After enabling port-security host is not reachable
Hi, after we enable port security on the switch the host will not be reachable, please note that we hve some ports on the same switch configured for 802.1x authentication, below is the configuration for thhe port:
interface fa 0/20
switchport mode access
switchport access vlan 20
swicthport port-security
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security mac-adress sticky
1
hello
Possiblely to restrictive for that....can you post
sh port-security int fa0/20
res
Paul
Similar Messages
-
IOS Remote Desktop App resolves hostname but throws Host is not reachable error.
Hello,
I am trying to use the Remote Desktop app on my iPad running iOS 7.0.2 to connect to a server through our Juniper VPN. When I type the hostname or IP address I get an error that say "Host is not reachable". If I connect through my Mac I have no
problem when on the same VPN. I have looked through all of the setting in Junos Pulse and it is setup to route all traffic through the VPN, and I do not know of anything that would be blocking it on the network end.
Edit: I am connecting to a Windows Server 2008 R2 box with RDP turned on with all types of connections.
Here is the log data for my latest attempt.
[2013-Nov-19 11:23:42] RDP (0): *** Application lauched ***
[2013-Nov-19 11:23:43] RDP (0): Application became foreground application
[2013-Nov-19 11:24:30] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2013-Nov-19 11:24:30] RDP (0): client version: 8.0.24094 on iPad3,4 (iPhone OS 7.0.3)
[2013-Nov-19 11:24:30] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2013-Nov-19 11:24:30] RDP (0): Showing credentials dialog
[2013-Nov-19 11:24:49] RDP (0): Final rdp configuration used: {
activeUsername = "DOMAIN\\UserName";
arcTimeout = 1800;
cacheId = BEBD1725D63BB841;
configurationVersion = 8;
console = 0;
host = "server.mysite.com";
label = "Server";
mouseMode = "-1";
port = 3389;
soundMode = 1;
swapMouseButtons = 0;
type = rdp;
utilityBar = "-1";
kCFProxyTypeKey = kCFProxyTypeNone;
[2013-Nov-19 11:24:49] RDP (0): --- BEGIN INTERFACE LIST ---
[2013-Nov-19 11:24:49] RDP (0): lo0 af=18 addr= netmask=
[2013-Nov-19 11:24:49] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2013-Nov-19 11:24:49] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2013-Nov-19 11:24:49] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2013-Nov-19 11:24:49] RDP (0): en0 af=18 addr= netmask=
[2013-Nov-19 11:24:49] RDP (0): en0 af=30 (AF_INET6) addr=fe80::66:9d3c:3d77:5cce%en0 netmask=ffff:ffff:ffff:ffff::
[2013-Nov-19 11:24:49] RDP (0): en0 af=2 (AF_INET) addr=192.168.114.44 netmask=255.255.252.0
[2013-Nov-19 11:24:49] RDP (0): awdl0 af=18 addr= netmask=
[2013-Nov-19 11:24:49] RDP (0): awdl0 af=30 (AF_INET6) addr=fe80::3c11:d7ff:feb2:7a82%awdl0 netmask=ffff:ffff:ffff:ffff::
[2013-Nov-19 11:24:49] RDP (0): en2 af=18 addr= netmask=
[2013-Nov-19 11:24:49] RDP (0): utun0 af=18 addr= netmask=
[2013-Nov-19 11:24:49] RDP (0): utun0 af=2 (AF_INET) addr=10.100.01.01 netmask=255.255.255.255
[2013-Nov-19 11:24:49] RDP (0): --- END INTERFACE LIST ---
[2013-Nov-19 11:24:49] RDP (0): Not using any proxy
[2013-Nov-19 11:24:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2013-Nov-19 11:24:49] RDP (0): Resolved 'server.mysite.com' to '10.100.01.01' using NameResolveMethod_Unknown(0)
[2013-Nov-19 11:25:09] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/cftcpendpoint.cpp' at line 242
User Message : Host is not reachable
[2013-Nov-19 11:25:09] RDP (0): Error message: Host is not reachable(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2013-Nov-19 11:25:09] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2013-Nov-19 11:25:09] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2013-Nov-19 11:25:09] RDP (0): ------ END ACTIVE CONNECTION ------
CameronHi,
According to the log, your iPad tried to connect the remote server with IP address 10.100.01.01/32. Please check if it is the correct IP address of the server.
Also, please make sure that your iPad can connect to your VPN network successfully and get a valid IP address so that it can remote your internal server.
Thanks.
Jeremy Wu
TechNet Community Support -
Enable port security between Two switches
Hi Everyone,
I connected two switches together via below config
Switch A
int gi0/1
switch mode access
switchport access vlan 10
Switch B
int gi0/1
switch mode access
switchport access vlan 10
They work fine with above config.
I did the Test below
However when i changed Config of Switch B as below
int gi0/1
switch mode access
switchport access vlan 10
switchport port-security
Switch B is unable to ping its default gateway.
Also Switch B is not reachable via SSH.
Port is up up and in STP forwarding state.
Switch B can see Switch A as a neighbour.
Also Switch B is not reachable via SSH.
I know that switchport port-security we use only when connecting to PC.
S does this mean that on above scenario layer 1 and layer 2 are up but layers beyond 3 and above are not reachable like ping,ssh etc??
Regards
MAheshI was just trying to see how the switches behave with this config.Nothing much just exploring the options in the network world
Ideally if you want to connect two switches together in Layer 2, Dot1Q trunking is the way to go. You do not want to put port security because it is useless. -
Server, Port details are revealed after enabling Mod Security
Hi,
I have applied the mod security on the OAS to remediate the cross site scripting. With this fix the cross site scripting is remediated and prevent XSS attacks (HTML/Javascript injection). However on the browser with Show friendly error message unchecked the error page displays with server & its port information, whereas with checkbox checked error page 406 is displayed.
All i need is not to display the server and its port while showing the error page. Please suggest how i resolve this.
Regards,
R.BabuHi,
This is what i have added in the httpd.conf when there is an error which will direct to 406 error page.
SecFilterDefaultAction "deny,log,status:406"
I dont know how to create direct it to the one i define (can you help here). I believe even then with Show friendly HTTP error mesages unchecked i will not get my error page i defined.
- Babu -
Howto start VPN when host is not reachable
Hi there,
I have secured my Email access via iPhone.
For that I set it up to use my email servers internal hostname (not know on the public net). Due to that i have to open a VPN tunnel everytime I want to exchange mails.
Is there a way with the iPhone Configuration Utility (or else) to set up a profile that automatically opens the VPN when the host is called?
I'd grateful if anyone can help!
AndréI don't believe so, no.
-
Status Agent Not Reachable - How to set a fix port number?
My EM 10g was working fine http://localhost:5500/em
Now when I tried, it was not working. I looked into portlist and found out it there was additional port of 5502
But when I logged into port 5502, Status Agent Not Reachable. Other links were working fine.
I had even installed another DB called REPOS other than the default ORCL.
All the services were up and running and I was just bouncing services back and forth and luckly I got the original port 5500 to work and then I did not got the error "Status Agent Not Reachable".
So I just wanted to know how to set a dedicated port in case the port number changes back to 5502 and if I get the error again.
Thanks in advance.Yes I installed multipe databases for eg ORCL was the default but I installed REPOS.
I did not uninstall the db.
Why does it show two different ports for ORCL 5500 and 5502 and for Repos it shows two ports but they are the same 5501.
Everything is on my local machine.
Following is from the portlist
Ultra Search HTTP port number =5620
Enterprise Manager Agent Port =
iSQL*Plus HTTP port number =5560
Enterprise Manager Console HTTP Port (orcl) = 5500
Enterprise Manager Agent Port (orcl) = 1830
Enterprise Manager Console HTTP Port (repos) = 5501
Enterprise Manager Agent Port (repos) = 1831
Enterprise Manager Console HTTP Port (ORCL) = 5502
Enterprise Manager Agent Port (ORCL) = 1830
Enterprise Manager Console HTTP Port (repos) = 5501
Enterprise Manager Agent Port (repos) = 1831 -
PXE Imaging tripping port security
We are using Cisco switches in our environment and our network adminstrator
have enabled
port security so that only 1 MAC address works in the port.
On many PCs, when they PXE boot, it sends a different MAC address (always
starting with
00005A) then the MAC address of the NIC card and it trips port security.
We ar using the following configiration
Switch : Cisco Catalyst 4506 Switch
Server :Novell Netware 6.5 sp5 +Zenworks for Desktop 4.01 ir 7
Client OS: Windows 2000 SP4
It only occurs at a location with IR 7 for ZfD 4.01 installed.Toine,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
NAC and switchport port-security
Dear,Friends
I have NAC working on Out-Of-Band Vitual Gateway.
When I Enable Port Security on the CAM, this don't work very well.
I need allow two mac-address for interface, one workstation and one phone.
The first User is authenticated and placed in the correct VLAN according to the group. Total MAC Addresses increases the workstation and the phone correctly.
Switch#sh port-security interface gigabitEthernet 1/24
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 2
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : fcfb.fbca.2c65:89
Security Violation Count : 0
After if I:
- change of user
- bounce the interface
- plug another workstation on interface
Anything happens, and port remains on Access VLAN.
Somebody Know How Can I fix this problem?
RegardsCould you please elaborate on your question? I don't understand what's exactly the problem.
-
Port Security MIB on SF, SG series switches
I need to setup some parameters related to port security features on my SG, SF series switches via SNMP. I've found that it is possible with port security MIB (1.3.6.1.4.1.9.9.315). I found out my devices has support of this MIB downloading archive with MIBs from cisco site. But when I try to read some parameters from this MIB via SNMP, for example "cps if port security status" (1.3.6.1.4.1.9.9.315.1.2.1.1.2) device answers with: "No Such Object available on this agent at this OID". But it is possible to do with web-interface in Security->Port Security section
How is it possible to read/write such type of parameters ?The OID you mentioned cpsIfPortSecurityStatus has Read-Only permissions and hence you cannot set anything.
You can only poll this object to know the operational status of the port security feature on an interface, which will result from one of the three status :
1 : secureup
2 : securedown
3 : shutdown
For more details check OID Translation.
You can only set values which has Read-Write permissions, like cpsIfPortSecurityEnable, using which you can enable port security on an interface.
Tell us what you want to achieve using SNMP Set operation?
Also, I am not sure if these MIB features are completely implemented on 29xx/35xx/37xx devices.
But are present in 45xx and 65xx series switches. -
I am using CMS on a 3550 to implement Port Security. I want to know how to clear the Violation Rejection count? I have tried changing the Violation, turned off Sticky Behavior and disabled Port Security. Nothing clears the Violation count. When I re-enable Port Security the Violation Rejection count is the same. Help!!!
Duplicate post.
Go HERE. -
SQL server 2012 Ent using less memory than the allocated amount after enabling -T834
I am facing the situation mentioned here.
http://blogs.msdn.com/b/psssql/archive/2009/06/05/sql-server-and-large-pages-explained.aspx
My SQL Server 2012 is not able to use all the 112 GB RAM that was allocated to it after enabling -T834.
This was not the case earlier. Now I see the Total server memory and target server memory counters are just 27 GB constantly. I found the below error while starting SQL after enabling -T834. I restarted services again and this time it started fine. But I
didnt bother about the error untill users complained slowness and SQL memory usage was found to be low.
Detected 131068 MB of RAM. This is an informational message; no user action is required.
Using large pages in the memory manager.
Large Page Allocated: 32MB
Large page allocation failed during memory manager initialization
Failed to initialize the memory manager
Failed allocate pages: FAIL_PAGE_ALLOCATION 2
Error: 17138, Severity: 16, State: 1.
Unable to allocate enough memory to start 'SQL OS Boot'. Reduce non-essential memory load or increase system memory.
Now, SQL is started by its Total server memory is only 27 GB. How can I make SQL server use all the allocated max server memory with -T834 still on ?
Bharath Kumar ------------- Please mark solved if I've answered your question, vote for it as helpful to help other user's find a solution quickerHi Bharath ,
in the below post the scenario is mentioned clearly
http://blogs.msdn.com/b/psssql/archive/2009/06/05/sql-server-and-large-pages-explained.aspx
Unable to allocate enough memory to start 'SQL OS Boot'. Reduce non-essential memory load or increase system memory.
This shows one of the problems with large pages: the memory size requested must be contiguous. This is called out very nicely at the MSDN
article on Large Pages
These memory regions may be difficult to obtain after the system has been running for a long time because the space for each large page must be contiguous, but the memory may have become fragmented. This is an expensive operation;
therefore, applications should avoid making repeated large page allocations and allocate them all one time at startup instead.
In this case above, even if ‘max server memory’ was set to say 8Gb, the server could only allocate 2Gb and that now becomes a maximum allocation for the buffer pool. Remember we don’t grow the buffer pool when using large pages so whatever memory we allocate
at startup is the max you get.
The other interesting thing you will find out with large pages is a possible slowdown in server startup time. Notice in the ERRORLOG entry above the gap of 7 minutes between the server discovering trace flag 834 was on (the "Using large pages..” message)
and the message about how much large memory was allocated for the buffer pool. Not only does it take a long time to call VirtualAlloc() but in the case where we cannot allocate total physical memory or ‘max server memory” we attempt to allocate lower values
several times before either finding one that works or failing to start. We have had some customers report the time to start the server when using trace flag 834 was over 30 minutes.
regards,
Ram
ramakrishna -
Allowing a device blocked by port-security
Lets say I have port security configured on a switch's ports like this:
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
Et0/2 1 1 0 Shutdown
And also that I use sticky to allow all connected devices.
Now lets say an admin unplugs the computer that was plugged into a port and plugs in another one. The switch port shutdowns as expected. Now the admin calls and asked that the currently connected computer be allowed access. What is the proper way to allow access to that computer?
I ran sticky again on that specific interface and did a no shut, but it is still shutdown. Do I need to completely disable and re-enable port-security on that interface to allow the new device?Hi,
In the line command, write:
switch(conf-if)#shutdown
and
switch#clear port-security dynamic interface XX/XX
and
switch#clear mac address-table dynamic interface XX/XX
and
switch(conf-if)#no shutdown
In the 2 interfaces - old and new interfaces.
Thanks. -
Port security not enabling/ sticky/static
ok i tried both commands. port security is not enabling (shows disabled in output) its cisco ip phone connected to port.
static and sticky
H(config-if)#$port-security mac-address 001E.13AF.893C
H(config-if)#no shut
H(config-if)#end
H#show por
H#show port-security in
H#show port-security interface g2/0/38
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0Did you enable the port by adding :
switcport port-security
what is the output of "sh run int gi2/0/38"
HTH -
After enabling of SSL encrypton on LDAP I can't connect anymore to the LDAB. I think the Lions Server supports now the SSL encrypton for Open Directory.
.....
-
Ora 12543 tns destination host not reachable
Dear All,
OS: RHEL 5
DB VERSION:-11.2.0
I am facing problem related to ora 12543 tns destination host not reachable
The problem here is little bit different what exactly other face:-
i have 2 servers with name abc.localdomain & xyz.localdomain.
Db name on abc.localdomain is abc
Db name on xyz.localdomain is xyz
When i try to ping with below mentioned command abc and xyz from abc.localdomain i am successful
ping abc
ping xyz
But when the same thing i am trying to do from xyz.localdomain i am able to ping the db running on xyz.localdomain. but getting the above mentioned error duringg pinging of abc database located on abc.localdomain server
I am able to ping both the server's from their ip's and hostname but not by abc db name and also checked firewall on both servers are disabled.
Here are my tnsnames.ora and listener.ora files for both machines
xyz.localdomain tnsnames.ora file:-
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
LISTENER1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
xyz =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
(CONNECT_DATA =
(SERVICE_NAME = xyz)
abc =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = abc.localdomain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = abc)
xyz.localdomain listener.ora:-
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
SID_LIST_LISTENER1 =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = xyz)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/db_1)
(SID_NAME = xyz)
ADR_BASE_LISTENER1 = /u01/app/oracle
abc.localdomain machine:-
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/grid/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = abc)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/grid)
(SID_NAME = abc)
LISTENER =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = abc.localdomain)(PORT = 1521))
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER = ON
tnsnames.ora:-
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
xyz =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = xyz.localdomain)(PORT = 12001))
(CONNECT_DATA =
(SERVICE_NAME = xyz)
abc =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = abc.localdomain)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = abc)
So kindly advice over the same if anyone of you face the same problem.Hi,
Before actually looking up on this issue. I would suggest you to read the below posts to get true knowledge of what these utility do (i.e Listener, tnsping) and what are there purpose.
Help! I can't connect to my database...; | Ed Stevens, DBA
Help! I can't connect to my database (part duex) | Ed Stevens, DBA
tnsping what it is, what it isn't | Ed Stevens, DBA
Maybe you are looking for
-
Is there a reliable method for detecting that a query is too large?
I am writing some code (that uses OCI) to properly detect when a query string is too long for OCI and/or the Oracle database server. I can't find any specific error code information in the docs, so I just started firing off large queries to see what
-
Getting Error while installing omwb
Hi, I want to migrate sql server data to oracle database. When I am installing omwb in my computer getting error " No plug in install. Please install the plugin for the database you want to migrate. " 1. I don't know from where I have to download the
-
Getting cfgrid (flash) to submit a row
Hi all, I'm at about my wits end on this...I can submit a row from a query set in cfgrid if I set it to format=html and it works just fine. However, with that format, I cannot sort columns which is necessary. So, I set format=flash and the formatti
-
Bind a new shortcut to "save an image as" when mouse is hovering over a certain image
In Opera, if on a page you see several pics, you only need to move mouse pointer to an image you wanna save and press "ctrl+alt+left click" and then a dialogue to save an image pops up. I already tried a few addons - none of them did what I need. So,
-
MEDIASOURCE- won't burn a cd! Can't find a cd recorder device is fo
Hey, i just got a creative zen 20 gig installed the media source program fine. And i got to work fine it finds cds, rips them onto the computer and to the zen, but it when i try to burn a cd using the program it says it can't find a cd recording devi