Port 6794 Flood

Why does Verizon's private IP address default gateway for PPPoE continuously hit my router from this UDP port at multiple destinations on the public IP assigned to my router? This is an old question where I was told not to worry about it a few years back. But this happening every second can not be good. Any ideas why they need access to my router from this port? Any ideas post here or send me a PM. Thanks
Just one of thousand if not millions of firewall entries on my router. Since the Verizon router logs are are so limited it is not an issue on that router, but I store traffic for 90 days.
Time
Chain
Iface
Proto
Source
Src Port
MAC Address
Destination
Dst Port
13:00:23
INPUT
ppp0
UDP
10.80.18.75
6794
108.18.x.x
47196

They are checking for Open Proxies that use port number 47196.
What makes me think that, you might ask.
a) It is not the source port that you need to worry about, it is the Destination port.
b) I looked up on Google: port number 47196 and looked at the results back.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

Similar Messages

Layer 2 port-channel flood

Hi all,
I was wondering if you may be able to help me, hopefully I will provide enough information.
The background to my problem is this. Every Tuesday morning around 10AM we were experiencing network slowdowns, after many weeks fault finding I have narrowed it down to two backup jobs and two vlans. These are quite substantial backup jobs each 100GB in size.
The servers that are being backed-up are behind an ISA server which is controlling the routing for the subnets that these servers use. The ISA servers are load balanced using Microsoft NLB. It is thought by our security expert that this is the best way to secure these servers.
On our core switch (6513) we have a static route pointing to these subnets and the vlans are defined. Here is the basic config of one of the vlans:-
interface Vlan121
description DB vlan
no ip address
ip flow ingress
ip flow egress
end
ip route 192.168.221.0 255.255.255.0 192.168.219.10
I have managed to stop the flooding going to the user switches by denying the 121 vlan on the port-channels. The issue is still apparent however on our top of rack switches (server switches). The reason for this is, there are servers that require vlan 121 on nearly every top of rack switch.
If anyone can recommend a solution to this problem other than limiting vlans, I would greatly appreciate it.
If you require any further information, please let me know.
Kind regards,
Jamie.

Hi Jon, let me see if I can answer your questions.
There are four VLANs that reside behind the ISA VLAN -121, 122, 123 and 124. Any traffic that requires access to these VLANs have to pass through the ISA because the ISA dcontrols all the routing for the subnets associated with these VLANs.
The server that we are backing up lives on a VLAN 124 and the actual backup server lives on a VLAN outside of the protected VLANs. For the sake of argument lets say that the backup server is shown as the PC on VLAN 156.
When the 90GB backup is initiated, the traffic propagates to all trunk ports throughout the network. I see traffic running at 500Mbps and it can last for up to 20 hours.
I have managed to stop the flood to all the user switches by denying the VLANs stated above. The problem is, I can't deny those VLANs to other top of rack switches because there is at lease one server in each switch that requires one of the VLANs.
In a nutshell, when large amounts of traffic pass through VLAN 666 (ISA) we see it flood to all trunk ports. We think this could be due to the nature of MLB forming a virtual MAC address. The core doesn't know about the MAC address so it sends a unicast flood to find out where it is.
If you have any ideas please let me know.
J.

Linksys E3000 Port Flooding with Uverse DVR (IPTV)

I spent days trying to get a wireless router to work with my Uverse DVR. I have a router-behind-router configuration (ignoring the WAN port of the router & using it effectively as a switch) because my Uverse RG is in a remote section of the house and I have a CAT5 over to our entertainment room where I need two services: Uverse DVR and wireless network. I did exhaustive research and testing. The wireless router gave fantastic wireless performance, but as soon as I turned on the DVR, the ports would flood and the wireless network would become inactive. I could use the wireless network or watch TV, but not both at the same time. My router was a CISCO Linksys E3000 and I tried every type of tweak and configuration. I also tried two other Linksys routers I own (WRT610N & WRT54G) with the exact same results. I purchased a Netgear WNDR3700. By the technical specs, the E3000 and the WNDR3700 should be nearly identical. I quickly configured the Netgear WNDR3700 in the same exact router-behind-router configuration and it worked like a charm. I didn't need to any special configuration of DMZ, QOS or anything else on the Netgear. Other than the static IP for the router-behind-router, it was a plain vanilla configuration and set-up.
If anyone knows why the Linksys E3000 does not work, I would be curious to know, but it does not matter since my Netgear is working like a charm. I would also like to note that CISCO has been very helpful, but these things can be quite complex.

Hey kturner
I allmost have the same configuration like you(router behind router, - 1. router D-link 624, 2. router E3000.
The connection is as follows: ADSL to 1. router, cableconnecting switchport to 2. router (ADSL internet in) with first router
set to route LAN to LAN which gives an address on 2. router(E3000) 192.168.0.96 as in adress from the 1. router.
The E3000 then sets up it's own routingtable vithout any problem.
On the configurationspage you have to fill in at least the DNS 1. and if you haveallso DNS 2.
I've set my QoS via mac-address to my DVR and TV to high.
As both my TV and DVR is Samsung I had the problem with my TV and Samsungs Wireles Link System until
I turned it off.
And now it's all working: Streaming video from the HD on E3000
Hope itøs helpfull and god luck

Flooding listening port does

Hello,
I have just been doing some perfomance testing on one of our applications . This application is running as a jboss service on CENTOS(linux) listening for requests on a particular port, whilst testing I discovered that if this service received too many connection request on one go it would accept the connection but would not return responses. It looks like the service just stops allocating ports after a specific number of connections. All ports seem to be recycled successfully, the only way I get it to return responses is by restarting the service. It works fine if I spawn say 10000 threads seperated by 50 milliseconds, it starts failing if the thread separation times is lower.
Here is my listener code:
           ServerSocket serverSocket = new ServerSocket(list_port);
            while (listening)
                System.out.println("Server waiting on port "+list_port);
                Socket clientSocket = null;
                clientSocket = serverSocket.accept();
                new SecureGprsServer(clientSocket).start();
                System.out.println("New request received");
            } From this code when its flodded it does not even print +"Server waiting on port "+list_port);+ I can even telnet to the port. Doing a netstat shows that all ports are killed gracefully.
Please help.

It looks like the service just stops allocating ports after a specific number of connections.But 'the service' doesn't 'allocate' any 'ports' relating to incoming 'connections'. Neither does Java. Neither does anybody else.
Are there any issues related to flooding socket listeners in java?No.
More probably you have run out of threads, or you have an undetected OutOfMemoryError, something like that.

Healthservice.exe was flooding all TCP "ephemeral ports" from 49152 to 65535

Issue :
DCOM errors(Event 10009) causing in backup failures.
Investigation : Healthservice.exe
was flooding all TCP “ephemeral ports” from 49152 to 65535, generating a TCP/IP port exhaustion, while trying to login into the SQL Database. After I disabled the System
Center Management service, the backsups complete without any issue.
Background : Server hosts Sharepoint SQL databases. SCOM Agent 2007 R2 with CU4 is installed.
Thanks, Harry :-)

Hi,
May I know if there was any changes before the issue occurred, such as MP imported?
Regarding the error, please check it referring to the following post:
HP Storage MP v 2.0: DCOM EventID 10009 every 5 seconds in the System Log of the RMS
http://thoughtsonopsmgr.blogspot.com/2012/05/hp-storage-mp-v-20-dcom-eventid-10009.html
Meanwhile, if the issue occurs in Windows 7 or Windows Server 2008 R2, please also try the following:
A hotfix is available to enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008 R2
http://support.microsoft.com/kb/2619234
Thanks.
Nicholas Li
TechNet Community Support

MAC Floods ISP with TCP ports and is shutdown when count reaches 200

I was told by ISP provider that my MAC floods them with massive amount of TCP ports when I open a single Safari or FireFox web page. When I am NOT connected, the TCP port count is ABOUT 3 with a Windows XP using a IE connection to APPLE.com PLUS AN SSL CONNECTION. When I open the same web page ON MY MAC, the count INSTANTLY jumps to 70+ and if I connect to another page it jumps to well over 100. If I leave pages open and jump to several different sites, I soon exceed the MAX TCP port limit of 200 and everyone on our home network is pretty much shutdown. Since it is a wireless connection to the ISP, the have to limit TCP ports to 200 per antenna connection. WHY DOES MY MAC USE SO MANY TCP PORTS FOR A SINGLE BROWSER CONNECTION?
The home network uses LinkSys WRT54G router and WAP54G configured as Wireless Repeater. Windows does not have this problem. I do not have this problem anywhere else but on this wireless ISP connection. How do I remedy this problem?

Here is a trap of opening a browser page:
1. sudo tcpdump –pv tcp
clayton-arndts-computer-2:~ claytonarndt$ sudo tcpdump –pv tcp
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: illegal token: –
clayton-arndts-computer-2:~ claytonarndt$
2.
lsof -i
clayton-arndts-computer-2:~ claytonarndt$ lsof -i
COMMAND&nbs p; PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ARDAgent 2395 claytonarndt 17u IPv4 0x29bc0f0 0t0 UDP *:net-assistant
AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt&nbs p; 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 39u IPv4 0x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->a204-245-162-26.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:5 4188->a204-245-162-25.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
firefox-b 3645 claytonarndt 51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->a204-245-162-33.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 5 5u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->a204-245-162-19.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISH ED)
firefox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
firefox-b 3645 claytonarndt 76u IPv4 0x4aa0a68 0t0 TCP 192.168.1.113:54215->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->a204-245-162-17.deploy.akamaitechnologies.com:http (ESTABLISHED)
SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t 0 TCP 192.168.1.113:53904->spas.slingmedia.com:http (CLOSED)
SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
clayton-arndts-computer-2:~ claytonarndt$
3.
lsof -i -n
clayton-arndts-computer-2:~ claytonarndt$ lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ARDAgent 2395 claytonarndt 17u IPv4 0x29bc
0f0 0t0 UDP *:net-assistant
AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->204.245.162.11:http (ESTABLISHED)
firefox-b 3645 claytonarndt 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->204.245.162.11:http (ESTABLISHED)
firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->64.12.230.1:http (ESTABLISHED)
firefox-b 3645 claytonarndt 39u IPv4 0
x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->204.245.162.26:http (ESTABLISHED)
firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:54188->204.245.162.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
firefox-b 3645 claytonarndt
51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->204.245.162.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 55u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->204.245.162.19:http (ESTABLISHED)
firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISHED)
fir
efox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->204.245.162.17:http (ESTABLISHED)
SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t0 TCP 192.168.1.113:53904->157.22.2.7:http (CLOSED)
SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
clayton-arndts-computer-2:~=2
0claytonarndt$
The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!
The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!

Dmesg flood "hub 2-1:1.0: port 6 nyet suspended"

Hi,
I've been using Arch for a while now and I'm quite pleased with the distribution. However I have a problem and I couldn't find why it was happening using Google, so I'm hoping someone here could help. If I check dmesg I see this :
hub 2-1:1.0: port 6 nyet suspended
every single second. I've narrowed it down to gnome-settings daemon on login doing something to pci bus 0000:00:1d.0 . I could stop the flood by unbinding it and binding it again to the driver ehci_hcd, but that messes up my power savings in rc.local.
Another extremely irritating issue, that seems to be related, is that hwclock is unable to keep the correct time when the flood occurs. I have noticed weird time jumps, but when I used the computer for a couple days with the crude fix and on hibernation the time was correct.
I'd appreciate if someone could help on solving the problem.

Hi,
I've been using Arch for a while now and I'm quite pleased with the distribution. However I have a problem and I couldn't find why it was happening using Google, so I'm hoping someone here could help. If I check dmesg I see this :
hub 2-1:1.0: port 6 nyet suspended
every single second. I've narrowed it down to gnome-settings daemon on login doing something to pci bus 0000:00:1d.0 . I could stop the flood by unbinding it and binding it again to the driver ehci_hcd, but that messes up my power savings in rc.local.
Another extremely irritating issue, that seems to be related, is that hwclock is unable to keep the correct time when the flood occurs. I have noticed weird time jumps, but when I used the computer for a couple days with the crude fix and on hibernation the time was correct.
I'd appreciate if someone could help on solving the problem.

CSCur53506 - broadcast flood when allowed vlan add/remove on protected port

Does not this Bug occur in IOS 15.XX ?

Thanks for the reply - yes I did save it. All the other ports have the command. But when the phone boots up - it ends up disappearing after the above occurs:
When the phone boots up - it seems to encounter a broadcast storm (???) the port goes from this:
interface gigabitethernet36
switchport trunk allowed vlan add 10
to this:
interface gigabitethernet36
storm-control broadcast enable
storm-control broadcast level 10
storm-control include-multicast
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
switchport trunk allowed vlan add 10
macro description ip_phone
!next command is internal.
macro auto smartport dynamic_type ip_phone
Then in a minute or two I'm no longer able to ping the voicelan - and when I do a show run - gi36 isn't even visible. However, the PC that is also on gi36 works fine.
If I then reissue the 'switchport trunk allowed vlan add 10' to gi36 - the phone is pingable - and works continuously until the phone is rebooted.
So I'm not really sure what happens during the bootup that causes this to happen, or a way to try and prevent it from occuring.

Possible SYN flooding on port 443. Sending cookies.

I have an older mobility server. 221 users. Version 1.2.4 build 966. Its on SLES 11 sp1. Also a bit dated. Early in the morning Saturday the server...

I have a working GroupWise Mobility service, but recently had to change
the SSL certificate, because the validity of the previous expired....

Using M1 and F1 ports in OTV set up

I am building a typical OTV architecture (on a stick, not inline) on Nexus 7000s; the join and internal interfaces in my OTV VDC are using M1 card ports. Can the other end of those links -- i.e. the interfaces in my Agg VDC -- use ports on my F1 card? Or do both ends of the internal and join links (all 4 ports) need to be on my M1 card? Asking because my M1 card is full at present.

Hi,
What is your nexus version ?? , below version 6.0 don't support on F1 module . 6.2 version supports on F1 module .
Version 6.2
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/release/notes/62_nx-os_release_note.html#31296
OTV
The following Overlay Transport Virtualization (OTV) features are available in Release 6.2(2):
The VLAN translation feature allows you to connect applications that reside in separate Layer 2 domains between data centers.
Selective unknown Unicast flooding is a per MAC address configuration that allows OTV to flood across the DCI for the specified MAC address. This feature is particularly helpful for applications that go silent and timeout from the ARP tables.
Dedicated broadcast group allows you to configure a separate multicast address for broadcast traffic. This feature is useful for organizations that need separate QoS policies for broadcast traffic.
OTV has built-in BFD support that does not require any additional configuration on the OTV side, which helps with any reconvergence that OTV might have to handle.
The scale of OTV and how fast it converges are improved in this release.
F1 Series and F2e Series modules can be used as internal interfaces with the OTV VDC.
Version 6.0
Q. What modules of the Cisco Nexus 7000 Series will support OTV?
A. OTV is supported on all M-series modules. OTV is not supported on F1-series modules. Deployments using F1 series can leverage VDC separation to achieve the desired combination of line cards and functionality.
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/qa_c67-574969.html
OTV Hardware Support and Licensing Information
The only Cisco platform supporting OTV functionality at this time is the Nexus 7000. Figure 1-37 shows all existing M1 linecards OTV fully supports.
Figure 1-37 M1 Linecards Supporting OTV
Full support essentially means that both Join and internal interfaces can be configured on one of the M1 modules mentioned. OTV on F1 modules is not supported on NX-OS releases shipping at the time of writing of this document (5.2 and 6.0 releases) and will be introduced in a future software release but restricted only to internal interfaces (an M1 linecard will always be required on the OTV edge device to source the OTV encapsulated traffic out of the Join interface).
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_Intro/DCI_1.html#wp1186106
HTH
Sandy.

UDP FLOODING and NON-FUNCTIONAL INBOUND LOG

Hello,
I have been using Linksys Routers since 1998, IIRC. I just bought a new "Cisco" (LINKSYS) E1200 and
the INBOUND log does not work, even after activation the log function in the "Administration" area. The
OUTBOUND log works.
Also, my desktop workstation (a Dell T3500 running XP SP3) is being flooded with inbound UDP on
port 1900, which is usually used for Universal Pllug and Play.
HOWEVER, I have all of that that can be disabled, disabled. The router works fine as a DHCP server
but I do have the problems described. It even allows ICMP through sometimes as well as NetBios
name requests on incoming UDP port 137. Netbios is deactivatived on my computer on port 139
as well a SMB on TCP port 445 (via a registry configuration). Nothing is listening on any ports except
TCP port 44334. (that's my software firewall).
I know the inbound log is not working because I have had my ports scanned and nothing shows up
in the inbound log, TCP or UDP or ICMP. I know the outboung log (which is very small) works because
I see the IP addresses in the outbound log. (please see the attachment)
How do I fix the problems?

That router has been out a long time now, since 2011 I think. As a home router it works pretty well for the basic stuff but it seems to me that all the "home" routers are a little hit or miss on how they handle more specific things like what you are taking about. I would see if it has the latest firmware installed on it. That may possibly clear up some of it. If not you may want to contact linksyscares and see if they can help you. I wish cisco was still building these but since they sold this line to Belkin the quality seems to have suffered in my opinion. Hopefully it will improve over time

RV042 Port forwarding stops working when Firewall is enabled

Hey all,
I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows:
HTTP[TCP/80~80]->10.0.0.6
HTTPS[TCP/443~443]->10.0.0.6
IMAP[TCP/143~143]->10.0.0.5
IMAP SSL[TCP/993~993]->10.0.0.5
SMTP SSL[TCP/587~587]->10.0.0.5
Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out.
Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
Do you know anything I could try?
Best regards,
Theo
EDIT:
Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.

Hi Theo, if you want to over ride the default state table, you need to first make firewall rules to block all access then make your permission rules.
Such an example would be-
Action Deny
Service All
Source interface WAN
Source IP any
Destination IP any
Save
Action Permit
Service RDP
Source interface WAN
Source IP -xx.xx.xx.xx
Destination IP - xx.xx.xx.xx
Save
As for your concern about the syn flood, it can be a likely cause of your problems. Does the logging facility of the router give any indications?
-Tom
Please mark answered for helpful posts

Issue with SPA525g registation and FXO port call calls are not disconnecting properly

Hi,
I have a UC540 and updated it to the latest IOS version with the latest firmware to my phones and i am having registration problems with SPA525g IP Phones. I updated the firmware of the phones as well and create manual tftp bindings with but still it is not registering. I run a couple of debugs (debug tftp events and debug ephone registration) I can see from the logs and in the phone that it is taking the proper VLAN and being discovered via CDP and being pointed to the TFTP server and still wont register. I can see that it is also taking its own .cnf file properly then the output sccp token regected invalid devices error is shown I have a SPA502G and it is working fine. Also there is a previous issue that all the voice port are shown as engage or offhook even the calls are disconnected thus make the main PSTN number busy am based in UAE and our service provider is etisalat I have check with them about the proper disconnection values but still it the same. That's why I have arrived in the conclusion to just update everything including the IOS and the phones firmware. I have put my config in this post, I am also trying to take the CCNA Voice exam on the 2nd week of april and I think that if i don't know how fix this issue for our customer then I would probably fail that exam. any suggestion and help is greatly appreciated cisco experts.
! Last configuration change at 13:36:42 ZP4 Thu Sep 13 2012 by Nick
! NVRAM config last updated at 13:45:41 ZP4 Thu Sep 13 2012 by Nick
version 15.1
parser config cache interface
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service compress-config
service sequence-numbers
hostname UC540
boot-start-marker
boot system flash:uc500-advipservicesk9-mz.151-2.T4
boot-end-marker
logging buffered 64000
enable secret 5 $1$3CIf$.rXyHeJQrwd97X/f2dS0M1
no aaa new-model
clock timezone ZP4 4 0
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3558175224
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3558175224
revocation-check none
crypto pki certificate chain TP-self-signed-3558175224
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
dot11 syslog
dot11 ssid cisco-data
vlan 1
authentication open
dot11 ssid cisco-voice
vlan 100
authentication open
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.3.1 10.1.3.10
ip dhcp pool phone
   network 10.1.3.0 255.255.255.0
   default-router 10.1.3.1
   option 150 ip 10.1.3.1
ip name-server 213.42.20.20
ip name-server 195.229.241.222
ip inspect WAAS flush-timeout 10
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
stcapp supplementary-services
port 0/0/0
fallback-dn 301
port 0/0/1
fallback-dn 302
port 0/0/2
fallback-dn 303
port 0/0/3
fallback-dn 304
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme longest-idle
translation-profile outgoing PROFILE_ALL_FXO
trunk group ALL_FX0
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
no update-callerid
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
voice class dualtone-detect-params 1
freq-max-deviation 50
freq-max-power 0
freq-min-power 13
freq-power-twist 4
cadence-variation 6
voice class custom-cptone UAE-CUSTOM
dualtone disconnect
frequency 406
cadence 398 344 237 527 400
voice class custom-cptone CCAjointone
dualtone conference
frequency 600 900
cadence 300 150 300 100 300 50
voice class custom-cptone CCAleavetone
dualtone conference
frequency 400 800
cadence 400 50 200 50 200 50
voice class cause-code 1
no-circuit
voice register global
voice hunt-group 1 parallel
list 301,302,303
timeout 24
pilot 511
voice translation-rule 4
rule 15 // //
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1111
voice translation-rule 1112
rule 1 /^9/ //
rule 3 /^0/ //
voice translation-rule 2222
voice translation-rule 3265
rule 1 /$^..........$$/ /9\1/
rule 2 /$^.........$$/ /9\1/
rule 15 /$^ABCD$$/ /ABCD\1/
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile INCOMING_CallerID_PROFILE
translate calling 3265
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PROFILE_ALL_FXO
translate calling 4
voice translation-profile nondialable
translate called 1000
voice-card 0
dspfarm
dsp services dspfarm
license udi pid UC540W-FXO-K9 sn FHK143074G6
archive
log config
logging enable
logging size 600
hidekeys
username cisco privilege 15 secret 5 $1$vjNa$OFKLhupqR8al6x2b8Xmcj/
username adminac privilege 15 secret 5 $1$NDC.$PtD0y4YGIj5SqI1gghxWE1
username Nick privilege 15 secret 5 $1$iAmL$tsg7Jf2TEND1NN.h8z2dy/
ip tftp source-interface Loopback0
bridge irb
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 192.168.101.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/1
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport access vlan 20
spanning-tree portfast
interface FastEthernet0/1/8
switchport access vlan 100
macro description cisco-switch
interface Dot11Radio0/5/0
no ip address
shutdown
ssid cisco-data
ssid cisco-voice
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0/5/0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan20
ip address 10.10.10.1 255.255.255.0
interface Vlan100
no ip address
bridge-group 100
bridge-group 100 spanning-disabled
interface BVI1
description $FW_INSIDE$
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
interface BVI100
description $FW_INSIDE$
ip address 10.1.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.101.1
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
logging esm config
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.3.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 192.168.10.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 10.1.3.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.3.0 0.0.0.255 eq 2000 any
access-list 101 deny   ip 10.1.3.0 0.0.0.255 any
access-list 101 deny   ip 192.168.10.0 0.0.0.255 any
access-list 101 deny   ip 192.168.101.0 0.0.0.3 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 10.1.10.0 0.0.0.3 any
access-list 102 deny   ip 10.1.3.0 0.0.0.255 any
access-list 102 deny   ip 192.168.101.0 0.0.0.3 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 102 permit ip 192.168.101.0 0.0.0.3 any
access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 deny   ip 10.1.10.0 0.0.0.3 any
access-list 103 deny   ip 192.168.10.0 0.0.0.255 any
access-list 103 deny   ip 192.168.101.0 0.0.0.3 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 105 permit ip any any
snmp-server community public RO
tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
tftp-server flash:/phones/5x5/spa5x5-7-1-3c.bin alias spa5x5-7-1-3c.bin
tftp-server flash:/phones/525/spa525g-7-4-8.bin alias spa525g-7-4-8.bin
control-plane
bridge 1 route ip
bridge 100 route ip
voice-port 0/0/0
cptone GB
station-id name Cordless
station-id number 329
caller-id enable
voice-port 0/0/1
cptone AE
caller-id enable
voice-port 0/0/2
cptone AE
caller-id enable
voice-port 0/0/3
cptone AE
caller-id enable
voice-port 0/1/0
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4FXO-0/1/0-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/1/1
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4 FXO-0/1/1-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/1/2
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
supervisory dualtone-detect-params 1
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4 FXO-0/1/2-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/1/3
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4 FXO-0/1/3-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Loopback0
sccp ccm 10.1.3.1 identifier 1 version 4.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register confprof1
dspfarm profile 1 conference
description DO NOT MODIFY, active CCA conference profile - CCA2.0 codec729
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 2
associate application SCCP
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
port 0/0/0
no sip-register
dial-peer voice 2 pots
port 0/0/1
no sip-register
dial-peer voice 3 pots
port 0/0/2
no sip-register
dial-peer voice 4 pots
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/1
dial-peer voice 52 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/2
dial-peer voice 53 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/3
dial-peer voice 54 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/1/0
no sip-register
dial-peer voice 55 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/1/1
no sip-register
dial-peer voice 56 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/1/2
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
destination-pattern 388
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 6 pots
description "catch all dial peer for BRI/PRI"
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 57 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/1/3
no sip-register
dial-peer voice 69 pots
destination-pattern 329
port 0/0/0
dial-peer voice 300 pots
trunkgroup ALL_FX0
description Local Numbers
destination-pattern 9T
forward-digits 9
dial-peer voice 301 voip
destination-pattern 2..
session target ipv4:192.168.201.2
dial-peer voice 303 pots
trunkgroup ALL_FXO
trunkgroup ALL_FX0
description **InternationalCall**
destination-pattern 88T
dial-peer voice 304 pots
trunkgroup ALL_FX0
description *EM1*
destination-pattern 9[1-9]T
forward-digits 3
dial-peer voice 302 pots
trunkgroup ALL_FX0
description **Mobiles**
destination-pattern 9.[0-9].[0-9]......
dial-peer voice 305 pots
trunkgroup ALL_FX0
description **800-**
destination-pattern 9[0-9][0-9][0-9]T
no dial-peer outbound status-check pots
telephony-service
sdspfarm conference mute-on 111 mute-off 222
sdspfarm units 5
sdspfarm tag 1 confprof1
conference hardware
video
fxo hook-flash
max-ephones 40
max-dn 300
ip source-address 10.1.3.1 port 2000
max-redirect 20
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone webAccess 0
service dnis overlay
service dnis dir-lookup
timeouts interdigit 5
system message American Center
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.2/CCMCIP/authenticate.asp
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-4-8
load 501G spa5x5-7-1-3c
load 502G spa5x5-7-1-3c
load 504G spa5x5-7-1-3c
load 508G spa5x5-7-1-3c
load 509G spa5x5-7-1-3c
time-zone 35
date-format dd-mm-yy
voicemail 388
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
hunt-group logout HLog
moh MOH2.wav
multicast moh 239.10.16.16 port 2000
web admin system name cisco secret 5 $1$iDgA$MKNi2RWfsO0KjuC82kgLJ1
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
secondary-dialtone 9
fac standard
create cnf-files version-stamp 7960 Aug 29 2012 12:00:04
line con 0
privilege level 15
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input all
line vty 5 100
login local
transport input all
ntp master
end
Some of the output are not shown becaus it is to long I have attach the whole config for reference and any advice on how could I optimize and resolve my issues is greatly appreciated. Thanks

Nicolo - First off this stuff gets crazy sometimes. No worries about the exam. Sometimes when FXO ports go crazy it is due to battery reversal. If you go to the FXO port settings try turning battery reversal on and or off... depending on its current setting. See if that helps.
As for the 525s not registering.. These are inside the network correct? Are you connecting one directly to the UC500 with a Cat5E or Cat6 patch cable and the same thing happens? Does the MAC address on the phone match a MAC address under the EPHONE settings?
If you telnet into the UC500 can you execute a "dir" command at the CLI prompt and "CD" (change directory) into the phones folder and then the spa525g folder? Do files exist in there?
Also I only see an IP address under BVI100? This is the voice side of things what happened to the IP address under BVI1 (Data VLAN). Can you give us some information about the internal network? Cna you PING this phone system from the network? What IP address does it have?

Help with connecting to NIST NTP server on port 123

I can get NIST time in Daytime format using the rt_nist_date_time.llb example posted on ni.com, but I cannot connect to NIST NTP format time data using port 123. I freely admit to being over my head with this stuff, and have spent much of this Thanksgiving holiday reading about UDP and TCP.
The attached vi summarizes what I've tried so far. The UDP case is what I thought would work, but I can't come up with a network address that the UDP-open vi likes. Can anyone out there help this n00b tell the time?
The attached file is supposed to be in 8.0 format, although I'm working in 9.0
Here is a link discussing the time formats: http://tf.nist.gov/service/its.htm
Jeff
Solved!
Go to Solution.
Attachments:
UDP.vi ‏17 KB

jstevens wrote:
THANK YOU!!! I don't think I ever would have come up with connecting the web address to a Read or Write UDP rather than the Open UDP block. Not to mention starting by opening port zero.
Unlike TCP, UDP is a connectionless protocol. Here's a quick explanation in different words.
A udp packet travels from a [sourceIP, sourcePort] to a [DestinationIP, destinationPort].
UDP open basically reserves a local port used for sending (soucePort) and receiving (incoming packet with that same destinationPort). Since some local ports are always in use, you would generate an error if you would accidentally pick a used port. Picking zero is useful for requests (as in this case!), because the OS will pick an unused ephemeral port. The actual source port number does not matter because the NTP server will just send the reply packet back to whatever port it came from. (If you would write your own NTP server in LabVIEW, you would of course need to set the local port to 123, and would get a conflict if another NTP server is already running on your rig). Writing an NTP server in LabVIEW would be a trivial modification to the current code, try it! . Simply listen for packets on port 123, form a response packet based on the timestamp, and send it to whatever IP/Port it came from (that info is available from udp read) and then go back to listen for new requests.).
UDP write sends a packet to the server using the above opened local port as source port. You can use the same connectionID to write to several other servers and ports, because UDP is connectionless. (TCP is connection based, so a TCP connection involves a defined source/destination pair)
UDP read listens for incoming packets from all over the world at that same local port. It is very unlikely, but theoretically possible that other UDP packets will arrive at that same port, so you could even filter to make sure to read incoming packets until they match the port and IP of the original request. The current code is somewhat vulnerable to a DOS (denial of service) attack for example as follows: Imagine the guy in the next cubicle had means of sniffing your network traffic. He could write a small program that looks for your NTP requests and then immediately starts flooding your IP with meaningless UDP packets to the sourcePort you just used. The current program only reads one packet and thus will never see the return packet from the NTP server.
UDP close frees up the local port and the computer is now no longer listening for packets on that port. Of course you could keep the port open for the duration of the program, especially if you intend to send UDP request once in a while during execution.
Makes sense?
LabVIEW Champion . Do more with less code and in less time .

Interfaces in port-channel keep err-disabling because of keepalives

Below is the current portchannel that I am having problems with. The interfaces on Switch A keep going into an error disabled state because they receive their own loopback. Cisco says to disable keepalives and that it will fix the problem, but I do not like the idea of disabling keepalives. Has anyone found a solution other than disabling keepalives? Notice that ios's are different, but am not convinced that this is the issue. Also one is PoE and the other isn't. Lastly, i found this article "Keepalives are sent on all interfaces by default in Cisco IOS Software Release 12.1EA-based software. In Cisco IOS Software Release 12.2SE-based software and later, keepalives are not sent by default on fiber and uplink interfaces". I would think trunked interfaces in a port-channel would be uplink interfaces and if this is true, it should be sending out keepalives anyway since i am running the 12.2SE based ios. Thanks for whatever input you may have.
Switch A
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
System image file is "flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9-mz.122-55.SE3.bin"
cisco WS-C3750X-48P
Port-channels in the group:
Port-channel: Po52
Age of the Port-channel   = 219d:04h:32m:49s
Logical slot/port   = 10/39          Number of ports = 4
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    -
Port security       = Disabled
Ports in the Port-channel:
Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
0     00     Gi1/0/35 On                 0
0     00     Gi1/0/36 On                 0
0     00     Gi2/0/45 On                 0
0     00     Gi2/0/46 On                 0
%ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/35.
%PM-4-ERR_DISABLE: loopback error detected on Gi1/0/35, putting Gi1/0/35 in err-disable state
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel39, changed state to down
%LINK-3-UPDOWN: Interface Port-channel39, changed state to down
Switch B
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
System image file is "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"
cisco WS-C3750X-48
Port-channels in the group:
Port-channel: Po52
Age of the Port-channel   = 443d:18h:43m:06s
Logical slot/port   = 10/39          Number of ports = 4
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    -
Port security       = Disabled
Ports in the Port-channel:
Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
0     00     Gi1/0/35 On                 0
0     00     Gi1/0/36 On                 0
0     00     Gi1/0/45 On                 0
0     00     Gi1/0/46 On                 0

PER CISCO
Symptom:
An interface on a Catalyst switch is errordisabled after detecting a loopback.
Mar 7 03:20:40: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on
GigabitEthernet0/2. The port is forced to linkdown.
Mar 7 03:20:42: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state
to administratively down
Mar 7 03:20:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/2, changed state to down
Conditions:
This might be seen on a Catalyst 2940, 2950, 2950-LRE, 2955, 2970, 3550, 3560
or 3750 switch running 12.1EA or 12.2SE based code.
Workaround:
Disable keepalives by using the no keepalive interface command. This
will prevent the port from being errdisabled, but it does not resolve the root
cause of the problem. Please see section below for more information.
Additional Information:
The problem occurs because the keepalive packet is looped back to the port that
sent the keepalive. There is a loop in the network. Although disabling the
keepalive will prevent the interface from being errdisabled, it will not remove
the loop.
The problem is aggravated if there are a large number of Topology Change
Notifications on the network. When a switch receives a BPDU with the Topology
Change bit set, the switch will fast age the MAC Address table. When this
happens, the number of flooded packets increases because the MAC Address table
is empty.

Port 6794 Flood

Similar Messages

Maybe you are looking for