Multicast on subnets

Similar Questions

• Apple Hello multicasts between subnets on ISA500 (ISA550/ISA570)

  Nice day!

  For several reasons we have separated the mobile clients (iPhone/iPad) of the server and cable customers. However, we always sync and back up the iDevices to the Apple server. This is why we must move the multicasts Hello between subnets.

  As for our topology, we use an ISA570 such as firewall and central router connected directly to the couple points (AP1042) independent wireless access, all iDevices have fixed IPS (e.g., 10.100.100.50). In addition, we have SG300 switches. However, to track down the issue, we have connected the MacServer directly to the ISA570 (fixed IP 10.100.11.25). Domain and DNS controller is located on a different subnet, but works very well, also the fixed IP.

  Port 2: AP1042 (trunk, VLAN: by default, iDevices)
  Channel 6: MacServer, OSX 10.8 (access, VLANS: Server)
  Port 7: Windows domain & DNS controller

  VLAN 4 Server, 10.100.10.0/24, area: Server
  VLAN 5 AppleServer, 10.100.11.0/24, area: AppleServer
  VLAN 7 iDevices, 10.100.100.0/24, area: iDevices

  In the firewall settings, we allowed IPv4_Multicast as the destination between two areas (both directions) and also open to everything.
  Multicast is enabled, not blocked.

  However, Hello still does not work. What do we lack?

  Best regards

  Roland

  Roland,

  ISA500 products do not currently support routing multicast or transfer.  We will consider adding these features in a future release.

  The problem of routing or repeat Hello traffic between several subnets is a common problem.  Google "bonjour on subnets" or "mdns on subnets" or similar expressions and you will get a lot of hits and alternatives.

  If you have a system under your control with access to two subnets you can try to run a proxy program, Repeater or reflector of Hello to solve this problem.  Some examples of free programs that support are Avahi mdns-Repeater:

  http://avahi.org/

  https://BitBucket.org/geekman/MDNs-Repeater/

  There are also commercial products, such as Hello Gateway:

  http://Aerohive.com/products/software-management/Bonjour-gateway

  Kind regards

  Dan Carlson

• Creation of database of cluster requires default listener configured and executed in grid House Infrastructure.

  Hello!

  I created the new database with DBSA in configuration RAC (NŒUD 2)
  Oracle Database 11 g Enterprise Edition Release 11.2.0.3.0 - 64 bit

  Release of Red Hat Enterprise Linux Server 5.8

  Requirements has successfully passed:

  [oracle@db1-mng ~] $ cluvfy stage - pre dbcfg - n mng - db1, db2 - mng - d
  /U01/app/Oracle/product/11.2.0.3/dbhome_1

  Perform preliminary checks for database configuration

  Check accessibility of node...

  Accessibility of node check from node "db1 - mng.

  Check the user equivalence...

  User equivalence check passed for user 'oracle '.

  Verify node connectivity...

  Checking hosts config file...

  The hosts config file verification successful

  Check: connectivity interface node 'bondeth0 '.

  Connectivity node passed to the interface 'bondeth0 '.

  Check the TCP connectivity to subnet "10.116.176.196."

  Check: connectivity interface node 'bondib0 '.

  Connectivity to the node passed to the interface 'bondib0 '.

  Check the TCP connectivity to subnet "192.168.18.10."

  Checking consistency of subnet mask...

  Consistency of subnet mask check passed for subnet
  '10.116.176.196 '.

  Consistency of subnet mask check passed for subnet
  '192.168.18.10 '.

  Verification of consistency for the last subnet mask.

  Check the passed node connectivity

  Checking for multicast communication...

  Check "10.116.176.196" for multicast communication subnet with
  Multicast group '230.0.1.0 '...

  Subnet check "10.116.176.196" for multicast communication with
  from '230.0.1.0' multicast group

  Check "192.168.18.10" for multicast communication subnet with
  Multicast group '230.0.1.0 '...

  Subnet check "192.168.18.10" for multicast communication with
  from '230.0.1.0' multicast group

  Control of transmitted multicast communication.

  Total memory check passed

  Check the available memory

  Checking space last swap

  Check the disk space free past for
  'db1-mng:/u01/app/oracle/product/11.2.0.3/dbhome_1 '.

  Check the disk space free past for
  'db2-mng:/u01/app/oracle/product/11.2.0.3/dbhome_1 '.

  Free disk space for audit "db1 - mng: / tmp '.

  Free disk space for audit "db2 - mng: / tmp '.

  Check for multiple users with the value of the UID 1000 ago

  Check for existence of user for 'oracle '.

  Existence of group check passed for "oinstall".

  Existence group check passed for "dba".

  Membership check for user 'oracle' in group 'oinstall' [as principal]
  past

  Membership to check for 'oracle' user group 'dba' spent

  Run control the level of the past

  Hard deadline check passed for "maximum open file."
  "descriptors of '.

  Verification of limits soft for "maximum open file."
  "descriptors of '.

  Hard limits check passed for "maximum user process.

  The soft limits check passed for "maximum user process.

  The system architecture check past

  Check the version of the kernel spent

  Kernel parameter check passed for "semmsl.

  Kernel parameter check passed for "semmns.

  Kernel parameter check passed for "semopm.

  Kernel parameter check passed for "semmni.

  Kernel parameter check passed for "shmmax.

  Kernel parameter check passed for "shmmni(5)."

  Kernel parameter check passed for "shmall.

  Kernel parameter check passed for 'file-max.

  Kernel parameter check passed for "ip_local_port_range.

  Kernel parameter check passed for "rmem_default."

  Kernel parameter check passed for "rmem_max.

  Kernel parameter check passed for "wmem_default."

  Kernel parameter check passed for "wmem_max.

  Kernel parameter check passed for "aio-max-nr.

  Existence of package check passed to 'make it '.

  Existence of package check for "binutils".

  Existence of package check passed for "gcc (x86_64).

  Existence of package check for "libaio (x86_64).

  Existence of package check for 'glibc (x86_64).

  Existence of package check passed for
  "compat-libstdc ++-33 (x86_64).

  Existence of package check passed for
  "elfutils-libelf (x86_64).

  Existence of package check passed for "elfutils-libelf-devel '.

  Existence of package check passed for 'glibc-common ".

  Existence of package check for 'glibc-devel (x86_64).

  Existence of package check for ' glibc headers.

  Existence of package check passed for "gcc - c++ (x86_64).

  Existence of package check for "libaio-devel (x86_64).

  Existence of package check for 'libgcc (x86_64).

  Existence of package check for 'libstdc ++ (x86_64).

  Existence of package check passed for
  'libstdc ++ - devel (x86_64).

  Existence of package check for "sysstat".

  Existence of package check for 'ksh '.

  Check for multiple users with the value of the UID 0 passes

  ID of current group check passed

  Audit of departure for the coherence of the primary root group
  user

  Check the consistency of the primary group of the user root past

  CRS checking the integrity...

  Consistency of version Clusterware spent

  Checking the integrity of the src passed

  Checking node application existence...

  Verification of the existence of the node VIP application (required)

  VIP application node check past

  Verification of the existence of the application of NETWORK node (required)

  Application node passed control NETWORK

  Verify the existence of GSD (optional) application node

  Application node GSD is in offline mode on nodes "mng - db1, db2 - mng"

  Verification of the existence of the application of ONS node (optional)

  ONS node application check past

  Check the consistency of zone past

  Check beforehand for the database configuration was successful.

  ------------------------------------------

  [oracle@db1-mng ~] $ ps - aef | grep lsnr

  10435 1 0 2014 Oracle?        00:09:57
  /U01/app/Oracle/product/11.2.0.3/dbhome_1/bin/tnslsnr LISTENER
  -inherit

  10447 1 0 2014 Oracle?        00:14:10
  /U01/app/11.2.0.3/grid/bin/tnslsnr LISTENER_SCAN1-inherit

  Oracle 58226 74449 14:00 0 pts/0 00:00:00 grep
  LSNR

  ------------------------------------------

  [oracle@db1-mng ~] $ lsnrctl LISTENER status

  LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 16 April 2015
  11:56:48

  Connection to
  (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC) (KEY = LISTENER)))

  STATUS of the LISTENER

  Alias LISTENER

  Settings for the listen port file
  /U01/app/Oracle/product/11.2.0.3/dbhome_1/network/admin/listener.ora

  Log file of listener
  /U01/app/Oracle/product/11.2.0.3/dbhome_1/log/diag/tnslsnr/db1-MNG/listener/alert/log.XML

  Listen to endpoint points summary...

  (DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = LISTENER)))

  (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=10.116.176.129) (PORT = 1521)))

  (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=10.116.176.100) (PORT = 1521)))

  Summary of services...

  Service '+ ASM' a 1 instance (s).

  Instance '+ ASM1' READY State, has 1 operation for this
  service...

  Service 'COM' has 1 instance (s).

  Instance "COM1", State LOAN, has 1 operation for this
  service...

  Service 'COMXDB' has 1 instance (s).

  Instance "COM1", State LOAN, has 1 operation for this
  service...

  'PM' service has 1 instance (s).

  Instance "PM1" READY State, has 1 operation for this
  service...

  Service 'PMXDB' has 1 instance (s).

  Instance "PM1" READY State, has 1 operation for this
  service...

  Service 'TEST' has 1 instance (s).

  Instance "TEST1", State LOAN, has 1 operation for this
  service...

  Service 'TESTXDB' has 1 instance (s).

  Instance "TEST1", State LOAN, has 1 operation for this
  service...

  The command completed successfully

  ----------------------------

  [oracle@db1-mng ~] $ lsnrctl status LISTENER_SCAN1

  LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 16 April 2015
  14:12:13

  Connection to
  (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC) (KEY = LISTENER_SCAN1)))

  STATUS of the LISTENER

  Alias LISTENER_SCAN1

  Settings for the listen port file
  /U01/app/11.2.0.3/grid/network/admin/listener.ora

  Log file of listener
  /U01/app/11.2.0.3/grid/log/diag/tnslsnr/db1-MNG/listener_scan1/alert/log.XML

  Listen to endpoint points summary...

  (DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = LISTENER_SCAN1)))

  (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=10.116.176.197) (PORT = 1521)))

  Summary of services...

  Service 'COM' has 2 occurrences.

  Instance "COM1", State LOAN, has 1 operation for this
  service...

  Instance "COM2", State LOAN, has 1 operation for this
  service...

  Service 'COMXDB' has 2 occurrences.

  Instance "COM1", State LOAN, has 1 operation for this
  service...

  Instance "COM2", State LOAN, has 1 operation for this
  service...

  'PM' service has 2 occurrences.

  Instance "PM1" READY State, has 1 operation for this
  service...

  Instance "PM2", State LOAN, has 1 operation for this
  service...

  Service 'PMXDB' has 2 occurrences.

  Instance "PM1" READY State, has 1 operation for this
  service...

  Instance "PM2", State LOAN, has 1 operation for this
  service...

  Service 'TEST' has 2 occurrences.

  Instance "TEST1", State LOAN, has 1 operation for this
  service...

  Instance "TEST2", State LOAN, has 1 operation for this
  service...

  Service 'TESTXDB' has 2 occurrences.

  Instance "TEST1", State LOAN, has 1 operation for this
  service...

  Instance "TEST2", State LOAN, has 1 operation for this
  service...

  The command completed successfully

  ------------------------

  Also successful on the second node db2 - mng to LISTENER_SCAN2, LISTENER_SCAN3.

  When I try to run the command "dbca responsefile - /home/oracle/PR/PRN.rsp-silent ' displays an error:

  Creation of database of cluster requires the default listening port configured and
  currents of the Home Network Infrastructure. Use NETCA in grid Infrastructure - home
  "/ u01/app/11.2.0.3/grid" to set up a front listening port
  instance.

  RAC-database now works in production. Manipulation of the Junk listener.

  How can I get around the error?

  In particular all databases have been created in the same way, the truth, about a year ago.

  Thank you, Thomas! I chose the first method) OK

• WLC 2500 - multicast / airplay - and more

  According to me, one of my biggest problem is that I don't really know the exact term and configuration that will multicast...

  This is a small network, I have a basis of 3750 X - ip switch 15.2 (1) E, that is my 'core' so to speak, a few vlans with IP and routing (static) active.

  I have a WLC 2504, version 7.4.100.0

  with a couple of 1602 and one 2602 a/c.

  The WLC is linked to a trunk, my management interface port to vlan 40, my two SSID is both on the vlan 7.

  Everything works fine, except the airtime (which I think is something Hello).

  If I used a standalone / P of all other brands, it works very well, being a pretty layer 2 bridge, I guess - but if I connect to a hosted WLC SSID, things don't work well.

  I looked at the guide to

  http://www.Cisco.com/en/us/products/HW/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml

  (Multi-Multi, because it looks like my WLC can't stand United, not selectable in any case).

  It does not say that I need a L3 multicast router - which seems odd if they are all on the same L2 segment (subnet)?

  Anyway, I don't think my 3750 X a multicast routing function - I have a 3560, who has the option of multicast routing (well, ip multicast router command exists), but I'm not using this switch for purposes of IP routing - and I couldn't find anything about what the correct way of setting this up is - as a "routing to local multicast for Dummies" or something... everything I'm trying to do is allow AirPlay between devices on the same subnet...

  the seacrhes and tried countless things, like activate wlc broadcasting, which I did, and it worked for a while then stopped...

  has someone any direction on what I need / should I set it up to make it work properly?

  (I use NO of HREAP)

  for example, the topology is

  3750 x (IP router)

  |

  | -static routed VLAN / access to ports - an A / P out of here

  |

  | -Safe for WLC2504

  |

  | -Trunk to 3560C - 2A / s P out of here

  You have certainly not routers multicast to operate a system of L2 with the multicast.

  1 enable multicast on the WLC (Controller-> activate multicast worldwide and you can enable IGMP snooping).

  2. activate the multicast group for the APs (Controller-> General-> AP-> 239.1.1.1 multicast group or something of the same address). It comes to have APs with multicast clients join a multicast group and unload the base a little network.

  That should do it.

  If they don't try any multicast traffic generator (http://sourceforge.net/projects/mc-mint/) between a source and a destination.

• Layer 2 multicast configuration?

  Hi all, my past and all experience what I read there is no additional configuration for multicast to work when the receivers and the unit which is PIM are in the same subnet? Is this correct?

  I have a subnet of PBX and voice. The device that is running PIM is in the same subnet as my receivers (phones) are in. However, my phone dude tells me that I need to enable multicasting additional functions for phones do.

  I enabled multicast in the past on some of my 3 layer devices, but, only when the device attempting to send multicast packets moving between subnets, such as imaging software.

  Are there additional configuration, I need on my switches, they are all the basis of Cisco 3560 LAN switches.

  Are there troubleshooting tips I can do on the switches to show upcoming multicast packets or not inheriting from the receiver?

  Thank you

  Dan

  Hi Dan,.

  Indeed, the Cisco Catalyst switches require no additional configuration to move within a VIRTUAL local network multicast, and by definition, no additional mechanism is necessary for a multicast should be flooded through a VIRTUAL local network.

  However, the switches Catalyst running IGMP Snooping by default, and it is possible (but not certain) that this could be the cause of trouble. IGMP Snooping is trying to optimize flood multicast by learning about connected receivers and the multicast groups that they have subscribed to and then reference the multicast only through these switchports that have receptors for the corresponding group connected to them. IGMP Snooping depends on the presence of a multicast router in a local VIRTUAL network for sending periodic IGMP Membership Query messages. If this router does not exist, IGMP Snooping is expected to remain quiescent, but experience has been uneven, sometimes.

  Then you can try to disable the IGMP Snooping on your switches just in case by simply entering the no ip igmp snooping in the global configuration mode. This will not cause any failure in your normal operation of the network.

  If it doesn't then please give us some stream information (source, destination group) multicast as well as the exact symptoms that you are experiencing.

  Best regards
  Peter

• VPN - cannot subnets behind 2nd router internal access. Help.

  Hi guys,.

  Looking for a little help after a day of frustration. I'm really new to this and student so I know I'm doing something stupid. In any case, I bought an ASA 5505 and placed it between my cable Modem and router Cisco 3745. The external interface on the ASA is dhcp, the inside interface is 192.168.100.1. The external interface of the 3745 is 192.168.100.2 and inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.

  These are the problems...

  1. when I set up a VPN to ASA session, I can ping and access resources dierectly connected to interfaces of the ASA and the 192.168.100.0 internal ASA network. However, I can't access any resource behind the 3745. I can't even ping 192.168.1.1.

  2. Although I believe I sent split tunnel, I can't turn to the internet when connected to the VPN.

  Here's my network and my config ASA topology and router config...

  ASA...

  ASA Version 8.2 (5)

  !

  poog-fw1 hostname

  Poog domain name

  activate the password * encrypted

  encrypted

  names of

  name 192.168.100.2 RouterWAN

  internal name 192.168.100.0

  name 192.168.200.0 VPN

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.100.1 address 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  boot system Disk0: / asa825 - k8.bin

  passive FTP mode

  DNS lookup field inside

  DNS domain-lookup outside

  DNS server-group DefaultDNS

  Server name 167.206.245.129

  Server name 167.206.245.130

  Poog domain name

  permit same-security-traffic intra-interface

  object-group, VPN network

  the RouterWAN object-group network

  object-group network RouterWAN-01

  object-group network RouterWAN-02

  object-group network RouterWAN-03

  object-group network RouterWAN-04

  object-group network RouterWAN-05

  the obj_any object-group network

  network of subject-group obj_any-01

  object-group network obj - 0.0.0.0

  object-group network iphone

  object-group Protocol TCPUDP

  object-protocol udp

  object-tcp protocol

  outside_access_in list extended access permitted tcp VPN 255.255.255.0 everything

  Comment from outside_access_in-Telnet access on the router list

  outside_access_in list extended access permit tcp any interface outside eq telnet

  Comment from outside_access_in-access IP cameras list

  outside_access_in list extended access allowed object-group TCPUDP any interface apart from 1021 1022 range

  outside_access_in list extended access permit tcp any interface outside eq www

  Comment from outside_access_in-list of FTP access to NAS

  outside_access_in list extended access permit tcp any interface outside eq ftp

  Comment from outside_access_in-VNC server WX access list

  outside_access_in list extended access permit tcp any interface outside eq 5900

  outside_access_in list extended access permit tcp any interface outside eq https

  Comment from outside_access_in-Telnet access on the router list

  Comment from outside_access_in-access IP cameras list

  Comment from outside_access_in-list of FTP access to NAS

  Comment from outside_access_in-VNC server WX access list

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq lpd

  Note AnyConnect_Client_Local_Print of access list IPP: Internet Printing Protocol

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq 631

  print the access-list AnyConnect_Client_Local_Print Note Windows port

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq 9100

  access-list AnyConnect_Client_Local_Print mDNS Note: multicast DNS protocol

  AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.251 eq 5353

  AnyConnect_Client_Local_Print of access list LLMNR Note: link Local Multicast Name Resolution protocol

  AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.252 eq 5355

  Note access list TCP/NetBIOS protocol AnyConnect_Client_Local_Print

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq 137

  AnyConnect_Client_Local_Print list extended access udp allowed any any eq netbios-ns

  AnyConnect_Client_Local_Print deny ip extended access list a whole

  Note AnyConnect_Client_Local_Print of access list IPP: Internet Printing Protocol

  print the access-list AnyConnect_Client_Local_Print Note Windows port

  access-list AnyConnect_Client_Local_Print mDNS Note: multicast DNS protocol

  AnyConnect_Client_Local_Print of access list LLMNR Note: link Local Multicast Name Resolution protocol

  Note access list TCP/NetBIOS protocol AnyConnect_Client_Local_Print

  inside_nat0_outbound to access extended list internal ip 255.255.255.0 allow VPN 255.255.255.0

  standard access-list internal split tunnel permit 255.255.255.0

  host of standard splitting allowed access list 192.168.1.0 tunnel

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  local pool VPNPOOL 192.168.200.10 - 192.168.200.20 255.255.255.0 IP mask

  IP verify reverse path to the outside interface

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 647.bin

  don't allow no asdm history

  ARP timeout 14400

  NAT-control

  Overall 101 (external) interface

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 101 0.0.0.0 0.0.0.0

  public static tcp (indoor, outdoor) interface telnet RouterWAN telnet netmask 255.255.255.255

  static (inside, inside) tcp 5900 5900 RouterWAN netmask 255.255.255.255 interface

  public static tcp (indoor, outdoor) interface ftp RouterWAN ftp netmask 255.255.255.255

  1021 RouterWAN 1021 netmask 255.255.255.255 static interface tcp (indoor, outdoor)

  static (inside, inside) tcp 1022 1022 RouterWAN netmask 255.255.255.255 interface

  Access-group outside_access_in in interface outside

  !

  router RIP

  internal network

  default information are created

  version 2

  No Auto-resume

  !

  Route inside 192.168.1.0 255.255.255.0 RouterWAN 1

  Route inside VPN 255.255.255.0 192.168.100.1 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http internal 255.255.255.0 inside

  http VPN 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  Telnet internal 255.255.255.0 inside

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  dhcpd outside auto_config

  !

  dhcpd address RouterWAN-RouterWAN inside

  dhcpd auto_config outside interface inside

  dhcpd allow inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  allow outside

  SVC disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 1 image

  enable SVC

  tunnel-group-list activate

  attributes of Group Policy DfltGrpPolicy

  value of server DNS 167.206.245.129

  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

  Split-tunnel-network-list value split tunnel

  internal Clientless group strategy

  attributes without Group Policy client

  VPN-tunnel-Protocol webvpn

  WebVPN

  the value of the URL - list VPN_Book_Marks

  internal AnyConnect group strategy

  attributes AnyConnect-group policy

  Welcome To My Network Banner value

  value of server DNS 167.206.245.129

  VPN-tunnel-Protocol svc webvpn

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list no

  Poog value by default-field

  WebVPN

  the value of the URL - list VPN_Book_Marks

  SVC Dungeon-Installer installed

  SVC request no svc default

  username ogonzalez encrypted password privilege 0 0VrbklOhGRHipw79

  username ogonzalez attributes

  Clientless VPN-group-policy

  username ymcpO334smdskkpl encrypted password privilege 0 jgonzalez

  jgonzalez username attributes

  AnyConnect VPN-group-policy

  type tunnel-group RAVPN remote access

  attributes global-tunnel-group RAVPN

  address VPNPOOL pool

  tunnel-group RAVPN webvpn-attributes

  enable RAVPN group-alias

  allow group-url https://69.121.142.156/RAVPN

  tunnel-group AnyConnect type remote access

  tunnel-group AnyConnect General attributes

  address VPNPOOL pool

  strategy-group-by default AnyConnect

  tunnel-group AnyConnect webvpn-attributes

  enable AnyConnect group-alias

  allow group-url https://69.121.142.156/AnyConnect

  tunnel-group type Clientless Remote access

  tunnel-group Clientless General attributes

  Clientless by default-group-policy

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  call-home

  Profile of CiscoTAC-1

  no active account

  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

  email address of destination [email protected] / * /

  destination-mode http transport

  Subscribe to alert-group diagnosis

  Subscribe to alert-group environment

  Subscribe to alert-group monthly periodic inventory

  monthly periodicals to subscribe to alert-group configuration

  daily periodic subscribe to alert-group telemetry

  Cryptochecksum:7d91e2ad8d7a86c40860fa8a1b117271

  : end

  Router...

  Current configuration: 1922 bytes

  !

  version 12.3

  horodateurs service debug uptime

  Log service timestamps uptime

  no password encryption service

  !

  hostname poog_rtr1

  !

  boot-start-marker

  boot-end-marker

  !

  no set record in buffered memory

  no console logging

  no logging monitor

  enable secret 5 *.

  !

  No aaa new-model

  IP subnet zero

  !

  !

  IP cef

  no ip domain search

  DHCP excluded-address IP 192.168.1.1 192.168.1.150

  !

  IP dhcp DHCP1 pool

  import all

  network 192.168.1.0 255.255.255.0

  default router 192.168.1.1

  DNS-server 167.206.245.129 167.206.245.130

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  username * password privilege 15 0 *.

  !

  !

  !

  !

  interface Loopback0

  IP 1.1.1.1 255.255.255.255

  !

  interface FastEthernet0/0

  LAN description

  IP 192.168.1.1 255.255.255.0

  IP nat inside

  automatic duplex

  automatic speed

  !

  interface FastEthernet0/1

  WAN description

  DHCP IP address

  NAT outside IP

  automatic duplex

  automatic speed

  !

  router RIP

  version 2

  network 192.168.1.0

  network 192.168.100.0

  network 192.168.200.0

  No Auto-resume

  !

  IP nat inside source list 1 interface FastEthernet0/1 overload

  IP nat inside source static tcp 192.168.1.100 80 interface FastEthernet0/1 80

  IP nat inside source static tcp 192.168.1.13 5900 interface FastEthernet0/1 5900

  IP nat inside source static tcp 192.168.1.12 1022 interface FastEthernet0/1 1022

  IP nat inside source static tcp 192.168.1.11 1021 interface FastEthernet0/1 1021

  IP nat inside source static tcp 192.168.1.100 21 interface FastEthernet0/1 21

  IP nat inside source static tcp 192.168.1.1 23 interface FastEthernet0/1 23

  IP http server

  local IP http authentication

  IP classless

  IP route 192.168.200.0 255.255.255.0 FastEthernet0/1

  !

  !

  Remark SDM_ACL category of access list 1 = 16

  access-list 1 permit one

  not run cdp

  !

  !

  !

  !

  !

  !

  !

  Dial-peer cor custom

  !

  !

  !

  entry door

  !

  Banner motd ^ C

  UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED! *****^C

  !

  Line con 0

  line to 0

  line vty 0 4

  local connection

  !

  end

  "192.168.100.0---> 192.168.1.0 I DO NOT get ping responses."

  Please add "inspect icmp" in politics of inspection_default class as shown below.

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  inspect the icmp

  I hope this helps.

  Evaluate the useful ticket.

  Thank you

• Multicast problem

  Hello

  I try to install Oracle Clusterware ASM 11.2.0.4

  I get an error on the multicast:

  Cluvfy show me:

  Verification of the subnet "192.169.100.0" for multicast with '230.0.1.0 '... multicast group communication

  GLWB-11134: Interface "192.169.100.60" on the "server01" node is not able to communicate with the interface "192.169.100.60" on the node "server01".

  Verification of the subnet "192.169.100.0" for multicast with "224.0.0.251. multicast group communication

  GLWB-11134: Interface "192.169.100.60" on the "server01" node is not able to communicate with the interface "192.169.100.60" on the node "server01".

  Verification of the subnet "10.0.10.0" for multicast with '230.0.1.0 '... multicast group communication

  GLWB-11134: Interface '10.0.10.10"on the"server01"node is not able to communicate with the interface"10.0.10.10' on the node "server01".

  Verification of the subnet "10.0.10.0" for multicast with "224.0.0.251. multicast group communication

  GLWB-11134: Interface '10.0.10.10"on the"server01"node is not able to communicate with the interface"10.0.10.10' on the node "server01".

  Ifconfig:

  bond0	Link encap HWaddr 90: 1 B: 0E:44:AD:70
  	INET addr:192.169.100.60 Bcast:192.169.100.255 mask: 255.255.255.0
  	BROADCAST currently RUNNING MASTER MULTICAST MTU:1500 metric: 1
  	Dropped packets: 11681416 RX errors: 0:0 overruns: 0 frame: 0
  	Dropped packets: 11368315 TX errors: 0:0 overruns: 0 carrier: 0
  	collisions: 0 txqueuelen:0
  	RX bytes: 9427005938 (8.7 GiB) TX bytes: 8607168609 (8.0 GiB)

  bond1	Link encap HWaddr A0:36:9F:5F:FD:9 C
  	INET addr:10.0.10.10 Bcast:10.0.10.255 mask: 255.255.255.0
  	BROADCAST currently RUNNING MASTER MULTICAST MTU:1500 metric: 1
  	Fall of RX packets: 0 errors: 0:0 overruns: 0 frame: 0
  	Dropped TX packets: 0 errors: 0:0 overruns: 0 carrier: 0
  	collisions: 0 txqueuelen:0
  	RX bytes: 0 (0.0 b) TX bytes: 0 (0.0 b)

  Any ideas?

  Ok

  solved

  iptables is active.

• Detected incorrect configuration error - problem of multicast?

  I saw a mistake 'Has detected a misconfiguration' after scoring in the Web client, select a cluster, the tab manage, settings, Virtual SAN subtab-> general.  He went after activating the traffic on the vmk0 VSAN management interface.  I found that by vSphere 6.0 Documentation Center, 'Network Misconfiguration in a Virtual SAN Cluster status' it was probably due to a bad configuration of the multicast.

  I talked to my network admin, who made sure IGMP Snooping has been disabled, and I turned off VSAN, then again once and the error disappeared temporarily.  However, when you choose inside on a specific host a cluster, I still see "host cannot communicate with all other nodes in the active SAN virtual cluster.  The "Misconfiguration detected" error is returned.

  1 is a multicast group must be configured to work?  I am referring to vSphere 6.0 Documentation Center, "Modes of filter Multicast", where it is said:

  Filtering basic multicast mode a Standard switch or Distributed Switch vSphere vSphere transmits multicast traffic for virtual machines based on the destination MAC address, of the multicast group. When you join a multicast group, the guest operating system pushes the MAC address of the multicast group down to the network through the switch. The switch saves the mapping between the port and the destination multicast MAC address in a table of local transfer.

  
  

  I guess that does not apply to the VLAN that I've dedicated to VSAN multicast traffic, where IGMP Snooping should be disabled?

  
  

  
  

  2 cannot not set port 4095 to enable all the VLAN resources shared - is it necessary?

  I thought that when you configure the network on the ESXi server, I thought I should specify 4095 to VLANS allow all trunking 802. 1 q VLAN through.

  As:

  -the documentation I found only goes to 4094 and

  -in the ESXi console, I entered 4095 to the VLAN ID (which failed),

  is the VLAN ID of the management network is good?  Or could it be that traffic for that VLAN even get through on the server because of this?

  3 here is what I understand VMware in terms of this error:

  Cluster form--nodes will not be able to communicate - Has detected a misconfiguration

  – Option 1 -Disable IGMP Snooping = > allows to all the through the multicast traffic

  – Option 2 -Configure IGMP Snooping Interrogator = > if there is another multicast traffic and you fear that multicast traffic could flood network

  
  

  
  

  
  

  
  

  
  

  I also had this link to what is required by the side of Cisco, but it does not (gives 404 error).  Can someone give instructions that work?
  

  http://www.Cisco.com/c/en/us/TD/docs/switches/Datacenter/SW/nxSos/multicast/configuration/guide/b_multicast/b_multicast_chapter_011.html

  
  

  
  

  
  

  
  

  
  

  4. by comparing the results of two servers, they cannot ping each other (addresses 10.27.98.7 *) on vmk1.  My network engineer said that the switchports are that all configured the same.  Any thoughts on why they can't ping?

  [root@host05:~] esxcli ip interface ipv4 network get

  DNS name IPv4 address IPv4 subnet mask IPv4 address Type DHCP broadcast

  ----  ------------  ---------------  --------------  ------------  --------

  vmk0 10.27.98.199 255.255.255.192 10.27.98.255 fake STATIC

  vmk1 10.27.98.71 255.255.255.192 10.27.98.127 fake STATIC

  vmk2 10.27.98.136 255.255.255.192 10.27.98.191 fake STATIC

  [root@host05:~] vmkping - I vmk1 10.27.98.71

  PING 10.27.98.71 (10.27.98.71): 56 data bytes

  64 bytes from 10.27.98.71: icmp_seq = 0 ttl = 64 time = 0,096 ms

  64 bytes from 10.27.98.71: icmp_seq = 1 ttl = 64 time = 0.084 ms

  -10.27.98.71 - ping statistics

  2 packets transmitted, 2 packets received, 0% packet loss

  round-trip min/avg/max = 0.084/0.090/0.096 ms

  [root@host05:~] vmkping - I vmk1 10.27.98.70

  PING 10.27.98.70 (10.27.98.70): 56 data bytes

  -10.27.98.70 - ping statistics

  3 packets transmitted, 0 packets received, 100% packet loss

  [root@host05:~] vmkping - I vmk1 10.27.98.71

  PING 10.27.98.71 (10.27.98.71): 56 data bytes

  64 bytes from 10.27.98.71: icmp_seq = 0 ttl = 64 time = 0.088 ms

  64 bytes from 10.27.98.71: icmp_seq = 1 ttl = 64 time = 0,074 ms

  64 bytes from 10.27.98.71: icmp_seq = 2 ttl = 64 time = 0,081 ms

  -10.27.98.71 - ping statistics

  3 packets transmitted, 3 packets received, 0% packet loss

  round-trip min/avg/max = 0.074/0.081/0.088 ms

  [root@host04:~] esxcli ip interface ipv4 network get

  DNS name IPv4 address IPv4 subnet mask IPv4 address Type DHCP broadcast

  ----  ------------  ---------------  --------------  ------------  --------

  vmk0 10.27.98.198 255.255.255.192 10.27.98.255 fake STATIC

  vmk1 10.27.98.70 255.255.255.192 10.27.98.127 fake STATIC

  vmk2 10.27.98.135 255.255.255.192 10.27.98.191 fake STATIC

  -10.27.98.70 - ping statistics

  3 packets transmitted, 3 packets received, 0% packet loss

  round-trip min/avg/max = 0.072/0.080/0.089 ms

  [root@host04:~] vmkping - I vmk1 10.27.98.71

  PING 10.27.98.71 (10.27.98.71): 56 data bytes

  64 bytes from 10.27.98.71: icmp_seq = 0 ttl = 64 time = 0,726 ms

  64 bytes from 10.27.98.71: icmp_seq = 1 ttl = 64 time = 0,362 ms

  64 bytes from 10.27.98.71: icmp_seq = 2 ttl = 64 time = 0.561 ms

  -10.27.98.71 - ping statistics

  3 packets transmitted, 3 packets received, 0% packet loss

  round-trip min/avg/max = 0.362/0.550/0.726 ms

  
  

  
  

  
  

  
  

  
  

  PS: this certainly looks like a network configuration problem

• which command to show the UTEP/MTOE for the segment of subnet

  How do we know that VTEP is selected as UTEP/MTEP local to a particular subnet hypbrid/unicast/multicast mode?

  esxcli network vswitch dvs vmware vxlan vtep list - vds - network name = Compute_VDS - vxlan-id = 5000

• inter esxi host ipv6 multicast traffic are not detected by the destination VM

  Hello

  Warning, I do not have in-depth knowledge of vmware, so please excuse the bad wording, misconception and ignorance in the post below.

  The current topology is:

  

  Each esxi 4.1 update 3 (DL380 G8) host is to connect both layer 2 switch.

  on each host, the vswitch has two network cards configured as active/active, with the default NIC cluster approach (route based on the original virtual port code).

  Everything else is default.

  The switches are connected by a link to trunk (not bunk)

  I have two Windows Server 2008 R2 VM in the same subnet and you have enabled ipv6 on them (by default)

  When two virtual machines are on the same physical host, ping-6 destination_ipv6_address works (I just use the link local address)

  When two virtual machines are on different hosts, ping fails with the "destination unreachable" message, which usually means the neighbor discovery process fails (similar to arp in ipv4 where source VM cannot get mac address of the destination virtual machine)

  When two virtual machines are on the same physical host, the the packet capture shows that Neighbor Solicitation message is sent via an ipv6 multicast address

  When they are not on the same physical hosts, packet capture on the VM shows that the destination virtual machine will ever get the destination ipv6 multicast packets.

  I then connect two DL380 G8 in a similar way to the switches and install windows Server2008 R2 directly without virtualization on them and ping-6 works perfectly.

  My questions are:

  -I missed somewhere, a configuration to allow ipv6 multicast to work? Or even to remove any 'logic' and treat it simply as a show?

  On network switches, you can do this by disabling IGMP who will then deal with multicast as broadcast packets.

  Although I can't find a similar setting under esxi anywhere.

  -J' saw an option "Enable ipv6" on esxi, but I guess it's only useful if the host itself to participate in ipv6 and therefore not applicable to my case?

  The only similar question I found the research is on the link below, which suggest to hardcode the next table on virtual machines, which is not ideal.

  I can confirm however, hard coding the table nearby on two virtual machines to work. This problem seems to be on how esxi vswitches manage ipv6 multicast traffic

  ESX4 and multicast

  Ideas, points of view are very appreciated

  Ed

  I don't know if this will really solve your problem, but it is worth trying to update the firmware of the NETWORK adapter and the driver.

  Looks like it's a HP NC 331FLR NIC (gen8 DL by default NETWORK 4 ports with the BCM5719 chip card).

  There is no binary updates that you can run from the 4.1, but you can update all the components of the firmware with the current Service Pack HP for Proliant image:

  HP Service Pack for ProLiant

  Or start the server in a live Linux of your choice and use the Linux binary update:

  http://www.HP.com/swpublishing/MTX-ec0e18db6a8e4d978b57aa95d1

  These will update the NIC 331FLR to the Boot Code version 1.37/NCSI 1.2.37.

  Then update the tg3 driver in ESXi with this set to 3.129d.v40.1 offline:

  https://my.VMware.com/group/VMware/details?downloadGroup=DT-ESXI4X-Broadcom-TG3-3129DV401&ProductID=136

  You need the file bundle offline (BCM - tg3 - 3.129d.v40.1 - offline_bundle - 1033618.zip) in this package. You can import in the vCenter update manager for easier deployment or install it (probably) ESXi shell with esxupdate--bundle=/tmp/BCM-tg3-3.129d.v40.1-offline_bundle-1033618.zip

  I'm a little rusty in the Department of ESXi 4.1 CLI however, you may need to use the vihostupdate utility or with PowerCLI Install-VMHostPatch remote:

  https://pubs.VMware.com/vSphere-4-ESX-vCenter/index.jsp?topic=/com.VMware.vSphere.upgrade.doc_41/esx_upgrade/patches_updates/t_host_upgrade_using_vihostupdate_esxi.html

• Version number and multicast

  Hi all:
  
  As far as I KNOW, the group address and port of a cluster are associated with the version of coherence. For example, to treat 224.3.6.0 =, port = 36000 implies that the NVA is 3.6.0.
  
  Now, my question is, if we have two nodes of consistency from different subnets, but with the same version of consistency, they will be in the same cluster?
  
  Also, do we have to create our own alternative xml descriptor to define the custom multicast address / port?
  
  Thank you
  Johnny

  Hi Johnny,.

  Johnny_hunter wrote:
  Hi all:

  As far as I KNOW, the group address and port of a cluster are associated with the version of coherence. For example, to treat 224.3.6.0 =, port = 36000 implies that the NVA is 3.6.0.

  No, the group address and port of a cluster has nothing to do with the version of coherence. But, by default, the Oracle coherence followed this convention. You can keep any port available multicast and address to your cluster using the override or - Dtangosol.coherence.clusteraddress and - Dtangosol.coherence.clusterport of the system properties file.

  >

  Now, my question is, if we have two nodes of consistency from different subnets, but with the same version of consistency, they will be in the same cluster?

  It is not recommended to cross a bunch of consistency across subnets because of the possibility of failure of the connection between subnets and the data flow limited by the speed of link members. But with the right value-Dtangosol.coherence.ttl, you can do a cluster unique consistency on subnets. Generally, a value of 4 will allow consistency to the subnet of your nodes to form a single cluster.

  Also, do we have to create our own alternative xml descriptor to define the custom multicast address / port?

  Answered above
  >

  Thank you
  Johnny

  I hope this helps!

  See you soon,.
  NJ

• Confused multicast network activity

  I was using the multicast sample included in the installation of the 4 ENTITY, test multicast. I'm confused as to what I should see my resource monitor - network (Win7). I can see the connections to customers playing the live stream, the only problem is that it seems that I send you the full bandwidth to customers. I thought that I would be the server send less bandwidth to each client. My first thought was that, because the clients and the server are on the same physical network that customers were mainly using the server as main seeder. I guess I'm asking how I can see multicasting is working.

  When FMS transmits a stream of data in a multicast group, it becomes indeed a peer in the group.  The IP Multicast is the only exception to this because FMS bind to a multicast address and port and push the stream directly to it.  Because FMS is a counterpart of the group in the merger and level Application (P2P) scenarios, he will share the stream with its direct neighbours.  By default, FMS will grow up to 4 copies of the output stream.  You can adjust this value by changing NetStream.multicastPushNeighborLimit.  If the server and the clients are on the same subnet, you can set the merge data stream type (in the Configurator) and SGF will insert a multicast IP copy and share it as a peer in the group.  Clients on the same subnet will generally get the IP multicast stream, first and share with their peers in the group, who cannot receive data via IP multicast.  Multicast IP can be configured in your network equipment to route the data on additional subnets for more advanced scenarios.

  Bandwidth savings becomes more obvious when you have a very large number of participants in the Group of any display of the stream.  To give you an example, at Adobe, we use a server to process thousands of customers viewing a multicast stream.  To minimize the P2P traffic between offices during these events, we partition viewers in remote offices in a panel appointed to this post.  In doing so, FMS will send about 3 or 4 copies of the flow of this office WAN link, and then it will broadcast between peers in this office.

  In the multicast of the sample player application included with FMS, you can modify the HTML code to enable debugging.  The variable debugging flash is currently commented out.  You can uncomment only and this player displays a button that toggles debug windows.  If you look in the left pane of debugging, you will see a print of NetStream.multicastInfo properties.  You can use these to determine where and how your data are received.

  that is bytesRequestedFromPeers would indicate how derive you from their peers while bytesReceivedFromIPMulticast represents the data that you receive directly from IP multicast

  I hope this helps to clear up the confusion.

• Why is apple tv (4th Gen) using subnet different comcast

  I need to figure out if there is anything special/different regaurding how ATV (4th Gen) made the resolution DNS when wired to a Comcast cable modem only (no wifi and no router)?  I notice that my ATV selects a different subnet when ATV is set automatically resolve IP and DNS.  Example of my Dell PC Tower and Sony laptop automatically use a subnet of 255.255.255.0, but ATV uses the example below:

  67.166.208.26

  255.255.252.0

  router 67.166.208.1

  ATV works great just need to know why to solve network problems not related to my home office network and at home?

  Hello. You say there is no router, but I guess that the Comcast modem is also a router and DHCP server. Are you using IPv6? You use a static IP address?

• How to set the subnet range when you create the wireless hotstop in mac

  Hello

  I create a wireless hotstop on my Macbook using the Internet sharing option. But she still attributes the 192.168.2. * subnet. How can I change this range for a * 192.168.100 as a user-defined.

  Thank you!!

  Jeff

  Unfortunately there is no setting in system preferences to change this for a reason any.

  If you really need to do this, you must do so through terminal to modify a specific file in a very specific way.

  NET-connection-sharing http://chariotsolutions.com/blog/post/Configuring-Network-used-by-Mac-OS-x-inter.

• Not able to deploy images on different subnets

  Hi guys,.

  I'm having a problem of image deployment of T5565 for thin clients on a different subnet.

  The first message that I got, was "the subnet of the device (s) in red color is not the same thing with its device management gateway. You want to send the task anyway".

  I selected Yes, and finally the deployment will timeout with the following error: "job failed. Task become invalid before being sent".

  I am able to update the agents on these thin clients with success, however, and these devices are discoverable.

  Any help will be much appreciated.

  Kind regards

  Remo

  This has been sorted guys. I had tried to deploy the image by using PXE.

  Image without PXE deployment now works fine.

  Kind regards

  Remo