Default gateway arp lookup failed
Hi there
On a 5500 series WLC I see I have an issue where peap clients get randomly disconnected with these errors
MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 24:77:03:35:79:34
AAA-6-ARP_LOOKUP_FAIL: radius_db.c:3232 Default gateway arp lookup failed.
aaaQueueReader: Aug 31 19:12:14.938: %AAA-4-RADIUSMSG_SEND_FAILED: radius_db.c:3567 Unable to send RADIUS message to
Any ideas?
Thanks
Naresh
Sent from Cisco Technical Support iPhone App
(Cisco Controller) >show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... SSID1
Network Name (SSID).............................. SSID1
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ i_wifi
Multicast Interface.............................. Not Configured
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 1.1.1.1 1812
Authentication................................ 1.2.1.1 1812
Accounting.................................... 1.1.1.1 1813
Accounting.................................... 1.2.1.1 1813
Dynamic Interface............................. Enabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status
Similar Messages
-
VPN Clients getting different default gateways
Hello,
We have a new Cisco ASA 5520 and are trying to setup the VPN with split tunneling. We mostly have clients running XP and the problem is that some of the clients connect (using Cisco Anyconnect 2.5) and the split tunneling works as expected --these clients keep their default gateway-- and then some clients connect and get a default gateway of 192.168.119.1 (our VPN addresses subnet) and of course these users cannot connect to the internet while connected to the VPN.
Here is our config:
ASA Version 9.1(1)
hostname xxxxxx
names
name 178.239.80.0 Deny178.239.80.0 description 178.239.80.0
name 74.82.64.0 Deny74.82.64.0 description 74.82.64.0
name 173.247.32.0 Deny173.247.32.0 description 173.247.32.0
name 193.109.81.0 Deny193.109.81.0 description 193.109.81.0
name 204.187.87.0 Deny204.187.87.0 description 204.187.87.0
name 206.51.26.0 Deny206.51.26.0 description 206.51.26.0
name 206.53.144.0 Deny206.53.144.0 description 206.53.144.0
name 67.223.64.0 Deny67.223.64.0 description 67.223.64.0
name 93.186.16.0 Deny93.186.16.0 description 93.186.16.0
name 216.9.240.0 Deny216.9.240.0 description 216.9.240.0
name 68.171.224.0 Deny68.171.224.0 description 68.171.224.0
ip local pool PAIUSERS 192.168.119.10-192.168.119.100 mask 255.255.255.0
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 63.86.112.194 255.255.255.192
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.129.5 255.255.255.192
interface GigabitEthernet0/2
nameif dmz
security-level 10
ip address 192.168.20.10 255.255.255.0
interface GigabitEthernet0/3
nameif vpn_dmz
security-level 25
ip address 192.168.30.10 255.255.255.0
interface Management0/0
management-only
shutdown
nameif management
security-level 100
ip address 192.168.102.4 255.255.255.0
object network obj-192.168.119.0
subnet 192.168.119.0 255.255.255.0
access-list outside_access_in extended permit ip host 192.168.119.11 host 192.168.35.23
access-list outside_access_in extended permit object-group TCPUDP any4 object-group DM_INLINE_NETWORK_3 object-group UDP_TCP_Domain inactive
access-list outside_access_in extended permit udp any4 object obj-192.168.30.11 eq isakmp
access-list outside_access_in extended permit ip any4 object obj-192.168.30.11
access-list outside_access_in extended permit udp any4 object obj-192.168.30.11 object-group UDP10000
access-list outside_access_in extended permit udp any4 object-group DM_INLINE_NETWORK_7 eq domain inactive
access-list outside_access_in extended permit tcp any4 object-group DM_INLINE_NETWORK_8 eq domain inactive
access-list outside_access_in extended permit tcp host 216.81.43.190 host 192.168.35.30 eq ssh inactive
access-list outside_access_in extended permit tcp host 216.81.43.190 object obj-192.168.35.30 object-group DM_INLINE_TCP_6 inactive
access-list outside_access_in extended permit tcp any4 object-group DM_INLINE_NETWORK_9 eq www inactive
access-list outside_access_in extended permit tcp any4 object obj-192.168.30.11 eq www
access-list outside_access_in extended permit esp any4 object obj-192.168.30.11
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.41 eq www
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.41 eq https
access-list outside_access_in extended permit tcp any4 host 192.168.35.34 eq https
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.35.30 object-group Ports_UDpTCP
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.30 object-group DM_INLINE_TCP_7
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.30 eq ftp
access-list outside_access_in extended permit object-group TCPUDP any4 host 63.86.112.248
access-list outside_access_in extended permit udp any4 host 162.95.80.115 eq isakmp
access-list outside_access_in extended permit tcp any4 host 162.95.80.115 object-group Ports_115
access-list outside_access_in extended permit udp any4 host 162.95.80.115 object-group Ports_2746_259
access-list outside_access_in extended permit object-group TCPUDP any4 host 63.86.112.245 object-group Service_Group_245 inactive
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.35.40 object-group UDP_TCP_Domain
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.40 object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any4 object obj-192.168.129.11 object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.129.11 object-group UDP_TCP_Domain
access-list outside_access_in extended permit tcp any4 object obj-192.168.129.11 object-group Network_Service_2703_6277
access-list outside_access_in extended permit udp any4 object obj-192.168.129.11 object-group UDP_443
access-list outside_access_in extended permit ip any4 host 192.168.101.75 inactive
access-list outside_access_in extended permit tcp any4 host 64.78.239.50 eq www
access-list outside_access_in extended permit tcp any4 host 64.78.239.54 object-group TCP_4445
access-list outside_access_in extended permit icmp any4 any4
access-list outside_access_in extended permit udp any4 object obj-192.168.35.40 object-group UDP_443
access-list outside_access_in extended permit tcp any4 host 63.86.112.204 object-group DM_INLINE_TCP_5
access-list outside_access_in extended permit tcp any4 host 63.86.112.204
access-list outside_access_in extended permit udp any4 host 63.86.112.204
access-list outside_access_in extended permit object-group TCPUDP any4 host 192.168.102.12 object-group Network_Server_1194
access-list outside_access_in extended permit tcp any4 host 192.168.102.12 eq www
access-list outside_access_in extended permit tcp any4 host 192.168.102.12 eq https
access-list outside_access_in extended permit object-group TCPUDP any4 object obj-192.168.35.41 object-group Network_Server_1194
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.12 eq www
access-list outside_access_in extended permit tcp any4 object obj-192.168.35.12 object-group DM_INLINE_TCP_3
access-list outside_access_in extended permit tcp any4 host 63.86.112.193 object-group Network_Service_TCP_1194
access-list outside_access_in extended deny tcp object Deny206.51.26.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny193.109.81.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny204.187.87.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny206.53.144.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny216.9.240.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny67.223.64.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny93.186.16.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny68.171.224.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny74.82.64.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny178.239.80.0 object obj-192.168.35.40 eq https
access-list outside_access_in extended deny tcp object Deny173.247.32.0 object obj-192.168.35.40 eq https
access-list vpn_dmz_access_in extended permit ip host 192.168.35.23 192.168.119.0 255.255.255.0
access-list vpn_dmz_access_in extended permit gre host 192.168.30.11 any4
access-list vpn_dmz_access_in extended permit tcp any4 host 23.0.214.60 eq https
access-list vpn_dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_28 any4
access-list vpn_dmz_access_in extended permit tcp any4 object obj-192.168.35.105 object-group DM_INLINE_TCP_4
access-list vpn_dmz_access_in extended permit esp any4 object obj-192.168.35.105
access-list vpn_dmz_access_in extended permit tcp any4 object obj-192.168.35.105
access-list vpn_dmz_access_in extended permit icmp any4 object obj-192.168.35.105
access-list vpn_dmz_access_in extended permit tcp any4 host 192.168.129.11
access-list vpn_dmz_access_in remark RDP
access-list vpn_dmz_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq 3389
access-list vpn_dmz_access_in extended permit icmp any4 object obj-192.168.35.23
access-list inside_nat0_outbound extended permit ip any4 192.168.119.0 255.255.255.0
access-list ftp-timeout extended permit tcp host 216.81.43.190 host 63.86.112.248
access-list ftp-timeout extended permit tcp host 63.86.112.248 host 216.81.43.190
access-list ftp-timeout extended permit tcp host 192.168.35.30 host 216.81.43.190
access-list ftp-timeout extended permit tcp host 216.81.43.190 host 192.168.35.30
access-list Split_Tunnel_List remark northwoods
access-list Split_Tunnel_List standard permit host 192.168.35.23
access-list Split_Tunnel_List remark paits2
access-list Split_Tunnel_List standard permit host 192.168.35.198
access-list Split_Tunnel_List standard deny 192.168.102.0 255.255.255.0
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list IS_Split_Tunnel standard permit 192.168.102.0 255.255.255.0
access-list IS_Split_Tunnel standard permit 192.168.82.0 255.255.255.0
access-list IS_Split_Tunnel standard permit 192.168.35.0 255.255.255.0
nat (inside,outside) source static object-192.168.35.0 object-192.168.35.0 destination static obj-192.168.119.0 obj-192.168.119.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.82.0 obj-192.168.82.0 destination static obj-192.168.119.0 obj-192.168.119.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.102.0 obj-192.168.102.0 destination static obj-192.168.119.0 obj-192.168.119.0 no-proxy-arp route-lookup
webvpn
enable outside
enable inside
enable dmz
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect profiles pairemoteuser disk0:/pairemoteuser.xml
anyconnect enable
tunnel-group-list enable
group-policy PAIGroup internal
group-policy PAIGroup attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value PAI
group-policy PAIUSERS internal
group-policy PAIUSERS attributes
wins-server value 192.168.35.57
dns-server value 192.168.35.57
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
default-domain none
webvpn
anyconnect firewall-rule client-interface private value vpn_dmz_access_in
anyconnect profiles value pairemoteuser type user
group-policy PAIIS internal
group-policy PAIIS attributes
wins-server value 192.168.35.57
dns-server value 192.168.35.57
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value IS_Split_Tunnel
default-domain none
webvpn
anyconnect firewall-rule client-interface private value vpn_dmz_access_in
anyconnect profiles value pairemoteuser type user
group-policy DfltGrpPolicy attributes
banner value Welcome to PAI
wins-server value 192.168.35.57
dns-server value 192.168.35.57
address-pools value PAIUSERS
webvpn
anyconnect firewall-rule client-interface public none
anyconnect firewall-rule client-interface private value vpn_dmz_access_in
anyconnect ask enable default anyconnect timeout 5
group-policy Anyconnect internal
: endCheck is the users fall into DfltGrpPolicy because it has no split tunneling active.
Michael
Please rate all helpful posts -
Duplicate IP on a default gateway interface = Bad
I just had an entire VLAN drop out due to a host being brought onto the network that had been erroneously configured with a static IP that happened to be in conflict with the HSRP default gateway IP of the core switch; fortunately, we were able to remove the offending host and reconfigure default gateways as a workaround until the core switch's ARP table updated.
Is there any way to configure a 6500 running IOS to inhibit or block a conflicting IP (especially one with a gateway IP) by using a static ARP entry or other authoritative command?
Thanks,
MarcHi,
You may use the following.
enable Unicast Reverse Path Forwarding on an interface. Unicast RPF guards against IP spoofing (a packet uses an incorrect source IP address to obscure its true source) by ensuring that all packets have a source IP address that matches the correct source interface according to the routing table.
Normally, the FWSM only looks at the destination address when determining where to forward the packet. Unicast RPF instructs the FWSM to also look at the source address; this is why it is called Reverse Path Forwarding. For any traffic that you want to allow through the FWSM, the FWSM routing table must include a route back to the source address. See RFC 2267 for more information.
For outside traffic, for example, the FWSM can use the default route to satisfy the Unicast RPF protection. If traffic enters from an outside interface, and the source address is not known to the routing table, the FWSM uses the default route to correctly identify the outside interface as the source interface.
If traffic enters the outside interface from an address that is known to the routing table, but is associated with the inside interface, then the FWSM drops the packet. Similarly, if traffic enters the inside interface from an unknown source address, the FWSM drops the packet because the matching route (the default route) indicates the outside interface.
Unicast RPF is implemented as follows:
?ICMP packets have no session, so each packet is checked.
?UDP and TCP have sessions, so the initial packet requires a reverse route lookup. Subsequent packets arriving during the session are checked using an existing state maintained as part of the session. Non-initial packets are checked to ensure they arrived on the same interface used by the initial packet.
To enable Unicast RPF, enter the following command:
hostname(config)# ip verify reverse-path interface interface_name
http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c66.html#wp1042625
It may be useful..
Rgrds
Rajeev.S -
CSS 11503 One-arm Design and Server Default Gateway
Our problem is determining the correct default gateway for our web servers. All IP addresses are in the same subnet (VIP, interfaces, and servers). Should the servers default gateway be the L3 switch, or the CSS?
Thanks!
TomHi Tom,
If you have one arm mode, you might have problems with asymmetric flows, due that the CSS behaves similar to a firewall when it comes to flows, as it needs to see both sides of the flow ( client and server side ) in order to handle things correctly. Having this kind of setup, and even when the server pointing to the CSS as its default gateway, ICMP redirects might force the traffic to change dynamically.
You can put as default gateway the L3 switch, but you need to force the traffic that has been load balanced by the CSS to go back to the CSS, otherwise the flow would fail. You can do this by using a group on the CSS, adding the service with the following command: 'add destination service xxxx'. This would NAT the client's IP address for the VIP that you use on the group and would force the flow to go back to the CSS.
Another thing that you can do is to use the CSS as the server's DG, but you must make sure that all L3 devices, including the CSS have ICMP redirects turned off on this subnet. If you have a firewall on this subnet, you would need to turn off proxy ARP as well.
I hope you find this helpful. Thanks!
Regards,
Jose Quesada. -
DVM lookup failing in soa 11g (11.1.1.3)
Hi
I have a strange problem. my dvm lookup fails in 11g if it does not has exact 1:1 mapping in the DVM. The same code is working in 10g fine.
In 10g:
-for '' (null) as source-value the dvm lookup function returns the default value
orcl:lookup-dvm('LANGUAGECODE','EBIZ','','RETAIL','DEFAULT')_
-for multiple values for COMMON column returns the correct value 'GB'
orcl:lookup-dvm('ADDRESSCOUNTRYID','COMMON','United Kingdom','RETAIL','DEFAULT')_
In 11g(PS2):
-for '' value the dvm lookup function
dvm:lookupValue("oramds:/apps/AIAMetaData/dvm/LANGUAGECODE.dvm","EBIZ","","RETAIL","")_
Error:
Error invoking 'lookupValue':'oracle.tip.dvm.exception.DVMException: *The source column "EBIZ" has already multiple occurences of source value "" in dvm "oramds:/apps/AIAMetaData/dvm/LANGUAGE_CODE.dvm".* Please ensure the source value is unique for a given source column.'.
-for COMMON multiple values
_dvm:lookupValue("oramds:/apps/AIAMetaData/dvm/'ADDRESS_COUNTRYID'.dvm","'COMMON'","","RETAIL","")_
Error:
Error invoking 'lookupValue':'oracle.tip.dvm.exception.DVMException: *The source column "COMMON" has already multiple occurences of source value "United Kingdom" in dvm "oramds:/apps/AIAMetaData/dvm/ADDRESS_COUNTRYID.dvm".* Please ensure the source value is unique for a given source column.'
Anyone faced this issue?Am i Hitting a bug on ps2?
Will Qualifiers help in any way?
-debashis
Edited by: debashis on 08-Apr-2011 02:53Thans for repsonse.
I understand the duplicate rows dont work in 11g and simply removing it would not make our use case work.
okay here is my requirement :
My DVM:
column A____value
============
1_____________A
2_____________B
3_____________C
1_____________D
I want to get both the values A,D when provided 1 as search value. But I understand that this is not possible as duplicate rows are not permitted in dvm.
However I could achieve it using a very slight simple workaround. as below
Modified the dvm as below
column A____value
============
1_____________A,D
2_____________B
3_____________C
Now I get A,D and in my code I do the parsing and seperating A and D by using some string functions to individually get A and D.
Just one compromise to make is -- users entering values in dvm should enter in a specific way ie, A,D,....so on...so that i can use logic accordingly in my code to break them again.
Hope this helps to any others looking for similar solution.
Thanks,
Sridhar. -
Default Gateway when connected to VPN
Thanks for reading!
This is probably a dump question so bear with me...
I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
This is who it looks like now:
Anslutningsspecifika DNS-suffix . : VPNOFFICE
IP-adress . . . . . . . . . . . . : 10.10.10.1
Nätmask . . . . . . . . . . . . . : 255.255.255.0
Standard-gateway . . . . . . . . :
The internal network is :
172.16.12.0 255.255.255.0
Below is my config for the ASA, thanks a lot!!!!!!!
!FlASH PÅ ROUTERN FRÅN BÖRJAN
!asa841-k8.bin
hostname DRAKENSBERG
domain-name default.domain.invalid
enable password XXXXXXX
names
interface Vlan1
nameif inside
security-level 100
ip address 172.16.12.4 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 97.XX.XX.20 255.255.255.248
interface Ethernet0/0
switchport access vlan 10
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list MSS_EXCEEDED_ACL extended permit tcp any any
access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
tcp-map MSS-MAP
exceed-mss allow
pager lines 24
logging enable
logging timestamp
logging buffer-size 8192
logging console notifications
logging buffered notifications
logging asdm notifications
mtu inside 1500
mtu outside 1500
ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 172.16.12.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 172.16.12.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.16.12.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
group-policy VPNOFFICE internal
group-policy VPNOFFICE attributes
dns-server value 215.122.145.18
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-SPLIT-TUNNEL
default-domain value VPNOFFICE
split-dns value 215.122.145.18
msie-proxy method no-proxy
username admin password XXXXXX privilege 15
username Daniel password XXXXX privilege 0
username Daniel attributes
vpn-group-policy VPNOFFICE
tunnel-group VPNOFFICE type remote-access
tunnel-group VPNOFFICE general-attributes
address-pool VPN
default-group-policy VPNOFFICE
tunnel-group VPNOFFICE ipsec-attributes
pre-shared-key XXXXXXXXXX
class-map MSS_EXCEEDED_MAP
match access-list MSS_EXCEEDED_ACL
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp error
inspect pptp
inspect ipsec-pass-thru
inspect icmp
class MSS_EXCEEDED_MAP
set connection advanced-options MSS-MAP
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
: endI didn't realise I had that crypto settings on, thanks my bad!!!
But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
the vpn network is staticly routed back to my ASA in that firewall...
I don't like this solution.. but this is who it looks.. for now..
(VPN network is 10.10.10.X/24)
But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
THANKS for all the help! -
Hello,
I just set up my CSS 11154 and I assigned the IP address to the Mgmt interface. I can ping it if I'm on the same subnet, but if I'm across a routed interface, I can not. I didn't see anywhere to put in a "default-gateway" parameter like on at regular switch. So, I just put in the
ip route 0.0.0.0 0.0.0.0 10.1.0.1
statement, thinking that would do the trick. It doesn't work. Any suggestions. Here's my config:
CSS11150# show run
!Generated on 01/01/1981 00:00:34
!Active version: ap0500033
configure
!*************************** GLOBAL ***************************
bridge spanning-tree disabled
ip route 0.0.0.0 0.0.0.0 10.1.0.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
interface e2
phy 100Mbits-FD
interface e3
phy 100Mbits-FD
interface e4
phy 100Mbits-FD
interface e5
phy 100Mbits-FD
interface e6
phy 100Mbits-FD
interface e7
phy 100Mbits-FD
interface e8
phy 100Mbits-FD
interface e9
phy 100Mbits-FD
interface e10
phy 100Mbits-FD
interface e11
phy 100Mbits-FD
interface e12
phy 100Mbits-FD
!************************** CIRCUIT **************************
circuit VLAN1
ip address 20.33.33.33 255.255.255.0
CSS11150#Hi Gilles,
It doesn't appear as though the "ip management route" is a valid command. Here's my version and what I have as options when issuing the "ip" command:
CSS11150(config)# version
Version: ap0500033 (5.00 Build 33)
Flash (Locked): 5.00 Build 33
Flash (Operational): 5.00 Build 33
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11150(config)# ip ?
ecmp Set the equal-cost multipath selection algorithm
firewall Configure firewall load-balancing route
no-implicit-service Do not start an implicit service for the next hop of
static routes
opportunistic Set the IP opportunistic layer-3 forwarding mode
record-route Enable processing of frames with a record-route option
redundancy Enable box-to-box redundancy
route Configure a static route
source-route Enable processing of source-routed frames
subnet-broadcast Enable forwarding of subnet broadcast addressed frames
uncond-bridging Do not allow routing lookup to override bridging decision
CSS11150(config)# ip
Any suggestions?
Also, your comment regarding "you can't have the same route pointing to a management interface and to a regula interface." What does that mean. I'm treating these things as basically the same as a regular 29xx/35xx switch, but there are definitely differences.
Thanks,
Dave -
Hey all.... I'm really hoping someone can help me.
I have a network setup between two houses, but only one internet connection. Each house has a router acting as a DHCP server handing out a limited range of addresses. It was done this way so that if the connection between the two houses fails, each individual network will still be running. (all addresses are 192.168.2.XYZ).
At the house that does not have internet, I set the router to hand out a default gateway of the router at the house that does have internet. After replacing my old router with the new E4200, I realised that the new router does not allow me to specify which default gateway to hand out to DHCP clients (I dont see why it would hurt allowing users to do this, but anyways).
I'm not entirely sure how to set this up now, from what I can tell after some reading up, I would have to have each house on a different network (192.168.2.xyz and 192.168.3.xyz) and set up static routes at each house to route traffic between the two networks.
The house that does not have internet has the E4200, could I plug the connection from the house that does have internet into the wan port and still allow that house to see my network shares and such?
I know this is quite complex, so any help would really be appreciated.
Thanks
Craig
EDIT: Just to add to this, the two houses are connected via two Ubiquiti Nanostation loco M5'sAre both routers connected to each other?
Follow this link to connect Linksys router to another router.
Try LAN to LAN connection type and see if that works. -
WRT54G2 V1 default gateway offline at seemingly random..
I use a WRTG54G2 version 1 router and had some internet problems before after I started using Windows 7, but thought I had it fixed by uninstalling AVG Free and doing a dns flush.
But just now twice in a row my internet connection failed again.
Some facts:
-Removing the internet cable in my PC and putting it back in fixes it.
-Disabling and re enabling the Realtek Driver fixes it.
-Windows 7 troubleshoot finds nothing, but Windows Live Messenger says my default gateway is offline.
-The one other PC (with XP) in the home network is not affected.
-I can not even access my router through my browser.
-I don't see anything wrong when I use ipconfig in cmd.exe (could be wrong)
-Screaming and crying does not fix it.
-Network map feature in Windows 7 has never worked even when I have internet.
-I have an Asus motherboard, so no Nvidia Nforce.
-Powersave for the Realtek driver is turned off.
It seems there are no driver or firmware upgrades for this router on this site, is this correct or did Cisco misplace them on the site?
I also made a screenshot of the ipconfig /all command in command prompt when my internet failed.
Message Edited by captain kid on 12-17-2009 02:34 PM1. It's an "ethernet cable" not an "internet cable".
2. What you write sounds more like a computer problem. If you disconnect the connection either through the driver or by pulling the cable it reconnects again. You have another computer which works fine. You should try a different port on the WRT but I guess it makes no difference.
As uninstalling antivirus helped somewhat it could be malware on your computer. Malware and antivirus usually don't place nicely together on a computer.
Otherwise I would say it could be either the switch in the WRT or the port on your computer being slightly off the spec. Which one it really is is difficult to find out...
3. There is firmware on the US server:
07/08/2009
Ver.1.0.04 (Build 5)
Download 1.71 MB
But it's for US models. It may or may not work well with your router. I also kind of doubt that it will fix your problem. -
I have a small test program that gets a Context to our server and does a
lookup for an EJB. The lookup fails with the following client-side
trace...
javax.naming.CommunicationException. Root exception is
java.lang.ClassNotFoundException: class
com.prismadata.appserv.session.series.TimeseriesSBBeanHomeImpl_ServiceStub
previously not found
at weblogic.rjvm.MsgAbbrev.read(MsgAbbrev.java:181)
at
weblogic.socket.JVMAbbrevSocket.readMsgAbbrevs(JVMAbbrevSocket.java:505)
at
weblogic.rjvm.MsgAbbrevInputStream.prime(MsgAbbrevInputStream.java:134)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:610)
at
weblogic.rjvm.ConnectionManagerClient.handleRJVM(ConnectionManagerClient.java:34)
at
weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:630)
at
weblogic.socket.JVMAbbrevSocket.dispatch(JVMAbbrevSocket.java:393)
at weblogic.socket.JVMSocketT3.dispatch(JVMSocketT3.java:342)
at
weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:247)
at
weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:23)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.rmi.UnmarshalException: Unmarshalling return
- with nested exception:
[java.lang.ClassNotFoundException: class
com.prismadata.appserv.session.series.TimeseriesSBBeanHomeImpl_ServiceStub
previously not found]
at
weblogic.jndi.toolkit.BasicWLContext_WLStub.lookup(BasicWLContext_WLStub.java:256)
at
weblogic.jndi.toolkit.WLContextStub.lookup(WLContextStub.java:545)
at javax.naming.InitialContext.lookup(InitialContext.java:349)
at
com.prismadata.appserv.session.series.test.Client.main(Client.java:73)
However, when I perform the same lookup in a servlet (admittedly running
in the same JVM) I successfully get the home interface object back.
Any ideas why ?
Thanks,
GinoIn order to get a reference to you EJB Home interface from JNDI, your
application has to have an access to the stub of this interface. This stub
is generated by WL tools when you deploy your EJB. Because your servlet runs
inside the server's VM, it has an access to this stub by default. So just
include these stubs in CLASSPATH of your test program and you will see the
difference.
kesha
"Gino Coccia" <[email protected]> wrote in message
news:[email protected]...
I have a small test program that gets a Context to our server and does a
lookup for an EJB. The lookup fails with the following client-side
trace...
javax.naming.CommunicationException. Root exception is
java.lang.ClassNotFoundException: class
com.prismadata.appserv.session.series.TimeseriesSBBeanHomeImpl_ServiceStub
previously not found
at weblogic.rjvm.MsgAbbrev.read(MsgAbbrev.java:181)
at
weblogic.socket.JVMAbbrevSocket.readMsgAbbrevs(JVMAbbrevSocket.java:505)
at
weblogic.rjvm.MsgAbbrevInputStream.prime(MsgAbbrevInputStream.java:134)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:610)
at
weblogic.rjvm.ConnectionManagerClient.handleRJVM(ConnectionManagerClient.jav
a:34)
>
at
weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:630)
at
weblogic.socket.JVMAbbrevSocket.dispatch(JVMAbbrevSocket.java:393)
at weblogic.socket.JVMSocketT3.dispatch(JVMSocketT3.java:342)
at
weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:247)
at
weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:23)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.rmi.UnmarshalException: Unmarshalling return
- with nested exception:
[java.lang.ClassNotFoundException: class
com.prismadata.appserv.session.series.TimeseriesSBBeanHomeImpl_ServiceStub
previously not found]
at
weblogic.jndi.toolkit.BasicWLContext_WLStub.lookup(BasicWLContext_WLStub.jav
a:256)
>
at
weblogic.jndi.toolkit.WLContextStub.lookup(WLContextStub.java:545)
at javax.naming.InitialContext.lookup(InitialContext.java:349)
at
com.prismadata.appserv.session.series.test.Client.main(Client.java:73)
However, when I perform the same lookup in a servlet (admittedly running
in the same JVM) I successfully get the home interface object back.
Any ideas why ?
Thanks,
Gino -
Hi Team,
Good day.
I do have a pair of nexus 5k that is connected via vpn and are running HSRP for our vlans.
One of the Vlan is having issues where host connected to that vlan is not able to reach the HSRP ip address/the virtual ip.
However the outage will last for 25 minutes, and I have figured it out that the arp table expires after 25 minutes and the Virtual ip is then pingable.
The configuration is identical for all other vlans and the HSRP DOES NOT FLAP when this issue happen.
The version we are running on is 5.1(3) N2 1.
In short our host is not able to reach the HSRP IP Address. Please assist on this.
Thanks
Regards,
Kanes.RPlease forgive me for replying again; I had not thought at the time that replying to your own post might be more productive.
My problem is similar (but static not DHCP addressing) and quite grievous since I am about 120 miles away; after reboot I cannot reach the server.
I am running Windows Server 2008 R2 64 bit on a production server (web edition, Dell R300). This is a multi-homed server and each time I add an IP address (IPV4) to the machine all other (IPV4) IPs disappear after reboot (though they are visible in the network
properties dialog). No IP responds even, even to pings, until I use the TCP/IP reset:
netsh int ip reset resetlog.txt
Then I have to manually type all the ips again in the TCP/IP advanced dialog. When I look at the
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{MY_ADAPTERS_GUID}\IPAddress'
key, the only one present is the last one I typed. Thus when I reboot that will be the only IP on the machine (but the IP shown in the IPV4 network dialog will be completely blank).
The default gateway is kept, however, so the machine actually can communicate if I remember the last IP I added. But so far this has happened 3 times and each time I have to hire an IP KVM device to work with the server.
Would the changes you described above fix this problem? (or, at least, do you think they might _cause_ problems if I try them on this operating system?)
I dread applying security patches because it will require a reboot and all sites will be down (except the last IP I added) until I reset the TCP/IP and re-enter the addresses (though now I have a script to do it more quickly, as long as I remember
to keep my text list current).
Thanks in advance for any help you can offer. -
Sudden Ping Drop from Default Gateway in VLAN
Hi,
We have a Layer3 Switch 3560 and we have configure multiple VLANs along with SVI on it. We have then cascade layer2 Switches (Cisco 2960) with 3560 by Trunk links. Now we are facing problem on one VLAN that users are in specific VLAN sudden get ping drop from their default gateway (SVI on Cisco 3560) and this problem is not come with all users in that VLAN as just few users in a single time face this problem. When we unplug the systems for few second and reconnect then problem get resolved for few minutes till hours.
Kindly guide me to resolved this.
Regards,
ArshadI have also clean the arp cache on users systems by using "'netsh interface ipv4 delete arpcache" but in vain. Now i have perform the below steps and operation is working fine since last 20 hours approx.
1- Change the First Casade Switch Cisco 2960.
2- Remove EtherChannel and Change the Backbone port on Cisco 3560 and Cisco 2960.
3- Connect both switches with single backbone Gig Port.
4- IOS Version on previous Cisco 2960 switch was IOS 12.2(50)SE3 and the IOS Version on newly installed switch is IOS 12.2(50)SE5 -
Registry's EnumKey Lookup Failing When Called By MSBuild?
A MS-DOS script executes the VBScript below and it works fine. However, when using a MS Build master deployment file which calls the aforementioned MS-DOS script, the 2nd location lookup ("SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\")
fails with a result code of 2. I have spent countless hours trying to figure out why the difference. Any ideas?
Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
Set oRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & node & "/root/default:StdRegProv")
REM 1st location: "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
sBaseKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
iRC = oRegistry.EnumKey(HKLM, sBaseKey, arSubKeys)
If iRC <> 0 THEN
WScript.Echo "Registry lookup failed for " & sBaseKey
ELSE
For Each sKey In arSubKeys
iRC = oRegistry.GetStringValue(HKLM, sBaseKey & sKey, "DisplayName", sValue)
If sValue = Wscript.Arguments.Item(1) Then
oRegistry.GetStringValue HKLM, sBaseKey & sKey, "UninstallString", sValue
InstalledApplications = Replace(sValue, "/I{", "/X{")
IF LEN(InstalledApplications) > 0 THEN
InstalledApplications = InstalledApplications & " /qn /l*vx """ & sFile & ".Log""" & Chr(13) & Chr(10)
END IF
END IF
NEXT
END IF
REM 2nd location: "SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\<GUID>\InstallProperties"
arProducts = NULL
sBaseKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\"
iRC = oRegistry.EnumKey(HKLM, sBaseKey, arProducts)
If iRC <> 0 THEN
WScript.Echo "Registry lookup failed for " & sBaseKey
ELSE
For Each guid In arProducts
sInnerKey = sBaseKey & guid & "\InstallProperties\"
iRC = oRegistry.GetStringValue(HKLM, sInnerKey, "DisplayName", sValue)
If sValue = Wscript.Arguments.Item(1) Then
oRegistry.GetStringValue HKLM, sInnerKey, "UninstallString", sValue
InstalledApplications = Replace(sValue, "/I{", "/X{")
IF LEN(InstalledApplications) > 0 THEN
InstalledApplications = InstalledApplications & " /qn /l*vx """ & sFile & ".Log""" & Chr(13) & Chr(10)
END IF
END IF
NEXT
InstalledApplications = InstalledApplications & "GOTO:EOF"
END IF
Shawn ([email protected])Or try sysnative:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384187%28v=vs.85%29.aspx
Don't retire TechNet! -
(Don't give up yet - 13,225+ strong and growing)
But that is not a portable solution. it does not apply to 32 bit platforms and will only work from a 64 bit session when calling intp a 32 bit session.
If we are in a 32 bit session running VBScript then we cannot see the 64 bit registry without the help of WMI. The correct solution is to build in the correct environment. If you want to run in both environments then you will need to test the
32 bit version on a 32 bit system assuming the applications being enumerated use the same keys on both architectures.
¯\_(ツ)_/¯
This is correct. I totally forgot there are 32 bit and 64 bit versions of MSBuild. I made no changes except to execute the main deployment script with the 64 bit version of MS Build. Thank you for all of your help.
-Shawn
Shawn ([email protected]) -
Why does my airport give wrong default gateway dhcp?
I have a fancy AirPort Extreme Base Station running 7.7.3.
It was recommended as a very good wireless access point, which it is, purely in terms of signal strength and connectivity.
In terms of easy configuration, this thing is a nightmare. Someone once told me, "Get Apple products, they just WORK!" Not in this case. I am using the base station to provide access on my home network wirelessly and wired on the same layer 2. DHCP is assigning 192.168.1.250 as the default gateway, but the IP of the base station is 192.168.1.1, so none of my hosts on DHCP are able to get Internet. I cannot find or see a way to correct the DHCP gateway assignment.
In addition, I have a single wired Windows host. It does not get the DHCP reservation I set up for it. I cannot for the life of me figure out why. MAC is right. ipconfig /release and /renew fails to assign the correct address every time tho.
I have one Mac in the house. It too fails to obtain the right gateway IP. My question: why is the base station assigning 192.168.1.250 as a gateway when it's own internal IP is 192.168.1.1????
I have owned many home access points. This is the first one I couldn't assign the internal IP to as a gateway address, and I can't assign a specific subnet mask to pair down the broadcast domain. Why are the options to configure my internal network so limited?LaPastenague wrote:
Why are the options to configure my internal network so limited?
So it will be easy to configure.
Sadly this means there is no way to fix things when they go wrong.
How did you manage to get 192.168.1.x .. as the default IP of the TC is 10.0.1.1 and it is well worth leaving it alone.
Post a few screenshots and we can help you fix it up. Mostly.. probably.
So the default is 10.0.1.1, but I didn't want an entire class A range wide open on my home network, so I chose the class C 192.168.X.X (why is Apple still doing classful networks?!?)
Here's some helpful screenshots, starting with the opening screen.... note the router's IP:
This is my AirPort's basic info, and the networks. There are two ethernet ports in back, one connected to the cable modem, the other to BADGER, my PC. BADGER will be the example in all my DHCP woes...:
This is BADGER's manually assigned IP info. I would like to set up a reservation for it on the AirPort so I can just switch it to DHCP and be done.
As you can see, my gateway is 192.168.1.1, which is the internal IP of the AirPort extreme. I use public DNS servers, so I add those manually on the PC. So, using this info, I create the reservation:
Here you can see the DHCP scope I've assigned: .1.2-.1.50. I also set up a reservation for BADGER. No where on here is a way to specify the router's internal IP, which is 192.168.1.1 - it's the only gateway address that works.There's also no way to apply a more restrictive subnet mask to limit the number of hosts on my internal side, but that's another issue. Moving on...
I apply the reservation. I click update. The AirPort extreme router updates itself. I switch BADGER to DHCP, and release/renew. Here's where it gets interesting:
Here's what the router wants to assign me. The MAC address is the same as in the reservation, but the AirPort Extreme gives me 192.168.1.129? That's not even in the range I defined. Also, note the gateway address. It wants to assign 192.168.1.250 ... but that's wrong, as indicated by the lack of network connectivity in the system tray. If I configure my PC to use 192.168.1.1, then traffic routes off my home network just fine because that's the internal IP of the AirPort Extreme. So, without getting into this product's shortcomings as an actual configurable home router:
- Why does it assign its gateway as 192.168.1.250 when it's really 192.168.1.1?
- Why does it ignore my DHCP reservation and assign a completely out-of-scope IP?
All of my devices are getting .250 as the gateway. Wireless and BADGER, even my lone Mac. Can anyone shed some light? -
Why should client PCs always know the default gateway?
Considering that my home computer has only one connection and it is to my ISP,
why does it need the default gateway to be configured (being DHCP client)?
Where else my connection can be deviated from this unique connection cable?
Is it possible to configure a router to which my PC is connected and, then,
the client PCs would not need to be configured with default gateway?
Or client PCs always have to know default gateway?
Why?How IP Packets are Routed on a Local Area Network
http://www.anitkb.com/2010/06/how-ip-packets-are-routed-on-local-area.html
Thanks, this helps but still confuses.
The article tells:
" Now that WK1 has WK2's MAC, it can send the packet directly to WK2"
A)
I do not understand what does it mean if computer has one outgoing network cable to switch.
It is switch who has different connections and, thereafter, can commutate different communication circuits.
So, I can only understand that WK1 somehow tells to switch to connect him directly to WK2 but not to router.
How?
B)
Were WK1 and WK2 connected directly to a hub, instead of switcher, would they be able to communicate directly?
(The definition of a hub is that it takes a signal and broadcast it through all connections)
C)
Also, reading about switch-router-hub, I cannot understand which role is played by a client computer in communication
(of a hub, of a switcher?)? Neither of them? What?
A. I believe a fundamental understanding of what a switch and the differences and the similarities between a hubs, bridges and switches, as well as the OSI model, may be helpful at this time.
First, the OSI model is an industry standard defining how hosts communicate with each other. There are 7 layers. THe bottom layer has no intelligence and is the physical connection. As you go up the ladder, the intelligence increases.
7 Application (Application Gateways, Proxies, etc, operate at this level)
6 Presentation
5 Session
4 Transport (TCP, UDP, SPX live here and operate at this layer, NAT overlaps 3 & 4)
3 Network (IP & IPX live here. NetBEUI and DLC overlap 3 & 4. Routers operate at this layer)
2 Datalink (MAC addresses live here. Bridges and Switches operate at this level)
1 Physical (Hubs operate at this level)
Hubs, Bridges and switches allow ethernet hosts to communicate with each other, no matter what protocol is being used, whether TCP/IP, IPX/SPX, NetBEUI, DLC, etc. They transmit packets on the network.
A hub is a Layer 1 device. It is a dumb device blatantly allowing all hosts to communicate to each other with no discerning source or destination addresses, whether MAC, IP, IPX or any other factor, in the packets.
A bridge is a Layer 2 device. It bascially has two interfaces connecting two network segments together. If a host on one side of the bridge, we'll call that SegmentA, is trying to communicate to another host on the same SegmentA, the
bridge will not allow the traffic to go to the other segment on its other interface, SegmentB. This helps reduce unnecessary traffic and reducing collisions, which slow down the network. If the host on SegmentA is communicating with a host on SegmentB, the
bridge allows the traffic. This is because a bridge has enough intelligence to read the Link layer, which has the MAC address (the physical address) of the interface or network card. It can read the source and destination MAC and determines whether to allow
that traffic across or not depending on where the source MAC is and where the destination MAC is.
Switches are basically multi-port bridges. When a switch intializes, it reads the MAC addresses of all connected devices and creates a "destination table." Notice I didn't say "routing table" since that is associated with IP addresses.
Therefore, if a host on port# 14 on a switch needs to communicate with a host on # 33 on the switch, the switch reads the source and destination MAC address in the Datalink Layer (Layer 2) and knows the destination is on port# 33 based on the destination
lookup table it created of all connected devices. It will then only send this traffic between the two ports. This essentially reduces unnecessary traffic on other ports increasing efficiency.
There are also Layer 3 Switches. They are combination switches and routers that can be managed where you can configure each port to either be switched or routed.
So to answer your questions:
A)
I do not understand what does it mean if computer has one outgoing network cable to switch.
It is switch who has different connections and, thereafter, can commutate different communication circuits.
So, I can only understand that WK1 somehow tells to switch to connect him
directly to WK2 but not to router.
How?
As explained, the switch simply discerns traffic by MAC address. The client side TCP/IP subsystem using the ANDING process, as I've explained earlier, and JM's blog explains, determines where the computer is sending the packets. A computer does not "Tell"
the switch or hub anything. It simply dumps the packet on the wire and the switch reacts to what it finds in the Datalink layer, and if a hub, it simply sends the traffic on all ports.
B)
Were WK1 and WK2 connected directly to a hub, instead of switcher, would they be able to communicate directly?
(The definition of a hub is that it takes a signal and broadcast it through all connections)
It's not called a 'switcher.' It's called a 'switch.' As explained, a hub blatantly broadcasts traffic on all ports. It is up to the sending host and receiving host to read all packets and figure out what belongs to it or not. If a destination address doesn't
apply to a computer that hears the data, it simply ignores it.
C)
Also, reading about switch-router-hub, I cannot understand which role is played by a client computer in communication
(of a hub, of a switcher?)? Neither of them? What?
The computer is simply plugged into these devices. The devices have their job to do, and the computer has its own.
I hope that explains this part of your networking questioning.
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no
rights.
Maybe you are looking for
-
My Iphone won't turn on at all.... I tried holding the sleep/wake button with the home button and it still won't turn on.... Also this happened while I was updating my Iphone..... After that happened I tried to check to find a way to turn on my Iphon
-
Display more than one BI bean graph on JSP page
Hi, I want to show BI Beans graphs on a JSP page (just the Jdev 10.1.2 included components, not the OLAP backed ones) but I want to show a different graph for each row iterated in the JSP so I'll end up with up to 20 graphs on the screen. Currently I
-
Creating 2 custome dependent value sets for party_number and customer_numbe
Hi, I want to create 2 custom value sets XX_PARTY_NUMBER and XX_CUSTOMER_NUMBER When i select the value for Party_number from XX_PARTY_NUMBER, the corresponding customer_number should populate from XX_CUSTOMER_NUMBER This is what i tried 1ST VALUE SE
-
What is Personal change request
Hi experts , I want to know about much talked Personal change request . Ans speically when its required to use it. If you have any informational link about it kindly tell me. Regards Abhay
-
Firefox/internet explorer help
well my website is still in the making but i have run into some problems. in order to see what im talking about you will have to have internet explorer and firefox. first go on firefox and go to my website (www.killerarcadegames.com) then go to games