CISCO 2960G Questions

Similar Messages

• Cisco WebView Questions

  We utilize webview us our reporting / workforce tool for our in house call center. But there have been doubts pulling outbound number using webview. I stumble a report in Webview (Agtskg04). It shows External Out Tasks and Internal Out Tasks, still got confused in the definition of these two. Please help me understand on the difference with External Out Tasks and Internal Out Tasks. Most of our agents has more number on Internal Out Tasks, which I think is the outgoing calls to another agent or anthoer department or extension internally. But it's not what is happening they usually calls out to customers and not transferring to another extension.Thanks!
  Second inquiry, What report in WebView that account all hours of an agent to calculation for the utilization? Aside from the Note Ready Summary Report, 'coz when I sum up all Not Ready times and Handle Time it does not add up to the total hours that the agent is login thru CTI.
  Waiting for you brillian ideas,
  ryanS>>

  Thanks Nathan,
       I have follow-up questions, this might some sound simple questions to you but we just don't know these things. We were never trained on Cisco WebView basic concepts and all other technical stuff that an end-user show know about. We were just reading pdf files online, which is very technical ( in terms of terminilogies). I am not a network engineer or a Cisco certified person our team most came from BPO companies and we're hired to do a workforce/reporting tasks in an in-house call center which they utilize Cisco phones and this Cisco WebView. I would really appreciate your time on this Nathan and all other Cisco WebView expert people.
       Now, to my follow-up questions. what do you mean by a CallManager cluster?. Let me give a background on our telephony system here. All our departments here in our company uses Cisco phones worlwide. And we have a division that is on a call center set-up. They have two extensions US extensions and local (philippines) extensions. So when at times they need to callback our customers in US, they'll dial 991 then the customer's number. AND sometimes they will call to our local security in the building to ask for something or calling to our facilities. So, I'm guessing that this callmanager cluster are those phones or extension within our company like security personnel, to our finance team, etc. But when they call to our customers in US, which I assume outside our CallManager cluster? Is this gonna fall under Internal Out Tasks? Please have your explaination in a simple way as you can.
  Thank you so much for those who are willing to help me understand!
  sincerely,
  ryan suedo

• Cisco AP1550 Questions

  I'm planning to use these APs in our rail yard.  Basically when a train enters the yard I want it to start talking to these APs and to continually talk to them as they roll through the yard to download data logs.  I'd like to get a rough idea of the range of these APs if using directional antennas pointing along the tracks and how close they'll have to be to form a mesh so I can save infrastructure costs from having to run ethernet to the poles or whatever they'll be mounted on. 
  Any advice or tips would be greatly appreciated.
  Thanks
  Joe

  I would highly suggest "against" deploying this as a Mesh solution as Mesh is not suitable for "mobile" deployments (ie. MAPs on your "Trains" parenting with other stationary RAP/MAP when they roll in/through/out your rail yard).  If your planning on mounting APs on the trains that are mobilized, I highly suggest you consider a WGB deployment as they can handle the mobility of this situation.  Now, these WGBs on the Trains can most certianly connect to your Mesh infrastructure in the train yard, just don't attempt to deploy MAPs on the trains themselves.
  Cisco should tell you the same as a "mobile" Mesh solution has caused severe problems for many customers; this is not their intended design.
  Sorry, this doesn't touch on your "range" question, but just want to make you aware that this type of "mobile" Mesh deployment will most likely create a nightmare for you.

• Cisco 2010P Questions

  Hi all,
  I have just purchased the Cisco 2010P-G5 Small business switch.
  Questions:
  Ø  Does this switch support / work with the Cisco call manager and the Cisco Phones
  Ø  Can you automatically backup the config e.eg daily.
  Many Thanks

  Gary,
       So you've purchased an SFE or SGE Small Business Switch.  To answer your questions in order:
  1.  The SFE or SGE series is a Small Business Switch supported by the Small Business Support Center (SBSC) not traditional Cisco TAC.  Communications Manager on the other hand is a TAC supported product, so as you can see the first issue is with two separate support teams.  Also the SFE/SGE switches are not configured or managed with the same tools as traditional Cisco gear and are not IOS or CLI based.  The SFE/SGE switches are not designed to fully integrate with Communications Manager; however you could very well likely get it working (they are 802.3af standards based PoE); but the other broader issues identified above should help you understand that's not a best practice.
  2.  As far as automatically backing up the configuration, there's not a built-in feature to do that if that's what you're asking about.  You can run dual images on those switches however.
  Hope this helps!
  Glenn

• Cisco ACS questions for new deployment

  Hi all, I am designing a new Cisco ACS deployment to handle AAA services for all our network devices. I have read the user guides and I understand the different deployment scenario's. However, what i could not find in the user guide, were answers to the questions below...
  Number of AAA clients, using command authorisation, that a single ACS server can handle?
  Does a Large Add-On license (for more than 500 nodes) need to be purchased for every ACS server, or does one license cover the whole deployment?
  How is AAA load-balancing performed? Does each AAA server need to be defined individually on every Network device? Or is there some intelligence build in to the AAA servers so that they can distribute the load themselves? Or can a load balancer be used like you can with Cisco ISE PSN nodes?
  Thanks
  Mario

  Supported number of clients depends on License for example
  The base license is required for all deployed software instances and for all appliances. The base license enables you to use all ACS functions except license-controlled features, and it enables standard centralized reporting features.
  The base license:
  Is required for all primary and secondary ACS instances.
  Is required for all appliances.
  Supports deployments that have a maximum of 500 NADs.
  The following are the types of base licenses:
  Permanent—Does not have an expiration date. Supports deployments that have a maximum of 500 NADs.
  Evaluation—Expires 90 days from the time the license is issued. Supports deployments that have a maximum of 50 NADs.

• ASA and Cisco VPN question

  I am having an issue on a new ASA. I am able to connect to the customer?s network using the Cisco VPN client, but I am not able to PING or access anything on the customers network. What needs to be done to fix this???
  There is a route on the customer?s router pointing back to the firewall for the IP range you get when you VPN in?
  Thanks,
  Chris

  Thanks, please rate.
  No, it is needed for pix as well. ASA 7.2, the command is "crypto isakmp nat-traversal".
  It is necessary if vpn client is connecting behind nat. Allows ipsec to be encapsulated in udp port 4500. The transport tab I mentioned is in the connection entry properties, if you click modify. You will see enable transparent tunneling over udp.

• Cisco LMS questions

    I need the help from the expert of LMS installation , i need to make sure that services must be as the following
  CiscoWorks ANI database engine: Manual
  CiscoWorks Daemon Manager: Automatic
  CiscoWorks RME NG database engine: Manual
  CiscoWorks Tomcat Servlet Engine: Manual
  CiscoWorks VisiBroker Smart Agent: Manual
  CiscoWorks Web Server: Manual
  CWCS Cmf database engine: Manual
  CWCS rsh/rcp service: Automatic
  CWCS syslog service: Automatic
  CWCS tftp service: Automatic
  DFM dfmEpm database engine: Manual
  DFM dfmFh database engine: Manual
  DFM dfmInv database engine: Manual
  Other things i will install on cisco server 2008 service pack 2.

  Hi Islam,
  Services STARTUP type is Absolutely correct..
  Thanks
  Afroz

• JTAPI / Cisco - General Question

  Hi - Hoping someone out there might be able to help me. I apologize if this is in the wrong forum.
  We have a fully functional Cisco CallManager / IPT system implemented, and I am wondering where to begin looking at the JTAPI - knowing nothing about phone hardware / network technologies, and being an intermediate level Java developer, what interfaces / classes pertain to this implementation? Where (aside from the white papers I am currently reading) can I go for some "new to JTAPI" help?
  Thanks in advance, Geoff

  Hi Geoff,
  You might have already found out what you are looking for. But still, just for the records, you can find all the information you are looking for, at this link -
  http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_programming_reference_guides_list.html
  Thanks,
  Vasu

• Cisco 2801 Question

  I'm trying to open a port in a Cisco 2801, the port 3001 to give internet access for a cisco switch which IP is 172.16.8.40
  thanks in advance
  cisco 2801 config
  match access-group 110
  class-map type inspect match-all vpn-traffic
   match access-group 111
  policy-map type inspect priv-pub-pmap
   class type inspect all-private
    inspect
   class class-default
    drop
  policy-map type inspect pub-priv-pmap
   class type inspect vpn-traffic
    inspect
   class class-default
    drop
  zone security private
  zone security public
  zone-pair security priv-pub source private destination public
   service-policy type inspect priv-pub-pmap
  zone-pair security pub-priv source public destination private
   service-policy type inspect pub-priv-pmap
  crypto isakmp policy 1
   encr aes 256
   authentication pre-share
   group 2
   lifetime 84600
  crypto isakmp policy 5
   encr 3des
   hash md5
   authentication pre-share
   group 2
   lifetime 84600
  crypto isakmp client configuration group BFvpn
   key vPnBr1TT@ny9687!
   dns 192.168.2.10
   pool vpn_ip
   acl remotevpn
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set aes-256-sha esp-aes 256 esp-sha-hmac
  crypto dynamic-map vpn 65535
   set transform-set ESP-3DES-MD5
  crypto map vpn client authentication list AAA-VPN
  crypto map vpn isakmp authorization list AAA-VPN
  crypto map vpn client configuration address respond
  crypto map vpn 65535 ipsec-isakmp dynamic vpn
  interface FastEthernet0/0
   ip address 75.150.67.105 255.255.255.252
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly in
   zone-member security public
   duplex auto
   speed auto
   crypto map vpn
  interface FastEthernet0/1
   ip address 172.16.250.1 255.255.255.252
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly in
   zone-member security private
   speed 100
   full-duplex
  interface FastEthernet0/3/0
   switchport mode trunk
   no ip address
  interface FastEthernet0/3/1
   no ip address
  interface FastEthernet0/3/2
   no ip address
  interface FastEthernet0/3/3
   no ip address
  interface Vlan1
   no ip address
  interface Vlan413
   ip address 170.163.128.202 255.255.255.252
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly in
   zone-member security public
  router eigrp 1
   network 172.16.0.0
  ip local policy route-map LocalPBR
  ip local pool vpn_ip 172.16.251.10 172.16.251.20
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source static tcp 172.16.8.40 3001 172.16.250.1 3001
  ip nat inside source route-map NAT-HFC interface FastEthernet0/0 overload
  ip nat inside source route-map NAT-OPT interface Vlan413 overload
  ip route 0.0.0.0 0.0.0.0 75.150.67.106 track 3
  ip route 0.0.0.0 0.0.0.0 170.163.128.201 5
  ip access-list standard remotevpn
   permit 172.16.0.0 0.15.255.255
  ip sla 1
   icmp-echo 75.150.67.106 source-interface FastEthernet0/0
   frequency 30
  ip sla schedule 1 life forever start-time now
  ip sla 2
   icmp-echo 170.163.128.201 source-interface Vlan413
   frequency 30
  ip sla schedule 2 life forever start-time now
  access-list 1 permit 170.163.0.0 0.0.255.255
  access-list 1 remark for Telnet & SNMP Restrictions
  access-list 1 permit 172.16.8.0 0.0.3.255
  access-list 7 permit 172.16.8.40
  access-list 7 permit 172.16.8.41
  access-list 7 permit 172.16.8.42
  access-list 7 permit 172.16.8.43
  access-list 10 permit 75.150.67.105
  access-list 20 permit 170.163.128.202
  access-list 102 deny   ip any 10.0.0.0 0.255.255.255
  access-list 102 deny   ip any 172.16.0.0 0.15.255.255
  access-list 102 deny   ip any 192.168.0.0 0.0.255.255
  access-list 102 permit ip 172.16.0.0 0.0.15.255 any
  access-list 102 permit ip 172.16.0.0 0.15.255.255 any
  access-list 110 permit ip any any
  access-list 111 permit ip 172.16.251.0 0.0.0.255 172.16.0.0 0.15.255.255
  access-list 111 deny   ip any any
  route-map LocalPBR permit 10
   match ip address 10
   set ip default next-hop 75.150.67.106
  route-map LocalPBR permit 20
   match ip address 20
   set ip default next-hop 170.163.128.201
  route-map NAT-HFC permit 10
   match ip address 102
   match interface FastEthernet0/0
  route-map NAT-OPT permit 10
   match ip address 102
   match interface Vlan413
  snmp-server community chimenet#3000 RO 1
  snmp-server enable traps tty
  tacacs-server host 170.163.248.63
  tacacs-server host 170.163.248.64
  tacacs-server directed-request
  tacacs-server key 7 06050728414B071C1154405B5C54

  Hello Jherrera,
  Trust you are doing great.
  Could you please additionally configure "ip nat outside" under interface Fastethernet 0/1 and "ip nat inside" under interface vlan 413 and interface fa 0/0 and check if the its working.
  Regards,
  Mohit 
  **Please rate if you find this post helpfull

• LACP with a Cisco 2960G and an IBM I7 Server

  I am attempting to get LACP working with a Cisco 2960 and an IBM I7 server.
  The connection seems redundant.  I can unplug GI0/8 and traffic still flows and clients are not disconnected from the IBM I7.  I can do the same with GI0/9 once GI0/8 is plugged back in.
  Two issues.
  1.  How can I change the LACP timer from slow to fast?
  2.  Why does my port Gi0/8 show as INDEP in the show lacp detail command?
  Port: Gi0/8
  Port state    = Up Sngl-port-Bndl Mstr Not-in-Bndl
  Channel group = 3           Mode = Active          Gcchange = -
  Port-channel  = null        GC   =   -             Pseudo port-channel = Po3
  Port index    = 0           Load = 0x00            Protocol =   LACP
  Flags:  S - Device is sending Slow LACPDUs   F - Device is sending fast LACPDUs.
          A - Device is in active mode.        P - Device is in passive mode.
  Local information:
                              LACP port     Admin     Oper    Port        Port
  Port      Flags   State     Priority      Key       Key     Number      State
  Gi0/8     SA      indep     32768         0x3       0x3     0x8         0x7D
  Age of the port in the current state: 2d:17h:20m:08s
  Port: Gi0/9
  Port state    = Up Mstr Assoc In-Bndl
  Channel group = 3           Mode = Active          Gcchange = -
  Port-channel  = Po3         GC   =   -             Pseudo port-channel = Po3
  Port index    = 0           Load = 0x00            Protocol =   LACP
  Flags:  S - Device is sending Slow LACPDUs   F - Device is sending fast LACPDUs.
          A - Device is in active mode.        P - Device is in passive mode.
  Local information:
                              LACP port     Admin     Oper    Port        Port
  Port      Flags   State     Priority      Key       Key     Number      State
  Gi0/9     SA      bndl      32768         0x3       0x3     0x9         0x3D
  Partner's information:
                    LACP port                        Admin  Oper   Port    Port
  Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
  Gi0/9     SA      0         40f2.e95c.f433  25s    0x0    0x8102 0x1     0x3D
  Age of the port in the current state: 2d:17h:27m:44s
                  Port-channels in the group:
  Port-channel: Po3    (Primary Aggregator)
  Age of the Port-channel   = 365d:21h:06m:46s
  Logical slot/port   = 2/3          Number of ports = 1
  HotStandBy port = null
  Port state          = Port-channel Ag-Inuse
  Protocol            =   LACP
  Port security       = Disabled
  Ports in the Port-channel:
  Index   Load   Port     EC state        No of bits
  ------+------+------+------------------+-----------
    0     00     Gi0/9    Active             0
  Time since last port bundled:    2d:17h:26m:07s    Gi0/8
  Time since last port Un-bundled: 2d:17h:25m:02s    Gi0/8

  Hi,
  With IBMi7 the support for LACP starts to my knowledge since i7.1 TR7. If that is your case will you please post the DSPLIND (with AGGRSCL option) command output.
  As for the LACP fast timer setting while it can be configured on various Cisco boxes I am affraid it cannot be done with Cat2960.
  Thanks & Regards,
  Antonin

• 802.1 aaa entries cisco aironet question

  Is it possible to have multiple aaa entries for RADIUS servers on a Cisco Aironet?
  What im trying to achieve is two SSID's, one on one VLAN and another on another VLAN..
  The trouble is that our RADIUS servers are using MSCHAP v2 authentication and they are for two separate servers with different user accounts on two separate VLANs
  What I am hoping to do is create two SSID's on seperate VLAN's, with a separate radius entry for both SSIDs

  yes it is possible. On the ssid manager page you have the option of setting up EAP server and prioritize it according to the SSID.

• Cisco 7965 question

  Hello, I'm the new admin for our CUCM ver. 8. Currently, I have a customer with a 7965 phone who would like to have the ringing on his secondary keys turned off. He still wants his primary line to ring just not the other 2. This has to be an easy fix but I just can't find any info on it. Thank you for  your help

  Hi Christopher,
  Go to Device>Phone>Find and find the desired phone. Once you bring it
  up click on the actual 2nd and 3rd DN's listed on the top left of the page.
  The Ring settings are down towards the bottom of each DN config page;
  Change them to either Flash or Disable
  Line 2 on Device SEP0022900411F3
  Display (Internal Caller ID)
  Display text for a line appearance is  intended for displaying text such as a name instead of a directory number for  internal calls. If you specify a number, the person receiving a call may not see  the proper identity of the caller.
  ASCII Display (Internal Caller ID)
  Line Text Label
  ASCII Line Text Label
  External Phone Number Mask
  Visual Message Waiting Indicator Policy
  Use System Policy Light and Prompt Prompt Only Light Only None
  Audible Message Waiting Indicator  Policy
  Off On Default
  Ring Setting (Phone Idle)
  Use System Default Disable Flash Only Ring Once Ring
  Ring Setting (Phone  Active)
  Use System  Default Disable Flash  Only Ring Once Ring Beep Only Applies to this line when any line  on the phone has a call in progress.
  Call Pickup Group Audio Alert  Setting(Phone Idle)
  Use System  Default Disable Ring  Once
  Call Pickup Group Audio Alert  Setting(Phone Active)
  Use System  Default Disable Beep  Only
  Recording Option
  Call Recording Disabled Automatic Call Recording Enabled Application Invoked Call Recording Enabled
  Recording Profile
  < None  >
  Monitoring Calling Search  Space
  < None  > MRC LP 911  CS MRC LP Calgary  Local CS MRC LP  Complete Access MRC  LP Intl and Long Distance CS MRC LP Long Dist CS MRC LP On Campus Multicall Line2 CS Multicall Line3 CS Multicall Line4 CS Robs Hotline Security Hotline Test Css 12 VMRestrictedCSS Westmount LD Westmount Local  CSS
  Log Missed  Calls
  Cheers!
  Rob
  "Clocks go slow in a place of work
  Minutes drag and the hours jerk" 
  -The Clash

• How to setup Cisco IOS with multi public IP's

  I'd like to set up a little network environment. We have bought 2 different subnet from our ISP. 
  The WAN internet connection: xx.yy.81.61/26
  WAN gateway: xx.yy.81.1
  First subnet : xx.yy.81.80/30    (this has the same first 3 octet as the WAN, probably doesn't count, because it is a different subnet)
  Second subnet : zz.uu.156.48/29
  As you can see in the first diagram, the xx.yy.81.61/26 is assigned to the CISCO's outside(WAN) interface, the internet connection is alive, all hosts in LAN have internet connection. We want to assign some hosts with public IP address (for webserver sake). I'm not familiar with networking, so please forgive me if I make some silly questions. In brackets, I make the cisco router setup with the "Cisco Configuration Professional 2.8" PC program.
               |     
               |     ADSL or Optical cable (fiber link)
               |
          +-----+
          |        |   modem
          |        |
          +-----+
               |
               |        WAN (xx.yy.81.61/26)
               |     Gateway(xx.yy.81.1)
               |
        +----------+
        |              |
        |              |    CISCO 881 (router/firewall)
        |              |    IOS 15.2(4)M6
        |              |
        +----------+
               |
               |
         -----+-------------   our local LAN segment (vlan)
          10.10.10.1/24
  I want to set up the CISCO:
  - The question is, that how can i make my subnets alive? I just want to transmit(NAT) some public IP from subnet to specific HOST computer(or inverse?). I have made the NAT rules (zz.uu.156.50 <- 10.10.10.xxx), but no result, the public IP is unreachable(no ping, no traceroute). 
  - Do I have to assign a second IP(virtual) address from subnets to the outside interface(WAN). If yes, than how? Or my ISP has to route the subnets to my WAN IP address(xx.yy.81.61) ?
  The truth is that the original setup was different, as you can see in the second diagram. In this case the both subnet was alive. Now, I unmounted the ISP owned HP router and I attached the CISCO directly to the modem output(first diagram), because we had some DNS issues and I think it is unnecessary to be 2 router sequentially. Please indicate if i was wrong. 
  I mention, that by the original setup, I could access the HP router (only the login interface) from internet with the first IP of the subnets (xx.yy.81.81 from the first subnet and  zz.uu.156.49 from the second subnet).
               |     
               |     ADSL or Optical cable (fiber link)
               |
          +-----+
          |        |   modem
          |        |
          +-----+
               |
               |
               |
         +-------+
         |          |    blackbox, no acces
         |          |    ISP owned HP router
         |          |
         +-------+
               |
               |        WAN (xx.yy.81.82/30)    or      WAN (zz.uu.156.50/29)
               |     Gateway(xx.yy.81.81)            Gateway(zz.uu.156.49) 
               |
        +----------+
        |              |
        |              |    CISCO 881 (router/firewall)
        |              |    IOS 15.2(4)M6
        |              |
        +----------+
                |
                |
          -----+-------------   our local LAN segment
            10.10.10.1/24
  Thanks for any answer or suggestion! 

  Hey,
  Proxy-ARP should take care of this!
  As long as you assign the NAT rules into the IOS Router it should start replying to any ARP request to those IPs on different subnets.
  Of course the ISP should forward this ARP requests to you!
  So make sure Proxy-ARP is enabled in the WAN interface and you should be good to go (as long as the NAT rules are good).
  Regards,
  Julio Carvajal
  Senior Network Security and Core Specialist
  CCIE #42930, 2-CCNP, JNCIS-SEC
  For inmediate assistance hire us at http://i-networks.us

• Nexus and 2960g connect issue

  Hi All
  I am having issue while connect the cisco 2960G and nexus 5000, i have attached the network setup. so kinldy check and update how i can proceed further.
  Regards
  Sudharsan.R
  91+8220088865

  Hi Sudharsan,
  Nice working with you again
  So, your issue is that the 2960 switches are seeing the Nexus device as one. What you have to do is to create a port-channel between the 2960 and nexus devices. That should solve your problem.

• Server silently fails on messages with a huge To: header; any ideas?

  Our incoming relay (sendmail) occasionally receives messages which were sent to many recipients
  (sometimes it's spam, sometimes valid maillists to which our users have subscribed). The messages
  in question have a To: header which is typically over 6kb in size and over 80 lines long (and since
  several recipients with short names/addresses may be grouped on one line, there's about a hundred
  recipients listed).
  It fails trying to relay these messages to our backend Sun Messaging Server (6.3-6.0.3 x64), and it
  fails silently. I am not definitely sure that this is SMS's flaw and not Sendmails; but perhaps someone
  can shed light on the matter? :)
  SMS's mail.log_current receives such entries (here xxx.xxx.xxx.100 is the relay, xxx.xxx.xxx.73
  is the backend server):
  04-Dec-2008 16:54:44.62 tcp_local    +            O TCP|xxx.xxx.xxx.73|25|xxx.xxx.xxx.100|33728 SMTP
  04-Dec-2008 16:59:44.62 tcp_intranet ims-ms       VE 0 [email protected] rfc822;[email protected] ouruser@ims-ms-daemon relay.domain.ru ([xxx.xxx.xxx.100]) '' Timeout after 5 minutes trying to read SMTP packet
  04-Dec-2008 16:59:44.62 tcp_local    +            C TCP|xxx.xxx.xxx.73|25|xxx.xxx.xxx.100|33728 SMTP Timeout
  after 5 minutes trying to read SMTP packetSendmail logs a broken connection:
  Dec  4 17:01:27 relay sendmail[14689]: [ID 801593 mail.crit] mB47gCN4014672: SYSERR(root): timeout writing message to sunmail.domain.ru.: Broken pipe
  Dec  4 17:01:27 relay sendmail[14689]: [ID 801593 mail.info] mB47gCN4014672: to=<[email protected]>, delay=00:07:01, xdelay=00:06:58, mailer=esmtp, pri=329059, relay=sunmail.domain.ru. [xxx.xxx.xxx.73], dsn=4.0.0, stat=DeferredSniffing the wire gives strange results: The SMTP dialog part seems okay, the message is submitted
  (relayed) only for our local user's address. But the message is not transferred until sendmail dies.
  When the sendmail process dies (due to timeout or by a manual kill), about 3 packets appear in the
  sniffer's output, starting with the usual "Received: from" lines and other header parts. The last packet
  has text from the middle of the To: header, often breaking mid-word. Perhaps it's some buffering error
  in either the sending Sendmail or the receiving Sunmail, or some server TCP-networking/sniffer glitch.
  If I manually edit the queue file (/var/spool/mqueue/qfmB47gCN4014672 for the sample above) and delete
  most of the To: header's lines, the message goes through okay.
  This just does not seem logical - the message header text seems to be compliant (that is, each single
  line is short, although all sub-lines of To: concatenate to a rather large text; but not that extremely large).
  Neither sendmail nor sun mail report any error except networking socket failure.
  MTUs are the same on both servers (1500), and any other large message (i.e. with attachments),
  relays okay.
  Are there any known issues on Sun Messaging Server (or Sendmail for that matter) which look like
  this and ring a bell to a casual reader? :) Perhaps Sieve filters, etc.?
  Since sendmail does successfully receive this message from the internet, and none of our several
  incoming milters break along the way, I don't think it should have a huge problem forwarding it to
  another server (I'll try experimenting though). This is why I think it's possible that Sun mail may be
  at fault.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc

  Hello all, thanks for your suggestions.
  In short, I debugged with Shane's suggestions. Apparently, tcp_smtp_server didn't get
  a byte for 5 minutes so the read() was locked. At least, there's no specific failing routine
  in Sunmail, so I'm back to research about Sendmail and networking, buffering and so on.
  As I mentioned, when relay's sendmail process is killed, the system spits out about 3
  packets of header data to the network...
  Details follow...
  By "silently failing" i meant that no obvious SMTP error is issued. The connection hangs
  until it's aborted and both servers only complain on that - a failed network connection.
  The resulting problem is that the sendmail relay marks sunmail as "Deferring connections"
  in its hoststatus table, and valid messages are not even attempted for submission. At the
  moment we fixed that brutally but effectively - by removing the hoststatus file for our sunmail
  via cron every minute.
  Concerning Mark's post, these servers are in the same DMZ, on a Cisco 2960G switch
  which caused no specific problems. I mentioned MTU's are the same and standard,
  because a few weeks back we did have LDAP replication problems due to experiments
  with Jumbo frames, but solved them internally (I posted on this in the DSEE forum, also
  asking how to compare LDAPs: [http://forums.sun.com/thread.jspa?threadID=5349017]).
  We use this tandem of relay-backend servers for half a year now (and before we deployed
  Sun Messaging Server, this sendmail relayed mails to our old server for many years).
  So far this (large To:) is the only type of messages I see that cause such behavior; for
  any other large mails the size does not matter, or at least some rejection explanation
  is generated by one of the SMTP engines.
  Shane, thanks for your help over and over ;)
  I tried enabling the options you mentioned, ran "imsimta cnbuild" and reloaded the services.
  Then I fired up the sniffer on the relay server, "tail -f mail.log_current" on the sunmail, and
  submitted a "bad message" from the Sendmail queue.
  In the sniffer the SMTP dialog went ok until submission of message data, where it hung as
  before:
  # ngrep "" tcp port  25 and host sunmail
  T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
    220 sunmail.domain.ru -- Server ESMTP (Sun Java(tm) System Messaging Server 6.
    3-6.03 (built Mar 14 2008; 64bit))..                                      
  T xxx.xxx.xxx.100:53200 -> xxx.xxx.xxx.73:25 [AP]
    EHLO relay.domain.ru..                                                         
  T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
    250-sunmail.domain.ru..250-8BITMIME..250-PIPELINING..250-CHUNKING..250-DSN..25
    0-ENHANCEDSTATUSCODES..250-EXPN..250-HELP..250-XADR..250-XSTA..250-XCIR..25
    0-XGEN..250-XLOOP 4A70E733A15FFE33EF3564BD522B1348..250-STARTTLS..250-ETRN.
    .250-NO-SOLICITING..250 SIZE 20992000..                                   
  T xxx.xxx.xxx.100:53200 -> xxx.xxx.xxx.73:25 [AP]
    MAIL From:<[email protected]> SIZE=200312..                                    
  T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
    250 2.5.0 Address and options OK...                                       
  T xxx.xxx.xxx.100:53200 -> xxx.xxx.xxx.73:25 [AP]
    RCPT To:<[email protected]> NOTIFY=SUCCESS,FAILURE,DELAY..DATA..                
  T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
    250 2.1.5 [email protected] and options OK...                                   
  T xxx.xxx.xxx.73:25 -> xxx.xxx.xxx.100:53200 [AP]
    354 Enter mail, end with a single "."...                                  
  #In the mail.log_current just one line appeared:
  05-Dec-2008 10:51:18.46 tcp_local    +            O TCP|xxx.xxx.xxx.73|25|xxx.xxx.xxx.100|53200 SMTPSince it also mentions tcp_local channel, I decided to enable slave_debug on that as well.
  Rebuilt the configs, and ran msg-stop to see if the processes actually die. When I checked
  the "netstat -an | grep -w 25" and "ps -ef" outputs, there was indeed a tcp_smtp_server
  process running:
  mailsrv 23594   656   0 10:50:08 ?           0:00 /opt/SUNWmsgsr/messaging64/lib/tcp_smtp_serverBoth the sunmail and sendmail relay kept the socket ESTABLISHED. I took a pstack
  of the tcp_smtp_server (below) and killed it with SIGSEGV so I have a core dump if
  needed. Then I started the services and submitted the message from the queue again.
  The SMTP dialog log was actually from tcp_local, and it ended with the lines like these
  (note that even in this detailed log it just died with "network read failed" after 5 minutes,
  I inserted an empty line to make it more visible):
  11:21:18.26: Good address count 1 defer count 0
  11:21:18.26: Copy estimate after address addition is 2
  11:21:18.26: mmc_rrply: Return detailed status information.
  11:21:18.26: mmc_rrply: Returning
  11:21:18.26: Sending    : "250 2.1.5 [email protected] and options OK."
  11:21:18.26: Received   : "DATA"
  11:21:18.26: mmc_waend(0x00749cc0) called.
  11:21:18.26:   Copy estimate is 2
  11:21:18.26:   Queue area size 35152252, temp area size 2785988
  11:21:18.26:   8788063 blocks of effective free queue space available; setting disk limit accordingly.
  11:21:18.26:   1392994 blocks of free temporary space available; setting disk limit accordingly.
  11:21:18.26: Sending    : "354 Enter mail, end with a single "."."
  11:26:18.27: os_smtp_read: [9] network read failed with error 145
  11:26:18.27:     Error: Connection timed out
  11:26:18.27:   Generating V records for all addresses on channel ims-ms                          .
  11:26:18.27: mmc_flatten_address: Flattening address tree into a list.
  11:26:18.27:   Tree prior to flattening:
  11:26:18.27: Level/Node/Left/Right Address
  11:26:18.27: 0/0x0072ea30/0x00000000/0x00866050
  11:26:18.27: 1/0x00866050/0x00751ef8/0x00751ef8 ouruser@ims-ms-daemon
  11:26:18.27: Zero address: 0x00751ef8
  11:26:18.27: smtpc_enqueue returning a status of 137 (Timeout)
  11:26:18.27: SMTP routine failure from SMTPC_ENQUEUE
  11:26:18.27: pmt_close: [9] status 0Apparently, tcp_smtp_server didn't get a byte for 5 minutes so a read() call was locked
  and perhaps this is what didn't allow stop-msg to kill this process...
  At least, there's no specific failing routine in Sunmail, so I'm back to research about
  Sendmail and networking, buffering and so on. As I mentioned, when relay's sendmail
  process is killed, the system spits out about 3 packets of header data to the network...
  The pstack output for a waiting tcp_smtp_server process follows, for completeness sake:
  23594:  /opt/SUNWmsgsr/messaging64/lib/tcp_smtp_server
  -----------------  lwp# 1 / thread# 1  --------------------
  fffffd7ffd830007 lwp_park (0, 0, 0)
  fffffd7ffd829c14 cond_wait_queue () + 44
  fffffd7ffd82a1a9 _cond_wait () + 59
  fffffd7ffd82a1d6 cond_wait () + 26
  fffffd7ffd82a219 pthread_cond_wait () + 9
  fffffd7ffededf3e dispatcher_initialize () + 66e
  0000000000404078 main () + 768
  00000000004036fc ???????? ()
  -----------------  lwp# 2 / thread# 2  --------------------
  fffffd7ffd830007 lwp_park (0, fffffd7ffc5fdda0, 0)
  fffffd7ffd829c14 cond_wait_queue () + 44
  fffffd7ffd82a012 cond_wait_common () + 1c2
  fffffd7ffd82a286 _cond_timedwait () + 56
  fffffd7ffd82a310 cond_timedwait () + 30
  fffffd7ffd82a359 pthread_cond_timedwait () + 9
  fffffd7ffd520ff4 PR_WaitCondVar () + 264
  fffffd7ffd529854 PR_Sleep () + 74
  fffffd7ffd62d5d8 LockPoller () + 88
  fffffd7ffd5289e7 _pt_root () + f7
  fffffd7ffd82fd5b _thr_setup () + 5b
  fffffd7ffd82ff90 _lwp_start ()
  -----------------  lwp# 3 / thread# 3  --------------------
  fffffd7ffd830007 lwp_park (0, fffffd7ffc3fdda0, 0)
  fffffd7ffd829c14 cond_wait_queue () + 44
  fffffd7ffd82a012 cond_wait_common () + 1c2
  fffffd7ffd82a286 _cond_timedwait () + 56
  fffffd7ffd82a310 cond_timedwait () + 30
  fffffd7ffd82a359 pthread_cond_timedwait () + 9
  fffffd7ffd520ff4 PR_WaitCondVar () + 264
  fffffd7ffd529854 PR_Sleep () + 74
  fffffd7ffd62d5d8 LockPoller () + 88
  fffffd7ffd5289e7 _pt_root () + f7
  fffffd7ffd82fd5b _thr_setup () + 5b
  fffffd7ffd82ff90 _lwp_start ()
  -----------------  lwp# 4 / thread# 4  --------------------
  fffffd7ffd830007 lwp_park (0, 0, 0)
  fffffd7ffd829c14 cond_wait_queue () + 44
  fffffd7ffd82a1a9 _cond_wait () + 59
  fffffd7ffd82a1d6 cond_wait () + 26
  fffffd7ffd82a219 pthread_cond_wait () + 9
  fffffd7ffedf5fe8 pmt_refresh_stats () + d8
  fffffd7ffd82fd5b _thr_setup () + 5b
  fffffd7ffd82ff90 _lwp_start ()
  -----------------  lwp# 5 / thread# 5  --------------------
  fffffd7ffedecf10 dispatcher_read(), exit value = 0x0000000000000000
          ** zombie (exited, not detached, not yet joined) **
  -----------------  lwp# 6 / thread# 6  --------------------
  fffffd7ffd830007 lwp_park (0, fffffd7ffc1fded0, 0)
  fffffd7ffd829c14 cond_wait_queue () + 44
  fffffd7ffd82a012 cond_wait_common () + 1c2
  fffffd7ffd82a286 _cond_timedwait () + 56
  fffffd7ffd82a310 cond_timedwait () + 30
  fffffd7ffd82a359 pthread_cond_timedwait () + 9
  fffffd7ffeded829 dispatcher_housekeeping () + 1e9
  fffffd7ffd82fd5b _thr_setup () + 5b
  fffffd7ffd82ff90 _lwp_start ()
  -----------------  lwp# 14 / thread# 14  --------------------
  fffffd7ffd83319a lwp_wait (d, fffffd7ffbdfdf24)
  fffffd7ffd82c9de _thrp_join () + 3e
  fffffd7ffd82cbbc pthread_join () + 1c
  fffffd7ffedece66 dispatcher_joiner () + 36
  fffffd7ffd82fd5b _thr_setup () + 5b
  fffffd7ffd82ff90 _lwp_start ()
  -----------------  lwp# 13 / thread# 13  --------------------
  fffffd7ffd832caa pollsys  (fffffd7ffc1b9860, 1, fffffd7ffc1b97a0, 0)
  fffffd7ffd7d9dc2 poll () + 52
  fffffd7ffee6d7e8 pmt_recvfrom () + 868
  0000000000405a3f os_smtp_read () + 1ff
  0000000000404e3d smtp_get () + 9d
  fffffd7ffec0fda7 big_smtp_read () + 797
  fffffd7ffec36798 data () + a28
  fffffd7ffec460ad smtpc_enqueue () + f9d
  0000000000405343 tcp_smtp_slave () + 223
  00000000004038a4 tcp_smtp_slave_pre () + 54
  fffffd7ffedeccbc dispatcher_newtcp () + 46c
  fffffd7ffd82fd5b _thr_setup () + 5b
  fffffd7ffd82ff90 _lwp_start ()