CISCO 2960G Questions
As a novice, I have come upon some questions regarding the 2960G that readily available:
What type of memory is available on the 2960G, 24port?
Besides the configuration file, what other permanent data is stored on the 2960G?
If the power supply fails, what data is retained on the 2960G?
If the power supply fails, are any routing tables or IP addresses retained on the 2960G?
Assuming the 2960G was connected to a sensitive network would there be any sensitive material retained upon loss of power?
Thank you for your patience,
Mike
Hi
Normally this switches will have 32MB of Flash memory and 64MB of DRAM. Below you can see a summary of what is store on each and what happens if the switch is power off.
RAM, also called dynamic RAM (DRAM), has the following characteristics and functions:
Stores routing tables
Holds ARP cache
Holds fast-switching cache
Performs packet buffering (shared RAM)
Maintains packet-hold queues
Provides temporary memory for the configuration file of the switch while is powered on
Loses content when switch is powered down or restarted
NVRAM has the following characteristics and functions:
Provides storage for the startup configuration file
Retains content when switch is powered down or restarted
Flash memory has the following characteristics and functions:
Holds the operating system image (IOS)
Retains content when switch is powered down or restarted
Hope this helps.
Similar Messages
-
We utilize webview us our reporting / workforce tool for our in house call center. But there have been doubts pulling outbound number using webview. I stumble a report in Webview (Agtskg04). It shows External Out Tasks and Internal Out Tasks, still got confused in the definition of these two. Please help me understand on the difference with External Out Tasks and Internal Out Tasks. Most of our agents has more number on Internal Out Tasks, which I think is the outgoing calls to another agent or anthoer department or extension internally. But it's not what is happening they usually calls out to customers and not transferring to another extension.Thanks!
Second inquiry, What report in WebView that account all hours of an agent to calculation for the utilization? Aside from the Note Ready Summary Report, 'coz when I sum up all Not Ready times and Handle Time it does not add up to the total hours that the agent is login thru CTI.
Waiting for you brillian ideas,
ryanS>>Thanks Nathan,
I have follow-up questions, this might some sound simple questions to you but we just don't know these things. We were never trained on Cisco WebView basic concepts and all other technical stuff that an end-user show know about. We were just reading pdf files online, which is very technical ( in terms of terminilogies). I am not a network engineer or a Cisco certified person our team most came from BPO companies and we're hired to do a workforce/reporting tasks in an in-house call center which they utilize Cisco phones and this Cisco WebView. I would really appreciate your time on this Nathan and all other Cisco WebView expert people.
Now, to my follow-up questions. what do you mean by a CallManager cluster?. Let me give a background on our telephony system here. All our departments here in our company uses Cisco phones worlwide. And we have a division that is on a call center set-up. They have two extensions US extensions and local (philippines) extensions. So when at times they need to callback our customers in US, they'll dial 991 then the customer's number. AND sometimes they will call to our local security in the building to ask for something or calling to our facilities. So, I'm guessing that this callmanager cluster are those phones or extension within our company like security personnel, to our finance team, etc. But when they call to our customers in US, which I assume outside our CallManager cluster? Is this gonna fall under Internal Out Tasks? Please have your explaination in a simple way as you can.
Thank you so much for those who are willing to help me understand!
sincerely,
ryan suedo -
I'm planning to use these APs in our rail yard. Basically when a train enters the yard I want it to start talking to these APs and to continually talk to them as they roll through the yard to download data logs. I'd like to get a rough idea of the range of these APs if using directional antennas pointing along the tracks and how close they'll have to be to form a mesh so I can save infrastructure costs from having to run ethernet to the poles or whatever they'll be mounted on.
Any advice or tips would be greatly appreciated.
Thanks
JoeI would highly suggest "against" deploying this as a Mesh solution as Mesh is not suitable for "mobile" deployments (ie. MAPs on your "Trains" parenting with other stationary RAP/MAP when they roll in/through/out your rail yard). If your planning on mounting APs on the trains that are mobilized, I highly suggest you consider a WGB deployment as they can handle the mobility of this situation. Now, these WGBs on the Trains can most certianly connect to your Mesh infrastructure in the train yard, just don't attempt to deploy MAPs on the trains themselves.
Cisco should tell you the same as a "mobile" Mesh solution has caused severe problems for many customers; this is not their intended design.
Sorry, this doesn't touch on your "range" question, but just want to make you aware that this type of "mobile" Mesh deployment will most likely create a nightmare for you. -
Hi all,
I have just purchased the Cisco 2010P-G5 Small business switch.
Questions:
Ø Does this switch support / work with the Cisco call manager and the Cisco Phones
Ø Can you automatically backup the config e.eg daily.
Many ThanksGary,
So you've purchased an SFE or SGE Small Business Switch. To answer your questions in order:
1. The SFE or SGE series is a Small Business Switch supported by the Small Business Support Center (SBSC) not traditional Cisco TAC. Communications Manager on the other hand is a TAC supported product, so as you can see the first issue is with two separate support teams. Also the SFE/SGE switches are not configured or managed with the same tools as traditional Cisco gear and are not IOS or CLI based. The SFE/SGE switches are not designed to fully integrate with Communications Manager; however you could very well likely get it working (they are 802.3af standards based PoE); but the other broader issues identified above should help you understand that's not a best practice.
2. As far as automatically backing up the configuration, there's not a built-in feature to do that if that's what you're asking about. You can run dual images on those switches however.
Hope this helps!
Glenn -
Cisco ACS questions for new deployment
Hi all, I am designing a new Cisco ACS deployment to handle AAA services for all our network devices. I have read the user guides and I understand the different deployment scenario's. However, what i could not find in the user guide, were answers to the questions below...
Number of AAA clients, using command authorisation, that a single ACS server can handle?
Does a Large Add-On license (for more than 500 nodes) need to be purchased for every ACS server, or does one license cover the whole deployment?
How is AAA load-balancing performed? Does each AAA server need to be defined individually on every Network device? Or is there some intelligence build in to the AAA servers so that they can distribute the load themselves? Or can a load balancer be used like you can with Cisco ISE PSN nodes?
Thanks
MarioSupported number of clients depends on License for example
The base license is required for all deployed software instances and for all appliances. The base license enables you to use all ACS functions except license-controlled features, and it enables standard centralized reporting features.
The base license:
Is required for all primary and secondary ACS instances.
Is required for all appliances.
Supports deployments that have a maximum of 500 NADs.
The following are the types of base licenses:
Permanent—Does not have an expiration date. Supports deployments that have a maximum of 500 NADs.
Evaluation—Expires 90 days from the time the license is issued. Supports deployments that have a maximum of 50 NADs. -
I am having an issue on a new ASA. I am able to connect to the customer?s network using the Cisco VPN client, but I am not able to PING or access anything on the customers network. What needs to be done to fix this???
There is a route on the customer?s router pointing back to the firewall for the IP range you get when you VPN in?
Thanks,
ChrisThanks, please rate.
No, it is needed for pix as well. ASA 7.2, the command is "crypto isakmp nat-traversal".
It is necessary if vpn client is connecting behind nat. Allows ipsec to be encapsulated in udp port 4500. The transport tab I mentioned is in the connection entry properties, if you click modify. You will see enable transparent tunneling over udp. -
I need the help from the expert of LMS installation , i need to make sure that services must be as the following
CiscoWorks ANI database engine: Manual
CiscoWorks Daemon Manager: Automatic
CiscoWorks RME NG database engine: Manual
CiscoWorks Tomcat Servlet Engine: Manual
CiscoWorks VisiBroker Smart Agent: Manual
CiscoWorks Web Server: Manual
CWCS Cmf database engine: Manual
CWCS rsh/rcp service: Automatic
CWCS syslog service: Automatic
CWCS tftp service: Automatic
DFM dfmEpm database engine: Manual
DFM dfmFh database engine: Manual
DFM dfmInv database engine: Manual
Other things i will install on cisco server 2008 service pack 2.Hi Islam,
Services STARTUP type is Absolutely correct..
Thanks
Afroz -
JTAPI / Cisco - General Question
Hi - Hoping someone out there might be able to help me. I apologize if this is in the wrong forum.
We have a fully functional Cisco CallManager / IPT system implemented, and I am wondering where to begin looking at the JTAPI - knowing nothing about phone hardware / network technologies, and being an intermediate level Java developer, what interfaces / classes pertain to this implementation? Where (aside from the white papers I am currently reading) can I go for some "new to JTAPI" help?
Thanks in advance, GeoffHi Geoff,
You might have already found out what you are looking for. But still, just for the records, you can find all the information you are looking for, at this link -
http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_programming_reference_guides_list.html
Thanks,
Vasu -
I'm trying to open a port in a Cisco 2801, the port 3001 to give internet access for a cisco switch which IP is 172.16.8.40
thanks in advance
cisco 2801 config
match access-group 110
class-map type inspect match-all vpn-traffic
match access-group 111
policy-map type inspect priv-pub-pmap
class type inspect all-private
inspect
class class-default
drop
policy-map type inspect pub-priv-pmap
class type inspect vpn-traffic
inspect
class class-default
drop
zone security private
zone security public
zone-pair security priv-pub source private destination public
service-policy type inspect priv-pub-pmap
zone-pair security pub-priv source public destination private
service-policy type inspect pub-priv-pmap
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 84600
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
lifetime 84600
crypto isakmp client configuration group BFvpn
key vPnBr1TT@ny9687!
dns 192.168.2.10
pool vpn_ip
acl remotevpn
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set aes-256-sha esp-aes 256 esp-sha-hmac
crypto dynamic-map vpn 65535
set transform-set ESP-3DES-MD5
crypto map vpn client authentication list AAA-VPN
crypto map vpn isakmp authorization list AAA-VPN
crypto map vpn client configuration address respond
crypto map vpn 65535 ipsec-isakmp dynamic vpn
interface FastEthernet0/0
ip address 75.150.67.105 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
zone-member security public
duplex auto
speed auto
crypto map vpn
interface FastEthernet0/1
ip address 172.16.250.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
zone-member security private
speed 100
full-duplex
interface FastEthernet0/3/0
switchport mode trunk
no ip address
interface FastEthernet0/3/1
no ip address
interface FastEthernet0/3/2
no ip address
interface FastEthernet0/3/3
no ip address
interface Vlan1
no ip address
interface Vlan413
ip address 170.163.128.202 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
zone-member security public
router eigrp 1
network 172.16.0.0
ip local policy route-map LocalPBR
ip local pool vpn_ip 172.16.251.10 172.16.251.20
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source static tcp 172.16.8.40 3001 172.16.250.1 3001
ip nat inside source route-map NAT-HFC interface FastEthernet0/0 overload
ip nat inside source route-map NAT-OPT interface Vlan413 overload
ip route 0.0.0.0 0.0.0.0 75.150.67.106 track 3
ip route 0.0.0.0 0.0.0.0 170.163.128.201 5
ip access-list standard remotevpn
permit 172.16.0.0 0.15.255.255
ip sla 1
icmp-echo 75.150.67.106 source-interface FastEthernet0/0
frequency 30
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 170.163.128.201 source-interface Vlan413
frequency 30
ip sla schedule 2 life forever start-time now
access-list 1 permit 170.163.0.0 0.0.255.255
access-list 1 remark for Telnet & SNMP Restrictions
access-list 1 permit 172.16.8.0 0.0.3.255
access-list 7 permit 172.16.8.40
access-list 7 permit 172.16.8.41
access-list 7 permit 172.16.8.42
access-list 7 permit 172.16.8.43
access-list 10 permit 75.150.67.105
access-list 20 permit 170.163.128.202
access-list 102 deny ip any 10.0.0.0 0.255.255.255
access-list 102 deny ip any 172.16.0.0 0.15.255.255
access-list 102 deny ip any 192.168.0.0 0.0.255.255
access-list 102 permit ip 172.16.0.0 0.0.15.255 any
access-list 102 permit ip 172.16.0.0 0.15.255.255 any
access-list 110 permit ip any any
access-list 111 permit ip 172.16.251.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 111 deny ip any any
route-map LocalPBR permit 10
match ip address 10
set ip default next-hop 75.150.67.106
route-map LocalPBR permit 20
match ip address 20
set ip default next-hop 170.163.128.201
route-map NAT-HFC permit 10
match ip address 102
match interface FastEthernet0/0
route-map NAT-OPT permit 10
match ip address 102
match interface Vlan413
snmp-server community chimenet#3000 RO 1
snmp-server enable traps tty
tacacs-server host 170.163.248.63
tacacs-server host 170.163.248.64
tacacs-server directed-request
tacacs-server key 7 06050728414B071C1154405B5C54Hello Jherrera,
Trust you are doing great.
Could you please additionally configure "ip nat outside" under interface Fastethernet 0/1 and "ip nat inside" under interface vlan 413 and interface fa 0/0 and check if the its working.
Regards,
Mohit
**Please rate if you find this post helpfull -
LACP with a Cisco 2960G and an IBM I7 Server
I am attempting to get LACP working with a Cisco 2960 and an IBM I7 server.
The connection seems redundant. I can unplug GI0/8 and traffic still flows and clients are not disconnected from the IBM I7. I can do the same with GI0/9 once GI0/8 is plugged back in.
Two issues.
1. How can I change the LACP timer from slow to fast?
2. Why does my port Gi0/8 show as INDEP in the show lacp detail command?
Port: Gi0/8
Port state = Up Sngl-port-Bndl Mstr Not-in-Bndl
Channel group = 3 Mode = Active Gcchange = -
Port-channel = null GC = - Pseudo port-channel = Po3
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/8 SA indep 32768 0x3 0x3 0x8 0x7D
Age of the port in the current state: 2d:17h:20m:08s
Port: Gi0/9
Port state = Up Mstr Assoc In-Bndl
Channel group = 3 Mode = Active Gcchange = -
Port-channel = Po3 GC = - Pseudo port-channel = Po3
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/9 SA bndl 32768 0x3 0x3 0x9 0x3D
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Gi0/9 SA 0 40f2.e95c.f433 25s 0x0 0x8102 0x1 0x3D
Age of the port in the current state: 2d:17h:27m:44s
Port-channels in the group:
Port-channel: Po3 (Primary Aggregator)
Age of the Port-channel = 365d:21h:06m:46s
Logical slot/port = 2/3 Number of ports = 1
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi0/9 Active 0
Time since last port bundled: 2d:17h:26m:07s Gi0/8
Time since last port Un-bundled: 2d:17h:25m:02s Gi0/8Hi,
With IBMi7 the support for LACP starts to my knowledge since i7.1 TR7. If that is your case will you please post the DSPLIND (with AGGRSCL option) command output.
As for the LACP fast timer setting while it can be configured on various Cisco boxes I am affraid it cannot be done with Cat2960.
Thanks & Regards,
Antonin -
802.1 aaa entries cisco aironet question
Is it possible to have multiple aaa entries for RADIUS servers on a Cisco Aironet?
What im trying to achieve is two SSID's, one on one VLAN and another on another VLAN..
The trouble is that our RADIUS servers are using MSCHAP v2 authentication and they are for two separate servers with different user accounts on two separate VLANs
What I am hoping to do is create two SSID's on seperate VLAN's, with a separate radius entry for both SSIDsyes it is possible. On the ssid manager page you have the option of setting up EAP server and prioritize it according to the SSID.
-
Hello, I'm the new admin for our CUCM ver. 8. Currently, I have a customer with a 7965 phone who would like to have the ringing on his secondary keys turned off. He still wants his primary line to ring just not the other 2. This has to be an easy fix but I just can't find any info on it. Thank you for your help
Hi Christopher,
Go to Device>Phone>Find and find the desired phone. Once you bring it
up click on the actual 2nd and 3rd DN's listed on the top left of the page.
The Ring settings are down towards the bottom of each DN config page;
Change them to either Flash or Disable
Line 2 on Device SEP0022900411F3
Display (Internal Caller ID)
Display text for a line appearance is intended for displaying text such as a name instead of a directory number for internal calls. If you specify a number, the person receiving a call may not see the proper identity of the caller.
ASCII Display (Internal Caller ID)
Line Text Label
ASCII Line Text Label
External Phone Number Mask
Visual Message Waiting Indicator Policy
Use System Policy Light and Prompt Prompt Only Light Only None
Audible Message Waiting Indicator Policy
Off On Default
Ring Setting (Phone Idle)
Use System Default Disable Flash Only Ring Once Ring
Ring Setting (Phone Active)
Use System Default Disable Flash Only Ring Once Ring Beep Only Applies to this line when any line on the phone has a call in progress.
Call Pickup Group Audio Alert Setting(Phone Idle)
Use System Default Disable Ring Once
Call Pickup Group Audio Alert Setting(Phone Active)
Use System Default Disable Beep Only
Recording Option
Call Recording Disabled Automatic Call Recording Enabled Application Invoked Call Recording Enabled
Recording Profile
< None >
Monitoring Calling Search Space
< None > MRC LP 911 CS MRC LP Calgary Local CS MRC LP Complete Access MRC LP Intl and Long Distance CS MRC LP Long Dist CS MRC LP On Campus Multicall Line2 CS Multicall Line3 CS Multicall Line4 CS Robs Hotline Security Hotline Test Css 12 VMRestrictedCSS Westmount LD Westmount Local CSS
Log Missed Calls
Cheers!
Rob
"Clocks go slow in a place of work
Minutes drag and the hours jerk"
-The Clash -
How to setup Cisco IOS with multi public IP's
I'd like to set up a little network environment. We have bought 2 different subnet from our ISP.
The WAN internet connection: xx.yy.81.61/26
WAN gateway: xx.yy.81.1
First subnet : xx.yy.81.80/30 (this has the same first 3 octet as the WAN, probably doesn't count, because it is a different subnet)
Second subnet : zz.uu.156.48/29
As you can see in the first diagram, the xx.yy.81.61/26 is assigned to the CISCO's outside(WAN) interface, the internet connection is alive, all hosts in LAN have internet connection. We want to assign some hosts with public IP address (for webserver sake). I'm not familiar with networking, so please forgive me if I make some silly questions. In brackets, I make the cisco router setup with the "Cisco Configuration Professional 2.8" PC program.
|
| ADSL or Optical cable (fiber link)
|
+-----+
| | modem
| |
+-----+
|
| WAN (xx.yy.81.61/26)
| Gateway(xx.yy.81.1)
|
+----------+
| |
| | CISCO 881 (router/firewall)
| | IOS 15.2(4)M6
| |
+----------+
|
|
-----+------------- our local LAN segment (vlan)
10.10.10.1/24
I want to set up the CISCO:
- The question is, that how can i make my subnets alive? I just want to transmit(NAT) some public IP from subnet to specific HOST computer(or inverse?). I have made the NAT rules (zz.uu.156.50 <- 10.10.10.xxx), but no result, the public IP is unreachable(no ping, no traceroute).
- Do I have to assign a second IP(virtual) address from subnets to the outside interface(WAN). If yes, than how? Or my ISP has to route the subnets to my WAN IP address(xx.yy.81.61) ?
The truth is that the original setup was different, as you can see in the second diagram. In this case the both subnet was alive. Now, I unmounted the ISP owned HP router and I attached the CISCO directly to the modem output(first diagram), because we had some DNS issues and I think it is unnecessary to be 2 router sequentially. Please indicate if i was wrong.
I mention, that by the original setup, I could access the HP router (only the login interface) from internet with the first IP of the subnets (xx.yy.81.81 from the first subnet and zz.uu.156.49 from the second subnet).
|
| ADSL or Optical cable (fiber link)
|
+-----+
| | modem
| |
+-----+
|
|
|
+-------+
| | blackbox, no acces
| | ISP owned HP router
| |
+-------+
|
| WAN (xx.yy.81.82/30) or WAN (zz.uu.156.50/29)
| Gateway(xx.yy.81.81) Gateway(zz.uu.156.49)
|
+----------+
| |
| | CISCO 881 (router/firewall)
| | IOS 15.2(4)M6
| |
+----------+
|
|
-----+------------- our local LAN segment
10.10.10.1/24
Thanks for any answer or suggestion!Hey,
Proxy-ARP should take care of this!
As long as you assign the NAT rules into the IOS Router it should start replying to any ARP request to those IPs on different subnets.
Of course the ISP should forward this ARP requests to you!
So make sure Proxy-ARP is enabled in the WAN interface and you should be good to go (as long as the NAT rules are good).
Regards,
Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://i-networks.us -
Hi All
I am having issue while connect the cisco 2960G and nexus 5000, i have attached the network setup. so kinldy check and update how i can proceed further.
Regards
Sudharsan.R
91+8220088865Hi Sudharsan,
Nice working with you again
So, your issue is that the 2960 switches are seeing the Nexus device as one. What you have to do is to create a port-channel between the 2960 and nexus devices. That should solve your problem. -
Server silently fails on messages with a huge To: header; any ideas?
Our incoming relay (sendmail) occasionally receives messages which were sent to many recipients
(sometimes it's spam, sometimes valid maillists to which our users have subscribed). The messages
in question have a To: header which is typically over 6kb in size and over 80 lines long (and since
several recipients with short names/addresses may be grouped on one line, there's about a hundred
recipients listed).
It fails trying to relay these messages to our backend Sun Messaging Server (6.3-6.0.3 x64), and it
fails silently. I am not definitely sure that this is SMS's flaw and not Sendmails; but perhaps someone
can shed light on the matter? :)
SMS's mail.log_current receives such entries (here xxx.xxx.xxx.100 is the relay, xxx.xxx.xxx.73
is the backend server):
04-Dec-2008 16:54:44.62 tcp_local + O TCP|xxx.xxx.xxx.73|25|xxx.xxx.xxx.100|33728 SMTP
04-Dec-2008 16:59:44.62 tcp_intranet ims-ms VE 0 [email protected] rfc822;[email protected] ouruser@ims-ms-daemon relay.domain.ru ([xxx.xxx.xxx.100]) '' Timeout after 5 minutes trying to read SMTP packet
04-Dec-2008 16:59:44.62 tcp_local + C TCP|xxx.xxx.xxx.73|25|xxx.xxx.xxx.100|33728 SMTP Timeout
after 5 minutes trying to read SMTP packetSendmail logs a broken connection:
Dec 4 17:01:27 relay sendmail[14689]: [ID 801593 mail.crit] mB47gCN4014672: SYSERR(root): timeout writing message to sunmail.domain.ru.: Broken pipe
Dec 4 17:01:27 relay sendmail[14689]: [ID 801593 mail.info] mB47gCN4014672: to=<[email protected]>, delay=00:07:01, xdelay=00:06:58, mailer=esmtp, pri=329059, relay=sunmail.domain.ru. [xxx.xxx.xxx.73], dsn=4.0.0, stat=DeferredSniffing the wire gives strange results: The SMTP dialog part seems okay, the message is submitted
(relayed) only for our local user's address. But the message is not transferred until sendmail dies.
When the sendmail process dies (due to timeout or by a manual kill), about 3 packets appear in the
sniffer's output, starting with the usual "Received: from" lines and other header parts. The last packet
has text from the middle of the To: header, often breaking mid-word. Perhaps it's some buffering error
in either the sending Sendmail or the receiving Sunmail, or some server TCP-networking/sniffer glitch.
If I manually edit the queue file (/var/spool/mqueue/qfmB47gCN4014672 for the sample above) and delete
most of the To: header's lines, the message goes through okay.
This just does not seem logical - the message header text seems to be compliant (that is, each single
line is short, although all sub-lines of To: concatenate to a rather large text; but not that extremely large).
Neither sendmail nor sun mail report any error except networking socket failure.
MTUs are the same on both servers (1500), and any other large message (i.e. with attachments),
relays okay.
Are there any known issues on Sun Messaging Server (or Sendmail for that matter) which look like
this and ring a bell to a casual reader? :) Perhaps Sieve filters, etc.?
Since sendmail does successfully receive this message from the internet, and none of our several
incoming milters break along the way, I don't think it should have a huge problem forwarding it to
another server (I'll try experimenting though). This is why I think it's possible that Sun mail may be
at fault.
# imsimta version
Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pcHello all, thanks for your suggestions.
In short, I debugged with Shane's suggestions. Apparently, tcp_smtp_server didn't get
a byte for 5 minutes so the read() was locked. At least, there's no specific failing routine
in Sunmail, so I'm back to research about Sendmail and networking, buffering and so on.
As I mentioned, when relay's sendmail process is killed, the system spits out about 3
packets of header data to the network...
Details follow...
By "silently failing" i meant that no obvious SMTP error is issued. The connection hangs
until it's aborted and both servers only complain on that - a failed network connection.
The resulting problem is that the sendmail relay marks sunmail as "Deferring connections"
in its hoststatus table, and valid messages are not even attempted for submission. At the
moment we fixed that brutally but effectively - by removing the hoststatus file for our sunmail
via cron every minute.
Concerning Mark's post, these servers are in the same DMZ, on a Cisco 2960G switch
which caused no specific problems. I mentioned MTU's are the same and standard,
because a few weeks back we did have LDAP replication problems due to experiments
with Jumbo frames, but solved them internally (I posted on this in the DSEE forum, also
asking how to compare LDAPs: [http://forums.sun.com/thread.jspa?threadID=5349017]).
We use this tandem of relay-backend servers for half a year now (and before we deployed
Sun Messaging Server, this sendmail relayed mails to our old server for many years).
So far this (large To:) is the only type of messages I see that cause such behavior; for
any other large mails the size does not matter, or at least some rejection explanation
is generated by one of the SMTP engines.
Shane, thanks for your help over and over ;)
I tried enabling the options you mentioned, ran "imsimta cnbuild" and reloaded the services.
Then I fired up the sniffer on the relay server, "tail -f mail.log_current" on the sunmail, and
submitted a "bad message" from the Sendmail queue.
In the sniffer the SMTP dialog went ok until submission of message data, where it hung as
before:
# ngrep "" tcp port 25 and host sunmail
T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
220 sunmail.domain.ru -- Server ESMTP (Sun Java(tm) System Messaging Server 6.
3-6.03 (built Mar 14 2008; 64bit))..
T xxx.xxx.xxx.100:53200 -> xxx.xxx.xxx.73:25 [AP]
EHLO relay.domain.ru..
T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
250-sunmail.domain.ru..250-8BITMIME..250-PIPELINING..250-CHUNKING..250-DSN..25
0-ENHANCEDSTATUSCODES..250-EXPN..250-HELP..250-XADR..250-XSTA..250-XCIR..25
0-XGEN..250-XLOOP 4A70E733A15FFE33EF3564BD522B1348..250-STARTTLS..250-ETRN.
.250-NO-SOLICITING..250 SIZE 20992000..
T xxx.xxx.xxx.100:53200 -> xxx.xxx.xxx.73:25 [AP]
MAIL From:<[email protected]> SIZE=200312..
T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
250 2.5.0 Address and options OK...
T xxx.xxx.xxx.100:53200 -> xxx.xxx.xxx.73:25 [AP]
RCPT To:<[email protected]> NOTIFY=SUCCESS,FAILURE,DELAY..DATA..
T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
250 2.1.5 [email protected] and options OK...
T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
354 Enter mail, end with a single "."...
#In the mail.log_current just one line appeared:
05-Dec-2008 10:51:18.46 tcp_local + O TCP|xxx.xxx.xxx.73|25|xxx.xxx.xxx.100|53200 SMTPSince it also mentions tcp_local channel, I decided to enable slave_debug on that as well.
Rebuilt the configs, and ran msg-stop to see if the processes actually die. When I checked
the "netstat -an | grep -w 25" and "ps -ef" outputs, there was indeed a tcp_smtp_server
process running:
mailsrv 23594 656 0 10:50:08 ? 0:00 /opt/SUNWmsgsr/messaging64/lib/tcp_smtp_serverBoth the sunmail and sendmail relay kept the socket ESTABLISHED. I took a pstack
of the tcp_smtp_server (below) and killed it with SIGSEGV so I have a core dump if
needed. Then I started the services and submitted the message from the queue again.
The SMTP dialog log was actually from tcp_local, and it ended with the lines like these
(note that even in this detailed log it just died with "network read failed" after 5 minutes,
I inserted an empty line to make it more visible):
11:21:18.26: Good address count 1 defer count 0
11:21:18.26: Copy estimate after address addition is 2
11:21:18.26: mmc_rrply: Return detailed status information.
11:21:18.26: mmc_rrply: Returning
11:21:18.26: Sending : "250 2.1.5 [email protected] and options OK."
11:21:18.26: Received : "DATA"
11:21:18.26: mmc_waend(0x00749cc0) called.
11:21:18.26: Copy estimate is 2
11:21:18.26: Queue area size 35152252, temp area size 2785988
11:21:18.26: 8788063 blocks of effective free queue space available; setting disk limit accordingly.
11:21:18.26: 1392994 blocks of free temporary space available; setting disk limit accordingly.
11:21:18.26: Sending : "354 Enter mail, end with a single "."."
11:26:18.27: os_smtp_read: [9] network read failed with error 145
11:26:18.27: Error: Connection timed out
11:26:18.27: Generating V records for all addresses on channel ims-ms .
11:26:18.27: mmc_flatten_address: Flattening address tree into a list.
11:26:18.27: Tree prior to flattening:
11:26:18.27: Level/Node/Left/Right Address
11:26:18.27: 0/0x0072ea30/0x00000000/0x00866050
11:26:18.27: 1/0x00866050/0x00751ef8/0x00751ef8 ouruser@ims-ms-daemon
11:26:18.27: Zero address: 0x00751ef8
11:26:18.27: smtpc_enqueue returning a status of 137 (Timeout)
11:26:18.27: SMTP routine failure from SMTPC_ENQUEUE
11:26:18.27: pmt_close: [9] status 0Apparently, tcp_smtp_server didn't get a byte for 5 minutes so a read() call was locked
and perhaps this is what didn't allow stop-msg to kill this process...
At least, there's no specific failing routine in Sunmail, so I'm back to research about
Sendmail and networking, buffering and so on. As I mentioned, when relay's sendmail
process is killed, the system spits out about 3 packets of header data to the network...
The pstack output for a waiting tcp_smtp_server process follows, for completeness sake:
23594: /opt/SUNWmsgsr/messaging64/lib/tcp_smtp_server
----------------- lwp# 1 / thread# 1 --------------------
fffffd7ffd830007 lwp_park (0, 0, 0)
fffffd7ffd829c14 cond_wait_queue () + 44
fffffd7ffd82a1a9 _cond_wait () + 59
fffffd7ffd82a1d6 cond_wait () + 26
fffffd7ffd82a219 pthread_cond_wait () + 9
fffffd7ffededf3e dispatcher_initialize () + 66e
0000000000404078 main () + 768
00000000004036fc ???????? ()
----------------- lwp# 2 / thread# 2 --------------------
fffffd7ffd830007 lwp_park (0, fffffd7ffc5fdda0, 0)
fffffd7ffd829c14 cond_wait_queue () + 44
fffffd7ffd82a012 cond_wait_common () + 1c2
fffffd7ffd82a286 _cond_timedwait () + 56
fffffd7ffd82a310 cond_timedwait () + 30
fffffd7ffd82a359 pthread_cond_timedwait () + 9
fffffd7ffd520ff4 PR_WaitCondVar () + 264
fffffd7ffd529854 PR_Sleep () + 74
fffffd7ffd62d5d8 LockPoller () + 88
fffffd7ffd5289e7 _pt_root () + f7
fffffd7ffd82fd5b _thr_setup () + 5b
fffffd7ffd82ff90 _lwp_start ()
----------------- lwp# 3 / thread# 3 --------------------
fffffd7ffd830007 lwp_park (0, fffffd7ffc3fdda0, 0)
fffffd7ffd829c14 cond_wait_queue () + 44
fffffd7ffd82a012 cond_wait_common () + 1c2
fffffd7ffd82a286 _cond_timedwait () + 56
fffffd7ffd82a310 cond_timedwait () + 30
fffffd7ffd82a359 pthread_cond_timedwait () + 9
fffffd7ffd520ff4 PR_WaitCondVar () + 264
fffffd7ffd529854 PR_Sleep () + 74
fffffd7ffd62d5d8 LockPoller () + 88
fffffd7ffd5289e7 _pt_root () + f7
fffffd7ffd82fd5b _thr_setup () + 5b
fffffd7ffd82ff90 _lwp_start ()
----------------- lwp# 4 / thread# 4 --------------------
fffffd7ffd830007 lwp_park (0, 0, 0)
fffffd7ffd829c14 cond_wait_queue () + 44
fffffd7ffd82a1a9 _cond_wait () + 59
fffffd7ffd82a1d6 cond_wait () + 26
fffffd7ffd82a219 pthread_cond_wait () + 9
fffffd7ffedf5fe8 pmt_refresh_stats () + d8
fffffd7ffd82fd5b _thr_setup () + 5b
fffffd7ffd82ff90 _lwp_start ()
----------------- lwp# 5 / thread# 5 --------------------
fffffd7ffedecf10 dispatcher_read(), exit value = 0x0000000000000000
** zombie (exited, not detached, not yet joined) **
----------------- lwp# 6 / thread# 6 --------------------
fffffd7ffd830007 lwp_park (0, fffffd7ffc1fded0, 0)
fffffd7ffd829c14 cond_wait_queue () + 44
fffffd7ffd82a012 cond_wait_common () + 1c2
fffffd7ffd82a286 _cond_timedwait () + 56
fffffd7ffd82a310 cond_timedwait () + 30
fffffd7ffd82a359 pthread_cond_timedwait () + 9
fffffd7ffeded829 dispatcher_housekeeping () + 1e9
fffffd7ffd82fd5b _thr_setup () + 5b
fffffd7ffd82ff90 _lwp_start ()
----------------- lwp# 14 / thread# 14 --------------------
fffffd7ffd83319a lwp_wait (d, fffffd7ffbdfdf24)
fffffd7ffd82c9de _thrp_join () + 3e
fffffd7ffd82cbbc pthread_join () + 1c
fffffd7ffedece66 dispatcher_joiner () + 36
fffffd7ffd82fd5b _thr_setup () + 5b
fffffd7ffd82ff90 _lwp_start ()
----------------- lwp# 13 / thread# 13 --------------------
fffffd7ffd832caa pollsys (fffffd7ffc1b9860, 1, fffffd7ffc1b97a0, 0)
fffffd7ffd7d9dc2 poll () + 52
fffffd7ffee6d7e8 pmt_recvfrom () + 868
0000000000405a3f os_smtp_read () + 1ff
0000000000404e3d smtp_get () + 9d
fffffd7ffec0fda7 big_smtp_read () + 797
fffffd7ffec36798 data () + a28
fffffd7ffec460ad smtpc_enqueue () + f9d
0000000000405343 tcp_smtp_slave () + 223
00000000004038a4 tcp_smtp_slave_pre () + 54
fffffd7ffedeccbc dispatcher_newtcp () + 46c
fffffd7ffd82fd5b _thr_setup () + 5b
fffffd7ffd82ff90 _lwp_start ()
Maybe you are looking for
-
Repeater to Boost 3G Signal?
Anybody tried one of these Cell Phone Signal Boosters/Repeaters in your house? http://www.amazon.com/Wireless-Extenders-Phone-Signal-Booster/dp/B000E14G7S/ref= pdbbs_sr2?ie=UTF8&s=electronics&qid=1219788955&sr=8-2 not sure which freq. the 3G is on? Y
-
Cannot insert object excel 2013 on Windows7
Hi I'm suddenly unable to use Active-X Controls on Excel. I guess this is due to an update because a friend of mine experienced the same problem on office 2007 last week. He deleted the update because he could find the relevant KB-Number on the inter
-
I'm hoping someone can help me. I have a report that keeps track of outages based on application. I now need to break down that report and display the percentage of availability for each application by month. If no outage occured on certain days of t
-
I haven't noticed anything wrong with the phone, I just want to know what happened and if I should do something about this.
-
Can you still buy the early 2008 MacBook models at the Apple STore
was just wondering if they were still available?