Prevent advertising outgoing packets Spanning tree

Similar Questions

• How can I configure Spanning Tree

  Hello

  I have several core Dell passes using PowerConnect 6224 s most - these ink in my Cisco provider kit. We run several VLAN and have redundant links between stacked switches.

  I have read up on top of the tree covering weight and have the following tasks:

  1 map of the network - including the ID of the root bridge, root ports, roads blocked, age max and time of helo

  Once I made my analysis information, I don't know how to better optimize the covering tree config, so far I have:

  1. make sure RSTP is enabled on all switches
  2. make sure that all edge ports have spanning port configured fast shaft
  3. not declare spanning port fast shaft on the links between switches
  4 force speed and duplex settings on all ports to link between the switches (I guess that's because the auto negotiate takes more time?)

  I'm not sure is:
  1 can I use BPDU guard and if so, where?
  2 can I use root guard and if so, where?

  I read the informative article by Todd: http://en.community.dell.com/support-forums/network-switches/f/866/t/19465205.aspx

  But, I don't know where\whether I should to configure the options of guard - am happy to provide additional information as needed.

  Thank you

  Spanning Tree BPDU Guard is used to disable the port where a new device tries to enter the already

  existing STP topology. Thus the devices, which were originally not part of STP, are not allowed to

  influence the STP topology. If the Enable value, when a BPDU is received on a port of the tip, this port is disabled. Once the port has been disabled it requires manual intervention to be reactivated.

  Spanning Tree Root Guard is used to prevent change of the root of a Spanning Tree instance

  in an unexpected way. The priority of an ID of adjustable bridge to zero but another bridge with a low mac ID

  address could also set its priority to zero and take root.

  Both are defined globally on the switch. If you have any possibility of other network devices being plugged into the switch without your knowledge. It may be a good idea to these permits after that STP is configured on the network. That way if someone randomly connected network with STP on this device, it will not throw your network for a loop.

  Here are some good white pages on the tree covering weight

  www.Dell.com/.../app_note_13.pdf

  www.Dell.com/.../app_note_1.pdf

  www.Dell.com/.../pwcnt_MSTP_interoperability.pdf

  Thank you

• Is the spanning tree bpdu filtering on the 5548 "bpdufilter default spanning-tree portfast'

  It seems to me as "the protocols spanning-tree bpdu filtering" on the 5548 the same "spanning-tree portfast default bpdufilter" on the switches of the series N - is that correct?  If this is not the case, what is the equivalent command to 'spanning-tree portfast default bpdufilter?

  Ken

  They lead to the same result, just with a little different method. N-series bpdufilter search all ports configured for portfast and disables the transmission and reception of BPDUS on these interfaces. With the looks of 5548 bpdufiltering for ports with covering weight tree disabled. There is not a command on the 5548 that will search interfaces in portfast mode and filter the BPDU.

• Spanning tree question

  I have a stack of 4 switches PowerConnect 7048 core. There are unacceptable delays on the network so I'm cleaning configurations and verification spanning tree as these have been set up by he previous admin. The four active links of 10 GB, the spanning tree different reports States:

  two are

  Te3/2/1 port active
  Status: Disabled role: disabled
  Identification of the port: 128.167 shipping: 0
  Fast port: no Protection from root: No.
  Designated the bridge priority: 4096 address: 5C26.0AAA.1EA6
  Identification of the designated port: 0.0 cost of access road designated: 0
  Root regional CSE: 80:00:5 C: 26:0 A: AA:1E:A6 CST Port cost: 0
  Root Guard..................................... FAKE
  Loop Guard..................................... FAKE
  TCN Guard...................................... FAKE
  Portfast auto... TRUE

  and two are

  Te2/2/2 port enabled
  State: Forwarding role: designated
  Identification of the port: 128.112 shipping: 2000
  Fast port: no Protection from root: No.
  Designated the bridge priority: 4096 address: 5C26.0AAA.1EA6
  Identification of the designated port: 128.112 cost of access road designated: 0
  Root regional CSE: 10:00:5: 26:0 A: AA:1E:A6 CST Port cost: 0
  Root Guard..................................... FAKE
  Loop Guard..................................... FAKE
  TCN Guard...................................... FAKE
  Portfast auto... TRUE

  . I think the first one indicates a problem and all must be reported as the redirection and designated. Is that correct and if so, how can this be done?

  Thank you

  Hello

  Does not serve a disabled state. If you do not disable spanning tree, it should allow. http://downloads.Dell.com/manuals/all-products/esuprt_ser_stor_net/esuprt_networking/esuprt_net_fxd_prt_swtchs/PowerConnect-7024_Reference%20Guide_en-us.PDF page 745

• Reference Dell Spanning Tree PowerConnect 2748

  I had just a simple question on Spanning Tree. We have a network configuration and everything is already difficult to implement the tree covering weight on the powerconnect switches if you already have your network configuration is? is it a day all? A lot of configuration? Or just a simple turn on button?

  Sorry, the PowerConnect 27xx switches of the series DO NOT switch support the STP (Spanning Tree) Protocol.

• SGE2010 switches, VLAN and a port blocked by spanning tree

  People,

  I have 2 groups of switch.

  SGE2010 2 with VLANS is defined as 10,20 and 30

  VLAN 10 is the management VLAN and it uplinks to our border router.

  VLAN 20 is the workstation VLAN, and all workstations are pointing to the switch as their default GW

  VLAN 30 is the ip phone VLANS, and all phones use this as a gateway.

  I have a GAP between the switches said, we have a few servers on the ip phone switch that must be accessed by the clients of the workstation and the unique link of 100 MB through the router probably won't be enough.

  If I understand correctly, because the switches have different networks on them, a simple shift will not work. I did create a gap and addresses on each side, but it does not appear in this mode, I can block vlan 10 transit to the LAG, with this block I'll end with a logic loop and spanning tree will block the uplinks or LAG itself.

  I have attached a picture with a diagram of our current put in place.

  Any help/advice would be much appreciated.

  John, the 802 standard. 1 initial q indicates there isn't only global tree covering weight independently of belonging to a vlan. It's why you run into problems. Cisco has developed PVST to run on circuits of the ISL. BPMH was originally defined as 802. 1s, which is a combination of 802. 1 q + RSTP. The 802. 1s were later modified to become part of the 802. 1 q.

  The person is incorrect, because they cite "because spanning tree is construction by vlan. They are incorrect, because you have to set the properties of tree cover to allow the spanning tree protocols by vlan. Small business switches do not support the owner Cisco PVST and PVST +. However, the SB switches support BPMH which is a standard of the IEEE.

  How works the BPMH, it's that you have called proceeding, i.e. each construction covering tree. Then you have the region, SB switches support only 1 region. The region maintains the instances. Basically how it works, you activate the EMU at the global level. Then, you specify the instance. As an example, the vlan 1 is instance 1. VLAN 2 is 2.  This will allow you to run 2 physical wires between switches vlan different without looping. If you use classic STP or RSTP, the least costly path will go to the State to block/cast who works as expected.

  -Tom

• Spanning tree on C3750 SG300-compatible mode?

  Hi all

  In our computers, we have two C3750 in the stack. The rest of the switches are Cisco SG300 - 28 p.

  What way should I configure so that it is compatible in both models and the model C3750 being root?

  Try to configure the instance 1

  on 3750
  spanning tree mst configuration
  name mymst
  revision 1
  instance 1 vlan 1-4096 [use question mark if the hyphen is not accepted]
  priority of STD 1 spanning tree 4096

  on sg300

  spanning tree mst configuration
  name mymst
  revision 1
  example 1 vlan 1-4096
  priority of STD 1 spanning tree 61440

  Masoud

• Problem with a spanning tree Protocol

  Hello

  I have a problem with the spanning tree Protocol, when I connect a printer on C3560E cisco switch. It's the Show Logging:

  * 27 sep 18:57:29.451: % SPANTREE-7-PORTDEL_SUCCESS: GigabitEthernet0/8 removed from Vlan 600
  * 27 sep 18:57:31.976: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking disabled
  * 27 sep 18:57:31.976: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking to listening
  * 27 sep 18:57:32.731: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 moving to listen to persons with disabilities
  * 27 sep 18:57:32.731: % SPANTREE-7-PORTDEL_SUCCESS: GigabitEthernet0/8 removed from Vlan 600
  * 27 sep 18:57:35.072: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking disabled
  * 27 sep 18:57:35.072: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking to listening
  * 27 sep 18:57:37.068: % LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed State to
  * 27 sep 18:57:38.075: % LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed State to
   

  This is the configuration of the port, this switch was created L2 of the Vlan:

  See the memory of Vlan:
  
  600 PLT_SERVICE active Gi0/8
   
  Display Port access:
   
  interface GigabitEthernet0/8
  Zebra printer description
  switchport access vlan 600
  switchport mode access
  logging events spanning tree
  event logging status
  end
   
  Trunk Port:
   
  interface GigabitEthernet1/1
  Description box
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1 600
  switchport mode trunk
   

  Please someone help me.

  Kind regards.

  Thank you.

   
   
   
   
   
   
   
   
   
   
   

  Hello

  The port passes all traffic? You can test the printer.

  Thank you

  John

• Package marking verification of outgoing packets for Immersive Endpoints TX, series CTS

  Hello

  Y at - there no way how to check the marking of package out of TX systems and immersive of CTS on the system itself please?

  I can find it somewhere in the newspapers? In which we please?

  I can see packet marking for incoming packets in the statistics of appeal, but not for outgoing packets.

  CUCM config is EF for voice and AF41 for video (verified in the telephony settings), but I can see the audio and video packets on another site like AF41.

  Really appreciated any answer.

  Kind regards

  Josef

  As Chris has said, use something with port mirroring to be sure.

  There is also a cpapability of capture on the CTS / systemes systems of TX, please see the guide to the cli

  utils network captures utils network captures [dest ip-address-or-hostname] [host [ip: arp | rarp | tcp | udp | all] :/ / ip-address-or-hostname] [page] [digital] [hex] [file] [number] [many size] [port number] [src ip-address-or-hostname]

• Spanning tree of routing bridge

  Good day to all

  I have a problem in my network with an old device with a 10mbit half duplex nic - we have switches Powerconnect N3048 in basket - we found that they don't play well with the old device, so we added a 1000/100 old switch to do the translation so to speak.

  The problem now is that STP has not been configured in time and the older switch has taken the role of routing bridge.

  My question is - if I have now set up the N3048 be the bridge on the road, I'll be able to do without affecting the production network traffic, or do I need to down the network to make the change?  Will be the change of the switch N3048 force older to cede control, or they will fight?

  Thanks in advance

  Eric

  By default most of the switches will have a default priority of 32768. In this case, the switches, then use to determine MAC address which is the root device. If this is the case in this scenario, all you have to do is set a less important priority tree covering the desired root switch.

  On your central switch, issue the following command:

  console (config) #spanning 4096 tree priority

  This switch will become the root switch. Should not all switches to be restarted, but will cause a topology of notifications of changes throughout the network, and some ports may change their current status. It depends on the topology.

  I could do this during non peak hours. May also want to check the switch that you added to the network and make sure that it doesn't have a priority tree covering of 4096. If this is the case, set it to something higher.

• ACL to prevent gnutela, outgoing kazaa, grokster traffic

  Hello

  I have a client who has a 3640 router edge style. It is an educational institution, the network administrator has really no students mind pulling the music down, he won't simply foreign guests pulling music out of the boxes, studying its network.

  I want to build on this 3640 access lists to prevent outbound connections for these music services...

  Inside the network numbers are 192.240.88.0 for example...

  pls help...

  It relly is dependent on your music file sharing protocol. For example, to configure an access list to block KazaA, access list statement would be something like

  access-list on refuse tcp host x.x.x.x any eq 1214

  ip access list allow a whole

  Here's more information you might help you. Some of this information is old and it might not be applicable. It would be wise to cross-check the same.

  App: Kazaa and Morpheus

  Block customers who connect with each other and the application is broken.

  -Deny TCP and UDP 1214

  App: WinMX

  This package is Napster-like and requires a central site to allow file sharing. This site by its IP blocking prevents its use.

  App: AudioGalaxy Satellite

  This package uses the top ports to find servers AudioGalaxy Satellite and FTP (TCP 21 and 20 TCP) to perform the actual file transfers. Also block the AudioGalaxy network block should help. Denying completely FTP will prevent this service as well.

  -Deny TCP and UDP TCP 41000-42000

  App: Napigator

  Napster as a tool, requires a central site to function. By blocking the central site of blocks Napigator.

  App: Freenet

  The only effective way to catch this kind of traffic is to watch traffic heading for the witnesses. Many PacketFilters allow research the first packet of a flow for the matches in the string. In General, the implementation of this type of filter is outside the scope of a simple how-to doc. The Protocol is built from the groundup to not rely on a specific port. For more information, refer to

  http://freenetproject.org.

  App: Napster

  Block access to the Central netblocks of Napster (these may change from time to time) that prevent the use of Napster:

  -Refuse any traffic and traffic to source.

  Block access to peer file sharing, filter only the default ports. This may break some (very dubious) internet use but would prevent his use of Napster if the network block above should change to another set of addresses.

  -Deny traffic to destination: 0.0.0.0/0 TCP 6699

  -Deny traffic from source: 0.0.0.0/0 TCP 6699

  -Deny traffic to destination: 6699 UDP 0.0.0.0/0

  -Deny traffic from source: 6699 UDP 0.0.0.0/0

  App: Aimster

  Blocking Aimster requires blocking AOL Instant Messenger (AIM). GOAL becomes harder to block without the use of a filter or a proxy that examines the TCP 80 (Web) traffic and check that in fact only HTTP traffic is passing on this port. Using the following filters do AIM (and Aimster) much more difficult to use.

  Block ICQ/AIM client traffic

  -Deny traffic to destination: 5190 TCP 0.0.0.0/0

  -Deny traffic from source: 5190 TCP 0.0.0.0/0

  -Deny traffic to destination: 5190 UDP 0.0.0.0/0

  -Deny traffic from source: 5190 UDP 0.0.0.0/0

  Given that the OBJECTIVE can also use TCP 13, 23, 80, 113 and others, it might be preferable to blocklist AOL sites altogether or only allow DNS lookups. This break solution good enough access to AOL from use with care. The best solution is described above, filter 5190 TCP and UDP 5190 but also use of filters or proxies that do not allow non-HTTP traffic using TCP 80.

  App: iMesh

  Blocking access to the central server iMesh breaks iMesh.

  App: eDonkey

  Customers to block the connection to the server

  -Deny traffic to destination: 0.0.0.0/0 TCP 4661

  -Deny traffic from source: 0.0.0.0/0 TCP 4661

  -Deny traffic to destination: 4665 UDP 0.0.0.0/0

  -Deny traffic from source: 4665 UDP 0.0.0.0/0

  Block customers who connect with each other

  -Deny traffic to destination: 4662 TCP 0.0.0.0/0

  -Deny traffic from source: 4662 TCP 0.0.0.0/0

  App: Gnutella (BearShare, Limewire, ToadNode, Gnucleus and other)

  When left with the default settings, Gnutella can be blocked as follows.

  Block customers who connect with each other

  -Deny traffic to destination: 0.0.0.0/0 TCP 6345-6349

  -Deny traffic from source: 0.0.0.0/0 TCP 6345-6349

  -Deny traffic to destination: 0.0.0.0/0 UDP 6345-6349

  -Deny traffic from source: 0.0.0.0/0 UDP 6345-6349

• Preventing the merger of spans

  Hello

  I have a question on how to prevent a particular time have merged with adjacent.  I saw something posted somewhere just now mentioned something to the subject because the definition of the property 'id' on a FlowElement element will prevent that element being merged with others.  If I assign an id to a span, which will prevent it from ongoing merger with any adjacent spans that have identical text layout formats?  Assign a unique user style do this also?

  TIA,

  Brent

  So that the two spans of merge, their attributes must match, and this includes the ID and attributes defined by the user that have been applied. So if the two spans have the same attribute defined by the user, but with different values, they will not merge. If a span has the attribute defined by the user and the other is not, they will not merge. The game must be complete for the merge to happen. Or if the two spans have different values for the 'id', they will not merge.

  Thank you

  -robin

• SG100-24 Spanning Tree Protocol compatible?

  How the SG100-24 switch treats the STP Protocol?

  Hi Steve,.

  It will transmit messages to other participants STP BPDUS. Does not generate its own so you must be careful when adding to the network because it doesn't have a loop prevention mechanism.

  Kind regards

  Aleksandra

• Spanning tree Distribution Switch Port is root for all the VLANS

  Hello world.

  Uplink to switch on 2 layer network flat if Distribution change a.

  This distribution uplink port is Root Port.

  Core switch port goes to the Distribution switch appears as State PLEASE FWD.

  It will cause slow for users who are connected to the network on the Distribution switch?

  According to my understanding core should be Root STP for all the right of VLAN?

  If necessary how can I make kernel as root port switch port?

  Thank you

  MAhesh

  Hello

  a root is a designated port (if shipping port) on a non-root bridgewhich a path root the lowest cost to the root bridge. So there is nothing unusual here, and your kernel needs to be done to root bridge if you run STP between distribution and kernel as you apparently.

  Kind regards.

  Alain

  Remember messages useful rate.

• Drop Packet BOUNCING

  Whenever ESXi is powered on, a switch of gigabyte or a FastEthernet switch... I have drop packet. Take a look at the picture so see what I mean.

  Here's the scenario:

  Cable Modem - > 2821 Gi0/0 - > 3550 Gi0/0 - Port-Channel 1

  -Gi0/2 and Gi0/3-> ESXi Server (with IP hash)

  -> host: DNS/DHCP Win2008 Vlan 40

  -> VMkernel: 10.10.80.5

  Before being on a purchase order, the ESXi server was plugged into a regular trunk port.

  If I use a laptop computer plugged into a port on the switch... I get an IP address and the DNS works well.

  HERE'S THE PROBLEM:

  

  I have NO IDEA why she did this. The iOS are more recent. The server is updated to the latest version. WinServ2008/DNS/DHCP uses a network card VMnet3 and not E1000.

  ESXi is 5.5.

  I did the configuration of VMware with this tutorial:

  VMware KB: Example configuration of EtherChannel / control protocol LACP (Link Aggregation) with ESXi/ESX and Cisco/H...

  ANOTHER FACT: when the port Gi0/2 and Gi 0/3 are closed, no more problems.

  The router config and Switch is below.

  Can someone help me?

  RTR1_dwt > en
  Password:
  RTR1_dwt #sh run
  Building configuration...

  Current configuration: 3533 bytes
  !
  ! Last configuration change to 16:59:02 EST Saturday, November 2, 2013 by danik
  ! NVRAM config last updated at 16:10:43 a.m. EST Saturday, November 2, 2013 by danik
  !
  version 12.4
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  hostname RTR1_dwt
  !
  boot-start-marker
  start the flash system: c2800nm-adventerprisek9_ivs - mz.124 - 25 g .bin
  boot-end-marker
  !
  enable secret 5 $1$ Y/ZH$ 06jO3q61Y30WCvmzZmITp.
  !
  AAA new-model
  !
  !
  AAA authentication login AutClient local
  AAA authorization groupauthor LAN
  !
  AAA - the id of the joint session
  clock timezone IS - 4
  No network-clock-participate wic 2
  !
  !
  IP cef
  !
  !
  domain name of IP danikwt.com
  property intellectual auth-proxy max-nodata-& 3
  property intellectual admission max-nodata-& 3
  !
  !
  Enable WebVPN
  !
  !
  voice-card 0
  No dspfarm
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  
  !
  !
  controller E1 0/2/0
  !
  Cisco IP ftp username
  !
  rays of cryptographic keys
  pre-shared key address 0.0.0.0 0.0.0.0 - key All0abcd
  !
  crypto ISAKMP policy 10
  BA 3des
  preshared authentication
  Group 2
  !
  ISAKMP crypto client configuration group danikwtgroup
  key All0abcd
  DNS 10.10.40.3
  domain corp.danikwt.com
  pool vpnpool
  include-local-lan
  Crypto isakmp Lan2Lan profile
  Description 'Lan-to-Lan for connection 8 speak '.
  rays of Keychain
  function identity address 0.0.0.0
  Crypto isakmp L2L profile
  ! This profile is incomplete (no declaration of identity match)
  Crypto isakmp VPNclient profile
  Description 'profile of VPN Clients.
  danikwtgroup group identity match
  client authentication list AutClient
  ISAKMP authorization list groupauthor
  initiate client configuration address
  client configuration address respond
  !
  !
  Crypto ipsec transform-set esp-3des esp-sha-hmac danikset
  !
  Crypto-map dynamic dynmap 5
  Set transform-set danikset
  Define VPNclient isakmp-profile
  Crypto-map dynamic dynmap 10
  Set transform-set danikset
  set the isakmp Lan2Lan profile
  !
  !
  danikmap 10 card crypto ipsec-isakmp dynamic dynmap
  !
  map mymap 10-isakmp ipsec crypto dynamic dynmap
  !
  !
  !
  !
  interface Loopback0
  10.5.5.1 IP address 255.255.255.0
  IP nat inside
  IP virtual-reassembly
  !
  interface GigabitEthernet0/0
  DHCP IP address
  NAT outside IP
  IP virtual-reassembly
  automatic duplex
  automatic speed
  danikmap card crypto
  !
  interface GigabitEthernet0/1
  IP 10.10.10.1 255.255.255.252
  IP nat inside
  IP virtual-reassembly
  full duplex
  Speed 1000
  !
  interface Serial0/3/0
  no ip address
  Shutdown
  !
  the BRI1/0 interface
  no ip address
  encapsulation hdlc
  Shutdown
  !
  interface BRI1/1
  no ip address
  encapsulation hdlc
  Shutdown
  !
  interface BRI1/2
  no ip address
  encapsulation hdlc
  Shutdown
  !
  interface BRI1/3
  no ip address
  encapsulation hdlc
  Shutdown
  !
  Router eigrp 10
  redistribute static metric 1000000 5 255 1 1500
  Network 10.5.5.0 0.0.0.255
  10.0.0.0 network
  No Auto-resume
  !
  IP local pool vpnpool 10.5.5.2 10.5.5.100
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
  !
  !
  no ip address of the http server
  no ip http secure server
  overload of IP nat inside source list 102 interface GigabitEthernet0/0
  IP nat inside source static tcp 10.10.40.1 22 96.127.209.203 22222 extensible
  !
  access-list 102 permit ip 10.10.0.0 0.0.255.255 everything
  access-list 102 permit ip 10.5.0.0 0.0.255.255 everything
  !
  !
  !
  control plan
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  access controller
  Shutdown
  !
  !
  Line con 0
  line to 0
  line vty 0 4
  entry ssh transport
  !
  Scheduler allocate 20000 1000
  NTP master 3
  NTP-Calendar Update
  NTP 192.75.12.11 server
  !
  end

  Password:

  SWT1_dwt > en
  Password:
  SWT1_dwt #sh run
  Building configuration...

  Current configuration: 5150 bytes
  !
  ! Last configuration change at 22:43:56 EST Tuesday, November 5, 2013 by danik
  ! NVRAM config last updated at 9:51:21 EST Tuesday, November 5, 2013 by danik
  !
  version 12.2
  no service button
  horodateurs service debug uptime
  Log service timestamps uptime
  no password encryption service
  !
  hostname SWT1_dwt
  !
  
  !
  
  No aaa new-model
  clock timezone IS - 4
  IP subnet zero
  IP routing
  IP - danikwt.com domain name
  !
  !
  !
  Crypto pki trustpoint TP-self-signed -3153477504
  enrollment selfsigned
  name of the object cn = IOS-Self-signed-certificate -3153477504
  revocation checking no
  rsakeypair TP-self-signed -3153477504
  !
  !
  crypto TP-self-signed pki certificate chain -3153477504
  certificate self-signed 01
  308201B 5 A0030201 02020101 3082024C 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 33313533 34373735 6174652D 3034301E 170 3933 30333031 30303139
  32335A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 33 31353334 65642D
  37373530 3430819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8100C3CA 2B1E9031 936A76B9 FB3AD172 74604AB6 83DF7B2E 58B10C3C 883D284B
  74640B 03 F60F6992 E87ECCAD 8CFFA1A0 AD6ED302 F186B3C1 1315659F CAE38D9F
  71BE5030 E9E51D33 47152537 54030E1D ABCEBFEC 917D02C1 6ADA2DC7 8A61C975
  ECC476F4 82EF97A4 E6ED84E7 CE785352 D817286E 92E5DA1B 5B67AE84 5DF453BC
  010001A 3 74307230 1 130101 FF040530 030101FF 301F0603 0F060355 5BE90203
  551 1104 18301682 14535754 315F6477 742E6461 6E696B77 742E636F 6D301F06
  B 23 04183016 801422 7 C00BBF3A 5D0684B1 BF2647C3 B9F5B83A 1A1D301D 03551D
  0603551D 0E041604 1422B7C0 0BBF3A5D 0684B1BF 2647C3B9 F5B83A1A 1D300D06
  092A 8648 86F70D01 01040500 03818100 9A472CFB C56CA8A9 46520 HAS 40 38C8CD9A
  4B86A056 5CD8A6C4 D5E1359A 1D110DFB 69E30F47 39126B 83 AA2AE32C CE5717A3
  230A 6763 FFB35C75 FBF6D42F D4E98E26 C8C3EFA2 B12B170A 152B14FC 5089EDD2
  7DD39C3B AC194D4F AF433AF1 F9F3A4C8 63E535F2 A038631F 27E26717 2CCE9EEF
  23B 26994 5DD9D179 99A2208B A116D4C7
  quit smoking
  !
  !
  pvst spanning-tree mode
  spanning tree extend id-system
  !
  internal allocation policy of VLAN ascendant
  !
  !
  !
  !
  !
  !
  interface Loopback2
  IP 10.5.5.55 255.255.255.0
  !
  Interface Port - Channel 1
  Description ESXi_VLAN_TRUNK
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,40,50,70,80
  switchport mode trunk
  switchport nonegotiate
  !
  interface GigabitEthernet0/1
  Description "to the ‑‑ 2821 Uplink router.
  No switchport
  10.10.10.2 IP address 255.255.255.252
  Speed 1000
  full duplex
  !
  interface GigabitEthernet0/2
  Description 'server UpLink '.
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,40,50,70,80
  switchport mode trunk
  switchport nonegotiate
  Speed 1000
  full duplex
  channel-group mode 1 on
  spanning tree portfast trunk
  !
  interface GigabitEthernet0/3
  Description 'server UpLink '.
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,40,50,70,80
  switchport mode trunk
  switchport nonegotiate
  Speed 1000
  full duplex
  spanning tree portfast trunk
  !
  interface GigabitEthernet0/4
  Description "iLO 2.
  switchport access vlan 80
  switchport mode access
  !
  interface GigabitEthernet0/5
  Description 'Wireless UPlink for local data ‑‑ Vlan40'
  switchport access vlan 40
  switchport mode access
  Speed 100
  full duplex
  !
  interface GigabitEthernet0/6
  desirable switchport mode dynamic
  !
  interface GigabitEthernet0/7
  desirable switchport mode dynamic
  !
  interface GigabitEthernet0/8
  desirable switchport mode dynamic
  !
  interface GigabitEthernet0/9
  Description "MGMT coelio ~.
  switchport access vlan 80
  switchport mode access
  Speed 1000
  full duplex
  !
  interface GigabitEthernet0/10
  Description "PoE Switch Uplink - Linksys ONE.
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,40,50,70,80
  switchport mode trunk
  switchport nonegotiate
  Speed 1000
  full duplex
  spanning tree portfast trunk
  !
  interface GigabitEthernet0/11
  desirable switchport mode dynamic
  !
  interface GigabitEthernet0/12
  desirable switchport mode dynamic
  !
  interface Vlan1
  no ip address
  Shutdown
  !
  interface Vlan40
  «Data & Wireless» description
  IP 10.10.40.1 255.255.255.0
  !
  interface Vlan50
  Description "telephony Vlan.
  IP 10.10.50.1 255.255.255.0
  !
  interface Vlan70
  Description "vlan VPN.
  IP 10.10.70.1 255.255.255.0
  !
  interface Vlan80
  Description "Vlan Management."
  IP 10.10.80.1 255.255.255.0
  !
  !
  Router eigrp 10
  No Auto-resume
  Network 10.10.10.0 0.0.0.3
  Network 10.10.40.0 0.0.0.255
  Network 10.10.50.0 0.0.0.255
  Network 10.10.70.0 0.0.0.255
  Network 10.10.80.0 0.0.0.255
  !
  by default-gateway IP 10.10.10.1
  IP classless
  IP route 0.0.0.0 0.0.0.0 10.10.10.1
  IP http server
  IP http secure server
  !
  !
  !
  control plan
  !
  !
  Line con 0
  Synchronous recording
  line vty 0 4
  local connection
  entry ssh transport
  line vty 5 15
  local connection
  !
  NTP-period clock 17180445
  NTP 192.75.12.11 server
  NTP peers 10.10.10.1
  NTP peers 10.10.50.1
  end

  SWT1_dwt #.
  ---------------------------------

  PROBLEM SOLVED!

  I can't find the article, but he was right. In this article, they said that the decline of the package could be the cause of the Vkernel interface in the same vswitch as virtual machines.

  So I vmnic1, configured as a switchport access vlan 80.

  Then, I changed the ip address of the interface vlan 255.255.255.252 80 to 10.10.80.6.

  (my vcenter server is already set up to the communication of the esxi via 10.10.80.5).

  

  Here is the final result that now works. MORE NO PACKET DROP.

  Thank you all!