FlowControl and DCB
Can anyone advise on the right setting on Broadcom 10 GbE NIC regarding flow control when DCB is configured.
I understand perfectly that the exclusive Frother and DCB don't mix.
However in the advanced flow control should be off, auto or TX/RX (unlikely) on? Or it does not matter because if NIC detected DCBx it ignores the flowcontrol parameter.
Austin, by CAT e-mail offline, here's a quick recap:
-DCB will not work on the 57810 since the NDIS interface. Must be in distributed mode
S ' ensure that Broadcom 57810 a DCB enable (if it is disabled, enable it via the NIC rom options settings)
-NIC 57810 must be set to the mode (activate via bins) distributed
-There is no DCB configuration on the NETWORK card or EQL. These devices are "ready" mode
-They inherit all the properties the switch enabled/configured DCB DCB
-NIC 57810 (bins) GUI will show the DCB properties that it inherited from the switch
-GUI EQL (dcb network details section) will show the DCB properties that it inherited from the switch
-Use a VLANID (Tag) equal to or greater than 2 to the NIC, EQL and switchports
-NIC IP, MTU, VLANID must be configured from the distributed bins (not via the NDIS interface) interface
-Once configured, use the Diagnostic trays 57810 ping EQL tab. (do the Windows CLI ping)
-Do not change the settings on the network card. You can disable control level flow link on the switchports, if necessary, which in turn will disable any link level flow control. Priority flow control is the method of control of the main flow once the DCB is enabled.
Overall, DCB is activated and configured on the switch, see network NIC GUI and EQL GUI properties and they will show you the DCB settings which have been inherited from the switch and if everything is configured correctly. (that is, ETS, priority/GID, lossless... etc)
Switch Configuration guides are located at:
en.Community.Dell.com/.../4250.Switch-configuration-guides-for-EqualLogic-or-Compellent-sans
Tags: Dell Products
Similar Questions
-
Enabling Jumbo frames on VMXNET3 adapter in Windows Server 2012
Hello everyone on the forums of wonderful Equallogic :)
We have a PS4100X of the virtual computer running on vSphere 5.1 EQL. Everything works very well, and we are about to migrate a VM 2012 SQL our database. I did some research on the issue of whether we should allow the frames extended on the VMXNET3 adapter in the virtual machine.
Reading this white paper, it seems there are large performance benefits to enable jumbo frames and a few other options in the NETWORK adapter settings:
http://en.community.Dell.com/TechCenter/Extras/m/white_papers/20403565.aspx
Just curious as to how other people and if they saw an improvement in performance. Someone at - he had experience with this?
Thank you
Lee
Frames being good or bad, is highly dependent on the switching infrastructure. If the switches do not manage flowcontrol and frames, then performance could be worse with frames enabled.
If the switches are not on the list certified for EQL tables, I tend to start with the standard frames, get a baseline run, then try frames gradually and do things of course worsen.
Extended frames may provide an advantage, he will never be a huge increase, but it improves the efficiency of the network and could reduce the overhead of the processor. Which are not mandatory for EQL iSCSI environments.
Please check best practices with document ESX. That can really help to maximize your performance with storage EQL.
http://en.community.Dell.com/TechCenter/Extras/m/white_papers/20434601.aspx
Kind regards
-
Help: Procedure insertion of records works a TOAD does not work in APEX
Any who,
Why don't the work following procedure when performed with Toad... but does not work when running with and the application of APEX by APEX_PUBLIC_USER.
SCRIPT:
CREATE OR REPLACE PROCEDURE HRAPPS. C00_DENTAL_CHECKS_INSERT (P_BATCH_DATE, DATE,
NUMBER OF P_PLAN_ID) IS
/******************************************************************************
NAME: C00_DENTAL_CHECKS_INSERT
PURPOSE:
REVISIONS:
Worm Date Description of the author
--------- ---------- --------------- ------------------------------------
1.0 06/10/2009 TNOLTE 1. Created this procedure.
NOTES:
Keywords to replace automatically available Auto:
Object name: C00_DENTAL_CHECKS_INSERT
SYSDATE: 10/06/2009
Date and time: 2009-06-10 14:11:28 and 2007-04-18 14:11:28
User name: (put in TOAD Options, editor of the procedure)
Name of the table: (defined in the dialog box "New PL/SQL object")
******************************************************************************/
THE CNTR NUMBER;
v_check_seq NUMBER;
BEGIN
CNTR: = 0;
FOR THE DCI (SELECT IN
plan_id DC.plan_id,
Check_date PTP.regular_payment_date,
DC. Provider_id paid,
-1 check_number,
Pap1.person_id person_id,
Sum (DC.amount_100_pct) + SUM (dc.paid_at_80) + SUM (dc.paid_at_50) amount.
DP. Description: ' for '. note of DC. MEMO,
DCB.batch_date batch_date
OF hrapps.dental_claims dc.
Apps.per_all_people_f pap,
Apps.per_all_people_f pap1,
hrapps.dental_claim_batch dcb,
hrapps.dental_plans dp,
TPP apps.per_time_periods
WHERE dc.plan_id = P_PLAN_ID
AND dc.payee <>1069
AND dc.claim_status_id = 3
AND dcb.batch_id = dc.batch_id
AND dcb.batch_date = P_BATCH_DATE
AND pap.person_id = dc.patient_person_id
AND dc.date_of_service BETWEEN pap.effective_start_date AND
PAP.effective_end_date
AND pap1.person_id = dc.person_id
AND dc.date_of_service BETWEEN pap1.effective_start_date AND
Pap1.effective_end_date
AND dp.plan_id = dc.plan_id
AND ptp.payroll_id = decode (dc.plan_id, 1, 61, 67)
AND dcb.batch_date BETWEEN (ptp.start_date) AND (ptp.end_date)
Dc.plan_id GROUP,
PTP.regular_payment_date,
DC. Paid,
-1,
Pap1.person_id,
DP. Description: ' for '. DC. MEMO,
DCB.batch_date
ORDER BY dc.plan_id,
PTP.regular_payment_date,
DC. Paid,
-1,
Pap1.person_id,
DP. Description: ' for '. DC. MEMO,
DCB.batch_date)
LOOP
Select HRAPPS. C00_REIMB_CHECKS_SEQ. NEXTVAL in the double v_check_seq;
INSERT INTO HRAPPS. C00_REIMB_CHECKS (REIMB_ID,
PLAN_ID ARGUMENT,
CHECK_DATE,
PROVIDER_ID,
CHECK_NUM,
EMP_PERSON_ID,
AMOUNT,
MEMO,
BATCH_DATE)
VALUES (v_check_seq,
DCI.plan_id,
DCI.check_date,
DCI.provider_id,
DCI.check_number,
DCI.person_id,
DCI.amount,
DCI.memo,
DCI.batch_date);
CNTR: = CNTR + 1;
IF MOD(CNTR,20) = 0 THEN
COMMIT;
END IF;
END LOOP;
COMMIT;
END C00_DENTAL_CHECKS_INSERT;
/Tami,
Please view the code in the process of the page. Maybe you format P_BATCH_DATE correctly. Maybe something else.
Scott
-
How to access the NextVal when inserting into the Table
All,
I create a type of page process: the anonymous PL/SQL block
Source:
Start
insert into
c00_reimbursement_checks
Select
C00_REIMBURSEMENT_CHECKS_SEQ. NEXTVAL,
'1',
PTP.regular_payment_date,
DC. Paid,
NULL,
Pap1.person_id,
NULL,
Sum (DC.amount_100_pct) + Sum (DC.paid_at_80) + Sum (DC.paid_at_50),
"Dental reimbursement plan."
NULL,
DC. Reference,
NULL,
NULL,
DCB.batch_date,
DC.claim_id
Of
hrapps.dental_claims dc,
Apps.per_all_people_f pap,
Apps.per_all_people_f pap1,
hrapps.dental_claim_batch dcb,
hrapps.dental_plans dp,
TPP apps.per_time_periods
where dc.plan_id =: P4_PLAN_ID
and dc.payee <>1069
and dc.claim_status_id = 3
and dcb.batch_id = dc.batch_id
and dcb.batch_date =: P4_BATCH_DATE
and pap.person_id = dc.patient_person_id
and dc.date_of_service between pap.effective_start_date and pap.effective_end_date
and pap1.person_id = dc.person_id
and dc.date_of_service between pap1.effective_start_date and pap1.effective_end_date
and dp.plan_id = dc.plan_id
and ptp.payroll_id = decode(dc.plan_id,1,61,67)
and dcb.batch_date between (ptp.start_date) and (ptp.end_date)
Group of null, '1', ptp.regular_payment_date, dc.payee, null, pap1.person_id, null, 'Dental Plan', null, dc.reference, null, null, dcb.batch_date, dc.claim_id of refund
order of null, '1', ptp.regular_payment_date, dc.payee, null, pap1.person_id, null, 'Dental Plan', null, dc.reference, null, null, dcb.batch_date, dc.claim_id of refund;
commit;
End;
I get this error:
1 error has occurred
ORA-06550: line 6, column 60: PL/SQL: ORA-02287: sequence number unauthorized here ORA-06550: line 3, column 1: PL/SQL: statement ignored
How can I get access to and use the sequence of pk for my table.The answer surely is a trigger?
create or replace trigger "BI_" before insert on
for each row begin if :NEW.
is null then select
.nextval into :NEW. from dual; end if; end;
You need to change the SQL code to specify the columns that you insert in, but it avoids all the other faff.
John.
DCB - Force10 MXL and Equallogic PS6210 - worth it or not?
Hello all
I have a new 3-blade M620 virtualization environment, 2 x MXL Force10 switches and 2 x Equallogic PS6210 - there is the possibility of using DCB - is it useful to configure DCB, will I get the gains and better stability, or for a small environment should I just use the configuration standard iscsi?
Ideas or alternative options gratefully received.
Thank you
Hello
If the switches are dedicated for iSCSI use, then there is no advantage to the use of DCB. DCB in itself does not have iSCSI faster. I just made sure non-iSCSI traffic doesn't interfere by providing iSCSI with a higher priority. All other traffic is going in a "lossy" class of service.
Also, you will need DCB converged network adapters to use BCD on the hosts. Most of the iSCSI software adapters do not support DCB.
Kind regards
Hello
I have install a pair of MXLs and hoped that someone could check on the attached config. Specifically the DCB article where I have not done this before.
I have attached the config of one of the MXLs.
- A PS4110x is connected to Te0/41 on the two MXLs and has been configured to use DCB on vlan 3000. There is no error on the EQL DCB
- VLT connects to the MXLs (po100, fo0/33, fo0/37)
- A hyperV blade is configured on Te0/20 (am still to set up other HyperV blades)
One issue I've had is that vlan 3000 (vlan DCB/iSCSI) must be applied to all ports? The paper I read here suggests it should, but I don't really understand why.
Thanks for the tips!
Huw-
That is right.
impact of connectivity of disabling DCB on N4064f
Hello. We use N4064f as ToR switches. We have connected additional without EQL to the network and the new EQLs are complaining of DCB misconfiguration on the switches. We don't use of DCB, as well as literature, I read, you must disable DCB on switches.
I found the commands to do this in the configuration of switch guide (why can't do you it from the GUI?), my question is if this will have an impact on connectivity.
Both N4064f switches are not stacked, but connected using the QSFP ports ISL (static gal). RSTP is also configured.
Our network guys said there could be up to 2 minute break, which is not true, I hope.
Someone who can confirm?
If we do not disable DCB on switches, there should be no effect on the functionality of EQLs, right? (with the exception of the warning in the Group Manager)
We did a quick laboratory test and doesn't see any loss of network DCB to disable. If you do not see it yet, this is a good document.
See you soon
Hi all
The installation program:
Configured the MXL according to Configuration guide for the switch blade Force10 MXL 10/40GbE. The MXL have the latest firmware. I configured VLAN DCB in the GUI.
The question:
The MXL shutters port console and this error:
% DIFFSERV-4-DSM_PFC_NUM_NO_DROP_Q_EXCEEDS_LIMIT: configuration of the priorities of the CFP has failed on the interface Te 0/14 due to the limit is greater than Max allowed Lossless 2 system queues. Updated local Params with PFC Defaults(No priorities enabled for PFC) incase admin params failed to update or update with admin params for failure to update remote params, administrator must configure with the priorities of the PFC with loss less the queue limit.
Clues please?
The problem has been resolved be removed the PS-M4110, I guess that makes the port renegotiate DCB. Port beating the issue proved the eth1 interface. I forced the port on the switch to SPEED 1000 and it installs.
5324 SSH running but not asking not password and not running through my firewall
I picked up a Dell Powerconnect 5324 off ebay and wiped the configs, updated the firmware and got it mostly set up for what are my needs but I don't know why good SSH than active and working locally on the same subnet as the ip of the vlan has the following two issues:
1 SSH works but only ask "open as:" then "user name:" and never will prompt you for the password. It just goes straight to an enable command prompt
2. I can't work through my firewall DNAT. It's not critical, but I removed the access list that I had just to test and still no go.
Here is my config:
interface port-channel 1
Description Fiber4GE
FlowControl auto
output
interface port-channel 2
Description Copper2GE
FlowControl auto
output
interface port-channel 1
switchport mode trunk
output
interface port-channel 2
switchport mode trunk
output
serial interface ethernet g(19-20)
switchport mode trunk
output
database of VLAN
VLAN 96,172,192
output
interface ethernet g1
switchport access vlan 96
output
Beach port-channel interface (1 - 2).
switchport trunk allowed vlan add 96
output
Beach port-channel interface (1 - 2).
switchport trunk allowed vlan add 172
output
serial interface ethernet g(2-18)
switchport access vlan 192
output
Beach port-channel interface (1 - 2).
switchport trunk allowed vlan add 192
output
interface ethernet g1
switchport forbidden vlan add 192
output
interface vlan 96
name Comcast
output
interface vlan 172
name iSCSI-SAN
output
interface vlan 192
network name
output
serial interface ethernet g(19-20)
Auto mode channel-group 2
output
serial interface ethernet g(21-24)
Auto mode channel-group 1
output
interface vlan 192
192.168.1.251 IP address 255.255.255.0
output
line console
exec-timeout 20
output
ssh line
exec-timeout 20
output
ssh line
password * redacted * encrypted
output
line console
password * redacted * encrypted
output
enable level 15 password * redacted * encrypted
username admin password * redacted * encrypted
password username davery * redacted * level encrypted 15
property intellectual ssh server
The https server IP
clock timezone-8
customer SNTP enable vlan 192
clock source sntp
unicast SNTP client enable
unicast SNTP client survey
survey of SNTP server 192.168.1.1
IP - local.dom domain nameI think I see what is missing, we must add this command so that he can ask for the password.
Console (config) # aaa authentication login default line
Console (config) # line ssh
default authentication logon console(config-Line) #.
Let me know if it works
Force10 problem and Dell Openmanage Network Manager snmp
Hello
I have install snmp on Force10: traps, string community, I have also setup set up on omnm, but for some reason, I could not authenticate with F10, please find config below as well as key details:
Dell10G-1 #show running-config
Current configuration...
! Version 9.0 (1.3)
! Last modification of the configuration to Fri Feb 21 14:07:21 2014 by default
! Startup-config updated Fri Feb 21 12:50:21 2014 by default
!
start the primary system battery-unit 1: A:
start a system secondary battery-unit 1: B:
start the system default stack-unit 1: A:
start the primary system battery-unit 2: A:
start a system secondary battery-unit 2: B:
start the system default stack-unit 2: A:
!
redundancy full automatic synchronization
!
hostname Dell10G-1
!
enable password 7 b125455cf679b208d3169fc631698be5722a1b01b7edad00
!
username admin password 7 269672acad1160b3ff0b65cde5149f32
!
no activation of dcb
!
disposal of battery-unit 1 S5000
!
stack stack-unit 1-group 14
!
stack stack-unit 1-group 15
!
TenGigabitEthernet-1/0 interface
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/1
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/2
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/3
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/4
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/5
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/6
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/7
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/8
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 9/1
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/10
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/11
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/12
no ip address
hybrid portmode
switchport
TrustDSCP of service-policy input
no downtime
!
interface TenGigabitEthernet 1/13
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 1/14
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/15
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/16
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/17
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 1/18
no ip address
Shutdown
!
interface TenGigabitEthernet 1/19
no ip address
Shutdown
!
interface TenGigabitEthernet 1/20
no ip address
Shutdown
!
interface TenGigabitEthernet 1/21
no ip address
Shutdown
!
interface TenGigabitEthernet 1/22
no ip address
Shutdown
!
interface TenGigabitEthernet 1/23
no ip address
Shutdown
!
interface TenGigabitEthernet 1/24
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 1/25
EQL-con2 description
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 1/26
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 1/27
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 1/28
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 1/29
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 1/30
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 1/31
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 1/32
no ip address
no downtime
!
interface TenGigabitEthernet 1/33
no ip address
Shutdown
!
TenGigabitEthernet 1/34 interface
no ip address
Shutdown
!
interface TenGigabitEthernet 1/35
no ip address
Shutdown
!
interface 1/48 fortyGigE
no ip address
Shutdown
!
interface fortyGigE 1/52
no ip address
Shutdown
!
disposal of battery-unit 2 S5000
!
stack stack-unit 2-group 14
!
stack stack-unit 2-group 15
!
TenGigabitEthernet-2/0 interface
no ip address
Shutdown
!
interface TenGigabitEthernet 2/1
no ip address
Shutdown
!
interface TenGigabitEthernet 2/2
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 2/3
no ip address
Shutdown
!
interface TenGigabitEthernet 2/4
no ip address
Shutdown
!
interface TenGigabitEthernet 2/5
no ip address
switchport
no downtime
!
interface TenGigabitEthernet 2/6
no ip address
Shutdown
!
interface TenGigabitEthernet 2/7
no ip address
Shutdown
!
interface TenGigabitEthernet 2/8
no ip address
Shutdown
!
interface TenGigabitEthernet 9/2
no ip address
Shutdown
!
interface TenGigabitEthernet 2/10
no ip address
Shutdown
!
interface TenGigabitEthernet 2/11
no ip address
Shutdown
!
interface TenGigabitEthernet 2/12
no ip address
Shutdown
!
interface TenGigabitEthernet 2/13
no ip address
Shutdown
!
interface TenGigabitEthernet 2/14
no ip address
Shutdown
!
interface TenGigabitEthernet 2/15
no ip address
Shutdown
!
interface TenGigabitEthernet 2/16
no ip address
Shutdown
!
interface TenGigabitEthernet 2/17
no ip address
Shutdown
!
interface TenGigabitEthernet 2/18
no ip address
Shutdown
!
interface TenGigabitEthernet 2/19
no ip address
Shutdown
!
interface TenGigabitEthernet 2/20
no ip address
Shutdown
!
interface TenGigabitEthernet 2/21
no ip address
Shutdown
!
interface TenGigabitEthernet 2/22
no ip address
Shutdown
!
interface TenGigabitEthernet 2/23
no ip address
no downtime
!
interface TenGigabitEthernet 2/24
EQL-con1 description
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/25
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/26
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 2/27
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/28
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 2/29
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/30
no ip address
hybrid portmode
switchport
no downtime
!
interface TenGigabitEthernet 2/31
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/32
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/33
no ip address
MTU 12000
switchport
no downtime
!
TenGigabitEthernet 2/34 interface
no ip address
MTU 12000
switchport
no downtime
!
interface TenGigabitEthernet 2/35
no ip address
Shutdown
!
interface fortyGigE 2/48
no ip address
Shutdown
!
interface fortyGigE 2/52
no ip address
Shutdown
!
interface ManagementEthernet 0/0
no downtime
!
ManagementEthernet 1/0 interface
IP address 10.0.0.30/24
no downtime
!
ManagementEthernet 2/0 interface
IP address 10.0.0.25/24
no downtime
!
ManagementEthernet 3/0 interface
no downtime
!
ManagementEthernet 4/0 interface
no downtime
!
ManagementEthernet-5/0 interface
no downtime
!
ManagementEthernet 6/0 interface
no downtime
!
ManagementEthernet 7/0 interface
no downtime
!
ManagementEthernet-8/0 interface
no downtime
!
interface ManagementEthernet 9/0
no downtime
!
ManagementEthernet-10/0 interface
no downtime
!
ManagementEthernet-11/0 interface
no downtime
!
interface Vlan 1
! unidentified TenGigabitEthernet-1/0-17, 27, 29, 31
! unidentified TenGigabitEthernet 2/2,5,26,28,30
!
Vlan 100 interface
ISCSI description
iSCSI name
no ip address
tagless TenGigabitEthernet 1/24-26, 28, 30
tagless TenGigabitEthernet 2/24-25, 27, 29, 31-34
no downtime
!
interface Vlan 150
VMotion description
no ip address
Tagged TenGigabitEthernet 1/27,29,31
Tagged TenGigabitEthernet 2/26,28,30
Shutdown
!
interface Vlan 999
Speech description
the voice name
no ip address
Tagged TenGigabitEthernet 1/0-3, 5, 12-13
no downtime
!
interface Vlan 4000
no ip address
Shutdown
!
interface Vlan 4001
no ip address
Shutdown
!
interface Vlan 4003
no ip address
Shutdown
!
interface Vlan 4010
no ip address
Shutdown
!
interface Vlan 4020
no ip address
Shutdown
!
interface Vlan 4030
no ip address
Shutdown
!
management route 0.0.0.0/0 10.0.0.1
!
class service dynamics dot1p
!
SNMP-server community Monitoring ro
Server enable SNMP traps bgp
SNMP-Server enable traps snmp authentication linkdown, linkup cold start
Server enable SNMP traps vrrp
Server enable SNMP traps lacp
entity of traps activate SNMP Server
Enable SNMP-Server intercepts stp
Server enable SNMP traps ecfm
Server enable SNMP traps vlt
Enable SNMP-Server intercepts fips
Server enable SNMP traps xstp
Enable SNMP-Server intercepts ets
Server enable SNMP traps envmon cam-use temperature power fan
Server enable SNMP traps eoam
Enable SNMP-Server intercepts pfc
Host Server SNMP 10.0.0.238 traps version 1 monitoring - port udp 162
!
class-map correspondence-everything ClassMap1
match ip dscp 46
!
Policy-map-input TrustDSCP
Class-card service-queue ClassMap1 2
Trust diffserv
!
Lldp Protocol
to advertise dot1-tlv, port port-protocole-vlan-id-vlan-id
advertise dot1-tlv-name of vlan id the vlan-999
advertise med
advertise med 999 6 46 voices
!
0 line console
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
end
______________________________
Dell10G-1 #show snmp group
GroupName: v1v2creadg security model: v1
readview: v1v2cdefault writeview: no give view entry
notifyview: v1v2cdefault context: no context specified
status: Active
GroupName: v1v2creadg security model: v2c
readview: v1v2cdefault writeview: no give view entry
notifyview: v1v2cdefault context: no context specified
status: Active
GroupName: v1v2cwriteg security model: v1
readview: v1v2cdefault writeview: v1v2cdefault
notifyview: v1v2cdefault context: no context specified
status: Active
GroupName: v1v2cwriteg security model: v2c
readview: v1v2cdefault writeview: v1v2cdefault
notifyview: v1v2cdefault context: no context specified
status: Active
__________________________________
Dell10G-1 #show snmp community
Community: monitoring
Background: no
Security-name: v1v2creadu
Community: public
Background: no
Security-name: v1v2creadu
Don't know if there are other settings of snmp that must be put in place or I missed something
Thank you for your help
Hello
Can you try to set up OMNM like this http://en.community.dell.com/support-forums/network-switches/f/866/t/19535001.aspx
Set up two profiles of authentication in OMNM. ((1) SNMP v1/v2c and used the SNMP community string, I put on the Force 10 switch 2) Telnet/SSH using the switches telnet user ID, password and the password 'Enable' leaving him activate ID empty.
Creation of the VLAN between Powerconnect 5548 and F10 s4810...
In the coming months we will replace our network equipment. I was able to get their hands on the new gear at the beginning, and if I'm not traditionally a guy from the network, the project has been given to me and I started playing. The first thing that I wanted to work on was implemented VLANs. I have configured the switches like the picture below:
When I have IP every PC connected to the same subnet and apply VLAN10 to their respective ports, they aren't to pings within the same stack or between cells. My basic understanding is that they are, do they not? Did I miss something in my understanding of VLANS or is there a problem with my configs? I posted the configs below.
RTTMOACCESS01 config:
database of VLAN
VLAN 10,20,30,40,50
output
Add a voice vlan Yes-table Nortel___ 000181
Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
Add a voice vlan Yes-table 00036 b Cisco_phone___
Add a voice vlan Yes-table 00096e Avaya___
Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
Add a voice vlan Yes-table Shoretel___ 001049
Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
VLAN voice Yes-table add 00907 Polycom/Veritel_phone___
Add a voice vlan Yes-table 00e0bb 3Com_phone___
860 port address 0.0.0.0 iSCSI target
port 3260 address 0.0.0.0 iSCSI target
port 9876 address 0.0.0.0 iSCSI target
port 20002 address 0.0.0.0 iSCSI target
20003 port address 0.0.0.0 iSCSI target
port 25555 address 0.0.0.0 iSCSI target
hostname rttmoaccess01
no console logging
privilege 15
!
interface vlan 10
Name IT
!
interface vlan 20
name UserPCs
!
interface vlan 30
name UserTCs
!
interface vlan 40
the voice name
!
interface vlan 50
Name printers
!
gigabitethernet1/0/1 interface
switchport access vlan 10
!
tengigabitethernet1/0/1 interface
switchport mode general
switchport general allowed vlan add 10 tag
switchport general allowed vlan add 20 tag
switchport general allowed vlan add 30 tag
switchport general allowed vlan add 40 tag
switchport general allowed vlan add 50 tag
!
gigabitethernet2/0/1 interface
switchport access vlan 10
!
tengigabitethernet2/0/1 interface
switchport mode general
switchport general allowed vlan add 10 tag
switchport general allowed vlan add 20 tag
switchport general allowed vlan add 30 tag
switchport general allowed vlan add 40 tag
switchport general allowed vlan add 50 tag!
Default settings:
Service etiquette: 76BYTS1
SW version 4.1.0.8 (28 August 2012 time 11:17:36)
Gigabit Ethernet ports
=============================
Speed 1000
full duplex
negotiation
flow control
Auto MDIX
no back pressure
interface vlan 1
interface port-channel 1-32
spanning tree
spanning tree mode RSTP
basis of QoS
QoS trust cos
Enable IASRTTMOACCESS02 config:
database of VLAN
VLAN 10,20,30,40,50
output
Add a voice vlan Yes-table Nortel___ 000181
Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
Add a voice vlan Yes-table 00036 b Cisco_phone___
Add a voice vlan Yes-table 00096e Avaya___
Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
Add a voice vlan Yes-table Shoretel___ 001049
Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
VLAN voice Yes-table add 00907 Polycom/Veritel_phone___
Add a voice vlan Yes-table 00e0bb 3Com_phone___
860 port address 0.0.0.0 iSCSI target
port 3260 address 0.0.0.0 iSCSI target
port 9876 address 0.0.0.0 iSCSI target
port 20002 address 0.0.0.0 iSCSI target
20003 port address 0.0.0.0 iSCSI target
port 25555 address 0.0.0.0 iSCSI target
hostname rttmoaccess01
no console logging
privilege 15
!
interface vlan 10
Name IT
!
interface vlan 20
name UserPCs
!
interface vlan 30
name UserTCs
!
interface vlan 40
the voice name
!
interface vlan 50
Name printers
!
gigabitethernet1/0/1 interface
switchport access vlan 10
!
tengigabitethernet1/0/1 interface
switchport mode general
switchport general allowed vlan add 10 tag
switchport general allowed vlan add 20 tag
switchport general allowed vlan add 30 tag
switchport general allowed vlan add 40 tag
switchport general allowed vlan add 50 tag
!
gigabitethernet2/0/1 interface
switchport access vlan 10
!
tengigabitethernet2/0/1 interface
switchport mode general
switchport general allowed vlan add 10 tag
switchport general allowed vlan add 20 tag
switchport general allowed vlan add 30 tag
switchport general allowed vlan add 40 tag
switchport general allowed vlan add 50 tag
!
Default settings:
Service etiquette: 76BYTS1
SW version 4.1.0.8 (28 August 2012 time 11:17:36)
Gigabit Ethernet ports
=============================
Speed 1000
full duplex
negotiation
flow control
Auto MDIX
no back pressure
interface vlan 1
interface port-channel 1-32
spanning tree
spanning tree mode RSTP
basis of QoS
QoS trust cos
Enable IASConfig RTTMOCORE
! Version 8.3.12.0
! Last modification of the configuration to Fri Jun 14 13:31:58 2013 default
! Startup-config updated Fri Jun 14 13:32:40 2013 default
!
start the primary system battery-unit 0: A:
start a system secondary battery-unit 0: B:
start the system stack-unit 0 default: A:
start the primary system battery-unit 1: A:
start a system secondary battery-unit 1: B:
start the system default stack-unit 1: A:
!
redundancy full automatic synchronization
!
Hardware watchdog
!
no console logging
!
hostname rttmocore
!
disposal of battery-unit 0 S4810
!
stack-unit 0 battery-group 14
!
stack-unit 0 battery-group 15
!
interface TenGigabitEthernet 0/46
no ip address
switchport
FlowControl rx tx off
no downtime
!
interface TenGigabitEthernet 0/47
no ip address
switchport
FlowControl rx tx off
no downtimedisposal of battery-unit 1 S4810
!
stack stack-unit 1-group 14
!
stack stack-unit 1-group 15
!
interface TenGigabitEthernet 1/46
no ip address
switchport
FlowControl rx tx off
no downtime
!
interface TenGigabitEthernet 1/47
no ip address
switchport
FlowControl rx tx off
no downtime
!
!
interface Vlan 1
!
interface Vlan 10
Description IT
Name IT
no ip address
Tagged TenGigabitEthernet 0/46-47
Tagged TenGigabitEthernet 1/46-47
Shutdown
!
interface Vlan 20
Description UserPCs
name UserPCs
no ip address
Shutdown
!
interface Vlan 30
Description UserTCs
name UserTCs
no ip address
Shutdown
!
interface Vlan 40
Speech description
the voice name
no ip address
Shutdown
!
interface Vlan 50
Printers description
Name printers
no ip address
Shutdown
!
Lldp Protocol
!
0 line console
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
endI would say lets start with one side and obtain communication of work between the two computers on the same stack at RTTMOACCESS01. The port settings for the 1/01 and 2/01 look great both in access mode for VLAN 10. Which IP addresses and subnets you assign to computers?
5548 to battery power battery connection 10 also appear to not be in a LAG, then we run two connections like that and they aren't in a SHIFT, we create a loop and a single connection will enter a blocking state.
For the connections between the 5548 and force 10, I suggest to turn them into a GAP. The command should look like this.
Console > activate
Console # configure
Console (config) # (config) # interface tengigabitethernet 1/0/1
Console (config) # port - 1 automatic mode group
output console #.
Console (config) #.
Do the same for Te2/0/1
Then we set up this OFFSET to set it up, and I would try to use the trunk instead of general mode mode.
Console (config) # interface port-channel 1
console switchport mode trunk #.
console # permit trunk switchport vlan add 10,20,30,40,50 tag
The same should be done for the Force switch 10.
Te0/46.1/46 in a SHIFT
Te0/47.1/47 in another SHIFT
Put in the trunk and let the VLANS on the trunk.
Allows to study these settings and see if we can make any progress.
Thank you
PowerConnect 6224 Switch Netgear L2 and
Hi, I have now successfully configured my PowerConnect 6224, host and road between the 4 VLANS, I have access to the internet and can ping I have, is all great work. The next thing on my list is to set up my router L2 netgear to work with the port based VLAN, I want to connect L2 switch port 1/g23 on my PowerConnect 6224, as far as I understand this port must be a trunk port allowes all WHAM, here's them my config for the PowerConnect 6224:
! Current configuration:
! Description of the system 'Dell 24 ports Gigabit Ethernet, 2.0.1.8, VxWorks5.5.1'
! Version of the software system 2.0.1.8
!
Configure
database of VLAN
VLAN 10,20,30
subnet of VLAN association 192.168.1.0 255.255.255.0 1
subnet of VLAN association 192.168.2.0 255.255.255.0 10
subnet of VLAN association 192.168.20.0 255.255.255.0 20
subnet of VLAN association 192.168.30.0 255.255.255.0 30
output
battery
1 1 member
output
1 priority 1 switch
IP 192.168.1.1 255.255.255.0
IP - xxx.xx.xx domain name
Name 192.168.2.10 IP-server
IP-name 192.168.2.30 Server
IP routing
IP route 0.0.0.0 0.0.0.0 192.168.2.201
bootpdhcprelay enable
bootpdhcprelay IP_serveur 192.168.2.10
bootpdhcprelay cidridoptmode
192.168.2.1 IP helper-address 192.168.2.10 37
192.168.2.1 IP helper-address 192.168.2.10 49
192.168.2.1 IP helper-address 192.168.2.10 137
192.168.2.1 IP helper-address 192.168.2.10 138
IP helper 192.168.20.1 192.168.2.10 37
IP helper 192.168.20.1 192.168.2.10 49
IP helper 192.168.20.1 192.168.2.10 137
IP helper 192.168.20.1 192.168.2.10 138
IP helper 192.168.30.1 192.168.2.10 37
IP helper 192.168.30.1 192.168.2.10 49
IP helper 192.168.30.1 192.168.2.10 137
IP helper 192.168.30.1 192.168.2.10 138
interface vlan 10
"Name servers".
Routing
IP 192.168.2.1 255.255.255.0
Send IP rip rip1 version
IRDP IP
output
interface vlan 20
the "sale".
Routing
address 192.168.20.1 255.255.255.0
Send IP rip rip1 version
IRDP IP
output
interface vlan 30
name 'accounts '.
Routing
192.168.30.1 IP address 255.255.255.0
IP netdirbcast
Send IP rip rip1 version
IRDP IP
output
level password user name 'michi' encrypted 15 4f70cfb1451a1b0ce0b872421bee6c1c
!
interface ethernet 1/g1
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10,20,30
output
!
interface ethernet 1/g3
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10,20,30
output
!
interface ethernet 1/g4
switchport mode general
switchport General pvid 20
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 20
output
!
interface ethernet 1/g5
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10,20,30
output
!
interface ethernet 1/g7
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10
output
!
interface ethernet 1/g8
switchport mode general
switchport General pvid 30
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 30
output
!
interface ethernet 1/g23
switchport mode trunk
switchport trunk allowed vlan add 1,10,20,30
output
!
interface ethernet 1/g24
switchport mode general
pvid switchport General 10
No switchport acceptable-framework-type general tag only
VLAN allowed switchport General add 10,20,30
output
outputOn my netgear L2 switch that I want to connect the port 24 to 1/g23 of my Dell switch, but I can't seem to be able to make it work somehow, here is my config to the Netgear switch:
! Current configuration:
!
! Description of the system "GSM7224 L2 managed Gigabit Switch"
! Description of the system 6.2.0.14
!
Quickly define "GSM7224.
Network Protocol No
network settings 192.168.1.2 255.255.255.0 192.168.1.1
database of VLAN
VLAN 10
10 name servers of VLAN
VLAN 20
name of VLAN 20 sales
VLAN 30
name of VLAN 30 accounts
output
Configure
clock timezone "GMT" 0 0
SNTP client unicast mode
! The SNTP server is active
Server SNTP PooleOne.xxx.xx.xx
set logging in buffered memory
lineconfig
output
Storm-control flowcontrol
name of the configuration of protocols spanning-tree 00-0F-B5-FC-BA-62
public@10 SNMP-Server community
public@20 SNMP-Server community
public@30 SNMP-Server community
IP - xxx.xx.xx domain name
Name 192.168.2.10 IP-server
192.168.2.30
192.168.2.201
interface 0/1
pvid VLAN 10
participation of VLAN include 10
output
interface 0/2
pvid VLAN 20
participation of VLAN include 20
output
interface 0/3
pvid VLAN 30
participation of VLAN include 30
output
interface 0/4
output
interface 0/5
output
interface 0/6
output
interface 0/7
output
0/8 interface
output
interface 0/9
output
interface 0/10
output
interface 0/11
output
interface 0/12
output
interface 0/13
output
interface 0/14
output
interface 0/15
output
interface 0/16
output
interface 0/17
output
interface 0/18
output
interface 0/19
output
interface 0/20
output
interface 0/21
output
interface 0/22
output
interface 0/23
output
interface 0/24
Description "Trunk Port.
marking 1 VLAN
participation of VLAN include 10
VLAN tagging 10
participation of VLAN include 20
VLAN tagging 20
participation of VLAN include 30
VLAN tagging 30
output
output
First; is it possible to achieve what I'm trying to do with my equipment?
Second; where I went wrong in my configs?
Thank you very much for your help.
SG 200 - 08 p - PC connection and phones
Hello
We have a serious problem here with some new firmware for switches 200 - 08 p SG: 1.0.6.2
They are installed behind layer 2 switches 2 SG - 200 50 - real firmware 1.3.2.02.
We have 4 VLANS: 1 for 2 for the PHONE, the RPF MGMNT 10 and 20 for CUSTOMERS - and DATA on the VLAN only 08 P 1 + 2 is required. CDR protocoll is active.
Ports 1-7 on the P-08 is configured as 'Trunk, 1U, 2 t,' setting: Auto negotiation WE. We tried FlowControl ON and - makes no difference. 8 port is configured as "Trunk, 1U, 2 t, 10 t" switch of the floor. The connection port on the floor switch configuration ist 50-switch of SG - 200 as "Trunk, 1U, 2 t, 10 t".
One of the problem switches: on 1-4 08-p port is connected 4 phones Cisco 6921. On the 5-7 Port is connected 1 HP Z400 and 2 Elite 7200 PCs. 6921 phones is switching to a laptop DELL Latitude 6420.
It so happens every morning, the first fixed PC ist works fine, then the switch must be turned to get the next PC connected to the network. Switching 6921 phone does not connect. But after a few more switching market of this walk.
We thried another material 08-P with the same configuration, we tried an older firmware level... we configure ports PoE-phone as GENERAL 1U, 2 T. We gave to external power for phones that PoE is not overloaded... nothing doesn't. Only a few switching/disable help and the PC gets its address IP of the DHCP server and phones all come a discovery of the 6000 CU.
Is there an outside person who can lend a hand on this?
Thank you so far...
Hi Mr. Jens-Peter,.
I would try to disable smartports and ethernet green on SG200 switches. Then you have to encode each of the ports to have the necessary settings. Often when a reboot is required to restore the feature smartports is the cause.
Regarding 6921 phones, you need to be sure to have auto voice vlan enabled. Otherwise, the phones won't be able to pick up the VLAN correct via CDP. Let me know, if you have any questions.
-Good Trent
* Please note the useful messages! **
Impossible to get my 3560G switch talk to ESX 3.5 and the EMC NAS servers.
I tried for the past two weeks to get my 3560G switch to talk to a couple of ESX 3.5 servers, but VC and the EMC NAS. The goal is to implement 2 Etherchannels on the physical switch and aggregation of NETWORK cards on the vSwitch. A port-channel will have 1 VLAN it crosses, and the other port-channel will have 2 VLANS across it. VLANS have been implemented on the vSwitch mirror the VLAN I have on the 3560G. I want to (have to) use the load balancing. Also, I read other forums and websites to get ideas on how to implement, and every solution is different from the other. The problem seems to reside mainly in the configuration of VLAN on the physical switch in my humble OPINION, because if I just switch a switch, dummy can talk without problem. The following information, I already know, not because it's my requirement, but rather the parts that must be present for the entire configuration to succeed.
All interfaces in an Etherchannel must belong to the same VLAN or considered trunks. I take this means that for the second port-channel, I have to configure interfaces as the trunks, since I need 2 VLAN different to go the link. -I tried to configure them as trunks and the ports of access, and none seemed to work.
vSwitch must be configured to "Route based on the hash of the intellectual property."
port-channel - the load balancing must use the src-dst-ip option.
FlowControl receive desired must be set
Jumbo mtu 9000 system must be set to
Here is an excerpt of my configuration:
src-dst-ip port-channel load-balance
No file verify auto
pvst spanning-tree mode
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
Interface Port-Channel 1 - Port-canal2 is configured similarly to this one.
switchport trunk dot1q encap
switchport vlan trunk native 2
switchport trunk allow 3 - Po2 allows instead of VLAN 4.5
switchport mode trunk
!
interface Gigabitethernet0/1-gi0/1 - 20 are configured similarly to this one.
switchport trunk dot1q encap
switchport vlan trunk native 2
switchport trunk 3 - gi0/13 - 14 permits vlan 4 and gi0/15-20 allow vlan 5
switchport mode trunk
FlowControl receive desired
channel-group mode 1 on
!
Interface Gigabitethernet0/21 - 28 are stop
!
interface Vlan1
no ip address
Shutdown
!
interface Vlan2
IP address x.x.1.2 255.255.255.0
!
interface Vlan3 - 5 are configured identically
no ip address
!
IP default-gateway x.x.1.1
This should be enough to give you an idea about where I am and where I belong. Any information you can provide would be greatly appreciated!
Hello
You config works without using etherchannel?
On the ESX, I think that the vlan native is 0, you describe that?
In addition, you use the 3560 as layer pΘriphΘrique layer-3 2, right?
Reza
VPN split tunnel with 1811W and IAS RADIUS problems
I am very new to the implementation of a VPN IPSEC with a Cisco router. I know very well on the way to do it with a PIX / ASA, but the controls are a bit different in IOS, where my questions. Here is what is happening, I can connect to the VPN with the Cisco VPN Client. I would assign it an address of my ip pool that I created, but when I try to access the remote network somehow, I can't. I ran a tracert and what is really weird, is that I get the external IP address of the 1811W as my first jump when I list an internal IP address of the remote network (it also fixes the device FULL domain name, so I know that my DNS configuration is correct). I will list my config to the 1811W as well as the screenshot of the tracert. I've removed all the passwords that are encrypted, but they are there in the router config and I am able to connect to the network and click the IAS server behind it. Please excuse the config as we took it during another TI provider so that it can have a few additional entries that may not be necessary that I have not yet cleaned.
Tracert:
And here's the full config:
Building configuration...
Current configuration: 9320 bytes
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime localtime show-time zone
encryption password service
!
hostname RTR01
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
enable password 7
!
AAA new-model
!
!
AAA authentication login userauthen local radius group
AAA authorization groupauthor LAN
!
!
AAA - the id of the joint session
clock TimeZone Central - 6
!
SSID dot11 internal
VLAN 5
open authentication
authentication wpa key management
Comments-mode
WPA - psk ascii 7
!
dot11 ssid public access
VLAN 10
open authentication
!
!
!
IP cef
No dhcp use connected vrf ip
DHCP excluded-address 192.168.1.1 IP 192.168.1.10
DHCP excluded-address IP 192.168.1.20 192.168.1.254
!
public IP dhcp pool
import all
network 192.168.1.0 255.255.255.0
default router 192.168.1.1
DNS-server 10.50.123.15 207.69.188.186
!
!
no ip domain search
IP domain name pohlmanreporting.com
!
Authenticated MultiLink bundle-name Panel
!
Crypto pki trustpoint TP-self-signed-3986412950
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3986412950
revocation checking no
rsakeypair TP-self-signed-3986412950
!
!
TP-self-signed-3986412950 crypto pki certificate chain
certificate self-signed 01
quit smoking
!
!
password username admin privilege 15 7
username cisco password 7
username secret privilege 15 ssetech 5
Archives
The config log
!
!
!
!
crypto ISAKMP policy 1
BA 3des
md5 hash
preshared authentication
Group 2
!
crypto ISAKMP policy 10
BA 3des
preshared authentication
Group 2
!
Configuration group VPNGROUP crypto isakmp client
me?
DNS 10.50.123.15
domain domain.com
pool VPNPOOL
ACL 110
include-local-lan!
!
Crypto ipsec transform-set esp-3des-md5 esp-3des esp-md5-hmac
Crypto ipsec transform-set esp-des-md5 esp - esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_3DES_SHA
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
crypto dynamic-map EXA_DYNAMIC_MAP 10
Set transform-set RIGHT
market arriere-route
!
!
card crypto client EXT_MAP of authentication list userauthen
card crypto isakmp authorization list groupauthor EXT_MAP
crypto card for the EXT_MAP client configuration address respond
card crypto EXT_MAP 10-isakmp dynamic ipsec EXA_DYNAMIC_MAP
!
!
!
Bridge IRB
!
!
!
interface FastEthernet0
IP 64.199.140.138 255.255.255.248
IP access-group denied-hack-attack in
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
route IP cache flow
automatic duplex
automatic speed
No cdp enable
card crypto EXT_MAP
!
interface FastEthernet1
REDUNDANT INET CONNECTION description
no ip address
automatic duplex
automatic speed
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
FastEthernet6 interface
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
Description 802. 11B / G interface
no ip address
!
encryption vlan 5 tkip encryption mode
!
SSID internal
!
public access SSID
!
Base speed - 1.0 2.0 basic basic-5, 5 6.0 9.0 basic-11, 0 12.0 18.0 24.0 36.0 48.0
channel 2462
root of station-role
!
interface Dot11Radio0.5
encapsulation dot1Q 5
No cdp enable
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface Dot11Radio0.10
encapsulation dot1Q 10
IP 192.168.1.1 255.255.255.0
IP access-group 130 to
IP nat inside
IP virtual-reassembly
No cdp enable
!
interface Dot11Radio1
description of the 802 interface. 11A
no ip address
Shutdown
Speed - Basic6.0 9.0 basic - 12.0 18.0 basic-24, 0-36.0 48.0 54.0
root of station-role
!
interface Vlan1
no ip address
Bridge-Group 1
!
interface Async1
no ip address
encapsulation sheet
!
interface BVI1
IP 10.50.123.1 255.255.255.0
IP access-group 105 to
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1452
!
local IP VPNPOOL 192.168.130.1 pool 192.168.130.50
IP route 0.0.0.0 0.0.0.0 64.199.140.137
IP route 10.60.52.0 255.255.255.0 10.50.123.2
!
!
IP http server
local IP http authentication
IP http secure server
IP http timeout policy inactive 600 life 86400 request 10000
IP nat POOL 64.199.140.138 pool 64.199.140.142 netmask 255.255.255.248
overload of IP nat inside source list 120 interface FastEthernet0
IP nat inside source map of route-nat interface FastEthernet0 overload
IP nat inside source static tcp 10.50.123.14 21 64.199.140.138 21 expandable
IP nat inside source static tcp 10.50.123.11 25 64.199.140.138 25 expandable
IP nat inside source static tcp 10.50.123.11 80 64.199.140.138 80 extensible
IP nat inside source static tcp 10.50.123.11 143 64.199.140.138 143 extensible
IP nat inside source static tcp 10.50.123.11 443 64.199.140.138 443 extensible
IP nat inside source static tcp 10.50.123.10 64.199.140.138 1723 1723 extensible
IP nat inside source static tcp 10.50.123.14 21 64.199.140.139 21 expandable
IP nat inside source static tcp 10.50.123.18 80 64.199.140.139 80 extensible
IP nat inside source static tcp 10.50.123.18 443 64.199.140.139 443 extensible
IP nat inside source static tcp 10.50.123.18 64.199.140.139 3389 3389 extensible
IP nat inside source static tcp 10.50.123.14 80 64.199.140.141 80 extensible
IP nat inside source static tcp 10.50.123.14 443 64.199.140.141 443 extensible
IP nat inside source static 10.50.123.40 expandable 64.199.140.142
!
deny-hack-attack extended IP access list
permit udp 10.0.0.0 0.255.255.255 any eq snmp
deny udp any any eq snmp
deny udp any any eq tftp
deny udp any any eq bootpc
deny udp any any eq bootps
deny ip 172.16.0.0 0.15.255.255 all
deny ip 192.168.0.0 0.0.255.255 everything
allow an ip
!
recording of debug trap
record 10.50.123.15
access-list 99 allow 10.0.0.0 0.255.255.255
access-list 99 allow 69.63.100.0 0.0.1.255
access-list 102 permit ip 10.50.123.0 0.0.0.255 10.60.52.0 0.0.0.255
access-list 105 deny ip any host 69.63.101.225
105 ip access list allow a whole
access-list 110 permit ip 10.50.123.0 0.0.0.255 192.168.130.0 0.0.0.255
access-list 111 deny ip 10.50.123.0 0.0.0.255 10.10.0.0 0.0.255.255
access-list 111 deny ip 10.50.123.0 0.0.0.255 10.60.52.0 0.0.0.255
access-list 111 allow ip 10.50.123.0 0.0.0.255 any
access-list 112 deny ip 10.50.123.0 0.0.0.255 172.0.0.0 0.0.0.255
access ip-list 112 allow a whole
access-list 120 allow ip 192.168.1.0 0.0.0.255 any
access-list 130 allow udp 192.168.1.0 0.0.0.255 host 10.50.123.10 eq field
access list 130 permit tcp 192.168.1.0 0.0.0.255 host 10.50.123.10 eq field
access list 130 permit tcp 192.168.1.0 0.0.0.255 host 10.50.123.16 eq www
access list 130 permit tcp 192.168.1.0 0.0.0.255 host 10.50.123.16 eq 443
access-list 130 deny ip any 10.0.0.0 0.255.255.255
access-list 130 ip allow a whole
SNMP-server community no RO
!
!
!
map of route-nat allowed 10
corresponds to the IP 111
!
!
!
RADIUS-server host 10.50.123.13 auth-port 1645 acct-port 1646 hits 7
!
control plan
!
Bridge Protocol ieee 1
1 channel ip bridge
!
Line con 0
exec-timeout 120 0
line 1
Modem InOut
StopBits 1
Speed 115200
FlowControl hardware
line to 0
line vty 0 4
location * Access Virtual Terminal allowed only from internal network *.
access-class 99 in
exec-timeout 0 0
connection of authentication userauthen
transport input telnet ssh
!
max-task-time 5000 Planner!
WebVPN cef
!
WebVPN context Default_context
SSL authentication check all
!
no go
!
!
endYou must also create NAT exemption for traffic between your internal network to the VPN Client pool.
You have the following NAT 2 instructions:
overload of IP nat inside source list 120 interface FastEthernet0
IP nat inside source map of route-nat interface FastEthernet0 overloadFor the 120 access list, please add the following:
120 extended IP access list
1 refuse the ip 10.50.123.0 0.0.0.255 192.168.130.0 0.0.0.255
Uses of "-nat ' ACL 111 route map, please also add the following:
111 extended IP access list
1 refuse the ip 10.50.123.0 0.0.0.255 192.168.130.0 0.0.0.255
Then ' delete ip nat trans * "after the above changes and try to connect again.
Hope that helps.
Maybe you are looking for
-
Sent in Outlook Express email is sent several times. How can I stop this?
Outlook Express problem I have a problem with mail going on Outlook Express 6. outgoing mail is received by the recipient, but email remains in the Inbox and is continualy sent causing the recipient receive several emails until I have remove the box
-
Hello, in Device Manager, I have 2 devices missing their divers. They say he Pci controller of encryption/decription and develop a it comes with the unknown device (ACPI\ASD0001\2 & DABA3FF & 2) Can you help me please!
-
I cnt download mxit couse fail e-mail and password cannot be validated
-
I have a G50 Notebook comes with Vista Home Basic. I installed a Vista Home Premium on it, and now I have no ethernet, sm or coprocessor bus controller controller. Because I can't connect to internet, I tried to download the software on my other PC a
-
APEX 5 - alignment button horizontal
Hi guys,.I'm fighting with the left, aligning the buttons next to the menu interactive report 'Action '. Whenever I place the buttons in the position of button 'right of the search bar of interactive report' I can't align the button to the left, just
