I give up! I need help to solve this problem.
Just a heads up you will need coffee.
Please this is driving me mad and I cannot solve it I really, really can't! So here it is in a nutshell because I'm done! With trying to solve this by myself because clearly I'm not getting it.
So here is my understanding in short say 101 of networking put simply just as a base of understanding..... you get a IP from your ISP with a gateway IP in a subnet range and within that range you ARP to send from your IP to another IP in that range for the MAC (technically this MAC can still be the ISP gateway MAC and route by IP without knowing MAC for that other IP in your subnet but....works either way) and to send from your IP to an IP out side the subnet your in you send to the ISP gateway MAC where it will be routed.
This is from windows 7 and when you ARP that MAC e6-1f-6d-6c-db-da is my ISP for all of 10. for all of 172.16. to 172.31. for all of 192.168. and 169.254. replys with that MAC every-single-one! From a request by ARP IP sender like 77.96.238.3 (if that was my IP) in 255.255.254.0 for them target IP's! (except the ones in the subnet of the subnet your in) The reply comes from my ISP gateway basically saying for sending to IP's in 10. for all of 172.16. to 172.31. for all of 192.168. and 169.254. is over where my ISP gateway IS! ITS NOT!
C:\Windows\system32>arp -a
Interface: 77.96.238.3 --- 0x13
Internet Address Physical Address Type
10.0.0.1 e6-1f-6d-6c-db-da dynamic ]< NOT
10.0.0.2 e6-1f-6d-6c-db-da dynamic ]<-NOT
10.0.0.3 e6-1f-6d-6c-db-da dynamic ]<-NOT
10.0.0.4 e6-1f-6d-6c-db-da dynamic ]<-NOT
77.96.238.1 e6-1f-6d-6c-db-da dynamic }-OK
77.96.238.2 9d-d3-6d-4d-ad-c5 dynamic }-OK
77.96.238.4 20-8e-f2-0a-ef-c1 dynamic }-OK
77.96.238.5 4c-d3-3d-cd-7f-cd dynamic }-OK
77.96.238.6 80-e5-2a-c4-7e-31 dynamic }-OK
77.96.239.0 0c-b0-5d-09-d5-01 dynamic }-OK
77.96.239.2 50-1f-33-4b-bd-05 dynamic }-OK
77.96.239.3 8c-b0-5d-15-d0-79 dynamic }-OK
77.96.239.4 1c-d3-6d-ea-5c-0d dynamic }-OK
77.96.239.5 60-e5-2a-c8-94-59 dynamic }-OK
172.16.0.0 e6-1f-6d-6c-db-da dynamic ]< NOT
172.16.0.1 e6-1f-6d-6c-db-da dynamic ]<-NOT
172.16.0.2 e6-1f-6d-6c-db-da dynamic ]<-NOT
172.16.0.3 e6-1f-6d-6c-db-da dynamic ]<-NOT
192.168.0.0 e6-1f-6d-6c-db-da dynamic ]<-NOT
192.168.0.1 e6-1f-6d-6c-db-da dynamic ]<-NOT
192.168.0.2 e6-1f-6d-6c-db-da dynamic ]<-NOT
192.168.0.3 e6-1f-6d-6c-db-da dynamic ]<-NOT
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
224.1.1.1 01-00-5e-01-01-01 static
255.255.255.255 ff-ff-ff-ff-ff-ff static
The XP TCP/IP stack does not do this and you might think that my windows 7 has a problem it does not because the TCP/IP stack in windows 7 is a rebuild of what the TCP/IP stack was like in XP but whats done is done and that how the windows 7 TCP/IP stack is and that should be a eye opener as to why nothing has been done about this but thats just me saying that but its not really a TCP/IP stack problem. So is that my ISP problem? The answer is no because even if my ISP did not reply you still can send requests from a valid IP like 77.96.238.3 to your ISP a ARP with a target IP that does not and should not exist out to your ISP gateway like 192.168.0.1 yet you can.
The simple fact is this there is no, none and nothing to make a ACL for ARP to drop the target/sender IP's for the 0806 Ethertype.
And I have tried this Dynamic ARP Inspection with both DHCP Snooping/Relay and ARP Inspection in a two port VLAN on the right port for this Trusted Interface to be on and Enabled VLANs for ARP Inspection is set with ARP Inspection Status & ARP Packet Validation enabled and in DHCP Snooping/Relay with DHCP Snooping Status & Verify MAC Address enabled and VLAN set for DHCP Snooping. Does not stop this.
Maybe just maybe if the DHCP Snooping looked at the Option 1 & 3 for the Subnet Mask & Router to know the range that the ARP Inspection can drop ARP for target IP's outside that range because like I said to send from your IP to an IP outside the subnet your in you send to the ISP gateway MAC where it will be routed only then would that Dynamic ARP Inspection work as I was hoping for but sadly no.
So please tell me why I can't simply drop ARP for given target/sender IP's is their another way (and NAT is not a solution) that ideally makes ARP for from 77.96.238.3 as the sender for a request for a target IP of 10. for all of 172.16. to 172.31. for all of 192.168 and 169.254. NOT reach my ISP BUT allows ARP from 77.96.238.3 as the sender for a request for a target IP within the given subnet to my ISP for a reply.
A million THANK YOU to anyone for helping me with this
I really do not get why providing a config would help because if you have a config that does what I need should it not be you to provide a config or tell me how? Why not tell me how if you know how? because I need to understand how if you know what I need to do.
But here is how its setup:
Administration
System Mode L3
VLAN Management
Default VLAN Settings 20
GE1-GE7 and GE10 VLAN 20 Trunk Untagged with GE8-GE9 Forbidden
GE8-GE9 VLAN 10 Trunk Untagged with GE1-GE7 and GE10 Forbidden
IP Configuration
IPv4 Interface VLAN 20 Static 192.168.1.254 255.255.255.0 Valid
DHCP Snooping/Relay
DHCP Snooping Status: Enable - ticked
Verify MAC Address: Enable - ticked
Interface Settings
VLAN 10 DHCP with Snooping Enable - ticked
DHCP Snooping Trusted Interfaces
GE9 Trusted Interface Yes
GE1-GE8 and GE10 Trusted Interface No
ARP Inspection
ARP Inspection Status: Enable - ticked
ARP Packet Validation: Enable- ticked
Interface Settings
GE9 Trusted Interface Yes
GE1-GE8 and GE10 Trusted Interface No
VLAN Settings
Enabled VLANs VLAN 10
Access Control
IPv4-Based ACL – note this is based on Ethertype 0800 it will not help me drop ARP which is Ethertype 0806 this really does not help it really does not but works for 0800 not for 0806 Ethertype.
Dropsetin
Dropsetintoout
IPv4-Based ACE for Dropsetin
Priority---------Action--Protocol------Source IP Address----------Destination IP Address
100--------------Deny---Any (IP)------Any-----------Any --------------192.168.0.0--0.0.255.255
101--------------Deny---Any (IP)------192.168.0.0--0.0.255.255-------Any----------Any
102--------------Deny---Any (IP) -----Any------------Any--------------10.0.0.0-------0.255.255.255
104--------------Deny---Any (IP)------Any------------Any--------------172.16.0.0----0.15.255.255
105--------------Deny---Any (IP)------172.16.0.0----0.15.255.255----Any------------Any
106--------------Deny---Any (IP)------Any------------Any--------------169.254.0.0---0.0.255.255
107--------------Deny---Any (IP)------169.254.0.0---0.0.255.255-----Any------------Any
2147483647---Permit--Any (IP) -----Any------------Any---------------Any-----------Any
IPv4-Based ACE for Dropsetintoout
Priority---------Action--Protocol------Source IP Address----------Destination IP Address
100--------------Deny---Any (IP)------Any-----------Any --------------192.168.0.0--0.0.255.255
101--------------Deny---Any (IP)------192.168.0.0--0.0.255.255-------Any----------Any
102--------------Deny---Any (IP) -----Any------------Any--------------10.0.0.0-------0.255.255.255
103--------------Deny---Any (IP) -----10.0.0.0-------0.255.255.255---Any------------Any
104--------------Deny---Any (IP)------Any------------Any--------------172.16.0.0----0.15.255.255
105--------------Deny---Any (IP)------172.16.0.0----0.15.255.255----Any------------Any
106--------------Deny---Any (IP)------Any------------Any--------------169.254.0.0---0.0.255.255
107--------------Deny---Any (IP)------169.254.0.0---0.0.255.255-----Any------------Any
2147483647---Permit--Any (IP) -----Any------------Any---------------Any-----------Any
ACL Binding for Dropsetin
GE9
ACL Binding for Dropsetintoout
GE8
And added a IPv6-Based ACL not that thiers any piont yet.
And added rules for modem status Source IP 192.168.100.1 0.0.0.0 Source port 80 Dropsetin before 192.168.0.0 drop and Destination IP 192.168.100.1 0.0.0.0 Destination port 80 before 192.168.0.0 drop in Dropsetintoout
Message was edited by: Peter __
Similar Messages
-
For quite a long time, I was being provided with my complete user ID when I typed first character of User ID and my password would also come up automatically when I click my cursor in the Password window. on most of the websites that I frequently visited. But now I am not able to visit those websites in the same way. Now I have to type in both the complete user ID and password and then only I can log in onto those websites. Can you suggest me how can I change the settings so that I am able to use my browser in the same way I used to earlier?
Did you check the settings to make sure that the Password Manager is enabled?
*Tools > Options > Security: Passwords: "Remember passwords for sites"
Make sure that you do not run Firefox in (permanent) Private Browsing mode.
*https://support.mozilla.org/kb/Private+Browsing
*Tools > Options > Privacy: Use custom settings for history
*Deselect: [ ] "Always use private browsing mode"
See also:
*http://kb.mozillazine.org/User_name_and_password_not_remembered
*http://kb.mozillazine.org/signon.autofillForms -
Hello... the airport (wifi) connection on my imac is oftenly "freeze" and need to reconnect again. Can everyone help to solve this problem? It's not happened to other computer on the same network in the same area (distance). Thanks a lot.
Hello,
Make a New Location, Using network locations in Mac OS X ...
http://support.apple.com/kb/HT2712
10.5, 10.6, 10.7 & 10.8…
System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
10.5.x/10.6.x/10.7.x/10.8.x instructions...
System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
The interface that connects to the Internet should be dragged to the top of the list.
If using Wifi/Airport...
Instead of joining your Network from the list, click the WiFi icon at the top, and click join other network. Fill in everything as needed.
For 10.5/10.6/10.7/10.8, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
208.67.222.222
208.67.220.220
(There may be better or faster DNS numbers in your area, but these should be a good test).
Click OK.
If that doesn't work try changing channels on your Router. -
my Numbers file sent to somebody. He is not able to open in Excel can anybody help to solve this problem?
Numbers files are not compatible with MS Excel. To share a Numbers file with Excel you need to export you Numbers file in MS Excel format. To do this:
1) Open you Numbers document
2) select the menu item "File > Export..."
3) select "Excel" for the target output
4) click next and select where to save the file.
5) email the file you saved -
Hi I tried to contact with Sydney Apple store but impossible so far. Actually I found my Visa card been conducted 4 transactions in 7th may. I am in Auckland that time. It must be wrong deduction. Can anyone help me solve this problem.
My card is visa the 4 transactions are:
$19.48, $19.48, $12.98 and $ 25.97
otherwise I need report to police.
Also please forward it to the related department please
Thanks
Kathy
Please
<Personal Information Edited by Host>You are not addressing Apple here - this is a technical forum and we are all other users here.
You should also not post private info in an open forum - it is too dangerous - I've asked the hosts to remove the financial info and your email address. Anyone on this forum will reply to this thread - no need for an email address.
As for the activity: please call your credit card company immediately to report and question the activity. They can get in touch with the vendor (Apple). Calling the police will not be very helpful. -
I am got error while trying to restore,, but i just only error file with 3194. I try many step by install lastest version and fix host file, but still fail. Anybody can give me any key point to solve this problem? Thank you
Error 3194:
This device isn't eligible for the requested build
It means that Apple has stopped signing the version of iOS that you have, try downloading the latest iOS version, then try Restore again. -
The nice man Joseph Shen helped me with my google problem on my iPhone and worked for 2 days and now not working again please help me solve this problem were I can retrieve my messages on the I phone when I am not at home on my wi Fi is the only time it works correct. Bill. [email protected] 708 752 3667
http://lifehacker.com/5852948/what-to-do-if-youve-forgotten-your-iphones-passcod e
-
I am unable to sync my Ipod Nano (4th generation I believe) because my computer does not recognize my device. Can anyone help me solve this problem?
Reset the AMDS > How to restart the Apple Mobile Device Service (AMDS) on Windows
-
Some of the pdf files I work with (receive) come up with a comment: “Cannot find or create the font ‘WP-MathA’. Some characters may not display or print correctly.” Who can help me solve this problem?
Thank you in advance for your time.
MarlenHello Anubha,
I am having a similar problem on my machine. I was using Word 2008 and I created a PDF inside Word.
I am opening the file on the system itself and I am running Windows 8.1. I am using Version 11 of Reader.
When the PDF I created (my resume) attempts to open, it says: cannot find or create the file Times, Bold. Some characters may not display or print correctly.
However, the entire Reader keeps freezing and will not allow me to open or test print the document. Also, it is not displaying any of the Bold Times New Roman Print. Can you please help? Thanks. -
My MacBook Pro has been wiped and locked, who can I contact to help me solve this problem?
HI there,,,
My MacBook Pro has been wiped and locked. It is requesting a PIN consisted of four numbers only.
Who do I contact to help me solve this problem?I do not know what really happend. however, my Mac is requesting a four digit PIN to open and I really have now idea what those numbers might be. when I contacted my son, he sugested that it is locked or wiped. I have all the official and required papers to claim that I am the rightful owner of the product.
who do I contact or what should I do to solve this problem?
Looking forward to hearing from you.
Sarah Zabrmawi -
my ipod touch brightness just went to zero after charging it. i've tried adjusting it to 100% but it still does not changed. can anybody help me solve this problem? thankS!
Have yu tried the standard fixes:
- Resetting:
Press and hold the On/Off Sleep/Wake button and the Home
button at the same time for at least ten seconds, until the Apple logo appears.
- Restoring the iPOd via iTunes. First from backup and if problem persists, restore to factory defaults/new iPod
- Make an appointment at the Genius Bar of an Apple store since you likely have a hardware problem -
My iPhone 4S has no sound on alerts, music, only on calls and SMS, this happened after upgrading to IOS7. Can anyone help me solve this problem?
check and make sure that an alert style has been choosen for certain alerts, and make sure you check your sounds in settings
-
I have problem with recently with playing DVDs on my iMac. the problem only with DVDs, please anybody can help me solve this problem?
Get a lens cleaner disc. One with brushes and try that. CDs and DVDs use different lenses, so since CDs load and play, I strongly suspect a dirty lens.
-
Need Help In Solving Positioning Problem
Hi Guys,
I have a 3 X 3 grid of JLabels of images. I constructed the grid using the grid layout.
I would like to move a round object which represents a car and place that object in a particular cell. So the grid will be like a background.
My questions are these:
1) How can i position this object in a specific cell based on the rows and column values? for instance if i want to put the object in [1][0].
2) How do i move this object to a different cell using the rows and column values. for instance if i want to move the object in [1][0] to [2][1]
Thank you all for your helpThis question has nothing to do with Java 2D. I've removed the second thread you started in that forum.
Thank you for providing a link to this thread in the cross post.
db
kap wrote:
Hi Guys,
I have posted a question in the Java Programming forum. This is the link :
[positioning object|http://forums.sun.com/thread.jspa?threadID=5447680&tstart=0]
I added the link to avoid double posts
I am asking if someone can help me out because i need an urgent help. Some people have giving some ideas but i don't understand what they mean.
Need help in solving it.
Thanks.
Edited by: kap on Aug 14, 2010 6:59 PM -
Z10 not working at all please help in solving this problem
Z10 has been stuck in "Preparing Blackberry HUB" mode for hours despite several restarts and battery pulls. Five swipe solution to restarting HUB only results in screen flashing on and off. Frustrated. Any ideas appreciated. Phone calls too not working, cant receive email, text messages or launch applications although preview screen seems to be working.
Have reviewed other threads for solution with no success. Would rather not use security wipe option.
Please help in sloving this problemI would start with a Security Wipe:
To perform a Security Wipe please follow the instructions below. Be sure and use BB Link to make a full backup before proceeding with the wipe:
http://www.blackberry.com/btsc/KB33591
Once the wipe is complete you can restore your backup. Keep in mind that data in the backup may be the source of the original problem and restoring it may restore the problem, as well. To alleviate this I recommend not restoring the Settings portion of the backup.
If that doesn't work then use an autoloader to reload the OS:
http://supportforums.blackberry.com/t5/BlackBerry-10-OS-Device-Software/Upgrading-OS10-devices-using...
1. Please thank those who help you by clicking the "Like" button at the bottom of the post that helped you.
2. If your issue has been solved, please resolve it by marking the post "Solution?" which solved it for you!
Maybe you are looking for
-
Can't start because msvcr80.dll is missing
I downloaded the update for itunes 11.1.4 this morning and got the message " service'apple mobile device'(apple mobile device) failed to start. Verify that you have sufficient privileges to start system services. I tried retry and ignore, but the m
-
Hello to everybody, I'm using SQL Developer 1.0.0.15.57 in an Italian Windows XP Professional SP2. I'm exporting a table as "SQL Insert" and I have the following problem: the exported INSERT instruction contains, i.e., 123,45 instead of 123.45 so, ru
-
How do I get extensions to show up when changing from CS6 to CC Dreamweaver
In upgrading to CC this last month I downloaded the CC Dreamweaver and none of my extensions showed up in the menu. Is there a way to migrate the extensions over as I have slideshows etc. that are on a server with these apps and I need to get them i
-
I have recently connected my ipod to my computer, but it said that it was corrupt, and that it advised me to restore my ipod. So, I clicked restore, and the bar for restoring my ipod successfully completed itself. It then asked me to complete the res
-
Ipod 60gb video faulty headphone socket!
hi, Ive had an ipod video for a few years now but recently the headphone socket has become faulty. when you put headphones in i just get sound in the left ear,if you press the headphones into the socet then i sometimes get stereo again. ive tried 5 p