Configuration of VLAN 6248 - link IP subnet to the VLAN
We have 200 node network with no VLAN (small private company that developed quickly)
All nodes / devices / etc. of PCs spread evenly over 6 Dell 5448 switches with no regard for the Department, location or usage.
(1) L3 is 6248 - we've added 6248 route VLANs (everything is on VLAN 1 still - i.e. without marking)
(2) L2 several VLANS by switch - the best of cases, 2 VLANS by 5448
(3) trunk / general uplink L2 s 5448 using LAG (44, 45 ports) - should be labelled all traffic, but since it will be a conversion / migration on an e-commerce network 24 x 7, we thought that we would have to do uplink between 5548 s and 6248 General and changes to the trunk later
(4) for the conversion, all uplinks of trunk/general will have several VLANs marked as vlan1 untagged traffic
(5) we know fixed us every VLAN gateway IP to the IP address of 6248 maintenance the VLAN, but can't decide how to proceed with no one-to-one correspondence of VLAN LAG uplink
Questions on 6248
Q1: we would use "bind the IP subnet to the VLAN ' the 6248 to configure routing between VLANS or do we define the belonging to a VLAN by LAG?
Q2: would we be able to ping the IP of the bridge VLAN configured in the 6248 a down host link / node / PC marked for the same VLAN?
Any suggestions would be most appreciated.
On the 6248 allowing to the VLAN routing you must just ensure each VLAN has an IP address assigned to it:
Console (config) #interface vlan 5
Console (config - vlan) #ip address 192.105.1.1 255.255.255.0
Then enable routing on the switch:
Console (config) #ip Routing
That's all that needs to be configured on the 6248 for VLAN routing to work. One thing to take steps, is that on the 6248 the management VLAN is not routable. By default, the management VLAN is VLAN 1. Two options are to move the management VLAN a VLAN different:
Console # configure
Console (config) #ip address vlan 99
Or not use VLAN 1 at all. Place traffic on other VLANs.
The answer to your second question is Yes. With the VLAN routing enabled a customer to any what VLAN should be able to ping the gateway of the 6248.
When it comes to generals and trunk mode. General mode is like a combination of access and trunk, you can send several VLANS not identified. General mode is most commonly used on the 6200 switches when connecting with the new switches, trunk sometimes doesn't connect when it is connected to a most recent switch. I suggest using the general mode on the 6248 and if it works, leave it in general mode.
Here is a list of various white papers which all have some good info to have.
http://en.community.Dell.com/TechCenter/networking/w/wiki/2580.networking-whitepapers.aspx
6248 user's Guide
6248 cli guide
5548 user's Guide
5548 cli guide
Having to update firmware of the switch can help with interoperability.
6248
http://www.Dell.com/support/home/us/en/04/product-support/product/PowerConnect-6248/drivers
5548
http://www.Dell.com/support/home/us/en/04/product-support/product/PowerConnect-5548/drivers
See you soon
Tags: Dell Switches
Similar Questions
-
Need help setting up a configuration of VLAN special using WRVS4400N
Hi guys,.
I need your help on how to implement a configuration of VLAN somehow non-standard.
The situation is the following:
The customer wants a WLAN set up for the company and the other for guests. Now, wouldn't that be not so difficult if we'd be using the internal internet connection. But the WRVS4400N will be used to implement wireless LANs / VLAN only.
The company uses the DHCP protocol on both of their subnets, provided by a Watchguard Firebox XTM510.
Now, what we would do is set up the back door #1 for the connection to the subnet of the client and the #2 for the connection to the optional subnet for the guests. The first problem is that we were not able to configure DHCP forwards to the VLAN2. It works very well on the 1st but the 2nd doesn't allow that either ENabled or disabled, grayed out DHCP.
To work around the problem that he would be allowed to set up DHCP WRVS4400N providing in itself for the subnet invited, but try that didn't work at all.
Is it possible? Thanks in advance!
Best,
Ralph.
-
I am trying to set up a couple of VLAN on the RVS4000. The router allows me to enter the VLAN ID without problem, but it doesn't seem to be a screen to set up the network and DHCP component for the new configuration of VLAN. I saved the configuration of the router and printed. There are several VIRTUAL networks in the configuration with the IP addresses starting with 192.168.2.0/24 and increasing unit (192.168.3.0, 192.168.4.0, etc.). These networks VLAN contains the DHCP configuration also. How can I change these addresses. Is it possible that you can not change them and take what's there and use it? When I configured a VLAN with ID 30, is to tie the knots got an address in the 192.168.2.0 subnet, which is not what I wanted. The manual is no help. He said almost nothing about the configuration of VLANS. Is there another source for more information on the configuration of the RVS4000 with VLAN?
Also, I downloaded and installed the new firmware for the router.
Any help is appreciated.
Tony
Forget it. I thought about it. It is on the configuration page and you will need to use the drop-down list for the VLAN configured.
-
Cisco asa active multiple interfaces on a single switch without configuration of vlan switch.
I was wondering if there is a work around on cisco asa to have 2 interfaces vlan on a switch. The reason I ask I have a cisco asa 5505 and a dell switch that does not support the configuration of VLANs. I set up 2 interface vlan on a cisco asa and when two interfaces are active my internet drops frequently. I was wondering if there is nothing to configure the asa cisco to make this thing work. Thanks in advance...
Assuming that Dell switch at least linking several interfaces of the ASA to the Dell should translate all media spanning tree protocols, but a bet covering the tree blocking State to avoid a tree covering loop.
If the Dell does not support tree covering weight then you would be in very bad shape each broadcast packet would be will loop indefinitely and cause what we call a 'broadcast storm. "
One way is not good and the other real harm.
-
Need help with configuration of VLAN SF300-24
Hello
Let me Preface this with the fact that networking is certainly not my point hard, so here, any help is greatly appreciated.
I'm trying to segment on a virtual desktop on its own VIRTUAL local network infrastructure using a Cisco SF300-24 Layer 3 switch. I can get the switch to connect to the network with the assigned VLAN 1 an IP address on the subnet of the network (192.168.16.X), but I can't get anything this is set up VLAN 20 (192.168.20.X subnet) to connect past the VLAN 20 (192.168.20.254) gateway IP. The ports assigned to 20 VLAN are defined to access the mode if it matters.
Here is a diagram to illustrate what it looks like, as there is another (L2) switch involved.
So I'm not really sure what I am missing here since all settings seem simple enough.
Hi Simon, I recommend you remove any server active directory and essentially remove all safety factors. This will give the idea of where to start.
If you take a quite basic set, 2 Windows 7 workstations without a Firewall window activated, they both work as expected.
It must be remembered that in firewalls, even if they are able to respond to ICMP if the request is from a different subnet, they will not be because he is recognized as a network abroad. You must know the network on these computers or make sure the computer does not care.
You may be able to do this by simply adding additional subnets on the advanced configuration of the network card (if it does not take too much address space) as an example.
Or well, as you have discovered that you can add routes, which is a bit heavy and inconvienent, but effective.
-Tom
Please mark replied messages useful -
Firefox is configured as the default browser, but if I click on a link in MS Word, the link opens with MS Internet Explore. Why?
I have the same problem, but the difference is in the opening of the MS WORD hyperlinks to download documents (for example http://ntv.spbstu.ru/2011/hss_2011_3.pdf#page=145 ). This link wants to call MS IE.
At the same time, all the HTML links are opened in FireFox. -
Hello
I am desirous of VLAN my iSCSI data in two separate VLANS and think I understand what to do. I would like to just anyone for the validation test it before I go live and eventually get things horribly wrong.
All i15 labeled ports must be configured as switchport access vlan 15
All i16 labeled ports must be configured as switchport access vlan 16
Four XG ports must be configured as vlan allowed switchport General add 15.16 tag.So far I think I have it but I'm not sure on how to get the traffic untagged crossing ports XG.
It will do it automatically, or should I set switchport General pvid 1 for these ports, so all untagged traffic goes to the network vlan by default?I need to set the VLAN on LAG3 or will it not serious because the ports are marked? Or do I not have to label the ports if the OFFSET is the tag? Or I have to mark the two?
Thanks for the help,
Jim.
Put a PVID on a LAG sets going what traffic VLAN not identified.
-
Configure XP mode to link automatically USB devices?
Is it possible to configure XP mode to link automatically USB devices?
This is a real nuisance to have to manually set a usb scanner to scan in to an application that does not work on win7 naitively.
And it makes it impossible to deploy the application in a transparent mode, since the scanner is not attached if you try to run transparently without initiating 'Desktop' mode xp mode and manually attach the scanner first.Hi all - I have a solution that works, the only problem is the cost. USB over network Fabulatech.com, share the USB device using the server component (in the windows box 7) and install the client in the Virtual Machine XP Mode and it will automatically connect at startup of the machine.
If you need to share the USB device between the computer and the computer/application in XP Mode Windows 7, you can install the USB on the network client on the computer Windows 7 and settled on manual, in order to launch local applications with a CMD file that starts the network client USB key first before opening the application. This way, the USB devices are available to any devices to connect to via USB on customer network.
-
Configuration of VLAN Switch SF302 - 08 p
I have the following Setup using two switches PoE SF302 - 08 p:
1st floor
=========
SWITCH1 # <------->private network
<------->public network
2nd floor
=========
Switch #2 <------->private network
... public network (visible, but devices can't connect)
I tried to do the config in the identical to the #1 switch #2 switch, but something still does not work.
This is probably a configuration issue VLAN, or what?
Thank you.
Ken Watkins
Hi Ken, the interfaces between switches must both vlan of the port.
example of
VLAN 1
VLAN 2
port 1 connects to port 1 of the second switch
config t
interface gi01
switchport mode trunk
switchport trunk allowed vlan add 2
The ports between switches must be vlan unidentified native, all other VLAN Tag. In my example, 1u, 2 t.
-Tom
------->------->------->
Please mark replied messages useful -
Configuration of VLAN Cisco SG 300-10
I just got a 300-10 switch Cisco SG and I am a relative novice working with smart switches, so bear with me. I added a VLAN (VLAN 2) and assigned port 7. So now, there is the default VLAN 1 and VLAN 2. The IPv4 Interface is:
VLAN 1
Interface: VLAN 1
Type of IP address: static
IP address: 172.26.0.192
Mask: 255.255.0.0
Status: valid
VLAN 2
Interface: VLAN 2
Type of IP address: static
IP address: 172.27.0.1
Mask: 255.255.0.0
Status: valid
The default gateway is 172.26.0.252.
IPv4 static routes now look like this:
I changed the mode of the system of layer 3 to layer 2 since I guess I have to make a VIRTUAL LAN see devices on another. I have a mute switch is connected to port 7 (VLAN 2) and a laptop connected to the mute switch with IP 172.27.0.117. On the SG 300-10 switch port 1 is connected to the default gateway (172.26.0.252), and port 2 is connected to a PC with the IP 172.26.0.136. From the Office I can access the internet through the default gateway. As expected, I can't access internet from the laptop (IP 172.27.0.117) I see the desktop because they are on separate VLANs. I want to be able to access the internet and also to be able to see my office (172.26.0.136) of the laptop, so I need the VLAN to be able to access the devices on the other. How would I go to do this? Moreover, all this is done in a test environment because I make sure I get this right before deployment. Thanks for your help on this.
I have a few questions about the installation:
(1) what is the default value as the value Gateway for VLAN1 on 2 ports (172.26.0.136) PC?
(2) is your Internet on Port 1 VLAN 1 (172.26.0.252) gateway, a static route for the 172.27.0.0 pointed out what subnet VLAN 1 (172.26.0.192) as the next hop router?
(3) is the default gateway for the laptop computer on Port 7 VLAN 2 pointed VLAN 2 (172.27.0.1)?
If the General Directorate for the PC in the VLAN 1 is the gateway/router Internet router/gateway would require a road static to the interface VLAN 1 IP address for the subnet on the LAN VIRTUAL 2 so that the routing table in the switch can be used. By setting the static route to the Internet this router will fix the problem of connectivity Internet of VLAN 2 as well. Basically the Internet router needs to know how to do and the 172.27.0.0 subnet via the switch. Hope this helps.
-
Configuration of VLAN 'Wi - Fi comments' on ASA 5512
I'm trying to configure a new vlan on my Cisco ASA 5512 running version 8.6 (1) 2. This vlan will give access to AP Wireless 'invited' into my network. I have the configuration of vlan comments through my switches, I am able to devote a switch port to 40 VLANS and acquire an IP address in the network 10.40.10.0/24. Below is an extract from what I think is relevent to the config information. I try to carry the traffic of comments on my ' outside' interface.
Obvious to me miss me another command here. Any help would be appreciated to greatling. If more running-config is required please advise. Thanks in advance!
_________________________________________________________
interface GigabitEthernet0/1.40
Description comments Wireless Network
VLAN 40
nameif guestwireless
security-level 50
IP 10.40.10.5 255.255.255.0
Route outside 0.0.0.0 0.0.0.0 X.X.X.X 1 (public IP address to X.X.X.X)
access extensive list ip 10.40.10.0 guestwireless_access_in allow 255.255.255.0 interface outside
guestwireless MTU 1500
Access-group guestwireless_access_in in the guestwireless interface
dhcpd address 10.40.10.50 - 10.40.10.250 guestwireless
dhcpd dns 8.8.8.8 interface guestwireless
guestwireless enable dhcpd
________________________________________________________
Here is the part of the killing
interface GigabitEthernet0/0
ISP Interface Description
nameif outside
security-level 100
To take
interface GigabitEthernet0/0
security level 0
You do not want the more precarious with the higher level hehe safety interface
Looking for a Networking Assistance?
Contact me directly to [email protected] / * /I will fix your problem as soon as POSSIBLE.
See you soon,.
Julio Segura Carvajal
http://laguiadelnetworking.com -
What configuration of VLAN requires a switch connectivity defined as an access port?
What configuration of VLAN requires a switch connectivity defined as an access port?
By external switch tagging
-
Issue of V-Switch virtual network, possible configuration of VLAN
A screenshot of doc word of my virtual network is attached. I'm trying to get my external labeled Virtual Switch (vSwitch2) talk to the VM (vSwitch0) network switch. My goal here is to be able to connect a physical PC into the switch labeled vmnic1 external physical and be able to convert a virtual PC VM via a cross over cable. I don't know that it would be in the same subnet as the network of VM vmic0. Do I have to install some kind of vlan etc... The physical box with XP on it can perhaps start with DHCP and enter an IP address on the same subnet bridged somehow of the external vmnic1 in the VM Network vmnic0. What is the easiest more quick to make this work? Please see the attachment. Thanks in advance for your help
Post edited by: vite@1
You will need to open a new question, if that's what you're talking about.
-KjB
VMware vExpert
-
Issue of configuration of VLAN
We have ESX Server 3.5.0 110181 and VIC version 2.5.0. Each of our ESX host has 4 NICs for use in our LANs, 2 more for each Port of the Console of Service VMKernel Port. Physical network adapters to connect to a stack of 5500 Nortel ethernet Routing switches.
I am trying configure 4 NICs in each ESX host to be able to view the two VLANS separated. I am trying to configure these VLANS on the Nortel switches. The problem is I'm new on the VLAN and can't do network cards in the ESX host to always see the two VLANS. Right now I have an ESX host with two network cards that see both VLAN and two network cards who don't see a VLAN. I'm pulling my hair out trying to figure out what I did wrong.
First and I realize maybe this isn't the best place to ask this question, but in the Nortel VLAN config, there are four choices of marking and I have not been able to understand that it is appropriate to use for the ESX host. The choices are; Removes all brand, removes the brand only PVID, Tag all or only Tag PVID. Can someone help me with this?
Also should I do at VIC or on the ESX host to see systematically the VLAN? The NICs appear to periodically just drag one of VLAN, generally the VLAN the DMZ.
Any help much appreciated. This VLAN is new to me and I could not find very clear or basic info. on the configuration of VLANS.
Thank you.
Hi danzbassman, the best would be to put each of the 4 corresponding ports on your Nortel 'Tag All' or "UNTAG PVID." switch only
If you use 'UNTAG PVID Only' on the switch, this means that all executives EXCEPT those on the VLAN "primary" assigned to the port should have tags on them. Then, on the side of ESX vSwitch, you want to create your virtual machine with the many groups entered the VLAN ID field for each VLAN "secondary" on the ports of Nortel and the VLAN ID field blank for the VLAN "primary". For example, suppose that your four NICs (attributed to vSwitch1) were connected to ports 1, 2, 3 and 4 on the side of Nortel and you had three VLANS, 100, 200, and 300, with VLAN 100 defined as the PVID on each of the four ports. If you want your virtual machines to be able to properly access to all three of these VLANs, to put in place three groups of virtual computer on vSwitch1 ports, one with the VLAN ID set to nothing (for VLAN 100 traffic, because it is not marked), one with the VLAN ID value of 200 and another with the VLAN ID value 300.
If you use 'Tag All', then you would follow the same procedure, except your first port group (one for traffic VLAN 100) should also have its VLAN ID set to 100.
Please, help me by awarding points for a 'useful' or 'proper' response if you think it is useful!
-Amit
-
Cisco ASA 5505 site for multiple subnet of the site.
Hello. I need help to configure my cisco asa 5505.
I set up a VPN between two ASA 5505 tunnel
Site 1:
Subnet 192.168.77.0
Site 2:
Have multiple VLANs and now the tunnel goes to vlan400 - 192.168.1.0
What I need help:
Site 1, I need to be able to reach a different virtual LAN on site 2. vlan480 - 192.168.20.0
And 1 site I have to reach 192.168.77.0 subnet of vlan480 - 192.168.20.0
Vlan480 is used for phones. In vlan480, we have a PABX.
Is this possible to do?
Any help would be much appreciated!
Config site 2:
: Saved
:
ASA Version 7.2 (2)
!
ciscoasa hostname
domain default.domain.invalid
activate the password encrypted x
names of
name 192.168.1.250 DomeneServer
name of 192.168.1.10 NotesServer
name 192.168.1.90 Steadyily
name 192.168.1.97 TerminalServer
name 192.168.1.98 eyeshare w8
name 192.168.50.10 w8-print
name 192.168.1.94 w8 - app
name 192.168.1.89 FonnaFlyMedia
!
interface Vlan1
nameif Vlan1
security-level 100
IP 192.168.200.100 255.255.255.0
OSPF cost 10
!
interface Vlan2
nameif outside
security-level 0
IP address 79.x.x.226 255.255.255.224
OSPF cost 10
!
interface Vlan400
nameif vlan400
security-level 100
IP 192.168.1.1 255.255.255.0
OSPF cost 10
!
interface Vlan450
nameif Vlan450
security-level 100
IP 192.168.210.1 255.255.255.0
OSPF cost 10
!
interface Vlan460
nameif Vlan460-SuldalHotell
security-level 100
IP 192.168.2.1 255.255.255.0
OSPF cost 10
!
interface Vlan461
nameif Vlan461-SuldalHotellGjest
security-level 100
address 192.168.3.1 IP 255.255.255.0
OSPF cost 10
!
interface Vlan462
Vlan462-Suldalsposten nameif
security-level 100
192.168.4.1 IP address 255.255.255.0
OSPF cost 10
!
interface Vlan470
nameif vlan470-Kyrkjekontoret
security-level 100
IP 192.168.202.1 255.255.255.0
OSPF cost 10
!
interface Vlan480
nameif vlan480 Telefoni
security-level 100
address 192.168.20.1 255.255.255.0
OSPF cost 10
!
interface Vlan490
nameif Vlan490-QNapBackup
security-level 100
IP 192.168.10.1 255.255.255.0
OSPF cost 10
!
interface Vlan500
nameif Vlan500-HellandBadlands
security-level 100
192.168.30.1 IP address 255.255.255.0
OSPF cost 10
!
interface Vlan510
Vlan510-IsTak nameif
security-level 100
192.168.40.1 IP address 255.255.255.0
OSPF cost 10
!
interface Vlan600
nameif Vlan600-SafeQ
security-level 100
192.168.50.1 IP address 255.255.255.0
OSPF cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 500
switchport trunk allowed vlan 400,450,460-462,470,480,500,510,600,610
switchport mode trunk
!
interface Ethernet0/3
switchport access vlan 490
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd encrypted x
passive FTP mode
clock timezone WAT 1
DNS server-group DefaultDNS
domain default.domain.invalid
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
Lotus_Notes_Utgaaande tcp service object-group
UT og Frim Notes Description til alle
area of port-object eq
port-object eq ftp
port-object eq www
EQ object of the https port
port-object eq lotusnotes
EQ Port pop3 object
EQ pptp Port object
EQ smtp port object
Lotus_Notes_inn tcp service object-group
Description of the inn og alle til Notes
port-object eq www
port-object eq lotusnotes
EQ Port pop3 object
EQ smtp port object
object-group service Reisebyraa tcp - udp
3702 3702 object-port Beach
5500 5500 object-port Beach
range of object-port 9876 9876
object-group service Remote_Desktop tcp - udp
Description Tilgang til Remote Desktop
3389 3389 port-object range
object-group service Sand_Servicenter_50000 tcp - udp
Description program tilgang til sand service AS
object-port range 50000 50000
VNC_Remote_Admin tcp service object-group
Description Fra ¥ oss til alle
5900 5900 port-object range
object-group service Printer_Accept tcp - udp
9100 9100 port-object range
port-object eq echo
ICMP-type of object-group Echo_Ping
echo ICMP-object
response to echo ICMP-object
object-group service Print tcp
9100 9100 port-object range
FTP_NADA tcp service object-group
Suldalsposten NADA tilgang description
port-object eq ftp
port-object eq ftp - data
Telefonsentral tcp service object-group
Hoftun description
port-object eq ftp
port-object eq ftp - data
port-object eq www
EQ object of the https port
port-object eq telnet
Printer_inn_800 tcp service object-group
Fra 800 thought-out og inn til 400 port 7777 description
range of object-port 7777 7777
Suldalsposten tcp service object-group
Description send av mail hav Mac Mail at - Ã ¥ nrep smtp
EQ Port pop3 object
EQ smtp port object
http2 tcp service object-group
Beach of port-object 81 81
object-group service DMZ_FTP_PASSIVE tcp - udp
55536 56559 object-port Beach
object-group service DMZ_FTP tcp - udp
20 21 object-port Beach
object-group service DMZ_HTTPS tcp - udp
Beach of port-object 443 443
object-group service DMZ_HTTP tcp - udp
8080 8080 port-object range
DNS_Query tcp service object-group
of domain object from the beach
object-group service DUETT_SQL_PORT tcp - udp
Description for a mellom andre og duett Server nett
54659 54659 object-port Beach
outside_access_in of access allowed any ip an extended list
outside_access_out of access allowed any ip an extended list
vlan400_access_in list extended access deny ip any host 149.20.56.34
vlan400_access_in list extended access deny ip any host 149.20.56.32
vlan400_access_in of access allowed any ip an extended list
Vlan450_access_in list extended access deny ip any host 149.20.56.34
Vlan450_access_in list extended access deny ip any host 149.20.56.32
Vlan450_access_in of access allowed any ip an extended list
Vlan460_access_in list extended access deny ip any host 149.20.56.34
Vlan460_access_in list extended access deny ip any host 149.20.56.32
Vlan460_access_in of access allowed any ip an extended list
vlan400_access_out list extended access permit icmp any any Echo_Ping object-group
vlan400_access_out list extended access permit tcp any host NotesServer object-group Lotus_Notes_Utgaaande
vlan400_access_out list extended access permit tcp any host DomeneServer object-group Remote_Desktop
vlan400_access_out list extended access permit tcp any host TerminalServer object-group Remote_Desktop
vlan400_access_out list extended access permit tcp any host http2 object-group Steadyily
vlan400_access_out list extended access permit tcp any host NotesServer object-group Lotus_Notes_inn
vlan400_access_out list extended access permit tcp any host NotesServer object-group Remote_Desktop
vlan400_access_out allowed extended access list tcp any host w8-eyeshare object-group Remote_Desktop
vlan400_access_out allowed extended access list tcp any host w8 - app object-group Remote_Desktop
vlan400_access_out list extended access permit tcp any host FonnaFlyMedia range 8400-8600
vlan400_access_out list extended access permit udp any host FonnaFlyMedia 9000 9001 range
vlan400_access_out list extended access permitted tcp 192.168.4.0 255.255.255.0 host DomeneServer
vlan400_access_out list extended access permitted tcp 192.168.4.0 255.255.255.0 host w8 - app object-group DUETT_SQL_PORT
Vlan500_access_in list extended access deny ip any host 149.20.56.34
Vlan500_access_in list extended access deny ip any host 149.20.56.32
Vlan500_access_in of access allowed any ip an extended list
vlan470_access_in list extended access deny ip any host 149.20.56.34
vlan470_access_in list extended access deny ip any host 149.20.56.32
vlan470_access_in of access allowed any ip an extended list
Vlan490_access_in list extended access deny ip any host 149.20.56.34
Vlan490_access_in list extended access deny ip any host 149.20.56.32
Vlan490_access_in of access allowed any ip an extended list
Vlan450_access_out list extended access permit icmp any any Echo_Ping object-group
Vlan1_access_out of access allowed any ip an extended list
Vlan1_access_out list extended access permit tcp any host w8-print object-group Remote_Desktop
Vlan1_access_out deny ip extended access list a whole
Vlan1_access_out list extended access permit icmp any any echo response
Vlan460_access_out list extended access permit icmp any any Echo_Ping object-group
Vlan490_access_out list extended access permit icmp any any Echo_Ping object-group
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_FTP
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_FTP_PASSIVE
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_HTTPS
Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_HTTP
Vlan500_access_out list extended access permit icmp any any Echo_Ping object-group
vlan470_access_out list extended access permit icmp any any Echo_Ping object-group
vlan470_access_out list extended access permit tcp any host 192.168.202.10 - group Remote_Desktop object
Vlan510_access_out list extended access permit icmp any any Echo_Ping object-group
vlan480_access_out of access allowed any ip an extended list
Vlan510_access_in of access allowed any ip an extended list
Vlan600_access_in of access allowed any ip an extended list
Vlan600_access_out list extended access permit icmp any one
Vlan600_access_out list extended access permit tcp any host w8-print object-group Remote_Desktop
Vlan600_access_out list extended access permitted tcp 192.168.1.0 255.255.255.0 host w8-printing eq www
Vlan600_access_out list extended access permitted tcp 192.168.202.0 255.255.255.0 host w8-printing eq www
Vlan600_access_out list extended access permitted tcp 192.168.210.0 255.255.255.0 host w8-printing eq www
Vlan600_access_in_1 of access allowed any ip an extended list
Vlan461_access_in of access allowed any ip an extended list
Vlan461_access_out list extended access permit icmp any any Echo_Ping object-group
vlan400_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0
outside_20_cryptomap_1 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0
outside_20_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0
access-list Vlan462-Suldalsposten_access_in extended ip allowed any one
access-list Vlan462-Suldalsposten_access_out extended permit icmp any any echo response
access-list Vlan462-Suldalsposten_access_out_1 extended permit icmp any any echo response
access-list Vlan462-Suldalsposten_access_in_1 extended ip allowed any one
pager lines 24
Enable logging
asdm of logging of information
MTU 1500 Vlan1
Outside 1500 MTU
vlan400 MTU 1500
MTU 1500 Vlan450
MTU 1500 Vlan460-SuldalHotell
MTU 1500 Vlan461-SuldalHotellGjest
vlan470-Kyrkjekontoret MTU 1500
MTU 1500 vlan480-Telefoni
MTU 1500 Vlan490-QNapBackup
MTU 1500 Vlan500-HellandBadlands
MTU 1500 Vlan510-IsTak
MTU 1500 Vlan600-SafeQ
MTU 1500 Vlan462-Suldalsposten
no failover
Monitor-interface Vlan1
interface of the monitor to the outside
the interface of the monitor vlan400
the interface of the monitor Vlan450
the interface of the Vlan460-SuldalHotell monitor
the interface of the Vlan461-SuldalHotellGjest monitor
the interface of the vlan470-Kyrkjekontoret monitor
Monitor-interface vlan480-Telefoni
the interface of the Vlan490-QNapBackup monitor
the interface of the Vlan500-HellandBadlands monitor
Monitor-interface Vlan510-IsTak
Monitor-interface Vlan600-SafeQ
the interface of the monitor Vlan462-Suldalsposten
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 522.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
vlan400_nat0_outbound (vlan400) NAT 0 access list
NAT (vlan400) 1 0.0.0.0 0.0.0.0 dns
NAT (Vlan450) 1 0.0.0.0 0.0.0.0 dns
NAT (Vlan460-SuldalHotell) 1 0.0.0.0 0.0.0.0
NAT (Vlan461-SuldalHotellGjest) 1 0.0.0.0 0.0.0.0
NAT (vlan470-Kyrkjekontoret) 1 0.0.0.0 0.0.0.0
NAT (Vlan490-QNapBackup) 1 0.0.0.0 0.0.0.0 dns
NAT (Vlan500-HellandBadlands) 1 0.0.0.0 0.0.0.0
NAT (Vlan510-IsTak) 1 0.0.0.0 0.0.0.0
NAT (Vlan600-SafeQ) 1 0.0.0.0 0.0.0.0
NAT (Vlan462-Suldalsposten) 1 0.0.0.0 0.0.0.0
static (vlan400, external) 79.x.x.x DomeneServer netmask 255.255.255.255
static (vlan470-Kyrkjekontoret, external) 79.x.x.x 192.168.202.10 netmask 255.255.255.255
static (vlan400, external) 79.x.x.x NotesServer netmask 255.255.255.255 dns
static (vlan400, external) 79.x.x.231 netmask 255.255.255.255 TerminalServer
static (vlan400, external) 79.x.x.234 Steadyily netmask 255.255.255.255
static (vlan400, outside) w8-eyeshare netmask 255.255.255.255 79.x.x.232
static (Vlan490-QNapBackup, external) 79.x.x.233 192.168.10.10 netmask 255.255.255.255 dns
static (Vlan600-SafeQ, external) 79.x.x.235 w8 - print subnet mask 255.255.255.255
static (vlan400, outside) w8 - app netmask 255.255.255.255 79.x.x.236
static (Vlan450, vlan400) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
(Vlan500-HellandBadlands, vlan400) static 192.168.30.0 192.168.30.0 netmask 255.255.255.0
(vlan400, Vlan500-HellandBadlands) static 192.168.1.0 192.168.1.0 netmask 255.255.255.0
(vlan400, Vlan450) static 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400, external) 79.x.x.252 FonnaFlyMedia netmask 255.255.255.255
static (Vlan462-Suldalsposten, vlan400) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
static (vlan400, Vlan462-Suldalsposten) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400, Vlan600-SafeQ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Vlan600-SafeQ, vlan400) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ, Vlan450) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ, vlan470-Kyrkjekontoret) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan450, Vlan600-SafeQ) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (vlan470-Kyrkjekontoret, Vlan600-SafeQ) 192.168.202.0 192.168.202.0 netmask 255.255.255.0
Access-group interface Vlan1 Vlan1_access_out
Access-group outside_access_in in interface outside
Access-group outside_access_out outside interface
Access-group vlan400_access_in in the vlan400 interface
vlan400_access_out group access to the interface vlan400
Access-group Vlan450_access_in in the Vlan450 interface
Access-group interface Vlan450 Vlan450_access_out
Access-group interface Vlan460-SuldalHotell Vlan460_access_in
Access-group interface Vlan460-SuldalHotell Vlan460_access_out
Access-group interface Vlan461-SuldalHotellGjest Vlan461_access_in
Access-group interface Vlan461-SuldalHotellGjest Vlan461_access_out
Access-group vlan470_access_in in interface vlan470-Kyrkjekontoret
vlan470_access_out access to the interface vlan470-Kyrkjekontoret group
access to the interface vlan480-Telefoni, vlan480_access_out group
Access-group interface Vlan490-QNapBackup Vlan490_access_in
Access-group interface Vlan490-QNapBackup Vlan490_access_out
Access-group interface Vlan500-HellandBadlands Vlan500_access_in
Access-group interface Vlan500-HellandBadlands Vlan500_access_out
Access-group interface Vlan510-IsTak Vlan510_access_in
Access-group interface Vlan510-IsTak Vlan510_access_out
Access-group Vlan600_access_in_1 interface Vlan600-SafeQ
Access-group Vlan600_access_out interface Vlan600-SafeQ
Access-group Vlan462-Suldalsposten_access_in_1 Vlan462-Suldalsposten interface
Access-group Vlan462-Suldalsposten_access_out_1 Vlan462-Suldalsposten interface
Route outside 0.0.0.0 0.0.0.0 79.x.x.225 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
x x encrypted privilege 15 password username
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.210.0 255.255.255.0 Vlan450
http 192.168.200.0 255.255.255.0 Vlan1
http 192.168.1.0 255.255.255.0 vlan400
No snmp server location
No snmp Server contact
SNMP-Server Community public
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
card crypto outside_map 20 match address outside_20_cryptomap_1
card crypto outside_map 20 set pfs
peer set card crypto outside_map 20 62.92.159.137
outside_map crypto 20 card value transform-set ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow outside
ISAKMP crypto enable vlan400
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
tunnel-group 62.92.159.137 type ipsec-l2l
IPSec-attributes tunnel-group 62.92.159.137
pre-shared-key *.
Telnet 192.168.200.0 255.255.255.0 Vlan1
Telnet 192.168.1.0 255.255.255.0 vlan400
Telnet timeout 5
SSH 171.68.225.216 255.255.255.255 outside
SSH timeout 5
Console timeout 0
dhcpd update dns both
!
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan1
!
dhcpd option 6 ip 81.167.36.3 81.167.36.11 outside interface
!
dhcpd address 192.168.1.100 - 192.168.1.225 vlan400
dhcpd option ip 6 DomeneServer 81.167.36.11 interface vlan400
dhcpd option 3 ip 192.168.1.1 interface vlan400
vlan400 enable dhcpd
!
dhcpd address 192.168.210.100 - 192.168.210.200 Vlan450
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan450
dhcpd ip interface 192.168.210.1 option 3 Vlan450
enable Vlan450 dhcpd
!
dhcpd address 192.168.2.100 - 192.168.2.150 Vlan460-SuldalHotell
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan460-SuldalHotell
dhcpd 192.168.2.1 ip interface option 3 Vlan460-SuldalHotell
dhcpd enable Vlan460-SuldalHotell
!
dhcpd address 192.168.3.100 - 192.168.3.200 Vlan461-SuldalHotellGjest
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan461-SuldalHotellGjest
dhcpd ip interface 192.168.3.1 option 3 Vlan461-SuldalHotellGjest
dhcpd enable Vlan461-SuldalHotellGjest
!
dhcpd address 192.168.202.100 - 192.168.202.199 vlan470-Kyrkjekontoret
interface of dhcpd option 3 ip 192.168.202.1 vlan470-Kyrkjekontoret
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan470-Kyrkjekontoret
dhcpd enable vlan470-Kyrkjekontoret
!
dhcpd option 3 192.168.20.1 ip interface vlan480-Telefoni
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan480-Telefoni
!
dhcpd address 192.168.10.80 - 192.168.10.90 Vlan490-QNapBackup
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan490-QNapBackup
dhcpd 192.168.10.1 ip interface option 3 Vlan490-QNapBackup
!
dhcpd address 192.168.30.100 - 192.168.30.199 Vlan500-HellandBadlands
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan500-HellandBadlands
dhcpd ip interface 192.168.30.1 option 3 Vlan500-HellandBadlands
dhcpd enable Vlan500-HellandBadlands
!
dhcpd address 192.168.40.100 - 192.168.40.150 Vlan510-IsTak
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan510-IsTak
dhcpd 3 ip Vlan510-IsTak 192.168.40.1 option interface
Vlan510-IsTak enable dhcpd
!
dhcpd address 192.168.50.150 - 192.168.50.199 Vlan600-SafeQ
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan600-SafeQ
Vlan600-SafeQ enable dhcpd
!
dhcpd address 192.168.4.100 - 192.168.4.150 Vlan462-Suldalsposten
interface option 6 ip DomeneServer 81.167.36.11 Vlan462-Suldalsposten dhcpd
interface ip dhcpd option 3 Vlan462-Suldalsposten 192.168.4.1
Vlan462-Suldalsposten enable dhcpd
!
!
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
!
context of prompt hostname
Cryptochecksum:x
: end
Site 1 config:
: Saved
:
ASA Version 7.2 (4)
!
ciscoasa hostname
domain default.domain.invalid
activate the password encrypted x
passwd encrypted x
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.77.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
PPPoE Telenor customer vpdn group
IP address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 15
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
DNS server-group DefaultDNS
domain default.domain.invalid
outside_access_in list extended access permit icmp any any disable log echo-reply
access extensive list ip 192.168.77.0 outside_1_cryptomap allow 255.255.255.0 192.168.1.0 255.255.255.0
access extensive list ip 192.168.77.0 inside_nat0_outbound allow 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 524.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
Access-group outside_access_in in interface outside
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
Enable http server
http 192.168.77.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs
peer set card crypto outside_map 1 79.160.252.226
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow inside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet 192.168.77.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
VPDN group Telenor request dialout pppoe
VPDN group Telenor localname x
VPDN group Telenor ppp authentication chap
VPDN x x local store password username
dhcpd outside auto_config
!
dhcpd address 192.168.77.100 - 192.168.77.130 inside
dhcpd dns 192.168.77.1 on the inside interface
dhcpd option 6 ip 130.67.15.198 193.213.112.4 interface inside
dhcpd allow inside
!
dhcpd option 6 ip 130.67.15.198 193.213.112.4 outside interface
!
tunnel-group 79.160.252.226 type ipsec-l2l
IPSec-attributes tunnel-group 79.160.252.226
pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:x
: end
Hello
The addition of a new network to the existing VPN L2L should be a fairly simple process.
Essentially, you need to add the network of the Crypto present ACL configurations "crypto map" . You also need to configure the NAT0 configuration for it in the appropriate interfaces of the SAA. These configurations are all made on both ends of the VPN L2L connection.
Looking at your configurations above it would appear that you need to the following configurations
SITE 1
- We add the new network at the same time the crypto ACL and ACL NAT0
access extensive list ip 192.168.77.0 outside_1_cryptomap allow 255.255.255.0 192.168.20.0 255.255.255.0
access extensive list ip 192.168.77.0 inside_nat0_outbound allow 255.255.255.0 192.168.20.0 255.255.255.0
SITE 2
- We add new ACL crypto network
- We create a new NAT0 configuration for interface Vlan480 because there is no previous NAT0 configuration
outside_20_cryptomap_1 to access extended list ip 192.168.20.0 allow 255.255.255.0 192.168.77.0 255.255.255.0
Comment by VLAN480-NAT0 NAT0 for VPN access-list
access-list VLAN480-NAT0 ip 192.168.20.0 allow 255.255.255.0 192.168.77.0 255.255.255.0
NAT 0 access-list VLAN480-NAT0 (vlan480-Telefoni)
These configurations should pretty much do the trick.
Let me know if it worked
-Jouni
Maybe you are looking for
-
Displaying a video iPhone to iCloud
I wasn't able to post a video from my iPhone to iCloud, photo sharing. The video is 04:34 minutes long, so seems to be within the specifications given by Apple (max. duration 5 minutes if I understood). I tried the iPhone (4 s iOS 9.3.4) and iMac (
-
Satellite L735-142 - update BIOS blocks
I tried to update my bios of the laptop with a new 2.5 insyde bios Toshiba support page but it got an error in the middle of the update, now my phone is a brick. I placed the bios.fd file in a USB bios trying to reflash but my laptop Don t read, I tr
-
Can I use a jpeg image to define the texture on an object in scene I created from a stl file?
I want to create an object in a 3D scene, whose shape is defined in an stl file. Then, I want to put a picture of a jpeg on the surface of the image by using the texture property. If I create the object by using, for example, the Box.vi creation, ins
-
I get this KB2481109 update and it still fails to update it's a virus
I get this KB2481109 update and it still fails to update it is a virus and how iI to get rid of this?
-
Windows cannot find the specified path
I am trying to start my Apple Mobile Device service, in administrative tools, in respect of Services and I get the error message 3. Windows cannot find the specified path. I am logged as administrator, while he was trying to do. I don't know why it w