Duplicate IP address using Mirrored switch ports
Hi All,
Here's a good one. We use Websence and have an agent installed on one of our T1 Netras in a routed subnet. To collect info from all the traffic in that subnet we mirrored the uplink port to the gateway. Thus all traffic on that port is mirrored to the Solaris 10 box. Shortly after mirroring we started receiving duplicate ip address errors.
Hardware address '00:03:XX:XX:XX:XX' trying to be our address XXX.XXX.XXX.XXX.
With further investigation we discovered that when we ping a host that exists no error is generated. Pinging an ip that is not there produces the errors!
It seems that an ARP request that is not answered is being bounced back through the mirrored port. When the box sees this it thinks that another box is trying to send out the ARP broadcast.
With valid IP with snoop:
SUN01 -> 192.XXX.XXX.4 ICMP Echo request (ID: 615 Sequence number: 0)
192.XXX.XXX.4 -> (broadcast) ARP C Who is 192.XXX.XXX.10, SUN01 ?
SUN01 -> 192.XXX.XXX.4 ARP R 192.XXX.XXX.10, SUN01 is 0:3:ba:27:2e:9d
192.XXX.XXX.4 -> SUN01 ICMP Echo reply (ID: 615 Sequence number: 0)
With invalid IP with snoop:
SUN01 -> (broadcast) ARP C Who is 192.XXX.XXX.2, 192.XXX.XXX.2 ?
SUN01 -> (broadcast) ARP C Who is 192.XXX.XXX.2, 192.XXX.XXX.2 ?
No i didn't copy and paste it twice!! :p
Since nothing responds the box assumes that the message came from someone else. Its like talking into a mirror thinking that the reflection is speaking for you so you stop and complain that his lips moved!!
When looking at the arp table we found only a hand full of entries. Since there are around a 10 nodes we should see more. We removed the publish flag for the host and the duplicate IP problem goes away. Fixed, sorta. when all the arp caches clear we might run into the issue of not being able to communicate with it.
The cache on the box quickly filled up with arp entries. Another note, we use this box as a DHCP/BootP relay. Not sure if this will be affected.
I guess a possible workaround would be to set up an ARP proxy for this box , but not sure it will still report that there is another box with the same IP on the network.
Any Help with this is appreciated.
thank you
Sorry been on vacation the last couple of weeks...
I created this little script to fix the problem
root@srelay01:/etc/rc2.d> more S05arpset
#!/bin/sh
arp -s srelay01 00:03:ba:27:2e:9d
if you find that you need to broadcast try using the -p switch with it on another box. The problem is gone and the system interacts on the network fine. I would still love to know why this happens.
Good luck!
Similar Messages
-
Just installed Firefox for my boss, and ran into something I've not seen before. When trying to access our private camera system, that uses specific ports, I got this message: "This address is restricted - This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."
Cannot find a setting in Firefox to correct this problem. Please help.Hello,
Can you please check if either of these links help in the resolution of the issue
# [http://kb.mozillazine.org/Network.security.ports.banned.override Firefox ports override]
#[http://blog.christoffer.me/post/2012-02-20-how-to-remove-firefoxs-this-address-is-restricted/ Remove Firefox this address is restricted error]
Thank you -
Problem with ip address in L3 switch port
Hi Experts,
I am getting error when trying to give ip address to 3550 switch interfcae
check below error
SW-3500(config)#
SW-3500(config)#int fa0/7
SW-3500(config-if)#no swi
SW-3500(config-if)#no switchport mo
SW-3500(config-if)#no switchport mode
SW-3500(config-if)#no switchport acce
SW-3500(config-if)#no switchport access vla
SW-3500(config-if)#no switchport access vlan
SW-3500(config-if)#ip address 1.1.1.1 255.0.0.0
^
% Invalid input detected at '^' marker.
SW-3500(config-if)#^Z
SW-3500#
00:15:38: %SYS-5-CONFIG_I: Configured from console by consolesh ver
SW-3500#sh version
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE IN
TERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 17-Jul-00 18:29 by ayounes
Image text-base: 0x00003000, data-base: 0x00301F3C
ROM: Bootstrap program is C3500XL boot loader
SW-3500 uptime is 15 minutes
System returned to ROM by power-on
System image file is "flash:c3500XL-c3h2s-mz-120.5.2-XU.bin"
cisco WS-C3524-XL (PowerPC403) processor (revision 0x01) with 8192K/1024K bytes
of memory.
Processor board ID FAA0502M1GG, with hardware revision 0x00
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:04:C1:C1:F1:C0
Motherboard assembly number: 73-3904-11
Power supply part number: 34-0851-02
Motherboard serial number: FAB0501B21D
Power supply serial number: PHI044502HF
Model revision number: A0
Model number: WS-C3524-XL-EN
System serial number: FAA0502M1GG
Configuration register is 0xF
SW-3500#Hi,
Thanks for your soon reply i appied no switchport
but it is incomplete coomand.Please check below config
SW-3500(config-if)#no switchport
% Incomplete command.
SW-3500(config-if)#no switchport ?
access Set access mode characteristics of the interface
mode Set trunking mode of the interface
multi Set characteristics when in multi-VLAN mode
priority Set 802.1p priorities
trunk Set trunking characteristics of the interface
voice Voice appliance attributes -
Multiple instances of WL on the same box :several Ip addresses using the same port
Hi all,
I want to set up several instances of WL on the same server. These
instances will be clustered.
I am using Apache for the WebServer.
Here the configuration I used:
I first change the weblogic.conf file in Apache to set up the bridge.I
restart apache using apachectl.
Then, on the WebLogic site, I created a new ipadress using ifconfig
hme0:1 ip adress ...
I created a file hostname.hme0:1 in /etc
I added this Ip address in /etc/hosts.
I added this Ip address in the mycluster DNS.
I wanted to start both WL manually using startWebLogic.sh file to see
the log file.
So, I first assign hostname to WL1. Then start WL.
I opened an other terminal. Assign the hostname to WL2. Then start using
startWebLogic.sh.
The first instance started correctly.When the second started, there was
an error: when listening to the port 7001, this port was already used.
That was the same with the port 7002.
Then , my question is How is it possible to configure several instances
on the same machine using several ip addresses and one port.
Thank you for your help.
ErwanPlease try -Dweblogic.system.bindAddr=<a.b.c.d> in your startWebLogic.sh.
Brian
"Merg" <[email protected]> wrote:
>> Then , my question is How is it possible to configure
>> several instances on the same machine using several
>ip
>> addresses and one port. Thank you for your help. Eourwan
>
>On Win2K/WinNT you can assign several IP adresses to you
>NIC. (Advanced
>TCP/IP options.) Each server instance has to run on it's
>own port.
>
>Regards,
>Merg
>
>
-
Need to access the receiver to set up internet radio. Followed instruction in receiver owner's manual
See:
* http://www.mozilla.org/projects/netlib/PortBanning.html
* http://kb.mozillazine.org/network.security.ports.banned.override -
Note I also need to be able to install an active x feature.
See http://www.mozilla.org/projects/netlib/PortBanning.html
* http://kb.mozillazine.org/network.security.ports.banned.override -
Find IP address/machine connected to a cisco switch port
hello,
I need to know which IP/device is connecetd to a cisco Switch port.
I can get the mac-address of that switch port using sh mac-add command, but with the mac address how can i find that which ip belongs to this mac.
is there way i can do this, i know i can do the other way meaning with IP i can find to which port its connected ,but dont know how to find this MAC to IP with switch without the need for additional toolsHey Anantha ,
Hop u r doing good,
If u dont know ip address of devices present on specific vlan and wanted to track end device ip address please try
follow this below
steps 1:ping it to brodcast ip address of subnet
for ex
R1--SW1--SW2--(H1
--H2
R1..1.1.1.1/24
H1..1.1.1.2/24
H2.1.1.1.3/24
So u r brodacast ip is 1.1.1.255
ping 1.1.1.255
Sending 1000, 100-byte ICMP Echos to 1.1.1.255, timeout is 2 seconds:
Reply to request 8 from 1.1.1.2, 28 ms
Reply to request 9 from 1.1.1.3, 64 ms
u will get reply from all host present on that segment and ur arp table will get flood with ip and respective mac on
your L3 device...(R1 in this example)
Step2: then u can use command
sh ip arp ..to see ip and respective mac associate with it
R1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 1.1.1.1 - c000.2498.0000 ARPA Vlan2
Internet 1.1.1.2 0 c003.2498.0000 ARPA Vlan2
Step3: see the mac learned from specific port
R1#sh mac address c003.2498.0000
Destination Address Address Type VLAN Destination Port
c003.2498.0000 Dynamic 2 FastEthernet1/1
Step4:If u have all cisco devices then u can use CDP
to check wht device connect to ur interface
R1#sh cdp ne fa1/1 detail
Device ID: SW1.lab.local
Follow this way, hop u will trace devices present on ur network
Hop this informative,
Regards,
Ashish shirkar -
Can't get switch ports to work
Okay so I have a basic home lab, 2600 router x2 and 2900 XL switch x 2. I've connected each router together (they "see" each other in cdp), and each router to one switch. My problem is that the interfaces that the router connects to the switch won't accept an ip address, (it says unrecognized command) and the switch lights are off). A "show status" says only the trunk port (22 on each switch) are connected. I've checked the cabling, it works, and the cables are out of the box. What am I missing/forgetting?
Sorry if i newb :\ I'm Looking forward to going over static routes xD
Thanks,
Devlin
(I looked throught the documentation, maybe I missed it? I did a config reset on the switches. I bought these used, I hope they aren't broken :\)No, they don't work, POST is fine (The switches boot normally), CABLING IS FINE, they are NOT admin down
Switch1#sho run
Building configuration...
Current configuration:
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname Switch1
ip subnet-zero
!!!!! Omitted fa ports 1-24
interface VLAN1
no ip directed-broadcast
no ip route-cache
line con 0
transport input none
stopbits 1
line vty 5 15
end
Switch1#sho int status
Says every port except the ports trunking between the two switches is "not connected"
!!!!!HERES AN EXAMPLE OF ON OF THE DOWN SWITCHPORTS!!!!!
Switch1#sho int fa0/1
FastEthernet0/1 is down, line protocol is down
Hardware is Fast Ethernet, address is 00b0.647f.6681 (bia 00b0.647f.6681)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Auto-duplex , Auto Speed , 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 1d23h, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 64 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast 0 input packets with dribble condition detected
2 packets output, 424 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
Switch1# sh version
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC8, RELEASE SOFTWAR
E (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 19-Jun-03 13:09 by antonino
Image text-base: 0x00003000, data-base: 0x0034E2F4
ROM: Bootstrap program is C2900XL boot loader
Switch1 uptime is 1 day, 23 hours, 31 minutes
System returned to ROM by power-on
System image file is "flash:c2900xl-c3h2s-mz.120-5.WC8.bin"
cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byt
es of memory.
Processor board ID FAA0402G17B, with hardware revision 0x03
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:B0:64:7F:66:80
Motherboard assembly number: 73-3425-10
Power supply part number: 34-0920-01
Motherboard serial number: FAA04019FEM
Power supply serial number: NONE
Model revision number: A0
Model number: WS-C2924M-XL-EN
System serial number: FAA0402G17B
Configuration register is 0xF
I'm really desperate here I have no idea what the problem is, and I cannot prepare for the exam without being able to assign ip addresses to the switch ports. If anyone can help me I would be EXTREMELY grateful.
Thanks
Devlin -
Hello everyone,
Quick questions about Switch port status logging.
Cisco Switches usually log port status (UP/DOWN) at notification log level.
Does anyone know at which log level it reports its negotiations ? If port degraded from Gig/Full to 100/Full, will it report it to syslog, if yes then at what log level
Switch is :
WS-C3750X-48T-E
15.0(2)SE4
Any hint / reply highly appreciated.
Thank you,
MuhammadI am facing some issues with port-security in my network environment. The issue comes when we try to move users(PC/Phone) from one place to another in the same floor off course they belong to the same access switch.
The PC and phone does not connect even after we reset the port/clear the ARP/Mac-Address-Table.
also if try to manually bind the mac-address to the switch port it says : duplicate address" address already there message.
can any one share why this type of behavior and how to over come this problem. -
Windows 7 / 2008 duplicate static address when using 802.1x / MAB - ISE
Hi all!
ISE 1.1.3
Cisco 3750 switches
Windows XP / 7 / 2008 clients
I'm having some weird issues were if a client connects to a switchport and happens to be using a static IP address then the client warns of a duplicate address problem. Also the client will then only show the default gateway within ipconfig even though the IP address / mask is still in the GUI network properties of the adaptor. This is happening with Windows 7 and Windows 2008 devices.
Windows XP clients don't get the issue.
Some clients will use 802.1x native supplicant and some will be authenticated based on MAB. Not noticed the problem with 802.1x clients but it always occurs on MAB.
I came across a similar issue here:
http://networkingblog.vvlabs.com/2012/07/cisco-ise-duplicate-ip-address-windows-7.html
Going of that blog I tried using the "ip device tracking delay probe delay" command but the switches don't recognise the "delay" keyword.
The switches are 3750 switches running version 12.2(58)SE2.
All I have is "count, interval, use-svi" as extra options.
Catalyst 4500 switch guide has "delay" option but no "count, interval or use-svi".
The only way I have managed to avoid the problem is using the second solution which is a registry hack on each client. This is fine for the odd server but not realistic when there will be hundreds of other clients.
Any ideas?Hi
We are doing 802.1x for clients using the Windows supplicant. For clients not using supplicants we are using MAB. So the print servers and printers use MAB.
Extract of config...
aaa new-model
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius
aaa server radius dynamic-author
client x server-key 7 x
client x server-key 7 x
aaa session-id common
clock summer-time BST recurring last Sun Mar 23:00 last Sun Oct 23:00
system mtu routing 1500
vtp mode transparent
authentication mac-move permit
ip routing
no ip domain-lookup
ip device tracking
dot1x system-auth-control
dot1x critical eapol
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet1/0/1
description ### Dot1x with MAB fallback ###
switchport mode access
switchport voice vlan 2
ip access-group ACL-DEFAULT in
srr-queue bandwidth share 10 10 60 20
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 0
authentication timer reauthenticate server
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x timeout tx-period 5
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
ip http server
ip http secure-server
ip access-list extended ACL-DEFAULT
remark Deny access to new network
deny ip any 172.x.x.x 0.0.0.255 log
remark Allow everything else to other networks
permit ip any any
ip radius source-interface Vlan2
logging esm config
logging host x transport udp port 20514
logging host x transport udp port 20514
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-1
address ipv4 x auth-port 1645 acct-port 1646
key 7 x
radius server ISE-2
address ipv4 x auth-port 1645 acct-port 1646
key 7 x -
Use one IPS port to create tunnel to two remote MDS switches?
is it possible to use one gigabit port on MDS IPS 14+2 linecard to create FCIP tunnels between two other remote MDS switches?
each tunnel will allow a different VSAN. this is kindda crude but gotta do it, if it can be doneyes it can be done, make 1 FCIP profile defining the Ip address of the GE interface. Then create 2 different FCIP interfaces ( tunnels ) each one will use the same profile, but have different peers.
-
WRT320N Can't get IP Address - only using 1 wired port - no internet access - web setup pages hang
Just bought Linksys WRT320N to replace Netgear MR814.
Can't get connected to internet using Linksys WRT320N.
Setup:
ISP: Cox Communications (Cable)
Firmware: v1.0.03 build 010 Jul 24, 2009
1 wired - port 1- to Windows XP SP 3 Dell Desktop
Setup Attempts:
1. Tried to setup using install CD. Kept erroring out with Error 302: Internal Error. tried this 3 times
2. Went through the reset, power down, power up procedures.
3. Ping 192.168.1.1 = success
4. Connected to 192.168.1.1 via web browser
5. Set MAC Address = computer's MAC address
6. Set MTU = Auto (1500). Also tried Manual 1492
Was unable to get IP address using IP Address Release and IP Address Renew. Internet IP Address still = 0.0.0.0
Note that the web page will always get stuck after perfoming a couple of actions (like after switching between tabs). Message in bottom of browser is "Wating for http://192.168.1.1/Status_Router.asp". And on the screen the hourglass symbol never goes away.
Note that the old Netgear router still works fine and I am currently connected to the internet using the Netgear router. I'd appreciate any help getting the new Linksys router functioning/connecting to the internet/obtaining and IP address.
Thanks for your help.
Solved!
Go to Solution.I don't know where I was unclear: you wrote before that you have used the mac address clone function on the WRT to clone the MAC address of the PC. This way the WRT "pretends" to be the PC if you connect the WRT internet port to your modem.
However, the PC is not the device which you used before to connect to the internet. The PC was not the device which was connected before to the modem. If you connect the PC directly to your modem it won't get an IP address either. It won't have internet.
The problem is that your ISP only allows you to have a single active internet connection at any given time. If you simply connect a different device with a different MAC address to your modem this other device won't get an IP address. As you have connected the Netgear router to your modem and you have internet then you have to clone the MAC address of your Netgear router. That's the device which is connected to your internet and that's the MAC address for which your ISP has locked your internet connection.
Thus, one more time: clone the MAC address of the netgear router (the internet or WAN port MAC address) on your Linksys router. Then the Linksys pretends to be the Netgear router and your ISP should accept the Linksys router. The netgear router should have a status page in it's web interface which shows you the correct MAC address to be cloned. -
Tor resolves ip address using port 80 [SOLVED]
Hey everyone,
I'm trying to provide a service to fellow internet users that don't like their internet traffic to be snooped on. To explain my situation I'll tell something about my setup.
I use a router to access the internet. I let a router set up a vpn connection to my vpn provider. Then I tell it, using iptables, to redirect all http and https traffic through the VPN tunnel and let all other traffic go over the standard WAN. Not entirely true, I also redirect all udp and icmp traffic through the vpn tunnel.
I have a server that I want to act as the TOR relay. I want it to use the WAN acces and not go over the VPN. This makes sure I don't burden my vpn provider with a bunch of traffic that can just use my WAN acces.
When setting up the TOR relay I use port 4436 as the relay port and port 9030 as the Directory port. My router directs all this traffic over the WAN. I also port forward these ports in the router towards the server.
The TOR relay seems to work but not entirely. I have the following message log: (I have replaced the ip addresses that belong to my WAN and VPN tunnel with "<wan-ip>" and "<vpn-ip>" to make it clearer. )
sep 04 17:29:48.164 [Notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
sep 04 17:35:08.532 [Notice] Our IP Address has changed from <wan-ip> to <vpn-ip>; rebuilding descriptor (source: 154.35.32.5).
sep 04 17:35:09.883 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
sep 04 17:55:08.476 [Warning] Your server (<vpn-ip>:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
sep 04 18:15:08.476 [Warning] Your server (<vpn-ip>:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
sep 04 18:26:44.664 [Notice] Our IP Address has changed from <vpn-ip> to <wan-ip>; rebuilding descriptor (source: 128.31.0.34).
sep 04 18:26:45.117 [Notice] Our IP Address has changed from <wan-ip> to <vpn-ip>; rebuilding descriptor (source: 194.109.206.212).
sep 04 18:26:49.342 [Notice] Our IP Address has changed from <vpn-ip> to <wan-ip>; rebuilding descriptor (source: 76.73.17.194).
sep 04 18:26:58.255 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
sep 04 18:33:01.221 [Notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
sep 04 18:36:52.096 [Notice] Our IP Address has changed from <wan-ip> to <vpn-ip>; rebuilding descriptor (source: 212.112.245.170).
sep 04 18:37:10.626 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
sep 04 18:56:51.965 [Warning] Your server (<vpn-ip>:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
sep 04 19:16:51.967 [Warning] Your server (<vpn-ip>:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
sep 04 19:27:44.011 [Notice] Our IP Address has changed from <vpn-ip> to <wan-ip>; rebuilding descriptor (source: 128.31.0.34).
sep 04 19:27:44.092 [Notice] Our IP Address has changed from <wan-ip> to <vpn-ip>; rebuilding descriptor (source: 171.25.193.9).
sep 04 19:27:44.095 [Notice] Our IP Address has changed from <vpn-ip> to <wan-ip>; rebuilding descriptor (source: 128.31.0.34).
sep 04 19:27:44.098 [Notice] Our IP Address has changed from <wan-ip> to <vpn-ip>; rebuilding descriptor (source: 194.109.206.212).
sep 04 19:27:50.211 [Notice] Our IP Address has changed from <vpn-ip> to <wan-ip>; rebuilding descriptor (source: 76.73.17.194).
sep 04 19:27:55.398 [Notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
sep 04 19:28:08.914 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
sep 04 19:29:45.764 [Warning] We just marked ourself as down. Are your external addresses reachable?
sep 04 19:37:51.966 [Notice] Our IP Address has changed from <wan-ip> to <vpn-ip>; rebuilding descriptor (source: 212.112.245.170).
sep 04 19:37:55.358 [Notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
What I think will fix the problem is that TOR should not resolve my ip address using http or https since that will provide the wrong ip address. When trying to access that ip address at another port (in this case 9030) will obviously not work. However there is no setting to do that. Is there any way to archieve this?
Please ask if anything is unclear.
Regards,
Berend
--edit--
I was able to set the Address field in the torrc file. This means I can hardcode the ipaddress I want it to use (WAN). However that address can change every 6 months or so. If someone has a better solution that would be very welcome.
Last edited by Berend (2013-09-05 00:47:25)Berend wrote:@progandy
I don't have any experience with that.
I guess I can tag them with a TOS so my router knows what to do with it. But how would I give that tag?
Select the packtes with owner and then depending on what your router supports you can set either DSCP or TOS. dscp is the current standard, tos is deprecated. -
Discovering MAC addresses for Switch ports
Hello and thanks for looking at my question,
My company has inherited a network which has some very poor documentation. We really have no clue, nor does the customer, what machines are connected to what switch ports.
My co-worker and I were discussing the best way to find this out with the least amount of effort, but can't agree on a single solution. Any recommendations would be greatly appreciated.
Thanks.
Sincerely,
BrentBrent,
After you do the 'sho arp' and now have MAC to IP translation, do a 'sho mac-address table' to show MAC to port translation. Save both tables to an Excel spreadsheet and tie them together. You should be able to come up with a good cross reference table (depending upon your Excel skills).
This also gives you a switch-by-switch breakout. It's also a very helpful troubleshooting method to find rouge devices and shut down a port (for instance).
Hope this is helpful.
Jim -
Can we use a using a routed port as a gateway instead of SVI on a l3 switch ?
Hi guys,
If I have only a L3 switch and a router.
The common setup would be to have the devices connected to the L3 switch.
Setup a SVI for the VLAN and have the devices's gateway pointing to the SVI.
Then create a routed ported that is physically connected to the router as below
q1) Is there anyway that I can create/use a new routed port as the gateway instead of SVI without adding additional hardware ?
Reason for asking this because I believe in order to use a routed port I would have to add in a L2 switch between the devices and the L3 switch. Have the devices hook up to the L2 switch and connect the L2 switch to the routed port on the L3 switch. Then set the gateway for the devices as the routed port's IP.
q2) In that case, does the routed port need to belong to the same VLAN (100) - as I see in the cisco website that routed port does not belongs to any VLAN.
Please advise.
Regards,
NoobHi Reza,
Thanks for coming back.
What i meant for Q2 is
q2) Assuming i am going to use my L3 switch as a gateway as well as for InterVLAN routing - does it mean that the only usage of the routed port is for connecting to the router.
What else can routed port on L3 switch be use for ; beside connecting to a router ?
Can I connect a L3 routed port to a L2 switch and have all the devices connecting to the same L2 switch have their gateway as the L3 routed port IP ?
That I will added in a L2 switch, the L3 switch's routed port will act as the gateway.
Device --> L2 switch --> (routed ported) on L3 switch --> (another routed port) on L3 switch ---> Router.
Can it works that way ?
Regards,
Noob
Maybe you are looking for
-
How do I transfer music from my iPad to my kid's hudl
I want to transfer some music to my kid's Hudl from my iPad. Any ideas, please?
-
ITunes 10.6.1 not available?
Why when I tried to download iTunes 10.6.1. from your web, get iTunes 10.6.0.40? Is there any reason why version 10.6.1 is not available?
-
HP Print to Fax Device not installed
I have recently updated to windows 8.1. This has seen me have a few issues with my HP Laserjet Pro 500 MFP M570dw printer driver. I updated the driver and had a few issues, which were solved by the HP Scan and print doctor tool. However in the printe
-
Perform dynamically cl_gui_chart_engine
Hi experts, I copy the code of program GRAPHICS_GUI_CE_DEMO to create a dynamic graph. I create two list box on screen and a container, I split container in two part 1 for alv and second for graph. if user change the list box field, alv will change a
-
Tooltiptext for nodes in a JTree
Hi I have a Jtree in a scrollPane ,I want to set Tooltiptext for nodes in THE Tree only & when the part of the node is hidden while squizzing the Pane horrizontally . bye