IGMP V3, SSM Multicast Boundaries config questions..
Guys,
I am having some difficulty to understand the SSM boundary config sample from this Cisco doco.
eg 1, I am not sure why they have the host 0.0.0.0 line. Also the acl are base on ip, udp and igmp?
Eg 2, similar to eg 1 but it also has deny pim.
Could someone explain why do we need to use udp, pim & igmp for the boundery filter? Normally I would use ip instead. (eg: permit ip host 181.1.2.201 host 232.1.1.1)
eg 1:
The following example permits outgoing traffic for (181.1.2.201, 232.1.1.1) and (181.1.2.202, 232.1.1.1) and denies all other (S,G)s.
configure terminal
ip access-list extended acc_grp1
permit ip host 0.0.0.0 232.1.1.1 0.0.0.255
permit ip host 181.1.2.201 host 232.1.1.1
permit udp host 181.1.2.202 host 232.1.1.1
permit ip host 181.1.2.202 host 232.1.1.1
deny igmp host 181.2.3.303 host 232.1.1.1
interface ethernet 2/3
ip multicast boundary acc_grp1 out
eg 2:
The following example permits outgoing traffic for (181.1.2.201, 232.1.1.5) and 181.1.2.202, 232.1.1.5).
configure terminal
ip access-list extended acc_grp6
permit ip host 0.0.0.0 232.1.1.1 5.0.0.255
deny udp host 181.1.2.201 host 232.1.1.5
permit ip host 181.1.2.201 host 232.1.1.5
deny pim host 181.1.2.201 host 232.1.1.5
permit ip host 181.1.2.202 host 232.1.1.5
deny igmp host 181.2.3.303 host 232.1.1.1
interface ethernet 2/3
ip multicast boundary acc_grp6 out
Cisco Doco:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/himc_c/chap05/hmcbnd.htm
I Hope this DOC will help you:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00805a3624.html
Similar Messages
-
hi,
we are getting ready to implement the nexus 7000 with otv are two sites. since multicast is required to support this configuration i am currently testing how to implement ssm multicast on our core network. i am having problems joining the ssm group. here is the output from the 6509 i am using:
hw-dc-vss-cs6509-1(config-if)#ip igmp join-group 232.1.1.1
Ignoring request to join group 232.1.1.1, SSM group without source specified
hw-dc-vss-cs6509-1(config-if)#ip igmp join-group 232.1.1.1 ?
<cr>
hw-dc-vss-cs6509-1(config-if)#ip igmp join-group 232.1.1.1
as you can see the source option is not available and i can't figure out why.
here is a copy of my running configure and show multicast show commands
sh runn
Building configuration...
Current configuration : 6830 bytes
! Last configuration change at 18:37:28 UTC Thu Dec 16 2010
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service counters max age 5
hostname hw-dc-vss-cs6509-1
boot-start-marker
boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXI3.bin
boot-end-marker
security passwords min-length 1
no logging console
enable secret 5 $1$dZ1J$6KkcatZ2tXk055vswN1Kb1
no aaa new-model
--More-- ip subnet-zero
ip multicast-routing
mls netflow interface
mls cef error action reset
spanning-tree mode rapid-pvst
spanning-tree portfast edge default
spanning-tree portfast edge bpduguard default
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1,5,245,501-502 priority 16384
--More-- spanning-tree vlan 1,5,245,501-502 forward-time 9
spanning-tree vlan 1,5,245,501-502 max-age 12
diagnostic bootup level minimal
redundancy
main-cpu
auto-sync running-config
mode sso
ip access-list standard ssm-groups
permit 232.0.0.0 0.255.255.255
permit 239.232.0.0 0.0.255.255
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
interface Loopback1
ip address 10.255.255.1 255.255.255.255
interface GigabitEthernet3/1
description adcore-4503 2/1
--More-- mtu 9216
ip address 159.233.253.106 255.255.255.252
ip pim sparse-mode
ip igmp version 3
interface GigabitEthernet3/2
description pwcore-6509 3/2
mtu 9216
ip address 159.233.253.110 255.255.255.252
ip pim sparse-mode
ip igmp version 3
interface GigabitEthernet3/3
description p101-4503 1/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5,245,501,502
switchport mode trunk
mtu 9216
spanning-tree guard root
interface GigabitEthernet3/4
no ip address
--More-- !
interface GigabitEthernet3/5
no ip address
interface GigabitEthernet3/6
no ip address
interface GigabitEthernet3/7
no ip address
interface GigabitEthernet3/8
no ip address
interface GigabitEthernet3/9
no ip address
interface GigabitEthernet3/10
no ip address
interface GigabitEthernet3/11
no ip address
interface GigabitEthernet3/12
--More-- no ip address
interface GigabitEthernet3/13
no ip address
interface GigabitEthernet3/14
no ip address
interface GigabitEthernet3/15
no ip address
interface GigabitEthernet3/16
no ip address
interface GigabitEthernet3/17
no ip address
interface GigabitEthernet3/18
no ip address
interface GigabitEthernet3/19
no ip address
--More-- interface GigabitEthernet3/20
no ip address
interface GigabitEthernet3/21
no ip address
interface GigabitEthernet3/22
no ip address
interface GigabitEthernet3/23
no ip address
interface GigabitEthernet3/24
no ip address
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
--More-- interface GigabitEthernet8/1
switchport
switchport access vlan 5
switchport mode access
interface GigabitEthernet8/2
switchport
switchport access vlan 245
switchport mode access
interface GigabitEthernet8/3
no ip address
shutdown
interface GigabitEthernet8/4
no ip address
shutdown
interface GigabitEthernet8/5
no ip address
shutdown
interface GigabitEthernet8/6
--More-- no ip address
shutdown
interface GigabitEthernet8/7
no ip address
shutdown
interface GigabitEthernet8/8
no ip address
shutdown
interface GigabitEthernet8/9
no ip address
shutdown
interface GigabitEthernet8/10
no ip address
shutdown
interface GigabitEthernet8/11
no ip address
shutdown
--More-- interface GigabitEthernet8/12
no ip address
shutdown
interface GigabitEthernet8/13
no ip address
shutdown
interface GigabitEthernet8/14
no ip address
shutdown
interface GigabitEthernet8/15
no ip address
shutdown
interface GigabitEthernet8/16
no ip address
shutdown
interface GigabitEthernet8/17
no ip address
shutdown
--More-- !
interface GigabitEthernet8/18
no ip address
shutdown
interface GigabitEthernet8/19
no ip address
shutdown
interface GigabitEthernet8/20
no ip address
shutdown
interface GigabitEthernet8/21
no ip address
shutdown
interface GigabitEthernet8/22
no ip address
shutdown
interface GigabitEthernet8/23
no ip address
--More-- shutdown
interface GigabitEthernet8/24
no ip address
shutdown
interface GigabitEthernet8/25
no ip address
shutdown
interface GigabitEthernet8/26
no ip address
shutdown
interface GigabitEthernet8/27
no ip address
shutdown
interface GigabitEthernet8/28
no ip address
shutdown
interface GigabitEthernet8/29
--More-- no ip address
shutdown
interface GigabitEthernet8/30
no ip address
shutdown
interface GigabitEthernet8/31
no ip address
shutdown
interface GigabitEthernet8/32
no ip address
shutdown
interface GigabitEthernet8/33
no ip address
shutdown
interface GigabitEthernet8/34
no ip address
shutdown
--More-- interface GigabitEthernet8/35
no ip address
shutdown
interface GigabitEthernet8/36
no ip address
shutdown
interface GigabitEthernet8/37
no ip address
shutdown
interface GigabitEthernet8/38
no ip address
shutdown
interface GigabitEthernet8/39
no ip address
shutdown
interface GigabitEthernet8/40
no ip address
shutdown
--More-- !
interface GigabitEthernet8/41
no ip address
shutdown
interface GigabitEthernet8/42
no ip address
shutdown
interface GigabitEthernet8/43
no ip address
shutdown
interface GigabitEthernet8/44
no ip address
shutdown
interface GigabitEthernet8/45
no ip address
shutdown
interface GigabitEthernet8/46
no ip address
--More-- shutdown
interface GigabitEthernet8/47
no ip address
shutdown
interface GigabitEthernet8/48
no ip address
shutdown
interface Vlan1
no ip address
shutdown
interface Vlan5
mtu 9216
ip address 159.233.5.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip pim sparse-mode
ip igmp join-group 239.1.1.1
--More-- ip igmp version 3
arp timeout 200
interface Vlan245
mtu 9216
ip address 159.233.245.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip pim sparse-mode
ip igmp join-group 239.1.1.1
ip igmp version 3
arp timeout 200
interface Vlan501
mtu 9216
ip address 159.233.62.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 200
--More-- !
interface Vlan502
mtu 9216
ip address 159.233.1.1 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 200
router eigrp 241
network 159.233.0.0
no auto-summary
redistribute static
ip classless
no ip http server
no ip http secure-server
ip pim rp-address 10.255.255.1
ip pim ssm default
--More-- !
control-plane
dial-peer cor custom
line con 0
line vty 0 4
password f1v3c3nt2
login
line vty 5 15
password f1v3c3nt2
login
end
hw-dc-vss-cs6509-1#
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:20:20/00:02:55, RP 10.255.255.1, flags: SJCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan5, Forward/Sparse, 00:19:14/00:02:55
(*, 239.255.255.250), 00:26:33/00:02:35, RP 10.255.255.1, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(159.233.245.100, 232.1.1.1), 00:06:48/00:02:55, flags: sPT
Incoming interface: Vlan245, RPF nbr 0.0.0.0, RPF-MFD
Outgoing interface list: Null
(*, 224.0.1.40), 02:25:53/00:02:33, RP 10.255.255.1, flags: SJCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
GigabitEthernet3/1, Forward/Sparse, 02:25:53/00:02:30
hw-dc-vss-cs6509-1#sj h ip igmp gr
hw-dc-vss-cs6509-1#sh ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Group Accounted
239.1.1.1 Vlan5 00:19:22 00:02:48 159.233.5.1
239.1.1.1 Vlan245 00:20:14 00:02:25 159.233.245.1
239.255.255.250 Vlan245 00:26:41 00:02:28 159.233.245.100
224.0.1.40 Vlan245 01:30:34 00:02:25 159.233.245.105
224.0.1.40 GigabitEthernet3/1 1w1d 00:02:22 159.233.253.105
hw-dc-vss-cs6509-1#
any help would be greatly appreciated. thank you
i did some more digging and found the answer to my question, have to use the following command instead of the join-group command
Ip igmp static-groupI'm assuming you mean WebLogic SSM. If you set it up using organizational structure, you should see a new org in /entitlementsadministration with a number of applications bound to the SSM you declared.
-
A few post config questions on new setup
Hi Group,
Just a few post config questions.
First, how can I confirm my controller is in fact associating properly with an NTP server? On a typically cisco product, I could just do a 'show ntp associations' or a 'show ntp status'. I cannot see a way to confirm this on the gui or command line.
Second, on my guest network with web-auth, if one were to choose to not use https for web-auth and instead use unsecure http, would that be possible and if so where in the gui?
Thanks.The third field is from a WLC running v7.4 not v7.2. I usually would install a 3rd party certificate, but what eles you can try is issue this command on from the CLI. It had issues working with certain code versions, but you might as well give it a try.
config network web-auth secureweb disable
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Workshop Weblogic config questions
I'm using Oracle Workshop for WebLogic 10.3 and I'm hoping someone can answer some setup/config questions.
When I double click on the server (WebLogic Server v10.3 at localhost) a window opens with various settings that manage how workshop and weblogic work together.
Under "Startup & Deployment" I have the following turned on:
Launch WebLogic server in Eclipse console
Always start WebLogic Server in debug mode
Ignore project compilation errors when publishing (I have this turned on because of errors in a portal project, the errors aren't inmportant, and don't prevent the project form running)
Run stand-alone web module directly from workspace
So, first question, with these settings I was able to quickly switch to debug mode, with out restarting the server, now the server restarts whenever I turn debugging on. What have I done that has stopped this working correctly? How can I get it to start debugging without a full restart?
next question, what happens if I turn on "Start WebLogic Server in Express Mode"? As far as I can tell nothing happens.
Lastly, under "Automatic Publishing" I have it set to "Never publish automatically", if I choose another setting workshop essentially freezes because it's constantly publishing. So whenever I make a change, even in a jsp, I need to remove the project, then re-add it to see my changes in the browser. This is frustrating, not just because it takes 8 or 9 minutes (8 or 9 MINUTES!!!), but because the project doesn't run properly until it is redeployed. You'd think that if it needs to be re-deployed, then none of my changes should matter on the server until it is re-deployed.
So, my question is, Is there any way to get this re-deployment to happen faster?
Thanks for any and all helpWell, in my experience performance is not bad as you experienced. Is it locally connected server or remotely connected server? If it is a remote server, network issue could cause this latency issue.
Is performance better if you run the server without enabling debug mode? If yes, probably you can also review any break points set.
You could also try out the following options
1) Run workshop with -clean option, by opening command prompt and navigating to workshop_home\'workshop.exe -clean'
2) Untick the option 'Launch WebLogic server in Eclipse console' and start server which would enable server to start on command prompt
3) This would enable you to take multiple thread dumps (cutl +Break) on the server console output, while performance is very bad, to see where threads are halt. -
Re: PLM4P v6003 Config Question: Any way to configure UGM Notifications?
After reading:
PLM4P v6003 Config Question: Any way to configure UGM Notifications?
This is one of the requirements from me as well. We always wanted to customize emails sent not only for UGM but also for other modules. We wanted to conveysome message to approvers. But it seems this is still not possible. Is this functionality on road-map of AgielP4P product management?Currently, the subject and body of emails can be customized to an extent, as they are translations that can be overridden. The translations have some placeholder fields that get populated by the system, but you are limited to those placeholder fields. The upcoming release will give you full control of the email body and subject lines, for GSM and SCRM emails, as well as Supplier Rep emails.
-
Redundant FWSM Config Question
Hello All,
I'm going to be configuring failover with FWSMs for our 6500 at my job and I have a config question. There is one current 6500 chassis with 2 FWSMs installed. They are both online but currently since failover isn't setup, only one FWSM is actually active. My question is since we are using mutiple contexts where do I setup the failover interface, and do I need to configure failover on every single vlan on the FWSM? We have over 10 contexts each with 2-3 interfaces on them, so do I need a failover IP for every vlan that exists on every context? Also, does the failover config get setup on the admin or system context? Any help would be greatly appreciated, and thank you so much in advance!Hi John.
Failover config goes in the system context. For the data interfaces in each context, you will need a primary and a standby IP i.e. 2 IP's per VLAN. Once failover happens, the secondary FWSM will assume the active role and the secondary FWSM will take over the Primary IP address thus making the failover process transparent to end users.
HTH.
Regards
Zubair -
SCCM 2012 application portal: config questions
Hi,
We have setup SCCM 2012 application portal correctly and it's working fine.
However some config questions:
-can we change the name of the configuration portal? Now its servername/CMApplicationCatalog ... what's not userfriendly.
We'd like it to be applicationportal.ourcompany.com. Howto achieve that?
-can we customize layout in a supported way (we could change html pages but after an upgrade of SCCM they would/could be erased)?
-how does flexera (adminstudio?) plugs in into this. I've read this entry
http://helpnet.installshield.com/appportal2014/Content/helplibrary/AP_CreatingCatItemSCCM.htm but what's the big picture here? Anybody using this? What are the advantages?
J.
Jan HoedtWe want to offer software center for overview of mandatory installs, application catalog for optional software.
On our companies portal, we can then set a link which directs to the application portal. User can then install optional software from there.
My current config works http://applicationportal.ourcompany.com/ goes to the sccm-server but not to the url below.
That would be http://applicationportal.ourcompany.com/CMApplicationCatalog/#/SoftwareLibrary/AppListPageView.xaml
how can I make sure the application portal shows up when this link is opened?
It sounds like you want to perform a URL rewrite?
http://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
You should test this to see if it's what you want - I may have misunderstood your question.
Also, I wouldn't host this module on your AppCatalog server, I'd host the rewrite module elsewhere.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
SSL VPN Full and Split Tunnel Config Question
I am Beta testing SSLVPN on an IOS router. The question I have is this:
Is it possiable to have slit and full tunnel configs. It seems that once you create your context and default profile that is all you have either split or full. The books say you can use Radius and assign different profiles but, I would like to give the users a choice (like in the VPN3000 .pcf) of either split or full depending on where they are working from.The below is an example using the ASA - but the principle remains the same:-
http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080975e83.shtml
HTH> -
J2EE Policy agent - login page config questions
Hi,
I'm trying to configure a customized login page for an application that is protected by a AM Policy Agent 2.2-01 on SJSAS 8.2.
I am aware of this link:
http://docs.sun.com/app/docs/doc/820-2539/gatai?l=en&a=view .
This describes configuring the custom login for an app. Based on the doc, I have configured the following:
1. I have the agent and my app on one instance on myhost.mydomain.com
2. A url policy is protecting my app, configured in Access Manager 7.1. The url is http://myhost.mydomain.com:38080/myapp/*
3. In my app's web.xml I have the following:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config> 4. In AMAgent.properties:
com.sun.identity.agents.config.login.form[0] = /myapp/login.jsp
com.sun.identity.agents.config.login.error.uri[0] = /myapp/loginerror.jsp
com.sun.identity.agents.config.login.use.internal = false
com.sun.identity.agents.config.login.content.file = FormLoginContent.txtThere doesnt seem to be any change in login page when I go to my app. It just redirects to the Access Manager login page, and when I login it redirects back to the app. The security behavior is correct but I would like the login page to be unique for the app.
So my questions are:
1. Am I using com.sun.identity.agents.config.login.use.internal correctly? I dont want it to use internal login, but my login file, right?
2. My login page is protected by my url policy. Is that a problem? Should I be using com.sun.identity.agents.config.notenforced.uri[0] on the login page?
3. Can anyone clarify to me exactly how and where the contents of FormLoginContent.txt is used?
I'm kind of new to AM and Policy Agents, so i apologize if my questions seem very newb. Any help is appreciated. Thanks!
-MattChanging com.sun.identity.agents.config.filter.mode to URL_POLICY seemed to help. I am now seeing /myapp/login.jsp as the login page for my app. The logins themselves are failing, however. I am confused as to how to set up the jsp to work with the agent to log in.
-Matt -
11gR2 em install / config question.
We just loaded 11gR2 onto a virtual server running Win 2008 Server R2. During the installation of the database,
I received 5 or 6 missing file messages and I told the installer to ignore and continue. One of those files was
dbhome_1\...\em.jar.
Will this preclude me from getting em up? Should I deinstall/reinstall the 11gR2?
When I ran emctl start dbconsole I received this message:
can't locate CompEMdbconsole.pm in @inc <@inc contains ..(list of files).......emctlCommon.pm line 598
From this question you'll probably surmise that I'm relatively inexperienced.
Suggested reading info is always appreciated.
Thanks,
Ron
Edited by: RonW on Oct 9, 2012 6:27 AMThanks for the reply. I used dbca to create a database which I had thought was done
during the original install. It ran forever and eventually gave me an error message
'Error Instantiating OC4J files'. When I looked in the emconfig.log file, there were
several missing xml files in E:\app\Administrator\product\11.2.0\dbhome_1\oc4j\j2ee\
OC4J_DBConsole\config\
jms.xml
rm1.xml
http-web-site.xml
server.xml
In fact, the 'config' folder was empty. Going back to my original question regarding
those missing files, why would they be missing? Is the oem a separate install
process or is it done when the 11g database is installed?
Thanks, Ron -
ACE: design/config question: trans.slb + slb + mngt
Hi,
Could this ACE setup/design work?
I want PROXIED sessions (to VIP proxy 10.0.0.10) to be loadbalanced
All other sessions (eg. Some public ip's) will have to transparent loadbalanced to proxy servers. Thus not destinations NAT
ACE is inline between firewalls and proxy servers.
Vip definitions:
class-map match-all P_PXYVIP_VS_LB
2 match virtual-address 10.0.0.10 255.255.255.255 tcp 8080
class-map match-all P_PXYTRANS_VS_LB
2 match virtual-address 0.0.0.0 0.0.0.0 tcp any
Question in this case: would it still be possible to have management sessions towards proxy servers routed by the ACE ? (physical ip addresses of proxy)
Probably the classmap PXYTRANS is catching those sessies also.
Are there other design/config solutions to solve this one?
Thank you!
WimLet me repose the question:
How could one still be able to access the realserver IP (which is directly connected
to the ACE) for manangement.
Knowing that there is 1 VIP which (normal) loadbalance to the realservers
and
there is 1 VIP 0.0.0.0 tcp any which is configure to catch all other traffic to be
transparant loadbalanced.
The VIP 0.0.0.0 is always catching the sessions which need only to be routed
to the real servers ip. -
Hi Everyone
Yesterday I posted a question about redesigning the way our voice network looks, I'm removing 6 CUCM 4.3 boxes and I'm going to have those sites register with our Sub which is 10.5.1 in our data center across the WAN. Jaime answered my question and gave me some good insight on what to do for each site.
1.Create DP,CSS,PT on the Pub
2.Enable SRST on the GW
3.Make necessary changes on GW
4.Create LRG to have the site use their local GW
I've been reading on how to get these task done and I have a question about #3, I'm looking at the config from the GW for the test sight and the VoIP dial peer is referencing the CUCM node currently on site. Would modifying the IPV4 address to reflect the new CUCM node at the data center be the only change that I would have to make to the config?
I also want to say thanks for all the help that everyone has given me with really quick responses to my questions. I just changed jobs and I went from doing primarily MACD to now I'm actually the person who is doing the implementation. I've never done implementation before but I know if I stick with it and help from this board I'll be a super star yet.
EricCorrect, need to change the IP address on the DP to reflect the new one. Also, need to look at SCCP resources (conference bridge or transcoders if any) and those need to be changed.
-
Hi,
Assume we have 2 different user types: staff and students.
Student accounts reside in their own forest
Staff accounts reside in 2 different and separate forests
FIM resides in another separate forest (a resource forest)
We are about to deploy SSPR in the resource forest, and need the following functionality:
When resetting the password, Staff will type in "domain\username"; Staff will use the question & answer SSPR approach
however Students will use the OTP approach and only type in their "username" since many won't know the domain name (we will set the 'defaultdomainName' attribute in the config file)
My question is this:
Because we need 2 different SSPR approaches and for Students we need the 'defaultdomainName' prepopulated - will we need 2 separate instances of the SSPR Portal deployed on 2 separate servers?
Thanks,
dwGoing strictly by the book, you would need two separate instances of the SSPR Portal if it's critical to vary the behavior of the default domain name. If folks in the non-default domain will always enter DOMAIN\user or UPN, then one instance of the
portal should suffice.
That aside, Sameera_man's links are relevant for creating the necessary resources to support more than one Password Reset Authn workflow.
Steve Kradel, Zetetic LLC -
Network config question: Transfer IP/s from one server to another
Both server running Solaris 8:
SERVERA: $ ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.132 netmask ffffff00 broadcast 10.36.19.255
hme0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.136 netmask ffffff00 broadcast 10.36.19.255
hme0:2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.168 netmask ffffff00 broadcast 10.36.19.255
hme0:3: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.148 netmask ffffff00 broadcast 10.36.19.255
hme0:4: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.145 netmask ffffff00 broadcast 10.36.19.255
hme0:5: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.147 netmask ffffff00 broadcast 10.36.19.255
qfe1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.132 netmask ffffffc0 broadcast 140.20.140.191
qfe1:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.148 netmask ffffffc0 broadcast 140.20.140.191
qfe1:2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.136 netmask ffffffc0 broadcast 140.20.140.191
qfe1:3: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.168 netmask ffffffc0 broadcast 140.20.140.191
qfe1:4: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.144 netmask ffffffc0 broadcast 140.20.140.191
qfe1:5: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.142 netmask ffffffc0 broadcast 140.20.140.191
qfe1:6: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.146 netmask ffffffc0 broadcast 140.20.140.191
qfe1:7: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.143 netmask ffffffc0 broadcast 140.20.140.191
qfe1:8: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.147 netmask ffffffc0 broadcast 140.20.140.191
qfe1:9: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.155 netmask ffffffc0 broadcast 140.20.140.191
qfe1:10: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.157 netmask ffffffc0 broadcast 140.20.140.191
qfe1:11: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.145 netmask ffffffc0 broadcast 140.20.140.191
SERVERB$ ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.36.19.164 netmask ffffff00 broadcast 10.36.19.255
qfe1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 140.20.140.164 netmask ffffffc0 broadcast 140.20.140.191
qfe2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 11.11.11.2 netmask ffffff00 broadcast 11.11.11.255
qfe3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
inet 10.36.29.164 netmask ffffff00 broadcast 10.3.29.255
qfe6: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 11.11.10.2 netmask ffffff00 broadcast 11.11.10.255
What is involved to transfer the IPs 10.36.19.145 (hme0:3:) and 140.20.140.142 (qfe1:#:) to serverB?
Would that cause a lost of network connection to either 10.36.19.132 or 140.20.140.132 on SERVERA
Would that require a reboot?
Thank you.[[[What is involved to transfer the IPs 10.36.19.145 (hme0:3:) and 140.20.140.142 (qfe1:#:) to serverB?]]]
NIC configs are created using a combination of /etc/hosts | /etc/inet/ipnodes and /etc/hostname.<nic instance> files when system is booting up.
In order to permanantly remove an IP from a host's interface (say hme0:3)
you would have to do the following:
NOTE: Don't run this on Solaris 7 or below -- unplumbing a virtual interface in Solaris 7 or below will unplumb the actual physical instance as well!!
ifconfig hme0:3 down
ifconfig hme0:3 unplumb
Remove entry corresponding to the IP that was set up on hme0:3 from /etc/hosts and/or /etc/inet/ipnodes
remove /etc/hostname.hme0:3In order to reverse the process (or set up the IP on another host), just reverse the steps. Make entries in /etc/hosts and/or /etc/inet/ipnodes, /etc/hostname.<nic instance> (insert hostname corresponding to IP from /etc/hosts in this file).
ifconfig hme0:3 plumb
ifconfig hme0:3 <ip> netmask + broadcast + up[[[Would that cause a lost of network connection to either 10.36.19.132 or 140.20.140.132 on SERVERA
Would that require a reboot? ]]]
Make sure to turn off any service that might be tied into that IP address on server A. Otherwise you'll have a loss of service. For eg: if you have an apache instance that's bound to that IP address, make sure you make adjustments/corrections or turn it off before you unplumb your interface).
You don't have to necessarily reboot to make this happen. Just make sure you don't leave any stone unturned... -
[Solved] pppoe config question
On Windows OS when I setup the connection I have next attributes:
IP: 192.168.1.2
Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS1: 213.130.16.3
DNS2: 213.130.16.20
Login: login
Password: pass
When I run pppoe-setup it asks me about login, pass, primary and secondary dns, about firewall stuff etc.
Then I add to /etc/resolv.conf
nameserver 213.130.16.3
nameserver 213.130.16.20
The interface should that should be registered is ppp0, right?
After that I run these
ifconfig ppp0 up
route del default
route add default ppp0
But what about the gateway, netmask and IP address?
There are no such parameters in /etc/pppoe/pppoe.conf.
Last edited by Doctor Drive (2012-01-19 16:46:47)pyther wrote:
export DEBUG=1
pppoe-start
paste the output
* The following section contains information about your system
Thu Jan 19 19:28:10 EET 2012
Output of uname -a
Linux myhost 3.0-ARCH #1 SMP PREEMPT Wed Aug 17 21:55:57 CEST 2011 x86_64 Intel(R) Celeron(R) CPU 2.80GHz GenuineIntel GNU/Linux
* The following section contains information about your network
* interfaces. The one you chose for PPPoE should contain the words:
* 'UP' and 'RUNNING'. If it does not, you probably have an Ethernet
* driver problem.
Output of ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:30:67:E4:16:8B
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
* The following section contains information about kernel modules
* If the module for your Ethernet card is 'tulip', you might
* want to look for an updated version at http://www.scyld.com
Output of lsmod
Module Size Used by
appletalk 26298 0
ipx 20363 0
p8022 1171 1 ipx
psnap 1973 2 appletalk,ipx
llc 3761 2 p8022,psnap
p8023 1068 1 ipx
ipv6 290407 14
fuse 67290 2
nls_cp437 5921 1
vfat 10247 1
fat 49473 1 vfat
ppdev 5774 0
i915 707307 1
evdev 9530 0
drm_kms_helper 25409 1 i915
usb_storage 44263 1
snd_hda_codec_via 55568 1
usbhid 35256 0
pcspkr 1819 0
uas 8088 0
i2c_i801 8187 0
hid 81635 1 usbhid
sg 25557 0
drm 183380 2 i915,drm_kms_helper
snd_hda_intel 22122 0
iTCO_wdt 12717 0
snd_hda_codec 77927 2 snd_hda_codec_via,snd_hda_intel
iTCO_vendor_support 1929 1 iTCO_wdt
snd_hwdep 6325 1 snd_hda_codec
parport_pc 31610 0
snd_pcm 73856 2 snd_hda_intel,snd_hda_codec
parport 31375 2 ppdev,parport_pc
processor 24256 0
i2c_algo_bit 5199 1 i915
i2c_core 20133 5 i915,drm_kms_helper,i2c_i801,drm,i2c_algo_bit
snd_timer 19416 1 snd_pcm
atl1c 32528 0
thermal 7863 0
snd 57786 6 snd_hda_codec_via,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_timer
soundcore 6146 1 snd
button 4470 1 i915
video 11228 1 i915
intel_agp 10904 1 i915
intel_gtt 14423 3 i915,intel_agp
snd_page_alloc 7121 2 snd_hda_intel,snd_pcm
ext4 369556 1
mbcache 5817 1 ext4
jbd2 71074 1 ext4
crc16 1297 1 ext4
sr_mod 14951 0
cdrom 36329 1 sr_mod
sd_mod 28307 6
pata_acpi 3376 0
ata_piix 22005 3
uhci_hcd 23084 0
libata 173297 2 pata_acpi,ata_piix
ehci_hcd 39511 0
scsi_mod 131482 6 usb_storage,uas,sg,sr_mod,sd_mod,libata
usbcore 142544 6 usb_storage,usbhid,uas,uhci_hcd,ehci_hcd
* The following section lists your routing table.
* If you have an entry which starts with '0.0.0.0', you probably
* have defined a default route and gateway, and pppd will
* not create a default route using your ISP. Try getting
* rid of this route.
Output of netstat -n -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
Contents of /etc/resolv.conf
* The following section lists DNS setup.
* If you can browse by IP address, but not name, suspect
* a DNS problem.
# MADE-BY-RP-PPPOE
nameserver 213.130.16.3
nameserver 213.130.16.20
* The following section lists /etc/ppp/options.
* You should have NOTHING in that file.
Contents of /etc/ppp/options
# /etc/ppp/options
# Originally created by Jim Knoble <[email protected]>
# Modified for Debian by alvar Bray <[email protected]>
# Modified for PPP Server setup by Christoph Lameter <[email protected]>
# Modified for ArchLinux by Manolis Tzanidakis <[email protected]>
# To quickly see what options are active in this file, use this command:
# egrep -v '#|^ *$' /etc/ppp/options
# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2
# Specify which WINS Servers the incoming connection Win95 or WinNT should use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51
# Run the executable or shell command specified after pppd has
# terminated the link. This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"
# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it. 0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0
# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts
# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff
# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map). The characters to be escaped are
# specified as a list of hex numbers separated by commas. Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified. The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff
# Don't use the modem control lines.
#local
# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock
# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password
# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password
# Use the modem control lines. On Ultrix, this option implies hardware
# flow control, as for the crtscts option. (This option is not fully
# implemented.)
modem
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0
# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
#noipdefault
# Enables the "passive" option in the LCP. With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive
# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent
# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all
# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac
# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am
# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach
# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip
# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip
# Disable magic number negotiation. With this option, pppd cannot
# detect a looped-back line.
#-mn
# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru
# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc
# Require the peer to authenticate itself using PAP.
#+pap
# Don't agree to authenticate using PAP.
#-pap
# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap
# Don't agree to authenticate using CHAP.
#-chap
# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj
# Increase debugging level (same as -d). If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form. The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
#debug
# Append the domain name <d> to the local host name for authentication
# purposes. For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>
# Enable debugging code in the kernel-level PPP driver. The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>
# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname
# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp
# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
# login
# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30
# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection. Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4
# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>
# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>
# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>
# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>
# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>
# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>
# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>
# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>
# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>
# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>
# Set the maximum time that pppd will wait for the peer to authenticate
# itself with PAP to <n> seconds (0 means no limit).
#pap-timeout <n>
# Set the CHAP restart interval (retransmission timeout for
# challenges) to <n> seconds (default 3).
#chap-restart <n>
# Set the maximum number of CHAP challenge transmissions to <n>
# (default 10).
#chap-max-challenge
# If this option is given, pppd will rechallenge the peer every <n>
# seconds.
#chap-interval <n>
# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local
# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote
# Disable the IPXCP and IPX protocols.
# To let pppd pass IPX packets comment this out --- you'll probably also
# want to install ipxripd, and have the Internal IPX Network option enabled
# in your kernel. /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
noipx
# Exit once a connection has been made and terminated. This is the default,
# unless the `persist' or `demand' option has been specified.
#nopersist
# Do not exit after a connection is terminated; instead try to reopen
# the connection.
#persist
# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
#maxfail <n>
# Initiate the link only on demand, i.e. when data traffic is present.
# With this option, the remote IP address must be specified by the user on
# the command line or in an options file. Pppd will initially configure
# the interface and enable it for IP traffic without connecting to the peer.
# When traffic is available, pppd will connect to the peer and perform
# negotiation, authentication, etc. When this is completed, pppd will
# commence passing data packets (i.e., IP packets) across the link.
#demand
# Specifies that pppd should disconnect if the link is idle for <n> seconds.
# The link is idle when no data packets (i.e. IP packets) are being sent or
# received. Note: it is not advisable to use this option with the persist
# option without the demand option. If the active-filter option is given,
# data packets which are rejected by the specified activity filter also
# count as the link being idle.
#idle <n>
# Specifies how many seconds to wait before re-initiating the link after
# it terminates. This option only has any effect if the persist or demand
# option is used. The holdoff period is not applied if the link was
# terminated because it was idle.
#holdoff <n>
# Wait for up n milliseconds after the connect script finishes for a valid
# PPP packet from the peer. At the end of this time, or when a valid PPP
# packet is received from the peer, pppd will commence negotiation by
# sending its first LCP packet. The default value is 1000 (1 second).
# This wait period only applies if the connect or pty option is used.
#connect-delay <n>
# Packet filtering: for more information, see pppd(8)
# Any packets matching the filter expression will be interpreted as link
# activity, and will cause a "demand" connection to be activated, and reset
# the idle connection timer. (idle option)
# The filter expression is akin to that of tcpdump(1)
#active-filter <filter-expression>
# uncomment the line below this if you use PPPoE
#plugin /usr/lib/pppd/plugins/pppoe.so
# ---<End of File>---
* The following section identifies your Ethernet interface
* and user name. Some ISP's need 'username'; others
* need '[email protected]'. Try both
ETH=eth0; USER=serbin
* The following section shows the pppd command we will invoke
pppd invocation
/usr/bin/setsid /usr/sbin/pppd pty '/usr/sbin/pppoe -p /var/run/pppoe.conf-pppoe.pid.pppoe -I eth0 -T 80 -U -m 1412 ' noipdefault noauth default-asyncmap defaultroute hide-password nodetach mtu 1492 mru 1492 noaccomp nodeflate nopcomp novj novjccomp user serbin lcp-echo-interval 20 lcp-echo-failure 3 debug
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/0
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xf5bd490b>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
script /usr/sbin/pppoe -p /var/run/pppoe.conf-pppoe.pid.pppoe -I eth0 -T 80 -U -m 1412 -D /tmp/pppoe-debug-674/pppoe-debug.txt-0, pid 744
pppoe: Timeout waiting for PADO packets
Script /usr/sbin/pppoe -p /var/run/pppoe.conf-pppoe.pid.pppoe -I eth0 -T 80 -U -m 1412 -D /tmp/pppoe-debug-674/pppoe-debug.txt-0 finished (pid 744), status = 0x1
* The following section is an extract from your log.
* Look for error messages from pppd, such as
* a lack of kernel support for PPP, authentication failure
* etc.
Can't find messages file (looked for /var/{log,adm}/messages
Thu Jan 19 19:28:45 EET 2012
* The following section is a dump of the packets
* sent and received by rp-pppoe. If you don't see
* any output, it's an Ethernet driver problem. If you only
* see three PADI packets and nothing else, check your cables
* and modem. Make sure the modem lights flash when you try
* to connect. Check that your Ethernet card is in
* half-duplex, 10Mb/s mode. If all else fails,
* try using pppoe-sniff.
rp-pppoe debugging dump
rp-pppoe-3.10
19:28:10.635 SENT PPPoE Discovery (8863) PADI sess-id 0 length 12
SourceAddr 00:30:67:e4:16:8b DestAddr ff:ff:ff:ff:ff:ff
01 01 00 00 01 03 00 04 e8 02 00 00 ............
19:28:15.641 SENT PPPoE Discovery (8863) PADI sess-id 0 length 12
SourceAddr 00:30:67:e4:16:8b DestAddr ff:ff:ff:ff:ff:ff
01 01 00 00 01 03 00 04 e8 02 00 00 ............
19:28:25.651 SENT PPPoE Discovery (8863) PADI sess-id 0 length 12
SourceAddr 00:30:67:e4:16:8b DestAddr ff:ff:ff:ff:ff:ff
01 01 00 00 01 03 00 04 e8 02 00 00 ............
Maybe you are looking for
-
Can multiple Macs access the same firewire volume simultaneously?
I have a firewire drive and hub, and two Mac Minis. I would like to use this hardware to build an Oracle 10g Real Application Cluster (RAC). To do this, both Macs would have to be able to read/write blocks on the same volume on the firewire drive (Or
-
I am using Final Cut Pro 4 and have a 2 1/2 hour movie that I need to fit onto iDVD. I tried compressing the file with Compresor, but iDVD dosn't recognize compressed files. What can I do to fit this movie onto iDVD? Is there a specific export settin
-
Where can i find free web hosting??
i am building my own web site using the JavaServer Pages technology. Can some one told me that why can i upload the file?? is that any web site provide the free services for me to upload the file? thank for your help.
-
Type casting an array as element
Hello all, I'm relatively new to labVIEW and I would like your help with something. Let us say I have an array of two I16 elements. I would like to type cast it into one single U32 element. In C, I could simple read it as a U32 or use pointers to get
-
Problem seems to occur only after "sticking" URL requires a login but is not consistent.