NTP on clients

Does an NTP (local) consumer server automatically update the time on all
workstations attached to it via client 32, or do any properties need to be
set.
Peter

On Mon, 25 Apr 2005 10:03:41 GMT, "Peter" <[email protected]> wrote:
>Does an NTP (local) consumer server automatically update the time on all
>workstations attached to it via client 32, or do any properties need to be
>set.
Workstations using the Novell client will update their time when they
log in to a NetWare server. Any other updates to time on the
workstations will require running other software.
Donald Albury
Novell Product Support Volunteer SysOp
Sorry, no replies to e-mail responses
"If something is so complicated that you can't
explain it in 10 seconds, then it's probably not
worth knowing anyway." Bill Waterson

Similar Messages

L4 ASA5520 Firewall act as NTP Server/Client

Hi experts,
I know that ASA can act as ntp server/client simultaneously, so my question is, do you preffer/recommend to use dorder router or FW such as ASA to act as NTP server for internal switch/router as well as the windows hosts??? I know that network equipments is ok, but not sure how about synch time from ASA to windows hosts.
so, I've ASA 5520 and designed to be reside on L4 Firewall, and also create one DMZ, and put PDC on inside's ASA. then what is the best practice for time stratum?
1) Use L4 FW, asa 5520 to get time from internet, and configure it to NTP server as well as. then my internal switches/routers and windows PDC(primary domain controller)could set their time source to border asa 5520.
2) Set internal PDC to take time from internet, supposed to allow to pass only ntp between PDC/internet via ASA 5520, then L4 ASA 5520 and others sw/routers get time from insides PDC...
can some one point me out?
Thanks and regards,
Taixing An

My central point for sync NTP is my SVI in Management, and this one Sync from Internet in last case i have a less prefered end-point (PDC)

Are there open directory "preferences" to configure NTP on client workstations?

A quick query, is there a way to set NTP settings for OD clients via preferences? or possibly a script that can be used to set the NTP server?
Thanks

If you have Apple Remote Desktop send this unix command.
systemsetup -setnetworktimeserver time.apple.com
Just change time.apple.com to your local time server.

Ntp on nexus Nexus5020

Hello,
is it possible to configure nexus with ntp broadcast client ?
nx-os:
kickstart.4.1.3.N2.1a.bin
thanx

Hello
NTP broadcast client is not supported in any NX-OS
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv33349
Thanks
-Prashanth

NTP on Cat2900XL and Cat3500XL switches

Can these switches be configured using NTP with "ntp server x.x.x.x"? The Configuration guide was saying that it can configure this but the command reference did not have this command, only "ntp broadcast client"! It's kinda confusing and I do not have a switch (of these series) on hand to confirm it.
Please advise. Thank you.

Hi,
It is possible to configure NTP on XL switches. I am using a 3500XL switch and ntp is configured in it.
Might differ with the IOS being used.
3500XL#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 03-Apr-00 17:31 by swati
Image text-base: 0x00003000, data-base: 0x00301398
ROM: Bootstrap program is C3500XL boot loader
System image file is "flash:c3500XL-c3h2s-mz-120.5-XU.bin"
cisco WS-C3548-XL (PowerPC403) processor (revision 0x01) with 16384K/1024K bytes of memory.
Processor board ID 0x17, with hardware revision 0x00
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Configuration register is 0xF
#### NTP Config ###
ntp authentication-key 11111 md5 1234567
ntp authenticate
ntp trusted-key 11111
ntp clock-period 11259058
ntp server x.x.x.x key 11111
### NTP Association status ###
3500XL#sh ntp assoc
address ref clock st when poll reach delay offset disp
*~x.x.x.x y.y.y.y 2 4 64 377 1.6 -0.43 1.3
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
3500XL#
thanks,
Naveen V

CSCuq23854 - 4507 with sup7L-E - ntp broadcast can be configured only on one SVI

Use the following config on the interface vlan that is going to broeadcust the ntp
for example
int vlan 15
ntp broadcast destination <...ip address of client switch management vlan..>
! create acess list for Ntp peer group and allow the client side switch management IP
access-list 5 permit 10.1.15.5
access-list 5 deny any log
ntp access-group peer 5
============================
On the client side
int vlan 15
ntp broadcast client.
Hope that helps....

- in the config section of your application in formsweb.cfg add : userid=@dbname
- in the login-form in WHEN-NEW-FORM-INSTANCE-Trigger access the Database name with
v_ connect_string := GET_APPLICATION_PROPERTY(connect_string);
Put this value into your block/field ...

NTP Authentication Problem

Dear All
I'm solaris user . I need to setup NTP authentication for my office server but I have some question for ntp setting up. I need to know if i set authen NTP the client that doesn't set for authen key can sync time from authen ntp server or not ?? when i setup the authen at ntp server why the simple ntp can sync my authen time server ? Below is my config file
ntpserver
(ntp.conf)
server 127.127.1.0 prefer key 4
#fudge 127.127.XType.0 stratum 0
#broadcast 224.0.1.1 key 4 ttl 4
enable auth monitor
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable
keys /etc/inet/ntp.keys
trustedkey 4
#requestkey 0
#controlkey 0
(ntp.keys)
4 M DonTTelL
6 M hElloWorld
22 M ImASecret
ntpclient
(ntp.conf)
#driftfile /var/ntp/drift
server 192.168.109.11 prefer key 4
#multicastclient 224.0.1.1 key 4
keys /etc/inet/ntp.keys
trustedkey 4
(ntp.keys)
4 M DonTTelL
6 M hElloWorld
22 M ImASecret
more information below
this ntpq output of ntp client that set authen key
root@sol9_e250 # ntpq
ntpq> pe
remote refid st t when poll reach delay offset disp
==============================================================================
*sol9_11 LOCAL(0) 4 u 18 64 377 0.81 -8.976 2.09
ntpq> as
ind assID status conf reach auth condition last_event cnt
===========================================================
1 20676 f614 yes yes ok sys.peer reachable 1
And this is ntpq output from ntp client that's not set key authen
sol9_55(root):[etc/init.d] # ntpq
ntpq> pe
remote refid st t when poll reach delay offset disp
==============================================================================
sol9_11 0.0.0.0 16 - - 64 0 0.00 0.000 16000.0
ntpq> as
ind assID status conf reach auth condition last_event cnt
===========================================================
1 16100 c000 yes no
But all of ntp client can sync time . I don't know why . My opinion it should be sync only ntp client that set key authen , isn't it ??
who has information or recommend please help me .
Thank
Sontas J.
(sorry about my english )

Dear All
I'm solaris user . I need to setup NTP authentication
for my office server but I have some question for ntp
setting up. I need to know if i set authen NTP the
client that doesn't set for authen key can sync time
from authen ntp server or not ?? when i setup the
authen at ntp server why the simple ntp can sync my
authen time server ? Below is my config file Yes. You are thinking about authentication backwards.
In NTP, the keys are set up so the client knows it can trust the server, not the other way around. Unless the client has enabled authentication, the server doesn't care about the keys.
Clients don't access anything on the NTP server, so autheticating them to the server has no real purpose. What you don't want is someone pretending to be a trusted server and handing your client the wrong time. Key setup makes that scenario more difficult.
if you don't want a client to access the server, you'll want to set up restriction lists (or firewall them).
Darren

UCCX 8.5 HA NTP issues (virtual servers)

Hello,
I'm working with an UCCX HA server that is having NTP issues. It reports that it is synchronized, but at stratum 16, which is considered to be unsynchronized. Also, it's always exactly 3 seconds off. I'm not sure if this is related, yet, but every time the servers failover, agents get licensing errors and cannot log into CAD.
PRIMARY UCCX
admin:utils ntp status
ntpd (pid 17380) is running...
     remote           refid      st t when poll reach   delay   offset jitter
==============================================================================
*198.147.23.5    139.78.135.14    2 u 291 512 377   37.758    5.479   0.298
+173.203.211.73 71.252.193.25    3 u 164 512 377   14.891   -1.871   0.106
+204.13.164.164 140.142.16.34    2 u 157 512 377   68.322   -0.486   0.053
synchronised to NTP server (198.147.23.5) at stratum 3
   time correct to within 57 ms
   polling server every 512 s
Current time in UTC is : Mon Mar 11 16:01:09 UTC 2013
Current time in America/Denver is : Mon Mar 11 10:01:09 MDT 2013
HA UCCX
admin:utils ntp status
ntpd (pid 16801) is running...
     remote           refid      st t when poll reach   delay   offset jitter
==============================================================================
*10.10.130.12    198.147.23.5     3 u   24   64   17   56.269 -2318.6   1.887
synchronised to NTP server (STEP) at stratum 16
   time correct to within 251 ms
   polling server every 64 s
Current time in UTC is : Mon Mar 11 16:01:12 UTC 2013
Current time in America/Denver is : Mon Mar 11 10:01:11 MDT 2013
Additionally, the following alert shows up in RTMT
At Wed Feb 13 11:11:17 MST 2013 on node 10.10.111.12; the following SyslogSeverityMatchFound events generated: SeverityMatch : Critical MatchedEvent : Feb 13 11:11:06 MVTUCCXHA2 user 2 ntpRunningStatus.sh: The local NTP client is off by more than the acceptable threshold of 3 seconds from its remote NTP system peer. The normal remedy is for NTP Watch Dog to automatically restart NTP. However; an unusual number of automatic NTP restarts have already occurred on this node. No additional automatic NTP restarts will be done until NTP time synchronization stabilizes. This is likely due to an excessive number of VMware Virtual Machine migrations or Storage VMotions. Please consult your VMware Infrastructure Support Team. AppID : Cisco Syslog Agent ClusterID : NodeID : MVTUCCXHA2 TimeStamp : Wed Feb 13 11:11:06 MST 2013
The servers are installed in a VMWare vSphere virtual environment on Cisco-approved IBM hosts. They have not been vmotioned or storage vmotioned.
Originally, the servers were configured to get time from Microsoft domain controllers. Since they use SNTP and UC servers require NTPv4, I configured the primary UCCX server to use public NTPv4 servers. I have updated vmware tools on both servers and rebooted the servers and restarted ntp services, but nothing will get time to synchronize on the HA server.
Finally, there are other UC servers (CUCM & CUC) set up to use the same NTP servers, but the HA servers cannot synchronize their time no matter what I do. I've tried different NTP servers both on the LAN and public ones. I thought I would include this detail since my gut is telling me that this issue has something to do with the virtual environment.
HA CUC
admin:utils ntp status
ntpd (pid 14554) is running...
     remote           refid      st t when poll reach   delay   offset jitter
==============================================================================
10.10.111.11    204.13.164.164   3 u    -   64    1   50.504 431.491 221.689
unsynchronised
time server re-starting
   polling server every 64 s
Current time in UTC is : Mon Mar 11 15:20:22 UTC 2013
Current time in America/Denver is : Mon Mar 11 09:20:22 MDT 2013
I can see NTP traffic between the two servers:
admin:utils network capture port 123
Executing command with options:
size=128                count=1000              interface=eth0
src=                    dest=                   port=123
ip=
09:29:28.051951 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:28.105679 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
09:29:30.049773 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:30.100371 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
09:29:32.051282 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:32.103161 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
09:29:34.049279 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:34.100112 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
09:29:36.050723 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:36.101990 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
09:29:38.052193 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:38.103854 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
09:29:40.050156 IP MVTCUCNXHA.mvte.com.ntp > MVTCUCNXPRI.mvte.com.ntp: NTPv4, Client, length 48
09:29:40.100831 IP MVTCUCNXPRI.mvte.com.ntp > MVTCUCNXHA.mvte.com.ntp: NTPv4, Server, length 48
Any ideas?
Thanks!
Pashtoun

Thanks for the reply Graham! I'm aware that windows does not implement NTP correctly, which is why I was trying NTPv4 and IOS time servers.The NTP issue I was troubleshooting actually ended up being a combination of a couple issues:
1. Cisco Bug CSCtw46611
2. The virtual UC servers need to be configured with the same NTP server as those configured on the VMWare hosts they run in.
The time issue on CUCM and CUC was resolved by the workaround in (1) and the changes made on the hosts regarding (2). The time issue on UCCX was resolved by (2) since it is not affected by the bug. There were some really bizarre issues that went away once NTP was fixed: UCCX would lose data sync with CUCM every time CUCM was rebooted, the voice ports on the HA CUC server had terrible voice quality or would never pick up (eternal ringback), and UCCX failover didn't work (licensing errors, etc as explain in my original post).

Timezone in ntp status

Hi
Please find below the output of "show ntp status" command on a NTP Server & client Routers.
NTP Server
Clock is synchronized, stratum 2, reference is 208.184.49.9
nominal freq is 250.0000 Hz, actual freq is 250.0001 Hz, precision is 2**18
reference time is C6D04612.22EA36B7 (21:23:14.136 kuwait Mon Sep 12 2005)
clock offset is 0.4224 msec, root delay is 217.96 msec
root dispersion is 1.24 msec, peer dispersion is 0.82 msec
NTP Client
Clock is synchronized, stratum 3, reference is xxx.xxx.xxx.xxx (IP address of the NTP Server)
nominal freq is 250.0000 Hz, actual freq is 250.0055 Hz, precision is 2**24
reference time is C6D04AF3.9FC434D0 (18:44:03.624 UTC Mon Sep 12 2005)
clock offset is 0.1061 msec, root delay is 220.26 msec
root dispersion is 1.07 msec, peer dispersion is 0.03 msec
The NTP Server's clock timezone (Kuwait) is configured properly. Why the NTP Client router (Shows UTC timezone) doesn't have the same timezone as of the NTP Server?
Also the following messages keep appearing on the console of the NTP Server Router. Is it related to NTP?
Sep 12 10:28:43.768: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:29:15.379: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:29:25.483: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:29:31.023: %DSX1-6-CLOCK_CHANGE: Controller 0 clock is now selected as clock source
Sep 12 10:29:32.159: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:29:55.471: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:30:56.686: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:31:56.185: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:32:04.152: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:32:10.900: %DSX1-6-CLOCK_CHANGE: Controller 0 clock is now selected as clock source
Sep 12 10:33:26.163: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:33:56.135: %DSX1-6-CLOCK_CHANGE: Controller 0 clock is now selected as clock source
Sep 12 10:34:09.770: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:34:16.942: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:34:18.046: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Appreciate your reply.
Thanks in advance. // Anup

Anup
I believe the console message you ask about is not at all related to your NTP question. It looks to me like something is unstable about clocking for some serial interface or controller.
The explanation of your NTP question is that NTP transmits time in Universal Time (UTC) and the router translates that time into local timezone if it is configured to do so. Apparently the server has been configured to adjust for local time of Kuwait and the client has not. The command to adjust for local timezone is in global config:
clock timezone
If you configure this on the client you should find that the time is correctly translated.
HTH
Rick

Slow DNS resolution

Folks;
*I have Mac OS X Leopard 10.5.6 up to date and since few days, the DNS resolution is very slow, about 5 seconds to resolve names.*
*For example :*
# ping test.com
*(wait 5 seconds)*
PING test.com (205.178.152.103): 56 data bytes
*Of course it also happen in firefox and in all other internet applications. Each time I'm loading a web page, I have to wait 5 seconds...*
*If I try a few seconds later, it answer immediately, but a few minutes later, it take again 5 seconds to resolve the name.*
*I'm not sure, and maybe it's just a coincidence, but it came just after the installation of Adobe Photoshop 4.*
*I think about a virus or some mysterious mac os parameters ...*
*I try* dscacheutil -flushcache *with no effect.*
*My /etc/hosts is :*
nameserver 212.27.40.240
*I only have 1 dns server, and when I try :*
nslookup test.com 212.27.40.240
*It answer immediately :*
Server: 212.27.40.240
Address: 212.27.40.240#53
Non-authoritative answer:
Name: test.com
Address: 205.178.152.103
*I tried with many others DNS and also with a local DNS server (bind) with the same result.*
*The output of :*
# dscacheutil -statistics
Overall Statistics:
Average Call Time - 1.298089
Cache Hits - 1813
Cache Misses - 1888
Total External Calls - 2662
Statistics by procedure:
Procedure Cache Hits Cache Misses External Calls
getpwnam 151 15 166
getpwuid 842 34 876
getpwent 0 0 2
getgrnam 38 18 56
getgrgid 15 16 31
getgrent 0 0 2
getservbyname 7 5 7
getservent 0 0 6
getprotobyname 0 2 2
getfsent 0 0 14
getaddrinfo 0 0 1117
getnameinfo 53 189 242
gethostbyname 537 591 42
gethostbyaddr 16 71 87
gethostbymac 5 4 9
_flushcache 0 0 3
*As you can see, "Average Call Time" is very high, it should be 0.0xxxxx*
*ifconfig output :*
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0 mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:1b:63:96:ab:e1
media: autoselect status: inactive
supported media: autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 10baseT/UTP <full-duplex,flow-control> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback> 100baseTX <full-duplex,flow-control> 1000baseT <full-duplex> 1000baseT <full-duplex,hw-loopback> 1000baseT <full-duplex,flow-control> none
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:1c:b3:ff:fe:86:88:46
media: autoselect <full-duplex> status: inactive
supported media: autoselect <full-duplex>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:1b:63:ca:a9:93
media: autoselect status: active
supported media: autoselect
*dtruss output :*
# dtruss ping itt.com
SYSCALL(args) = return
ioctl(0x3, 0x80086804, 0xBFFFE488) = 0 0
close(0x3) = 0 0
__sysctl(0xBFFFE35C, 0x2, 0xBFFFE364) = 0 0
bsdthread_register(0x91CD1F30, 0x91D0A2A4, 0x1000) = 0 0
open_nocancel("/dev/urandom\0", 0x0, 0x0) = 3 0
read_nocancel(0x3, "\377~\360U\360\211\303\231l\2725\002\265\327\247\371N`#_\314.\323@\022u\323\34 6'\224\314\271\0", 0x20) = 32 0
close_nocancel(0x3) = 0 0
mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0x100000000) = 0x1E000 0
mmap(0x0, 0x200000, 0x3, 0x1002, 0x7000000, 0x100000000) = 0x21000 0
munmap(0x21000, 0xDF000) = 0 0
munmap(0x200000, 0x21000) = 0 0
mmap(0x0, 0x3000, 0x3, 0x1002, 0x1000000, 0x100000000) = 0x21000 0
getpid(0x0, 0x3000, 0x3) = 1436 0
socket(0x2, 0x3, 0x1) = 3 0
getuid(0x2, 0x3, 0x1) = 0 0
setuid(0x0, 0x3, 0x1) = 0 0
getuid(0x0, 0x3, 0x1) = 0 0
getpid(0x0, 0x0, 0x0) = 1436 0
__sysctl(0xBFFFE678, 0x3, 0xBFFFFA98) = 0 0
issetugid(0xBFFFE678, 0x3, 0xBFFFFA98) = 0 0
__sysctl(0xBFFFE534, 0x2, 0xBFFFE4FC) = 0 0
__sysctl(0xBFFFE4FC, 0x2, 0xBFFFE57C) = 0 0
sharedregion_checknp(0xBFFFFA78, 0x2, 0xBFFFE57C) = 0 0
stat("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0xBFFFD6E8, 0xBFFFE57C) = 0 0
open("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x0, 0x0) = 3 0
pread(0x3, "\312\376\272\276\0", 0x1000, 0x0) = 4096 0
pread(0x3, "\316\372\355\376\a\0", 0x1000, 0x9000) = 4096 0
mmap(0x19000, 0x1000, 0x5, 0x12, 0x3, 0x100000000) = 0x19000 0
mmap(0x1A000, 0x1000, 0x3, 0x12, 0x3, 0x100000000) = 0x1A000 0
mmap(0x1B000, 0x1000, 0x7, 0x12, 0x3, 0x100000000) = 0x1B000 0
mmap(0x1C000, 0x1900, 0x1, 0x12, 0x3, 0x100000000) = 0x1C000 0
fcntl(0x3, 0x2C, 0xFFFFFFFFBFFFBD54) = 0 0
close(0x3) = 0 0
stat("/usr/lib/libgcc_s.1.dylib\0", 0xBFFFD4E8, 0xFFFFFFFFBFFFBD54) = 0 0
stat("/usr/lib/libSystem.B.dylib\0", 0xBFFFD4E8, 0xFFFFFFFFBFFFBD54) = 0 0
stat("/usr/lib/system/libmathCommon.A.dylib\0", 0xBFFFD328, 0xFFFFFFFFBFFFBD54) = 0 0
open("/dev/dtracehelper\0", 0x2, 0xBFFFE504) = 3 0
PING itt.com (199.253.127.99): 56 data bytes
sigaction(0x2, 0xBFFEF6E0, 0x0) = 0 0
sigaction(0x1D, 0xBFFEF6E0, 0x0) = 0 0
sendto(0x3, 0x5234, 0x40) = 64 0
select(0x4, 0xBFFFF9DC, 0x0, 0x0, 0xBFFFFB30) = 1 0
recvmsg(0x3, 0xBFFFFAC4, 0x0) = 153 0
setsockopt(0x3, 0xFFFF, 0x400) = 0 0
setsockopt(0x3, 0xFFFF, 0x1002) = 0 0
setsockopt(0x3, 0xFFFF, 0x1001) = 0 0
fstat64(0x1, 0xBFFEEE64, 0x1001) = 0 0
ioctl(0x1, 0x4004667A, 0xBFFEEECC) = 0 0
mmap(0x0, 0x1000000, 0x3, 0x1002, 0x2000000, 0x0) = 0x200000 0
munmap(0x200000, 0x600000) = 0 0
munmap(0x1000000, 0x200000) = 0 0
write_nocancel(0x1, "PING itt.com (199.253.127.99): 56 data bytes\n\0", 0x2D) = 45 0
select(0x4, 0xBFFFF9DC, 0x0, 0x0, 0xBFFFFB30) = 0 0
sendto(0x3, 0x5234, 0x40) = 64 0
©select(0x4, 0xBFFFF9DC, 0x0, 0x0, 0xBFFFFB30) = 0 0
sendto(0x3, 0x5234, 0x40) = 64 0
select(0x4, 0xBFFFF9DC, 0x0, 0x0, 0xBFFFFB30) = 0 0
sendto(0x3, 0x5234, 0x40) = 64 0
^C
*tcpdump output (with # ping ita.fr) :*
# tcpdump -i en1
00:26:06.469246 IP 192.168.0.10.49985 > 192.168.2.1.domain: 64308+ A? ita.fr. (24)
00:26:06.486473 IP 43.242.3.202.dial.dyn.mana.pf.22369 > 192.168.0.10.42567: UDP, length 85
00:26:06.487552 IP 192.168.0.10.42567 > 43.242.3.202.dial.dyn.mana.pf.22369: UDP, length 35
00:26:07.277453 IP 192.168.0.10.49938 > 192.168.2.1.domain: 44176+ PTR? 43.242.3.202.in-addr.arpa. (43)
00:26:09.346380 IP 192.168.0.10.ntp > time4.euro.apple.com.ntp: NTPv4, Client, length 48
00:26:09.541593 IP time4.euro.apple.com.ntp > 192.168.0.10.ntp: NTPv4, Server, length 48
00:26:11.467716 IP 192.168.0.10.61034 > dns1.proxad.net.domain: 64308+ A? ita.fr. (24)
00:26:11.469940 arp who-has 192.168.0.10 tell 192.168.0.254
00:26:11.469996 arp reply 192.168.0.10 is-at 00:1b:63:ca:a9:93 (oui Unknown)
^C
*ps aux output :*
# ps aux
$USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 15 4.2 0.0 599620 284 ?? Ss 10:27AM 0:23.20 /usr/sbin/update
fanzila 330 3.1 0.8 302188 16000 ?? R 12:06PM 0:41.58 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn0413797
fanzila 994 2.6 8.2 486288 172048 ?? S 11:33PM 5:53.31 /Applications/Firefox.app/Contents/MacOS/firefox-bin -psn01122578
_windowserver 54 2.5 4.6 405476 97200 ?? Ss 10:27AM 6:30.50 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphic s.framework/Resources/W
fanzila 1092 1.2 3.2 473732 66856 ?? S 11:52PM 0:34.00 /Applications/Adobe Photoshop CS4/Adobe Photoshop CS4.app/Contents/MacOS/Adobe Photoshop CS4 -psn012
root 33 1.1 0.2 78660 3796 ?? Ss 10:27AM 0:16.79 /usr/sbin/DirectoryService
fanzila 23 0.5 0.4 298916 8368 ?? Ss 10:27AM 0:14.18 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
fanzila 130 0.5 0.6 305176 13164 ?? S 10:38AM 0:17.71 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer -psn053261
fanzila 1332 0.0 0.1 2926604 2376 ?? S 12:20AM 0:00.10 /Applications/CrossOver.app/Contents/SharedSupport/CrossOver/lib/../bin/wineloa der C:\windows\system32
fanzila 1328 0.0 0.1 79096 2432 ?? Ss 12:20AM 0:01.88 /Applications/CrossOver.app/Contents/SharedSupport/CrossOver/lib/../bin/wineser ver
fanzila 1322 0.0 0.2 2928312 5072 ?? S 12:20AM 0:00.33 /Applications/CrossOver.app/Contents/SharedSupport/CrossOver/bin/wineloader winewrapper.exe --workdir
fanzila 1321 0.0 0.1 217684 2364 ?? S 12:20AM 0:00.05 /Users/fanzila/Library/Caches/Cleanup At Startup/CrossOver CD Helper.app/Contents/MacOS/CrossOver CD H
fanzila 1317 0.0 0.2 78124 4940 ?? Ss 12:20AM 0:00.11 /usr/bin/perl -w /Applications/CrossOver.app/Contents/SharedSupport/CrossOver/bin/cxmenu --bottle winx
fanzila 1316 0.0 0.2 2928312 5072 ?? Ss 12:20AM 0:00.37 /Applications/CrossOver.app/Contents/SharedSupport/CrossOver/bin/wineloader winewrapper.exe --run -- /
fanzila 1313 0.0 0.1 227052 2960 ?? Ss 12:20AM 0:00.10 /usr/bin/quartz-wm
fanzila 1305 0.0 1.2 327344 25868 ?? S 12:20AM 0:01.48 /Applications/CrossOver.app/Contents/MacOS/CrossOver -psn01335622
fanzila 1304 0.0 0.1 225336 3004 ?? S 12:20AM 0:00.13 /Users/fanzila/Applications/CrossOver/DHO.app/Contents/MacOS/CrossOver Helper with Feedback -psn0133
fanzila 1097 0.0 0.2 91876 4644 ?? S 11:52PM 0:00.28 /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell -psn01212712
fanzila 1094 0.0 0.7 327036 15668 ?? S 11:52PM 0:14.38 /Applications/TextEdit.app/Contents/MacOS/TextEdit -psn01208615
fanzila 1093 0.0 0.1 76432 1540 ?? Ss 11:52PM 0:00.07 /Applications/Adobe Photoshop CS4/Adobe Photoshop CS4.app/Contents/Frameworks/AdobeCrashReporter.frame
fanzila 993 0.0 2.9 430152 60324 ?? U 11:33PM 0:20.24 /Applications/Path Finder.app/Contents/MacOS/Path Finder -psn01118481
fanzila 983 0.0 1.9 399876 39104 ?? S 11:32PM 0:19.28 /Applications/Skype.app/Contents/MacOS/Skype -psn01114384
fanzila 982 0.0 1.1 339696 22972 ?? U 11:32PM 0:09.25 /Applications/Adium.app/Contents/MacOS/Adium -psn01110287
fanzila 967 0.0 2.6 355348 53504 ?? S 11:32PM 0:08.98 /Applications/Mail.app/Contents/MacOS/Mail -psn01106190
fanzila 921 0.0 0.0 600252 944 s001 S+ 7:07PM 0:00.06 /bin/bash
fanzila 912 0.0 0.0 600252 756 s001 S 7:07PM 0:00.01 -bash
root 911 0.0 0.1 76592 1104 s001 Ss 7:07PM 0:00.03 login -pf fanzila
_mdnsresponder 646 0.0 0.1 77304 1164 ?? Ss 4:03PM 0:00.10 /usr/sbin/mDNSResponder -launchd
fanzila 635 0.0 0.0 601896 804 ?? S 4:02PM 0:01.19 /usr/local/bin/gpg-agent --launchd --use-standard-socket --write-env-file
root 596 0.0 0.0 600252 952 s000 S 3:55PM 0:00.43 /bin/bash
fanzila 341 0.0 0.0 600252 944 s000 S 12:06PM 0:00.07 /bin/bash
fanzila 332 0.0 0.0 600252 756 s000 S 12:06PM 0:00.02 -bash
root 331 0.0 0.1 76592 1104 s000 Ss 12:06PM 0:00.03 login -pf fanzila
fanzila 298 0.0 0.6 268748 12604 ?? U 11:54AM 0:00.91 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardC
fanzila 297 0.0 0.4 264760 8108 ?? S 11:54AM 0:00.51 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardC
fanzila 296 0.0 0.8 272252 16328 ?? S 11:54AM 0:01.51 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardC
fanzila 295 0.0 0.6 270808 12488 ?? S 11:54AM 0:01.51 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardC
fanzila 294 0.0 0.9 299344 17828 ?? S 11:54AM 0:03.26 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardC
nobody 156 0.0 0.0 76776 632 ?? Ss 10:38AM 0:00.01 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/u sbmuxd -launchd
fanzila 151 0.0 0.1 223464 2408 ?? S 10:38AM 0:00.12 /Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/MacOS/iTu nesHelper -psn0118813
fanzila 144 0.0 0.3 314696 7184 ?? S 10:38AM 0:03.93 /Library/PreferencePanes/Witch.prefPane/Contents/Resources/witchdaemon.app/Cont ents/MacOS/witchdaemon
fanzila 137 0.0 0.1 214952 2960 ?? S 10:38AM 0:00.22 /Library/Printers/hp/hpio/HPEventHandler.app/Contents/MacOS/HPEventHandler -psn069649
fanzila 129 0.0 0.6 279688 12996 ?? S 10:38AM 0:15.74 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock -psn049164
fanzila 128 0.0 0.3 136856 6420 ?? S 10:38AM 0:08.23 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/ATSServer
fanzila 127 0.0 0.0 76504 536 ?? S 10:38AM 0:00.01 /usr/sbin/pboard
fanzila 126 0.0 0.1 220304 2248 ?? S 10:38AM 0:00.28 /usr/sbin/UserEventAgent -l Aqua
fanzila 125 0.0 0.2 225908 3964 ?? S 10:38AM 0:00.26 /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
fanzila 120 0.0 0.2 257568 3348 ?? S 10:38AM 0:00.17 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent
fanzila 114 0.0 0.0 600820 560 ?? Ss 10:38AM 0:00.51 /sbin/launchd
root 108 0.0 0.2 79644 3304 ?? Ss 10:29AM 0:01.10 /usr/sbin/coreaudiod
root 95 0.0 0.1 77928 1388 ?? S 10:27AM 0:00.13 /Library/Printers/hp/hpio/HPIO Trap Monitor.app/Contents/MacOS/HPIO Trap Monitor
root 87 0.0 0.0 76572 732 ?? Ss 10:27AM 0:00.12 /Library/Frameworks/HPServicesInterface.framework/Runtime/hpusbmond
root 47 0.0 0.1 86716 1836 ?? Ss 10:27AM 0:00.16 /usr/sbin/blued
root 45 0.0 1.3 116160 27116 ?? Ss 10:27AM 0:05.43 /System/Library/CoreServices/coreservicesd
daemon 43 0.0 0.0 75356 808 ?? Ss 10:27AM 0:01.88 /usr/sbin/distnoted
root 40 0.0 0.1 75704 1500 ?? Ss 10:27AM 0:00.61 /usr/libexec/ApplicationFirewall/socketfilterfw
root 38 0.0 0.0 75388 672 ?? Ss 10:27AM 0:00.03 autofsd
root 35 0.0 0.1 77000 2080 ?? Ss 10:27AM 0:13.02 /usr/sbin/configd
root 32 0.0 0.1 75460 1104 ?? Ss 10:27AM 0:01.04 /usr/sbin/diskarbitrationd
root 29 0.0 0.0 75376 700 ?? Ss 10:27AM 0:00.01 /sbin/dynamic_pager -F /private/var/vm/swapfile
root 27 0.0 0.1 85768 1476 ?? Ss 10:27AM 0:01.70 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/
root 26 0.0 0.0 75896 600 ?? Ss 10:27AM 0:00.01 /usr/libexec/hidd
root 24 0.0 0.0 75448 644 ?? Ss 10:27AM 0:00.01 /usr/sbin/KernelEventAgent
root 21 0.0 2.9 259112 61136 ?? Ss 10:27AM 2:08.30 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Support/mds
root 19 0.0 0.1 77316 2248 ?? Ss 10:27AM 0:00.64 /usr/sbin/securityd -i
root 16 0.0 0.0 75372 640 ?? Ss 10:27AM 0:00.01 /sbin/SystemStarter
root 14 0.0 0.0 75900 824 ?? Ss 10:27AM 0:02.07 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
root 12 0.0 0.0 601332 464 ?? Ss 10:27AM 0:00.57 /usr/sbin/syslogd
root 11 0.0 0.0 600236 484 ?? Ss 10:27AM 0:00.69 /usr/sbin/notifyd
root 10 0.0 0.1 75968 1228 ?? Ss 10:27AM 0:00.86 /usr/libexec/kextd
root 1460 0.0 0.0 599788 452 s000 R+ 12:27AM 0:00.01 ps aux
root 1 0.0 0.0 600820 564 ?? Ss 10:27AM 0:00.50 /sbin/launchd
_spotlight 1453 0.0 0.1 89116 2000 ?? SNs 12:26AM 0:00.13 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdw
fanzila 1425 0.0 0.2 122524 3432 ?? SNs 12:21AM 0:00.24 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdw
fanzila 1365 0.0 0.3 2931372 6596 ?? Ss 12:21AM 0:00.36 /Applications/CrossOver.app/Contents/SharedSupport/CrossOver/lib/../bin/wineloa der C:\windows\system32
fanzila 1362 0.0 0.1 78948 1364 ?? S 12:21AM 0:00.11 /System/Library/Frameworks/CoreMIDIServer.framework/MIDIServer
*Many thanks for your help.*

fanzila wrote:
Thanks for your help nerowolfe.
If I ping or put in browser any IP, it answer immediately. It's just the resolution.
Then the problem lies with your DNS, perhaps your ISP DNS are simply slow.
I use OpenDNS servers in my router and computer and have very little latency.
Here is their webpage
http://www.opendns.com/solutions/homenetwork/

Separate VLAN for manag. only on wire?

I'm having hard time trying to understand how to configure Aironet 1200 in a way such that I have two VLANs (for example X and Y, both not 1) so that I have X for only management and management is not seen on wireless side at all, and Y for public traffic.
I went thru' all the old postings about this subject but found no complete example of running config to do it. If anyone has successfully completed doing this, please, can you post a example of IOS command listing how to do it.
Regards,
Pauli Borodulin

Here is a working config that I have. I have two wireless vlans (186, 187) and a third ethernet only vlan (101) which is the management vlan.
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 186 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxx
encryption vlan 186 key 2 size 128bit 7 xxxxxxxxxxxxxxxxxxxx
encryption vlan 186 key 3 size 128bit 7 xxxxxxxxxxxxxxxxxxxx transmit-key
encryption vlan 186 key 4 size 128bit 7 xxxxxxxxxxxxxxxxxxxx
encryption vlan 186 mode wep mandatory
encryption vlan 187 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxx transmit-key
encryption vlan 187 mode wep mandatory
ssid weponly
vlan 186
authentication open
ssid wepeap
vlan 187
authentication open eap eap_methods
authentication network-eap eap_methods
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
channel 2412
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.186
encapsulation dot1Q 186
no ip route-cache
no cdp enable
bridge-group 186
bridge-group 186 subscriber-loop-control
bridge-group 186 block-unknown-source
no bridge-group 186 source-learning
no bridge-group 186 unicast-flooding
bridge-group 186 spanning-disabled
interface Dot11Radio0.187
encapsulation dot1Q 187
no ip route-cache
no cdp enable
bridge-group 187
bridge-group 187 subscriber-loop-control
bridge-group 187 block-unknown-source
no bridge-group 187 source-learning
no bridge-group 187 unicast-flooding
bridge-group 187 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
interface FastEthernet0.101
encapsulation dot1Q 101 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.186
encapsulation dot1Q 186
no ip route-cache
bridge-group 186
no bridge-group 186 source-learning
bridge-group 186 spanning-disabled
interface FastEthernet0.187
encapsulation dot1Q 187
no ip route-cache
bridge-group 187
no bridge-group 187 source-learning
bridge-group 187 spanning-disabled
interface BVI1
ip address 172.25.101.17 255.255.255.0
no ip route-cache
ip default-gateway 172.25.101.1

1300 Bridge: VLAN and encryption question

Hi!
I configured a 1300 bridge with dot1q-VLANs and tkip/wpa encryption:
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers tkip
encryption vlan 91 mode ciphers tkip
encryption vlan 150 mode ciphers tkip
ssid skylink
vlan 1
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii 7 xxxx
short-slot-time
cca 0
concatenation
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 4000
channel 2472
station-role root
payload-encapsulation dot1h
antenna receive right
antenna transmit right
infrastructure-client
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.91
encapsulation dot1Q 91
no ip route-cache
bridge-group 91
bridge-group 91 spanning-disabled
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.91
encapsulation dot1Q 91
no ip route-cache
bridge-group 91
bridge-group 91 spanning-disabled
interface FastEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
Is it necessary to set the
encryption vlan 91 mode ciphers tkip
encryption vlan 150 mode ciphers tkip
so that all VLANs are crypted?
How can I examine that all VLANs are crypted?
Best regards
Michael Simon

No. As there is no SSID assigned to VLAN 91 and 150, I was by the TME (Technical Marketing Engineer) that the 1300 should use the encryption defined in the native VLAN (VLAN 1 in your case) to transport traffic on VLAN 91 and 150. I have not taken any wireless sniffer trace to verify it though.
There are a couple of ways to verify it:
1. a wireless sniffer trace
2. debug dot dot 0 trace print xmt rcv
Please be very careful when use option #2. Option #2 turns the wireless bridge into a wireless sniffer. If there are heavy traffic between the two bridges, the wireless bridges will crash. Please use option # 2 in test environment or limited traffic.

1200: Native VLAN & Management VLAN

I want to keep the management VLAN and native VLAN seperate. Is this the correct setup when using VLAN 999 as the native VLAN and VLAN 100 for the management VLAN.
Management VLAN 100 (10.100.0.0/24)
### Trunk SW ###
description "AP"
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
### AP ###
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 99 key 1 size 128bit 7 3831CB248113D952741376BEC352 transmit-key
encryption vlan 99 mode wep mandatory
encryption vlan 11 mode ciphers tkip
ssid xoxoxo
vlan 11
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
ssid xxx
vlan 99
authentication network-eap eap_methods
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
station-role root
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
interface Dot11Radio0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
bridge-group 99 subscriber-loop-control
bridge-group 99 block-unknown-source
no bridge-group 99 source-learning
no bridge-group 99 unicast-flooding
bridge-group 99 spanning-disabled
interface dot11radio 0.999
encapsulation dot1q 999 native
interface dot11radio 0.100
encapsulation dot1q 100
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
interface FastEthernet0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
interface FastEthernet0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
no bridge-group 99 source-learning
bridge-group 99 spanning-disabled
interface fastethernet 0.999
encapsulation dot1q 999 native
interface fastethernet 0.100
encapsulation dot1q 100
interface BVI100
ip address 10.100.0.110 255.255.255.0
no ip route-cache
ip default-gateway 10.100.0.1

This looks correct to me. Do you have a non_root bridge on their other side?
Are you able to trunk all 4 VLANS with this config?

Problems with vlan and dot1q trunking port

Dear Folks,
i have problems with my AccessPoint Konfiguration.
Even when i set the Catalyst Port to trunk, i can only connect to VLAN 1 but not to VLAN 10.
and if i change the port to statik vlan 10 i can not connect to the ap but it works...
config below:
User Access Verification
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 1200_PP_1
logging queue-limit 100
enable secret xxxx
clock timezone A 1
ip subnet-zero
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid DEPACNGLW0HS
vlan 10
authentication shared
infrastructure-ssid
mobility network-id 10
speed basic-1.0 2.0 5.5 11.0
rts threshold 2312
channel 2412
antenna receive right
antenna transmit right
station-role root
interface Dot11Radio0.1
no ip route-cache
interface Dot11Radio0.10
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
speed 100
full-duplex
ntp broadcast client
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface FastEthernet0.10
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.2.2.222 255.255.255.0
no ip route-cache
ip default-gateway 10.2.2.2
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1100
ip radius source-interface BVI1
bridge 1 route ip
line con 0
line vty 0 4
login local
line vty 5 15
login
end
it would be fine if anyone could help me....

You configure Layer 3 Mobility with WLSM. No trunking is required on the CAT switch. However, you need to set the switch port on the CAT switch as access port in VLAN 10.
Please post the WLSM and SUP720 configuration. Also, which VLAN do you want to access the AP?
The following URL may be useful for you to verify the configuration:
http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/prod_technical_reference09186a00802a86a7.html

NTP sets SMB clients to wrong time

Hi
The Server (Mac OS 10.6 server) is set as a time server for the domain but from yesterday reset most of the Windows clients that logged on via SMB to about 3/4s hr fast with the result that IP address's were dropped (Lease expired) and software relying on a network connection failed, time stamps of saved files were wrong and emails had the wrong time. In one case the month was changed to October so the guy went on holiday! Seriously, this is a big problem.
I've tried resetting the time locale, NTP time server and got rid of "LocalTime" which was a folder instead of a simlink but clients are still reporting time anomalies.
Thanks

ntp isn't particularly related to smb/cifs/samba, nor to dhcp, and ntp doesn't implement local time; ntp uses utc/gmt as the time base, and the local boxes adjust their time and timezones based on the client-local timezone definitions.
It could be that ntp is misconfigured, that something has gone seriously wacky with the ntp time base (hardware error? software error? network error? time-based attack? etc), or there's a rogue ntp server running.
Have a look at the ntp chatter in the system.log console log on the ntp server as a starting point, and at whatever passes for logging on the ntp clients, and at the settings for ntp. Out-of-the-box, there can be the requirement to tweak the ntp client or daemon configuration via the /etc/ntp.conf file, for instance.

NTP on clients

Similar Messages

Maybe you are looking for