Several VLANS, 2 WAN - balancing load, Failover, and NAT - Oh my

Similar Questions

• The order of failover and load balancing

  Hello

  I have the following scenario. An ESXi with 4 Gbps vmnic. The questions are:

  (1) if I have a group of ports configured for 'Route based on the original virtual Port code' in the policy of balancing load, and for the same port group I the option button 'Override switch failover command"checked, where I set up 3 of the active adapters vmnic, as well as the other vmic remaining as unused adapter, the ESXi uses the policy that I have configured (in this case 'Route based on the original port code') between the three vmnic load balancing marked as active? Or he uses them in the order that they appear in the section active cards?

  (2) Suppossed, I configured the four physical switch ports in an etherchannel group to use 'Route based on the IP hash' load balancing policy. In this situation, then I configured for a certain group of port to only used two active adapters and two others as unused? In this case, ESXi should balance the load using the method hash IP but only in two active adapters? Or it is a misconfigiuration and I should not configure my nic teaming in this way?

  (3) the official setup guide says "NOTICE on IP requires the physical switch be configured with etherchannel. For all other options, etherchannel must be disabled. ». How can I I configured my virtual network, if I have a few groups of political ports based on the hash of the IP to use load balancing and another uses 'Route based on the original port code. This is the case when I for example have two management ports using the same vSwitch with four vmnic (where they are configured as an Etherchannel in the physical switch). I would port one or several groups for virtual machines that use the IP of the hash method of balancing the load and vmkernel ports por management uses only a single adapter active with no back and as "based on the source port ID" load balancing as best practices said.

  Now, the four vmnic is the same for all traffic. The physical switch ports must be configured in an etherchannel group because certain groups of ports will use the method of IP hash, but others are not. The configuration guide I said SHOULD NOT use etherchannel if I won't use the hash IP method, but I'LL use it, but only in groups of one or more ports.

  Maybe I do not share the same vmnic from this situation.

  Finally, it's a philosophical question. What is the difference between 'The route based on the source port ID' and the 'road based on the source MAC Hash' load balancing policy? What is the purpose of the second? It is assumed that if I had two different MAC address in a virtual machine, it would be because I had two different virtual cards inside the virtual machine, which would be connected to two different port ID in the vSwitch, I can use the first strategy (based on the original port code). In other words, which would be the case where I had the traffic entering the same vSwitch but port ID with different source MAC address, so I should chose the method to distinguish the Source MAC address load balancing traffic?

  Thank you.

  Guido.

  (1) as long as you override vmnic only and don't change the policy for this group of ports, he uses the policy configured at level vSwitch and use the selected interface 3 with this policy

  (2) it should work, I don't think it's a problem for the switch receive packets on a subset of the aggregation. I do not think that Etherchannel is supported (IIRC, it is a Cisco proprietary protocol, VMware only supports LACP passive, which corresponds to the Port channel world Cisco.) Trouble me if I'm wrong!)

  (3) I think that's all right, as I have explained in 2), there is no special negotiations with the consolidation of VMware, the important thing only I know is to configure the port on the side of the switch channel if you decide to use the IP hash (that will lead to important questions)

  4) (self labeled) I think it may differ in some cases individuals, as when the operating system use the same MAC address for both NICs (aggregation in-vm) or if you advertise several MAC address for the same network card (ESX in a VM for example would make for its VM). Such cases differently affect this setting.

  That is the right question, and I'm curious to know if someone wants to develop on it!

• PowerConnect 5448 several VLANS between upstream and downstream server firewall

  I am struggling with what I thought, would be a simple task: route several subnets, each on one VLAN different, a firewall to a server.  In fact, I can't even pass the VLAN by default one still looking correct in the address tables and STP.

  Port 1 = firewall, VLAN 1 unidentified, 2 VLAN Tag, 1 PVID, tried the two trunk and general patterns

  17 = server NIC, VLAN 1 unidentified port, VLAN Tag, PVID 1 and 2 2, tried, tried both safe and general patterns

  VLAN 1 (firewall untagged) 10.84.195.0/24, 10.84.195.2 Interface IP and default gateway 10.84.195.1

  VLAN 2 (tag of firewall) 10.101.0.0/16, IP Interface 10.101.0.2 for 2 VLAN, firewall est.1

  The first thing I got was that something has not been properly marked by (Hyper-V, using SC VMM 2012 SP1) server or the firewall (Watchguard XTM 520).  Simple test: VPN Firewall, ping the switch to 10.101.0.2 with the tag, and works, remove the label and it doesn't.  Dynamic address table shows the two-way firewall.  Line 18 below appears right after the ping as planned on VLAN 2 with the same MAC address in VLAN 1.  In addition, I ping the switch 10.101.0.2 from the server and it works fine.  The table shows that VLAN 2 from the host (and 1 other VM), so it seems to me that everything is properly labeled.

  	15	VLAN 1	00907f8f571b	G1
  	16	VLAN 2	00155d1f1b07	G17
  	17	VLAN 2	001dd8b71c01	G17
  	18	VLAN 2	00907f8f571b	G1

  What I can't do, is ping through the switch to VLAN 2.  I can't ping my VPN server (10.101.20.1), and I can not ping to the gateway (10.101.0.1) from the server.  Note, it is not because of rules to firewall on each end.

  What Miss me?  I don't think I need a routing of layer 3 here, I don't have to go through VLAN, just have them several VLANS passes from one port to the other.

  Other things to note in case it is useful:

  -I have no connectivity not tag with everything else through the 10.84.195.xxx/24 switch.

  -If I delete the Tags VLAN port 2 1 trunk, I suddenly can ping the bridge VLAN 2 (10.101.0.1) from the server, although I suspect that it is because the same port is the default gateway for the switch.

  -For brevity, only 2 lines of the STP are listed below, but all ports are therefore based on the question of whether they are connected or not.

  G1 activated 128.1 Frw Desg P2P (STP) No. 4
  G2 activated 128.2 Dsbl Dsbl No. 100.

  -Latest firmware installed.

  -In addition, for people concerned about their security, I want to remove use VLAN by default in the future.

  Would it be possible for run you to stick your show output here in the forum.  In this way, we can take closer look at what you have configured.

  If you connect a desktop/laptop computer (with and intellectual property in the 10.101.0.0/16 range) in a port with the mode of access switchport VLAN 2 are you able to ping IP Interface 10.101.0.2 for 2 VLANS?  You could try to disconnect the firewall and the configurations for the port and work on getting through the switch with 2 terminals on a single VLAN.  Then, once this is confirmed as work connect the firewall back up with a trunk/general mode adding the VLAN necessary.

  You connect to the firewall on a layer 3 interface?  You need Layer 3 routing to reach the firewall correctly.

• Since Apple ridiculously decided to abandon the center of games tab of my friends in the game does not load automatically and I have to go to GC and click the circle of friends so he could load, MORE I wonder constantly if I want to use my game stored loc

  Since Apple decided to abandon the center of games tab of my friends in the game does not load automatically and I have to go to GC icon and tap the circle of friends so he could load several times, MORE we continue to request if I want to use my game stored locally or my stored GC game. I refuse to install iOS 10, because it means of course I won't be able to manually load the tab my friends and my losing my game completely. How can I fix it? Remove the Center game is the worst thing that Apple could have done, in my humble OPINION.

  You will not lose your game entirely. I have several games of game Center, and they work fine. And I understand the developer of a game that this game center continues to store the backup of your game.

  It's just that now friending is handled via the interface of the game. The only options that you have in iOS10 is to go to the settings panel in / log out of game center or remove all friends. And none of the games I play has updated so I can see how their friending works with iOS10.

  Beyond providing the basic interface, Apple seems to have turned all aspects of the social game on the games themselves.

  If you want to make Apple know how you feel, you can leave your comments via this form

  http://www.Apple.com/feedback/

• I ran several analyzers antivirus from AVG to ODILE and none of them does not seem to get rid of this virus (Exploit: win32 / pdfjsc.dr)

  I ran several analyzers antivirus from AVG to ODILE and none of them does not seem to get rid of this virus (Exploit: win32 / pdfjsc.dr)

  Any suggestions apart from simply all formatting?

  Hello

  Exploit: Win32 / Pdfjsc.Dr
  http://www.Microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=exploit%3aWin32%2fPdfjsc.Dr

  If you need search malware here's my recommendations - they will allow you to
  scrutiny and the withdrawal without ending up with a load of spyware programs running
  resident who can cause as many questions as the malware and may be harder to detect as
  the cause.

  No one program cannot be used to detect and remove any malware. Added that often easy
  to detect malicious software often comes with a much harder to detect and remove the payload. Then
  its best to be thorough than paying the high price later now too. Check with them to one
  extreme overkill point and then run the cleaning only when you are sure that the system is clean.

  It can be made repeatedly in Mode safe - F8 tap that you start, however, you must also run
  the regular windows when you can.

  TDSSKiller.exe. - Download the desktop - so go ahead and right-click on it - RUN AS ADMIN
  It will display all the infections in the report after you run - if it will not run changed the name of
  TDSSKiller.exe to tdsskiller.com. If she finds something or not does not mean that you should not
  check with the other methods below.
  http://support.Kaspersky.com/viruses/solutions?QID=208280684

  Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
  (If Rootkits run UnHackMe)

  Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

  Malwarebytes - free
  http://www.Malwarebytes.org/products/malwarebytes_free

  SuperAntiSpyware Portable Scanner - free
  http://www.SUPERAntiSpyware.com/portablescanner.HTML?tag=SAS_HOMEPAGE

  Run the malware removal tool from Microsoft

  Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.

  You should get this tool and its updates via Windows updates - if necessary, you can
  Download it here.

  Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
  (Then run MRT as shown above.)

  Microsoft Malicious - 32-bit removal tool
  http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

  Microsoft Malicious removal tool - 64 bit
  http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=en

  also install Prevx to be sure that it is all gone.

  Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

  Prevx - Home - free - small, fast, exceptional CLOUD protection, working with others
  security programs. It is a single scanner, VERY EFFICIENT, if it finds something to come back
  here or use Google to see how to remove.
  http://www.prevx.com/   <-->
  http://info.prevx.com/downloadcsi.asp?prevx=Y  <-->

  Choice of PCmag editor - Prevx-
  http://www.PCMag.com/Article2/0, 2817,2346862,00.asp

  Try the demo version of Hitman Pro:

  Hitman Pro is a second scanner reviews, designed to save your computer from malicious software
  (viruses, Trojans, rootkits, etc.). who infected your computer despite safe
  what you have done (such as antivirus, firewall, etc.).
  http://www.SurfRight.nl/en/hitmanpro

  --------------------------------------------------------

  If necessary here are some free online scanners to help the

  http://www.eset.com/onlinescan/

  -----------------------------------

  Original version is now replaced by the Microsoft Safety Scanner
  http://OneCare.live.com/site/en-us/default.htm

  Microsoft safety scanner
  http://www.Microsoft.com/security/scanner/en-us/default.aspx

  ----------------------------------

  http://www.Kaspersky.com/virusscanner

  Other tests free online
  http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1

  --------------------------------------------------------

  After the removal of malicious programs:

  Also follow these steps for the General corruption of cleaning and repair/replace damaged/missing
  system files.

  Run DiskCleanup - start - all programs - Accessories - System Tools - Disk Cleanup

  RUN - type in the box-

  sfc/scannow

  Then run checkdisk (chkdsk).

  RUN - type in the box-

  Chkdsk /f /r

  -----------------------------------------------------------------------

  If we find Rootkits use this thread and other suggestions. (Run UnHackMe)

  http://social.answers.Microsoft.com/forums/en-us/InternetExplorer/thread/a8f665f0-C793-441A-a5b9-54b7e1e7a5a4/

  ================================

  For extreme cases:

  Norton Power Eraser - eliminates deeply embedded and difficult to remove crimeware
  This traditional antivirus analysis does not always detect. Because the Norton Power Eraser
  uses aggressive methods to detect these threats, there is a risk that it can select some
  legitimate programs for removal. You should use this tool very carefully and only after
  you have exhausted other options.
  http://us.Norton.com/support/DIY/index.jsp

  ================================

  If you are in North America, you can call 866-727-2338 for virus and spyware help
  infections. See http://www.microsoft.com/protect/support/default.mspx for more details. For
  international information, see your subsidiary local Support site.

  Microsoft support - Virus and Security Solution Center
  http://support.Microsoft.com/contactus/cu_sc_virsec_master?ws=support#TAB0

  I hope this helps.

  Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">

• can not get windows puts down dale load KB2492386 and KB2522422

  Hello. for several months, I get this window dates but not down load I used fix it several times too dates code are KB2492386 and KB 2522422 please help me how can I solve this down load them into my computer

  Hello

  
  You get an error code when the updates of Windows fails?
  
  Perform the steps in the article mentioned below and check if the problem persists.
  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-problems-with-installing-updates
  
  Hope that helps.

• Disorders from several VLANS layer 2 layer 3

  Hello

  We have a layer switch 3 PowerConnect 6248 switch with multiple VLANs and active routing and also a layer 2 with a PowerConnect 5324 switch couple VLANS configured.  My goal is to have several VLANs, through level 3 for the layer 2 switch switch and all VLANS communicate between them.

  I followed the steps under the 3 layer + Layer section 2 to the title of this post:

  en.Community.Dell.com/.../19506015

  Unfortunately, it does not work.

  Here is my current set up and what I tried. My configuration is made via the web interface.

  The 6248 has VLAN 1, 64, 110, 150 and some other configured on the switch. The IP address of the 6248 is 192.168.64.1.  I'm trying to get some vlan 150 and 110 for the layer switch 2 for may I have some ports in the service of vlan vlan portion 150 and some 110.

  I have the IP routing (routing > IP > Interface Configuration) for vlan 150 as 192.168.150.1/24 and vlan 110 as 192.168.110.1/24.

  The 5324 is connected to the 6248 via a port (connected to the port 1 of the 5324 and 18 the 6248).  18 on the 6248 port is currently configured as general / Admit All/PVID 150.  Port 1 on the 5324 is currently configured for the same, but with a PVID of the 1.  150 of VLAN is sent without the label of the 6248 switch and vlan 110 is sent labeled.

  5324 switch is configured with an IP 192.168.150.2 and a gateway of 192.168.150.1.  I am able to access the web interface of the switch and connect machines in any port and get on the 192.168.150.0 subnet.  I created a vlan 110 on the 5324 and it the tag on ports 1 and 4, but port 4 will not any traffic to vlan 110. I tried many settings of belonging to port / vlan various which have all resulted in failure.

  I would greatly appreciate help on this.  It seems that such an easy feat, but I just can't understand it.  I have attached some pictures for people to see.

  

  

  

  

  

  

  

  

  

  I had figured it out.  I enabled Double VLAN on the trunk of the 6248 switch port and it works now.

• Explore Windows 7 64 bit slow loading screen and windows welcome does not

  Hello guys :D

  I had this problem yesterday and look really weird because I use several method to solve for 'Blocking with the Welcome screen' or 'Windows Explorer is not responding. So here's the problem:
  As I said, I had the windows with the "Welcome" screen stucks But some time later, about 15 minutes that it full load. Well, THIS IS more BIG PROBLEM: my office was black with my cursor! About 10 minutes, this return to normal, BUT the icons are not loaded. And when I click on any folder or right click of mouse, WINDOWS EXPLORER IS NOT the ANSWER (error status code c0000185 InPageCoFire) and need to restart. I restart and once again, does not. My laptop is now like that, turn on, wait 15 minutes and watch "Windows Explorer is not responding" and turns off.
  It makes me really mad. So I really appreciate for your help. Sorry if this question was asked before

  Uh, seems to be still the gel, you can try another way! Enter again the Advanced Boot Options, then choose 'Safe Mode'. Your loading windows basic drivers and services that could help you get into the windows desktop without encountering any problems. Once you're in safe mode, tap Start menu and search for "cmd". Right-click on 'cmd' and select them "run as Administrator". When the command prompt appears, check your disk file system error hard by typing "chkdsk c: /f" (do not type the quotation marks) if "c:" is a drive letter on your Windows 7. Restart your computer, and it checks file system of the disk for errors. When the analysis was finished and reboot, re-enter the Advanced Boot Options, choose "Safe Mode" again. And then open command prompt with administrator, and then type this command "sfc/scannow" (do not type the quotation marks). SFC (System File Checker) can check your file system were healthy or not. Wait until after the analysis. Then, restart your computer. If these tips don't help, update your status question. :)

  

• WLC 2504 several VLANs multiple SSID

  I have three sites

  Data center management unit A - main - controller + Access - Point IP 172.16.x.x - Vlan 38

  Unit B - system managed by controller IP 172.17.x.x - Vlan 38 Access Points

  Unit C - system managed by controller IP 172.18.x.x - Vlan 38 Access Points

  In the network topology OSPF runs. We have several VLANS about 38 we wish to propagate through SSID, but maybe I'm not create more than 16. How to make a movement of the user of a unit for unit B how do mention Vlan IP for the user because it is 38 Vlan spread on each unit.

  UNIT A - UNIT B - UNIT C

  |                            |                               |

  172.16.X.X 172.17.X.X 172.18.X.X

  |                            |                               |

  VLAN 2-38 VLAN 2-38 VLAN 2-38

  |                            |                               |

  AP-1                          AP-2                        AP-3

  |                               |                               |

  User to user-1 user-2-3

  Need of advice and suggestion

  Hello Saad,

  If I understand your scenario, you have 2-38 or 16 VLAN for each unit. To ensure exactly the addressing specific IP must be assigned to the user, you must create groups of AP and add AP group particular AP. Let's say for the 1st floor that you used the subnet 192.168.1.0/24 and AP-group1 so all the first floor AP will be in AP group1. In addition to browse documents cisco you will get any idea on AP groups concept.

  In order to obtain roaming when users move from one unit to another unit we configure mobility in the controller. As OSPF is already running then you have reach-ability between the controller.

  Hope this information helps you.

• 1252 config several VLAN trunking on ethernet not

  Hi all I am new to these forums, but have read some posts on configurations for an AP from 1252 to switch 2950.

  I have several VLANS andmultiple SSID configuration on my ap.  The switch knows the VLANS on the access point

  I think that in the config.

  When I put the 2950 in trunk mode on the port, the ap is conencted too, I can see no longer the access point. And none of my ssid / VLAN traffic through the stem net ether to the switch.  I think I have a problem with the config of the ap specifically either in the British Virgin Islands (do not understand this virtual port) or in bridge groups. (Never worked with foredeck groups.)

  The AP is in stand-alone mode.

  Here is my config on the side of the ap.

  interface Dot11Radio0

  no ip address

  no ip route cache

  !

  the cipher mode vlan 300 encryption tkip aes - ccm

  !

  broadcasting-key vlan 300 change 600 members-notice change in capacity

  !

  !

  SSID 101

  !

  SSID 300

  !

  countermeasure tkip duration of maintaining 120

  gain of antenna 0

  Base-1 speed, 0 2.0 5.5 11.0 6.0 12.0 9.0 18.0 24.0 36.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

  root of station-role

  Bridge-Group 1

  Bridge-Group 1 block-unknown-source

  No source of bridge-Group 1-learning

  unicast bridge-Group 1-floods

  Bridge-Group 1 covering-disabled people

  !

  interface Dot11Radio0.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  100 block-unknown-source bridge-group

  No source of bridge-group 100-learning

  No bridge group 100 unicast-flooding

  Bridge-group 100 covering people with reduced mobility

  !

  interface Dot11Radio0.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  Bridge-group subscriber-loop-control 255

  Bridge-group 255 block-unknown-source

  No source of bridge-group 255-learning

  No bridge group 255 unicast-flooding

  Bridge-group 255 covering people with reduced mobility

  !

  interface Dot11Radio1

  no ip address

  no ip route cache

  !

  the cipher mode vlan 300 encryption tkip aes - ccm

  !

  broadcasting-key vlan 300 change 600 members-notice change in capacity

  !

  !

  SSID 101

  !

  SSID 300

  !

  countermeasure tkip duration of maintaining 120

  gain of antenna 0

  DFS block 3 Strip

  Speed - Basic6.0 9.0 12.0 18.0 36.0 24.0 48.0 54.0 m0. M1. M2. M3. M4. M5. M6. M7. M8. M9. M10. M11. M12. M13. M14. M15.

  channel SFR

  root of station-role

  !

  interface Dot11Radio1.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  100 block-unknown-source bridge-group

  No source of bridge-group 100-learning

  No bridge group 100 unicast-flooding

  !

  interface Dot11Radio1.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  Bridge-group subscriber-loop-control 255

  Bridge-group 255 block-unknown-source

  No source of bridge-group 255-learning

  No bridge group 255 unicast-flooding

  Bridge-group 255 covering people with reduced mobility

  !

  interface GigabitEthernet0

  no ip address

  no ip route cache

  automatic duplex

  automatic speed

  !

  interface GigabitEthernet0.51

  51 native encapsulation dot1Q

  no ip route cache

  Bridge-Group 1

  No source of bridge-Group 1-learning

  Bridge-Group 1 covering-disabled people

  !

  interface GigabitEthernet0.100

  encapsulation dot1Q 100

  no ip route cache

  Bridge-group 100

  No source of bridge-group 100-learning

  Bridge-group 100 covering people with reduced mobility

  !

  interface GigabitEthernet0.300

  encapsulation dot1Q 300

  no ip route cache

  Bridge-group 255

  No source of bridge-group 255-learning

  Bridge-group 255 covering people with reduced mobility

  !

  interface BVI1

  IP 10.131.10.70 255.255.255.0

  no ip route cache

  !

  51 of VLAN is what I'm trying to trunk more.  VLAN 100 is my networks vlan normal almost everything at the moment.  And my attempt to secure traffic wireless to a new vlan Vlan 300 more course on my local network.

  VLAN 51 has no ip address range

  IP VLAN 100 range is 10.131.10.0

  10.131.11.0 between 300 VLAN

  The routing goes to my switch 3750 core / router, but the access point is conencted to a 2950 namely shared resources to my layer distribution on a stack of 2975.  Once again the vlan 300 works on the 2975 stack and will pull dhcp if it is enabled.  Have not tried this on the 2950 yet, but I suspect it will also work based on the setting of the trunk on the s950 battery of 2975.

  In any case, I want to be able to do is have multiple VLANs configured on the AP (from most secure to least guarantee based on the capabilities of the equipment) and that traffic vlan tag go to my 3750 possibly for other guidelines.

  Here, any help would be greatly appreciated.

  Thank you for taking the time to read this.

  Sincerely,

  Kevin Pulford

  Systems administrator

  Harmon city, Inc.

  Yes, remove the vlan 51 can tell vlan 100 is the native, and there will be a link to bridge - Group 1.  Then change the switch port to vlan 100 native.  You should then be able to reach the access point via telnet/GUI.

  orders will be:

  config t

  No int dot11radio0.51

  No int dot11radio1.51

  No int g0.51

  int dot11radio0.100

  100 native encapsulation dot1q

  int dot11radio1.100

  100 native encapsulation dot1q

  int g0.100

  encapsulation dot1q 100 natively.

  To be sure, save reboot and wr mem.

• 4235 IDS Sensor monitoring several VLANS &amp; TCP Reset (packet Injection)

  I understand that the 4235 sensor can receive traffic are split to several VLANs than 802. 1 q tags have been placed on the switches (3750 of in this case).

  I have two questions (account required to the statement above in correct).

  1 is it possible to inject traffic (eg. reset the TCP sessions) in each of VLAN monitored (i.e. the 4235 would mark the package injected with good destination VLAN for the response) or only the native/actual VLAN the SPAN destination.

  2. is the traffic carried by the 4235 as coming from multiple virtual interfaces (eg. for the period of INVESTIGATION purpose spoof detection within each VIRTUAL local area network)?

  Thanks much for the reading of the same day. Any input greatly appriciated.

  On your second question, no. monitored traffic is considered as coming from a single virtual interface. The sensor reads the header of the vlan on the packages wrapped and includes with the alarm and more uses for TCP resets. But, you can apply signatures for traffic VLAN specific sensor is followed.

• SA520W VPN from Site to Site with several VLANs

  Hello

  I have a customer here with several VLANS in their places who wants to set up a VPN from Site to site between 2 devices SA520W. Unfortunately I can not find a way to set it up. In the VPN policy, I can choose between everything (which is not what I want, I want only traffict between subnets the routed via VPN), IP address unique, a beach (in a subnet) and a subnet itself - but only one. I don't find a way to configure several subnets in the selection of local traffic and remotely. Adding another IKE policy between the 2 sites does not either (which is good normally).

  Any ideas? Anything I'm doing wrong?

  Thank you for your help.

  Best regards

  Thomas

  I know that if you have an ASA or a router, you can define as VLANS to pass through the tunnel.

  Do not have access to a SA520W to test...

  A recommendation might be to post the question on the SMB community where they answered questions related to this product, just to check what other people did.

  Federico.

• Several VLAN, SSID

  I get to the point where my campus wireless network grows beyond the size of the subnet that I am uncomfortable dealing with.  I have a WISN and WCS and spin the latest IOS on each.  Is it possible to use several VLANS on a campus-wide SSID?

  Or, can I put the same SSID on both controllers and map it to two separate without causing problems roaming VIRTUAL networks?

  Thank you

  Eric

  Hi Eric,.

  Yes we do, and this feature is called grouping AP on WLC... Here is the sample configuration to do the same thing...

  http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

  Concerning

  Surendra

• Failover and rebuild the eve

  Hello
  
  To verify if the standby PB works perfectly in case of failure, we go to our database before failover. Swicthover_status replied with swicthover not allowed in elementary school, I decided the procedure below:
  
  1. judgment of the primary DB.
  
  2. turn the main eve
  
  3 perform dml on new primary, when the work is done, the new principal will not be necessary.
  
  Now my task is, if I'm doing a cold backup of db pending before making primary, can I replace the backup to cold after the task so that it behaves like db Eve as it was before? In this case, I don't need to recreate the standby db.
  
  Kind regards

  Hello;

  Probably not. You have several questions. This method is likely to worse instead of better. If you want to test failover to bring flashback working on the primaries and the sides of the day before.

  After a failover, you want to retrieve primary school, the old primary as new secondary. Once it is functional, you get two SYNCHRONIZED servers and perform a failover and primary school and the day before are back the way they should be.

  I test short notes here:

  http://www.Visi.com/~mseberg/data_guard/Data_Guard_Failover_Test_using_SQL.PDF

  Update

  What you might consider is the method of cold backup is a false test. This isn't how he'll get into the real world. In my view, that the test should align as closely to what could happen in production as possible.

  Failover is also something you should give a lot of thought to. I have databases where if the power failure is about 5 minutes or less the failover is more trouble and more risk than its worth. I have other where they need to be in place 24/7. Ask yourself if you can make a move to the square. What are your other options? Its great to have a failover plan and be prepared, but less use you it the better I say.

  Best regards

  mseberg

  Published by: mseberg on March 27, 2013 07:15

• PowerConnect 2848 - several VLANS on the 1 port does not

  Hello everyone.

  I have a Dell PowerConnect 2848.  My router is a Netgear SRX5308. In the router, I've created several VLANs (VLAN ID 10 and 20) and would that pass to the ESXi server. If I connect the ESXi server directly to the router, everything works as expected. My VMs are picking up correct VLAN based on the parameters of ESXi.

  I need the 2848 between the two, because I need to add more devices and other servers with a VLAN specific.

  Currently I use port 25 for switch 2848.

  I put the switch to managed mode.

  I created switch-> VLAN-> belonging to a VLAN, VLAN ID 10 and 20.

  I select 10 VLANS and put the T on port 25.

  I select the VLAN 20 and put the T on port 25.  (I also tried to put a U on them, just to try, but did not work)

  But my virtual computer are not able to reach the DHCP on the router.

  Spanning Tree is enabled.

  I'm obviously missing something...

  I have already passed last week banging my head on this, but have not been able to pass traffic along.

  Help, please!

  So you're on the right track. If port 25 is facing the router? What port must face the ESXi Server? That port should also have VLAN 10 and 20 should be labelled.