ARP/RARP Table DPC3825
Recent firewall activity has me a bit paranoid and looking into router logs. Trying to make sure my DNS hasn't been hijacked.
My surface understanding of DNS is that the hardware should have one gateway address ie 10.64.64.1 and that should't change.
my ARP/RARP Table shows 16 different 10. addresses .. all assigned to the same MAC (64:00: ....)
is this normal?
10.64.64.1
10.249.75.1
10.249.76.1
10.249.78.1
79 80 etc..
DHCP from the device is a 192 address, but all tracerts start with 10.64.64.1 (no 192 address in the trace) and hang there for a while before hopping further. 2nd hop is confirmed to be my ISP
This device is a modem and a router, so I get the fact that it has a 192. and a 10. IP and different MAC addresses, but I am still weirded out by the multiple 10. IPs
any insight appreciated.
Thank you.
Hi Nate,
DPC modem/routers are not Cisco Small Business. They are usually supported by the ISP. I did check the Admin Guide and it doesn't appear that it is possible to clear the ARP table.
https://www.cisco.com/web/consumer/support/userguides2/4021196_B.pdf
- Marty
Similar Messages
-
Force mapping to a specific MAC address a multicast IP address in ARP cache table with netsh
Hi all,
I would like to know if there is any solution (netsh option, registry entry, whatever...) to force mapping a given MAC address to a multicast IP address (224.x.y.z) in my ARP cache table.
I am doing the following:
netsh.exe interface ip add neighbors "Ethernet" "224.224.xxx.yyy"
"00-80-EE-UU-VV-WW"
But the entry in the ARP table is substitued by the calculated multicast MAC@ corresponding to my multicast IP@ :
netsh.exe interface ip show neighbors "Ethernet"
Interface 12 : Ethernet
Internet Address
Physical Address Type
224.0.0.22
01-00-5e-XX-YY-ZZ
static
224.224.yyy.zzz
01-00-5e-UU-VV-WW
static
(For information, calculation of the Multicast MAC Address is described in RFC1112§6.4 -> The MAC@ equals 01-00-5e + the last 23 digits of the multicast MAC Address)
My problem is that I'm not using an Ethernet network but an AFDX (used on Airbus A380, Boeing 787 Dreamliner, by the NASA...). This network topology is a deterministic Ethernet. The network must know accurately where each network packet is going. Thus...
the multicast MAC@ cannot be accepted and packet destinated to that MAC@ are not going anywhere.
So, I must match accurately my multicast IP@ to my MAC@ (00-80...).
It used to work with Windows XP (which was not doing any "magical" MAC@ substitution on multicast IP@), but since Windows Vista, netsh is doing the substitution described above. Is there any way to disable this substitution or force my IP
to MAC mapping in ARP table? And of course, I'm not using XP anymore ;)... but a tablet with Windows 8.1.
Thanks for any help.
Cheers,
Olivier.Hi,
The article you pointed me to is just an explanation of what I said in my original post : "Multicast MAC Address is described in RFC1112§6.4".
But, as I said in my original post, this is true ONLY for Ethernet network. And I am NOT on an Ethernet network.
So MAC address automatic calculation for my IP address done by Windows/netsh/arp is wrong in my case. The calculation Windows is doing is correct ONLY for Ethernet network. Since I am not on Ethernet, I don't want these calculations, and I'm looking for
a solution to disable them.
So, the underlying question is : "Is Microsoft/netsh/arp able to handle other network's type than Ethernet ?"
Thanks,
Olivier Dupré. -
Installing Solaris 7 - timeout waiting for ARP/RARP packet
I'm attempting to install Solaris 7 on and E250. I'm using HyperTerminal connection via a null modem cable. I boot up the server and I see various harware init processes echoed to the terminal and then I receive this error: Timeout waiting for ARP/RARP packet
I have connected the nic card to a network connection.
any help would be appreciated.
SteveThis is because you HAVE a network connection. You can resolve this with 1 of the following 2 methods:
A:
disconnect the network cable and reconnect when the installation process gets to the prompt for hostname.
B:
1. Get to the OK prompt
2. setenv diag-device disk
3. reset -
Timeout waiting for ARP/RARP packets
I am installing Solaris 8 for the first time on an Ultra 5. It has a network card and attached to my 10mbps Hub which is connected to Cable Modem. Problem: While the system was rebooting after the install, the system generated the error trying to link up to the Hub (timeout waiting for ARP/RARP packets). During the install I chose "non-networked" because I could not answer the other questions such IP address name Service etc..
I want to set it up as a server so that I can use 2 other PCs to access the Oracle, mail and other stuff that would eventually run on it.
What do I do?
RenaldTypically the message "waiting for ARP/RARP packet" will only be generated when no other boot device is available or net is set as the primary boot device. First thing to do is check your env settings to ensure that boot-device = disk net. Second, to reenable network support to the system the easiest way is to do a sys-unconfig and enter the requested information. You need to have the following information available. Hostname, IP address, subnet mask, Name service (if any), Name service settings (name and IP address of server). Some of the information may be available from your ISP on what exact address`s you should be using. Since the message came up and if the boot-device setting is correct I would check the connection to the hard disk.
Lane -
ARP/RARP Timed out error during Jumpstart installation
Hello
Good day to you.
One of my JS client machine throwing "ARP/RARP" Timed out error when I try to rebuild the box thro' Jumpstart installation.
The box was earlier installed thro' Jumpstart method and was crashed recently so trying to rebuild it again.
To make a note, my Jumpstart server (Boot, Install & Config - on same machine) and this client box are in different subnet.
Looks the client machine broadcast not reaching the Jumpstart server or something to do with network config.
After issuing "boot net - install" on ok prompt from the client machine, I am getting the above mentioned error - ARP/RARP Time out.
Any thoughts?
Thanks.The first step in traditional jumpstart is for the SPARC client to gather an IP address from the network via RARP.
The messages indicate that it is not getting a response to this query.
Some possible reasons:
network not working properly
No jumpstart/boot server on local subnet
Jumpstart/boot server not configured for this client
Darren -
Hi Solaris Gurus,
My server was unable to boot an error message "The message is timeout waiting for ARP/RARP packet."
kept on appearing on the screen.
Hope to hear from you soon.
Thanks in advance.
marshalYour keyswitch is in DIAG position or diag-switch? is true so you are booting off diag-device which is most likely "net".
ok printenv will show you what is going on.
If you can get to ok prompt type "boot disk" or whatever boot-device is set to. -
Timeout waiting for ARP/RARP stack underflow
My U60 running solaris 10 crashed, and all I see on the screen is this:
Timeout waiting for ARP/RARP stack underflow
What does it mean?Looks like its trying to boot from the network, gets an IP address but then fails loading its kernel from tftp..
Break it and try "boot disk" from the OBP.
7/M. -
Timeout waiting for ARP/RARP packet
Does anyone know how to get to the ok prompt when the message, Timeout waiting for ARP/RARP packet is repeating over and over on the screen. I tried hitting stop + a but there was no response. Could this be a problem with my keyboard. Are there any other ways to to stop the message, Timeout waiting for ARP/RARP packet and get to the ok prompt? Thank you.
Hi
You have not indicated if you are using a Framebuffer
card/Monitor and Sun keyboard as the console or a Serial port for the same.
If using Sun keyboard, switch off the system, hold the
stop and N keys together and poweron the system. Hold
the keys down till you get the display. A stop + A then surely should take you to OK prompt since Stop and N reset the OK prompt to factory default.
If using a serial port as console, try " Cntrl + Break". That should do it...
HTH
Shridhar -
Ghost IP address on WAG320N router
I want to set up internet access (from home) to a Filemaker programme I am running on my computer here at work. It is Peer-to-peer, NOT server to client.
As far as I understand, in order to regularly connect, you need to have a static IP address to ensure easy connection (a non-moving target).
In order to implement the IP address connection, my understanding was that I had to enable my computer to own that (static) IP address and then open ports to allow access through the router to my computer.
The router address is 58.108.188.150 and I have allowed 20 users, so the 166 is within the range of addresses.
I then have tried to choose the .166 address for my computer by selecting a Using DHCP with a manual address option (see attached), but it comes up with "another device is using this address".
I have checked using the Router's DHCP Client Table and the ARP/RARP Table as well as a third party Network utility and they both clearly show that no other device is using that IP address.
The only thing I can think of that may be causing this is that when I first changed the router's settings from 192.168.123.100 to the 58.108.etc settings I entered the starting number (the router address) as .166.
This was borne out by the Network Utility actually showing the router as having 2 IP addresses, until I deleted the .166 entry (can't remember how I did that - probably through the Network Utility itself)
May that have somehow kept a "ghost" image of the address and is now keeping me from using it?
I'd prefer not to have to reset and lose all my other settings.Hi,
This ghost address on your gateway, well, my advice is to perform a reset. You don’t need to worry about reconfiguration. You just have to save a copy or backup of your wag320n settings under administration. You may restore the gateway’s settings after the reset. To make sure that ghost ip address will not anymore appear, you assign static ip and static dns on every network device. One by one, add the devices to your gateway and then refresh the dhcp client table and refresh it. No ip address should be seen in the DHCP client table if all devices have an assigned ip addresses. Anything unusual on your device could be a firmware issue. If your network is working fine, no need to worry. Any speed and signal problems experienced could be the result of hardware or firmware problem. -
Network install target says RARP timeout, server says reply sent
I had an existing Solaris jumpstart install server that I initially tried setting up for DHCP, and then after much failure tried resetting it to used fixed IP on a different subnet.
I've done add_install_client (without the -d dhcp option) and made sure the correct entries were in /etc/ethers and /etc/hosts
When I do boot net - install from the target machine, I get:
ok boot net - install
Boot device: /pci@1f,0/pci@1,1/network@c,1 File and args: - install
Timeout waiting for ARP/RARP packet
Timeout waiting for ARP/RARP packet
I have /usr/sbin/in.rarpd -d -a & running in a window and it shows me:
/usr/sbin/in.rarpd/usr/sbin/in.rarpd:[3] RARP_REQUEST for 0:3:ba:35:cf:f8:[3
] RARP_REQUEST for 0:3:ba:35:cf:f8
/usr/sbin/in.rarpd:[3] trying physical netnum 10.120.1.0 mask ffffff00
/usr/sbin/in.rarpd:[3] good lookup, maps to 10.120.1.210
/usr/sbin/in.rarpd:[3] trying physical netnum 10.120.1.0 mask ffffff00
/usr/sbin/in.rarpd:[3] good lookup, maps to 10.120.1.210
/usr/sbin/in.rarpd/usr/sbin/in.rarpd:[3] :[3] RARP_REQUEST for 0:3:ba:35:cf:f8
RARP_REQUEST for 0:3:ba:35:cf:f8
snoop -d eri0 | grep -i arp shows me
OLD-BROADCAST -> (broadcast) RARP C Who is 0:3:ba:35:cf:f8 ?
10.120.1.74 -> (broadcast) ARP C Who is 10.120.1.32, 10.120.1.32 ?
10.120.1.1 -> (broadcast) ARP C Who is 10.120.1.10, 10.120.1.10 ?
10.120.1.74 -> (broadcast) ARP C Who is 10.120.1.32, 10.120.1.32 ?
OLD-BROADCAST -> (broadcast) RARP C Who is 0:3:ba:35:cf:f8 ?
10.120.1.74 -> (broadcast) ARP C Who is 10.120.1.32, 10.120.1.32 ?
ni-sparc -> ems-6 RARP R 0:3:ba:35:cf:f8 is 10.120.1.210, ems-6
ni-sparc -> ems-6 RARP R 0:3:ba:35:cf:f8 is 10.120.1.210, ems-6
So according to the server feedback, it looks like the RARP lookup is working, but the client isn't getting the response.
Any thoughts?msully wrote:
I had an existing Solaris jumpstart install server that I initially tried setting up for DHCP, and then after much failure tried resetting it to used fixed IP on a different subnet.
I've done add_install_client (without the -d dhcp option) and made sure the correct entries were in /etc/ethers and /etc/hosts
When I do boot net - install from the target machine, I get:
ok boot net - install
Boot device: /pci@1f,0/pci@1,1/network@c,1 File and args: - install
Timeout waiting for ARP/RARP packet
Timeout waiting for ARP/RARP packetIf you leave this running for a while, do you continually get more lines, or does it stop at a small number (like 5 or so)?
>
I have /usr/sbin/in.rarpd -d -a & running in a window and it shows me:
/usr/sbin/in.rarpd/usr/sbin/in.rarpd:[3] RARP_REQUEST for 0:3:ba:35:cf:f8:[3
] RARP_REQUEST for 0:3:ba:35:cf:f8
/usr/sbin/in.rarpd:[3] trying physical netnum 10.120.1.0 mask ffffff00
/usr/sbin/in.rarpd:[3] good lookup, maps to 10.120.1.210
/usr/sbin/in.rarpd:[3] trying physical netnum 10.120.1.0 mask ffffff00
/usr/sbin/in.rarpd:[3] good lookup, maps to 10.120.1.210
/usr/sbin/in.rarpd/usr/sbin/in.rarpd:[3] :[3] RARP_REQUEST for 0:3:ba:35:cf:f8
RARP_REQUEST for 0:3:ba:35:cf:f8
snoop -d eri0 | grep -i arp shows me
OLD-BROADCAST -> (broadcast) RARP C Who is 0:3:ba:35:cf:f8 ?
10.120.1.74 -> (broadcast) ARP C Who is 10.120.1.32, 10.120.1.32 ?
10.120.1.1 -> (broadcast) ARP C Who is 10.120.1.10, 10.120.1.10 ?
10.120.1.74 -> (broadcast) ARP C Who is 10.120.1.32, 10.120.1.32 ?
OLD-BROADCAST -> (broadcast) RARP C Who is 0:3:ba:35:cf:f8 ?
10.120.1.74 -> (broadcast) ARP C Who is 10.120.1.32, 10.120.1.32 ?
ni-sparc -> ems-6 RARP R 0:3:ba:35:cf:f8 is 10.120.1.210, ems-6
ni-sparc -> ems-6 RARP R 0:3:ba:35:cf:f8 is 10.120.1.210, ems-6Huh. I wonder why it took so long to respond? You got two RARP requests (and several random ARP requests) in the time it took to send the first reply.
Do any more request/reply pairs come through on the network trace?
So according to the server feedback, it looks like the RARP lookup is working, but the client isn't getting the response.If you get unlimited RARP request lines on the client, I'd agree. If they stop, then perhaps the system is hanging after the reply.
Can you do a 'test-net' on the client OBP and see that it can view network traffic? Has the machine been booted with some OS to verify the interface is functional for receiving traffic?
Darren -
Installation failed when using Jumpstart Server to install SUN Netra T1 200
I have a problem to install a couple of Sun Netra T1 200 Servers with a Jumpstart Server. The Jumpstart Server is set up and I have executed the add_install_client Script. If I boot the Server which should to be installed the server crashes after getting the assigned IP-Address with a software fault.
Attached i will sent the Jumpstart-Client-Output and the config Files of the Jumpstart-Server.
****Netra T1 Server Output, while configured as an Jumpstart client:****
ok boot net -install
Resetti
LOM event: +2h28m47s host reset
ng ...
`
Netra T1 200 (UltraSPARC-IIe 500MHz), No Keyboard
OpenBoot 4.0, 1024 MB memory installed, Serial #16692502.
Ethernet address 8:0:20:fe:b5:16, Host ID: 80feb516.
Executing last command: boot net -install
Boot device: /pci@1f,0/pci@1,1/network@c,1 File and args: -install
Timeout waiting for ARP/RARP packet
Timeout waiting for ARP/RARP packet
Timeout waiting for ARP/RARP packet
Timeout waiting for ARP/RARP packet
2ae00 Warning: boot will not enable cache
Requesting Internet address for 8:0:20:fe:b5:16
Enter filename [kernel/sparcv9/unix]:
Enter default directory for modules [platform/SUNW,UltraAX-i2/kernel /platform/sun4u/kernel /kernel /usr/kernel]:
SunOS Release 5.8 Version Generic_108528-13 64-bit
Copyright 1983-2001 Sun Microsystems, Inc. All rights reserved.
whoami: no domain name
panic[cpu0]/thread=300010a9ba0: Can't invoke , error 2
000002a1000f7a40 genunix:icode+274 (ffbefff0, 0, 300010a7b88, 0, ffbefffc, ffffffffffffffff)
%l0-3: 00000000ffbefffc 0000000000000000 0000000000002000 000002a10000fd20
%l4-7: 0000000000000bb8 0000000010423a00 000000001041b2f8 00000000000007a9
syncing file systems... done
skipping system dump - no dump device configured
rebooting...
Resetti
LOM event: +2h36m51s host reset
ng ...
p
Netra T1 200 (UltraSPARC-IIe 500MHz), No Keyboard
OpenBoot 4.0, 1024 MB memory installed, Serial #16692502.
Ethernet address 8:0:20:fe:b5:16, Host ID: 80feb516.
Executing last command: boot
Boot device: disk File and args:
SunOS Release 5.8 Version Generic_108528-13 64-bit
Copyright 1983-2001 Sun Microsystems, Inc. All rights reserved.
configuring IPv4 interfaces: eri0.
Hostname: infrasrv
The system is coming up. Please wait.
checking ufs filesystems
/dev/rdsk/c1t0d0s4: is stable.
/dev/rdsk/c1t0d0s6: is stable.
Starting IPv4 routing daemon.
starting rpc services: rpcbind done.
Setting netmask of eri0 to 255.255.255.0
Setting default IPv4 interface for multicast: add net 224.0/4: gateway infrasrv
syslog service starting.
Print services started.
Jun 26 04:48:14 infrasrv sendmail[220]: My unqualified host name (infrasrv) unknown; sleeping for retry
volume management starting.
The system is ready.
infrasrv console login: root
Password:
Last login: Thu Jun 26 02:13:59 on console
Jun 26 04:48:24 infrasrv login: ROOT LOGIN /dev/console
Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
# uname -i
SUNW,UltraAX-i2
# ^[[A
^[[A: not found
# uname -m
sun4u
*****Config Files of the Jumpstart-Server******************
Sysidcfg
bootparams
bash-2.03# more bootparams
infrasrv root=adminws:/cdrom/sol_8_202_sparc/s0/Solaris_8/Tools/Boot install=ad
minws:/export/install boottype=:in sysid_config=adminws:/export/sysidcfg install
_config=adminws:/export/config rootopts=:rsize=32768
bash-2.03#
rules
bash-2.03# more rules
# @(#)rules 1.12 94/07/27 SMI
# The rules file is a text file used to create the rules.ok file for
# a custom JumpStart installation. The rules file is a lookup table
# consisting of one or more rules that define matches between system
# attributes and profiles.
# This example rules file contains:
# o syntax of a rule used in the rules file
# o rule_keyword and rule_value descriptions
# o rule examples
# See the installation manual for a complete description of the rules file.
# RULE SYNTAX:
# [!]rule_keyword rule_value [&& [!]rule_keyword rule_value]... begin profile fi
# nish
# "[ ]" indicates an optional expression or field
# "..." indicates the preceding expression may be repeated
# "&&" used to "logically AND" rule_keyword and rule_value pairs together
# "!" indicates negation of the following rule_keyword
# rule_keyword a predefined keyword that describes a general system
# attribute. It is used with the rule_value to match a
# system with the same attribute to a profile.
# rule_value a value that provides the specific system attribute
# for the corresponding rule_keyword. A rule_value can
# be text or a range of values (NN-MM).
# To match a range of values, a system's value must be
# greater than or equal to NN and less than or equal to MM.
# begin a file name of an optional Bourne shell script
# that will be executed before the installation begins.
# If no begin script exists, you must enter a minus sign (-)
# in this field.
# profile a file name of a text file used as a template by the
# custom JumpStart installation software that defines how
# to install Solaris on a system.
# finish a file name of an optional Bourne shell script
# that will be executed after the installation completes.
# If no finish script exists, you must enter a minus sign (-)
# in this field.
# Notes:
# 1. You can add comments after the pound sign (#) anywhere on a line.
# 2. Rules are matched in descending order: first rule through the last rule.
# 3. Rules can be continued to a new line by using the backslash (\) before
# the carriage return.
# 4. Don't use the "*" character or other shell wildcards, because the rules
# file is interpreted by a Bourne shell script.
# RULE_KEYWORD AND RULE_VALUE DESCRIPTIONS
# rule_keyword rule_value Type rule_value Description
# any minus sign (-) always matches
# arch text system's architecture type
# domainname text system's domain name
# disksize text range system's disk size
# disk device name (text)
# disk size (MBytes range)
# hostname text system's host name
# installed text text system's installed version of Solaris
# disk device name (text)
# OS release (text)
# karch text system's kernel architecture
# memsize range system's memory size (MBytes range)
# model 'text' system's model number
# network text system's IP address
# totaldisk range system's total disk size (MBytes range)
# RULE EXAMPLES
# The following rule matches only one system:
# hostname sample_host - host_class set_root_pw
# The following rule matches any system that is on the 924.222.43.0 network
# and has the sun4c kernel architecture:
# Note: The backslash (\) is used to continue the rule to a new line.
#network 924.222.43.0 && \
# karch sun4c - net924_sun4c -
# The following rule matches any sparc system with a c0t3d0 disk that is
# between 400 to 600 MBytes and has Solaris 2.1 installed on it:
#arch sparc && \
# disksize c0t3d0 400-600 && \
# installed c0t3d0s0 solaris_2.1 - upgrade -
# The following rule matches all x86 systems:
#arch i386 x86-begin x86-class -
# The following rule matches any system:
#any - - any_machine -
hostname infrasrv - infrasrv_class -
hostname msm_srv1 - msm_srv_class -
hostname msm_srv2 - msm_srv_class -
bash-2.03#
class
bash-2.03# more infrasrv_class
install_type initial_install
system_type standalone
partitioning explicit
filesys c0t0d0s0 2048 /
filesys c0t0d0s1 10
filesys c0t0d0s3 1024 swap
filesys c0t0d0s4 2048 /var
filesys c0t0d0s5 2048 /opt
filesys c0t0d0s6 free /export
cluster SUNWCXall
bash-2.03# more msm_srv_class
install_type initial_install
system_type standalone
partitioning explicit
filesys c0t0d0s0 2048 /
filesys c0t0d0s1 10
filesys c0t0d0s3 1024 swap
filesys c0t0d0s4 2048 /var
filesys c0t0d0s5 free /opt
cluster SUNWCXall
bash-2.03#
ethers
bash-2.03# more ethers
8:00:20:fe:b5:16 infrasrv
bash-2.03#
hosts
bash-2.03# more hosts
# Internet host table
127.0.0.1 localhost
192.168.0.220 adminws loghost
192.168.0.210 infrasrv
192.168.0.200 tc
bash-2.03#
dfstab
bash-2.03# more dfstab
# Place share(1M) commands here for automatic execution
# on entering init state 3.
# Issue the command '/etc/init.d/nfs.server start' to run the NFS
# daemon processes and the share commands, after adding the very
# first entry to this file.
# share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
# .e.g,
# share -F nfs -o rw=engineering -d "home dirs" /export/home2
share -d "jumpstart conf dir" /export/config
share -F nfs -o ro,anon=0 /export/install
share -F nfs -o ro,anon=0 /cdrom/sol_8_202_sparc/s0/Solaris_8/Tools/Boot
bash-2.03#
tftpboot
bash-2.03# pwd
/tftpboot
bash-2.03# ls -al
total 348
drwxrwxr-x 2 root other 512 Jun 26 11:45 .
drwxr-xr-x 24 root root 512 Jun 26 11:45 ..
lrwxrwxrwx 1 root other 26 Jun 26 11:45 C0A800D2 -> inetboot.SUN4U.Solaris_8-1
lrwxrwxrwx 1 root other 26 Jun 26 11:45 C0A800D2.SUN4U -> inetboot.SUN4U.Solaris_8-1
-rwxr-xr-x 1 root other 159416 Jun 26 11:45 inetboot.SUN4U.Solaris_8-1
-rw-r--r-- 1 root other 318 Jun 26 11:45 rm.192.168.0.210
lrwxrwxrwx 1 root other 1 Jun 26 11:45 tftpboot -> .
bash-2.03#Hi,
It seems to me that you have not created a proper sysidcfg file. From your post, it looks to me like your sysidcfg contains no entries. This is why it prompts you to enter the kernel path. Look on docs.sun.com for a guide to creating the sysidcfg file . -
hi can any1 pls ans these questions
22. Which two statements about the functionality of the syslogd daemon are true? (Choose two)
A. Error messages can only be logged locally in a system log.
B. The kernel, daemons, and syslogd each write directly to a system log.
C. Syslogd can write messages to the console as well as to a system log.
D. The logger command communicates with syslogd which then logs the message
according to its configuration file.
given ans b,c
my Answer: C,D pls confirm
q 23 after modifying the profile file on jumpstart server what is the quickest way to check the behaviour of the modified profile file?
a. run the check script
b.run the pfinstall command
c.run add_install_client commnd
d. run modify_install_server commnd
answer given option b
my ans a pls confirm as i dont know what pfinstall means
q 32 which files do RBAC uses ?
a./etc/user_attr
b. /etc/exec_attr
c./etc/prof_attr
d./etc/security/user_attr
e./etc/security/exec_attr
f./etc/security/prof_attr
given ans is option a,e,f
and b,e,f
which is correct
q 55 what is the max number of DNS servers that can b specified on clients configuration file?
a.2
b.3
c.4
d.5
given ans b-3
how is this i havent read this in the material sa299
q 66
u have two 50mb ufs filesysytems one located on a single disk other on RAID 1 mirror . both are full . RAID uses round robin read policy , statistically
waht is true about RAID 1 mirror when reading data?
a.mirror is faster
b.mirror is slower
c.round robin read policy is not allowed
d.mirror and single disk exhibit the same performance
answer is a
my answer is b but mayb i m wrong pls help
q 67
u are using nis+ u want a solution with equivalent scalibility that will support a more hetrogenous environment what action provides the solution
a.use nis
b.use nfs
c.use dns
d.use ldap
answer given d-ldap
how is this ?
q71. Which two must you complete when configuring an NIS slave server? (Choose two)
A. You execute the domainname command to set the local NIS domain.
B. You edit the /etc/inet/hosts file to include the NIS master server and NIS slave
servers.
C. You edit the slave server copies of the /etc/ethers file to identify MAC addresses of the
NIS clients.
D. You execute the ypbind command on the slave server to pull the NIS maps from the master
server to the slave server.
Answer: A, C is given
my answer a.,b pls confirm
90. You believe that you have a correctly configured boot server on the local network for the
JumpStart client you are currently attempting to install. Jumpstart configuration is based on
files only and does not use a naming service at any stage.
Upon running the command:
boot net � install
The client repeatedly displays the message:
Timeout waiting for ARP/RARP packet
What are two possible causes for this? (Choose two)
A. The in.rarpd daemon is not running on the boot server.
B. The sysidcfg file for the client is missing an ether entry.
C. The client does not exist in the rules.ok file on the boot server.
D. The /etc/ethers file on the boot server does not have an entry for the client.
E. The /etc/bootparams file on the boot server has duplicate entries for the client.
answer given is a,e
my answer is a,d
102. You work as a network administrator for Certkiller .com. Given the line from the name service
configuration file:
hosts: nis [UNAVAIL=return] files
Which two statements correctly describe the behavior of the name server switch? Choose two
A. If NIS doe NOT find the appropriate entry in the ethers map , the attempt to locate would be abandonded without looking at the local files.
B. If NIS does NOT respond , the attempt to locate would be abandonded without looking at the local files
C. If NIS were does NOT find the entry in the approprite entry int he ethers map , the attempt to locate the host's address would be continued within
the local file (/etc/inet/hosts).
D. If NIS server does NOT respond , the search for the ethers entrywould be continued by searching for it in the local file (/etc/inet/hosts).
Answer: a.b is the given answer
my answer is b,c
similar question
156. You work as a network administrator for Certkiller .com. Given the line from the name service
configuration file:
hosts: nis [NOTFOUND=return] files
Which two statements correctly describe the behavior of the name server switch? Choose two
A. If NIS were unavailable, the attempt to locate a host's IP address would be abandonded.
B. If NIS were available but a host IP address was not in the NIS map, the attempt to locate the
host's address would be abandoned.
C. If NIS were unavailable, the attempt to locate the host's address would be continued within
the local file (/etc/inet/hosts).
D. If NIS were available but a host IP address was not in the NIS tables, the attempt to locate the
host's address would be continued by searching for it in the local file (/etc/inet/hosts).
Answer: a,b
my answer b,c
110. Which two are functions of an NFS client? (Choose two)
A. Runs the nfsd daemon.
B. Makes resources available over the network.
C. Mounts remote resources across the network.
D. Is configured using the /etc/dfs/dfstab file.
E. Mounts a remote resource and uses it as through it were local.
Answer given a,e
my answer c,e
114. You work as a network administrator for Certkiller .com. You have a system used for
application development. The process app-rev23 owner by user epiphylla terminates
abnormally.
Which two effects can the root user configure? (Choose two)
A. The process app-rev23 produces no core file at all.
B. The process app-rev23 produces a core file without the string "core" appearing
anywhere within the file name.
C. The process app-rev23 produces a global core file readable by any user in a global
/var/corefiles directory.
D. The process app-rev23 produces a total of three core files, one in the current directory of
the process, one in epihylla's home directory, and one in a global /var/corefiles
directory.
Answer GIVEN : B, C
my answer i dont know but i read this ans as B,D in this forum how is it
q117 one benifit of of adjusting the automount behavior thru the use of the automount command ?
a.it allows the server to manage the client automountd daemon
b.it allows close sync between server and client
c.it is possible for the automountd daemon to stop without affecting client automounting
d.it is NOT always neccesary to stop and restart the daemon after changes to the AUTOFS map
given ans b
my answer confused over c and d both seem right
155. Your boss at Certkiller .com is curios about Sun Solaris 9. Which two software configurations
clusters, selected during the installation procedure for the Solaris 9 Operating Environment,
contain all the files in /usr/lib/netsvc/yp needed to allow a host to function as an NIS server?
Select two
A. Core Solaris Software Group
B. Entire Solaris Software Group
C. End User Solaris Software Group
D. Developer Solaris Software Group
E. Entire Solaris Software Group Plus OEM
Answer: B, C
my answer is B,E got it in this forum seems right but donno pls confirm
q 158 what name can b given to the direct automount map
a.can be called anything
b.can only be called auto.direct
c.can only be called auto_direct
d.can only be called auto_master
e.can only be called anything as long as it is preceded by auto_.
answer given a
pls explain
171. your boss at certkiller.com is curios about sun solaris9 .which three naming services that can
be used to provide identification services to jumpstart clients?
A. NIS
B. AFS
C. DNS
D. NIS+
E. WINS
F. LDAP
Answer: A, B,C is the given ans
A,D,F is the answer given in this forum
i know NIS,NIS+ for sure but why not DNS it can also be used so i am confused
q175
what information is passed by TFTP as part of the client boot sequence during jumpstart?
a.client host name
b.client (/) root file system
c.client network boot image
d.jumpstart config files
given ans c
pls confirm
q 189
which 3 processs & daemons are executed by the /usr/lib/netsvc/yp/ypstart script on the NIS master
a.ypcat
b.ypbind
c.ypinit
d.ypserv
e.ypxfrd
f.yprefont
given ans a,d,e
my ans b,d,e
191. When you build NIS maps using the make command without any arguments, which three steps
are necessary? (Choose three)
A. You edit the source files with the necessary modifications.
B. You execute a ypbind on the NIS master to bind it to itself.
C. You change directory to the directory containing the Makefile.
D. You edit the Makefile to point to the correct source file directory.
E. You copy the source files into the directory where the Makefile is located.
given answer A,B,C
Answer: A, C, D given in the forum
sorry if there are any typing errrors i couldnt cut and paste from the pdf can any1 tell how to do it
but pls give ur answers i need them have exam next week
thankuhi can any1 pls ans these questions
22. Which two statements about the functionality of the syslogd daemon are true? (Choose two)
A. Error messages can only be logged locally in a system log.
B. The kernel, daemons, and syslogd each write directly to a system log.
C. Syslogd can write messages to the console as well as to a system log.
D. The logger command communicates with syslogd which then logs the message
according to its configuration file.
given ans b,c
my Answer: C,D pls confirm
q 23 after modifying the profile file on jumpstart server what is the quickest way to check the behaviour of the modified profile file?
a. run the check script
b.run the pfinstall command
c.run add_install_client commnd
d. run modify_install_server commnd
answer given option b
my ans a pls confirm as i dont know what pfinstall means
q 32 which files do RBAC uses ?
a./etc/user_attr
b. /etc/exec_attr
c./etc/prof_attr
d./etc/security/user_attr
e./etc/security/exec_attr
f./etc/security/prof_attr
given ans is option a,e,f
and b,e,f
which is correct
q 55 what is the max number of DNS servers that can b specified on clients configuration file?
a.2
b.3
c.4
d.5
given ans b-3
how is this i havent read this in the material sa299
q 66
u have two 50mb ufs filesysytems one located on a single disk other on RAID 1 mirror . both are full . RAID uses round robin read policy , statistically
waht is true about RAID 1 mirror when reading data?
a.mirror is faster
b.mirror is slower
c.round robin read policy is not allowed
d.mirror and single disk exhibit the same performance
answer is a
my answer is b but mayb i m wrong pls help
q 67
u are using nis+ u want a solution with equivalent scalibility that will support a more hetrogenous environment what action provides the solution
a.use nis
b.use nfs
c.use dns
d.use ldap
answer given d-ldap
how is this ?
q71. Which two must you complete when configuring an NIS slave server? (Choose two)
A. You execute the domainname command to set the local NIS domain.
B. You edit the /etc/inet/hosts file to include the NIS master server and NIS slave
servers.
C. You edit the slave server copies of the /etc/ethers file to identify MAC addresses of the
NIS clients.
D. You execute the ypbind command on the slave server to pull the NIS maps from the master
server to the slave server.
Answer: A, C is given
my answer a.,b pls confirm
90. You believe that you have a correctly configured boot server on the local network for the
JumpStart client you are currently attempting to install. Jumpstart configuration is based on
files only and does not use a naming service at any stage.
Upon running the command:
boot net � install
The client repeatedly displays the message:
Timeout waiting for ARP/RARP packet
What are two possible causes for this? (Choose two)
A. The in.rarpd daemon is not running on the boot server.
B. The sysidcfg file for the client is missing an ether entry.
C. The client does not exist in the rules.ok file on the boot server.
D. The /etc/ethers file on the boot server does not have an entry for the client.
E. The /etc/bootparams file on the boot server has duplicate entries for the client.
answer given is a,e
my answer is a,d
102. You work as a network administrator for Certkiller .com. Given the line from the name service
configuration file:
hosts: nis [UNAVAIL=return] files
Which two statements correctly describe the behavior of the name server switch? Choose two
A. If NIS doe NOT find the appropriate entry in the ethers map , the attempt to locate would be abandonded without looking at the local files.
B. If NIS does NOT respond , the attempt to locate would be abandonded without looking at the local files
C. If NIS were does NOT find the entry in the approprite entry int he ethers map , the attempt to locate the host's address would be continued within
the local file (/etc/inet/hosts).
D. If NIS server does NOT respond , the search for the ethers entrywould be continued by searching for it in the local file (/etc/inet/hosts).
Answer: a.b is the given answer
my answer is b,c
similar question
156. You work as a network administrator for Certkiller .com. Given the line from the name service
configuration file:
hosts: nis [NOTFOUND=return] files
Which two statements correctly describe the behavior of the name server switch? Choose two
A. If NIS were unavailable, the attempt to locate a host's IP address would be abandonded.
B. If NIS were available but a host IP address was not in the NIS map, the attempt to locate the
host's address would be abandoned.
C. If NIS were unavailable, the attempt to locate the host's address would be continued within
the local file (/etc/inet/hosts).
D. If NIS were available but a host IP address was not in the NIS tables, the attempt to locate the
host's address would be continued by searching for it in the local file (/etc/inet/hosts).
Answer: a,b
my answer b,c
110. Which two are functions of an NFS client? (Choose two)
A. Runs the nfsd daemon.
B. Makes resources available over the network.
C. Mounts remote resources across the network.
D. Is configured using the /etc/dfs/dfstab file.
E. Mounts a remote resource and uses it as through it were local.
Answer given a,e
my answer c,e
114. You work as a network administrator for Certkiller .com. You have a system used for
application development. The process app-rev23 owner by user epiphylla terminates
abnormally.
Which two effects can the root user configure? (Choose two)
A. The process app-rev23 produces no core file at all.
B. The process app-rev23 produces a core file without the string "core" appearing
anywhere within the file name.
C. The process app-rev23 produces a global core file readable by any user in a global
/var/corefiles directory.
D. The process app-rev23 produces a total of three core files, one in the current directory of
the process, one in epihylla's home directory, and one in a global /var/corefiles
directory.
Answer GIVEN : B, C
my answer i dont know but i read this ans as B,D in this forum how is it
q117 one benifit of of adjusting the automount behavior thru the use of the automount command ?
a.it allows the server to manage the client automountd daemon
b.it allows close sync between server and client
c.it is possible for the automountd daemon to stop without affecting client automounting
d.it is NOT always neccesary to stop and restart the daemon after changes to the AUTOFS map
given ans b
my answer confused over c and d both seem right
155. Your boss at Certkiller .com is curios about Sun Solaris 9. Which two software configurations
clusters, selected during the installation procedure for the Solaris 9 Operating Environment,
contain all the files in /usr/lib/netsvc/yp needed to allow a host to function as an NIS server?
Select two
A. Core Solaris Software Group
B. Entire Solaris Software Group
C. End User Solaris Software Group
D. Developer Solaris Software Group
E. Entire Solaris Software Group Plus OEM
Answer: B, C
my answer is B,E got it in this forum seems right but donno pls confirm
q 158 what name can b given to the direct automount map
a.can be called anything
b.can only be called auto.direct
c.can only be called auto_direct
d.can only be called auto_master
e.can only be called anything as long as it is preceded by auto_.
answer given a
pls explain
171. your boss at certkiller.com is curios about sun solaris9 .which three naming services that can
be used to provide identification services to jumpstart clients?
A. NIS
B. AFS
C. DNS
D. NIS+
E. WINS
F. LDAP
Answer: A, B,C is the given ans
A,D,F is the answer given in this forum
i know NIS,NIS+ for sure but why not DNS it can also be used so i am confused
q175
what information is passed by TFTP as part of the client boot sequence during jumpstart?
a.client host name
b.client (/) root file system
c.client network boot image
d.jumpstart config files
given ans c
pls confirm
q 189
which 3 processs & daemons are executed by the /usr/lib/netsvc/yp/ypstart script on the NIS master
a.ypcat
b.ypbind
c.ypinit
d.ypserv
e.ypxfrd
f.yprefont
given ans a,d,e
my ans b,d,e
191. When you build NIS maps using the make command without any arguments, which three steps
are necessary? (Choose three)
A. You edit the source files with the necessary modifications.
B. You execute a ypbind on the NIS master to bind it to itself.
C. You change directory to the directory containing the Makefile.
D. You edit the Makefile to point to the correct source file directory.
E. You copy the source files into the directory where the Makefile is located.
given answer A,B,C
Answer: A, C, D given in the forum
sorry if there are any typing errrors i couldnt cut and paste from the pdf can any1 tell how to do it
but pls give ur answers i need them have exam next week
thanku -
I have an E220R as a jumpstart server with 2 lan cards in it.
Firstly I installed the machine and setup Jumpstart on solaris 8 and all was fine I could jumpstart all my machines with no problem. I then added a second lan card and put it on a seperate subnet so I could boot and install machines on two subnets. The 2nd card works fine as a lan card and if I do a traceroute to either subnetit uses the correct card, but when I go to do an install from the second subnet I get time out arp/rarp errors then sometimes it will jumpstart but the majority of the time it won't, infact it has only worked twice on the 2nd net, what is missing from the configuration.
Here is my routing table.
netstat -r
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
BASE-ADDRESS.MCAST.NET tcsun20b UH 1 0 hme1
15.139.88.0 tcsun20 U 1 72 hme0
15.136.120.0 tcsun20b U 1 60 hme1
BASE-ADDRESS.MCAST.NET tcsun20 U 1 0 hme0
default 15.139.88.1 UG 1 3
default 15.136.127.254 UG 1 4
localhost localhost UH 3 18624 lo0
[email protected]:
Can anyone help me please
Cheers
SteveAfter you have done the add_install_client you may have to manually edit the /etc/bootparams file. It was built using the hme0 interface & it's host name. If hme1 has the same host name then you can use the ip of hme1.
In your case you may see that the entries refer to tcsun20. If you change them to tcsun20b, for this client, then you should be all set. -
Greetings.
I am in the process of changing a system over to Solaris 9 (9/04) from Solaris 8 (we cannot move to Solaris 10 due to ClearCase incompatiblities).
We use flash archives in our jumpstart process. The master system is created using a very Spartin profile (SUNWCreq with a number of other required packages). There are also a number of additional tweaks made to the master system to stop unrequired services, deamons, etc. The only additional patches installed are the Java cluster patches.
I have been able to successfully jumpstart the jumpstart server host from CD. However any attempts to jumpstart other clients using the jumpstart server have failed. I suspect that it is related to the inability to copy the sysidcfg file during the jumpstart process.
The address for the jumpstart server is 10.1.1.1; the hostname is n1; the MAC address is 0:3:ba:35:80:88
The address for the jumpstart client is 10.1.1.34; the hostname is n34; the MAC address is 0:3:ba:14:c6.
On the jumpstart server some of the relevant files are included below.
/etc/bootparams:
n34 root=n1:/jumpstart/OS/Solaris_9_2004-09/Solaris_9/Tools/Boot install=n1:/jumpstart/OS/Solaris_9_2004-09 boottype=:in sysid_config=n1:/jumpstart/Sysidcfg install_config=n1:/jumpstart rootopts=:rsize=32768
/etc/hosts:
# Internet host table
127.0.0.1 localhost
10.1.1.1 n1 oam1a loghost
10.1.1.2 n2 db1a
10.1.1.34 n34
/etc/ethers:
0:3:ba:14:c6:cd n34
/etc/dfs/dfstab:
share -F nfs -o ro,anon=0 /jumpstart
share -F nfs -o ro,anon=0 /jumpstart/OS/Solaris_9_2004-0�9
/tftpboot directory:
lrwxrwxrwx 1 root root 26 Aug 8 10:36 0A010122 -> inetboot.SUN4U.Solaris_9-1
lrwxrwxrwx 1 root root 26 Aug 8 10:36 0A010122.SUN4U -> inetboot.SUN4U.Solaris_9-1
-rwxr-xr-x 1 root root 152376 Aug 8 10:36 inetboot.SUN4U.Solaris_9-1
-rw-r--r-- 1 root root 313 Aug 8 10:36 rm.10.1.1.34
ls -l /jumpstart/Sysidcfg/sysidcfg:
-rw-r--r-- 1 root root 375 Aug 4 17:12 /jumpstart/Sysidcfg/sysidcfg
/jumpstart/Sysidcfg/sysidcfg:
system_locale=en_AU
timezone=Australia/NSW
name_service=none
root_password=<removed for this post>
terminal=xterm
network_interface=primary { protocol_ipv6=no netmask=255.255.240.0 default_route
=10.1.0.1 }
timeserver=localhost
timeserver=47.153.235.110
Once the install is started on the client the following output is generated (note the sysidcfg copy failure):
ok boot net - install
Res
LOM event: +21h32m35s host reset
etting ...
�
Netra 120 (UltraSPARC-IIe 648MHz), No Keyboard
OpenBoot 4.0, 1024 MB memory installed, Serial #51693261.
Ethernet address 0:3:ba:14:c6:cd, Host ID: 8314c6cd.
Executing last command: boot net - install
Boot device: /pci@1f,0/pci@1,1/network@c,1 File and args: - install
SunOS Release 5.9 Version Generic_117171-07 64-bit
Copyright 1983-2003 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
whoami: no domain name
Configuring /dev and /devices
Using RPC Bootparams for network configuration information.
Skipping interface eri1
Configured interface eri0
Searching for configuration file(s)...
cp: cannot create /etc/sysidcfg: Permission denied
chmod: WARNING: can't change /etc/sysidcfg
Using sysid configuration file 10.1.1.1:/jumpstart/Sysidcfg/sysidcfg
Search complete.
WARNING: IP: Hardware address '00:03:ba:35:80:88' trying to be our address 010.001.001.001!
WARNING: IP: Hardware address '00:03:ba:35:80:88' trying to be our address 010.001.001.001!
The IP address conflict is with the jumpstart server. The address for the jumpstart server is 10.1.1.1. The warning message is generated for a number of minutes after it starts. I figure that it is caused by the inability to copy the sysidcfg file.
This same system can be installed successfully using a Solaris 8 jumpstart configuration.
Note that the client system is currently installed with Solaris 8.
I did use the command "boot net -v - install" from the OK prompt, but no additional information was provided relating to when the sysidcfg file could not be copied.
If anyone has any ideas about what could be causing this problem or has any information about additional debugging which could be used to figure out this issue, I would greatly appreciate your thoughts.
Thanks in advance.
Cheers,
Jason.Ideas.. Hmm, none which seems that correct, but you could try some things.
If it gets the wrong IP that could explain why it fails to copy the sysidcfg file.
First you could try and do a snoop on the ethernet address;
snoop ether 0:3:ba:14:c6:cd
(you could also try the -v flag to increase the verbosity).
The things you should look for are arp/rarp requests, the jumpstart client will use arp/rarp to determine its IP address, snoop will show you which server that responds, and what address it gets, futher more its a good idea to verify that the response to the bootparams requests comes from the correct server.
Of course there might be other oddnesses as well.
Was the data you provided extracts? If it was you should check the /etc/ethers and /etc/bootparams for duplicates entries, so there are no other occourances of the clients ehternet address in /etc/ethers, and no bogus entries starting with * or the same hostname in /etc/bootparams.
If you added the client manually you could always try and use the Tools/rm_install_client and Tools/add_install_client scripts to add it again, these script sometimes detect problems with the configuration.
Lastly you didn't show us your /etc/nsswitch.conf file, but i assume that it has "files" first for the ethers, hosts and bootparams entries?
Good luck
//Magnus -
MS NLB with ASA and Static NAT from PUP to NLB IP
Hi all,
I am trying to get MS NLB up and running. It is almost all working. Below is my physical setup.
ASA 5510 > Cat 3750X >2x ESXi 5.1 Hosts > vSwitch > Windows 2012 NLB Guest VMs.
I have two VMs runing on two different ESXi hosts. They have two vNICs. One for managment and one for inside puplic subnet. The inside puplic subnet NICs are in the NLB cluster. The inside public subnet is NATed on the ASA to a outide public IP.
192.168.0.50 is the 1st VM
192.168.0.51 is the 2nd VM
192.168.0.52 is the cluster IP for heartbeat
192.168.0.53 is the cluster IP for NLB traffic.
0100.5e7f.0035 is the cluster MAC.
The NLB cluster is using MULTICAST
I have read the doumentation for both the ASA and CAT switch for adding a static ARP using the NLB IP and NLB MAC.
For the ASA I found
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/mode_fw.html#wp1226249
ASDM
Configuration > Device Management > Advanced > ARP > ARP Static Table
I was able to add my stic ARP just fine.
However, the next step was to enable ARP inspection.
Configuration > Device Management > Advanced > ARP > ARP Inspection
My ASDM does not list ARP Inspection, only has the ARP Static Table area. Not sure about this.
For the CAT Switch I found
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
I added the both the ARP and Static MAC. For the static MAC I used the VLAN ID of the inside public subnet and the interfaces connected to both ESXi hosts.
On the ASA I added a static NAT for my outside Public IP to my inside pupblic NLB IP and vise versa. I then added a DNS entry for our domain to point to the outside public IP. I also added it to the public servers section allowing all IP traffic testing puproses.
At any rate the MS NLB is working ok. I can ping both the Public IP and the Inside NLB IP just fine from the outside. (I can ping the inside NLB IP becuase I'm on a VPN with access to my inside subnets) The problem is when I go to access a webpade from my NLB servers using the DNS or the Public IP I get a "This Page Can't Be Displyed" messgae. Now while on the VPN if I use the same URL but insied use the NLB IP and not the Public IP it works fine.
So I think there is soemthing wrong with the NATing of the Public to NLB IP even tho I can ping it fine. Below is my ASA Config. I have bolded the parts of Interest.
Result of the command: "show run"
: Saved
ASA Version 8.4(4)9
hostname MP-ASA-1
enable password ac3wyUYtitklff6l encrypted
passwd ac3wyUYtitklff6l encrypted
names
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address 198.XX.XX.82 255.255.255.240
interface Ethernet0/1
description Root Inside Interface No Vlan
speed 1000
duplex full
nameif Port-1-GI-Inside-Native
security-level 100
ip address 10.1.1.1 255.255.255.0
interface Ethernet0/1.2
description Managment LAN 1 for Inside Networks
vlan 2
nameif MGMT-1
security-level 100
ip address 192.168.180.1 255.255.255.0
interface Ethernet0/1.3
description Managment LAN 2 for Inside Networks
vlan 3
nameif MGMT-2
security-level 100
ip address 192.168.181.1 255.255.255.0
interface Ethernet0/1.100
description Development Pubilc Network 1
vlan 100
nameif DEV-PUB-1
security-level 50
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/1.101
description Development Pubilc Network 2
vlan 101
nameif DEV-PUB-2
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/1.102
description Suncor Pubilc Network 1
vlan 102
nameif SUNCOR-PUB-1
security-level 49
ip address 192.168.3.1 255.255.255.0
interface Ethernet0/1.103
description Suncor Pubilc Network 2
vlan 103
nameif SUNCOR-PUB-2
security-level 49
ip address 192.168.4.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa844-9-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Inside-Native-Network-PNAT
subnet 10.1.1.0 255.255.255.0
description Root Inisde Native Interface Network with PNAT
object network ASA-Outside-IP
host 198.XX.XX.82
description The primary IP of the ASA
object network Inside-Native-Network
subnet 10.1.1.0 255.255.255.0
description Root Inisde Native Interface Network
object network VPN-POOL-PNAT
subnet 192.168.100.0 255.255.255.0
description VPN Pool NAT for Inside
object network DEV-PUP-1-Network
subnet 192.168.0.0 255.255.255.0
description DEV-PUP-1 Network
object network DEV-PUP-2-Network
subnet 192.168.2.0 255.255.255.0
description DEV-PUP-2 Network
object network MGMT-1-Network
subnet 192.168.180.0 255.255.255.0
description MGMT-1 Network
object network MGMT-2-Network
subnet 192.168.181.0 255.255.255.0
description MGMT-2 Network
object network SUNCOR-PUP-1-Network
subnet 192.168.3.0 255.255.255.0
description SUNCOR-PUP-1 Network
object network SUNCOR-PUP-2-Network
subnet 192.168.4.0 255.255.255.0
description SUNCOR-PUP-2 Network
object network DEV-PUB-1-Network-PNAT
subnet 192.168.0.0 255.255.255.0
description DEV-PUB-1-Network with PNAT
object network DEV-PUB-2-Network-PNAT
subnet 192.168.2.0 255.255.255.0
description DEV-PUB-2-Network with PNAT
object network MGMT-1-Network-PNAT
subnet 192.168.180.0 255.255.255.0
description MGMT-1-Network with PNAT
object network MGMT-2-Network-PNAT
subnet 192.168.181.0 255.255.255.0
description MGMT-2-Network with PNAT
object network SUNCOR-PUB-1-Network-PNAT
subnet 192.168.3.0 255.255.255.0
description SUNCOR-PUB-1-Network with PNAT
object network SUNCOR-PUB-2-Network-PNAT
subnet 192.168.4.0 255.255.255.0
description SUNCOR-PUB-2-Network with PNAT
object network DEV-APP-1-PUB
host 198.XX.XX.XX
description DEV-APP-2 Public Server IP
object network DEV-APP-2-SNAT
host 192.168.2.120
description DEV-APP-2 Server with SNAT
object network DEV-APP-2-PUB
host 198.XX.XX.XX
description DEV-APP-2 Public Server IP
object network DEV-SQL-1
host 192.168.0.110
description DEV-SQL-1 Inside Server IP
object network DEV-SQL-2
host 192.168.2.110
description DEV-SQL-2 Inside Server IP
object network SUCNOR-APP-1-PUB
host 198.XX.XX.XX
description SUNCOR-APP-1 Public Server IP
object network SUNCOR-APP-2-SNAT
host 192.168.4.120
description SUNCOR-APP-2 Server with SNAT
object network SUNCOR-APP-2-PUB
host 198.XX.XX.XX
description DEV-APP-2 Public Server IP
object network SUNCOR-SQL-1
host 192.168.3.110
description SUNCOR-SQL-1 Inside Server IP
object network SUNCOR-SQL-2
host 192.168.4.110
description SUNCOR-SQL-2 Inside Server IP
object network DEV-APP-1-SNAT
host 192.168.0.120
description DEV-APP-1 Network with SNAT
object network SUNCOR-APP-1-SNAT
host 192.168.3.120
description SUNCOR-APP-1 Network with SNAT
object network PDX-LAN
subnet 192.168.1.0 255.255.255.0
description PDX-LAN for S2S VPN
object network PDX-Sonicwall
host XX.XX.XX.XX
object network LOGI-NLB--SNAT
host 192.168.0.53
description Logi NLB with SNAT
object network LOGI-PUP-IP
host 198.XX.XX.87
description Public IP of LOGI server for NLB
object network LOGI-NLB-IP
host 192.168.0.53
description LOGI NLB IP
object network LOGI-PUP-SNAT-NLB
host 198.XX.XX.87
description LOGI Pup with SNAT to NLB
object-group network vpn-inside
description All inside accessible networks
object-group network VPN-Inside-Networks
description All Inside Nets for Remote VPN Access
network-object object Inside-Native-Network
network-object object DEV-PUP-1-Network
network-object object DEV-PUP-2-Network
network-object object MGMT-1-Network
network-object object MGMT-2-Network
network-object object SUNCOR-PUP-1-Network
network-object object SUNCOR-PUP-2-Network
access-list acl-vpnclinet extended permit ip object-group VPN-Inside-Networks any
access-list outside_access_out remark Block ping to out networks
access-list outside_access_out extended deny icmp any any inactive
access-list outside_access_out remark Allow all traffic from inside to outside networks
access-list outside_access_out extended permit ip any any
access-list outside_access extended permit ip any object LOGI-NLB--SNAT
access-list outside_access extended permit ip any object SUNCOR-APP-2-SNAT
access-list outside_access extended permit ip any object SUNCOR-APP-1-SNAT
access-list outside_access extended permit ip any object DEV-APP-2-SNAT
access-list outside_access extended permit ip any object DEV-APP-1-SNAT
access-list outside_cryptomap extended permit ip object-group VPN-Inside-Networks object PDX-LAN
pager lines 24
logging asdm informational
mtu outside 1500
mtu Port-1-GI-Inside-Native 1500
mtu MGMT-1 1500
mtu MGMT-2 1500
mtu DEV-PUB-1 1500
mtu DEV-PUB-2 1500
mtu SUNCOR-PUB-1 1500
mtu SUNCOR-PUB-2 1500
mtu management 1500
ip local pool Remote-VPN-Pool 192.168.100.1-192.168.100.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any Port-1-GI-Inside-Native
icmp permit any MGMT-1
icmp permit any MGMT-2
icmp permit any DEV-PUB-1
icmp permit any DEV-PUB-2
icmp permit any SUNCOR-PUB-1
icmp permit any SUNCOR-PUB-2
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp DEV-PUB-1 192.168.0.53 0100.5e7f.0035 alias
arp timeout 14400
no arp permit-nonconnected
nat (Port-1-GI-Inside-Native,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (DEV-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (DEV-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (MGMT-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (MGMT-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (SUNCOR-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (SUNCOR-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (DEV-PUB-1,outside) source static DEV-PUP-1-Network DEV-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (DEV-PUB-2,outside) source static DEV-PUP-2-Network DEV-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (MGMT-1,outside) source static MGMT-1-Network MGMT-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (MGMT-2,outside) source static MGMT-2-Network MGMT-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (Port-1-GI-Inside-Native,outside) source static Inside-Native-Network Inside-Native-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (SUNCOR-PUB-1,outside) source static SUNCOR-PUP-1-Network SUNCOR-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (SUNCOR-PUB-2,outside) source static SUNCOR-PUP-2-Network SUNCOR-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
object network Inside-Native-Network-PNAT
nat (Port-1-GI-Inside-Native,outside) dynamic interface
object network VPN-POOL-PNAT
nat (Port-1-GI-Inside-Native,outside) dynamic interface
object network DEV-PUB-1-Network-PNAT
nat (DEV-PUB-1,outside) dynamic interface
object network DEV-PUB-2-Network-PNAT
nat (DEV-PUB-2,outside) dynamic interface
object network MGMT-1-Network-PNAT
nat (MGMT-1,outside) dynamic interface
object network MGMT-2-Network-PNAT
nat (MGMT-2,outside) dynamic interface
object network SUNCOR-PUB-1-Network-PNAT
nat (SUNCOR-PUB-1,outside) dynamic interface
object network SUNCOR-PUB-2-Network-PNAT
nat (SUNCOR-PUB-2,outside) dynamic interface
object network DEV-APP-2-SNAT
nat (DEV-PUB-2,outside) static DEV-APP-2-PUB
object network SUNCOR-APP-2-SNAT
nat (SUNCOR-PUB-2,outside) static SUNCOR-APP-2-PUB
object network DEV-APP-1-SNAT
nat (DEV-PUB-1,outside) static DEV-APP-1-PUB
object network SUNCOR-APP-1-SNAT
nat (SUNCOR-PUB-1,outside) static SUCNOR-APP-1-PUB
object network LOGI-NLB--SNAT
nat (DEV-PUB-1,outside) static LOGI-PUP-IP
object network LOGI-PUP-SNAT-NLB
nat (outside,DEV-PUB-1) static LOGI-NLB-IP
access-group outside_access in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 198.145.120.81 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 outside
http 10.1.1.0 255.255.255.0 Port-1-GI-Inside-Native
http 192.168.180.0 255.255.255.0 MGMT-1
http 192.168.100.0 255.255.255.0 Port-1-GI-Inside-Native
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d6f9f8e2113dc03cede9f2454dba029b
: end
Any help would be great! I think the issue is in teh NAT as I am able to access NLB IP from the outside and could not do that before adding the Static ARP stuff.
Thanks,
ChrisAlso If I change to NAT from the public IP to the NLB IP to use either one of the phsyical IPs of the NLB cluster (192.168.0.50 or 51) it works fine when using the public IP. So it's definatly an issue when NATing the VIP of NLB cluster.
Chris
Maybe you are looking for
-
Server Hang While trying to load Data using SQLLDR
Hi guru's OS Version: Centos 6 64 bit DB Version : 11gR2 64 bit When i am trying to load data using SQL ldr the loading in between hangs. As well as when i am trying to transfer text files which are approx 14Gb using winscp then it show me error as m
-
Is there anyway this could be possible I'd really hate to have to re-purchase this program.
-
Equium A100-027: CD/DVD drive says driver is missing or corrupted
My cd/dvd drive is not shown anymore in "computer". i have looked in device manager and there is an exclamation mark next to my drive. I have done a full norton scan and everything was clear. On device manager when i open properties for this drive i
-
How to make items in a list word wrap as needed and be variable heights
I am trying to build a custom itemrenderer for the List control. The items in the list are variable lengths of text, some of the text items will have different colors determined at runtime base on some criteria (this works fine now with my custom it
-
Benefit Insurance Coverage Amount-???? How to get
Hi All, In Infotype 0168,-> Insurance Coverage tab There are two fields Basis Coverage & Insurance Coverage. How to get these two amounts in report. I checked these fields are not stored in PA0168. Please Give some BAPI name or some way to get these