SGE2010 - traffic relay and DHCP configuration

Similar Questions

• L3 - SG300 - 28 p and DHCP

  Hi all

  I'm having a bit of difficulty up a SG300 - 28 p to L3 and DHCP. I will attach a basic network diagram and a very short list of my needs.

  I'm building a temporary network for a company event 1 day that I can't make it work in our office "Lab".

  L3 - SG300 - 28 p connects to our provider using a connection of the SFP.

  I have to be able to address IP DHCP 300 + using the SG300 - 28 p

  My problem is that I can ping my 2 machines test (manually configured IP) about 172.16.0.3 and 172.16.0.4, but cannot ping after the (internet) referral. Also DHCP distributes no intellectual property for the range 172.16.0.10 - 172.16.1.200

  VLAN 1 is set to 10.2.2.20 access port (to the provider through a connection on port 28 FPS)

  VLAN 100 is 172.16.0.2 access port (ports 1-26)

  I have the WLC and WAP tri...

  Is the set of even possible? I know that the EQ network is a bit budget for users, but for a one day business event I just do not have a budget for the purchase of switches better.

  Please excuse the gross chart.

  Thank you in advance.

  -RJ

  Thanks for the reply.

  With the information that you have provided, it seems the only part missing is the way return the unit for service providers. Unfortunately there is no way around that, and no, you will not be able to put anything between the two, because the device doing the NATting is unity of suppliers.

  I think that what is happening is that traffic is actually the side provider, but there is no way to do so as soon as the provider is not a route for the subnet in 172.16.x.x.

  Out of curiosity, why do you use a VLAN for the devices connected to the SG300? Could you use the 10 subnet Ip addresses? If you do this, you will not need to have a route back from the supplier, as all devices will be on the same subnet.

• module relay and DAQ Assistant

  Hello world!

  I am a beginner, and currently dealing with simple business priori Labview. Recently I got a USB relay Module must be integrated into an alarm system. Let's say that if we get some more value than the other, the relay must be closed and activate a siren (see attached example). For this I used the DAQ assistant and set up one of the output channel of the module. Using a simple Boolean switch, I can easily open the relay and close. However, if I use a case structure, an error is obtained, as the DAQ Assistant for an outing can be only used once. I mean, if the relay is closed and I want to go back to the initial situation, i.e. open relays, what should I do?

  Schematically:

  -If A > B, then closed relay

  -If has

  Sorry for the explanation of disorder, but I think you get the point.

  Thanks in advance

  I just got. The problem was that in the main vi, not in the example that I have attached, the same output via the DAQ Assistant has been configured for two structures of different cases. Obviously the relay module was going completely crazy, since I had two independent pairs of TRUE and FALSE labor at the same time. If I get, for example, TRUE for one structure box and FALSE for the other, the switch knows not what to do. I hope it is clear now...

• function of guard of source IP and dhcp DHCP scope of exhaustion (customer parodies other customers)

  Hello world.

  A dhcp server assigns ip address based on the mac address by equipment of the customer field in the dhcp packets.

  A potential attack is when a crowd of thugs mimics different mac addresses and causes the dhcp server to assign ip addresses until no ip address is left for legitimate host.

  For example, a host with mac1 h1 is designated by the ip address of the dhcp server as:

  199.199.199.1 mac1

  DHCP server has this entry in its database.

  Using hacking tools such as Yersinia or Gobbler can create a DHCP discover messages every time that create another mac for material scope of the client to the dhcp server, thereby causing a dhcp server to assign ip addresses because they are of legitimate dhcp to dhcp server discover messages with matching each another Mac in hardware of client addresses.

  You could use dhcp snooping and it will avoid that (exhaustion of dhcp scope) and configure the switch to check if the CBC mac fits the hardware address of the client in the dhcp message. But when even we can creat spoofed discover messages where mac src in the ethernet header will match the client hardware address in dhcp discovery message. It did not always overcome the problem.

  You might say use IP source guard characteristic but it really will prevent this problem from happening?

  Let me illustrate:

  H1 - f1/1SW - DHCP server

  Let's say that we have configured dhcp snooping on sw1 and f1/1 is untrusted port.  Switch a suite dhcp binding

  199.199.199.1 mac1 vlan1 f1/1

  Then, we configure source ip guard in order to validate the mac src and src ip against the dhcp bindings. When you configure keep source ip first, it will allow dhcp only if a host can request ip address and dhcp binding can be built. After that IP keep source will validate ip or mac src src or both against the binding.depending dhcp on how configure us source ip guard.

  In our case, we have configured source ip guard in order to validate the mac src and src ip against the dhcp binding.

  A dhcp connection is already created as:

  199.199.199.1 mac1 vlan 1 f1/1

  Now, using hacking tools Yersinia or Gobbler on h1, we create our first spoofed dhcp discovery message where mac src = mac2 ethernet header and client harware address = mac2 in dhcp discovery message. As the switch is configured with the function of guard of source ip and therefore allows dhcp discover message to pass through. DHCP server after you receive the message dhcp assigns another IP from the pool. The dhcp server has now after the entries:

  199.199.199.1 mac1

  199.199.199.2 mac2.

  We continue to spoofed dhcp to craft discover messages as described above and are dhcp server keep ip address assignment until exhausts the entire pool.

  So my question is how ip source guard in conjunction with dhcp snooping doesn't stop this attack does not happen? (IE DHCP scope exhaustion)

  I really appreciate your comments.

  Thank you and have a week.

  Hi Sara,.

  Ask was quite interesting. As far as I know that whatever it is port snooping untrusted won't let your fake dhcp server.

  You can take this query in the Sub forum of experts mentioned that is specific for dhcp snooping and source of guard.

  https://supportforums.Cisco.com/message/3689811#3689811

  Please assess whether the information provided is useful.

  By

  Knockaert

• Traffic filtering and tagging

  Any body has used traffic filtering and marking for traffic filtering, such as the declining traffic, creating port includes restrictions by vm, or the creation of DMZ as sets of rules, etc.?

  Thank you

  Sam

  Well, you don't need NSX, this is a core feature of the distributed vSwitch available since vSphere 5.5, it allows you to create a layer 2 and layer rules firewall of 3/4 on distributed distributed groups of ports or ports.

  I used it to isolate the virtual machines on the DMZ network similar to what would achieve a PVLAN configuration and I would say that it works pretty good, at least on a small scale.

  Check out these links:

  http://blogs.VMware.com/vSphere/2014/03/vSphere-distributed-switch-traffic-filtering.html

  https://pubs.VMware.com/vSphere-60/topic/com.VMware.vSphere.networking.doc/GUID-67CA4C18-4F18-4E23-A5C7-BC33112D4433.html

• The fields 'Name' and 'Domain' to 'DNS and routing configuration/host Identification' are always in gray

  In VI3, I used to change the settings of the host DNS (host and domain name) to the tab 'DNS and routing' - & gt; "Identification of home." Even more, if the DNS and DHCP are configured correctly in the environment, there is no need to set these values manually - they were discovered automatically. The story is defferent in vSphere 4. I still have the set of fields 'Name' by 'localhost' and 'Domain' field is empty. And I can't change them - they are grey.

  Seems that the host is still able to discover its hostname automatically. I see the proper name in the (left pane of vSphere Client) console tree. But these values are not met the 'DNS and routing' tab and I can't put them manually.

  This is normal and how do I use these fields now?

  Yes, you're right. It's a little strange, but it works this way in vSphere now.

  ---

  VMware vExpert 2009

  http://blog.vadmin.ru

• Where can I find the 'graphic moment and trigger Configuration vi '?

  Where can I find the professional tool #5: NOR-DAQmx graphic timing and trigger Configuration vi. It is discussed here http://www.ni.com/white-paper/3697/en/ but the link for download is broken.

  Is that what you are looking for?

  http://www.NI.com/example/28285/en/

  Check out the docs llb and Word attached on the left.

• Requirement of DNS and DHCP Server Essentials 2012 home

  I have a Server Windows Essentials 2012 acting as DNS and DHCP server with a domain name for backups etc on my home network. It's that everything works fine, no errors, no problem. Works well actually, telling me when the children did not install updates or restarted.

  I have two groups of users. My sons step, 10 and 12, which I want to use OpenDNS as a provider external DNS with a policy very, very limited and my wife and me who want to use indications of root or Google DNS or any other DNS provider. Others, specific devices no user (box of the xBox, WII, Satellite, TV, CCTV etc.) can use.

  Before the 2012 server, I had a 2 k 3 server running in a virtual machine for DHCP, alone and put my wife and my devices on static reservations with the just and external DNS provider used OpenDNS as the default scope, DNS. Unfortunately different bits of domain services 2012 don't seem to work unless the server of 2012 is the first DNS server listed on client machines (backups failed. Impossible to find other local computers). Currently, this means that we are all using OpenDNS.

  What I would like is a way to say 2012 to send adult group DNS queries to another DNS provider and leave the rest at default to OpenDNS, while still having them register in the original DNS domain. Any suggestions?

  This issue is beyond the scope of this site and must be placed on Technet or MSDN
  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• Someone uses another SMTP relay and then using my email address to send spam.

  Someone uses another SMTP relay and then using my email address to send spam. They have no access to my hotmail otherwise I see on sent items. I can see the SMTP server on the header. What should do?

  They send SPAM to some of my contacts.

  Someone uses another SMTP relay and then using my email address to send spam. They have no access to my hotmail otherwise I see on sent items. I can see the SMTP server on the header. What should do?

  They send SPAM to some of my contacts.

  Not a question for the forum of Virus and malware/scanning software and removal of threats.

  A moderator will move your post to the Forum Microsoft Account, Hotmail, Skydrive.

  http://ask-Leo.com/my_contact_list_is_getting_spam_from_me_what_do_i_do.html

• What devices transmit Frame Relay and how Frame Relay attached to your computer.

  What devices transmit Frame Relay and how Frame Relay link your computer to the internet provider server?

  OT: What devices transmit Frame Relay and how Frame Relay link your computer to the internet provider server?

  Hello

  Frame Relay is a standardized wide area network technology that specifies layers linking physical and logical channels of digital communications using a methodology of packet switching. Originally designed for transport in Integrated Services (ISDN) digital network infrastructure, it can be used today in the context of many other network interfaces.

  Network providers commonly implement Frame Relay for voice (see) and data as encapsulation technique, used between local area networks (LAN) over a wide area network (WAN). Each end-user gets a private line (or leased line) to a frame relay node. The Frame Relay network handles the transmission on a frequently changing path transparent to all end-users.

  Reference: Frame relay applications
  http://TechNet.Microsoft.com/en-us/library/bb726928.aspx

• I need manage the bandwidth used, PowerConnect 6224 traffic collision and packet traffic.

  I need manage the bandwidth used, PowerConnect 6224 traffic collision and packet traffic. I downloaded the MIB from the Dell support site and I saw thar there are about 105 MIB in the downloaded file. My question is: in what Mib, I can find the OID which allow me to monitor the above?

  Thanks in advance

  Rogerio

  Unfortunately, there is not a complete list of the different OID in different MIB. In order to find this info to simply browse through the different MIB seeking the OID, you need. We did some looking through the MIB and found these OIDs that can help you. Another thing to keep in mind is that the MIB downloaded are in general of a group of switches. So there are situations where a /OID MIB listed will work for a certain model of switch with certain level of firmware.

  RMON-MIB

  

  FastPath-cos-qos-mib

  

  Another method, some people have had success, done using a SNMP walk.

  http://www.snmpsoft.com/freetools/snmpwalk.html

  I hope this information helps. The method of importation for these MIBs can change based on the management/tracking software that you use.

  Thank you

• Backup and managing configurations on ONS 15454 devices

  We have a lot of ONS 15454 and CiscoWorks LMS 4 apparently does not support these devices (I can't pick the cards ML1000 configurations or configs of chassis).

  Can I save the configurations of the STC cards/chassis using the CTC? I see a backup option of database under maintenance contract, but I'm not entirely of this make. Basically, I want to assure you that if one of these devices suffers a hardware failure, I have backups of the way in which the circuits are provided.

  Is there a better tool to use?

  Any advice would be great

  For nodes to backup through the CTC, the Cisco ONS 15454 procedure Guides describe the steps to be taken to save the nodes (section below the latest version is:)

  Cisco Transport Manager is a management system of item available for the largest optical networks and has features to back up the databases of several nodes.

  =========

  NTP-A108 back up the database

  Goal	This procedure saves a backup version of the TCC2/TCC2P (software) database on the workstation running Cisco transport (CTC) controller or a network server.
  Tools/equipment	None
  Pre-trial proceedings	None
  Required / have required	Mandatory. Cisco recommends to perform a backup of database at intervals of about a week and before and after configuration changes.
  Onsite / remote	On-site or remotely
  Security level	Maintenance or higher

  

  Note You need to back up and restore the database for each node on a path of the circuit in order to maintain a complete circuit.

  

  Note The following settings are not backed up and restored: node name and Internet Inter - ORB Protocol (IIOP) port. If you change the name of the node and restore a backup of a database with a different node name, the circuits map to the new node name. Cisco recommends keeping a record of the old and new node names.

  Step 1 Complete the "DLP-A60 Log into CTC" task at the node that you want to back up. If you are already connected, go to step 2.

  Step 2 Click it maintenance > Database tabs.

  Step 3 Click on backup.

  Step 4 Save the database on the hard drive of the workstation or network storage. Use a file name with the extension of .db file. for example, database.db.

  Step 5 Click Save.

  Step 6 Click OK in the confirmation dialog box.

  Stop. You have completed this procedure.

• SNMP and DHCP requests on collector

  Hello world

  I want to see the SNMP and DHCP requests on the interface of collector.

  How can I see these queries?

  Y at - it logs through which we can see or some CLI to run on systems CASE.

  Please help me on this and suggest.

  Thank you

  Abuzar

  Hello

  a newspaper would be quickly filled if she provided details on all packages.

  The easiest way is to run a tcpdump on the collector.

  tcpdump for example eth0-i

  You can use tcpdump - help for more info.

  Hope this helps,

  Nicolas

  ===

  Please note the answers that will help you

• Series of unmanaged switches 100 and DHCP

  Hi all, we have a router RV082 switch 8 ethernet ports, it is actually 8 lan with a DHCP address assignment devices (router is used as switch/router and DHCP server).

  Now we need to increase the number of attached LAN devices (other pc, printers, etc.), and we think buy Cisco 100 ethernet switch Series 16 or 24 ports to connect to RV082.

  In this case RV082 will be able to assign DHCP addresses for devices connected to the eth switch ports?

  Thanks in advance.

  Hi Loris, yes it is not a problem. You should be able to switch on a lan port, connect computers to the switch and things should be OK.

  -Tom
  Please mark replied messages useful

• vSphere Distributed Switch 5.5 traffic filtering and tagging

  Someone had a chance to create a script to update the traffic filtering and marking of area of a group of ports on a vSphere 5.5 Distributed Switch? The settings are only exposed in the web client for Onyx is not an option.

  I need to create a rule with the values below.

  Traffic Filterig and marking:

  Set State enabled

  New rule of network traffic

  Name: name of the traffic rule

  Action: Tag

  CoS value: tag value Update CoS: 4

  Qualifiers of traffic:

  Traffic management: evacuation

  New qualifying traffic system: vMotion

  This is as much as I can get.

  $VDSPortGroup = get-VDSwitch Test - dvSwitch | Get-VDPortGroup Test-PG

  $Spec = new-Object VMware.Vim.DVPortgroupConfigSpec

  $Spec.configVersion = $VDSPortGroup.ExtensionData.Config.ConfigVersion

  $Spec.defaultPortConfig = new-Object VMware.Vim.VMwareDVSPortSetting

  $Spec.defaultPortConfig.FilterPolicy = new-Object VMware.Vim.DvsFilterPolicy

  Sorry, it took a little longer than expected.

  Try like this

  $dvSwName = "dvSw1".

  $dvPgNames = "dvPg1".

  $dvSw = get-VDSwitch-name $dvSwName

  # Activate LBT

  foreach ($pg in (Get-View-Id $dvSw.ExtensionData.Portgroup |)) Where {$dvPgNames - contains $_.} {Name}))

  $spec = new-Object VMware.Vim.DVPortgroupConfigSpec

  $spec. ConfigVersion = $pg. Config.ConfigVersion

  $spec. DefaultPortConfig = New-Object VMware.Vim.VMwareDVSPortSetting

  $spec. DefaultPortConfig.FilterPolicy = New-Object VMware.Vim.DvsFilterPolicy

  $filter = new-Object VMware.Vim.DvsTrafficFilterConfig

  $filter. Nom_agent = "dvfilter-credits-vmware.

  $ruleSet = new-Object VMware.Vim.DvsTrafficRuleset

  $ruleSet.Enabled = $true

  $rule = new-Object VMware.Vim.DvsTrafficRule

  $rule. Description = "name of traffic rule".

  $rule. Direction = "outgoingPackets."

  $action = new-Object VMware.Vim.DvsUpdateTagNetworkRuleAction

  $action. QosTag = 4

  $rule. Action += $action

  $ruleSet.Rules += $rule

  $filter. TrafficRuleSet += $ruleSet

  $spec. DefaultPortConfig.FilterPolicy.FilterConfig += $filter

  $pg. ReconfigureDVPortgroup ($spec)

  }