, one for the switch interfaces that are outside your IPS and the other for the interfaces that are inside your IPS.
  interface Gi0/1
    switchport access vlan 10
  switchport mode access
  switchport nonegotiate
  interface Gi0/5
    switchport access vlan 20
  switchport mode access
  switchport nonegotiate
  interface vlan 10
  interface vlan 20
  - Bob

• LUN config for virtualized Exchange server

  Hi All,
  What would be the preferred LUN congfiguration for a virtualized Exchange server. It will be a 2 server multi-role configuration on a 3 node hyper-v cluster. 1 LUN per database. Exchange servers will not be configured to be highly available. Failover on
  application level.
  1. Present the LUN as an iscsi target to the hyper-v host and create a VHD on it for the Exchange server.
  Benefit: VHDX is flexible
  Drawback: No snapshotting of database via backup app etc.
  2. Present the LUN as a pass-through disk to the Exchange server via the Hyper-v host
  Benefit: no hyper-v overhead?
  Drawback: not flexible
  3. Add a vnic to the Exchange server and configure the iscsi initiator on the exchange server.
  Benefit: no hyper-v overhead 
  Drawback: Little more complex configuration
  Which one is best? I would prefer option 2, but I might miss something?
  Je suis er even nie

  Honestly, it's tough to say which one is the best option, b\c it really depends on you and your environment.  I typically do deployments on Vmware and not Hyper-v as alot of the clients I work with already have VMWare entrentched in their environment,
  but it's really the same concept.  Typically we use option 1, where we let Vmware handle the iSCSI connections to the SAN and we present the storage to the VM as vmdk file.  Option 1 eliminates the complexity and is usually the easiest to configure
  for people and allows for easy administration.  
  Since you mentioned backup snapshots, I would stay away from option 2.  Depending on the method and application you are using for backup passthrough disks can cause issue.  If you were initiating the hardware snapshot from inside the VM I believe
  that would fail with a passthrough disk as well since the guest is not communicating directly to the SAN.
  Option 3 would allow you to take hardware snapshots of the drives that the database reside on and you would do all the management of the device from the SAN level.  This would be the most complicated to set up since you have to zone it out and make
  sure the guest can communicate with the SAN.
  If it was me, I would probably deploy option 1 since that usually seems to be the easiest to manage and configure and in my experience, the less complex you make something, the easier it is to manage.
   

• WLC Virtual Interface config for a public SSL cert for Web Authentication

  I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
  In the document "Generate CSR for Third−Party Certificates and
  Download Chained Certificates to the WLC"
  Document ID: 109597 it states the following
  "Note: It is important that you provide the correct Common Name. Ensure that the host name that is
  used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
  entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
  you make the change to the VIP interface, you must reboot the system in order for this change to take
  effect.
  Here are my questions.
  1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
  2. In the "DNS Host Name" Field do I simply put the domain or the FQDN?  Example. Company.com or hostname.company.com

  Hi,
  1) You can change that if you want. Normally it is non-Public and non-routable in your network.
  2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
  Regards
  Dhiresh
  ** Please rate helpful posts**

• What's the purpose when we config ipv6 address for an interface with 128bit mask

  What's the purpose when we config ipv6 address for an interface with 128bit mask?
  Thanks

  If you configure a loopback-interface you can use a /128 there.
  "Normal" interfaces should always use /64 (RFC 4291) while on router-to-router-links you can use a /127 (RFC 6164).
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• How to change Virtual interfaces in SE80 for a web service under ECC6.0?

  hi
  I find a article, "Changing The Function Interface of Web Service Enabled Functions"
  http://www.dataxstream.com/2009/11/changing-the-function-interface-of-web-service-enabled-functions/,
  But, i cannot find the "Virtual interfaces" menu item under SE80, because its example is ECC5.0, my SAP is ECC6.0.
  So, anybody can tell me how to change it under ECC6.0?
  Thanks a lot.
  Edited by: CSDN2008 on Mar 18, 2010 12:23 PM

  Hi,
  Please share your solution here as I am having the same issue.
  Thank you
  Muthaheera

• Virtual Interface IP address

  Hi,
  In all Cisco documentation 1.1.1.1 is always specified as Virtual Interface IP address.
  Here is my concern. When wireless client gets an IP address (through DHCP), 1.1.1.1 is entered as DHCP server which means that at 50% lease time client will attempt DHCP Request to 1.1.1.1
  1.1.1.1 is not routable on the wired network, but controller makes sure that it is accessible on the wireless network.
  The problem is if you have both wired and wireless connected, default gateway through wired connection wil have less cost, so client will attempt to send traffic to 1.1.1.1 using wired interface and will obviously fail.
  At 83.5% of lease time client will attempt full DHCP process starting from Discovery and I guess this is when the IP on wireless NIC will be renewed, cause those Discovery messages are to 0.0.0.0....
  Is my understanding correct?
  Thanks!
  David

  Hi,
  With both wired and wireless active at the same time (when laptop is docked for example)DHCP Request to 1.1.1.1 will fail cause it will be sent using wired interface and not wireless (default route metric in the host's routing table). This will cause this DHCP Request to fail at 50% lease time.
  Next step is DHCP Discover at 83.5% of lease time. Destination IP will be 255.255.255.255 and it will be generated specifically on wireless interface, since this in the interface that needs to renew the IP.
  This is exactly my question. Will this Discover to 255.255.255.255 go through wireless interface, cause this is the interface that needs IP addresses renewed. If so, I assume it will succeed and client's IP address will be renewed.
  A bit worse than renewing at 50% lease time as a normal DHCP process, but better than loosing the IP at all when 100% lease time hits. 83.5% is somewhere in between...
  Comments?
  Can you also advise how do you disable DHCP Relay function on the controller? Do you need to remove DHCP IP addresses in WLAN configs?
  Another question is about needing WLAN for Management interface. Is it needed for any reason? WLANs are always documented to be bound to Dynamic Interfaces and not Management, however Management interface does appear in the drop down menu under WLAN configuration. Thoughts?
  Thanks!
  David

• CSS- traffic orignating from real server + Virtual interface

  Hi all,
  I am designing a solution at the moment, in which I shall have 2 servers behind a pair of CSS & their default gateway will be the Virtual Interface ip address of CSS.
  Is there any problem forseen in traffic getting initiated from the server to any other subnet in the network and the return traffic to the server.
  Servers shall connect to a pair of 3750 being used as L2 in stack .
  The Stacked 3750's shall be placed below the CSS pair & the CSS pair shall further connects to a single 6509 upstream....
  Each 3750-L2 connects single port to each CSS
  (3750-L2-1 to CSS1 &
  3750-L2-2 to CSS 2)
  Both CSS connect to the SINGLE 6509 on diff blades. for better redundency.
  The CSS shall not be connected to each other directly.
  Both 3750-L2 connect to each other as well
  IIS-1---L2_Sw1---CSS1---6509---Othr_Subent
  IIS-1---L2_Sw2---CSS2---6509---Othr_Subent
  Note: I shall have VIP/Virtual Interface config on my CSS's.
  Appreciate validation and recomendations on this design.
  Many Thanks,
  gagan

  Hi Gilles,
  Many thanks for the confirmation.
  Request verification on the below as well~
  1. With the above scenario; I do not require any group (NAT) configuration, either for my servers initiating traffic for going out or for clients hitting the VIP to reach servers. The client & server shall be in diff VLAN?s of course.
  2. With VIP & Virtual Interface configuration & couple of server VLAN's below on server side, I should be able to use both the gigabit interfaces on the 11503 to connect up and down stream as TRUNK. I mean to ask Virtual intf. & VIP has no problems working on the same TRUNK interface?
  3. I understand that Fate sharing and critical service helps full failover (client & server side).
  As an upstream router or L3 switch fails or the upstream connecting gigabit interface on CSS fails, the failover happens.
  Will the same be applicable to downstream L2 switch & CSS interface failure? If any of these on the downstream fails will the CSS failover to the standby unit.
  I think this above should work, just need confirmation coz I have not done this before.
  Thanks a lot again,
  Gagan

• Virtual interface (BINDTODEVICE)

  I want to bind a socket to one defined virtual interface ( like hme0:10).
  In Linux you can use a special socket-option:
  int skfd;
  struct ifreq interface;
  skfd = socket(AF_INET, SOCK_DGRAM, 0);
  strncpy(interface.ifr_ifrn.ifrn_name, "eth1", IFNAMSIZ);
  if (setsockopt(skfd, SOL_SOCKET, SO_BINDTODEVICE,(char *)&interface, sizeof(interface)) < 0) {
  perror("sendpacket: setting SO_BINDTODEVICE");
  exit(1);
  Is there any equivalent solution for Solaris?

  Thanks for your reply.
  Well, the use of virtual interaces is part of the customers specification (so he will able to specify different interfaces in the config-file without caring about the physical interfaces underneath).
  The SO_BINDTODEVICE is part of the only example I�ve found. I didn�t test it yet.
  But if there is no such option in Solaris, I must get the relationship between virtual interface/physical intface 'by hand'.
  Any idea how that works?
  Thank you
  Siegmar

• How to add vlan virtual interface on a Catalyst Using SNMP

  Hi,
  I need some assistance in locating the  mib/variables to allow me to add and remove vlan
  virtual interface on Catalyst 3759G. If I understand correctly CISCO-VTP-MIB can not  carry
  out this requirement.
  Is there another way of accomplishing  this using SNMP ?
  Thanks,
  Zhou

  You cannot add a new interface directly using SNMP.  However, you can use the CISCO-CONFIG-COPY-MIB to copy a config snippet into the running configuration which can create a new VLAN interface.  See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml for more details.

• Max-reserved-bandwidth 100% for the interface

  According to CCO as following text, the remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic. I want to know why cisco choose 25 percent. why not 30% or 20%?
  If I config the max-reserved-bandwidth 100% for the interface, does it will effect the routing protocol? also effect the network conectivity?
  thanks for your answer
  =======
  Usage Guidelines for max-reserved-bandwidth
  The sum of all bandwidth allocation on an interface should not exceed 75 percent of the available bandwidth on an interface. The remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic.
  If you need to allocate more than 75 percent for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP RTP Priority, and Frame Relay PIPQ, you can use the max-reserved-bandwidth command. The percent argument specifies the maximum percentage of the total interface bandwidth that can be used.
  If you do use the max-reserved-bandwidth command, make sure that not too much bandwidth is taken away from best-effort and control traffic.
  The max-reserved-bandwidth command is intended for use on main interfaces only; it has no effect on virtual circuits (VCs) or ATM permanent virtual circuits (PVCs).

  Kevin,
  this is the wrong group for this question.
  Gilles.

• Virtual Interface generation bug in NetWeaver ?

  I use the Web Service generation wizard to generate a virtual interface which exposes methods in an EJB. As one of the parameters I pass a simple java bean, lets say:
  public class StatusCode
  private String name;
  private boolean buggy;
  public String getName() {...}
  public void setName(String newName){...}
  public boolean isBuggy() {...}
  public void setBuggy(boolean trueOrFalse){...}
  When I look at the virtual interface generated, especially at the Types tab, my boolean attribute is not included.
  If I change the getter to "getBuggy()", the attribute is included in the VI. The only problem is that the typical Java Bean framework, say from sun or ibm, always map 'boolean' getters to 'isSomething()' and not 'getSomething()'.
  Is this a bug with NW? Is there a fix or workaround for this ?
  My version of NW:
  Version: 2.0.7
  Build id: 200407270250
  Thanks in advance,
  Mark
  I posted this question also in the NW development forum, but so far no replies.

  I try to login by use:
  username : Administrator
  password : <master password> (at least 1 number)
  I try to login many times but it always fails.
  (I am very sure about my password since i also try to reinstall many times - 10th. both J2EE 1.4 and Java EE 5)
  Ivaylo Ivanov, do you sure that you test with this new edition. (Not the previous edition)
  I see the other persons get the result like me:
  Telnet Administration
  SAP J2EE Engine v7.100
  User name: Administrator
  Password:
  The user account is either expired, or not valid yet.
  Login failed. Reason: The user account is either expired, or not valid yet.
  Connection to host lost.
  if my login is not correct, it will tell the other messags.
  Telnet Administration
  SAP J2EE Engine v7.100
  User name: f
  Password:
  Cannot authenticate the user.
  Login failed. Reason: Cannot authenticate the user.

• Virtual Interface generation bug with NetWeaver ?

  I use the Web Service generation wizard to generate a virtual interface which exposes methods in an EJB. As one of the parameters I pass a simple java bean, lets say:
  public class StatusCode
      private String name;
      private boolean buggy;
      public String getName() {...}
      public void setName(String newName){...}
      public boolean isBuggy() {...}
      public void setBuggy(boolean trueOrFalse){...}
  When I look at the virtual interface generated, especially at the Types tab, my boolean attribute is not included.
  If I change the getter to "getBuggy()", the attribute is included in the VI. The only problem is that the typical Java Bean framework, say from sun or ibm, always map 'boolean' getters to 'isSomething()' and not 'getSomething()'.
  Is this a bug with NW? Is there a fix or workaround for this ?
  My version of NW:
  Version: 2.0.7
  Build id: 200407270250
  Thanks in advance,
  Mark
  (If this is not the right forum, could someone suggest where I can post this question?)

  Hi.  As of Netweaver 2004s,  the virtual interface piece has be absorbed into the creation of the web service definition, so there is no need to create it as well.   When you are getting the 403,  how are you trying to run this, using the Web Service Homepage?  If so, you will need to configure what j2e engine that you want to use to use.  You can do this in WSADMIN under the Administration settings.   Check that this is set.  YOu must know the URL of your j2e engine.
  Regards,
  Rich Heilman

• Transaction code to create virtual interface.

  I want to create a web service from a RFC. For that first, virtual interface needs to be created which will be linked to the RFC. Can u please tell me what is the transaction code to create a virtual interface.

  Thankx for ur reply.
  Now I have created the Web service. To do this I have done the followings-
  1. created one RFC enabled Function Module.
  2. Created one virtual interface
  3. Created Web service defination.
  4. Released Web service from the wsconfig transaction.
  Then from The transaction wsadmin I have opened the browser by clicking Web Service > Web Service Homepage (from menu)
  After logging in it , shows the web service and RFC with in it. Now after clicking the Test link from the browser it asks for the parameter of the RFC. But After populating the parameters and clicking send button. it gives NullpointerException.
  exact err message  is --
  An error has occurred. Maybe the request is not accepted by the server:
  java.lang.NullPointerException

• WLAN Controller learning IP/MAC on wrong virtual interface

  Hello
  I believe since I upgraded my WiSM to 7.0.250.0 is it learning a MAC address on the wrong virtual interface.
  The setup:
  - a Linux server with 2 virtual interfaces, both use the same MAC address, one is the gateway of VLAN 116 and one is the gateway of VLAN 240
  - a WiSM with several virtual interfaces, including one in 116 and one in 240
  Here the arp table with the problem:
      MAC Address        IP Address     Port   VLAN   Type
  00:50:56:BD:32:92   172.16.240.9     29     240    Host
  00:1E:4A:FA:87:8B   172.16.102.12    29     0      Permanent
  00:1E:4A:FA:50:0B   172.16.102.13    29     0      Permanent
  00:1E:4A:FA:81:2B   172.16.102.14    29     0      Permanent
  00:50:56:BD:32:92   172.16.116.9     29     240    Host
  00:1D:E0:31:55:23   172.16.116.185   29     116    Client
  58:94:6B:68:50:E8   172.16.118.201   29     116    Client
  1C:B0:94:B7:38:08   172.16.118.234   29     116    Client
  And here after I made a PING from the controller to the listed ip address:
      MAC Address        IP Address     Port   VLAN   Type
  00:50:56:BD:32:92   172.16.240.9     29     240    Host
  00:1E:4A:FA:87:8B   172.16.102.12    29     0      Permanent
  00:1E:4A:FA:50:0B   172.16.102.13    29     0      Permanent
  00:1E:4A:FA:81:2B   172.16.102.14    29     0      Permanent
  00:50:56:BD:32:92   172.16.116.9     29     116    Host
  00:1D:E0:31:55:23   172.16.116.185   29     116    Client
  38:E7:D8:D3:7C:FA   172.16.118.92    29     116    Client
  58:94:6B:68:50:E8   172.16.118.201   29     116    Client
  1C:B0:94:B7:38:08   172.16.118.234   29     116    Client
  18:AF:61:12:E9:FB   192.168.1.59     29     117    Client
  Has anybody else the same problem?
  The host 172.16.116.9 is also the configured DHCP server on VLAN 116.
  Is there a way to statically configure this IP address on that VLAN? Because it causes every few days a service outage on that VLAN (which is bound to an SSID).

  Yup, I'd say still valid. Seeing as it is the gateway, if it had different mac addresses per interface, it might still work.
  No, clients in the same subnet can communicate, but it is not recommended to 'bridge' wired and wireless with a WLC. The WLC doesn't like to bridge the communication by default, though there are work arounds.
   I might also say that as it uses the same MAC address for both virtual interfaces L2 is going to be messed up as each time there were an ARP the entry would change.
  Take a look and see if you can manually change the mac for one of the interfaces and test again.
  HTH,
  Steve