ARP Entry not seen in Backup Router

Similar Messages

• 802.1x router loses ARP entry

  Firs of all, Hello All. In new to this community.
  A have a strange problem i want to share with you. Possibly a bug but maybe it is me who does something wrong.
  My network looks like this:
  [RADIUS] --- [C881] --- [SG200 Switch] ---[WinXP]
  One of SG200 interfaces is set as a Supplicant ant it authenticates in RADIUS (FreeRADIUS) server via C881 router. WinXP and other PC clients authenticate in RADIUS via SG200.
  Now: Authentication works perfectly. Ports open as they're supposed to. I'm able to reach RADIUS from SG200 and vice versa but there is a problem with WinXP. When i connect it to SG200 it authenticates, port opens and I'm able to reach RADIUS or any host on the left hand side but only for 300 seconds. After that period of time C881 looses WinXP from its ARP table and any communication fails. I cant even reach C881's interface facing SG200. Then i type:
  c881(config-if)#dot1x port-control force-authorized
  C881 learns WinXP's MAC and IP again and all gets back to normal. When I type
  c881(config-if)#dot1x port-control auto
  after 300 seconds C881 forgets WinXP again and communication brakes down.
  How is it possible that a router forgets MAC of host its continuously "talking" with?
  Have you ever seen this kind of behaviour? I tried with two other software revisions on C881 and resoult is always the same. Bug or feature?

  Hi.
  Are you sending the session-attribute from the free radius server?
  To be honest im not sure what you mean, but i have strong suspicion that my problem has nothing with freeradius.
  Host authentication works perfectly. When i connect WinXP directly to routers switch ports everything works fine. Either the switch itself has a connection to the router all the time - even when WinXP and C881 dont see each other.
  Furthermore - All ports are authenticated and open all the time, its' state doesn't change. Reauthentiction is turned off.
  When the problem occurs i see no traffic to radius server. hre is how it looks:
  When i connect WinXP to the switch it works at the begining.
  I check ARP table on the router - WinXP is there.
  I periodically check ARP table and after ap. 300 seconds (default arp entry timeout) WinXP disappears and communication brakes down.
  Additionally when i change ARP timeout value to shorter or longer communication breaks earlier or later respectivly

• Ow can I use my time capsule as a time machine backup without using it wirelessly and not as a wireless router?

  How can I use my time capsule as a time machine backup without using it wirelessly and not as a wireless router?

  bzb888 wrote:
  I have a wireless transmitter already, would like to use the capsule just as a back up drive, I tried hooking up from the ethernet port on the imac to the one of the ports on the capsule but then my Wifi would not work. do I hook the cable to the port with the circle or the arrows?
  It is better to have the TC as part of the main network in bridge. You do not need to run wireless.
  If you want to use the TC plugged in by ethernet and still use wireless for internet, that is possible but the setup is rather more complicated.. the computer must not get confused about which device to use as a gateway or dns server.
  See info in this thread on setting this up.
  https://discussions.apple.com/thread/4817218?tstart=30
  I need to add.. a USB drive would be cheaper, faster and more reliable. It is really poor use of a TC.

• HT2188 I just got an iPad mini, when I try to upload my iPhone backup from my Mac i get the message to upgrade my iTunes. I can not seen to find where the download link is for iPads on apple website. Can anyone help?

  I just got an iPad mini, when I try to upload my iPhone backup from my Mac i get the message to upgrade my iTunes. I can not seen to find where the download link is for iPads on apple website. Can anyone help?

  The message is referring to iTunes on your computer, not the iPad : http://www.apple.com/itunes/download/
  The built-in apps on the iPad can only be updated via iOS updates, so if your iPad mini is on iOS 6.0.2 then its up-to-date

• FI entry posting not seen in KE24 display Actual line Item list

  Dear Team ,     
  Our GL setting with FSG COPA if we posted FI entry  through Cost Center than entry shown in Report KE24 but if we posted through internal order than entry not shown in report.     
  Please provide your suggestion for above matter.     
  Thanks & regards

  Hi ,
  COPA documents will be created only when the Internal Order is settled to PSG.
  Please check wether the Internal Order is settled and the settlemen rule is to Profitability Segment ( PSG )
  Regards
  Sarada

• BB Passport: After upgrading to 10.3.1, the USB key are not seen by the OS

  Blackberry Passport:
  After upgrading to 10.3.1 Any kind of USB key is not seen by the OS, even after restarting the operating system.
  With original OS 10.3 could connect USB key to transfer my photos with file manager.
  Any suggestions?

  There a lot of issues being discovered by users doing the upgrade OTA or using Link. And they are varied. It's had to say whether your problem another of these issues or something else. Those I trust are recommending a clean OS install using an autoloader as so far there are not the same problems afterward.
  You could try the autoloader route. Do a backup first. After the clean OS install, test before you do a restore and install app. If problem is gone, then you know the clean OS works. The next question will be if the problem returns when you restore or add apps.
  - Ira

• How to setup a static multicast ARP entry with Cisco SF300-08?

  We're running a cluster in multicast mode as a  loadbalancer.
  We have Cisco SF300-08 and when we adding a static ARP entry results in an error message telling the user that the hardware address needs to be a valid  unicast MAC address.
  So how to setup a static multicast in Cisco SF300 or maybe someone know other solution to setup multicastes mode in Cisco SF300.

  Hi, Tom!
  We have two watchguard xtm505(cluster active-active) in our network. Watchguard interfaces have one ip and one mac adresses. IP 192.168.111.1(Unicast) and MAC 01:00:5e:02:02:03(multicast).  Cisco SF300 is router to outside networks(to internet). Cisco IP adresss is 192.168.111.254. There are another some hosts in this network.
  Ping from hosts to 192.168.111.254 works well. Ping from hosts to 192.168.111.1 works well too.  But there is no ping from watchguard cluster(192.168.111.1) to Cisco(192.168.111.254). And there is no routing to internet
  This is well-known situation. We need to do following(example for cisco 3750):
  1.    Start the Cisco 3750 command line interface.
  2.    Add a static ARP entry for the multicast MAC address of the FireCluster interface.
  Type this command:
  arp arpa
  For this example, type:
  arp 192.168.111.1 01:00:5e:02:02:03 arpa
  3.    Add an entry to the MAC address table.
  Type this command:
  mac-address-table static vlan interface <#>
  For this example, type:
  mac-address-table static 01:00:5e:02:02:03 vlan 1 interface gi1/0/11
  But we can't add arp entry on Cisco SF300. CLI tells us "MAC address illegal"!
  We tried enable igmp snooping, but is not helps.
  Could you tell more detailed about MAC groups?

• Some Google calendar entries not showing up on phone

  On a couple of occaisions, I've had a whole day of Google Calendar entries not show up on my Palm Pre. Today, just this mornings entries showed up, but the two entries I have for this afternoon don't show up on my phone. I've tried syncing manually a couple of times. I've tried syncing over EVDO/Data only (turned off wireless). I've tried deleting an entry, re-adding it, and re-syncing and no joy.
  What now?
  UPDATE: So, once I got home I looked into changing to syncing via EAS. I didn't like some of the 'features' of that route, so I went nuclear. I deleted the gmail account from the Calendar application and re-added it. After syncing completed, I found my missing entries... So, anyone got any ideas of additional data to collect?
  Post relates to: Pre p100eww (Sprint)
  Message Edited by sgl on 01-12-2010 05:57 PM

  Deleting my gmail account and re-adding it does not clear up the problem, it hides the symptoms. What if it didn't work, do I reinstall the OS? I've had two occurences of this--none of last Friday's calender entries were in my calendar and yesterday afternoon's entries were missing. There is a root cause and it needs to be found and sorted.
  I missed a meeting yesterday because my phone did not sync up with my Google calendar. This is a fundamental feature of of the Palm WebOS smartphones. Calendar syncing is a fundamental feature of all smartphones and a smartphone that doesn't do this is no longer smart.
  Are there other people who have seen this symptom? Is there something I can do to _help_ gather data for the Synergy team to find the root cause?

• Static ARP entry command no worky with vlan

  Anyone know why this happens? I'm trying to enter a static arp entry and assign it to a specific vlan, for example:
  arp 192.168.200.1 aaaa.bbbb.cccc arpa vlan 15
                      % Invalid input detected at '^' marker
  When this is entered it errors out and marks the word vlan like it is invalid, though it is a valid option when inching forward using the ? help character. I tried multiple iterations and the only other response I get is if I enter vlan 1. To that the router responds with:
  Bad ARP command - Interface may only be specified when bridging IP
  Is one to assume that the vlan need not be specified? I opted to enter the vlan only for uniformity, but then when it behaved strangely I became curious. I wonder in what scenario adding the vlan to an arp entry would be valid and acceptable.
  Thanks, Mike

  Hello,
  What you experienced is the normal behavior. The L3 device does not allow
  you to specify the interface when you are operating in routed mode. Based on
  the address you have configured, it will automatically allocate the static
  ARP entry to appropriate interface. If you have entered an IP that does not
  belong to any subnet, then all interfaces will consider that ARP entry. Only
  if you configure two interfaces in bridge mode (like in the case of PPPoE
  scenarios), then you can specify the interface ID.
  Hope this helps.
  Regards,
  NT

• Static Arp Entry for Exchange 2010

  Hello All,
  I was hoping someone could assist with an issue that our Exchange team are having, specifically with replication traffic traversing our DC to DR site.
  The infrastructure consists of a Layer 3 data centre and a disaster recovery site, so essentially its a live/backup environment. Both the DC and DR site are connected with a LES using routed interfaces.
  The Exchange cluster at the DC is associated with the following subnets:
  MAPI - 10.1.30.X
  Replication: 10.1.230.X
  DR site has the following subnets associated with the exhange cluster :
  MAPI - 192.168.4.X
  Replication - 192.168.230.X
  When an attempt is made to create a database/mailbox on an exchange server at the DC and copy it using  the replication subnet source: 10.1.230.X to destination subnet: 192.168.230.X, the copy process fails.
  Replication traffic in general going from DC to DR or vice-versa is subject to constant problems and seems unreliable. Our exchange team have to manually copy mailboxes from one cluster to the other using Windows explorer which works fine.
  The Exchange cluster at both sites reside within a VMWare ESX enclosure and connect to Cisco 6500 switches. Would the Cisco switches require a static arp entry for their respective Exchange clusters, which should be configured on each switch? If this was missing could this be the root cause of the replication problems we're experiencing? Or does this depend on whether the exchange cluster is using NLB Unicast or Multicast mode?
  Any assistance would be most appreciated.
  Regards,
  Jamie

  Jamie,
  Have a look at this link:-
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
  It depends on how the team NLB is set up.
  You may need static mac & static arp as well as disabling igmp snooping if multicasting is bein used.
  Regards,
  Alex.
  Please rate useful posts.

• ASA5510 no ARP entry ?

  I have a requirement to NAT a spare address on the same subnet range as one of the firewall interface - however, because this is not allocated to a physical interface, there is no mac entry in the arp cache. the other end of the link from the firewall is connected to a router which has no idea how to reach this "virtual address" - again because there is no entry in the arp cache
  I have tried to put a static arp entry into the firewall but this doesn't appear to work either. Should I be using a mac address form a physical interface or can I create a dummy mac for this -
  If the router can't see the ip address, then users will not be able to target this address - so that the firewall can NAT to the real outside address.
  I have tried routes to null0 on the router and static arp entries on both devices but the user just times when trying to connect to 10.2.7.11 (nat to 10.2.32.11)
  attached is a very basic visio diagram which I hope explains what I am trying to achieve.
  any help would be appreciated.
  many thanks

  Assuming your communications are always initiated from the inside, the first static statement above should suffice. When a session is built (initial syn in the TCP 3-way handshake) the xlate table will take care of the NAT on return path. I'm not sure of the effect of the second static, but I'd try temporaily removing it.
  If you ever initiate from the outside (10.2.32.11/12), you would also need an access-list to allow moving from a lower security to higher security level.
  Hope this helps.

• Arp entries on 3850

  On my 3850 (running 3.3.1) i have 1600+ entries in the arp table for a given vlan but I'm not acting as the gateway for the devices connecting to it (i'm trunked to the core which is acting as the gateway but I do have ip routing enabled on my 3850). I've put the nmsp attachment suppress command on all physical interfaces to resolve another issue I was having.
  Is having all these arp entries expected behavior? I've tried to delete 1 ip in the table which I knew wasn't valid but my switch seems to ignore it as the entry is still there.
  The reason I ask was due to a small unicast flooding issue I seemed to have (since gone away). I was told it may have been due to the switch having an arp entry for a mac addresses it didn't know and hence was flooding the switch. The person was surprised to see so many arp entries given i wasn't a gateway for this vlan.
  Thanks

  Hi,
  If you issue "show running config all" command you can see all configuration lines of this switch including the default settings. Here is an example for one of the vlan interface configuration. As you can see "proxy-arp" is enabled globally & interface level by default.
  3850-2#sh running-config all | in proxy            
  no ip arp proxy disable
  3850-2#sh running-config all | be interface Vlan1410
  interface Vlan1410
  ip address 10.141.103.242 255.255.248.0
  ip redirects
  ip unreachables
  ip proxy-arp
  ip mtu 1500
  ip load-sharing per-destination
  ip cef accounting non-recursive internal
  ip pim dr-priority 1
  ip pim query-interval 30
  ip mfib forwarding input
  ip mfib forwarding output
  ip mfib cef input
  ip mfib cef output
  ip route-cache cef
  ip route-cache
  ip split-horizon
  ip igmp last-member-query-interval 1000
  ip igmp last-member-query-count 2
  ip igmp query-max-response-time 10
  ip igmp version 2
  ip igmp query-interval 60
  ip igmp tcn query count 2
  ip igmp tcn query interval 10
  load-interval 300
  carrier-delay 2
  no shutdown
  ipv6 nd reachable-time 0
  ipv6 nd ns-interval 0
  ipv6 nd dad attempts 1
  ipv6 nd prefix framed-ipv6-prefix
  ipv6 nd nud igp
  ipv6 nd ra lifetime 1800
  ipv6 nd ra interval 200
    ipv6 redirects
    ipv6 unreachables
  snmp trap link-status
  cts role-based enforcement
  arp arpa
  arp timeout 14400
  spanning-tree port-priority 128
  spanning-tree cost 0
  hold-queue 75 in
  hold-queue 40 out
  no bgp-policy accounting input
  no bgp-policy accounting output
  no bgp-policy accounting input source
  no bgp-policy accounting output source
  no bgp-policy source ip-prec-map
  no bgp-policy source ip-qos-map
  no bgp-policy destination ip-prec-map
  no bgp-policy destination ip-qos-map
  This post explain "proxy-arp" behaviour well.
  http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html
  In your case all the SVI defined & end host gets default-gateway IP correctly, there is no need for "proxy-arp" enabled on SVI. You can safely disable it (globally or interface level)  and check if that help to mitigate your arp cache issue.
  3850-2(config)#ip arp proxy disable
  or
  3850-2(config)#int vlan 1410
  3850-2(config-if)#no ip proxy-arp
  HTH
  Rasika
  **** Pls rate all useful responses ****

• No ARP entries for VLAN X

  I have a question about ARP. I have a number of VLANs configured on a 6500 switch most of the vlans routing interfaces are also on the 6500. One of the VLANS use a static route pointing to a remote router for the routing interface. My question is: APP works fine for all vlans that are reouted localy by the 6500, but there are no arp entries for VLAN X that is routed remotely. I thought ARP was a L2 not L3. If someone could clear this up for me it would be great. Thanks

  If you have a route to another router on the same VLAN, then the 6500 will ignore any incoming ARP requests for IP addresses on the VLAN except its own address.
  I presume that the hosts on the VLAN have been configured with the other router as default gateway. In that case, the traffic from that VLAN would never go near the 6500.
  However, if a host did send a packet to the 6500 destined for an address that is off the VLAN, then the 6500 would forward it in the normal way. It would then depend whether you have ICMP re-directs enabled on that VLAN interface. If you do not, then the 6500 would have no reason to put the host in its ARP cache. But if you have ICMP re-directs enabled, then the 6500 would have to ARP to find the MAC address of the host in order to send its ICMP re-direct.
  In fact, the 6500 will only make an ARP table entry if it has a packet to send to the host, either because it has to forward a packet that came from outside VLAN, or because it needs to send an ICMP re-direct to the host to tell it to use the other router.
  Does that make sense?
  Kevin Dorrell
  Luxembourg

• ASA 5505 VPN with backup route

  We are looking to set up a site-to-site VPN with a backup over a T1. We have a remote site with a  1841 router. This router has a PTP T1 back to a secondary location with a 2811. Due to location, the only option we had to get additional bandwidth was to have a cable modem installed. We want to set a site-to-site up to our primary location, with a backup route over the T1 in the event the cable modem goes down. We have an ASA 5505 at the remote location, and an ASA 5540 at the primary. In addition, we want to split the traffic across the two connections. Since the wireless controllers are anchored back to the secondary location, we want to send that traffic over the PTP T1 and the rest of the traffic over the VPN. We also need to have a backup route for the wireless traffic to send across the VPN in the event the T1 goes down.

  Go to this link and scroll down to  Site to Site VPN (L2L) with IOS  and Site to Site VPN (L2L) with ASA, you can use the links example depicting your scenario requirements, where one end is dynamic and other static for Ipsec L2L  IOS-to-ASA or ASA-to-IOS.
  The best solution obiosly is having  static IP addressing, make that clear with your client  , but  these exmaples are very good solution for your problem.
  Keep in mind that the DHCP dynamic side will  always be the initiator to  bring up the tunnel , not the static side.
  http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
  Regards

• While "Invoice Cancelling- Accounting entry not effected in Trial balance"

  Dear All,
  Any one knows this please revert back.this Issue is very urgent (We have to Close the Periods)
  Issue: While "Invoice Cancelling- Accounting entry not effected in Trial balance"
  Invoice which is cancelled and accounting events for Invoice & Cancellation is taken place, but the entry for cancellation is not appearing in the GL Hence the reversal effect of expense is not seen.
  I can able to see the Reversal Entry in Payables > Reports > View Accounting A
  Here > Tools > View Accounting Events > View Journal Entries > Show Addtional Information > Transfer to GL Status is "No" after that i have Run the Transfer Journal Entries to GL even its not appearing in GL and not transfer to GL.
  @Have to Resolve this as soon as possilble, plz any one can lets guide me
  Reagrds,
  senthil

  Plz Update this asap.....