Search Results

Search found 421 results on 17 pages for 'vlan'.

Page 1/17 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Cisco vlan entry missing in vlan.dat, but appears in running-config

    - by nLinked
    One of our vlan's (ID: 104) stopped working suddenly and computers on that vlan failed when trying to obtain a dhcp ip address. On the Cisco switch if we do show vlan, this command is supposed to shows the vlans in the vlan.dat file. We notice it has every other vlan except the one that is now missing. If we show the running-config or even the startup config, they DO show the missing vlan (as if everything is fine), but that vlan doesn't take effect. We tried deleting the "missing" vlan using clear vlan 104, but it says No subinterface configured for vLAN Identifier 104, so it's already missing. Recreating the vlan, saving and rebooting still doesn't add it into the vlan.dat or make the vlan work. The switch is in vtp server mode. Our startup config is here: http://pastebin.com/RHxxTG5p Any ideas appreciated.

    Read the article

  • Unable to access VLAN host from VLAN interface in CentOS

    - by Amrit
    I am playing with VLAN (Virtual LAN) configuration on CentOS 6.4. I have 2 interfaces, eth0 and eth1. I have configured 2 VLAN interfaces eth0.20 and eth0.30 as #file: ifcfg-eth0.20 #------------- VLAN=yes DEVICE=eth0.20 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=192.168.20.1 GATEWAY=192.168.20.1 NETMASK=255.255.255.0 USERCTL=no #file: ifcfg-eth0.30 #------------- VLAN=yes DEVICE=eth0.30 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=192.168.30.1 GATEWAY=192.168.30.1 NETMASK=255.255.255.0 USERCTL=no Then connected a desktop to interface eth0 port using LAN cable and assigned 192.168.30.2/24 IP. When I try to ping 192.168.30.1 from 192.168.30.2 machine, It shows destination host unreachable. I am also not able to ping 192.168.130.2 from 192.168.30.1. However ping -I eth0 192.168.30.2 works fine. Any pointers?

    Read the article

  • No Internet for Created VLan on Cisco CE500

    - by Jennifer
    I'm new here and also with networking but i can't set internet conection for some vlan created. I have a Cisco CE500 switch and created 4 vlans define by the roles in the switch. Vlan 2: Servers (role) (port 3-4) Vlan 3: Desktop (role) (port 5-8) Vlan 4: Guest (role) (port 9-12) Vlan 1 is default, Connect to the ADSL Modem/Router Port 2 assign to the Router Role (vlan 1) The switch is connected on port2 the ADSL Modem (DHCP) 192.168.2.254 The goal is: All Vlan should have internet connection. Vlan 2 and 3 should see each other but not Vlan 4 I can enter the switch CLI but dont know which command to enter. Thanks 4 ur time and replies Jennifer

    Read the article

  • Multiple vlan issue with procurve switch

    - by Chris-AZ
    I have a cisco asa5505 as my rtr/fw(10.1.3.254). I have vlan 1 and vlan 3. Vlan 1 is my default all access vlan. Vlan 3 is my Guest(dmz) vlan. I can't seem to get a dhcp ip address when my laptop is plugged into port 42 on my procurve. I have plugged my laptop directly into the firewall and it gets a dhcp ip fine(the firewall is dhcp server). the firewall is plugged into port 41. Only vlan3 needs to go over port 41. I'm sure I have a bonehead config problem however I'm about ready to pull out what little hair I have left. vlan 1 name "Computers" forbid 45 untagged 1-41,43-44 ip helper-address 10.1.1.16 ip address 10.1.1.1 255.255.255.0 tagged 46-48 no untagged 42,45 exit vlan 3 name "Guest Wireless" ip helper-address 10.1.3.254 ip address 10.1.3.1 255.255.255.0 tagged 41-42,44-48 exit

    Read the article

  • Procurve Primary VLAN

    - by fukawi2
    I'm trying to depreciate usage of VLAN 1 on my ProCurve switches; 1 is unused. I understand that VLAN 1 must exist, but I want to remove it from all ports, especially trunks between switches. The problem I have is that stacking does not seem to work without VLAN 1. I have changed the primary VLAN and management VLAN on all the switches: (config)# primary-vlan 42 (config)# management-vlan 42 (config)# no vlan 1 untagged 25 Port 25 is the link between the 2 switches I'm testing with; the stack master and a member switch; I only want tagged traffic between the switches, no untagged frames. show stacking on the master shows all members as "UP" but I can not telnet any of them: Telnet failed: Connection timed out. All switches have manually assigned (static) IP addresses on VLAN 42, and all exist in the same /25 subnet, as does my desktop. I can telnet the switches directly from my desktop to the individual switch IP addresses, just not from the master switch. Do I need to reboot the switches to have the primary-vlan change take effect? Or is there something else I'm missing?

    Read the article

  • VLAN Tagging Traffic on Cisco Switch

    - by David W
    I have a situation where I'm setting up multiple VLANS on a pfSense firewall on the same physical interface for a client. So in pfSense, I now have VLAN 100 (employees) and VLAN 200 (students - student computer lab). Downstream from pfSense, I have a Cisco SG200 switch, and coming off of the SG200 is the student lab (running on a Catalyst 2950. Yes, that's old, but it works, and this is a poor nonprofit we're talking about). What I'd like to do is tag everything on the network as VLAN 100, except for the student computer lab. Earlier today when I was on-site with the client, I went into to the old Catalyst 2950, and assigned all of its ports to access VLAN 200 (switchport mode access vlan 200) without setting up a trunk on the Catalyst or on the SG200. Looking back on it, I now understand why internet in the lab broke. I reverted the lab back to the default VLAN1 (we're still running on a different firewall - we haven't deployed pfSense -, and the traffic is still separated physically). So my question is, what do I need to do in order to properly deploy this scenario? I believe the correct answer is: Ensure VLANs 100 and 200 are setup in pfSense, and that DHCP is operating correctly (on separate subnets) Setup a trunkport VLAN that allows both 100 & 200 traffic, and plug that port directly into pfSense. Setup a VLAN 200 trunkport on the SG200 (It's not running iOS, but if it were, the command would be switchport trunk native vlan 200), which will then plug into the Catalyst 2950. Setup a VLAN 200 trunkport on the Catalyst 2950 (that is plugged into the SG200 VLAN200 port with the same command - switchport trunk native vlan 200) Setup the rest of the ports on the old Catalyst 2950 in the lab to be access ports on VLAN200. Is there anything that I'm missing, or do I need to tweak any of these steps, in order to properly segment the network traffic?

    Read the article

  • VLAN for WiFi traffic separation (new to VLANing)

    - by Philip
    I run a school network with switches in different departments. All is routed through to a central switch to access the servers. I would like to install WiFi access points in the different departments and have this routed through the firewall (an Untangle box that can captive-portal the traffic, to provide authentication) before it gets onto the LAN or to the Internet. I know that the ports that the APs connect to on the relevant switches need to be set to a different VLAN. My question is how do I configure these ports. Which are tagged? Which are untagged? I obviously don't want to interrupt normal network traffic. Am I correct in saying: The majority of the ports should be UNTAGGED VLAN 1? Those that have WiFi APs attached should be UNTAGGED VLAN 2 (only) The uplinks to the central switch should be TAGGED VLAN 1 and TAGGED VLAN 2 The central switch's incoming ports from the outlying switches should also be TAGGED VLAN 1 and TAGGED VLAN 2 There will be two links to the firewall (each on its own NIC), one UNTAGGED VLAN 1 (for normal internet access traffic) and one UNTAGGED VLAN 2 (for captive portal authentication). This does mean that all wireless traffic will be routed over a single NIC which will also up the workload for the firewall. At this stage, I'm not concerned about that load.

    Read the article

  • PowerConnect 2848 , vlan configuration with AP

    - by Francesco
    I need to configure two vlan on an AP connected with a Dell PowerConnect 2848. The first one is up and running (let's say vlan x) , the second one is a completely different network (vlan y) , provided by a Gateway-DHCP wich i have no access, directely Patched (via patch panel) at a secondo AP device. So i cannot just plug this Gateway device on my switch without tagging traffic before, for DHCP collion . I have to solve this problem. I was thinking about tagging the traffic at the port wich I will connect the gateway device with vlan y and then set as trunk (vlanx+y) the AP port. In this way I hope to limit the vlan y traffic ONLY for the ports I selected avoiding the spread of unwanted dhcp calls. But all other ports are Unassigned , so I am not sure they won't forward dhcp (vlan y) traffic. I cannot change the Unassigned state for the vlan x ports cause vlanx is native.

    Read the article

  • OpenVZ with brdiged interfaces and VLAN

    - by Deimosfr
    Hi, I've got a problem with OpenVZ with brdiged VLAN. Here is my configuration : +------+ +-------+ +-----------+ +---------+ br0 |VE101 | | | | OpenBSD |----->| Debian |------->| | | WAN |--->| Router | | OpenVZ | +------+ | | | Firewall |----->| br0 br1 | br1 +------+ +-------+ +-----------+ +---------+------->|VE102 | |br0 | | |VLAN br0.110 +------+ v +---------+ |VE103.110| +---------+ I can't make VLAN working on br0 (br0.110) and I would like to understand why. I don't have any switch so no problem with unmanageable switch. I've configured a VLAN interface on OpenBSD in /etc/hostname.vlan110 : inet 192.168.110.254 255.255.255.0 NONE vlan 110 vlandev sis1 And it seams working fine. I've also adapted my PF configuration to work with VLAN but I don't see any incoming traffic. On my Debian lenny, here is my interfaces configuration : # The loopback network interface auto lo iface lo inet loopback # br0 auto br0 iface br0 inet static address 192.168.100.1 netmask 255.255.255.0 gateway 192.168.100.254 network 192.168.100.0 broadcast 192.168.100.255 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off # VLAN 110 auto br0.110 iface br0.110 inet static address 192.168.110.1 netmask 255.255.255.0 network 192.168.110.0 gateway 192.168.110.254 broadcast 192.168.110.255 pre-up vconfig add br0 110 post-down vconfig rem br0.110 It looks like ok, but when I start my VE, here is the message : ... Configure veth devices: veth103.0 Adding interface veth103.0 to bridge br0.110 on CT0 for VE103 can't add veth103.0 to bridge br0.110: Operation not supported VE start in progress... So I've got one error here. I've followed this documentation http://wiki.openvz.org/VLAN but it doesn't work. I've certainly missed something but I don't know why. Someone could help me please ? Thanks

    Read the article

  • OpenVZ with bridged interfaces and VLAN

    - by Deimosfr
    Hi, I've got a problem with OpenVZ with bridged VLAN. Here is my configuration: +------+ +-------+ +-----------+ +---------+ br0 |VE101 | | | | OpenBSD |----->| Debian |------->| | | WAN |--->| Router | | OpenVZ | +------+ | | | Firewall |----->| br0 br1 | br1 +------+ +-------+ +-----------+ +---------+------->|VE102 | |br0 | | |VLAN br0.110 +------+ v +---------+ |VE103.110| +---------+ I can't make VLAN work on br0 (br0.110) and I would like to understand why. I don't have any switch so no problem with unmanageable switch. I've configured a VLAN interface on OpenBSD in /etc/hostname.vlan110: inet 192.168.110.254 255.255.255.0 NONE vlan 110 vlandev sis1 And it seems to be working fine. I've also adapted my PF configuration to work with VLAN but I don't see any incoming traffic. On my Debian Lenny, here is my interfaces configuration : # The loopback network interface auto lo iface lo inet loopback # br0 auto br0 iface br0 inet static address 192.168.100.1 netmask 255.255.255.0 gateway 192.168.100.254 network 192.168.100.0 broadcast 192.168.100.255 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off # VLAN 110 auto br0.110 iface br0.110 inet static address 192.168.110.1 netmask 255.255.255.0 network 192.168.110.0 gateway 192.168.110.254 broadcast 192.168.110.255 pre-up vconfig add br0 110 post-down vconfig rem br0.110 It looks OK, but when I start my VE, here is the message: ... Configure veth devices: veth103.0 Adding interface veth103.0 to bridge br0.110 on CT0 for VE103 can't add veth103.0 to bridge br0.110: Operation not supported VE start in progress... So I've got one error here. I've followed this documentation http://wiki.openvz.org/VLAN but it doesn't work. I've certainly missed something but I don't know why. Someone could help me please? Thanks

    Read the article

  • VLAN Through Switch Doesn't Work

    - by vcsjones
    I have the following scenario: I have a Cisco Aironet 1040 access point. I have it configured with two SSIDs, each going to a different VLAN. So: SSID internal : VLAN 90 SSID guest : VLAN 70 On the router side, I have a Cisco RV220W (with the radios now turned off) and have setup VLANs with like VLAN IDs. VLAN 90 : 192.168.90.0/24 VLAN 70 : 192.168.70.0/24 As far as DHCP is concerned, each VLAN has a "DHCP Server" in the router's configuration: So with the access point connected directly to the router, everything works great. I connect to the internal network, and I get a 192.168.90.x address, and the guest network gets a 70.xxx address. Next I introduced a Cisco SG200-50 PoE switch between the router and the access point. The port is configured as a trunk port, so the VLAN tags should go right through the switch back to the router. However, when something is connected to the access point, nothing works. It isn't able to get an IP address, and manually assigning one doesn't seem to let any traffic route. Given that the access point works correctly when connected to the router directly, I believe the switch is misconfigured. What am I missing here? What can I use to better diagnose what the problem might be? It's small business equipment, so CLI access is not available. Below are screenshots of the switch's config. The access point is connected to GE2.

    Read the article

  • Configuring VLAN's on two HP procurve switches

    - by pan
    Trying to route a new ISP (Microwave link) from one of my out buildings to my computer room and hence my firewall. Old ISP came direct into firewall. In the outbuilding the Microwave modem connects with cat5 to HP Procurve 2524 switch. Because this ISP is coming through my internal network, I plan on using a new vlan called "airspeed" only for this ISP traffic. Up until now I've just been using the Default_vlan on both HP switches (4108 + 2524). So far I've been unable to ping from my laptop to the ISP modem both of which are on the new vlan 2 ("Airspeed"). No traffic needs to cross from vlan 2 to vlan 1 so I've left the ports as untagged. I've used the subnet provide from my ISP as the new vlan 2 subnet. Can anybody see what I'm doing wrong here? I've added the configuration of both switch below. Rough diagram: Microwave modem (Gateway IP 77.75.00.49) | HP 2524 switch (port 24) | HP 2524 switch fibre link | HP 4108GL switch fibre link | HP 4108GL switch (port D1) | Laptop configured with IP 77.75.00.50 (for testing but will be connected to firewall) And my 4108GL config: ; J4865A Configuration Editor; Created on release #G.07.21 hostname "HP ProCurve Switch 4108GL" cdp run module 1 type J4864A module 2 type J4862B module 3 type J4862B module 4 type J4862B ip default-gateway 128.1.146.50 snmp-server community "public" Unrestricted snmp-server host 128.1.146.51 "public" Not-INFO snmp-server host 128.1.146.38 "public" vlan 1 name "DEFAULT_VLAN" untagged A1-A3,B1-B24,C1-C24,D2-D24 ip address 128.1.146.203 255.255.0.0 no untagged D1 exit vlan 2 name "Airspeed" untagged D1 ip address 77.75.00.51 255.255.255.248 exit Finally my 2524 config: ; J4813A Configuration Editor; Created on release #F.04.08 hostname "HP ProCurve Switch 2524" cdp run ip default-gateway 0.0.0.0 snmp-server community "public" Unrestricted snmp-server host 128.1.146.51 "public" Not-INFO snmp-server host 128.1.146.51 "public" snmp-server host 128.1.146.38 "public" vlan 1 name "DEFAULT_VLAN" untagged 1-23,25-26 no untagged 24 ip address 128.1.146.204 255.255.0.0 exit vlan 2 name "Airspeed" untagged 24 ip address 77.75.00.51 255.255.255.248 exit no aaa port-access authenticator active

    Read the article

  • Multiple vlans access to shared pbx system

    - by Matt
    I'm new to networking and was looking for some assistance. First off I'm using packet tracer to diagram my scenario as I will be receiving my equipment next week to deploy. Hardware to be used: 2 catalyst 3560 switches all connect to a sonic wall router I have two companies that work in the same office space. I need to keep these companies separate on their own vlan. They will however need to share the phone system. (Packet tracer file uploaded to give those who have the time to see what I put together.) http://dl.dropbox.com/u/86234623/network%20build.pkt Here is my current test scenario: on switch 0 I have: company A on vlan 2 computers 172.16.1.100 and 101 255.255.0.0 FA0/10 FA0/11 company B on vlan 3 computers 172.16.2.102, 255.255.0.0 FA0/12 PBX on a trunk port 172.16.0.5, 255.255.0.0 FA0/5 trunk port on FA0/1 to connect the switches on switch 1 I have: company A on vlan 2 computers 172.16.1.102, 255.255.0.0 company B on vlan 3 computers 172.16.2.100 and 101, 255.255.0.0 trunk port on FA0/1 to connect the switches I can ping the respective computers on the same vlan but cant ping company A to B which is what I want. However neither company can talk (ping) the PBX. Here are the commands I used to configure what I have: switch 0 en conf t vlan 2 name A vlan 3 name B int fa0/10 switchport mode access switchport access vlan 2 int fa0/11 switchport mode access switchport access vlan 2 int fa0/12 switchport mode access switchport access vlan 3 int fa0/5 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1-3 int fa0/1 (to connect the switches) switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1-3 Switch 1 en conf t vlan 2 name A vlan 3 name B int fa0/10 switchport mode access switchport access vlan 3 int fa0/11 switchport mode access switchport access vlan 3 int fa0/12 switchport mode access switchport access vlan 2 int fa0/1 (to connect the switches) switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 1-3

    Read the article

  • VLAN with trunk to avoid broadcast storm in a network with redundant paths

    - by liv2hak
    I have 6 Juniper switches (EX - 2200) connected to each other as shown in the network topology. I have two PC's that I am using PC1 - (used for configuring the 6 switches via minicom) PC2 - to monitor the traffic between the switches via the Ports that are marked with arrows in the diagram. STEP 1: I create a new vlan On Switch 3 (SW3) that includes Port 12 and Port 22. I also assign l3-interface to the vlan (vlan_2) with ip address - 192.168.1.7. Now I plug-in Port 0 of Switch 3 on PC2. Now I try pinging 192.168.1.7 from PC2 (192.168.1.10) I want to know what will happen? My postulation is that I will not be able to ping SW3 from PC2.This is because SW3 (Port 12 and Port 22) is a part of a vlan_2 and vlan_2 logically breaks up broadcast domains and so 192.168.1.7 will not be reachable from 192.168.1.10. Now I have an l3-interface on SW1 with IP 192.168.1.1 using default vlan( vlan-id 0). Similarly I have enabled IP on SW2 - 192.168.1.2 SW3 - 192.168.1.3 SW4 - 192.168.1.4 SW5 - 192.168.1.5 SW6 - 192.168.1.6 all using default vlan. I create VLAN2 with the following configuration SW3 - Port 12,Port 22. SW6 - Port 14 I create VLAN3 with the following configuration SW3 - Port 0 SW6 - Port 0 I also configure a VLAN trunk between SW3 and SW6 using the following commands. edit interfaces ge-0/0/12 set unit 0 family ethernet-switching port-mode trunk edit interfaces ge-0/0/12 set unit 0 family ethernet-switching vlan members all There is a redundant path in the network as the loop between SW3 and SW6 is closed.There is no broadcast storm in the network? What is the reason for this? I have not enabled STP or RSTP.still there is no broadcast storm.what is the reason for this. (Please ignore the CISCO symbol on the switches in the diagram.All swithes are Junper EX 22-00.)

    Read the article

  • Same native and tagged vlan possible on Redhat?

    - by Chris Phillips
    Hi guys and gals, I'm looking at implementing a systems using a number of tagged and a native vlan connected to a server over a a/p bonded interface. The untagged vlan is for physical machine access, the tagged vlans are connected to bridges and then to QEMU VM's inside the machine. Hopefully this plan is fine, but I'm trying to implement a crippled version of this in a dev environment due to a lack of underlying network config in this location where I just have the same single vlan delivered to the machine on a tag AND plain. I'm nto clear if this is going to work (and that I should just be confident that it will work using different vlans) as I'm seeing odd things like a vm is arping out over the vlan out to the core switch, but the arp reply is coming back on the untagged interface. Now an ARP reply is unicast right? So it's a deliberate thing to send the ARP response on the untagged interface, and not a case that a broadcast response isn't being passed on the tagged side... i.e. there's some underlying logic pushing it that way. Something about the MACs somehow? This is on a CentOS 5.5 machine, vlan's from vconfig. (I've seen reference to the Linux mac-vlan project work, but that's not available here by default.) so 1) Should having the SAME vlan tagged and untagged work? 2) Will different tagged vlans to the untagged interface work nice and easily?

    Read the article

  • VLAN ID 4095 for guest VLAN tagging

    - by user121282
    Just want to know if it's true that if you use the VLAN ID 4095 for guest VLAN tagging, then vMotion will not work correctly as there is nowhere to pass back the reverse arp to? So, the problem we have noticed is when we have vmotioned VM's that are tagged on our trunk network, you cannot ping them from anywhere between 30-300 seconds. The hosts don't know which VLAN the guest is on. Is this right and also the correct behaviour? Thanks

    Read the article

  • Cisco 891w multiple VLAN configuration

    - by Jessica
    I'm having trouble getting my guest network up. I have VLAN 1 that contains all our network resources (servers, desktops, printers, etc). I have the wireless configured to use VLAN1 but authenticate with wpa2 enterprise. The guest network I just wanted to be open or configured with a simple WPA2 personal password on it's own VLAN2. I've looked at tons of documentation and it should be working but I can't even authenticate on the guest network! I've posted this on cisco's support forum a week ago but no one has really responded. I could really use some help. So if anyone could take a look at the configurations I posted and steer me in the right direction I would be extremely grateful. Thank you! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ESI ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local ! ! ! ! ! aaa session-id common ! ! ! clock timezone EST -5 clock summer-time EDT recurring service-module wlan-ap 0 bootimage autonomous ! crypto pki trustpoint TP-self-signed-3369945891 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3369945891 revocation-check none rsakeypair TP-self-signed-3369945891 ! ! crypto pki certificate chain TP-self-signed-3369945891 certificate self-signed 01 (cert is here) quit ip source-route ! ! ip dhcp excluded-address 192.168.1.1 ip dhcp excluded-address 192.168.1.5 ip dhcp excluded-address 192.168.1.2 ip dhcp excluded-address 192.168.1.200 192.168.1.210 ip dhcp excluded-address 192.168.1.6 ip dhcp excluded-address 192.168.1.8 ip dhcp excluded-address 192.168.3.1 ! ip dhcp pool ccp-pool import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 10.171.12.5 10.171.12.37 lease 0 2 ! ip dhcp pool guest import all network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server 10.171.12.5 10.171.12.37 ! ! ip cef no ip domain lookup no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO891W-AGN-A-K9 sn FTX153085WL ! ! username ESIadmin privilege 15 secret 5 $1$g1..$JSZ0qxljZAgJJIk/anDu51 username user1 password 0 pass ! ! ! class-map type inspect match-any ccp-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all ccp-insp-traffic match class-map ccp-cls-insp-traffic class-map type inspect match-any ccp-cls-icmp-access match protocol icmp class-map type inspect match-all ccp-invalid-src match access-group 100 class-map type inspect match-all ccp-icmp-access match class-map ccp-cls-icmp-access class-map type inspect match-all ccp-protocol-http match protocol http ! ! policy-map type inspect ccp-permit-icmpreply class type inspect ccp-icmp-access inspect class class-default pass policy-map type inspect ccp-inspect class type inspect ccp-invalid-src drop log class type inspect ccp-protocol-http inspect class type inspect ccp-insp-traffic inspect class class-default drop policy-map type inspect ccp-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security ccp-zp-self-out source self destination out-zone service-policy type inspect ccp-permit-icmpreply zone-pair security ccp-zp-in-out source in-zone destination out-zone service-policy type inspect ccp-inspect zone-pair security ccp-zp-out-self source out-zone destination self service-policy type inspect ccp-permit ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group 3000client key 67Nif8LLmqP_ dns 10.171.12.37 10.171.12.5 pool dynpool acl 101 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address initiate crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! ! interface FastEthernet0 ! ! interface FastEthernet1 ! ! interface FastEthernet2 ! ! interface FastEthernet3 ! ! interface FastEthernet4 ! ! interface FastEthernet5 ! ! interface FastEthernet6 ! ! interface FastEthernet7 ! ! interface FastEthernet8 ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto ! ! interface GigabitEthernet0 description $FW_OUTSIDE$$ES_WAN$ ip address 10...* 255.255.254.0 ip nat outside ip virtual-reassembly zone-member security out-zone duplex auto speed auto crypto map clientmap ! ! interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan1 arp timeout 0 ! ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP switchport trunk allowed vlan 1-3,1002-1005 switchport mode trunk ! ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ip tcp adjust-mss 1452 crypto map clientmap ! ! interface Vlan2 description guest ip address 192.168.3.1 255.255.255.0 ip access-group 120 in ip nat inside ip virtual-reassembly zone-member security in-zone ! ! interface Async1 no ip address encapsulation slip ! ! ip local pool dynpool 192.168.1.200 192.168.1.210 ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip dns server ip nat inside source list 23 interface GigabitEthernet0 overload ip route 0.0.0.0 0.0.0.0 10.165.0.1 ! access-list 23 permit 192.168.1.0 0.0.0.255 access-list 100 remark CCP_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 10.165.0.0 0.0.1.255 any access-list 110 permit ip 192.168.0.0 0.0.5.255 any access-list 120 remark ESIGuest Restriction no cdp run ! ! ! ! ! ! control-plane ! ! alias exec dot11radio service-module wlan-ap 0 session Access point version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ESIRouter ! no logging console enable secret 5 $1$yEH5$CxI5.9ypCBa6kXrUnSuvp1 ! aaa new-model ! ! aaa group server radius rad_eap server 192.168.1.5 auth-port 1812 acct-port 1813 ! aaa group server radius rad_acct server 192.168.1.5 auth-port 1812 acct-port 1813 ! aaa authentication login eap_methods group rad_eap aaa authentication enable default line enable aaa authorization exec default local aaa authorization commands 15 default local aaa accounting network acct_methods start-stop group rad_acct ! aaa session-id common clock timezone EST -5 clock summer-time EDT recurring ip domain name ESI ! ! dot11 syslog dot11 vlan-name one vlan 1 dot11 vlan-name two vlan 2 ! dot11 ssid one vlan 1 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa version 2 accounting rad_acct ! dot11 ssid two vlan 2 authentication open guest-mode ! dot11 network-map ! ! username ESIadmin privilege 15 secret 5 $1$p02C$WVHr5yKtRtQxuFxPU8NOx. ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 1 mode ciphers aes-ccm ! broadcast-key vlan 1 change 30 ! ! ssid one ! ssid two ! antenna gain 0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown ! encryption vlan 1 mode ciphers aes-ccm ! broadcast-key vlan 1 change 30 ! ! ssid one ! antenna gain 0 dfs band 3 block channel dfs station-role root ! interface Dot11Radio1.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface GigabitEthernet0 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router no ip address no ip route-cache ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface GigabitEthernet0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 no bridge-group 2 source-learning bridge-group 2 spanning-disabled ! interface BVI1 ip address 192.168.1.2 255.255.255.0 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag access-list 10 permit 192.168.1.0 0.0.0.255 radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 key ***** bridge 1 route ip

    Read the article

  • Cisco SG200 vlan issue in ESXi VSA cluster

    - by George
    I have three Cisco SG200-26 switches, and I also have two ESXi hosts that I have connected like shown in the below "best practice" map by VMware: http://communities.vmware.com/servlet/JiveServlet/previewBody/17393-102-1-22458/VSA_networking_map.pdf Even though I created the VLANs in the SG200 and I set the two VLANs (508 and 608) as allowed for these untagged ports (where my ESX NIC's are connected), I can not ping from host 1 to host 2 when configuring the NIC's to use 608 VLAN. Am I missing something? my IP's are all in the 192.168. range, and the only reason I need the VLANs is to isolate the traffic of VSA back-end internally, only the two hosts will be using the VLANs. So I think I do not have to create virtual interfaces on my router since that's the case, is my understanding correct? Also sending my switch config screenshot below.. all 3 switches have the latest firmware (it seems these were originally linksys and got rebranded as cisco after the acquisition) http://img31.imageshack.us/img31/2503/switch.gif Any ideas what to change on the Cisco SG200 to make this work , would be appreciated! The second VLAN (608) only needs two IP's: 192.168.0.1 and 192.168.0.2 The first VLAN (508) will have about 15 IP's for ESXi Management and VSA cluster service, I could use either 192.168.1.xx or 10.0.1.xx The rest of my network (about 50 clients) is in 192.168.1.xx range VMware also states that the VLAN protocol on the physical switch must be 802.1Q, not ISL, anyone knows which of the two my SG200-26 uses? In addition to that, the only requirement from VSA is that my two hosts: -Are in the same subnet. -Have static IP addresses set. -Have the same Default Gateway configured. If I need inter-vlan routing for this, I suppose I have to create virtual interfaces on my sonicwall, and assign an IP for each VLAN, and then set routes between them? Thank you for your time!

    Read the article

  • Is there a better way to do bonded vlan tagged interfaces with XEN

    - by AJ01
    We have a number of XEN servers all running CentOS or RHEL. The VM's that they run are all required to be on their own VLAN for no other reason than the customer expects them to be. Long story short however, I can't change this right now. We are also required to have bonding enabled on the interfaces. So to accommodat this we enslave eth1 and eth2 to bond0. We then create a seperate interface called bond0.VLANID where VLANID corresponds to the correct vlan; eg ifcfg-bond0.204 DEVICE=bond0.204 BOOTPROTO=static ONBOOT=yes VLAN=yes BRIDGE=xenvlan204 Bridge to XEN As you will see, we eventually have to bridge this out to XEN, and we do this by adding another interface called xenvlan204 (in this instance) which contains; ifcfg-xenvlan204 DEVICE=xenvlan204 BOOTPROTO=none ONBOOT=yes TYPE=bridge XEN Vm Config Finally in our XEN config for each VM, we add vif = [ "bridge=xenvlan204" ] This then allows the vm host to access that particular vlan The Problem We've noticed a few problems with this setup. One being that we currently create the interfaces manually. Which means if we add more vlan enabled interfaces and bridges we usually have to restart xend which is something I'm not so hot about. Also lower level staff have their heads melted by the number of interfaces and the risk of a mistake occurring is high. Secondly, it can take sometime for a host to come up if it has a number of vlan taged interfaces. Thirdly, its just not scaling well on the management aspects The Question Is there a better more flexible way to do this (in particular with Xen that ships with centos 5.3, 5.4 and 5.5 as we have to support all three) that leverages either scripting or other solutions to allow an arbitrary amount of interfaces to be created when a vm is instanced. Your advise and expertise is more that welcomed.

    Read the article

  • connecting to server with multiple nics in other vlan

    - by Thierry
    I have a windows 2003 server with 3 nics on 3 vlan's (this is in domain 1). nic 1 has a default gateway to my router/firewall (sonicwall). In nic 2 and 3 I have left it empty, because it is advised like that everywhere. Within this domain and VLAN's 1-3 everything works fine. BUT... I have a second domain (domain 2) with a 4th Vlan (all 4 VLAN's connected to the same router/firewall) from which my clients need to access the 2003 server in domain 1 (it's my antivirus management console for both domains). when i ping the server from my vlan4 by it's FQDN, it randomly chooses ip from nic 1, 2 or 3 from my 2003 server. (logically because that server is know in DNS with it's 3 IP-addresses. And that is needed for my VLAN's 1-3) I don't really have a problem with that. BUT, I only get an answer of NIC1 (which sounds logically to me, because it's the only one with a gateway). It is not a router problem, because I'm testing in this phase and ping from vlan4 to any machine in vlan1, 2 or 3 that has 1 nic works just fine. If i add a gateway to nic2 and nic3, I get answer from all 3 nics and this works fine. But I know it's adviced to not do that. Can anyone give me advice in this particular case? Would it really be a problem to add a gateway to nic 2 and 3? They would be pointing to the same router/firewall (only with different ip-address, based on the vlan). Or is there another good solution to fix this problem? Thank's in advance, Thierry.

    Read the article

  • esx5 debian VM vlan setup

    - by Kstro21
    i have a server with ESX5, have a switch with about 20 vlans, this is how setup the trunk port interface GigabitEthernet0/1/1 description ToOper port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 14 stp disable ntdp enable ndp enable bpdu enable then, i created a standar switch(sw1) using the vSphere Client, the VLAN ID is set to All (4095), i also created a VM with Debian 6, with a NIC connected to sw1, now, i want to configure this NIC for a selected group of vlans auto vlan10 iface vlan10 inet static address 11.10.1.0 netmask 255.255.255.224 mtu 1500 vlan_raw_device eth0 auto vlan14 iface vlan14 inet static address 11.10.1.65 netmask 255.255.255.248 mtu 1500 vlan_raw_device eth0 so, when i restart the network using /etc/init.d/networking restart, i got this error Reconfiguring network interfaces...SIOCSIFADDR: No such device vlan14: ERROR while getting interface flags: No such device SIOCSIFNETMASK: No such device SIOCSIFBRDADDR: No such device vlan14: ERROR while getting interface flags: No such device SIOCSIFMTU: No such device vlan14: ERROR while getting interface flags: No such device Failed to bring up vlan14. done. this is just part of the error, so, my questions is: is this possible?, i mean, what i'm trying to achieve using ESX Virtual Machines, VLANS, etc is this a Debian problem? can be solved? i've read about a file named z25_persistent-net.rules in Debian but it doesn't exist in my installation. in the In the vSphere Networking for ESX5 guide, you can read: If you enter 0 or leave the option blank, the port group can see only untagged (non-VLAN) traffic. If you enter 4095, the port group can see traffic on any VLAN while leaving the VLAN tags intact. So, in theory, it should work, right? Hope you can help me up with this one Thanks

    Read the article

  • What could be wrong with my VLAN?

    - by Matt
    I've got a VLAN 10 setup as a management VLAN. The management VLAN comes off port 48 and links to another set of switches that do not support VLAN's so it was I believe set up as an untagged access port. In the past this was a different brand of switch and this worked fine. However, since changing to the HP V1910-48G series I can't seem to get this working. I must point out that as far as I'm aware it is wired up properly (I can't check this physically as I'm working remote and have asked the tech who's got access to double check for me). Now I don't have a huge amount of experience with VLAN environments but AFAIK this is right. I've set the port 48 (linked to the management switches) as an untagged port with PVID 10 and access link type. Is this all I'd need to do from a configuration perspective to ensure all devices connected to port 48 would end up being on VLAN 10 and not needing to tag their frames. i.e. the tag would be added by the switch before being forwarded.

    Read the article

  • Missing Setup->VLAN on DD-WRT Web GUI?

    - by leeand00
    Please note that I've already posted this question on the dd-wrt forums. I am using "DD-WRT v24-sp2 (08/07/10) std" on a WZR-HP-G300NH model Buffalo router. I've found a number of tutorials online that talk about using Setup-VLAN on the menu system of the GUI interface to configure VLANs, but on my own router, it appears that VLAN configuration is located elsewhere; mainly in the Setup-Networking-VLAN Tagging section of the GUI. I would gladly just use the bash shell to configure the vlans on the router, but every tutorial I read refers to "changing the gui to reflect the changes made in the bash prompt". Are there any tutorials or documentation that you are aware of that that refer to the Setup-Networking-VLAN Tagging GUI portion of my router?

    Read the article

  • vlan change via scvmm not working

    - by HarryMud
    Hi i have a windows 2008 R2 hyper-v server which is managed via scvmm 2008 R2. the guest os running on the hyper-v server is winxp with sp3. if i change the vlan id via scvmm the guest doesn't get an ip via dhcp i looked in the properties of the vm with the hyper-v mmc an see the vlan changed correctly but no ip connectivity either static or dhcp a reboot of the guest os didn't help if i change the vlan id via hyper-v mmc the guest gets an ip via dhcp scvmm seams to forget something after the vlan change has anyone a clue how to resolve this ? thx

    Read the article

  • VLAN support on Juniper EX - 2200 switches

    - by liv2hak
    I have 6 Juniper switches (EX - 2200) connected to each other as shown in the network topology below. I have two PC's that I am using PC1 - (used for configuring the 6 switches via minicom) PC2 - to monitor the traffic between the switches via the Ports that are marked with arrows in the diagram. STEP 1: I create a new vlan On Switch 3 (SW3) that includes Port 12 and Port 22. I also assign l3-interface to the vlan (vlan_2) with ip address - 192.168.1.7. Now I plug-in Port 0 of Switch 3 on PC2. Now I try pinging 192.168.1.7 from PC2 (192.168.1.10) I want to know what will happen? My postulation is that I will not be able to ping SW3 from PC2.This is because SW3 (Port 12 and Port 22) is a part of a vlan_2 and vlan_2 logically breaks up broadcast domains and so 192.168.1.7 will not be reachable from 192.168.1.10. Now I have an l3-interface on SW1 with IP 192.168.1.1 using default vlan( vlan-id 0). Similarly I have enabled IP on SW2 - 192.168.1.2 SW3 - 192.168.1.3 SW4 - 192.168.1.4 SW5 - 192.168.1.5 SW6 - 192.168.1.6 all using default vlan. Now I plug in Port 12 of SW3 (blue cable) into the PC2. I try to ping 192.168.1.1 from PC2. What will happen at this stage.? My postulation is that I will be able to ping switch 1.Is this correct? Also another question is that can a single port on a Switch be added multiple VLANS? I am a beginner at network configuration? Any help would be highly appreciated. (Please ignore the CISCO symbol on the switches in the diagram.All swithes are Junper EX 22-00.)

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >