https://community.sophos.com/kb/en-us/132291
Enable below 2 items
Microsoft Windows Update
O365 – 92 (Common – Default)
or Add below to Exceptions
^([A-Za-z0-9.-]*\.)?microsoft\.com/
^([A-Za-z0-9.-]*\.)?windowsupdate\.com/
^([A-Za-z0-9.-]*\.)?officecdn.microsoft.com.edgesuite.net/
^([A-Za-z0-9.-]*\.)?officecdn.microsoft\.com/
debug dataplane show dos block-table
debug dataplane reset dos zone L2-untrust block-table source xxx.xxx.xxx.xxx
OR unblock all
debug dataplane reset dos block-table
[SW1]display poe power-state
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]undo poe enable
[SW1-GigabitEthernet0/0/1]poe enable
1.
Firewall-Bandwidth Objects-Add
Firewall-Access Rules-Lan > Wan
vLan 16: 10.20.16.0/24
vLan 80: 192.168.80.0/24
int vlan 16
ip access-group 116 in
ip access-group 126 out
access-list 116 permit ip 10.20.16.0 0.0.0.255 192.168.80.0 0.0.0.255
access-list 126 permit ip 192.168.80.0 0.0.0.255 10.20.16.0 0.0.0.255
Remark: Source address and then Destination address
[Huawei]ap-mode-switch cloud
[Huawei]cloud-mng controller url naas-hk-intl.huaweicloud.com port 10020
sh run to backup all interface settings
interface GigabitEthernet1/0/1
switchport access vlan 13
shutdown
spanning-tree portfast
interface GigabitEthernet1/0/2
switchport access vlan 13
spanning-tree portfast
interface GigabitEthernet3/0/1
switchport access vlan 11
spanning-tree portfast
interface GigabitEthernet3/0/2
switchport access vlan 11
spanning-tree portfast
Switch#sh inv
NAME: “3”, DESCR: “WS-C2960S-24TS-L”
PID: WS-C2960S-24TS-L , VID: V02 , SN: FOC1432W130
NAME: “1”, DESCR: “WS-C2960S-48FPS-L”
PID: WS-C2960S-48FPS-L , VID: V03 , SN: FOC1715Z4Z1
NAME: “2”, DESCR: “WS-C2960S-24PS-L”
PID: WS-C2960S-24PS-L , VID: V04 , SN: FOC1823Z4NF
Switch#sh switch detail
Switch/Stack Mac Address : 58bc.27ff.b500
H/W Current
Switch# Role Mac Address Priority Version State
———————————————————-
1 Member f41f.c294.d080 1 1 Ready
2 Member 0008.2f9b.9680 1 1 Ready
*3 Master 58bc.27ff.b500 15 1 Ready
Switch(config)#switch 1 renumber 3
Switch(config)#switch 3 renumber 1
Switch(config)#reload
Switch(config)#default interface ran g1/0/1-48
Switch(config)#default interface ran g3/0/1-48
replace new interface settinges
interface GigabitEthernet3/0/1
switchport access vlan 13
shutdown
spanning-tree portfast
interface GigabitEthernet3/0/2
switchport access vlan 13
spanning-tree portfast
interface GigabitEthernet1/0/1
switchport access vlan 11
spanning-tree portfast
interface GigabitEthernet1/0/2
switchport access vlan 11
spanning-tree portfast
2F-ASW-2960S-5#sh mac add | inc 1/0/1
80 fcf1.52ef.aea1 DYNAMIC Gi1/0/1
9F-CSW-3750-1#sh mac add | inc 3/0/43
80 00e0.4c0b.cd09 DYNAMIC Gi3/0/43
80 00e0.4c0b.cd1d DYNAMIC Gi3/0/43
80 00f1.f31b.4f20 DYNAMIC Gi3/0/43
80 00f1.f31b.6151 DYNAMIC Gi3/0/43
80 5404.a691.3baa DYNAMIC Gi3/0/43
2F-ASW-2960S-5#traceroute mac fcf1.52ef.aea1 00e0.4c0b.cd09
Source fcf1.52ef.aea1 found on 2F-ASW-2960S-5
1 2F-ASW-2960S-5 (192.168.81.42) : Gi1/0/1 => Gi1/0/48
2 2F-ASW-2960X-4 (192.168.81.41) : Gi1/0/48 => Gi1/0/49
3 9F-CSW-3750-1 (192.168.1.254) : Gi6/0/3 => Gi3/0/43
Destination 00e0.4c0b.cd09 found on 9F-CSW-3750-1
Layer 2 trace completed
snmp-server group {Group Name} v3 priv read v1default
snmp-server user {ID} {Group Name} v3 auth sha {SHAKEY} priv aes 128 {AESKEY}
