Protocols / Routing :: How To Check External Subnet
Sep 25, 2012
I have to get a list of external subnet's and external IP's for several properties so that the web based time card software can restrict access.I can get external IP easy, but I don't see an easy way to get the subnet. Is the only way to do this by contacting comcast/att at for each location and check with them?
Main Site allows communication from Remote Site via VPN to Windows ServerMain Site also has a secondary subnet that communicates ONLY through internet but NOT to the Windows Server.Sonicwall 192.168.168.x is main siteRemote Site is 192.168.0.x connecting to Main Site to access shared folders on serverSecondary subnet at Main Site is 192.168.0.x using Windows XP PC's. They are accessing a linux server at 192.168.0.215 which Main Site has no access to.VPN remote ip's are 192.168.0.x - they can successfully access the Windows Server at 192.168.168.100 BUT NOT 192.168.0.215.GOAL: Want to connect Remote Site to Secondary subnetWilling to make router changes or whatever is necessary to get Remote Site to access Secondary Subnet with the only exception that the Secondary Subnet REMAINS.VPN DHCP is turned off but willing to turn it on.Willing to make the Linux Server 'discoverable' on the Windows Server. Don't know linux at all but another co-worker set it up and can make changes.
I have a Belkin router (model to follow when back at work), which I've set up port forwarding, or virtual servers as it's called in the router admin. I also have a PPPoA login with static IP from BT which has been set up on the router.Essentially, if I was to visit the routers IP address in a browser, It should go via my router and through it's port 80 forwarding to the assigned IP which has a static IP rather than DHCP assigned IP within the network. The computer with this IP has a web server set up, and the holding page will be shown in the browser. This is how it should work.
Mine works exactly as it should as shown above... Some of the time. Generally though, connecting to the network externally doesn't work, and the port forwarding seems not to work. I've tried pinging the external IP and get connection time outs, which obviously is not ideal. When I reset the router it sometimes works as it should, but mainly doesn't. I have a few ports forwarded to a server computer, and when the web server cannot be contacted, neither can any of the other forwarded connections.
partition the departmental IP network address block to create a staff and a student subnet. Each of these will be identified by its own network address and netmask. It is university policy that you must be economical with the IP addresses. That is, the subnets must be as small as possible, but they must be large enough to accommodate the maximum number of hosts you were given. Also, it is university policy that the respective gateway router to the outside world should always be given the highest possible host IP address in the subnet. The student subnet should have a higher IP network address than the staff subnet. The network must be able to support up to 60 machines on the staff subnet (not counting the router) and up to 120 machines on the student subnet (also not counting the router).
IP address/netmask University network address127.158.128.0 University network mask255.255.192.0 University internet gateway IP address127.158.191.254 Department network mask255.255.254.0 Department router address127.158.129.254
Suppose that the network address of the departmental network is 127.158.128.0 (calculated by AND between Dep network mask and Dep router address)I know that 60 machines would use 6 bits for the staff subnet.the netmask of staff would be 255.255.255.192.how can I figure out the the IP network address of the staff subnet.I have worked out the range for the staff subnetwork.
We have configured a Fex port as acces port but the port no up becouse appear in suspended state, i think the problem is a vlan mistmach as appear in the consistence-parameter information but i not found in what part allow the correct vlan, the N2K are connected to 2 N5K, and 5K are connected to2 N7K
%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 41 on Interface Ethernet101/1/48 are being susp ended. (Reason: Vlan is not configured on remote vPC interface) [code]
I remember there is one command which can tell you which memory slot has how much big memory in Cisco 2800 or 3800. But at this moment, I just couldn't recall this command. I checked "show diag" but didn't see any information about memory.
I feel that 3560 and 3750 perform differently with the following two commands:
srr-queue bandwidth shape 5 0 0 0 srr-queue bandwidth limit 50 On 3750, the bandwidth for queue 1 is limited to 100mbps x 50% / 5 = 10mbps On 3560, the bandwidth for queue 1 is limited to the smaller value of BW / shape weight and BW x limit%.
Does it sound about right? is there a way to check for mls qos input queue drops? The show mls qos interface xxx stat only shows the output queue drops. Maybe for some reason the input queue never drops?
What I am trying to do is I have one switch with say a 10.1.9.1 sub-net I need to have one of the ports to be trucked with two vlans one for DSL and the other for a local connection with the sub-net of 10.1.5.1 both of the sub-nets are configured in the core as 9 and 5 so I have port 0 set up as a trunk and it is set up as ge-0/0/0.0 vlan_5, vlan_192 on the 10.1.9.1 subnet switch. The DSL is working but the local is not pulling a 10.1.5.1 IP and has no connectivity. Everything looks as if it is configured correctly but still the DSl is working but not the Local connection.
I have got a PC at work (Windows XP Pro SP3) that is on two networks with the IPs 10.20.30.167, subnet 255.255.255.0 (internet enabled) and 10.0.0.20, subnet 255.255.255.0 (no internet). On the 10.0.0.X network there is a gateway with the IP 10.0.0.200 allowing access to another network; 192.168.60.X, subnet 255.255.255.0 (no internet). I have added the route on my work PC to access the 192.168.60.X network via this gateway and I can access all PCs on all three networks from this PC.Now, I am using LogMeIn Hamachi so that I can access the networks at work from home. The PC at work is the 'gateway' PC on the Hamachi network. When installing Hamachi it created a new network connection and bridged this connection with my 10.20.30.167 network adapter to allow access to the 10.20.30.X network from an external PC when connected using the Hamachi VPN connection. I have manually configured my Hamachi connection on my PC at home to the IP 10.20.30.169, subnet 255.255.255.0, with the default gateway set to 10.20.30.167. I can ping all computers on the 10.20.30.X network from my PC at home.
I then added a route on my PC at home for 10.0.0.X to go via 10.20.30.167 (the 'gateway' on the Hamachi network). I also enabled IP forwarding on the 'gateway' PC (my PC at work). I can not ping any PC on the 10.0.0.X network from my PC at home apart from 10.0.0.20 (the other NIC in the Hamachi gateway PC) and 10.0.0.30 (another PC on the 10.20.30.X network that is also on the 10.0.0.X network).Now, with IP forwarding enabled on the Hamachi gateway PC I would assume after adding the route on my PC at home for 10.0.0.X traffic to go via 10.20.30.167 that I would be able to ping all PCs on the 10.0.0.X network...I also tried adding a route on my home PC to send all traffic for the 192.168.60.X network via 10.20.30.167 which has a route via 10.0.0.200 to the 192.168.60.X network, but this also did not work.I then tried adding the 10.0.0.20 network adapter into the network bridge that the Hamachi connection made, also keeping both IPs (10.20.30.167 and 10.0.0.20) on this network bridge by adding them into the 'IP Settings' in the 'Advanced TCI/IP Settings'. I also added the 10.0.0.200 gateway for good measure. I still cannot ping any PC on the 10.0.0.X or 192.168.60.X networks from my PC at home.
I have also added the route to the 10.20.30.X network on a PC on the 10.0.0.X network to go via 10.0.0.20 and tried pinging a PC on the 10.20.30.X network but this also has not worked. Also setting the default gateway on a PC on the 10.0.0.X network to 10.0.0.20 does not allow this...Surely bridging the networks 10.20.30.167 and 10.0.0.20 on my work PC would allow another PC on the 10.0.0.X network to access the 10.20.30.X network after adding the route or setting 10.0.0.20 as the default gateway?
I am on a call right now troubleshooting some latency issue. The CPU usage on the sup card is low. Don't see any drops or input errors. I am aware that the switch and its modules have capability limits. Is there command I can run which will tell me if any module is overloaded or if the fabric/backplane is over utilized?My chassis is WS-C6513 and sup card is WS-SUP720-3B.
I had a bad power surge yesterday that took out a 2960g switch and the APC UPS that it was connected too. when plugged in the fan comes on and the syst light stays amber and the rps, stat, duplex. and speed light stay lit and the port lights for ports 21-24 stay lit. plugging it into the console on boot I cant even see rommon, so i dont think its even booting. I would like to find a pinout and voltage guide for the connector comming off the power supply so I can check the voltages coming off the power supply to tell if it is a bad PSU or if it took out the main board.
I have a cisco 877w and ive setup two ssids on it each with different vlans (I intend to use the zone based firewall to lock down the guest zone later)
Ive made a quick diagram of my network its a single server with 2 NIC's one for the internal lan and another for the external network (direct connection to the router) The server hosts 3 virtualized servers with the ecternal nic only shared with the tmg 2010 server.
So my problem is that when I connect to the 10.0.1.1 network as 10.0.1.2 I can only ping the internal network however the internal network is incapable of responding (pinging back) giving destination host unreachable. I know I need some kind of routing but im not sure where to apply it on the TMG server with the next hop as 10.0.0.10 or on the router.
The guest wifi is intended to bypass the network firewall and not allow access to the internal network. I've enabled ip routing on the cisco router and attached the config below.
Two networks. NetA: IP subnetID 10.101.x.x subnet 255.255.0.0. Devices have static-assigned IP's. Only DHCP runs on wireless AP for wireless client connection. IP addressing scheme set by hardware vendor, so not under my control. NetB: IP subnet 10.x.x.x subnet 255.0.0.0. Campus LAN and also not under my control. DHCP supplied addressing. how to get NetA devices to route to NetB?I would like to be able to provide Internet access (via NetB)to NetA devices.
I need to route a subnet from a 7204 to 2 different gateway's which are not Cisco based. I cannot use HSRP, GLBP or VRRP as the other 2 gateways don't support theses protocols. Yet they do support OSPF, RIP, and BGP.... Take note that this setup is in a ISP scenario. How can I acheive gateway redundancy?
I have two computers. Computer A is connected to the internet through GSM network. Computer A also have NIC adapter which is connected to local network with IP 192.168.33.10/24.
Computer B in connected to internet with DSL connection.
On both machines I use TeamViewer to make VPN secure tunnel between this two computers. Computer A gets IP:184.108.40.206 Computer B gets IP:220.127.116.11
How can I access from computer B to specific device with IP 192.168.33.250 which is on local network of computer A?
Is it possible to route traffic from VPN to other local network, or it is some possibility to use port forwarding from VPN connection to specific IP address on the local network to specific port number?
We have a PPPoE DSL link with a dedicated IP providing by a small ISP(ISP A) in Canada. We are having trouble reaching a small group of IPs in the US to be able to access some client resources.We have eliminated all possible local issues by removing the firewall and making a direct connection to the ISP. We have also had numerous tests prove successful when we use other local ISPs.
Trace routes show that the packets get dropped a few hops from the destination on a US ISP(ISP B).The routes even appear to be very similar to the other ISPs we tested. We escalated to ISP A and they say that everything is working properly on their end and the problem is with ISP B. They claim they "have no partnership with ISP B and therefore cannot create a ticket to get it resolved". I tried calling ISP B but I get nowhere because I am not a customer of theirs.
My solution is to give ISP A the boot, but management has denied that request because of the amount of effort required to switch over. How I can escalate this? Is there anyway to go over and above the ISPs?
Start: 192.168.5.9 > 192.168.5.5 (NIC 1) - 10.14.137.130 (NIC 2) > 10.14.137.128So the question is how do i get traffic from Machine A to Machine C. I've tried various 'Route ADD' cmds but no luck so far. So was hoping someone out there could shed some light for me?Machine B is a AD/DNS and can talk to the entire 10.14.137.x range but has no forwarders set up in DNS. And does not act as a AD/DNS server for the 10.14.137.x range. It fills these roles only for the 192.1668.5.x range.
Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped. I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts? The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).
Question 1. I have no idea how to route IPv6. My provider has provided me with a subnet. This subnet is for example 1:1:1::/48
The router of the provider is located at 1:1:1::1 and my router should get 1:1:1::2(Cisco router). Every subnet I want to create must be routed by 1:1:1::2, for example if I want to create 1:1:1:1111::/64 it needs to be routerd by 1:1:1::2
How do I configure this on the RV220w?
Question 2. I have the possibility to create vlans on the RV220W. I can configure IPv4 addressen per vlan. Only for IPv6 this is not possible.How do I configure this or when will new software be released to configure this?Or do I have to edit the configuration file?
I have an skill exercise with 4 Routing Protocols Default Route,Static Route,Eigrp, Ospf. I have about 6-7 routers, and each of them has an routing protocol. But the problem is the Main router INTERNET, which it has to use Static in a direction, and default in the opposite path. This is the scheme of routers and how the r.protocol have to be configured.
The websites I usually go on now have some type of error page when I go to them. So far it has happened to 2 of them though they might not be related.
Here's what the page says:
Site 1- Valenth Quote: Warning: mysql_connect() [ function.mysql-connect]:  Connection timed out (trying to connect via tcp://ec2-184-73-84-14.compute-1.amazonaws.com:3306) in /var/www/valenth.com/include/database.class.php on line 25
i've had this internet problem that has been going on with a wireless laptop i've had since april. it only happens on this computer, and i've tried many solutions. occasionally, i will try and go to pages on google chrome and an error pops up that says "this webpage is not available." when i play games that are online, they get disconnected as well. i've added google chrome and my other browsers to the firewall list and i've also changed the DNS server. when i use the troubleshooter it says something like "router, or modem is not connected to the internet. i've even downloaded the "fix it" program and it detected no problems
I can't get RDP to work on a specific computer.I've already set it up on the router, know the IP address, and I can get it to work great with the server, but the workstation we want it to go to won't accept it.I checked, it's set to allow RDP, the firewall exception was setup, also turned off the firewall completely, removed the antivirus software, checked TCP/IP filtering on the lan connection, even changed the listening port and still nothing.
Problem with a conflicting IP address. Basically on a normal running day my wireless is switched on and connected perfect to my internet, however if i want to download any large files i plug my Ethernet to my laptop and disable the wireless from my laptop, instantly then the LAN connection kicks in and im on the internet again as i find download speeds are faster through a LAN. However today my wireless is fine but the second i switch to LAN the ! symbol appears and a message says their is an IP conflict.
I've been timing out via any FTP client, including FileZilla, FireFTP, and a few others. I even downloaded a few just to see if I could connect with other clients.I contacted my host who can't recreate the issue on their end. I contacted my ISP who instructed me to use my command prompt in order to connect to their server, and that of mozilla. Both times I was able to connect via the command prompt.I don't understand what's going on.If I can connect to the sample sites that my ISP gave me, why can't I connect using an FTP client any longer. What possible change could have been made to have caused that disconnection that happened a few nights ago, and is now causing the timeouts I continue to receive?
I was assigned a static block over PPPoE from the ISP. I can connect to the internet using the gateway address but I need to route the other static IPs to my servers. I might say that I accomplished it on a couple of older routers - E1200 & WRT120N, but I cannot get it to work on my new EA3500. I have 5 usable IPs plus the gateway IP that is assigned with the PPPoE connection on the WAN port.
I am carving up an internet Class C for customer. This class C is used by 3 distinct QA, Corporate and Production firewalls. I want to carve up IP space so there is a /26 for each environment. The issue I have is the firewalls may need communication with each other via the public IP space. Currently I don’t have any L3 switches in between the firewalls and the edge internet router. So with subnetting, it would seem I need to push everything through the internet router for the intra-firewall communication.I would rather not push this traffic through the edge router, so I came up with an idea to allocate all firewall outside interface IP’s in the 4th (last remaining) /26. That way, I can allow firewalls to communicate over the primary interface IP’s, which will all be in the same subnet – without going through a routing “engine”/device.
For the actual environment subnets (NAT's on respective firewalls), I create a static route on the edge router pointing to each of the firewall’s primary IP’s for the respective environment routes (the first 3 - /26’s).This is still a beta design, but I have done this before on small scale when ISP gave me 2 subnets for example, assuming I was going to put a router in between the customer firewall and ISP. I would use the “routed subnet” on the ASA interface, and then pull the NAT’s from the other subnet. The ISP would have to add a static route directing the NAT subnet to the “routed subnet” correct IP - which would be the firewall outside interface primary IP.I recently found out that with ASA OS 8.4.3 and up, ASA will not proxy arp for IP’s not in its local interface subnet. This means the ISP/router will have to assign static ARP entries on the edge router. This can get messy after the first few NAT entries. So I am debating the design now. I think this kind of stuff going forward won’t be worthwhile with newer ASA 8.4.3 code.
How to communicate between different ASA’s, while still carving up the Class C into usable smaller subnets? The primary reason for doing this in the first place is to support routing on the edge router. I am thinking it might be time to ask for another Class C to do the routing functions, and keep the firewalls all at Layer 2 in one /24 - Class C?
I’ve configured a small WLAN for a school that wants to have wireless network access for their staff as well as for guests doing presentations. They want the staff to have access to everything on the 192.168.1.0 /24 network as well as the Internet. They want the guests to only have access to the Internet. I have attached a picture which shows how the network has been configured with 4 Cisco AP1242G AP’s attached to a Cisco SF302-08MP PoE switch and then to a Symantec Security Gateway to the Internet.
I can authenticate wirelessly to the STAFF SSID and ping anything on the 192.168.1.0 /24 network and access the Internet.I can authenticate wirelessly to the GUEST SSID and ping anything on the 172.16.1.0 /24 network, but not anything on the 192.168.1.0 /24 network (which is what we want). However, when on the GUEST network you can’t access the Internet. I added a default route to the Cisco 302-08MP switch to 192.168.1.1 (Symantec firewall) thinking that would forward the traffic from 172.16.1.0 /24 to the Symantec firewall out to the Internet, but that isn’t working.How would I go about getting the traffic from 172.16.1.0 /24 to hit the Symantec firewall and the Internet, without hitting anything else on 192.168.1.0 /24? Do I need to put the Symantec firewall in a different subnet like 192.168.2.0 /24? Am I missing anything else?I’ve worked with Extreme Networks & HP / 3Com CLI in the past, but never with Cisco and never with web based management
we have some devices on the network which cannot be secured and we need to isolate from the rest of the subnet.Our switches are Cisco 2960.Is it possible to via an ACL local a specifric port down to only allow traffic from specific MAC addresses? I've had a go at this myself but not been able to make any progress. The traffic type is TCP/IP.