Wildcard mask calculation

How to calculate wildcard mask if I just want to cover only some hosts in a subnet? Ex. A subnet can have 8 hosts, but I just want to use wildcard mask to cover only first 3 and last3 usable host? What will be the wildcard mask for this?

With 192.168.1.0 0.0.0.255 you are telling the router not to care about any bit in the last octet. Hence, it doesn't matter whether your IP is set 192.168.1.0 or .128 or any other address in the last octet and it's all the same.
HTH
Sundar

Similar Messages

Why OSPF use wildcard mask? Not subnet mask?

Why OSPF use wildcard mask? Not subnet mask? Any advantage of using wildcard in OSPF? How wildcard in OSPF work? I saw some OSPF configuration for class b network use 0.0.0.255 as an OSPF wildcard mask. What does it mean? Is that mean to exchange only route information for the subnetwork?

hello,
with the use of a wild-card mask we can gain control over route update propagation.So we can define which networks should receive updates and which networks should not receive routing updates.Its just like wildcard masks used in ACLs.this is my view
cheers,

Subnet/wildcard masks in ACS 5.1

We are trying to migrating from ACS 4.2 to 5.1. Abandoned trying to use the migrate utility when we ran into errors trying to use it and TAC said it was an unsupported utility. Amazing that no where in the manual did I see "Unsupported" mentioned.
One of the main things we are trying to do is to use a subnet or wildcard mask like we did in 4.2. For example, I have a network group rule in 4.2 that would allow 10.*.255.* to be authenticated by Tacacs using a particular given secret. I dont see a way that I can do this in ACS 5.1. I have to go from one rule for all of my edge routers to almost 100 rules since there doesnt appear to be a way to do this. I understand that the * is no longer supported but there doesnt seem to be a way to use a wildcard mask to minimize the number of rules it looks like I will have. This is just for the routers. I also have a host of switches, AP's and specialized network devices that I need to use a different shared secret for each type of device. In some cases I may have more than one type of network device int he same subnet range and need a different shared secret.
Would appreciate any suggestions.

ACS 5.x does not support wildcards in the address field. You will have to use subnet masks instead.
You can set up a default device, which may or may not be what you need in your case. This would be the equivalent of entering *.*.*.* on ACS 4.x

Wildcard masking on ASA

Is there a way to do wildcard masks on the ASA access lists version 8.4? I'm needing to allow only certain PC's with a certain IP address through a VPN tunnel.
access-list Let_Me_Wildcard_Mask extended permit ip 192.168.0.250 0.0.255.0
It won't let me do this...

Hi,
Maybe the above example could be a solution then?
I am not sure if you saw that as I edited it in the original reply after I already had posted it once.
You could easily group the needed IP addresses under an "object-group network " and use the "object-group" itself in the ACLs statements
Though I guess this is also affected by the fact where you are controlling the traffic. If you are doing the filtering on the "outside" of the firewall for a L2L VPN for example then this would work.
If you have several interfaces on the ASA where the hosts are located then naturally you could still use the "object-group" but you would still have to configure the same ACL line in multiple interface ACL.
Unless you were ofcourse using a "global" ACL that applies to all interfaces on the ASA in "inbound" direction. This option became available in software 8.3(1) I think.
- Jouni
Message was edited by: Jouni Forss
Added some additional information

Mask Calculation's and Performance

We will have two 7341 WAE's in our Data Center. We have several hundred servers that branch sites pull (and sometimes push "SharePoint") centralized resources from. To even out the load, we are moving Service Group 62 to the WAN interface and 61 to the LAN interface on the Data Center Router. I would also like to create a "Mask" that effectivly doubles my DRE capacity by alternating WAE's based on the destinations last octet. Using a mask calculation that alternates 7341 boxes based on the last octet of the IP address seems to be the most effective method. Are their any performance hits or faults with this method of load distribution?
Using Cisco's "WCCP-Mask-calc-v103", I came up with 0x01 as the value to alternate based on the host address.
Is that the proper mask to alternate hosts based on their last octet?
Are their any inherited issues with using this mechanism?
Has anthing changed with 4.4.1 / 4.4.3 that would render this inoperable or unsupported?
Will this eat up resources on the router?
7341#1
10.0.0.0
10.0.0.2
10.0.0.4
10.0.0.6
7341#2
10.0.0.1
10.0.0.3
10.0.0.5
10.0.0.7

Hi Ryan,
This mechanism is fine and hold true for 4.4.1/4.4.3 as well.
However it is purely based on the requirement whether you want to load balance based on the last octet or the last but one octet. If you have multiple sites of Class C subnets you may probably want that all the users from one site should always go to the same WAE in datacentre so that it provides higher cache hit ratios quickly. If you have less number of sites and you may want to do the load balancing on a per user basis in which case both the WAEs DRE will be populated with the same kind of cache.
Hence it depends on the number of sites / users etc based on which you can decide on a mask value for load balancing.
Please refer to the below URL for the recommended assignment method on different platforms.
http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html
Hope this clarifies.
Regards
Kiran.

Wildcard mask in Shell Command Authorization Set?

Under Shared Profile Components/Shell Command Authorization Sets in ACS, is it possible to enter a wildcard for further arguments.
For example, say you want to permit show cam [+ all arguments], is it possible to configure show, then 'permit cam *' as the argument?
Thanks

Sure. Just tested this on my ACS 3.2 server with the following config:
AAA client:
aaa new-model
aaa authentication login default tacacs
aaa authorization commands 1 default group tacacs
ACS Shell Command Set:
Unmatched Commands = Deny
Command = show
Permit unmatched args = no
args = permit ip *
This then allows me to do "sho ip int brief" and "sho ip http server all" to name a couple, but doesn't allow me to do "sho ver".
Hope that helps.

Mask assignment for wccp redirection in WAEs

We're tying to understand the mask assignment process better, so we can replace the default mask value of 0X1741 with the correct one as, supposedly, the 0x1741 does not allocate the buckets evenly among the WAEs in a cluster. To that extent, could someone pls refer me to where we could read up on this?
Thanks.
_ Greg

Hey Greg,
I would suggest going through the below doc. and also there is a mask calculator doc attached here with this for your reference.
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-wccp.html
Regards,
Kanwal

Having an issue adding network to eigrp

I'm doing a class project using a network simulator and am asked to: Design and implement an network for company RoutersCourseMatters. The names of the department names at this company are Faculty, Staff, and Students. For security reasons, each department must be isolated from each other's broadcast domain on the network. The Faculty have 50 end devices that need to be connected to the network. Staff has 26 end devices and the Students have 100 end devices. The network spaced provided by the ISP is 192.168.0.0/24. The dynamic protocol used for this network must be for Cisco-only equipment. Test each department network with just one end device and ensure full connectivity across the entire network
So we have our network topology setup for the class project(see picture attached). We are using one router for faculty+staff. Faculty has ip/mask of 192.168.0.1/26 and staff is: 192.168.0.65/27. we have a seperate router for students which the IP subnet for students is 192.168.0.150/25. The routers are directly connected and are using ips 192.168.0.98/29 & 192.168.0.100/29 so since the two routers are directly connected on the same subnet they have no issue pinging each other. The problem is pinging hosts from a subnet to hosts on a different subnet. When I try and add ANY 192.168.0.* subnet to eigrp it instead adds 192.168.16.* network. For instance on the faculty/student router if i do a 'router eigrp 1' command followed by 'network 192.168.0.0 0.0.0.63' it shows network 192.168.16.0 has been added to eigrp under show run. here is show run command:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
faculty/staff#config t
Enter configuration commands, one per line. End with CNTL/Z
faculty/staff(config)#router eigrp 1
faculty/staff(config-router)#network 192.168.0.0 0.0.0.63
faculty/staff(config-router)#exit
faculty/staff(config)#exit
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
--More--
project.jpg
Reply Reply to Main Discussion
 Cody Robinson
 Cody Robinson
 2:36pm
Here is 'show ip eigrp topology' on staff/faculty router:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.0.65/27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.0.1/26
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/0 is down, line protocol is down
Internet address is 192.168.20.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/1 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/0 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/1 is up, line protocol is up
Internet address is 192.168.0.98/29
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
faculty/staff#show ip eigrp ?
<1-65535> Autonomous System
accounting IP-EIGRP Accounting
interfaces IP-EIGRP interfaces
neighbors IP-EIGRP neighbors
topology IP-EIGRP Topology Table
traffic IP-EIGRP Traffic Statistics
vrf Select a VPN Routing/Forwarding instance
faculty/staff#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(192.168.20.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
 r - reply Status, s - sia Status
P 192.168.0.0/26, 1 successors, FD is 2172416
 via Connected, FastEthernet0/1
P 192.168.0.64/27, 1 successors, FD is 2172416
 via Connected, FastEthernet0/0
P 192.168.0.96/29, 1 successors, FD is 2172416
 via Connected, Serial0/1/1
faculty/staff#
 Cody Robinson
 Cody Robinson
 2:37pm
Here is show run on students router:
Students Con0 is now available
Press RETURN to get started!
Students>sh run
 ^
% Invalid input detected at '^' marker.
Students>en
Students#sh run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Students
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
interface FastEthernet0/1
description link to switch
ip address 192.168.0.150 255.255.255.128
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.100 255.255.255.248
no ip directed-broadcast
clockrate 2000000
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.10.0
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
Students#

Hello lolwar,
From your setup and description you provided I see some mismatch in IP subneting you calculated.
For instance in your diagram you have networks 192.168.0.0/26 (FACULTY), 192.168.0.64/27 (STAFF), 192.168.0.96/29 (point-to-point link between routers) and 192.168.0.128/25 (STUDENTS).
First, you're wasting IP addresses, because you have unused space between point-to-point link and STUDENTS subnet. It's a good practice, when calculating subnets first calculate the biggest, subnet, then smaller one until the smallest one (usually some point-to-point cross-connects). For more about this see this guide.
Now, the issue I see as the most important is, that you have in your diagram networks as I mentioned above, but into your EIGRP process you're adding completely different subnets (192.168.16.x, 192.168.20.x,...).
I entered following:
STUDENT ROUTER =------------>
router eigrp 1
network 192.168.0.96 0.0.0.7
network 192.168.0.128 0.0.0.127
FACULTY/STAFF ROUTER =------------->
router eigrp 1
network 192.168.0.0 0.0.0.63
network 192.168.0.64 0.0.0.31
network 192.168.0.96 0.0.0.7
And all works just fine, computer's are able to ping each other. Also although it's not necessary, it's good to includes network wildcard mask into the "network" command under EIGRP (or OSPF) configuration.
I hope this will help you (please rate if this is the case. Thanks.)

How to specify target host in Access-list on 1700 router

I want to be able to specify the target host on an access list and when I try to enter the IP and sub-net mask I get wierd result. This is on a 1700 router. I type: access-list 100 permit tcp any XXX.XXX.XXX.XXX 255.255.255.248 eq smtp where XXX.XXX.XXX.XXX is a public IP of a virtual email server on my inside.
I get:
access-list 100 permit tcp any 0.0.0.2 255.255.255.248 eq smtp
Why does XXX.XXX.XXX.XXX get interpreted as 0.0.0.2?
Thanks,
Dave

Dave,
The address got converted to 0.0.0.2 because you used a subnet mask (255.255.255.248) where you should have used a wildcard mask (0.0.0.7).
Regardless of what the network portion of the address was, when the router sees "255" in any position in the wildcard mask, it interprets that as "it really doesn't matter what number is in this part of the IP address". So it corrects your notation and replaces that part of the IP address with the placeholder "0".
The fact that it put a ".2" at the end of the address indicates that the binary pattern of whatever XXX.XXX.XXX.XXX was ended in "010". The last octet was one of the numbers in this sequence: .2, .10, .18, ... (increments of 8), .114, or .122. The "248" in the last part of your wildcard mask told the router "it doesn't matter what number's here, as long as the last three binary bits match". The router just simplified the last .XXX you entered to the smallest number that had a matching binary pattern; in this case it was ".2".
Something to remember: Use subnet masks for static routes and interface addressing; and wildcard masks for ACLs.
The easiest way to calculate the wildcard mask you want, if you're used to seeing things in subnet mask format, is to subtract the subnet mask from 255.255.255.255. For example:
255.255.255.255
-255.255.255.248 (subnet mask)
0.0.0.7 (wildcard mask)
If you want to specify a single host address rather than a masked range of addresses, use the notation "host XXX.XXX.XXX.XXX". If you use the notation "XXX.XXX.XXX.XXX 0.0.0.0" where 0.0.0.0 is the wildcard mask, the router will convert it to "host XXX.XXX.XXX.XXX". (Go ahead, try it and see.)
Similarly, if you want to specify all host addresses, use "any" as you have already done; or you can try "0.0.0.0 255.255.255.255" and the router will convert it to "any" for you. (Try this one too.)
Check out the useful IP Subnet Calculator download at http://www.Boson.com -- it's free:
Wildcard Mask Checker & Decimal-to-IP Calculator
a neat little utility to check what your wildcard mask actually matches, and, converts from Decimal to IP address format.
http://www.boson.com/promo/utilities.htm
Hope this helps.

Error in Adapter Module to unzip files

Hello ,
I wish to unzip many files with use of an adapter module
To du this I use following code
package de.lsv.moduledevelopement;
import java.io.*;
import java.util.Hashtable;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.ejb.SessionBean;
import javax.ejb.SessionContext;
import javax.ejb.CreateException;
import com.sap.aii.af.mp.module.Module;
import com.sap.aii.af.mp.module.ModuleContext;
import com.sap.aii.af.mp.module.ModuleData;
import com.sap.aii.af.mp.module.ModuleException;
import com.sap.aii.af.ra.ms.api.Message;
import com.sap.aii.af.ra.ms.api.MessageDirection;
import com.sap.aii.af.ra.ms.api.Payload;
import com.sap.aii.af.ra.ms.spi.Trace;
import com.sap.aii.af.service.auditlog.Audit;
import com.sap.aii.af.service.auditlog.AuditDirection;
import com.sap.aii.af.service.auditlog.AuditLogStatus;
import com.sap.aii.af.service.auditlog.AuditMessageKey;
* @ejbLocal <{de.lsv.moduledevelopement.UnZipFilesLocal}>
* @ejbLocalHome <{de.lsv.moduledevelopement.UnZipFilesLocalHome}>
* @stateless
public class UnZipFilesBean implements SessionBean, Module {
 static AuditMessageKey amk = null;
 static String auditStr = "UnzipFilesBean - ";
 static ModuleException mEx = null;
 public static final String VERSION_ID =
 "$Id://de.lsv.moduledevelopement.UnZipFilesBean.java#1 $";
 private static final Trace TRACE = new Trace(VERSION_ID);
 public void ejbRemove() {
 public void ejbActivate() {
 public void ejbPassivate() {
 public void setSessionContext(SessionContext context) {
 myContext = context;
 private SessionContext myContext;
 * Create Method.
 public void ejbCreate() throws CreateException {
 // TODO : Implement
 /* (non-Javadoc)
 * @see com.sap.aii.af.mp.module.Module#process(com.sap.aii.af.mp.module.ModuleContext, com.sap.aii.af.mp.module.ModuleData)
 public ModuleData process(
 ModuleContext moduleContext,
 ModuleData inputModuleData)
 throws ModuleException {
 Object obj = null;
 Message msg = null;
 Payload attachment = null;
 //initializing variables for module parameters
 String modkey = "";
 String fileMask = "";
 String directory = "";
 String saveDirectory = "";
 // String newMimeType = "";
 // String newAttachmentName = "";
 // String newAttachmentExtension = "";
 // String newAttachmentNameReplace = "";
 //this block is to manage the adapter when is not file/FTP
 try {
 //get the XI Message
 obj = inputModuleData.getPrincipalData();
 msg = (Message) obj;
 // create AuditMessageKey object to write audit log.
 if (msg.getMessageDirection() == MessageDirection.INBOUND)
 amk =
 new AuditMessageKey(
 msg.getMessageId(),
 AuditDirection.INBOUND);
 else
 amk =
 new AuditMessageKey(
 msg.getMessageId(),
 AuditDirection.OUTBOUND);
 // ******start get the module parameters from the configuration******
 modkey = moduleContext.getContextData("module.key");
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Module Configuration Key: " + modkey);
 //***** einlesen der Moduke Parameter******************
 //***** DateiMaske
 fileMask = moduleContext.getContextData("FileMask");
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "FileMask: " + fileMask);
 // check ob fileMask definiert ist
 if (fileMask == null || fileMask.equalsIgnoreCase("")) {
 //if no attachment name is specified in the module configuration the module will end the execution
 throw mEx =
 new ModuleException(
 auditStr
 + "!FileMask in Modulconfiguration nicht definiert!");
 //***** DateiMaske2
 String fileMask2 = moduleContext.getContextData("FileMask2");
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "FileMask2: " + fileMask2);
 //***** Directory
 directory = moduleContext.getContextData("Directory");
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Directory: " + directory);
 // Fehler wenn Directory nicht definiert
 if (directory == null || directory.equalsIgnoreCase("")) {
 //the module will end the execution
 throw mEx =
 new ModuleException(
 auditStr
 + "Directory in Modulconfiguration nicht definiert");
 //***** Sicherungs Verzeichnis
 saveDirectory = moduleContext.getContextData("SaveDirectory");
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "SaveDirectory: " + saveDirectory);
 // entpacken aufrufen
 entpacke(directory, saveDirectory, fileMask);
 if (fileMask2.length() > 0) {
 entpacke(directory, saveDirectory, fileMask2);
 //update the XI Message
 inputModuleData.setPrincipalData(msg);
 } catch (Exception e) {
 String errorMessage =
 auditStr + "Error bei der . Exception:" + e.getMessage();
 Audit.addAuditLogEntry(amk, AuditLogStatus.ERROR, errorMessage);
 throw mEx = new ModuleException(auditStr + errorMessage);
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Verarbeitung beendet ");
 return inputModuleData;
 //+++++++++++++++++++++++++
 private static void entpacke(
 String directory,
 String saveDirectory,
 String mask)
 // TODO Auto-generated method stub
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Funktion entpacke");
 if (!directory.endsWith("\")) {
 directory = directory + "\";
 } // if
 File f;
 f = new File(directory);
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "f = new File(directory)");
// // Achtung Klasse in einer Klasse :-)
// String[] strFiles = f.list(new FilenameFilter() {
// public boolean accept(File file, String filename) {
// Wildcard wildcard1 = new Wildcard(mask);
// Audit.addAuditLogEntry(
// amk,
// AuditLogStatus.SUCCESS,
// auditStr + "wc1");
// return wildcard1.match(filename, false);
 String [] strFiles = f.list(new MyFilter(mask));
 // Liste der Gefundenen dateien
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Anzahl gepackter Dateien: " + strFiles.length);
 //System.out.println( strFiles.length + " Dateien zum entpacken");
 for (int i = 0; i < strFiles.length; i++) {
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "verarbeite Datei: : " + strFiles);
 // System.out.println("f[" + i + "]=" + strFiles);
 } // for
 // *****entpacken**********************
 for (int i = 0; i < strFiles.length; i++) {
 try {
 byte[] buf = new byte[4096];
 ZipInputStream in =
 new ZipInputStream(
 new FileInputStream(directory + strFiles));
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Entpacke " + directory + strFiles);
 //System.out.println("Entpacke " + directory + strFiles);
 int count = 0;
 while (true) {
 count++;
 // Nächsten Eintrag lesen
 ZipEntry entry = in.getNextEntry();
 if (entry == null) {
 break;
 // Beschreibung ausgeben
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + entry.getName());
 //System.out.println(entry.getName());
 // Ausgabedatei erzeugen
 FileOutputStream out =
 new FileOutputStream(directory + entry.getName());
 int len;
 while ((len = in.read(buf)) > 0) {
 out.write(buf, 0, len);
 out.close();
 // Eintrag schließen
 in.closeEntry();
 } // while
 in.close();
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + count + "Dateien entpackt");
 //System.out.println(count + "Dateien entpackt");
 // verschieben
 if (saveDirectory.length() > 0) {
 File quelle = new File(directory + strFiles);
 File ziel = new File(saveDirectory + strFiles);
 boolean bla = quelle.renameTo(ziel);
 if (!bla) {
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr
 + strFiles
 + " konnte nicht verschoben werden");
 } else {
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr
 + strFiles
 + "verschoben nach "
 + saveDirectory);
 // System.out.println(
 // strFiles + "verscgoben nach " + directory + "sik//");
 } // if
 } catch (Exception e) {
 String errorMessage =
 auditStr
 + "Error in entpacken. Exception:"
 + e.getMessage();
 Audit.addAuditLogEntry(amk, AuditLogStatus.ERROR, errorMessage);
 } // catch
 // *****entpacken*************
 } // for
 } //entpacke
} // UnzipFilesBean
class Wildcard {
 static AuditMessageKey amk = null;
 static String auditStr = "WildCard - ";
 static ModuleException mEx = null;
 private final String wildcardString;
 * Der Konstruktor für die WildcardSuche.
 * @param wildcardString
 * Der WildcardString
 public Wildcard(String wildcardString) {
 this.wildcardString = wildcardString;
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Constructor");
 * Die Methode, welche den Vergleich durchführt.
 * @param str
 * Der String, welcher darauf überprüft werden soll, ob er dem
 * WildcardString entspricht.
 * @return true Wenn der String dem wildcardString entspricht.
 public boolean match(String str, boolean fCasesensitive) {
 if (str == null || wildcardString == null) {
 return false;
 return recursiveMatch(wildcardString, str, fCasesensitive);
 * Hier wird der eigentliche Vergleich durchgeführt
 * @param strWildcard
 * Der Wildcardstring, z.B.: "Test*"
 * @param str
 * Der zu überprüfende String, z.B. "Testlauf"
 * @return true, wenn eine Übereinstimmung vorhanden ist, sonst false
 private boolean recursiveMatch(
 String strWildcard,
 String str,
 boolean fCasesensitive) {
 while (true) {
 if (strWildcard.length() == 0)
 return str.length() == 0;
 char ch = strWildcard.charAt(0);
 switch (ch) {
 case '?' :
 if (str.length() == 0)
 return false;
 break;
 case '*' :
 strWildcard = strWildcard.substring(1);
 while (true) {
 if (recursiveMatch(strWildcard, str, fCasesensitive))
 return true;
 if (str.length() == 0)
 return false;
 str = str.substring(1);
 default :
 if (str.length() == 0)
 return false;
 if (fCasesensitive) {
 if (ch != str.charAt(0))
 return false;
 } else if (
 Character.toLowerCase(ch)
 != Character.toLowerCase(str.charAt(0)))
 return false;
 break;
 strWildcard = strWildcard.substring(1);
 str = str.substring(1);
 //++++++++++++++++++++++++++
} // class
/** Nun der eigentliche Filter */
class MyFilter implements FilenameFilter {
 static AuditMessageKey amk = null;
 static String auditStr = "MyFilter - ";
 static ModuleException mEx = null;
 String fileMask;
 public MyFilter(String fileMask) {
 this.fileMask = fileMask;
 Audit.addAuditLogEntry(
 amk,
 AuditLogStatus.SUCCESS,
 auditStr + "Constructor");
 } //constructor
 public boolean accept(File file, String filename) {
 // TODO Auto-generated method stub
 //fileMask = "?5LBL*";
 Wildcard wildcard1 = new Wildcard(fileMask);
 return wildcard1.match(filename, false);
} //class
But in Audit Protocol it failed after:
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - Module Configuration Key: 2
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - FileMask: ?5LBL???
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - FileMask2:
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - Directory: //transfer//X1E//100//99//lb//ein
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - SaveDirectory: //transfer//X1E//100//99//lb//ein_s
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - Funktion entpacke
17.09.2008 17:33:19 Erfolgreich UnzipFilesBean - f = new File(directory)
17.09.2008 17:33:19 Fehler UnzipFilesBean - Error bei der . Exception:null
I could not find the error??
Were there any log files to look into?
regarts
Zimmerningkat

Hi Ralf,
I am late..........
I am bit confused with your explanation.
1. Does all zip files will be picked by file adapter in one shot or is it conditional, since you have a XML descriptor file in firts zip file and the XML files describes the list of JPEG files which might be stored in the other zipped JPEG files?
2. Can you tell the exact flow of your scenario
3. Receiver in your scenario?
Thanks,
Gujjeti.

SG300-20 configure 1 ip pr port

We got 1 customer that would like us to configure a system based on SG300-20 linked up with an SG300-10SFP using trafficshaping ingress and egress limited to 40mbit.
This part of the case is solved using ingress/egress 40960 with an burtlimit a bith higher.
But he also wants each firewall configured on the net to only be able to have 1 ip on that spesific port.
this is an owner of a building that rents out to other companies. Each comapny is assinged a port on the SG300-20 and has theire own ip (ie 100.100.12.34) all of them are part of a /26 net and would use the same Gateway.
Is this possible ?
that the company assigned to ie port 14 in switch 1 only can use 100.100.12.34/26 gw 100.100.12.1 and if they change to 100.100.12.36 it will not work. This to prevent the endusers from changing and fu...g up the net for the rest :-)
and on port 16 on switch 1 they can only use 100.100.12.36/26 with gw 100.100.12.1
thnsk for any input
switches are in layer2 mode , but nothing is in production yet so i can change ot layer3 if thats what it takes.
regard
Thomas

Hi Thomas, your concept sounds correct.
This is how this works
Assuming your topology is this-
Internet -> Router -> Core switch (no client/customer) -> Access switch -> Client/customer
For argument sake, your uplink from access switch is port 18 which connects to port 18 of the core switch
Problem statement-
On access switch, your desire is to have a client or customer connect to the switch using a specific MAC address and IP address and no other
Possible solutions-
Dynamic ARP inspections statically MAPS and IP address to a MAC address, any connection using the same MAC but different IP will be dropped and any connection using the same IP but different MAC will be dropped
Create an access list to permit only the desire IP address on the INGRESS port and block any other traffic to that port
Solution work flow-
Enable dynamic ARP inspection
Security -> ARP inspection -> Properties -> Enable
Enable trusted interfaces - These interfaces will allow any traffic and not subject to your inspection list. Untrusted is subject to the inspect list
Security -> ARP Inspection -> Interface Settings -> Edit interfaces as desired
Build your inspection table
Security -> ARP inspection -> ARP access control -> Add ->
-Control name is an arbitrary value, it is a description
-IP address is the IP you want in the database
-MAC address is the binding to the IP address for the switch to look up in the data
If DAI is too stringent for you, you may create an access list as an alternative solution
Access Control -> IPV4 based ACL -> Add
-ACL Name is what you want to call it, a description -> Apply
Next define the access list by going to IPV4 ACE bu click IPV4-based ACE -> Add
-Priority is an ordering system, you should structure your rules in an order for the switch to look up the rules
-Action permit or deny, in your case you want to permit
-Protocol will be IP (all traffic)
-Source IP address will be your host connection 100.100.12.34
-Wildcard mask will be 0.0.0.0 (this is a single host wild card)
-Destination will be Any
Click apply
Once the access list is built, it then gets bound to an interface. The interface must be the interface where the traffic goes to and not leaving
Access Control -> ACL Binding (port)
-Check box for the port your customer/client connects
-Interface is where the customer/client connects to the switch
-Check box for Select IPV4-Based ACL
-Default action is Deny Any
-Apply
With this completed correctly, only your IP for all traffic will connect to that port and any other IP will not be allowed, will discard if connection through that same port.
-Tom
Please mark answered for helpful posts

Networking Best Practices - Connecting Two Switches

Connecting two switches together is an easy task, which makes it so frustrating when it doesn’t work. Here we will outline a basic scenario of connecting two switches and achieving connectivity. In these scenarios we will be using commands and settings that will work for most modern PowerConnect switches. However this does not cover all possible scenarios and the commands may differ slightly from switch to switch.
For instance, in most cases you can use General or Trunk mode when connecting two switches. However, on the PowerConnect 62xx series switches, you must use General mode if you want to allow management traffic onto the switch over the PVID. If you use Trunk mode, you will not have the default VLAN on those ports. The ports will only allow tagged traffic.
For more details on the difference between Access, General, and Trunk modes, follow this link.
http://en.community.dell.com/support-forums/network-switches/f/866/p/19445142/20089157.aspx#20089157
It is always a good idea to have the user and CLI guide for your switch, to reference any possible changes in command syntax.
http://support.dell.com/support/edocs/network/
Layer 2
Layer 2 switches operate at the data link layer of the OSI model. Layer 2 is responsible for error checking and transmitting data across the physical media. MAC addressing sources and destination protocols are layer 2 protocols. Layer 2 switches use the MAC address of data packets to determine where those packets should go. It learns the MAC addresses of all devices and creates a segment/forwarding table.
When a switch receives a frame with a destination address that isn't in its forwarding table, the switch forwards the frame to all other ports. If the destination machine responds to the server, the switch will listen to the reply and learn which port the destination machine is attached to. It then adds that MAC address to the forwarding table.
The Dell PowerConnect Layer 2 switches have ports that all operate in VLAN 1 by default. If it is acceptable to have all traffic on the same broadcast domain, then you can simply leave the default alone, connect the two switches and traffic will flow.
If you do not want all traffic on the same broadcast domain, then we need to look at adding additional broadcast domains through the use of VLANs.
We will use 3 VLANs for the following scenario.
VLAN 1=Management
VLAN 2=Client
VLAN 3=Server
To create these VLANs we do the following commands (VLAN 1 is already created by default)
console(config)# vlan database
console(config-vlan)# VLAN 2
console(config-vlan)# VLAN 3
console(config-vlan)# exit
We can then name the VLANs to help keep things organized.
console(config)# interface vlan 2
console(config-vlan)# name Client
console(config-vlan)# exit
console(config)# interface vlan 3
console(config-vlan)# name Server
console(config-vlan)# exit
Once we have the VLANs created we can place a device in that VLAN by placing the port it plugs into, in access mode for the specific VLAN.
So we have a workstation on port e2 we want to be placed in VLAN 2, we would issue the following commands.
console(config)# interface ethernet 1/e2
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# exit
The next port plugs into a server on port e3 we want on VLAN 3, we would issue these commands.
console(config)# interface ethernet 1/e3
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 3
console(config-if)# exit
For the ports connecting the two switches together, we place the ports in trunk mode and specify the native VLAN and allowed VLANs.
For the port e1 that connect the two switches to each other would be configured like this.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2,3 tagged
console(config-if)# switchport general pvid 1
console(config-if)# exit
Once these VLANs and port settings are made on both switches. A server connected to switch A on VLAN 3 should be able to communicate with another Server connected to switch B that is also in VLAN 3. Without the use of a router the devices in VLAN 3 will not be able to communicate with devices that are outside of their broadcast domain (i.e. VLAN 2 devices could not reach VLAN 3 devices)
Layer 3 + Layer 2
Until recently, routers were the only devices capable of layer 3 protocols. Switches capable of routing are now available and in widespread use. In most cases we will connect our layer 2 switches to a Layer 3 capable switch to perform our routing for us.
On the layer 3 switches we will use the same VLANs and setup that we did with the layer 2 switches. Then we will add to the configuration.
We can assign an IP address to each switch with the following command.
Switch A
console(config)#ip address 172.16.1.1 255.255.255.0
Switch B
console(config)#ip address 172.16.2.1 255.255.255.0
Then we will enable routing only on Switch A
console(config)# ip routing
Switch A we assign an IP address to VLAN 2 and enabling routing on the VLAN.
console(config)# interface vlan 2
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.20.1 255.255.255.0
console(config-if-vlan2)# exit
Switch A we assign an IP address to VLAN 3 and enabling routing on the VLAN.
console(config)# interface vlan 3
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.30.1 255.255.255.0
console(config-if-vlan2)# exit
On both switch A and switch B we will keep things simple and use interface 1/e1 for the connection between each switch. Setting both switches 1/e1 to general mode, allowing the additional VLAN 2,3, and keeping the PVID of 1.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2,3 tagged
console(config-if)# switchport general pvid 1
console(config-if)# exit
We will have one client computer connect to switch A on port 1/e2 and one client connect to switch B on port 1/e2. These ports will be in access mode for VLAN 2, and the config should look like this on both switches.
console(config)# interface ethernet 1/e2
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# exit
We will have another client computer connect to switch A on port 1/e3 and one client connect to switch B on port 1/e3. These ports will be in access mode for VLAN 3, and the config should look like this on both switches.
console(config)# interface ethernet 1/e3
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 3
console(config-if)# exit
On Clients connected to Switch A we will assign an IP address and gateway based on the VLAN they are in access mode for.
Client connected to access port for VLAN 2.
IP Address:172.16.20.11
Default Gateway:172.16.20.1
Client connected to access port for VLAN 3.
IP Address:172.16.30.11
Default Gateway:172.16.30.1
On Clients connected to Switch B we will assign an IP address and gateway based on the VLAN they are in access mode for.
Client connected to access port for VLAN 2.
IP Address:172.16.20.12
Default Gateway:172.16.20.1
Client connected to access port for VLAN 3.
IP Address:172.16.30.12
Default Gateway:172.16.30.1
External Connection
At some point we may want traffic to have an external connection. To do this we can create a new VLAN for our point to point connection from Switch A to our router. We will use VLAN 7 for this and assign an IP address.
console(config)# vlan database
console(config-vlan)# VLAN 7
console(config-vlan)# exit
console(config)# interface vlan 7
console(config-vlan)# name WAN
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 10.10.10.2 255.255.255.0
console(config-if-vlan2)# exit
On our router we will assign an IP address of 10.10.10.1
Then place the port connecting the switch and router into access mode for VLAN 7. In this case we use port e4.
console(config)# interface ethernet 1/e4
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 7
console(config-if)# exit
We will then need to put in a default route with the next hop as the router IP address. This allows the switch to know where to route traffic not destined for VLANs 2, 3, or 7.
console(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
Next on the router we’ll need to add a route back so the router knows about the networks attached to switch A. Generally adding a static route on most routers is done with the following command:
ip route {Network} {Wildcard Mask} {Next Hop-IP}
In our case here are the 2 static routes we could use.
Ip route 172.16.20.0 0.0.0.255 10.10.10.2
Ip route 172.16.30.0 0.0.0.255 10.10.10.2
The routing that we enabled on Switch A will enable traffic from the other VLANs to traverse over port 1/e4 to the router, connecting us to external traffic. The routes we added to the router allow the traffic to flow back to the switch over port 1/e4.
Layer 3 + Layer 3
In some situations we have two switches, each setup to route for its own broadcast domain, which we want to connect together. In this situation we no longer have a need to use Trunk or General mode between the switches. Instead we can create a common VLAN that will be used for the connection between the two switches.
To create this VLAN we will run the following commands on both switch A and B
console(config)# vlan database
console(config-vlan)# vlan 6
console(config-vlan)# exit
console(config)# interface vlan 6
console(config-vlan)# name Connection
console(config-vlan)# exit
On switch A we assign an IP address to VLAN 6 and enable routing on the VLAN.
console(config)# interface vlan 6
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.60.1 255.255.255.0
console(config-if-vlan2)# exit
On switch B we assign an IP address to VLAN 6 and enable routing on the VLAN.
console(config)# interface vlan 6
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.60.2 255.255.255.0
console(config-if-vlan2)# exit
On both switch A and B we place the connecting ports into Access mode for VLAN 6.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 6
console(config-if)# exit
We then need to make some changes to switch B now that it is layer 3 and not layer 2 and has its own broadcast domain.
We will enable routing on Switch B
console(config)# ip routing
What used to be VLAN 2 and 3 will now be VLAN 4 and 5 for our separate broadcast domains.
Switch B we assign an IP address to VLAN 4 and enabling routing on the VLAN.
console(config)# interface vlan 4
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.40.1 255.255.255.0
console(config-if-vlan2)# exit
Switch B we assign an IP address to VLAN 5 and enabling routing on the VLAN.
console(config)# interface vlan 5
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.50.1 255.255.255.0
console(config-if-vlan2)# exit
On Clients connected to Switch B we will assign an IP address and gateway based on the VLAN they are in access mode for.
Client connected to access port for VLAN 4.
IP Address:172.16.40.11
Default Gateway:172.16.40.1
Client connected to access port for VLAN 5.
IP Address:172.16.50.11
Default Gateway:172.16.50.1
The end result should look like this.
Troubleshooting
If we are having issues with connectivity, we may need to place some static routes in place to help traffic to the next hop in the network.
On switch A we configure a static route to help traffic to the next hop in the network, which is the router.
console(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1
The external router will also need a path defined back to all networks/VLANs.
To check the status of a port we can use the command. Show interfaces detail, this will help us see the port status. For example to check the status of port 48, we would run this command.
console# show interfaces detail ethernet 1/g48
To check routing paths:
console# show ip route
The IP address of the network for each VLAN should be listed as C – Connected. Then also a path or default route to your upstream router.
We can use basic ping commands from a client to help test where connectivity is dropping off at. By doing this we can narrow down where in the network to start troubleshooting.
-Ping from client to default gateway, being the VLAN the client is in access mode for. If this fails then we may need to double check our client settings making sure the proper IP and gateway are being used.
-Ping from client to the ip address of the switch the client plugs into. If this fails we may not have VLAN routing enabled on the VLAN the client is in.
-Ping from client to another client on same VLAN, same switch. If this fails we need to check on client settings, IP address and gateway.
-ping from client to another client on different VLAN, same switch. If this fails we need to double check the VLAN routing commands are in place.
-ping from client to the ip address of the next switch in the network. If this fails then check Trunk port configuration from switch to switch, ensuring the VLAN is added to the Trunk port.
-ping from client to another client on same VLAN, different switch. If this fails, check Trunk port settings.
-ping from client to another client on different VLAN, different switch. If this fails then check trunk settings and VLAN routing configuration.

Derek,
I tried to draw my prefered setup for this network configuration.
I would create a Team with the two 1 GBit NICs and use it for Domain, DNS, Backup and any SystemCenter Agents.
I would also Team the two 10 GBit NICs and than assign it to a Hyper-V Switch for the VMs. In Windows Server 2012 it is posible to create vNICs for the Management OS that use this Hyper-V Switch (Converged Network Design). I would create two vNICs SMB1
and SMB2 to use them for Cluster and Livemigration traffic with SMB Multichannel. If your storage system supports SMB Multichannel you can also use both as storage NICs (but this depends wich vendor you have).
Hope this helps.
Grüße/Regards Carsten Rachfahl | MVP Virtual Machine | MCT | MCITP | MCSA | CCA | Husband and Papa |
www.hyper-v-server.de | First German Gold Virtualisation Kompetenz Partner ---- If my answer is helpful please mark it as answer or press the green arrow.

Handling Invalid character.

Hello All
My message mapping is failing because of an invalid character and gives the following Exception
com.sap.aii.utilxi.misc.api.BaseRuntimeException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: Invalid char #0x1a(:main:, row:1, col:1496905) at com.sap.aii.mappingtool.tf3.Transformer.checkParserException
Upon Investigation i found that the "char #0x1a" is an EndOfFile(EOF) character and on the browser this character looks like ' ' . Is there a way by which i can just ignore this character so that that mapping does not fail.
Please suggest.
regards
Nilesh Taunk.

Hi Taunk
The following informatio may help you
File Sender: Special Characters in File Names
o Q: I am trying to get the File Adapter to poll a file, which
contains special characters (e.g., accented characters or umlauts)
in its file name. However, irrespectively of the wildcard mask I
specify in the File Adapter sender channel configuration, the file
does not get picked up. Which configuration setting do I need to
change to get my scenario working?
o A: Under certain operating system platforms, such as Solaris, the
APIs used by the Java Runtime (JRE) are not Unicode-aware.
Consequently, the JRE needs to be configured to correctly interpret
the character set it receives from the operating system.
This is configured through the "file.encoding" system property as
well as the "LANG" environment variable.
Make sure you set "file.encoding" to a character set (such as
ISO-8859-1) that supports the special characters you would like to
process. This system property can be configured by appending
"-Dfile.encoding=<encoding>" to the Java VM parameters section of
the SAP J2EE Config Tool.
Additionally, you need to set the "LANG" environment variable to a
locale that supports more than 7 bits, such as "de.ISO8859-1". The
encoding you specify in the LANG environment variable needs to
match the encoding set via "file.encoding".
You can persistently configure the environment variable by setting
it in the profile $HOME/.sapenv_$HOSTNAME.csh of the <sid>adm user:
setenv LANG de.ISO8859-1
Warm Regards,
Vijay

ACL-list syntax error in PIX after upgrade, need urgent help!

Hello everyone
We have a setup including Cisco ACS + a VPN 3005 Concentrator and a PIX 515E (7.2.4)
We upgraded the PIX version from 7.0 to 7.2.4 and suddenly our downloadable access-list was getting refused when users authenticated against the ACS.
When debuging radius in the PIX we found that entering this line in the downloadable access-list give error and stop the users of getting the ACL.
"deny ip any 192.168.0.0 0.0.255.255"
PIX refused to process their auth request when encountering this line.
Fine we said, we changed the ACL syntax to this : deny ip any 192.168.0.0 255.255.0.0
This made the PIX process the ACL.
We were happy for awhile until VPN users started to complain.
It seems that the VPN 3005 cant deal with the syntax we entered in the PIX!
The VPN 3005 doesnt seem to be able to handle the acl line "deny ip any 192.168.0.0 255.255.0.0" !
It can only handle "deny ip any 192.168.0.0 0.0.255.255" !
Which the PIX cant handle..
I'm a loss at what to do here..
We got VPN users who cant surf now with these ACL problems.
What can I do? Anyone else encountered this?
We upgraded the VPN 3005 to the lastest SW version
Really need some help here guys!
Thanks

I don't think Cisco ever changed anything on the PIX. It uses subnet masks from day one AFAIK and VPN Conc uses wildcard masks like IOS. You can use the acl-netmask-convert command on the ASA to fix this issue. This way you define a willdcard ACL on the ACS/AAA server and then use this command on the ASA to use the same downloadable ACL for both devices (PIX,VPNC).
http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/a2.html#wp1622944
Please Rate if helpful.
Regards
Farrukh

In the OSPF routing, Why can't use the command "no auto-summary"?

Hello
I will post the article here because this question.
The question for OSPF.
Am I more than trying a variety of routing's a wonder suddenly become, OSPF is why there is no "no auto-summary" of commands like protocols such as RIP and EIGRP?
It's strange grammar?
Yes, using the Google Translator.
Please consider it.

ckfurtn01,
By default, RIP and EIGRP summarize networks to their classful boundaries. No auto-summary disables that feature.
In OSPF, we need to configure wildcard masks to identify our networks. For example, in EIGRP network 10.1.1.0/24, with auto-summary enabled, will advertise a 10.0.0.0/8 network. In OSPF, to identify the same 10.1.1.0/24 network we would advertise 10.1.1.0 0.0.0.255 area X. If we wanted to do the classful boundary then it would be 10.0.0.0 0.255.255.255 area X.
OSPF, in short, does not perform auto-summarization so it is not a needed command. Hope this helps.
v/r
Mike

Wildcard mask calculation

Similar Messages

Maybe you are looking for