Dropping POD packet

I have a cisco 7200 router and we are using it as a PPPoE server
We use POD
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
aaa pod server auth-type any ignore server-key
aaa session-id common
but when i used "debug aaa pod" it showed
that POD is not working
*Jul 14 08:04:16.752: POD: a.b.c.27 server not enabled. Dropping POD packet
and the IOS that we are using is
c7200-spservicesk9-mz.124-11.T1.bin
Can anybody help me about this problem

Hi,
Can you add the following commands and retest:
aaa server radius dynamic-author
client
server-key cisco
auth-type any
ignore session-key
ignore server-key
aaa pod server auth-type any server-key cisco !
Hope this helps,
Soumya

Similar Messages

  • *apfMsConnTask_0: spam_lrad.c:18962 LWAPP header parsing failed, dropping the packet

                Hi ,
    Today i face strange error i cant find solution. If anyone knows please help.
         3/1/2013 6:30:43 PM    x.x.x.x    Error    EFWLC01: *apfMsConnTask_0: spam_lrad.c:18962 LWAPP header parsing failed, dropping the packet
        3/1/2013 6:30:42 PM    x.x.x.x   Error    EFWLC01: *spamReceiveTask: spam_lrad.c:18962 LWAPP header parsing failed, dropping the packet
        3/1/2013 6:30:42 PM    x.x.x.x   Error    EFWLC01: *spamReceiveTask: spam_lrad.c:19081 Received invalid UDP port (5247) in the packet from AP     70:81:05:af:bb:e0, dropping the packet
    Where as this 70:81:05:af:bb:e0 mac is of ap-manager Interface
    During Error Message some clients were facing outage. But now error is not recieved again.  I want to know root cause of this error message which i canot find on cisco website.
    WLC Controller Model is AIR-WLC2106
    Software Version                 7.0.235.0
    Up Time                 199 days, 11 hours, 2 minutes
    Jawad       

    UDP 5247 is the CAPWAP/LWAPP control protocol. The protocol packets obviously must have been corrupted and that is why the Controller could not interprete messages from the AP. The only resolution is to either use the Cisco bug toolkit and search if it is a bug perculiar to 2106 WLC or you open a TAC support case.
    I would suggest that you hold off till the error occurs again. If it does, swap the AP and if it continues, open a TAC case.
    Cheers

  • CSS 11155 drops fragmented packets.

    My CSS 11155 WebNS 6.10 drops fragmented packets to VIP configured on a layer 4 rule.
    I have seen plenty on how to handle this with WebNS 7 but is there a way to handle this on version 6?
    Regards,
    Paul.

    I have found the link for troubleshooting the CSS 11155 hardware, please have a look at it.
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_installation_guide_chapter09186a00801760b3.html#wp1031725

  • Default class map is dropping all Packets

    Hello I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time.  I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part. Any help is greatly appreciated!!!!
    The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
    Guest VLAN has access to 2 IP's in Data for printing.
    Cisco871#sh run
    Building configuration...
    Current configuration : 8005 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    service sequence-numbers
    hostname Cisco871
    boot-start-marker
    boot-end-marker
    logging buffered 4096
    no logging console
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    clock summer-time PST recurring
    crypto pki trustpoint TP-self-signed-4004039535
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-4004039535
    revocation-check none
    rsakeypair TP-self-signed-4004039535
    crypto pki certificate chain TP-self-signed-4004039535
    certificate self-signed 01
      3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 34303034 30333935 3335301E 170D3038 30323037 30373532
      32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303430
      33393533 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100CEC2 7B89C73F AB4860EE 729C3B64 82139630 239A2301 8EA8B4C4 05505E25
      B0F24E7F 26ECEC53 3E266E80 F3104F61 BDDC5592 40E12537 2262D272 08D38F8E
      147F5059 7F632F5E 635B9CDF 652FFE82 C2F45C60 5F619AF0 72E640E0 E69EA9EF
      41C6B06C DD8ACF4B 0A1A33CF AF3C6BFB 73AD6BE0 BD84DD7F 435BD943 0A22E0E5
      F4130203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
      551D1104 18301682 144C7570 696E2E44 61627567 61626F6F 732E6F72 67301F06
      03551D23 04183016 801473C6 E0784818 29A89377 23A22F5E BDD430CE E282301D
      0603551D 0E041604 1473C6E0 78481829 A8937723 A22F5EBD D430CEE2 82300D06
      092A8648 86F70D01 01040500 03818100 299AD241 442F976F 4F030B33 C477B069
      D356C518 8132E61B 1220F999 A30A4E0C D337DCE5 C408E3BC 0439BB66 543CF585
      8B26AA77 91FA510B 14796239 F272A306 C942490C A44336E0 A9430B81 9FC62524
      E55017FA 5C5463D7 B3492753 42315BEC 32B78F24 D10B0CA7 D1844CD5 C3E466B9
      3543BD68 A4B2692D 05CBF6DC C93C8142
                quit
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.0.0.1 10.0.0.5
    ip dhcp excluded-address 172.16.15.1 172.16.15.5
    ip dhcp excluded-address 172.16.15.14
    ip dhcp excluded-address 172.16.17.1 172.16.17.5
    ip dhcp excluded-address 192.168.19.1 192.168.19.5
    ip dhcp pool MyNetNative
       import all
       network 10.0.0.0 255.255.255.248
       default-router 10.0.0.1
       domain-name MyNetNet.org
       dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
       lease 0 2
    ip dhcp pool MyNetData
       import all
       network 172.16.15.0 255.255.255.240
       dns-server 172.16.15.14 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
       default-router 172.16.15.1
       domain-name MyDomain.org
    ip dhcp pool MyNetVoice
       import all
       network 172.16.17.0 255.255.255.240
       dns-server 172.16.15.14
       default-router 172.16.17.1
       domain-name MyDomain.org
    ip dhcp pool MyNetGuest
       import all
       network 192.168.19.0 255.255.255.240
       default-router 192.168.19.1
       domain-name MyNetGuest.org
       dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
    ip domain name MyDomain.org
    ip name-server 172.16.15.14
    ip name-server 4.2.2.4
    ip inspect log drop-pkt
    multilink bundle-name authenticated
    parameter-map type inspect TCP_PARAM
    parameter-map type inspect global
    username MyAdmin privilege 15 secret 5 MyPassword
    archive
    log config
      hidekeys
    class-map type inspect match-all MyNetGuest-access-list
    match access-group 110
    class-map type inspect match-any Base-protocols
    match protocol http
    match protocol https
    match protocol ftp
    match protocol ssh
    match protocol dns
    match protocol ntp
    match protocol ica
    match protocol pptp
    match protocol icmp
    match protocol tcp
    match protocol udp
    class-map type inspect match-all MyNetGuest-Class
    match class-map MyNetGuest-access-list
    match class-map Base-protocols
    class-map type inspect match-all MyNetNet-access-list
    match access-group 100
    class-map type inspect match-any Voice-protocols
    match protocol h323
    match protocol skinny
    match protocol sip
    class-map type inspect match-any Extended-protocols
    match protocol pop3
    match protocol pop3s
    match protocol imap
    match protocol imaps
    match protocol smtp
    class-map type inspect match-all MyNetNet-Class
    match class-map MyNetNet-access-list
    match class-map Voice-protocols
    match class-map Extended-protocols
    match class-map Base-protocols
    policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
    class type inspect MyNetNet-Class
      inspect
    class class-default
    policy-map type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
    class type inspect MyNetNet-Class
      inspect
    class class-default
    policy-map type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
    class type inspect MyNetGuest-access-list
      inspect
    class class-default
    policy-map type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
    class type inspect MyNetGuest-Class
      inspect
    class class-default
    policy-map type inspect MyNetNet-zone
    class class-default
      pass
    zone security MyNetNet-zone
    zone security MyNetGuest-zone
    zone security MyNetWAN-zone
    zone-pair security MyNetNet->MyNetGuest source MyNetNet-zone destination MyNetGuest-zone
    service-policy type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
    zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
    service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
    zone-pair security MyNetGuest->MyNetWAN source MyNetGuest-zone destination MyNetWAN-zone
    service-policy type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
    zone-pair security MyNetGuest->MyNetNet source MyNetGuest-zone destination MyNetNet-zone
    service-policy type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
    interface FastEthernet0
    description Cisco-2849-Switch
    switchport mode trunk
    speed 100
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    description SBS-Server
    switchport access vlan 10
    spanning-tree portfast
    interface FastEthernet4
    description WAN
    no ip address
    ip mtu 1492
    ip nat outside
    ip virtual-reassembly
    zone-member security MyNetWAN-zone
    ip tcp adjust-mss 1452
    duplex auto
    speed auto
    no cdp enable
    interface Vlan1
    description MyNetNative
    ip address 10.0.0.1 255.255.255.248
    ip nat inside
    ip virtual-reassembly
    zone-member security MyNetNet-zone
    ip tcp adjust-mss 1452
    interface Vlan10
    description MyNetData
    ip address 172.16.15.1 255.255.255.240
    ip nat inside
    ip virtual-reassembly
    zone-member security MyNetNet-zone
    interface Vlan20
    description MyNetVoice
    ip address 172.16.17.1 255.255.255.240
    ip nat inside
    ip virtual-reassembly
    zone-member security MyNetNet-zone
    interface Vlan69
    description MyNetGuest
    ip address 192.168.19.1 255.255.255.240
    ip nat inside
    ip virtual-reassembly
    zone-member security MyNetGuest-zone
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    access-list 100 remark MyNetnet
    access-list 100 permit ip 10.0.0.0 0.0.0.7 any
    access-list 100 permit ip 172.16.15.0 0.0.0.31 any
    access-list 100 permit ip 172.16.17.0 0.0.0.15 any
    access-list 110 remark MyNetGuest
    access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.2
    access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.3
    access-list 110 deny   ip 192.168.19.0 0.0.0.15 10.0.0.0 0.0.0.7
    access-list 110 deny   ip 192.168.19.0 0.0.0.15 172.16.15.0 0.0.0.31
    access-list 110 deny   ip 192.168.19.0 0.0.0.15 172.16.17.0 0.0.0.15
    access-list 110 permit ip 192.168.19.0 0.0.0.15 any
    control-plane
    banner login ^CC
    You know if you should be here or not.
             if not please leave
    NOW
    ^C
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    transport input telnet ssh
    scheduler max-task-time 5000
    ntp server 172.16.15.14
    webvpn cef
    end
    Cisco871#sh zone security
    zone self
      Description: System defined zone
    zone MyNetNet-zone
      Member Interfaces:
        Vlan1
        Vlan10
        Vlan20
    zone MyNetGuest-zone
      Member Interfaces:
        Vlan69
    zone MyNetWAN-zone
      Member Interfaces:
        FastEthernet4
    Cisco871#sh zone-pair security
    Zone-pair name MyNetNet->MyNetGuest
        Source-Zone MyNetNet-zone  Destination-Zone MyNetGuest-zone
        service-policy MyNetNet-zone_to_MyNetGuest-zone_policy
    Zone-pair name MyNetNet->MyNetWAN
        Source-Zone MyNetNet-zone  Destination-Zone MyNetWAN-zone
        service-policy MyNetNet-zone_to_MyNetWAN-zone_policy
    Zone-pair name MyNetGuest->MyNetWAN
        Source-Zone MyNetGuest-zone  Destination-Zone MyNetWAN-zone
        service-policy MyNetGuest-zone_to_MyNetWAN-zone_policy
    Zone-pair name MyNetGuest->MyNetNet
        Source-Zone MyNetGuest-zone  Destination-Zone MyNetNet-zone
        service-policy MyNetGuest-zone_to_MyNetNet-zone_policy
    Cisco871#sh int faste4
    FastEthernet4 is up, line protocol is up
      Hardware is PQUICC_FEC, address is 0016.9d29.a667 (bia 0016.9d29.a667)
      Description: WAN
      Internet address is 10.38.177.98/25
      MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 100Mb/s, 100BaseTX/FX
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:00, output 00:34:50, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 2000 bits/sec, 3 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         593096 packets input, 73090812 bytes
         Received 592752 broadcasts, 0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog
         0 input packets with dribble condition detected
         9940 packets output, 1016025 bytes, 0 underruns
         0 output errors, 0 collisions, 3 interface resets
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier
         0 output buffer failures, 0 output buffers swapped out
    Zone-pair: MyNetNet->MyNetWAN
      Service-policy inspect : MyNetNet-zone_to_MyNetWAN-zone_policy
        Class-map: MyNetNet-Class (match-all)
          Match: class-map match-all MyNetNet-access-list
            Match: access-group 100
          Match: class-map match-any Voice-protocols
            Match: protocol h323
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol skinny
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol sip
              0 packets, 0 bytes
              30 second rate 0 bps
          Match: class-map match-any Extended-protocols
            Match: protocol pop3
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol pop3s
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol imap
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol imaps
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol smtp
              0 packets, 0 bytes
              30 second rate 0 bps
          Match: class-map match-any Base-protocols
            Match: protocol http
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol https
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol ftp
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol ssh
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol dns
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol ntp
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol ica
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol pptp
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol icmp
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol tcp
              0 packets, 0 bytes
              30 second rate 0 bps
            Match: protocol udp
              0 packets, 0 bytes
              30 second rate 0 bps
          Inspect
            Session creations since subsystem startup or last reset 0
            Current session counts (estab/half-open/terminating) [0:0:0]
            Maxever session counts (estab/half-open/terminating) [0:0:0]
            Last session created never
            Last statistic reset never
            Last session creation rate 0
            Maxever session creation rate 0
            Last half-open session total 0
        Class-map: class-default (match-any)
          Match: any
          Drop (default action)
            5196 packets, 256211 bytes
    Cisco871#sh log
    Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
                    0 flushes, 0 overruns, xml disabled, filtering disabled)
    No Active Message Discriminator.
    No Inactive Message Discriminator.
        Console logging: disabled
        Monitor logging: level debugging, 0 messages logged, xml disabled,
                         filtering disabled
        Buffer logging:  level debugging, 1745 messages logged, xml disabled,
                         filtering disabled
        Logging Exception size (4096 bytes)
        Count and timestamp logging messages: disabled
        Persistent logging: disabled
    No active filter modules.
    ESM: 0 messages dropped
        Trap logging: level informational, 1785 message lines logged
    Log Buffer (4096 bytes):
    001779: *Feb 15 11:00:55.979: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:61806 => 168.94.0.1:53 with ip ident 511 due to  policy match failure
    001780: *Feb 15 11:00:59.739: %FW-6-DROP_TCP_PKT: Dropping Other pkt 172.16.15.6:4399 => 168.94.69.30:443 due to  policy match failure -- ip ident 515 tcpflags 0x7002 seq.no 974122240 ack 0
    001781: *Feb 15 11:01:26.507: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:51991 => 168.94.0.1:53 with ip ident 625 due to  policy match failure
    001783: *Feb 15 11:01:57.891: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:64470 => 168.94.0.1:53 with ip ident 677 due to  policy match failure

    Hello Charlie,
    I would recomend you to investigate a little bit more about how the ZBFW features works
    Now I am going to help you on this one at least, then I will give you a few links you could use to study
    We are going to study traffic from MyNetNet-zone to the MyNetWan-zone
    First the zone-pair
    zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
    service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
    so lets go policy-map
    policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
    class type inspect MyNetNet-Class
      inspect
    class class-default
    Finally to the class map
    class-map type inspect match-all MyNetNet-Class
    match class-map MyNetNet-access-list
    match class-map Voice-protocols
    match class-map Extended-protocols
    match class-map Base-protocols
    That keyword MATCH-ALL is the one causing the issues!!
    Why?
    Because you are telling the ZBFW to inspect traffic only if matches all of those class-maps so a packet will need to math the base protocols and the extended protocol and as you know that is not possible ( Just one protocol )
    So here are the links
    http://blogg.kvistofta.nu/cisco-ios-zone-based-policy-firewall/
    https://supportforums.cisco.com/thread/2138873
    http://pktmaniac.info/2011/08/zone-based-firewalls-something-to-keep-in-mind/
    http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
    You have some work to do
    Please remember to rate all the helpful posts
    Julio
    CCSP

  • Drop multicast packets at layer 2 or 3 ??

    In one of packet tracer activity in the book "network fundamentals", it said that devices that are not configured to receive multicast traffic will drop packet at Layer 3. However, in the book "routing protocols and concepts", it said differently. It said " In addition, multicasting updates require less processing by devices that are not RIP enabled. Under RIPv2, any device that is not configured for RIP will discard the frame at the data link layer " (it means Layer 2).
      Can anyone help me to explain this? Thank you very much.

    Hi,
    I would keep the TOR switches (3000) as layer-2 only.  Create the SVIs for all your vlans on the 9396 and do the inter-vlan there.  This keep your design pretty simple.
    HTH

  • 6500 with SLB blade dropped the packets from HA device.

    A weird behavior observed in 6500 with SLB blade. the topology is as below:
    client--HA---6500 with SLB----server farm
    The first Syn packet reached the 6500 with client MAC address as source MAC and can be forwarded to the server correctly. But due to HA vendor special behavior, the second Syn packet's source MAC is rewritten to HA device MAC address and this Syn is dropped by the 6500.
    Is this a special feature for 6500? And is it possible to change this behavior?
    Thanks in advance.

    Thanks for your reply.
    1, HA device is from other vendor. It works as transparent mode and the session will be processed by 2 blades in the round-robin schedule.
    The first SYN is processed by the master and reach the 6500 with client MAC as the source MAC. the second SYN is processed by the slave and the source MAC is rewritten to the slave's interface mac. This SYN packet is dropped by either 6500 or CSM, not quite sure.
    2, The image on the 6500 is as below:
    Cisco Internetwork Operating System Software
    IOS (tm) s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB10, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2005 by cisco Systems, Inc.
    Compiled Thu 11-Aug-05 14:15 by kellythw
    Image text-base: 0x40020FBC, data-base: 0x41F20000
    cisco WS-C6503-E (R7000) processor (revision 1.1) with 458752K/65536K bytes of memory.
    Processor board ID FOX0930005J
    SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
    3, which command should be used to "Capture a trace of the csm etherchannel"?
    It seems that only the SYN with rewritten source MAC is dropped. The SYN with client MAC works fine.
    Should you need any other information, pls let me know.
    Thanks & Regards

  • Jmf dropping RTP packets

    I'm writing an RTP de-packetizer for MPEG-4 video, but the JMF RTP implementation seems to be dropping packets. I've verified that the packets are arriving on my computer in order and on time. But some are never given to my de-packetizer. Has anyone else come across this, and if you have, have you found a solution?
    Scott

    There are some video and audio codecs in JMF that have this problem. 1 in every 6 packets is lost.. I guess it's not a problem but rather a bug in RTP sequencing. Packets are probably not lost... Just the RTP sequence is misplaced..
    there are some existing threads that discussed this in the past. try to search.

  • 4400 Controller Dropping DHCP Packets

    We have a working wireless set up with an external DHCP server. We just tried to set up a new one but we are faced with this issue:
    Client DHCP requests are forwarded from the controller to the serve. The server sees the requests and assigns addresses but for some reason the clients aren't able to get them. From what I'm reading around the 'net it looks like it could be an Option 43 setting or that th controlles is dropping the request. If anyone has ideas it would be much appreciated.
    Cisco 4400 Controller with software ver. 4.2.61.0
    Justin

    Do you have an Option 43 setup for the clients, or for the AP's to connect to the controller over a L3 link? In the Interface setup that the WLAN is linked to, did you add or change the IP address to the list of DHCP servers for that link. The controller pretty much forwards everything on to the LAN, but then restricts the packets from the LAN to the WLAN. I hope this helps.

  • Airport dropping TCP packets on MBP 17"

    Last week I bought a MBP 17" ... while doing a battery of tests for connectivity, what failed was getting a consistent Internet connection via Airport.
    While the signal strength is all bars, when I ping my DLink Access point from 10-ft away, I get about 25%-30% packet loss. My Macmini which is about 30-ft away and thru 2 walls, gets 0% packet loss Airport to the same access point. My wired ethernet MBP-to-DLink connection results in 0% packet loss, indicating problems are restricted to the MBP Airport connection.
    I took the MBP to the Genius bar at the local Apple store, where they swapped it for another MBP 17". The issue persists with the 2nd MBP 17" as well.
    Anyone having similar issues or have resolved this ?
    Macbook Pro 17" | Powermac G5 | Cinema HD 23" | Mac mini | iPod 5G | Shuffle   Mac OS X (10.4.6)  

    Well ... After reading various forums and experimenting, what finally appears to be working is turning off compression on the Access Point.
    I use a DLink DI-614+ router. I went into the Advanced Tab, and chose Performance. Once on the performance page, I clicked on 'disabled' in the 4X Mode and adjusted the RTS Threshold and the Fragmentation to default values.
    Folks running into similar problems may try the above.
    Good luck.
    Macbook Pro 17" | Powermac G5 | Cinema HD 23" | Mac mini | iPod 5G | Shuffle   Mac OS X (10.4.6)  

  • Java Library to drop the incoming packet flow

    hi there,
    i m planning to make application layer filter. i need to drop the flow of incoming packets. So can anyone suggest me any java library which is able do this?
    or else if i have to create my own library then how can i proceed in that?

    thnx oscar 4 ur reply...
    actually i want to drop the incoming packets which r coming from restricted URL. means any how i want to restrict the user to see the particular webpage.
    so if cant hav this low level API in java, then can u suggest me how to implement it in other way?..
    i hav to make this project in JAVA only.
    i have got one API named "libipq" (source: snort.org) which can drop the packet flow. But this API is for linux OS and i want to implement on windows... pls help

  • Firewall Dropping Packets - %FW-6-DROP_PKT: Dropping tcp session X.X.X.X X.

    Hi,
    Can anyone explain this error and what is a stray Segment with the IP ident 46866. I can't seem to find this error on the Cisco web site the only bug appears to be to do with Zone firewalls. I have an 877 Router on a remote site configured with IPSEC and a Tunnel back to the main office and I'm getting reported connection issues to network drives on servers located local to the LAN and on the headend LAN. Can't seem to find any other errors apart from this one.
    %FW-6-DROP_PKT: Dropping tcp session X.X.X.X X.X.X.X due to
    Stray Segment with ip ident 46866 tcpflags 0x5010 seq.no 1237259566 ack 3465174792
    If any one could help or point me in the right direction that would be great. Failing that I'm jumping off this building.
    Ta
    Jim

    This may help:
    Caveat "CSCsj30582"
    http://www.cisco.com/en/US/docs/ios/12_4t/release/notes/124TCAVS.html
    Symptoms: A Cisco IOS router that is running ZPF (Zone-based Policy Firewall) intermittently drops ESP packets even when it is configured to pass them. This causes traffic over an IPsec VPN tunnel through this router to fail intermittently, although the tunnel is up and phase 1 (isakmp) and phase 2 (ipsec) SAs have been established. If the router is configured to log dropped packets, it will log a %FW-6-DROP_PKT syslog message for these packets.
    Conditions: This symptom is observed on a Cisco IOS router that is enabled with ZPF (Zone-based Policy Firewall) and that is configured to pass the ESP traffic based on a "match access-group" policy, where the access list has entries to permit the ESP traffic specifically from one host to another.
    For example:
    class-map type inspect match-any cm-esp match access-group 100
    policy-map type inspect in2out class type inspect cm-esp pass
    access-list 100 permit esp host 10.0.0.2 host 10.1.1.2 access-list 100 permit esp host 10.1.1.2 host 10.0.0.2
    Workaround: Configure the access list so that the source is "any", for example:
    access-list 100 permit esp any host 10.1.1.2 access-list 100 permit esp any host 10.0.0.2
    First Alternate Workaround: Use the classic Cisco IOS firewall instead of ZPF; that is, use "ip inspect".
    Further Problem Description: If an explicit deny rule is added to the above example, for example:
    access-list 100 permit esp host 10.0.0.2 host 10.1.1.2 access-list 100 permit esp host 10.1.1.2 host 10.0.0.2 access-list 100 deny esp any any
    Then the show access-list command will indicate that the dropped packets are hitting the deny rule, although they should match one of the permit rules:
    Router# show access-lists 100
    Extended IP access list 100 10 permit esp host 10.0.0.2 host 10.1.1.2 (999 matches) 20 permit esp host 10.1.1.2 host 10.0.0.2 (999 matches) 30 deny ip any any (1 match)

  • VOIP VLAN using 802.1q frames causing massive dropped packets

    I have a MBP 2.16 connected via 1Gbps Ethernet to my corporate network. I also have a Cisco 7960 VOIP phone and it seems that 802.1q VOIP VLANs are causing the MBPro's Marvell Yukon Gigabit Ethernet adapter to drop 1326 packets out of 3559. It's absolutely unusable at my office, where my laptop is my main machine. I'm having to use my Compaq N610c to browse the Internet and read e-mail. Apple, please update the driver and save me!!!

    I'd check a few things, are you sure the switch that you are connected to is really at 1000Base-T? If it is a Cisco switch I've seen all sorts of probems with auto-negotiation, I'd try to get your network administrator to "fix" the port at the speed you wish to run your network at (ie 100/1000) make sure the duplex is set correctly on the MacBook Pro (make sure it is set to the same as the switch). Also ensure that jumbo frames are enabled on the Cisco switch and make sure the MTU is set correctly for your network. This involves some tweaking of the ethernet interface in the network preferences of OS X.
    Of course if there are indeed 802.1q problems with the onboard NIC then you could get your network administrator to disable .1q frames on the port that your MBP is connected to, you won't be able to use a "loop through" port on a VoIP phone if the phone relies on .1q trunking, so you'll need a port for the phone and a seperate .1q clean port for the MBP.

  • Multicast dropped and invalid packets

    Hi,
    I've read all I can on the cisco.com site and not found a good explanation of dropped and invalid IGMP packets.
    This output is displayed from a cat os 'show igmp statistics', dropped packets and also invalid packets.
    What are these and what can cause them??
    Thanks

    Hello David,
    do you happen to see entries in your logs such as:
    %MCAST-6-IGMP_PKT_DROPPED: IGMP: IGMP Queue full (high packet rate/CPU busy), dropped [dec] packet(s) in last 5 minutes
    According to CCO, ´this message indicates that the IGMP packet queue is not able to accommodate additional packets. Any additional packets will be dropped without processing.
    Recommended Action: Reduce the IGMP packet rate to prevent packets from being dropped´
    You might want to try and enable IGMP Snooping (set igmp enable) on your switch, in order to reduce the number of IGMP packets sent...
    Regards,
    GP

  • AIP-SSM configured with event action "produce alert", but it drop packets

    Hi, I configured an AIP-SSM IPS on event action for "Produce Alert", but when fire a signature, it drop the packets. So, what will be the problem?

    Try these links:
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/cliguide/clievact.htm#wp1034058
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

  • Sonicwall DHCP over VPN drops packets

    I have a similar setup without any packet loss. I followed this article for setup. Hope it helps!
    http://www.sonicwall.com/downloads/Site_to_Site_VPN_Using_DHCP_over_VPn__SonicOS_Enhanced_at__.pdf

    Playing with TZ205 DHCP over VPN.
    Used Sonicwall GVC for management using static IP for years.  Having handful of other network changes recently I decided to turn on DHCP over the VPN.  It's a split tunnel.
    Last few days I've been having frequent packet drops every 5-10min.  RDP sessions have to re-sync, ect.  It always picks up in ~5-10 seconds.  Until the next drop ~5 min later.  Well after troubleshooting I've found it's the DHCP over VPN change.
    If I return to static IP on sonicwall virtual adapter it never drops any packets. (Sonicwall client settings set to allow DHCP or manual)
    Updated to SonicOS Enhanced 5.9.1.1-39o , DHCP assigned VPN clients still dropping.
    *DHCP server just assigns IP/Mask.  No GW or DNS.  Same as when I set static.
    Any ideas?  Thanks!
    This topic first appeared in the Spiceworks Community

Maybe you are looking for

  • Can't get Photoshop Elements 12 to begin installing on my Windows 7 laptop - got software through Wacom?

    Hey guys, bear with me here because I am the opposite of tech-savvy and I'm getting really frustrated. I can't find answers anywhere and nobody in my family has been able to help. I recently bought an IntuosPro drawing tablet from Wacom - it came wit

  • Important changes in AC models

    A few issues have come up and my ignorance of the new AC models is causing me and possibly others to make mistakes. Some major changes happened. It is really important if you are used to using Extreme or TC to read the setup manual and not assume you

  • I plugged my ipod into my computer and all my music disappeared

    I'm not sure what happened but I plugged my ipod into my computer to have the new music loaded onto it and it took all my old music off. It also wont allow me to even put the music on my computer onto my ipod. I didnt change the settings on anything,

  • Remote login sun box to winOS box

    Hi I am as a root on sun (Solaris OS) box want to run some command on my remote site windows OS based system trying to connect via LAN to WAN and I have lists of users and his passwords for windows system. Could someone help me about how to connect a

  • HT2736 iTunes store - redeem code not working!

    I purchased a gift last night on the iTunes store and this morning when we tried to redeem the code for one of our gift recipients, the iTunes store informed us that the gift was already redeemed! Please have someone contact us to reconcile this prob