Trace a Host in switched network

Hi
I have network consisting of l3-3550 and 2950 series switches.
I have 10 to 12 vlans, all the server and firewall are on default vlan 1 and all desktop in different vlan.
I have problem on firewall, It syslogs is showing lot of packet coming to it from the lan with PUBLIC IP address seems some inffected desktop.
I would like to trace this deskstop or server which is sending this packet.
I have tried using vaious sniffer and ethereal. But all packet except packet going to firewall is visble. I had connected the sniffer in same vlan as the firewall and even tried on same switch
How do i go about, pls help
regds
Ramp

Ramp,
You can use 2 methodsto accomplish this.
You can use a L2 traceroute feature but I am afraid that all you switches doesnot support that.
Another way is by checking the Host MAC-address in the sniffer tool to see which mac is behaving abnormally. Ping the host and check the MAC-addess table on the switch and see from where the MAC-was learned on the switch. Use CDP to find out the neighbor switch's IP and login into that and keep on checking the mac-address table to locate that. You need to check the MAC-address table of each switch untill you find that MAC.
HTH,
-amit singh

Similar Messages

  • Query: Best practice SAN switch (network) access control rules?

    Dear SAN experts,
    Are there generic SAN (MDS) switch access control rules that should always be applied within the SAN environment?
    I have a specific interest in network-based access control rules/CLI-commands with respect to traffic flowing through the switch rather than switch management traffic (controls for traffic flowing to the switch).
    Presumably one would want to provide SAN switch demarcation between initiators and targets using VSAN, Zoning (and LUN Zoning for fine grained access control and defense in depth with storage device LUN masking), IP ACL, Read-Only Zone (or LUN).
    In a LAN environment controlled by a (gateway) firewall, there are (best practice) generic firewall access control rules that should be instantiated regardless of enterprise network IP range, TCP services, topology etc.
    For example, the blocking of malformed TCP flags or the blocking of inbound and outbound IP ranges outlined in RFC 3330 (and RFC 1918).
    These firewall access control rules can be deployed regardless of the IP range or TCP service traffic used within the enterprise. Of course there are firewall access control rules that should also be implemented as best practice that require specific IP addresses and ports that suit the network in which they are deployed. For example, rate limiting as a DoS preventative, may require knowledge of server IP and port number of the hosted service that is being DoS protected.
    So my question is, are there generic best practice SAN switch (network) access control rules that should also be instantiated?
    regards,
    Will.

    Hi William,
    That's a pretty wide net you're casting there, but i'll do my best to give you some insight in the matter.
    Speaking pure fibre channel, your only real way of controlling which nodes can access which other nodes is Zones.
    for zones there are a few best practices:
    * Default Zone: Don't use it. unless you're running Ficon.
    * Single Initiator zones: One host, many storage targets. Don't put 2 initiators in one zone or they'll try logging into each other which at best will give you a performance hit, at worst will bring down your systems.
    * Don't mix zoning types:  You can zone on wwn, on port, and Cisco NX-OS will give you a plethora of other options, like on device alias or LUN Zoning. Don't use different types of these in one zone.
    * Device alias zoning is definately recommended with Enhanced Zoning and Enhanced DA enabled, since it will make replacing hba's a heck of a lot less painful in your fabric.
    * LUN zoning is being deprecated, so avoid. You can achieve the same effect on any modern array by doing lun masking.
    * Read-Only exists, but again any modern array should be able to make a lun read-only.
    * QoS on Zoning: Isn't really an ACL method, more of a congestion control.
    VSANs are a way to separate your physical fabric into several logical fabrics.  There's one huge distinction here with VLANs, that is that as a rule of thumb, you should put things that you want to talk to each other in the same VSANs. There's no such concept as a broadcast domain the way it exists in Ethernet in FC, so VSANs don't serve as isolation for that. Routing on Fibre Channel (IVR or Inter-VSAN Routing) is possible, but quickly becomes a pain if you use it a lot/structurally. Keep IVR for exceptions, use VSANs for logical units of hosts and storage that belong to each other.  A good example would be to put each of 2 remote datacenters in their own VSAN, create a third VSAN for the ports on the array that provide replication between DC and use IVR to make management hosts have inband access to all arrays.
    When using IVR, maintain a manual and minimal topology. IVR tends to become very complex very fast and auto topology isn't helping this.
    Traditional IP acls (permit this proto to that dest on such a port and deny other combinations) are very rare on management interfaces, since they're usually connected to already separated segments. Same goes for Fibre Channel over IP links (that connect to ethernet interfaces in your storage switch).
    They are quite logical to use  and work just the same on an MDS as on a traditional Ethernetswitch when you want to use IP over FC (not to be confused with FC over IP). But then you'll logically use your switch as an L2/L3 device.
    I'm personally not an IP guy, but here's a quite good guide to setting up IP services in a FC fabric:
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/ipsvc.html
    To protect your san from devices that are 'slow-draining' and can cause congestion, I highly recommend enabling slow-drain policy monitors, as described in this document:
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/int/nxos/intf.html#wp1743661
    That's a very brief summary of the most important access-control-related Best Practices that come to mind.  If any of this isn't clear to you or you require more detail, let me know. HTH!

  • LAN switched network

    anyone know what the average bandwidth for a company based on LAN games and Online games are?
    (it could be any game)
    what factors must take into account to design a LAN switched network based on hierarchical model?
    cheers

    Disclaimer
    The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
    Posting
    Joseph, How can I minimun latency in LAN as well no packet loss? with protocols, switches,...How packet transmission latency is reduced when all of hosts are connected to access switches on 100Mbps? why not 10 or 1000Mbps?
    "... or gig." = 1000 Mbps
    Why not 10 Mbps?  Because transmission latency, for any size packets is reduced as bandwidth is increased.
    How no packet loss?  With sufficient bandwidth so there's little need to queue, and if you do need to queue (which again we want to avoid), sufferient buffering so packets aren't dropped.
    on the other hand, imagine for a LAN game you need 1Mbps bandwidth. There are 4 VLANs(12,24,36,48 users in each VLAN) and you must use hierarchical model( access,distribution and core layers) and just are allowed to use VLAN,Trunk,VTP,DTP and Rapids PVST+.How can I reache to this amount of bandwidth in LAN?
    Why must you use hierarchical model?  Modern data center designs, which are aimed at minimum latency, often no longer use the 3 layer design.
    If you have multiple VLANs, and we cannot route, hosts won't be able to contact hosts on other VLANs.
    Don't understand your last question.

  • ADF Mobile : Switching Networks

    JDeveloper 11.1.2.4.0
    ADF Mobile extension: 11.1.2.4.39.64.44
    Hello,
    I've noticed in my ADF Mobile app that if the phone switches networks, (say from WiFi to 3G), my web service calls work and return data ok, but a message pops up with:
    "Cannot connect to <host> on port <port>:java.net.ConnectionException:Connection refused."
    I'm guessing this has something to do with the IP address of my phone changing when it switches networks? Anyone seen this before? Any help would be much appreciated.
    Cheers, Rich.

    What is the <host> in the message? Is it 127.0.0.1?
    Use 10.0.2.2 instead.
    Using the Emulator | Android Developers

  • Host and VMs network configuration

    Hi,
    We have additional Network cards on the Host hyper-v server. Does it make sense to configure Host and VM network
    in this way?
    Host network configuration for Hyper-v virtual network switch:
    1NIC  ---
    2NIC  --- host_team_1
    3NIC ---
    4NIC --- host_team_2
    VM network configuration:
    host_team_1 ---
    host_team_2 --- VM_team_1
    Would we benefit from this configuration?
    Thanks

    It has to be in this way:
    1NIC  ---
    2NIC  --- host_team_1 
    3NIC --- 
    4NIC --- host_team_2
    VM network configuration:
    host_team_1 --- 
    host_team_2 --- VM_team_1
    I understand your point. Just idea is if we have 4 physical NICs on host server for VMs, to configure 2 teams on host server and then one team on virtual machine.

  • Cannot trace to hosts on ISR's using FW feature set

    The issue is that we can trace between networking equipment on tunnels involving the ISR routers using Firewall feature set, but we cannot trace to hosts. For example from (US)AS1, I can trace to (UK)CS1's 192.168.1.2 ip address, but not to host that I find in the arp table for that vlan. I have added ICMP TTL exceeded and TTL time-outs to the ACL's, but it still does not work.  Any helf would be greatly appreciated

    Elijay, You stated that you are using ISR's. Are you perhaps running inspection? If so, you may want to check your ICMP rules for router-traffic and timeouts. You may want to increase the timeout setting.

  • Stop switching networks

    How do I get my Linksys WRT54G2 router from automatically switching networks? When it does this I get limited or no connectivity to the internet on my pc.

    Adjust the Wireless Settings on your Linksys Router...
    Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...
    Leave username blank & in password use admin in lower case...
    For Wireless Settings, please do the following : -
    Click on the Wireless tab
    -Here select manual configuration...Wireless Network mode should be mixed...
    -Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
    - Set the Wireless channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
    Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
    For Wireless Security : -
    Click on the Sub tab under Wireless > Wireless Security...
    Change the Wireless security mode to WEP, Encryption should be 64 bits.Leave the passphrase blank, don't type in anything...
    Under WEP Key 1 type in any 10 numbers please(numbers only and no letters eg: your 10 digit phone number) and click on save settings...
    Please make a note of WEP Key 1 as this is the Security Key for the Wireless Network...
    Click on Advanced Wireless Settings
    Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
    Now see if you can locate your Wireless Network and attempt to connect...
    If it still keeps on switching networks disable the wireless network connection and restart the computer...Click on Start and goto the Control Panel and double click on Network Connections, right click on Wireless Network Connection and click on Enable and then goto Properties.
    Now on this window, click on the second tab Wireless Network and give a check mark on "Use windows to configure my wireless" and then remove all the network names present in the Preferred Networks Window. Then click on OK...
    Right click on the Wireless Network Connection again and click on View Available Wireless Networks and try to re-connect to your network...
    Now it will give you the opportunity to put the network/wep key, make sure you enter the correct network key and confirm it...
    It will connect...
    If all the above fails then download and install the updated drivers for your Wireless Card...

  • "vlan dot1q tag native" end-to-end QoS switched network

    Guys,
    Can I use this in my switched network design, (without using 802.1q tunneling as documentation always seems to mention this vlan in a vlan scenario???)
    I have native vlans and I want to act upon the 802.1p CoS field from end-to-end in my switched network. If the packet happens to be in a native vlan, I cannot do this.
    ie
    pc------accessswitch--------distswitch/rtr
    between access and distribution, there is a dot1q trunk, and the native vlan is the vlan what the pc is in
    Choices.
    run this comand vlan dot1q tag native
    dont have a native vlan, ie have vlan 1 (default as native) on the dot1q up to the dist
    or act only upon L3 dscp
    Can anyone help?
    Many thx,
    Ken

    Hi there,
    Many thx for that. This I understand and the question was really, if I wanted to use a dot1p tag in the dot1q header, but the vlan that the PC was on was the same vlan as the native vlan on the dot1q trunk, what is the best option to ensure I can action qos.
    Just trust dscp on the trunks always
    tag the native,
    or just dont run a native vlan
    I hope this makes sense. Sorry if I was a little confusing b4.
    Thx
    Ken

  • MPLS versus Switched network

    Hi all,
    Can Someone tell me if an MPLS network is faster or slower than a switched network ?
    Could you please tell me what this line means :
    rate-limit output access-group rate-limit 0 3000000 600000 1200000 conform-action transmit exceed-action drop
    Thanks 4 your help...

    Hi
    about the second question;
    you have a "access-list rate-limit 0" command in your configuration
    and checking for 3,000,000 = 3M of traffic
    if that traffic class is less than 3Meg it will pass otherwise dropped
    Your first question is very generic, I am not sure whether you mean by WAN switch or LAN switch
    If it is WAN switch Vs MPLS they both have positives and negatives
    Regards
    Sanjeewa Alahakone
    APT- TAC

  • Oracle generate trace file when log switch

    Hi,
    i am using oracle 9.2.3 on solaris 9. I found oracle generate a trace file in UDUMP directory when log file switch.
    could anyone tell me how to tell oracle not to generate the trace file when log switch?
    thanks a log

    During switch are seeing any error in alert log? By the way what is the content of that trace file? Is any event set in your init.ora?
    Thanks and Regards,
    Satheesh Babu.S
    Bangalore

  • How to Trace oracle Host Type concurrent program

    How to Trace oracle Host Type concurrent program
    I have enabled trace in concurrent definition screen but couldnt get the trace file
    the Host script executes multiple plsql packages for interfaces and sent emails

    Hi,
    How to Trace oracle Host Type concurrent programSee (FAQ: Common Tracing Techniques within the Oracle Applications 11i/R12 [ID 296559.1]) -- 4. How does one enable trace for a concurrent program?
    I have enabled trace in concurrent definition screen but couldnt get the trace fileDo you mean the trace file is not generated?
    the Host script executes multiple plsql packages for interfaces and sent emailsIs this a seeded or custom concurrent program?
    Thanks,
    Hussein

  • T400: Internet does not work when switching networks unless reboot?

    Hi everyone,
    I can't seem to establish an internet connection when I switch networks (e.g., internet at work, then at home). It gives me an error saying "limited connectivity" or failed to renew IP. This happens for both wired and wireless connections. 
    I tried turning off the firewall (comodo internet security) along with the windows firewall. I tried letting windows handle all my internet connections. Yet the error still happens. So I just have to simply reboot my laptop, and everything works 100%. 
    I never had an issue like this with other laptops. Could this possibly have something to do with some of the bundled Lenovo software? I disabled most (if not all) of them since I barely use them. 
    Thanks for your help.  This is my 1st thinkpad, and I'm enjoying it so far. 

    Hi gatorman1122,
    I had a similar problem with my T400.  What wifi card do you have installed?
    I had an Intel 5300.  Networking was OK with XP Pro installed, but messed up with either Vista Ultimate 32-bit or Vista Business 64-bit installed.  All were Lenovo OS images.  I tried 2 different 5300s.
    I only saw the problem with wifi, but basically if I changed access points or changed from wired to wireless, the first attempt to use the (new) access point would fail to get an address.  An immediate reboot would cause it to succeed.
    I finally got the issue escalated to a 2nd-tier tech.  He sent me a 5100 to try. That fixed it.  I doubt it is a hardware issue.  It is most likely a Vista/Intel/Lenovo software issue/conflict.  IMNSHO, ThinkPad wifi w/Vista is a mess.  One of the most fundamental laptop features should work much better than this.  Many folks have T-series wifi problems and Lenovo seems to be ignoring it.
    Just to add to the excitement, I told a friend buying two new T400s to order 5100s to avoid the problem.  He did, and got the machines with XP installed.  They both exhibited the same bad behavior    Once he updated XP and all the Lenovo stuff, they started to work OK and have stayed OK.  Grrrr.....
    Z.
    The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.  The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored. ... GeezBlog
    English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

  • How to know the topology of my switched network?

    Hi,
    Our switched network has approximatley 90 switches and i've been assingned the task to draw the topology.
    I've been told the below information:
    1. All are cisco switches itslef.
    2. I've been provided with ROOT credentials
    3. They told that each switch is connected to two other switches other than the ROOT switch.
    4. The main problem is i shouldn't enter into the datacentre ...rather sitting at my desk i need to prepare it and i've been provided with one day time.
    I know that CDP helps but logging into 90 switches is a bit tedius process. So i there any command to get the topolgoy?
    Can some please help me with this ?
    Regards,
    Chandu

    Just dig in and start doing it. 1-2 days of solid work and you'll be done.
    Start at the core and proceed to each connected switch. Repeat until you've covered them all.
    The key commands I'd use are:
    show cdp nei
    show cdp nei det | i address
    show ip int br | ex una
    Also separately save copies of the configs for later review.
    term len 0
    show run
    All of the above while logging your sessions to file.

  • Ms exchange activesync problem when switching networks

    i've noticed that when i switch networks (i.e. go from ny to sf), i land and set my phone from airplane mode to active, my iphone does not sync with my company's exchange server. it gives me a connection error. i then have to do a reset of the phone and it works fine.
    this also occurs when i switch from 3G to edge and vice versa. i have to do a hard reset of the phone in order to get mail to work again. this doesn't occur with my gmail account, just my MS Exchange activesync.
    anyone else notice this?

    by the way, i'm running 2.0.1 firmware and this was not a problem with 2.0 firmware.

  • Webauth url redirection fail with firewall between host and switch

    Hi All,
    I noticed some old posts (2012) on this specific issue (thanks Tarik) - this is exactly our problem.  Web auth redirect URL gets dropped if stateful firewall is between webauth host and switch management interface.  Aaron at Cisco live london kinda hinted about maybe Cisco working on this ?  We can't disable stateful inspection
    Is there any other solutions or workarounds ?
    "Although this approach introduces additional hops in the return path from the switch to the host, it produces negligible load on the default router and intervening infrastructure since only the WebAuth traffic from the switch to the host follows this path. In campus designs that do not use SVIs on the data VLAN,6 a default route is typically already configured. In this case, no additional configuration is required to support WebAuth. However, problems may arise in the case in which traffic to the default router is bridged through a stateful firewall. The original SYN packet in the TCP handshake is consumed by the access switch, so the first packet that the firewall sees is the SYN-ACK packet from the access switch. Stateful firewalls typically drop SYN-ACK packets if they have not seen the original SYN packet.
    In this case, you will need to turn off stateful inspection for ports 80 and 443 on the firewall."
    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html
    Cheers
    Peter.                

    There is  workaround i haven't tested which is available from 15.0 i think, which is the option to create svi's on your access layer switches for the guest/user vlans, without actually enabling routing between them, it sounds weird, but i have been told that this combined is a possible woraround, that will cause the switch to use the svi interfaces when responding with the SYN-ACK, thus not being sent to its ip default-gateway.

Maybe you are looking for