server traffic between the VLANS (broadcast)?

Hello

I have a SGE2010, implemented with different VLANS for use on a LAN.

I have clients with vlan10 vlan20.

Vlan30 and admin on vlan40 servers.

vlan10 = 172.0.1.0/24 gw 172.0.1.1

vlan20 = 172.0.2.0/24 gw 172.0.2.1

vlan30 = 172.0.3.0/24 gw 172.0.3.1

vlan40 = 172.0.4.0/24 gw 172.0.4.1

But to say that I'm running a server counter-strike. What should I do on the switch for the clients get the server up in the "server list" in the game?

I read something on the multicast and 'IP helper. " But may not know how to do...

Hi Torbjeorn, correct to support ip is used, called udp relay on this unit.

http://www.Cisco.com/en/us/docs/switches/LAN/CSBMs/SFE2000/Administration/Guide/SFE-SGE2xxx_Admin_Guide.PDF

from page 210.

-Tom
Please mark replied messages useful

Tags: Cisco Support

Similar Questions

  • 4240, blocking some of the traffic between the VLANS local

    I have an IPS 4240 in interface mode inline between our firewall switches and kernel in the periphery. This connection is a trunk with 2 port VLAN, lets call them A and b. everything works fine 100% between the VLANS (the firewall makes routing inter - vlan) except for SSH/telnet of VLAN A VLAN B, which is a big problem.

    Everything works fine, including:

    Web/443/TFTP from A to B

    SSH/Telnet from B to a.

    SSH/Telnet to nowhere A share around the world

    SSH/Telnet from other networks to B

    I removed the IPS of the equation, and everything is back to normal, so something must be up with the PPE.

    This is a new deployment... so the sensor uses its default configuration. I don't see anything stuck. About the only thing that has been set up are the interfaces. I tried different values in the field VLAN by default in menu interface configuration does not, and I don't think it's related to the configuration of VLANS since https/web and everything works fine.

    What I'm missing here? Any ideas?

    Thanks AOT

    There were a few [normalizer engine] signatures that will drop the traffic without alerting. I don't know if they still do, but check for active sigs that use the normalizer engine and is not an alert action.

  • a vSwitch does support internal traffic between the VLANS configured on the same vswitch?

    Hey gurus - I know that the virtual machines on the same port group will communicate internally - but a vSwitch will support internal communications between virtual machines on different VLANS configured on the same vSwitch?  Looking for definitive answers only.

    gman

    Welcome to the MSFN - no traffic is not internal when communicating through different VLAN-

    If you find this or any other answer useful please consider awarding points marking the answer correct or useful

  • VMOTION between the VLAN

    Can I put the VMOTION between two VLAN ID 101 and 102 ID?

    If you find this post useful/rectify your problem be sure to assign points

    Yes... It would fail if no routing prober is in place.

    Check vmkernel default gateways (esxcfg-road) and using vmkping...

    / Rubeck

  • Traffic between the clients

    Hello

    Two guest VM on the same host server copy (are in the same virtual switch) copy data between them using the DNS name.

    How traffic is transferred?

    I mean, data must use the same network card (and not the physical cable) and cable only DNS resolve, use the physical, I am correct?

    Thank you

    Hello

    When virtual machines are in the same VLAN on the same portgroup traffic will be lit in the virtual switch and will not let the host. Only the DNS request will go to the physical network.

    Tim

  • Not able to communicate between the VLANS on SG300-10

    Please take a look at my crude drawing of how I want my network to work:

    SG300-10
    __________________________________________
    | 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
    |_|___|__________________________________|
    |   |_________________________________
    |_________________                   |
    __________________  _______|_________  _______|_________
    |-VLAN 1-|  | - VLAN 10-|  | - VLAN 20-|
    |   Management |  | 192.168.10.1 |  | 192.168.20.1.
    | 192.168.1.250 |  |               |  |               |
    |________________|  | Internet router |  |   Devices.
    | 192.168.10.2.  | Box of physics |
    |_______________|  | 192.168.20.2 |
    | Server 2008R2.
    | DNS, DHCP, AD DC |
    |               |
    | Physical boxes |
    | 192.168.20.x |
    | W7 Workstations |
    |_______________|

    I put a static IP address on the server 2008R2 host and Internet router.  I have configured my VLAN and I put each VLAN IP (as shown above), I put a 0.0.0.0 route to the Internet router, but also routes for each range of IP VLAN x.x.x.0 and I put the gateway on all host on VLAN 20 to be 192.168.20.1.

    I'm unable to access the Internet, ping the router or access the webpage switch management of any host on VLAN 20 unless I manually set the IP address on the host VLAN 20 on the same IP range as the machine I'm trying to get. As such:

    If I manually set the IP host address to 192.168.1.50, I can access the administration of the switch, but then not RDP in or ping any host on VLAN 20 or ping the router Internet on VLAN 10.

    If I manually set the IP host address to 192.168.10.50, I can ping the router Internet but cannot RDP into or ping any device on VLAN 20, nor can I access the Switch Management page.

    If I let DHCP assign the IP 192.168.20.5, I can RDP in and ping all devices VLAN 20, but I can't ping all devices on VLAN 10 or access the administration of the switch to VLAN 1.

    I know I'm missing something simple, and I worked on it for about 30 hours now but can't seem to get this to work. Someone could possibly help?  Thanks in advance.

    Just to be sure, is the SG300 mode switching L3 / L2 switching?

  • Split of static traffic between the VPN and NAT

    Hi all

    We have a VPN from Site to Site that secures all traffic to and from 10.160.8.0/24 to/from 10.0.0.0/8.  It's for everything - including Internet traffic.  However, there is one exception (of course)...

    The part that I can't make it work is if traffic comes from the VPN (10.0.0.0/8) of 10.160.8.5 (on 80 or 443), then the return traffic must go back through the VPN.  BUT, if traffic 80 or 443 comes from anywhere else (Internet via X.X.X.X which translates to 10.160.8.5), so there need to be translated réécrirait Internet via Gig2.

    I have the following Setup (tried to have just the neccessarry lines)...

    interface GigabitEthernet2

    address IP Y.Y.Y.Y 255.255.255.0! the X.X.X.X and Y.Y.Y.Y are in the same subnet

    address IP X.X.X.X 255.255.255.0 secondary

    NAT outside IP

    card crypto ipsec-map-S2S

    interface GigabitEthernet4.2020

    Description 2020

    encapsulation dot1Q 2020

    IP 10.160.8.1 255.255.255.0

    IP nat inside

    IP virtual-reassembly

    IP nat inside source list interface NAT-output GigabitEthernet2 overload

    IP nat inside source static tcp 10.160.8.5 80 80 X.X.X.X map route No. - NAT extensible

    IP nat inside source static tcp 10.160.8.5 443 443 X.X.X.X map route No. - NAT extensible

    NAT-outgoing extended IP access list

    refuse 10.160.8.5 tcp host 10.0.0.0 0.0.0.255 eq www

    refuse 10.160.8.5 tcp host 10.0.0.0 0.0.0.255 eq 443

    permit tcp host 10.160.8.5 all eq www

    permit tcp host 10.160.8.5 any eq 443

    No. - NAT extended IP access list

    refuse 10.160.8.5 tcp host 10.0.0.0 0.0.0.255 eq www

    refuse 10.160.8.5 tcp host 10.0.0.0 0.0.0.255 eq 443

    allow an ip

    route No. - NAT allowed 10 map

    corresponds to the IP no. - NAT

    With the above configuration, we can get to the Internet 10.160.8.5, but cannot cross it over the VPN tunnel (from 10.200.0.0/16).  If I remove the two commands «ip nat inside source static...» ', then the opposite that happens - I can get then to 10.160.8.5 it VPN tunnel but I now can't get to it from the Internet.

    How can I get both?  It seems that when I hit the first NAT instruction (overload Gig2) that 'decline' in the list of ACL-NAT-outgoing punts me out of this statement of NAT.  It can process the following statement of NAT (one of the 'ip nat inside source static... ") but does not seem to"deny"it in the NON - NAT ACL me punt out of this statement of NAT.  That's my theory anyway (maybe something is happening?)

    If this work like that or I understand something correctly?  It's on a router Cisco's Cloud Services (CSR 1000v).

    Thank you!

    Your netmask is bad for your 10.0.0.0/8. I worry not about the port/protocol or since that can screw you up. A better way to do it would be to deny all IP vpn traffic.

    NAT-outgoing extended IP access list

    deny ip 10.160.8.0 0.0.0.0.255 10.0.0.0 0.255.255.255

    ...

    No. - NAT extended IP access list

    deny ip 10.160.8.0 0.0.0.0.255 10.0.0.0 0.255.255.255

    allow an ip

    Doc:

    Router to router IPSec with NAT and Cisco Secure VPN Client overload

    Thank you

    Brendan

  • I'm not sure how to make it work. 2 guests, 2 virtual machines, trying to keep the traffic on the Server Blade.

    I have two blades on the same chassis running ESXi 4.1, each has an Exchange Server on it. Im trying to keep the traffic between the two Exchange boxes contained between the two. I thought that I could put in the same vSwtich, but looks like I need vDS for this. I don't have this license level.

    Now, I found myself with two separate vSwitches with the same label. network, it shows them on the same vSwitch so they don't transmit traffic. because they are separate switches... my vSphere networking missing a bit... need to study more.

    Since you have virtual machines on different blades that the traffic between the two will have to cross a physical network card.   If you need to segment this traffic, you can configure a VLAN in your network, add a new group of port on each host to ESXi virtual machine and then set up a NIC in the virtual machines to use this group of VIRTUAL LAN port.

    Though the virtual machines on the same host (always) you can configure a single vSwitch.   In this case the traffic between virtual machines would not hit the physical network and you wouldn't need even a physical NETWORK adapter, attached to the vSwitch.

    Dave
    VMware communities user moderator

    ESXi Essentials free training / eBook offer

    Now available - VMware ESXi: planning, implementation, and security

    Also available - vSphere Quick Start Guide

  • Pwerconnect 6224: vlan client computers do not receive the ip address of DHCP server on a different VLAN

    Hello

    I have a prolem routing dhcp requests between the vlan management where DHCP server resides and the other VLANs.

    I have the scenario of base with three VLANS: vlan 10 (management vlan), 20, 30, configured on a Powerconnect 6224 switch L2 mode. This switch is connected to a pfsense router. The router is configured at the package of road between the VLANS and it does it well.

    In Vlan 10, I have a configured DHCP server to use the ip addresses of all the VLANS (10, 20, 30). VLAN 10 client computers receive ip address but not others from other VLANs.

    When I put the ip address in the appropriate range of VLANs manually on computers, I ping the server and I have connectivity.

    This suggests that the problem is with the dhcp package.

    The following is the configuration of the switch:

    Configure
    database of VLAN
    VLAN 10,20,30
    VLAN 1 1 routing
    VLAN 20 2 routing
    VLAN 30 3 routing
    output
    SNTP server time.nist.gov
    clock timezone 1 minutes 0
    battery
    1 1 member
    2 2 Member
    output
    DHCP IP address
    IP address vlan 10
    name of the IP-server 172.16.10.1

    bootpdhcprelay cidridoptmode
    interface vlan 1
    Routing
    IP 172.16.1.1 255.255.255.0
    output
    interface vlan 20
    Routing
    address 172.16.20.1 IP 255.255.255.0
    output
    interface vlan 30
    Routing
    IP 172.16.30.1 255.255.255.0
    output
    level of 20fc49459a1898b923ed3ec7b3e81276 user name 'admin' password encrypted 15
    No spanning tree
    spanning tree priority 0
    l2relay DHCP
    DHCP l2relay VLANs 10, 20-30
    DHCP l2relay circuit-id VLANs 10, 20-30
    !
    interface ethernet 1/g2

    l2relay DHCP
    switchport access vlan 20
    output
    !
    interface ethernet 1/g3
    l2relay DHCP
    switchport access vlan 30
    output
    !
    interface ethernet 1/g21
    switchport access vlan 10
    output
    !
    interface ethernet 1/g22
    switchport access vlan 10
    output
    !
    interface ethernet 1/g23
    switchport access vlan 10
    output
    !

    interface ethernet 1/g24
    switchport mode trunk
    switchport trunk allowed vlan add 10,20,30
    output
    Server SNMP community EyesOfNetwork ro
    SNMP-server community public ro
    output

    I followed the instructions in the powerconnect 6224 user guide, but no progress on this issue.

    Any help will be be grateful.

    Thank you

    Zoubeir

    The DHCP server stores information that could be useful? May need to configure monitoring ports and something as wireshark to monitor DHCP packets. This would help determine where the package is stopping.

    example:

    Console (config) #monitor session 1 source interface 1/g8

    Console (config) #monitor session 1 destination interface 1/g10

    session mode 1 #monitor console (config)

    right now I don't see anything in the config of the switch that stands out. If the DHCP server is configured for option 82, then you will need to include the following command on the switch.

    Example:

    Trust l2relay console #dhcp (config-if-1/g1)

    But I don't think that's our scenario here.

  • Definition of VLAN ACL blocks all traffic inside of the vlan

    Hello

    I test a 7024 PowerConnect switch, do some VLAN and want to test the traffic between 2 PC connection to the vlan by default. So I put a PC on Port 1 and the other on Port 2.

    I am applying only a permit ICMP any any rule on this vlan. This implies a refusal rule everything.

    But now I can't ssh from one PC to another?

    the ACL is an ibound IP AC, but I thought that this does not affect traffic in the vlan? Or am I wrong thinking?

    We tested this installation type and got the same results as you. It seems to be normal behavior. If I get more specific information to this I will be sure to answer back with her.

  • Confused on what I should do to the extent of the VLAN PVID vs

    I have a complicated image it's crazy to watch, but I hope I can explain it enough:

    I have currently a Powerconnect 2716 connected two Poweredge 2950's particular race as long as ESXi Hypervisors, and their data warehouses are on a MD3000i iSCSI SAN (the main use of the switch is the iSCSI san, servers have connections of backup for the client/guest network access).

    Hypervisors vmnic config was hokey at best because we did not have the second gigabit switch to have enough ports to run everything and have redundancy, so I ended up using a lot of 10/100 ports on my Catalyst 3750 PoE switch for guest computers and my iSCSI on the 2716 traffic.

    I now have the second 2716 and crosses the configs on the old switch, I realized that I had taken my comments machine network inside out vlan1 and iSCSI ports using the pvid.

    Here's my dilemma, I want the network traffic between the two switches for multiple VLANs, but not others.

    My proposed solution is

    (4) VLANS 1, 10, 130, 139.

    (3) GAL: 1 (2-4 ports), 2 (7, 8 ports) 3 (ports 14.14)

    belonging to a VLAN will be:

    -VLAN1 is for managing the switch, I will have my switches addressed as 192.168.1.1 and 192.168.1.2 and I want trunk VLAN1 LAG1 through so I can handle both switches and either: plug to switch to port 1 with a laptop or use a remote VM guest with shared resources in on LAG2 VLAN

    -VLAN10 is for my vMotion, just a 10.x.x.x and me planned to redirect it on the LAG even as my machine comments traffic

    -VLAN130 is my iSCSI SAN

    -VLAN139 is my Machine/vSphere Client/visitor access

    What I fear is VLAN139 traffic with the filtering of capture off the coast and out without label on 16 port which could cross the trunk of LAG 1 (ports 2,3,4) (via VLAN1) and which causes a loop since the 2716 does not support STP.

    I want to master the iSCSI, management switch and vMotion across two switches Dell but I want computers invited to climb their respective uplinks of switches. I can't have curls if not all my client/server traffic will cross through a Dell for the other Dell to find the uplink of work when the cisco STP auto disable one of the ports

    Can I do this, even if by default, all ports are in VLAN1 unidentified? Or I'll have to this redesign and PVID allows to separate the ports 10-16 and put my VLAN10 on LAG2 as well as iSCSI traffic?

    Can VLAN 10 exist on PVID 2 while the trunk between the 2716 is in 1 PVID and always pass traffic between switches?

    Have I fried the brain of everyone with my images and my knowledge "just enough to be dangerous?

    Thanks in advance! :)

    PVID 1 is the default, but if you change it on an interface, page 52 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-2708_User%27s%20Guide_en-us.pdf , then it will use the PVID you set to no marked traffic. So if you put LAG3 PVID 139, untagged traffic goes to 139 and tagged will go to VLAN 10. If Cisco is down not signposted in 139 with a PVID of 139, then everything should work correctly with your configuration and do what you want it to do.

  • flow of traffic between virtual machines

    If I had 2 machines virtual on the same slide in a M3 of b200 on the same vswitch, is communication on traffic between the 2 vms strictly inside the m3 Server?

    What if I had a virtual machines on a b200m3 and another virtual machine to another b200m3?

    same chassis and the chassis is connected to the FI

    Traffic between virtual machines will stay on the FI or it will mount the switch to basic?

    so, if is blade1 VM1 and VM2 is Blade2 and both on the same vlan
    Traffic will remain within FI or it will go up North to core?

    Both is possible! as I said above: If the entry and exit are on the fabric a RESP. B, it is switched.

    However, it could also be A penetration, exit on B or vice versa and then must go to the North (and get switched L2)

    What if

    Blade1 is VM1 and VM2 is on blade2 but on different VLANS, the traffic will have to hit the correct base gateway?

    Yes!

  • Routing between two VLANs on a switch in series SG300

    I've seen a lot of messages from people with problems of traffic between the two routing VLANS with some complex examples.  Can someone show a simple example for a SG300 switch (in layer 3 mode) to set up the two VLAN and send the traffic between VLANS without an external router?

    VLAN1 10.10.10.0

    VLAN2 10.10.20.0

    I tried to do through the UI and can't seem to make it work.  It seems that it must be very simple, so maybe I'm missing something in the GUI.

    Hi Chris,

    I did 5 minutes of recording that showed how I configured the two VLAN on my SG300 switch and layer 3-switched between the VLANS.

    You have no trouble getting to the GUI, so you will have no difficulty to setup in a few minutes...

    • Be sure to use the latest version of the SG300 package, with a bearable CLI.
    • to save your changes to the configuration at the end of the process.
    • the IP addresses that you create will be the address of default gateway for PC hosts on VLANs specified.
    • Recording can be interrupted at any time to perform configuration operations.

    Recording is now available on the website of the WebEx service. Click on the link below to read:

    https://Cisco.WebEx.com/ciscosales/LSR.php?at=PB&SP=MC&rID=55688352&RKEY=05e1fc5fff0d05da

    Configuration of VLAN

    Monday, October 24, 2011 11:02 New York time

    5 minutes

    Have fun

    Best regards, Dave

  • Encrypted L3 Communications between the TOWER and WLC?

    Hi all

    I work with a client who wants to put the towers away to their WLC (a 4402). The problem is that communications between the TOWER and WLC must be secured, even through their private Wan! I have a few questions that result, if someone is able to help you;

    1. I can't know if and what method of encryption is (is it AES etc.?) used on connections between towers and the WLC and what are the steps?

      1. The terminology can be a problem here, it's not a wireless mesh, just classic LAP for WLC
    2. EXTENSIVE customer network is already encrypted (IPSec VPN via VPLS) in parts - what is the consequence of execution of AP<-->WLC with end to end (if possible) on a network encryption EXTENDED with IPSec, i.e. double encryption?

    Strange but true - pointers will be greatly appreciated... Phil.C

    With a controller of the 4400 series, the control traffic between the AP and the regulator is already encrypted AES.  The user traffic is not encrypted.  If you use a 5508 controller all traffic between the AP and the controller is encrypted AES.

    For what is running the traffic through a VPN, it should work.  The issue I see with this is with the MTU in general.  The controller will drop all packets with a payload of less than 32bytes data.  According to the MTU over the VPN I've seen packets getting fragmented and it is a question.  If you use one of the versions CAPWAP (5.2 or newer) discovery dynamic MTU is part of the Protocol and this MTU problem does not really exist.

  • authentication between the ACS and AD

    Hello

    I would like to know what kind of authentication mechanism ACS 5.1 use to speak with Active Directory. Does simply use MSCHAP, MSCHAPv2 or PAP. By default, it uses PAP to talk between the Cisco IOS and the AEC on the 5.1.

    If you llook at the default admin tab and click on allowed protocols---> he mentions PAP.

    Should I use a safe means of transport between the ACS and AD. IDF, so anyone can say the authentication mechanism?

    Thank you

    Any meeting of directors like telnet, ssh and comfort they always use PAP as an authentication method.

    Although communication pap can be captured and read in this case in clear text. However, since we have Ganymede in use, he always encrypt the whole package with shared secret defined on the IOS and ACS/GANYMEDE so if you capture traffic between the radius and the device you won't be able to decipher it without the key.

    In case you have Ray then using SSH (Putty) so that it can help you for a safe communication.

    ACS and AD support PAP, CHAP, MSCHAPv1 and MSCHAPv2.

    However, the administration does not work on another method of authentication except PAP.

    HTH

    Regds,

    Jousset

    Note the useful posts ~

Maybe you are looking for