Static ARP on 5508
Is there a way to add a static ARP entry onto the 5508 wireless controller? I am having trouble with wireless hosts accessing a server even though they are all on the same subnet. Every other host can reach the server except for the wireless hosts on the 5508. Network Load Balancing is being used for the server and a static arp entry is on our core switch. This fixed all of the other hosts but the wireless hosts are still having issues.
I have searched an am unable to find a way to add a static arp entry on the 5508. When I look in the arp table on the 5508 the server is not listed. Wireless hosts can communicate with every other host on the subnet. This server with Network Load Balancing configured is the only exception.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006558
We are running 7.0.230.0
Any help would be appreciated. Thank you.
If anyone else has this issue, here was the fix.
If the wireless clients and server are on the same subnet you just need to enable multicast on the WLC.
Here is the link that shows how to enable multicast on the WLC.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc10d.shtml
You just need to access the GUI of the WLC, then click on Controller, Multicast, Enable Multicast enter a multicast group and Enable broadcast forwarding.
The multicast group address is an IPv4 multicast group and is recommended to be in the 239.x.x.x-239.255.255.255 range which is scoped for private multicast applications.
Do not use the 224.x.x.x, 239.0.0.x or the 239.128.0.x address ranges for the multicast group address. Addresses in these ranges overlap
with the link local MAC addresses and flood all switch ports, even with IGMP snooping enabled.
Similar Messages
-
Configuring static arp in nexus
Hello every one.
Can anybody help me with the correct commands that are use in cisco nexus 5000 for static arp?
We try:
arp 10.88.2.19 03bf.0a58.0213
we got an error on it.
Thank you for your helphello
Static arp for NLB multicast mac - See here. Cisco Nexus 5000 NX-OS Software Rel 5.0(3)N1(1)
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/unicast/5_0_3_N1_1/l3_ip.html#wp1184542
HTH
Eugene. -
Wrt54g version 3 static arp help?
First off hello all i have a PS3 and its set up to automatically turn on with remote play.
As some of you may know the 54G is one of the routers that makes the PS3 turn on without remote play being active.
after some searching it seems its tied to ARP and other people have been successful assigning a static ARP to the address on the PS3 ( PS3 outside of DNS range)
The only thing is a wasnt able to track down a way to do it with the linksys. I was advised on one forum to use telnet but when i type /telnet 192.168.1.1 i get a message
connecting to 192.168.1.1...could not open connection to the host, in port 23: connect failed
im running linksys firmware 4.21.1 and my WRT54G is connected by ethernet to the router.
im sure this question seems silly to some and i apologize. i tried searching around the web and couldnt seem a way to set this up.
any help is greatly appreciated. hoping i do not need to buy a new router
Best Wishes Adam
Message Edited by addertay on 03-19-2008 08:49 AMyou did not list your router model # & and guessing your laptop has a internal NIC. If everything worked fine b4, I'm assuming something just got hosed up. I would power down your laptop, gaming devices, & anything else you have connected/ using the router. I would then reset the router. Most models have a button you depress for a FULL 10-15 seconds. Then power up your laptop & test your connection. If all is well, set your security functions, etc. Then connect the rest of your equipment.
Good luck & let us know how it turns out or if we can assist further. -
ACE How can we do a static arp to multicast mac address?
I have a architecture that uses ACE to do Firewall Load Balancing. I need to add a static map of a VIP IP to a multicast mac address (Microsoft servers with NLB in multicast mode). The ACE does not accept multicast mac address in the static arp statement, anybody knows why? Is there any other way to do that?
Regards,
Artur PintoHi,
The ACE doesn't support multicast MAC addresses. This is a limitation impose by the hardware used on the boards. Syed has previously proposed a workaround at https://supportforums.cisco.com/message/464174#464174 . I don't know if that will be applicable in your case.
HTH
Cathy -
Static ARP entry command no worky with vlan
Anyone know why this happens? I'm trying to enter a static arp entry and assign it to a specific vlan, for example:
arp 192.168.200.1 aaaa.bbbb.cccc arpa vlan 15
% Invalid input detected at '^' marker
When this is entered it errors out and marks the word vlan like it is invalid, though it is a valid option when inching forward using the ? help character. I tried multiple iterations and the only other response I get is if I enter vlan 1. To that the router responds with:
Bad ARP command - Interface may only be specified when bridging IP
Is one to assume that the vlan need not be specified? I opted to enter the vlan only for uniformity, but then when it behaved strangely I became curious. I wonder in what scenario adding the vlan to an arp entry would be valid and acceptable.
Thanks, MikeHello,
What you experienced is the normal behavior. The L3 device does not allow
you to specify the interface when you are operating in routed mode. Based on
the address you have configured, it will automatically allocate the static
ARP entry to appropriate interface. If you have entered an IP that does not
belong to any subnet, then all interfaces will consider that ARP entry. Only
if you configure two interfaces in bridge mode (like in the case of PPPoE
scenarios), then you can specify the interface ID.
Hope this helps.
Regards,
NT -
Static Arp Entry for Exchange 2010
Hello All,
I was hoping someone could assist with an issue that our Exchange team are having, specifically with replication traffic traversing our DC to DR site.
The infrastructure consists of a Layer 3 data centre and a disaster recovery site, so essentially its a live/backup environment. Both the DC and DR site are connected with a LES using routed interfaces.
The Exchange cluster at the DC is associated with the following subnets:
MAPI - 10.1.30.X
Replication: 10.1.230.X
DR site has the following subnets associated with the exhange cluster :
MAPI - 192.168.4.X
Replication - 192.168.230.X
When an attempt is made to create a database/mailbox on an exchange server at the DC and copy it using the replication subnet source: 10.1.230.X to destination subnet: 192.168.230.X, the copy process fails.
Replication traffic in general going from DC to DR or vice-versa is subject to constant problems and seems unreliable. Our exchange team have to manually copy mailboxes from one cluster to the other using Windows explorer which works fine.
The Exchange cluster at both sites reside within a VMWare ESX enclosure and connect to Cisco 6500 switches. Would the Cisco switches require a static arp entry for their respective Exchange clusters, which should be configured on each switch? If this was missing could this be the root cause of the replication problems we're experiencing? Or does this depend on whether the exchange cluster is using NLB Unicast or Multicast mode?
Any assistance would be most appreciated.
Regards,
JamieJamie,
Have a look at this link:-
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
It depends on how the team NLB is set up.
You may need static mac & static arp as well as disabling igmp snooping if multicasting is bein used.
Regards,
Alex.
Please rate useful posts. -
Hi
I'm aware of, and experiencing the problem with my arp table being poisoned. I'm working on updating the Broadcom drivers but in the meantime need to set some static entries in arp. My setup has the global zone configured on e1000g0, with a second interface e1000g1 used by a non-global-zone, alll interfaces are shared. The global zone has no ip and neither is it up on e1000g1, only plumbed. My point being this, when I create a static arp entry for my the non-global-zones default gateway, which can only be done in the global zone, it is assigned to the e1000g0 device. There is a learnt entry for the same gateway (same ip) but on the e1000g1 interface. Ideally I want the learnt entry removed and the static entry assigned to the e1000g1 interface.
Is this possible, and if not am I worrying about a problem that doesn't exist. My fear is that the non-global-zone only being aware of the e1000g1 device will only use the learnt arp entry which is in danger of changing.
If any of this made sense, please can you advise whether there is a potential problem and if it can be rectified.
Thanks813137 wrote:
Hi
I'm aware of, and experiencing the problem with my arp table being poisoned. I'm working on updating the Broadcom drivers but in the meantime need to set some static entries in arp. My setup has the global zone configured on e1000g0, with a second interface e1000g1 used by a non-global-zone, alll interfaces are shared. The global zone has no ip and neither is it up on e1000g1, only plumbed. My point being this, when I create a static arp entry for my the non-global-zones default gateway, which can only be done in the global zone, it is assigned to the e1000g0 device. There is a learnt entry for the same gateway (same ip) but on the e1000g1 interface. Ideally I want the learnt entry removed and the static entry assigned to the e1000g1 interface.
Is this possible, and if not am I worrying about a problem that doesn't exist. My fear is that the non-global-zone only being aware of the e1000g1 device will only use the learnt arp entry which is in danger of changing.
If any of this made sense, please can you advise whether there is a potential problem and if it can be rectified.Unless your global zone gets an address on the same subnet as the NGZ for e1000g1, it can't add
a static arp entry in the shared IP configuration..
OTOH, you can do this with exclusive IP zones, which is really a much cleaner config/administrative model.
I'd suggest: set up the NGZ as ip-type exclusive, assign it e1000g1, and let the NGZ itself add the static arp entry
--Sowmini -
Windows Load Balance Service - Static ARP
Hi,
We have a problem with WLBS. We have 2 windows 2000 servers connected to an Access layer 2950 switch. In the distribution layer we have 2 6509 with redundant MSFCs. The WLBS is configured in Multicast Mode
The problem in that when we put a static ARP entry on both MSFCs for virtual WLBS IP and WLBS MAC address, the processor utilization reaches to 80-95% of MSFC. Once we try to ping the mapped Unicast IP address, it partially times out and the switches responds poorly.
(arp ?Load Balance virtual-ip-address? ?Load Balance MAC address? arpa)
Any idea?
Thanking You,Despite the problems you have been experiencing with the processor utilization, I agree with your choice going for the multicast mode.
The principle of the WLBS is that both (all?) the physical servers must see all the packets that are destined for the cluster. The individual servers then decide between themselves which frames to process and which to leave for the other guy. It can do this in multicast mode or in unicast mode.
In unicast mode, the servers respond to an ARP from the client (or router) with a virtual unicast MAC address. The client uses that address to send frames to the cluster. So why do they not get filtered by the switches in the normal way? The anwser is that the servers do not use that MAC address as source for their frames, but use their own addresses. The switches therefore never see frames sourced from the virtual MAC address, and so flood them throughout the VLAN. If you have a big VLAN, then that can cause scalability issues.
Now for multicast mode: when the client (or router) ARPs for the service address, the servers reply with a multicast MAC address. The clients (or router) then send their frames with that address as destination. The propagation though the VLAN is therefore controlled by IGMP snooping. Incidentally, some routers - including I presume the MSFC - will not believe an ARP response that gives a multicast MAC address. In my case, I had to configure the static ARP entry - IP to multicast MAC - in the router to make it work at all.
There is one other thing to say about the mutlicast scheme: the heartbeat between the servers is sent on the same multicast MAC address,but is not an IP etype, and is therefore not limited by IGMP snooping. It will be flooded to the entire VLAN. Look out for frames with etype 0x886F.
So, why are you having problems with the multicast scheme? My guess is that you have IGMP snooping, but AFAIK the 2950 supports IGMP snooping only in software rather than on the ASIC. You could switch off the IGMP snooping - that would relieve your processor, but would flood all you WLBS traffic.
I can suggest some possible aproaches to this problem:
1. Put up with the increased processor load.
2. Change your switches to something that supports IGMP snooping in hardware, or connect the WLBS servers only to switches that support this.
3. Use the unicast scheme, put your WLBS on a dedicated VLAN, and allow it to flood.
4. Use the unicast scheme and put CAM entries in all your switches for the virtual unicast address, with egress ports towards the WLBS servers.
Let me know how you solve this one, because I have the problem too, except that my servers are connected to switches that either support IGMP snooping in hardware, or do CGMP.
Kevin Dorrell
Luxembourg -
Telstra Update to my Modem has deleted Static ARP table
The latest automatic update to my Telstra Technicolor modem has caused my Static ARP table to be deleted. Furthermore, the update seems to have removed the ability to TELNET into the modem via command line, so I simply cannot re-create the static ARP table. I had previously mapped my home server's IP address to its MAC address through a static ARP entry. Doing so allowed me to remotely wake up my server when outside of my home network (Wake-On-LAN). Because of the aforementioned update to the modem, having deleted the static ARP table and removed my ability to log-in to it via Telnet - I can no longer remotely wake up my server. Pretty annoyed with Telstra right now. Waking my server from outside my home was something I would do almost daily in support of my business (details irrelevant).
Thanks. That is my back-up plan. I was hoping to avoid making an unnecessary purchase, plus the annoyance of then setting-up up my new modem with all my specific network configuration. Like I said, yesterday all was fine. Today, thanks to Telstra's update, I don't have the functionality I had previously and I am now facing the reality of having to fork out my hard-earned money to overcome this Telstra-initiated limitation.
-
[Solved] Static ARP table?
Hi.
I was just thinking - is there some way to create static ARP table for my system? It would help me get rid of ARP Spoofing attack vulnerability, wouldn't it?
Cheers.
Last edited by lateralus (2008-11-28 07:45:46)Hi Multimedia, and Welcome to Arch Linux
Be sure to check the dates on threads. I hope that lateralus is not still looking for an answer six years later.
But, your post is relevant, so you did not run afoul of this
But, I am going to close this thread. -
Static ARP Entry telnet command - techies take a look pls!!
Hello Seniors,
What is the TYPICAL telnet commpand for binding a MAC address to an IP (aka Static ARP entry) on most Linksys routers? I don't have GUI for this within the FW so telnet is the hope.
I am making question quite simple with ahope the story behind is not quite necessary to desist the thread from going astray
I am inside my telnet# on 192.168.1.1, I just need the usual command syntax,
Thank you.
Solved!
Go to Solution.Linksys X3500:
arp add 192.168.1.xxx aa:bb:cc:dd:ee:ff
arp delete 192.168.1.xxx
arp show -
Adding static arp entries in non-global zones
It doesn't seem to be working:
# arp -s 10.0.73.8 02:23:23:23:32:12 permanent
10.0.73.8: Not owner
Any privileges or devices I have to add to the non-global zone to get this working?
Thanks.swiergot wrote:
It doesn't seem to be working:
# arp -s 10.0.73.8 02:23:23:23:32:12 permanent
10.0.73.8: Not owner
Any privileges or devices I have to add to the non-global zone to get this working?
Thanks.Unless you're running exclusive IP, the ARP table is under control of the global zone. Have you made the change in the global zone, to determine if it propogates or not? It should.
Best, -
How to setup a static multicast ARP entry with Cisco SF300-08?
We're running a cluster in multicast mode as a loadbalancer.
We have Cisco SF300-08 and when we adding a static ARP entry results in an error message telling the user that the hardware address needs to be a valid unicast MAC address.
So how to setup a static multicast in Cisco SF300 or maybe someone know other solution to setup multicastes mode in Cisco SF300.Hi, Tom!
We have two watchguard xtm505(cluster active-active) in our network. Watchguard interfaces have one ip and one mac adresses. IP 192.168.111.1(Unicast) and MAC 01:00:5e:02:02:03(multicast). Cisco SF300 is router to outside networks(to internet). Cisco IP adresss is 192.168.111.254. There are another some hosts in this network.
Ping from hosts to 192.168.111.254 works well. Ping from hosts to 192.168.111.1 works well too. But there is no ping from watchguard cluster(192.168.111.1) to Cisco(192.168.111.254). And there is no routing to internet
This is well-known situation. We need to do following(example for cisco 3750):
1. Start the Cisco 3750 command line interface.
2. Add a static ARP entry for the multicast MAC address of the FireCluster interface.
Type this command:
arp arpa
For this example, type:
arp 192.168.111.1 01:00:5e:02:02:03 arpa
3. Add an entry to the MAC address table.
Type this command:
mac-address-table static vlan interface <#>
For this example, type:
mac-address-table static 01:00:5e:02:02:03 vlan 1 interface gi1/0/11
But we can't add arp entry on Cisco SF300. CLI tells us "MAC address illegal"!
We tried enable igmp snooping, but is not helps.
Could you tell more detailed about MAC groups? -
WLC 5508 - WGBs & HREAP on LAN
So, I really have two questions here. For some background information, I have a wireless network with two WLC 5508 controllers and 220 LWAPs in the same location as the controllers. All APs are currently in local mode. I run a few guest networks as well as some other client networks. One client in particular uses their network to connect mobile machines to their VLAN. The only issue is that the machines do not have wireless adapters. Instead, the manufacturer put inside the chassis, a D-Link WGB, which has an ethernet cable, you then have to plug into the ethernet port. These devices cannot seem to connect to the network. I have found, the WGBs do associate on the network, but the wired client behind it cannot pass traffic onto the VLAN. I have also tried connecting PCs with different SOHO style WGBs from different manufacturers with the same result.
After going through Cisco's documentation, I found that using 1230s in WGB mode can resolve this issue since they use IAPP to communicate the MAC table of the wired side clients they service back to the controller. I have configured a 1230, and used it as the WGB for the client machine instead of the D-Link and it does seem to work, but this would mean configuring a considerable number of 1230s to hand over to the client.
The first question would be, Is there something I am missing that I would need to do in order to allow SOHO style WGBs to forward wired side client traffic onto the network while LWAPs are in local mode? Or would the WGB NEED to support IAPP?
The second question is that, I may have found another solution to this already, but would like some input prior to committing.
This client also uses these same machines with the same WGBs inside the chassis at another location where the client operates the network themselves. They also use the same WLC model with the same version, and same APs. The only difference is that they use H-REAP mode with local switching.
I also tested this idea, and it seemed to work. With the AP in H-REAP mode, and the client's WLAN set to local switching, the machine and WGB connected with no problem.
So the question with this, would be; would there be any disadvantages in running all 220 APs at this location in H-REAP mode? What would I be losing if anything? Also, I would like to keep all other WLANs centrally switched.
I understand what the difference would be for this client's WLAN if I ran in H-REAP mode with local switching, but what would the difference be in the other guest WLANs if I set them to be centrally switched? (Is there any difference between running APs in local mode vs running APs in H-REAP with central switching?)Hey,
I read your quesiton quickly so I might miss some points, but I think you need to do some more configuraiton for your passive clients behind the WGB:
'''snip'''
Passive Clients Behind a WGB
The controller might not be able to see passive clients behind a WGB. Clients (such as cameras and programmable logic devices) do not initiate a traffic stream unless they are connected. Complete these steps in order avoid this issue:
Add a static MAC filter entry for the passive WGB device and MAC filter entry for the devices that are behind it.
Use this command in order to enable MAC filtering on the WLAN along with aaa override:config macfilter ipaddress MAC_address IP_address
Add a static entry on the WGB IOS-based device: bridge 1 addressxxxx.xxxx.xxxx forward FastEthernet0Note: In addition, increase the dot11 activity timer.
Add a static ARP entry on the L3 router:
hostname(config)#arp
arpa
'''snip'''
Reference: http://tiny.cc/cjsxu
Also, know please that WGB is not supported with hybrid REAP (H-REAP).
Even if it worked with you sometimes, it is not supported and cisco did not design it to work with HREAP.
http://bit.ly/yLn9D1
I am only aware about one difference between central switching HREAP and local mode; which is that any limitation applied to HREAP will be applied if it is central switching. just like our situation with WGB with HREAP. -
Slow ARP response for dial-in clients
I’ve been experiencing an intermittent issue with remote PC’s connecting to a Cisco AS5350 Universal Gateway - basically, a RAS server.
The issue as far as I’ve been able to pinpoint seems to be related to the amount of time it takes the dial-in client to register an ARP entry on the local network where the RAS server and other servers are connected. If I start an extend ping to one of the servers on the local network (not to the RAS server) once my dial-up connection has been established, I typically see anywhere between 3 and 18 ICMP request timeouts before I start receiving replies. And if at the same time I start an extended ping to the IP address of the RAS server, ICMP replies are received immediately with no request timeouts.
Topology:
Dial-in Client <===> AS5350 RAS <===> L2 Switch <===> Server
192.168.240.131 240.5 240.1 240.21
The switch that the AS5350 and the servers are connected to is a WS-C2960G-8TC-L layer-2 switch with a very basic config. Basically they only thing I’ve changed during the course of my troubleshooting is the STP mode, STP forward time and to enabled STP portfast on the uplinks to the AS5350 and the server… see configuration below:
Current configuration : 2721 bytes
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Switch
boot-start-marker
boot-end-marker
no aaa new-model
system mtu routing 1500
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1 forward-time 5
vlan internal allocation policy ascending
interface GigabitEthernet0/1
description Uplink to Server
spanning-tree portfast
interface GigabitEthernet0/2
description Uplink to CLE-AS5350 RAS
speed 100
duplex full
spanning-tree portfast
interface GigabitEthernet0/3
interface GigabitEthernet0/4
interface GigabitEthernet0/5
interface GigabitEthernet0/6
interface GigabitEthernet0/7
interface GigabitEthernet0/8
interface Vlan1
ip address 192.168.240.1 255.255.255.0
ip http server
ip http secure-server
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
end
For troubleshooting, I enabled “debug arp” on the switch and attempted a dial-up connection to the AS5350. Once the call was established and I received a DHCP lease (192.168.240.131), I started an extended ping to a server (192.168.240.21) on the network… see below:
Host Details:
192.168.240.1 (b4e9.b006.9e40) = Vlan1 on L2 switch.
192.168.240.21 (5cf9.dd48.76dd) = Server.
192.168.240.5 (000d.280c.fe1b) = Cisco AS5350 RAS server.
192.168.240.131 (0000.0000.0000) = PPP dial-in client on RAS server.
000292: *Mar 1 00:21:22.819 UTC: IP ARP: creating incomplete entry for IP address: 192.168.240.131 interface Vlan1
000293: *Mar 1 00:21:22.819 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000298: *Mar 1 00:21:27.013 UTC: IP ARP: rcvd req src 192.168.240.21 5cf9.dd48.76dd, dst 192.168.240.131 Vlan1
000299: *Mar 1 00:21:27.441 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000306: *Mar 1 00:21:32.441 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000314: *Mar 1 00:21:37.449 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000323: *Mar 1 00:21:42.440 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000329: *Mar 1 00:21:47.440 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000334: *Mar 1 00:21:52.439 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000344: *Mar 1 00:21:57.447 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000350: *Mar 1 00:22:02.447 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000358: *Mar 1 00:22:07.430 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000364: *Mar 1 00:22:12.438 UTC: IP ARP: creating incomplete entry for IP address: 192.168.240.131 interface Vlan1
000365: *Mar 1 00:22:12.438 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40,dst 192.168.240.131 0000.0000.0000 Vlan1
000372: *Mar 1 00:22:17.437 UTC: IP ARP: sent req src 192.168.240.1 b4e9.b006.9e40, dst 192.168.240.131 0000.0000.0000 Vlan1
000373: *Mar 1 00:22:17.446 UTC: IP ARP: rcvd rep src 192.168.240.131 000d.280c.fe1b, dst 192.168.240.1 Vlan1
The first line of the debug shows the switch creating an “incomplete entry” for the dial-in client (192.168.240.131).
For all subsequent ICMP requests, you can see that the dial-in client has a MAC address of 0000.0000.0000 – I guess you would call this an incomplete entry.
On the last line of the debug output, you can see that the dial-in client (192.168.240.131) finally gets the MAC address of the AS5350 (000d.280c.fe1b) assigned to it – this is when we start getting ICMP replies.
So during this capture, there were 12 ICMP request timeouts before the dial-in client started receiving replies.
Below is the current config on my Cisco AS5350 RAS server:
Current configuration : 6741 bytes
version 12.3
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
hostname AS5350
boot-start-marker
no boot startup-test
boot-end-marker
logging buffered 2048000 debugging
enable secret 5 *********************
resource-pool disable
calltracker enable
spe country usa
spe call-record modem
spe default-firmware spe-firmware-1
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login NO_AUTHEN none
aaa authentication enable default group tacacs+ enable
aaa authentication ppp dialin if-needed local
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local none
aaa authorization commands 1 default group tacacs+ local none
aaa authorization commands 15 default group tacacs+ local none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
ip subnet-zero
ip cef
ip dhcp excluded-address 192.168.240.1 192.168.240.127
ip dhcp excluded-address 192.168.240.150 192.168.240.254
ip dhcp pool LOCAL
network 192.168.240.0 255.255.255.0
default-router 192.168.240.1
lease 0 1
ip ssh time-out 10
ip ssh version 2
isdn switch-type primary-4ess
fax interface-type fax-mail
controller T1 3/0
shutdown
controller T1 3/1
framing esf
linecode b8zs
pri-group timeslots 1-24
description PRI on Copper
no crypto isakmp ccm
interface FastEthernet0/0
no ip address
shutdown
interface FastEthernet0/1
description Uplink to Switch – Gi0/2
ip address 192.168.240.5 255.255.255.0
duplex full
speed 100
interface Serial0/0
no ip address
shutdown
interface Serial0/1
no ip address
shutdown
interface Serial3/0:23
no ip address
shutdown
interface Serial3/1:23
description PRI on Copper
no ip address
encapsulation ppp
dialer rotary-group 2
dialer-group 2
isdn switch-type primary-4ess
isdn incoming-voice modem
isdn T306 60000
fair-queue
no cdp enable
interface Dialer2
ip unnumbered FastEthernet0/1
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer-group 2
peer default ip address dhcp-pool LOCAL
fair-queue
no cdp enable
ppp authentication chap pap callin
ppp multilink
interface Group-Async0
no ip address
no group-range
interface Group-Async1
description Dial-up PRI modem lines
ip unnumbered FastEthernet0/1
encapsulation ppp
dialer in-band
dialer idle-timeout 0
async mode interactive
peer default ip address dhcp-pool LOCAL
fair-queue
ppp authentication chap pap callin
group-range 1/00 1/59
router eigrp 100
network 192.168.240.0
auto-summary
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.240.1
ip tacacs source-interface FastEthernet0/1
no ip http server
no ip http secure-server
logging history debugging
logging trap debugging
logging x.x.x.x
access-list 101 deny eigrp any any
access-list 101 permit ip any any
access-list 101 remark dialer-list used for dialer-list 1
access-list 182 remark *** PERMIT SSH TO THIS DEVICE ***
access-list 182 permit tcp any any eq 22
access-list 182 deny ip any any log
dialer-list 1 protocol ip permit
tacacs-server host x.x.x.x
tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key 7 *******************
control-plane
voice-port 3/0:D
voice-port 3/1:D
dial-peer cor custom
ss7 mtp2-variant Bellcore 0
ss7 mtp2-variant Bellcore 1
ss7 mtp2-variant Bellcore 2
ss7 mtp2-variant Bellcore 3
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
no exec
line vty 0 4
access-class 182 in
exec-timeout 30 0
logging synchronous
transport input ssh
escape-character BREAK
line 1/00 1/59
no modem callout
modem Dialin
rotary 1
transport input all
transport output all
autoselect during-login
autoselect ppp
scheduler allocate 10000 400
ntp clock-period 17180055
ntp server x.x.x.x
end
Cisco AS5350 IOS: c5350-ik9s-mz.123-11.T11.bin
Is anyone aware of an IOS bug or an error in my configurations that could be causing the delay in creating an ARP entry for the dial-in client?
I am open to any suggestions.
BTW, if I add static arp entries on the server, ICMP replies are typically received after one or two request timeouts.
However, I feel this is not a solution to the problem, only a band-aid fix.
arp -s 192.168.240.128 00-0d-28-0c-fe-1b
arp -s 192.168.240.129 00-0d-28-0c-fe-1b
arp -s 192.168.240.130 00-0d-28-0c-fe-1b
arp -s 192.168.240.131 00-0d-28-0c-fe-1b
arp -s 192.168.240.132 00-0d-28-0c-fe-1b
arp -s 192.168.240.133 00-0d-28-0c-fe-1b
arp -s 192.168.240.134 00-0d-28-0c-fe-1b
arp -s 192.168.240.135 00-0d-28-0c-fe-1b
arp -s 192.168.240.136 00-0d-28-0c-fe-1b
arp -s 192.168.240.137 00-0d-28-0c-fe-1b
arp -s 192.168.240.138 00-0d-28-0c-fe-1b
arp -s 192.168.240.139 00-0d-28-0c-fe-1b
arp -s 192.168.240.140 00-0d-28-0c-fe-1b
arp -s 192.168.240.141 00-0d-28-0c-fe-1b
arp -s 192.168.240.142 00-0d-28-0c-fe-1b
arp -s 192.168.240.143 00-0d-28-0c-fe-1b
arp -s 192.168.240.144 00-0d-28-0c-fe-1b
arp -s 192.168.240.145 00-0d-28-0c-fe-1b
arp -s 192.168.240.146 00-0d-28-0c-fe-1b
arp -s 192.168.240.147 00-0d-28-0c-fe-1b
arp -s 192.168.240.148 00-0d-28-0c-fe-1b
arp -s 192.168.240.149 00-0d-28-0c-fe-1b
Thank you for taking the time to read my post.
-BradHi Krishnamraj,
How many records are you gettnig from server..?? Are they very huge..??
Thanks,
Bhasker
Maybe you are looking for
-
One model for JTree and JTable
Hi. Is it possible for a JTree and a JTable to share one model? Thank you
-
Dynamic execution of boolean expression
Hi folks, I want to execute a boolean expression dynamically, can you pls help me how to do it. For example, String str = " ( X & ( Y | Z ) ) " ; They value of X , Y or Z will be either true or false. After replacing their value, I will get string as
-
Internet explorer 11 in modern mode has some issues in files's downloads
I describe my problem. By using Internet Explorer 11 in modern mode, when a download begins, happening a strange issue: the name of the file is changed, this means that the "." of the extension is changed in a "_", and if presents, also the "." in th
-
Why does iCloud duplicate my calendar events?
All my events are duplicated on my MacBook calendar. Does anyone know why iCloud does this and how I can stop it? Also, why can't I delete pictures from Photo Stream?
-
Best rate to call Mexico cell phone?
I wish to call a north Mexico cell phone, how do I enter the number, and what is the best rate? Post transferred from blog article; subject/title edited accordingly.