After enabling port-security host is not reachable

Similar Messages

• IOS Remote Desktop App resolves hostname but throws Host is not reachable error.

  Hello,
  I am trying to use the Remote Desktop app on my iPad running iOS 7.0.2 to connect to a server through our Juniper VPN. When I type the hostname or IP address I get an error that say "Host is not reachable". If I connect through my Mac I have no
  problem when on the same VPN. I have looked through all  of the setting in Junos Pulse and it is setup to route all traffic through the VPN, and I do not know of anything that would be blocking it on the network end.
  Edit: I am connecting to a Windows Server 2008 R2 box with RDP turned on with all types of connections.
  Here is the log data for my latest attempt.
  [2013-Nov-19 11:23:42] RDP (0): *** Application lauched ***
  [2013-Nov-19 11:23:43] RDP (0): Application became foreground application
  [2013-Nov-19 11:24:30] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
  [2013-Nov-19 11:24:30] RDP (0): client version: 8.0.24094 on iPad3,4 (iPhone OS 7.0.3)
  [2013-Nov-19 11:24:30] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2013-Nov-19 11:24:30] RDP (0): Showing credentials dialog
  [2013-Nov-19 11:24:49] RDP (0): Final rdp configuration used: {
      activeUsername = "DOMAIN\\UserName";
      arcTimeout = 1800;
      cacheId = BEBD1725D63BB841;
      configurationVersion = 8;
      console = 0;
      host = "server.mysite.com";
      label = "Server";
      mouseMode = "-1";
      port = 3389;
      soundMode = 1;
      swapMouseButtons = 0;
      type = rdp;
      utilityBar = "-1";
      kCFProxyTypeKey = kCFProxyTypeNone;
  [2013-Nov-19 11:24:49] RDP (0): --- BEGIN INTERFACE LIST ---
  [2013-Nov-19 11:24:49] RDP (0): lo0 af=18  addr= netmask=
  [2013-Nov-19 11:24:49] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2013-Nov-19 11:24:49] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2013-Nov-19 11:24:49] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2013-Nov-19 11:24:49] RDP (0): en0 af=18  addr= netmask=
  [2013-Nov-19 11:24:49] RDP (0): en0 af=30 (AF_INET6)  addr=fe80::66:9d3c:3d77:5cce%en0 netmask=ffff:ffff:ffff:ffff::
  [2013-Nov-19 11:24:49] RDP (0): en0 af=2 (AF_INET)  addr=192.168.114.44 netmask=255.255.252.0
  [2013-Nov-19 11:24:49] RDP (0): awdl0 af=18  addr= netmask=
  [2013-Nov-19 11:24:49] RDP (0): awdl0 af=30 (AF_INET6)  addr=fe80::3c11:d7ff:feb2:7a82%awdl0 netmask=ffff:ffff:ffff:ffff::
  [2013-Nov-19 11:24:49] RDP (0): en2 af=18  addr= netmask=
  [2013-Nov-19 11:24:49] RDP (0): utun0 af=18  addr= netmask=
  [2013-Nov-19 11:24:49] RDP (0): utun0 af=2 (AF_INET)  addr=10.100.01.01 netmask=255.255.255.255
  [2013-Nov-19 11:24:49] RDP (0): --- END INTERFACE LIST ---
  [2013-Nov-19 11:24:49] RDP (0): Not using any proxy
  [2013-Nov-19 11:24:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2013-Nov-19 11:24:49] RDP (0): Resolved 'server.mysite.com' to '10.100.01.01' using NameResolveMethod_Unknown(0)
  [2013-Nov-19 11:25:09] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/cftcpendpoint.cpp' at line 242
      User Message : Host is not reachable
  [2013-Nov-19 11:25:09] RDP (0): Error message: Host is not reachable(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
  [2013-Nov-19 11:25:09] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
  [2013-Nov-19 11:25:09] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2013-Nov-19 11:25:09] RDP (0): ------ END ACTIVE CONNECTION ------
  Cameron

  Hi,
  According to the log, your iPad tried to connect the remote server with IP address 10.100.01.01/32. Please check if it is the correct IP address of the server.
  Also, please make sure that your iPad can connect to your VPN network successfully and get a valid IP address so that it can remote your internal server.
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Enable port security between Two switches

  Hi Everyone,
  I connected two switches together  via below config
  Switch A
  int gi0/1
  switch mode access
  switchport access vlan 10
  Switch B
  int gi0/1
  switch mode access
  switchport access vlan 10
  They work fine with above config.
  I did the Test below
  However when i changed Config of Switch B  as below
  int gi0/1
  switch mode access
  switchport access vlan 10
  switchport port-security  
  Switch B is unable to ping its default gateway.
  Also Switch B is not reachable via SSH.
  Port is up up and in STP forwarding state.
  Switch B can see Switch A as a neighbour.
  Also Switch B is not reachable via SSH.
  I know that switchport port-security we use only when connecting to PC.
  S does this mean that  on above scenario layer 1 and layer 2 are up but layers beyond 3 and above are not reachable like ping,ssh etc??
  Regards
  MAhesh

  I was just trying to see how the switches behave with this config.Nothing much just  exploring the options in the network world
  Ideally if you want to connect two switches together in Layer 2, Dot1Q trunking is the way to go.  You do not want to put port security because it is useless. 

• Server, Port details are revealed after enabling Mod Security

  Hi,
  I have applied the mod security on the OAS to remediate the cross site scripting. With this fix the cross site scripting is remediated and prevent XSS attacks (HTML/Javascript injection). However on the browser with Show friendly error message unchecked the error page displays with server & its port information, whereas with checkbox checked error page 406 is displayed.
  All i need is not to display the server and its port while showing the error page. Please suggest how i resolve this.
  Regards,
  R.Babu

  Hi,
  This is what i have added in the httpd.conf when there is an error which will direct to 406 error page.
  SecFilterDefaultAction "deny,log,status:406"
  I dont know how to create direct it to the one i define (can you help here). I believe even then with Show friendly HTTP error mesages unchecked i will not get my error page i defined.
  - Babu

• Howto start VPN when host is not reachable

  Hi there,
  I have secured my Email access via iPhone.
  For that I set it up to use my email servers internal hostname (not know on the public net). Due to that i have to open a VPN tunnel everytime I want to exchange mails.
  Is there a way with the iPhone Configuration Utility (or else) to set up a profile that automatically opens the VPN when the host is called?
  I'd grateful if anyone can help!
  André

  I don't believe so, no.

• Status Agent Not Reachable - How to set a fix port number?

  My EM 10g was working fine http://localhost:5500/em
  Now when I tried, it was not working. I looked into portlist and found out it there was additional port of 5502
  But when I logged into port 5502, Status Agent Not Reachable. Other links were working fine.
  I had even installed another DB called REPOS other than the default ORCL.
  All the services were up and running and I was just bouncing services back and forth and luckly I got the original port 5500 to work and then I did not got the error "Status Agent Not Reachable".
  So I just wanted to know how to set a dedicated port in case the port number changes back to 5502 and if I get the error again.
  Thanks in advance.

  Yes I installed multipe databases for eg ORCL was the default but I installed REPOS.
  I did not uninstall the db.
  Why does it show two different ports for ORCL 5500 and 5502 and for Repos it shows two ports but they are the same 5501.
  Everything is on my local machine.
  Following is from the portlist
  Ultra Search HTTP port number =5620
  Enterprise Manager Agent Port =
  iSQL*Plus HTTP port number =5560
  Enterprise Manager Console HTTP Port (orcl) = 5500
  Enterprise Manager Agent Port (orcl) = 1830
  Enterprise Manager Console HTTP Port (repos) = 5501
  Enterprise Manager Agent Port (repos) = 1831
  Enterprise Manager Console HTTP Port (ORCL) = 5502
  Enterprise Manager Agent Port (ORCL) = 1830
  Enterprise Manager Console HTTP Port (repos) = 5501
  Enterprise Manager Agent Port (repos) = 1831

• PXE Imaging tripping port security

  We are using Cisco switches in our environment and our network adminstrator
  have enabled
  port security so that only 1 MAC address works in the port.
  On many PCs, when they PXE boot, it sends a different MAC address (always
  starting with
  00005A) then the MAC address of the NIC card and it trips port security.
  We ar using the following configiration
  Switch : Cisco Catalyst 4506 Switch
  Server :Novell Netware 6.5 sp5 +Zenworks for Desktop 4.01 ir 7
  Client OS: Windows 2000 SP4
  It only occurs at a location with IR 7 for ZfD 4.01 installed.

  Toine,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• NAC and switchport port-security

  Dear,Friends
  I have NAC working on Out-Of-Band Vitual Gateway.
  When I Enable Port Security on the CAM, this don't work very well.
  I need allow two mac-address for interface, one workstation and one phone.
  The first User is authenticated and placed in the correct VLAN according to the group. Total MAC Addresses increases the workstation and the phone correctly.
  Switch#sh port-security interface gigabitEthernet 1/24
  Port Security                          : Enabled
  Port Status                            : Secure-up
  Violation Mode                       : Shutdown
  Aging Time                            : 0 mins
  Aging Type                            : Absolute
  SecureStatic Address Aging   : Disabled
  Maximum MAC Addresses     : 2
  Total MAC Addresses            : 2
  Configured MAC Addresses    : 0
  Sticky MAC Addresses          : 0
  Last Source Address:Vlan      : fcfb.fbca.2c65:89
  Security Violation Count         : 0
  After if I:
  - change of user
  - bounce the interface
  - plug another workstation on interface
  Anything happens, and port remains on Access VLAN.
  Somebody Know How Can I fix this problem?
  Regards

  Could you please elaborate on your question? I don't understand what's exactly the problem.

• Port Security MIB on SF, SG series switches

  I need to setup some parameters related to port security features on my SG, SF series switches via SNMP. I've found that it is possible with port security MIB (1.3.6.1.4.1.9.9.315). I found out my devices has support of this MIB downloading archive with MIBs from cisco site. But when I try to read some parameters from this MIB via SNMP, for example "cps if port security status" (1.3.6.1.4.1.9.9.315.1.2.1.1.2) device answers with: "No Such Object available on this agent at this OID". But it is possible to do with web-interface in Security->Port Security section
  How is it possible to read/write such type of parameters ?

  The OID you mentioned cpsIfPortSecurityStatus has Read-Only permissions and hence you cannot set anything.
  You can only poll this object to know the operational status of the port security feature on an interface, which will result from one of the three status :
  1 : secureup
  2 : securedown
  3 : shutdown
  For more details check OID Translation.
  You can only set values which has Read-Write permissions, like cpsIfPortSecurityEnable, using which you can enable port security on an interface.
  Tell us what you want to achieve using SNMP Set operation?
  Also, I am not sure if these MIB features are completely implemented on 29xx/35xx/37xx devices.
  But are present in 45xx and 65xx series switches.

• Port Security - CMS

  I am using CMS on a 3550 to implement Port Security. I want to know how to clear the Violation Rejection count? I have tried changing the Violation, turned off Sticky Behavior and disabled Port Security. Nothing clears the Violation count. When I re-enable Port Security the Violation Rejection count is the same. Help!!!

  Duplicate post. 
  Go HERE.

• SQL server 2012 Ent using less memory than the allocated amount after enabling -T834

  I am facing the situation mentioned here.
  http://blogs.msdn.com/b/psssql/archive/2009/06/05/sql-server-and-large-pages-explained.aspx
  My SQL Server 2012 is not able to use all the 112 GB RAM that was allocated to it after enabling -T834.
  This was not the case earlier. Now I see the Total server memory and target server memory counters are just 27 GB constantly. I found the below error while starting SQL after enabling -T834. I restarted services again and this time it started fine. But I
  didnt bother about the error untill users complained slowness and SQL memory usage was found to be low.
   Detected 131068 MB of RAM. This is an informational message; no user action is required.
   Using large pages in the memory manager.
   Large Page Allocated: 32MB
   Large page allocation failed during memory manager initialization
   Failed to initialize the memory manager
   Failed allocate pages: FAIL_PAGE_ALLOCATION 2
   Error: 17138, Severity: 16, State: 1.
   Unable to allocate enough memory to start 'SQL OS Boot'. Reduce non-essential memory load or increase system memory.
  Now, SQL is started by its Total server memory is only 27 GB. How can I make SQL server use all the allocated max server memory with -T834 still on ?
  Bharath Kumar ------------- Please mark solved if I've answered your question, vote for it as helpful to help other user's find a solution quicker

  Hi Bharath , 
  in the below post the scenario is mentioned clearly 
  http://blogs.msdn.com/b/psssql/archive/2009/06/05/sql-server-and-large-pages-explained.aspx
  Unable to allocate enough memory to start 'SQL OS Boot'. Reduce non-essential memory load or increase system memory.
  This shows one of the problems with large pages: the memory size requested must be contiguous. This is called out very nicely at the MSDN
  article on Large Pages
  These memory regions may be difficult to obtain after the system has been running for a long time because the space for each large page must be contiguous, but the memory may have become fragmented. This is an expensive operation;
  therefore, applications should avoid making repeated large page allocations and allocate them all one time at startup instead.
  In this case above, even if ‘max server memory’ was set to say 8Gb, the server could only allocate 2Gb and that now becomes a maximum allocation for the buffer pool. Remember we don’t grow the buffer pool when using large pages so whatever memory we allocate
  at startup is the max you get.
  The other interesting thing you will find out with large pages is a possible slowdown in server startup time. Notice in the ERRORLOG entry above the gap of 7 minutes between the server discovering trace flag 834 was on (the "Using large pages..” message)
  and the message about how much large memory was allocated for the buffer pool. Not only does it take a long time to call VirtualAlloc() but in the case where we cannot allocate total physical memory or ‘max server memory” we attempt to allocate lower values
  several times before either finding one that works or failing to start. We have had some customers report the time to start the server when using trace flag 834 was over 30 minutes.
  regards,
  Ram
  ramakrishna

• Allowing a device blocked by port-security

  Lets say I have port security configured on a switch's ports like this:
      Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                      (Count)       (Count)          (Count)
            Et0/2              1            1                  0         Shutdown
  And also that I use sticky to allow all connected devices.
  Now lets say an admin unplugs the computer that was plugged into a port and plugs in another one. The switch port shutdowns as expected. Now the admin calls and asked that the currently connected computer be allowed access. What is the proper way to allow access to that computer?
  I ran sticky again on that specific interface and did a no shut, but it is still shutdown. Do I need to completely disable and re-enable port-security on that interface to allow the new device?

  Hi,
  In the line command, write:
  switch(conf-if)#shutdown
  and
  switch#clear port-security dynamic interface XX/XX
  and
  switch#clear mac address-table dynamic interface XX/XX
  and
  switch(conf-if)#no shutdown
  In the 2 interfaces - old and new interfaces.
  Thanks.

• Port security not enabling/ sticky/static

  ok i tried both commands. port security is not enabling (shows disabled in output) its cisco ip phone connected to port.
  static and sticky
  H(config-if)#$port-security mac-address 001E.13AF.893C
  H(config-if)#no shut
  H(config-if)#end
  H#show por
  H#show port-security in
  H#show port-security interface g2/0/38
  Port Security              : Disabled
  Port Status                : Secure-down
  Violation Mode             : Shutdown
  Aging Time                 : 0 mins
  Aging Type                 : Absolute
  SecureStatic Address Aging : Disabled
  Maximum MAC Addresses      : 1
  Total MAC Addresses        : 1
  Configured MAC Addresses   : 1
  Sticky MAC Addresses       : 0
  Last Source Address:Vlan   : 0000.0000.0000:0
  Security Violation Count   : 0

  Did you enable the port by adding :
  switcport port-security
  what is the output of "sh run int gi2/0/38"
  HTH

• Open Directory: After enabling of SSL encryption the Open Directory server is not reachable anymore! What's wrong?

  After enabling of SSL encrypton on LDAP I can't connect anymore to the LDAB. I think the Lions Server supports now the SSL encrypton for Open Directory.

  .....

• Ora 12543 tns destination host not reachable

  Dear All,
  OS: RHEL 5
  DB VERSION:-11.2.0
  I am facing problem related to ora 12543 tns destination host not reachable
  The problem here is little bit different what exactly other face:-
  i have 2 servers with name abc.localdomain & xyz.localdomain.
  Db name on abc.localdomain is abc
  Db name on xyz.localdomain is xyz
  When i try to ping with below mentioned command abc and xyz from abc.localdomain i am successful
  ping abc
  ping xyz
  But when the same thing i am trying to do from xyz.localdomain i am able to ping the db running on xyz.localdomain. but getting the above mentioned error duringg pinging of abc database located on abc.localdomain server
  I am able to ping both the server's from their ip's and hostname but not by abc db name and also checked firewall on both servers are disabled.
  Here are my tnsnames.ora and listener.ora files for both machines
  xyz.localdomain tnsnames.ora file:-
  # tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  LISTENER1 =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
  xyz =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
      (CONNECT_DATA =
        (SERVICE_NAME = xyz)
  abc =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = abc.localdomain)(PORT = 1521))
      (CONNECT_DATA =
        (SERVICE_NAME = abc)
  xyz.localdomain listener.ora:-
  # listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
  # Generated by Oracle configuration tools.
  LISTENER1 =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
  SID_LIST_LISTENER1 =
    (SID_LIST =
      (SID_DESC =
        (GLOBAL_DBNAME = xyz)
        (ORACLE_HOME = /u01/app/oracle/product/11.2.0/db_1)
        (SID_NAME = xyz)
  ADR_BASE_LISTENER1 = /u01/app/oracle
  abc.localdomain machine:-
  # listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/grid/network/admin/listener.ora
  # Generated by Oracle configuration tools.
  SID_LIST_LISTENER =
    (SID_LIST =
      (SID_DESC =
        (GLOBAL_DBNAME = abc)
        (ORACLE_HOME = /u01/app/oracle/product/11.2.0/grid)
        (SID_NAME = abc)
  LISTENER =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = abc.localdomain)(PORT = 1521))
  ADR_BASE_LISTENER = /u01/app/oracle
  ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER = ON
  tnsnames.ora:-
  # tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  xyz =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
      (CONNECT_DATA =
        (SERVICE_NAME = xyz)
  abc =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = abc.localdomain)(PORT = 1521))
      (CONNECT_DATA =
        (SERVICE_NAME = abc)
  So kindly advice over the same if anyone of you face the same problem.

  Hi,
  Before actually looking up on this issue. I would suggest you to read the below posts to get true knowledge of what these utility do (i.e Listener, tnsping) and what are there purpose.
  Help! I can't connect to my database...; | Ed Stevens, DBA
  Help! I can't connect to my database (part duex) | Ed Stevens, DBA
  tnsping  what it is, what it isn't | Ed Stevens, DBA