VRF , Management access only and default gateway

Similar Messages

• Management port for management switch(2960x) / IP default-gateway for L2 management switch

  1)   
  I am going to connect all mgmt ports of server to this access switch (L2; 2960x) like below. Then I have a management port in 2960x (FastEthernet / L3 port). As you can see below, even though one of Core switch is down, I am able to access through the other Core switch for mgmt SW. Do I need this FastEthernet port of 2960X?
  Core Pri -------  Core Sec   (Core Pri 192.168.1.2 / Sec 192.168.1.3 / HSRP VIP 192.168.1.1)
              mgmt SW ----- (FastEthernet0) ------ Goes to where? I don't have RAS (Remote Access Server)
                    |
                    |
        servers' mgmt ports
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swint.html#wp2220949
  2) From server side, server put default gateway (192.168.0.1) so if destination is not known, it dumps all to default gateway. This is L3. I understand this. What about L2 default gateway from switch itself? The L2 access switch supports "ip default-gateway" command. I know that without this command still servers do not have any problems to connect to network. Then this command is for switch (2960x) itself? i.e I log into the switch and ping google.com then switch will try to resolve through DNS, but if DNS is not set up in the switch, it sends all traffic to "ip default-gateway"? Is it right?
  3) If L2 (Access) switch has multiple data vlans and mgmt vlan (10.0.0.0/24  10.0.10.0/24 192.168.0.1). Then what will be the "ip default-gateway" for this switch?
  Thanks for your time and knowledge.
  ======================== Reference from Cisco regarding ip default-gateway --------------------------------------
  How to configure the ip default-gateway command on a Cisco 3550 series switch
  VERSION 2 
  Resolution
  To define a default gateway when IP routing is disabled, issue the ip default-gateway global configuration command. Then, enter the IP address of the next-hop router interface that is directly connected to the switch where a  default gateway is being configured.
  The default gateway receives IP packets with unresolved destination IP addresses from the switch. Once the default gateway is configured, the switch has connectivity to the remote networks with which a host needs to communicate.
  Note: When the switch is configured to route with IP, it does not need to have a default gateway set.
  For more information, refer to Assigning the Switch IP Address and Default Gateway.
  ip default-gateway
  https://supportforums.cisco.com/docs/DOC-5090

  Vlan 99 is management port. This is an access switch. I am accessing this swtich through SSH remotely (10.1.2.x)
  WirelessSWLab#sh ip int b
  Interface              IP-Address      OK? Method Status                Protocol
  Vlan1                  unassigned      YES NVRAM  administratively down down   
  Vlan99                 10.1.99.35      YES manual up                    up     
  GigabitEthernet0/1     unassigned      YES unset  up                    up     
  GigabitEthernet0/2     unassigned      YES unset  down                  down   
  GigabitEthernet0/3     unassigned      YES unset  down                  down   
  GigabitEthernet0/4     unassigned      YES unset  down                  down   
  GigabitEthernet0/5     unassigned      YES unset  down                  down   
  GigabitEthernet0/6     unassigned      YES unset  down                  down   
  GigabitEthernet0/7     unassigned      YES unset  down                  down   
  GigabitEthernet0/8     unassigned      YES unset  down                  down   
  GigabitEthernet0/9     unassigned      YES unset  down                  down   
  GigabitEthernet0/10    unassigned      YES unset  down                  down   
  GigabitEthernet0/11    unassigned      YES unset  down                  down   
  GigabitEthernet0/12    unassigned      YES unset  down                  down   
  GigabitEthernet0/13    unassigned      YES unset  down                  down   
  GigabitEthernet0/14    unassigned      YES unset  down                  down   
  GigabitEthernet0/15    unassigned      YES unset  down                  down   
  GigabitEthernet0/16    unassigned      YES unset  down                  down   
  GigabitEthernet0/17    unassigned      YES unset  down                  down   
  GigabitEthernet0/18    unassigned      YES unset  down                  down   
  GigabitEthernet0/19    unassigned      YES unset  down                  down   
  GigabitEthernet0/20    unassigned      YES unset  down                  down   
  GigabitEthernet0/21    unassigned      YES unset  down                  down   
  GigabitEthernet0/22    unassigned      YES unset  down                  down   
  GigabitEthernet0/23    unassigned      YES unset  down                  down   
  GigabitEthernet0/24    unassigned      YES unset  up                    up     
  WirelessSWLab#

• WRT610N Remote Management Access disabled and yet I could access??!

    Hi,
   I have the WRT610N, latest firmware (.10, early 2009). I noticed something when I accessed my FTP from work.
  I used the IP address and the "folder" to see my files in a web browser (like 82.2.2.2/MyftpFolder).
  But when I typed the IP only, I could see the router config page, despite the fact that I disabled it in "remote managment access"...
  Anyone else have seen the same problem?
  My ftp user is "admin" or I gave it all rights and access, by the way!

  Hi,
  I just had the same happen to me.
  I have a WRT54GL and I connect to my Exchange server daily through Outlook Web Access. Today when I came to work I could'nt connect. I tried my domain to see if the default website was down also and to my horror ended up in the router management gui. This have never happened before, I have the router redirecting all port 80 traffic to my web server. And since I had disabled the remote access to the router I never changed the password so the door was wide open. I will contact Linksys about this because as far as I understand it's either a serious bug or I've been hacked.
  wrt610nOWNER wrote:
  Hm Thanks!
  The "problem" was that I was at work when I noticed that and my router is at home...so when I typed my wan ip (82.2.2.2) I saw the GUI.
  Nope I did not try to another computer either inside my LAN at home or from a WAN IP, as I have no more job, and no access elsewhere...
  So I can not reproduce what I saw until I get an outside connection! I was just wondering if anyone else encountered the same.

• Managed Default versus Managed Custom Folder, and Default Folder Type Options

  I am looking to create some new managed folders needed for company retention policy.
  It seems pretty forward to create the folder: 
  New-ManagedFolder -Name "[Name Here]" -DefaultFolderType Inbox -Comment "[comments here]" -MustDisplayComment $true
  However I have noticed there seems to be two types of folders: Managed Custom and Managed Default. What exactly is the difference.
  Also what different default folder type options are there, and what is the different between them?

  I actually am using retention tags and retention policies for the existing folders (inbox, deleted, junk/spam, conversation history). Which takes care of most of our actual messages.
  However most of the space in a users mail box is take by docs scanned to their emails. These docs are almost instantly moved to file servers, and other databases but sit in the mailboxes for ever. So I was hoping to create a default folder and deploy rules
  so that all the scanned items are automatically moved to that folder where they can be deleted per a retention policy tag.
  I'm not married to this method but it did seem reasonable in terms of not leaving things to the users to sort items, and would love a better way to accomplish it.
  The retention policy says we will keep communications for a maximum x years for users excluding certain document types (junk/spam, voice mails, Instant messages, Scanned docs) and any thing older will be automatically removed, the special documents
  will have significantly shorted life spans (1 to 8 weeks). 

• Management access (view and add) to calendars

  I've done some research on this, and groups and calendar sharing don't quite seem to handle this properly for our needs...
  We have a simple hierarchy in that people on higher levels need the ability to view and add to tasks and appointments of those who report to them.
  So if Mr. Blue reports to Mr. Red, then Mr. Red as the ability to view Mr. Blue's calendar and tasks, as well as give him new appointments and tasks. But I don't want to create team calendars for this and I don't want to give Mr. Blue the same access to Mr. Red's calendar and tasks.
  Similarly, we have admins who need this type of access as well.
  How can we configure CRM on Demand to fulfill this requirement?

  Create a list in Activities called My Team's Tasks/Appointments. In the user profile make sure you specify Mr. Blue Reports to Mr. Red.
  Then Mr. Red will be able to see all his direct report's tasks. But Mr. Red's boss will not be able to see all Mr. Blue's tasks (Someone correct me if am wrong)
  Another way is sharing calendars. Mr. Blue Can share his calendar with Mr. Red, so Mr. red can see all of Mr. Blue's Appointments.
  Hope this helps.

• Loss of default gateway - to auto-shutdown radio

  Hi,
  I need a solution where, if an access point looses its connection to its default gateway, that it automatically shuts the radio down. And when the default gateway is again available, the radio is automatically turned on again. By connection, I do not just mean that the AP FastEthernet port link status changes.
  Some kind of functionality like the 'track rtr reachability' that probes the default gateway, and takes action if the default gateway cannot be reached.
  How to, if at all possible...
  Problem is that wireless equipment will connect to the access point if the radio is up but the access point does not have access to its default gateway (for some error reason other than the local Ethernet link, but also that...)
  Thanks
  Johnny

  Hi,
  unfortunately that does not solve this problem:
  Router (def. gw for WAP)
  Switch 1
  Switch 2
  Wireless Access Point (WAP)
  If switch 1 is down or if the link from switch 1 to the router is down, then the WAP radio will still be up. I need for it to handle a loss to its default gateway, not just its local ethernet wire.
  Tx
  Johnny

• E1200 default gateway issues

  I have my E1200 connected to my Netgear FVS318 router (which is a wired router) and the Netgear is connected to the internet.
  When a wireless client attempts to connect to the internet after automatically receiving an IP from the E1200, they do not have internet access as the default gateway that gets assigned is the IP of the E1200 - 192.168.2.100, which is not correct. It should be assigned 192.168.2.1, which is the IP of the Netgear router. Thefore, I have to manually set their IP addresses to use 192.168.2.1.
  How do you configure the E1200 to assign the correct Default Gateway IP to wireless clients who want to use DHCP?
  Thanks,
  Todd.

  If you want your computers to get an IP from the Netgear, you need to disable the DHCP server of the Linksys router and make sure you connect them together via ethernet port. The Linksys router will just act as a wireless switch.

• SharePoint 2013 - Site Settings - Users and permissions - "Access Request and invitations" link missing

  I am site collection administrator and have configured the outgoing email in Central administration but "Access Request and invitations" link  is missing, pl advice any additional configurations for this link to show up
  I was though able to configure access requests by going to Site Settings->Users and permission and on the ribbon selected "Access Request Settings"
  What is the difference in either of the approaches?
  Thanks
  Abhishek

  Hi there,
  I noticed this post, and didnt really find an appropriate solution to your issue. I noticed the same issue when dealing with Access Requests. First of all to make sure that the Request feature is enabled, you need to access 
  Site Settings -> Site Permissions -> Access Request Settings -> Make sure the
  'Allow access requests' option is enabled.
  The Allow access screen just allows you to enable the feature and also to specify a email address that notifications are sent to. Whereas the 'Access Requests and Invitations' section provides a screen to manage Access Requests and request history.
  I noticed then that the Access Requests and Invitations link under 'User and Permissions' didnt actually appear until someone actually requests to join the site. It seems that this is needed to display the screen. Once actioned once, the option stays there.
  Hope it helps

• 6120c - default access point and setting applicati...

  Does anyone know how to set the default access point on the 6120, for all apps? And how to allow apps to access the internet without asking? The default browser is ok but everything else (Opera Mini, Gmail, Google Maps etc) asks for permission, then an access point. I figured it out on my N73 but can't get it on the 6120.

  Thanks for the reply. I've looked in App Manager but the only context-sensitive stuff for each app is 'details' which is just the vendor and certificate, and 'settings' which is 'Software Installation', Online Certificate Check' and 'Default Web Address'.
  Doh! Just got it - choosing 'open' doesn't start the app, it gives me the options I need. Problem solved!

• Cascaded network unable to access default gateway att 5031nv

  Hello -  I have a Cisco 3750 sitting behind an ATT 5031 NV.  The Cisco device has the following networks 'living' on it: 10.1.1.1 /2410.1.2.1 /2410.1.3.1 /24 All of these have DHCP pools living on the Cisco device.  The default gateway they had out is the IP of the SVI (mentioned above).  I am using OSPF between those networks - and they can all talk fine.  I am using the 'default-information originate' command to obtain default route information. I have port Gi1/0/3 on the cisco device plugged into LAN port 4 on the ATT 5031 NV.  Port Gi 1/0/3 is configured with a static IP in the 192.168.1.x network as follows:
  ip address 192.168.1.2 255.255.255.0 On the ATT 5031 NV:  Settings > broadband > link configuration, I have the 'cascaded network' option selected: Network Address:  10.1.0.0 Subnet Mask:  255.255.0.0 Choose the router that will host the secondary subnet:          [Cisco Device Hostname] 192.168.1.2 (IP of Gi1/0/3 on cisco device) When i do this - i can ping from the 10.x.x.x networks to both 192.168.1.2 and 192.168.1.254 IP's - but i cannot get out to the Internet (neither by IP or hostname).   I should metion that I have tried the DMZ pinhole option - where i made my Gi1/0/3 get an IP by DHCP > rebooted it > and I got my device to show up with a 108.225.x.x external IP (which again, my 10.x.x.x's could ping) but I could not ping the default gateway for that network. What am i missing here?  anyone have any ideas?  Config to follow:  !interface GigabitEthernet1/0/3
  description DMZ to WAN
  no switchport
  ip address 192.168.1.2 255.255.255.0!interface Vlan1
  no ip address
  interface Vlan100
  description MANAGEMENT
  ip address 10.1.1.1 255.255.255.0
  interface Vlan120
  description xxxx WIFI
  ip address 10.1.2.1 255.255.255.0
  interface Vlan130
  description xxxx DATA
  ip address 10.1.3.1 255.255.255.0!router ospf 1
  network 10.1.1.0 0.0.0.255 area 1
  network 10.1.2.0 0.0.0.255 area 1
  network 10.1.3.0 0.0.0.255 area 1
  default-information originate!ip default-gateway 192.168.1.254!ip route 0.0.0.0 0.0.0.0 192.168.1.254 Any help would be greatly appricated.     

  Hi ,
  With the cascaded router option, the purpose of that option is to pass over your static IPs so that your gateway handles the traffic. If you do have a set of static IPs available, the only thing you want to change is the cascaded router IP. The network address should be the IP of your router, so it would be 192.168.1.2 according to your setup. 
  If you are just trying to do a router behind router setup, you actually do not need to use the cascaded router option, and just putting it in DMZ should take care of everything.
  Hope this helps.
  -ATTU-verseCare

• Read Only privileges for Access Server and Identity Server - OAM 10g

  Hi,
  I am working on Oracle Access Manager 10g version 10.1.4.
  I use an administrative account that is a member of the 'COREid Administrators' group to log into the access console and identity console of OAM.
  Since this is the administrative account, it has the rights to modify and update all access/identity entities.
  How can I set up an account that has "view only" privileges over all access and identity objects in OAM?
  I need to log into the access and identity consoles of OAM and view all policy domains/policies/access system configuration/user manager config/group manager config etc bt not be able to modify any of them.
  Is there a way to setup such an account in OAM?
  Regards,
  Abhishek.

  Hi Abhishek,
  It is possible to define different levels of administrator, but it is not possible to give an admin read access (to objects in the consoles) without also giving modify access. I do not believe that there is a straightforward way to meet this requirement - for the Access System you could use the Policy Manager API and write your own interface (which does not have the ability to modify) but obviously this would be some development effort.
  Regards,
  Colin

• Setting up IP,Subnet, default gateway and secondary gateway in solaris 10 x

  Hi,
  I am new to solaris.
  I have instralled solaris10 x86 on my system.
  I am not able to access internet as i am not able to setup address.
  I use broadband and have static ip address.
  How do i configure them...
  ip, subnet, default gateway, and secondary gateway.
  Thanks in advance.

  run sys-unconfig and after reboot set the parameters (IP, etc)
  What do you mean second gateway?

• Default gateways and zones

  This may be related to a thread that is currently out there. However in the interest of not hijacking it, I created my own. Please pardon my ignorance on the zoning stuff since I am in the process of learning.
  We are currently running into a default gw issue on a 480R that is configured as follows:
  bge0 interface: connected to the public routable network and used by the global zone. The defaultrouter file contains the gateway for this address.
  bge1:1 and bge1:2 interfaces: connected to zones 1 and 2 respectively. These reside on the same private subnet behind our firewall appliance. The gateway for these is NOT on the defaultrouter of the global zone.
  On the routing table of the global zone, we have 2 default gw's (one for the global/public zone and 1 for the local zones).
  The problem:
  When a user tries to connect via the public interface (they are connecting from a point not on the same subnet as the public interface of the box), they are sometimes able to connect (i.e. SSH) and sometimes not. My system is on the same subnet as the box and does not have any problems connecting via the public interface.
  Is this the result of having multiple gw's on the global zone routing table?
  Suggestions?

  you can have multiple gateway entries in deafultrouter file but the default gateway for global zone can be only one but you can specify different gateways for different zones..
  using this default gateway, you should be able to connect via different network...!

• Default gateways and zones in a multihomed system

  We do have some problems concerning default routes and zones in a multihomed system.
  I found several posts in this forum, most of them referring to a domument of meljr, but my feeling ist that the paper is either not correct or not applicable to our situation?! Perhaps somebody can give me a hint.
  Let me sketch our test environment. We have a multihomed Solaris 10 system attached to three different DMZ's using three different network adapters. We set up two local zones with IP's of the DMZ's of adapter 1 and 2, leaving adapter 0 for the IP of the global zone.
  Now we set up default routes to ensure that network traffic from the local zones is routed in the corresponding DMZ's. That makes three different default routes on the global zone. On startup of the local zones, netstat reports the expected default routes to the correct DMZ gateways inside each zone.
  Now what happens... My ssh to the global zone sometimes breaks. When this happens, no pings are possible to the IP of the global zone. Meanwhile, pings from other machines in our network (even from different subnets) might produce replies, some don't. By now, I can't tell you if there's is anything deterministic about it... More interesting: the local zone connections aren't affected at all!
  So we did some more testing. Binding an IP address to the DMZ interfaces where the zones are tied to makes no difference (we tried both, with or without dedicated addresses for the adapter in the global zone). So the setup we're using right now is made of 5 IP addresses.
  IP1, subnet 1: adapter 0, global zone
  IP2, subnet 2: adapter 1, global zone
  IP3, subnet 2; adapter 1. local zone 1
  IP4, subnet 3; adapter 2, global zone
  IP5, subnet 3; adapter 2, local zone 2
  In the global zone there are three default gateways defined, one in each DMZ subnet. Inside the local zones, at startup you'll find the corresponding gateway into the DMZ. Everything looks fine...
  I opened five ssh connections to the different IP's. Now what happened... After approx. half an hour, the connections to two IPs of the global zone (adapter 0 and adapter 1) broke down, while the connections to all other IP's were still open. This behaviour can be reconstructed!
  So perhaps anybody has a explaination for this behaviour. Or perhaps anybody can answer me some qustions:
  1. How are the three default gateways handled? Is there still some kind of "round robbin" implemenation? How can I guarantee that network traffic from outside isn't routed inside the DMZ's without preventing the local zones from talking to each other (actually we only need to communicate on some ports, but the single IP-stack concept only gives us all or nothing...).
  2. If I do a ping from local zone 1 to the default gateway of local zone 2, this route is added as additional default gateway inside local zone 1! So does this mean, the routing decision is made only inside the global zone not taking into account where the packet is sent from?
  3. After all, how are the IP packets routed from the different zone and the global zone, and how are they routed back to calling systems from the various DMS's and other networks, routed via these DMS's???
  The scenario seems to be covered by http://meljr.com/~meljr/Solaris10LocalZoneDefaultRoute.html, but configuring the machine like stated in the paper leaves me with the problems described.
  I'd be happy for any helpful comment!

  you can have multiple gateway entries in deafultrouter file but the default gateway for global zone can be only one but you can specify different gateways for different zones..
  using this default gateway, you should be able to connect via different network...!

• Travel Management-Receipt Maximum rates and Default values

  Hi
  I need some help on one of the issue we are facing in Travel Management. We are expected to Go-live very soon.
  We are unable to apply a very basic check of receipt maximum amount at
  the receipt entry in the portal for travel expenses. This functionality
  is very much provided by SAP in the backend configuration but it is not working in the backend also in our Development system.
  This is concerning the maximum and default amounts in
  View V_T706B2 are related to the IMG
  "Define Influence of Control Parameters: Receipt Maximum Rate"
  I have analysed the table entries but could not
  get the desired solution.
  In the meanwhile based on SAP note: 808437-Warning message when max
  rate is exceeded negative value, we looked into the code and found that
  the code for checking the maximumum amounts is "commented" in the
  lastest SP32 SAP HR version in the DEVELOPMENT system we are working
  on.
  I also looked into (SAP Note: 1114398---Country and Region when
  reading maximum amounts and defaults) and have found that the
  correction suggested in this note may already be applied as our D35
  System EA_HR patch level is already SAPK-60211INEAHR and Note
  correction in SAPK-60203INEAHR is of old level, hence we have not applied this correction.
  Furthermore I have checked and found that in our IDES system these checks
  for Maximum amounts and defaults are working fine. The IDES system is
  at level 0002 and highest support package is SAPKE60002.
  Many thanks in advance !
  Ritesh

  Hi Ritesh:
  We had a situation in which our expense types require both a warning message and request for additional information when the maximum is exceeded. We were told that ECC6.0 can handle only one action per expense type/amount. In our old system, R4.6C, it could handle multiple actions per amount for a receipt type.
  I am not sure if this is your issue - having multiple actions for a expense type/amount combination.
  We got around this by leaving one action at the expected amount and setting the other to 0.01 lower.
  Lisa