Trouble with VRF traffic on ASR9000

Similar Messages

• Trouble with vrf / OSPF

  Hi
  Because of a migation i need two connectin from one 6500 to a 3550. See the following scenario (just two switches!)
  6500 ---------------- 3550
  OSPF 100 -- vlan1 -- OSPF 100
  OSPF 100 -- vlan2 -- OSPF 1000 vrf C1
  Everythings works fine at the start, which is good. The bad thing, after i reboot the 3550 i have no neighborship from 3550 OSPF 1000 vrf C1 to 6500 global OSPF.
  Thats because 3550 OSPF 1000 sends no hellos out of vlan 2. So probalby something's broken with the process.
  Clear ospf process doesn't help.
  The workaround is to delete OSPF 200 vrf C1 configuration and configure it again. But this is not what i want in a live environment.
  Has anybody an idea?
  cheers patrick

  Hi Saul,
  The issue is that the ASR9K knows how to get to 172.16.161.6 (or 172.16.19.30) but the EX8208 does not know how to get back to 172.16.19.6, which is the source address used for the ping request. This is because the C6500 redistribute ospf into bgp but it does not redistribute bgp into ospf.
  Regards

• Sharing global routing table with vrf for intra-as traffic

  We have a network block of 10.201.0.0/16 which is divided into two subnet 10.201.0.0/18 and 10.201.192.0/18. We are getting a internet feed for each subnet.
  10.201.192.0/18 is in global routing table, and 10.201.0.0/18 is in a vrf-lite green.
  I am thinking doing the following:
  ...........HUB
  VL199/....\VL198
  SPOKE1 SPOKE2
  Hub and spoke are from perspective of vrf green.
  For vrf green in the HUB:
  ip route vrf green 10.201.0.0 255.255 255.192 vlan 199
  ip route vrf green 10.201.64.0 255.255.255.192 vlan198
  SPOKE1
  ip route 0.0.0.0 0.0.0.0 vlan199
  SPOKE2
  ip route 0.0.0.0 0.0.0.0 vlan198
  Suppose we already get the 2 internet feeds to HUB route with vrf green and global routing table. This should get vrf green going.
  But we also have global routing table on the HUB router.
  We would like to have 10.201.0.0/16 communicating with each other, and only keep internet default separated.
  How should we get to 10.201.0.0/18 from global routing table and how should we get to 10.201.192.0/18 from SPOKE[12]?

  In my lab, I have 2 ports configured.
  int gi1/2
  ip vrf forward green
  ip address 10.201.192.253 255.255.255.252
  int gi1/1
  ip address 10.201.192.254 255.255.255.252
  ip route 10.201.0.0 255.255.192.0 gi1/2
  ip route vrf 10.201.192.0 255.255.192.0 gi1/1 10.201.192.254
  This way, from vrf green to global has go through HUB. and vrf greens will also go through greens.
  Is there any other much elegant way for this purpose?

• (Trouble printing) Trouble with connection between Macbook Pro and Hp Deskjet 1510.

  Trouble with connection between Macbook Pro and Hp Deskjet 1510. (Nothing Prints).
  I have a Macbook Pro and am having difficulty printing documents from ‘Pages' from my Hp Deskjet 1510. I have installed the necessary software for the printer and it is connected via USB. Every time I try to print the printer icon comes up as it should, 'printing' and then 'job completed' and then the icon disappears. (Nothing is printed.) I thought it might be something to do with Pages compatibility with the printer but exporting the document to Word or making it a PDF doesn’t change anything. I don’t have Microsoft Word on my computer. The scanner does work and when I printed a ‘Test Page’ that worked too.
  Let me know if you know why this is happening.

  With these settings the network now works flawlessly, however, when i have my ethernet cable plugged in, my internet access via my airport card(on the macbook pro) is no longer available. Hoping you can tell me why this would be with this info i've provided.
  Educated guess. The networking devices have priorities as to which are used. The standard order is that Ethernet has a higher priority than Airport.
  While your Ethernet is unplugged it is inactive and the Mac ignores it. Once you plug it in, the Mac sees that it is active and switches traffic to that interface.
  I actually take advantage of this feature at home, but configuring my Airport and Ethernet with identical fixed IP addresses. Normally I'll use Airport, but if I'm copying a huge file and I want faster performance, I'll just walk my MacBook (previously iBook, previously Powerbook) over to my Ethernet switch and plug in my MacBook. Magically, the Mac detects that the Ethernet is active and continues the file transfer uninterrupted over the faster 100baseT Ethernet connection. When the transfer is finished, or if I really need to move back to the Comfy Chair, I unplug the Ethernet cable, and all activity reverts back to the Airport, all without disrupting any existing networking connections.
  You on the other hand have totally different settings for your Ethernet and your Airport, so when you switch to Ethernet, you basically loose your Airport connections.
  Something you can try:
  System Preferences -> Network
  Gear icon on the bottom left, next to the [+] [-] icons.
  Select *Set Service Order...*
  Now Drag the network interfaces into the perfer priority order you want. In this case put Airport above Ethernet.
  NOTE: You may want to create a new Network Location for this, instead of messing with your normal home Location (which is most likely the default Automatic. That way you have your original you can always fall back to.

• Trouble with Safari - it keeps shutting down - all because I tried to get rid of MacKeeper

  trouble with Safari - it keeps shutting down - all because I tried to get rid of MacKeeper ad - after I install what I thought was an update since I already had MacKeeper, it would not allow me to continue without buying the new one. Make a long story short I switch to Firefox and deleted as much as I could of Safari (files, preferences etc) Now I'm at OS Yosemite X 10.10.2 and would like to get Safari up and running again - I've searched for Adware in applications etc but could not find it. Found what to do from the community, but before I go that route...Do I have to know where or if I actually have this spyware?    And if I were to reinstall  Maveric - would my files and such be undisturbed?  so that only Safari would be replaced?    I"M LOST .... (as if you couldn't tell)
  I've been working with Mac for 30 years or more and although I'm hands on taught the only thing I lack is the newer "buzz words" so if you can help me out - please make it simple ??  thanks

  There is no need to download anything to solve this problem.
  You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
  Back up all data before making any changes.
  One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
  If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
  Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
  Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• Trouble with CCME 4 and VIC2-2FXO; IOS 12.4(9)T

  Trouble with CCME 4 and VIC2-2FXO; IOS 12.4(9)T
  I am having trouble making outgoing call or answering incoming call.
  When I try to call out from my IP 7961 phone, it fails with the message "unknown number".
  For incoming call, it rings but when I pick up the call nothing happens,
  Put the receiver back on hook, the phone carries on ringing. I am in UK
  and just trying to set up test system with one analogue line. Any help will
  be most appreciated. My config of the 2811 router is posted below. All calls ineternally works fine.
  Thank you for your help.
  hostname Test-CME
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1 10.10.10.10
  ip dhcp excluded-address 10.139.139.1 10.139.139.10
  ip dhcp pool host
  network 10.10.10.0 255.255.255.0
  default-router 10.10.10.1
  option 150 ip 10.10.10.1
  ip dhcp pool data
  network 10.139.139.0 255.255.255.0
  default-router 10.139.139.1
  dns-server 10.139.139.5
  voice-card 0
  no dspfarm
  voice service voip
  allow-connections h323 to h323
  allow-connections h323 to sip
  allow-connections sip to h323
  allow-connections sip to sip
  supplementary-service h450.12
  h323
  sip
  header-passing
  registrar server expires max 3600 min 3600
  interface FastEthernet0/1
  no ip address
  no ip mroute-cache
  duplex auto
  speed auto
  no shut
  interface FastEthernet0/1.2
  description ** Data VLAN **
  encapsulation dot1Q 2
  ip address 10.139.139.1 255.255.255.0
  interface FastEthernet0/1.3
  description ** Voice VLAN **
  encapsulation dot1Q 3
  ip address 10.10.10.1 255.255.255.0
  ip http server
  ip http authentication local
  no ip http secure-server
  ip http path flash:
  tftp-server flash:S00104000100.sbn
  tftp-server flash:TERM41.7-0-3-0S.loads
  tftp-server flash:term61.default.loads
  tftp-server flash:term41.default.loads
  tftp-server flash:CVM41.2-0-2-26.sbn
  tftp-server flash:cnu41.2-7-6-26.sbn
  tftp-server flash:Jar41.2-9-2-26.sbn
  tftp-server flash:term70.default.loads
  tftp-server flash:term71.default.loads
  tftp-server flash:cnu70.2-7-6-26.sbn
  tftp-server flash:Jar70.2-9-2-26.sbn
  tftp-server flash:TERM70.7-0-3-0S.loads
  tftp-server flash:CVM70.2-0-2-26.sbn
  control-plane
  voice-port 0/3/0
  connection plar opx 202
  caller-id enable
  dial-peer voice 1 pots
  incoming called-number .
  destination-pattern 9T
  port 0/3/0
  telephony-service
  load 7914 S00104000100
  load 7941 TERM41.7-0-3-0S
  load 7961 TERM41.7-0-3-0S
  load 7970 TERM70.7-0-3-0S
  max-ephones 20
  max-dn 40
  ip source-address 10.10.10.1 port 2000
  calling-number initiator
  service phone videoCapability 1
  system message MKC CME
  url services http://10.10.10.1/voiceview/common/login.do
  url authentication
  http://10.10.10.1/voiceview/authentication/authenticate.do
  time-zone 21
  date-format dd-mm-yy
  voicemail 600
  max-conferences 8 gain -6
  call-forward pattern .T
  call-forward system redirecting-expanded
  moh music-on-hold.au
  web admin system name admin secret 0 test
  dn-webedit
  time-webedit
  transfer-system full-consult dss
  transfer-pattern 9.T
  secondary-dialtone 9
  create cnf-files
  ephone-dn 1 dual-line
  number 201
  label 201
  description Sarah
  name Sarah
  ephone-dn 2 dual-line
  number 202
  label 202
  description Vitthal
  name User2 Vitthal
  ephone-dn 3 dual-line
  number 203 secondary
  label 203
  description Neil
  name User3 Neil
  ephone 1
  video
  username "user1" password 201
  mac-address 0018.18EE.947F
  type 7961 addon 1 7914
  button 1:1
  ephone 2
  video
  username "user2" password 202
  mac-address 0018.18BB.B973
  type 7941
  button 1:2
  ephone 3
  video
  username "user3" password 203
  mac-address 0018.1885.6BA2
  type 7970
  button 1:3

  Hi
  Please find enclosed debug attachment for voice ccapi and ephone. First, I called from outside. Extension 202 rings but when I answered on extension 202 nothing happens. Replace the rceiever and the pone starts ringing again.Second step. I tried to call out by dialing 9 and then number but after a while phone displays unknown number.
  Thank you for your help.
  Vitthal

• Trouble With Port Mirroring (SG200-08)

  Trouble with port mirroring.
  Even though both Tx and Rx is specified, only getting half the conversation.  Ping reply only for instance.  And when pinging from other locations no traffic at all.
  Please help
  SG200-008
  FW Version: 1.0.2.0
  Boot Version D.3.1
  Thanks

  I also have problem with the mirroring of port on my SG200-08.  The firmware is 1.0.6.2.
  I mirror the port g1, to which my router to the Internet is connected, to the port g2 to be able to see the traffic with a Centos system running Bandwidthd connected to the port g2.  The problem is that I only see the traffic coming in (downloads from the Internet) and not the traffic comming out (uploads to the Internet).
  When looking at the SG 200-08 on the web interface at "Status and Statistics/Interface" and looking at the port g2, I see values for the "Transmit Statistics", but all the values are at 0 for the "Received Statisticsc" (see the attached file)
  I confirmed that in "Administration/Diagnostic/Port Mirroring" is set up both Tx and Rx (it does not work either if I have Tx or Rx alone: I do not see the uploda traffic to the Internet). See the attached file.
  This is very annoying as I purchased this SG 200-08 especially for this and it does not do the job porperly.
  Does anybody knows a solution to this?

• Trouble with bridge mode and port forwarding

  I have a Westell Model 6100F DSL modem in bridge mode into my network and I'm having trouble forwarding ports. Is there any general guidance available to do this. I have set many of my friends networks up to allow port forwarding but all have been on other service providers, mainly cable. (my experience) My network is the only one I have had trouble with.
  Basically, my question is, while in bridge mode, does the modem forward all incoming traffic to my NAT router or do I need to apply special port forwarding settings in the modem to allow this?
  If bridge mode is the reason I cannot forward the ports, can someone explain how to set the WEstell 6100F back to factory defaults so I can start over. 
  Any other suggestions?
  Thanks in advance.
  Paul

  If bridge mode is set up correctly, your router should be holding the Public IP address (basically not something that is a 192.168 address) as shown at http://www.whatismyip.com/ and compared against what IP your router has.
  If your router has the public IP, all problems lie with either your router or your PC's firewall and configuration. I'd check out portforward.com for some guides on forwarding ports for your router or poarticular application if you need some additional help.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Trouble with Ip redirect

  I am having a bit of trouble with ip redirects on an airnet 1042N
  Here is what happens, I turn off ip redirect, everything works fine, turn it on, everything works fine.  The problem is when I apply an ACL to it.
  If I apply an ACL, I can ping web sites, but I can not browse websites or telnet to port 80.  This is simply a test configuration before I move it into production.  10.0.0.0/22 is our subnet.  I want the guest ssid to allow access to the internet, but not the the internal network (with the exception of the gateway (10.0.1.254) , dhcp, and dns servers (same server 10.0.1.221)
  Running config
  Current configuration : 2475 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname testap
  logging rate-limit console 9
  enable secret 5 $1$PBvp$dH8HqNdXBTP7eCzYanRRo.
  no aaa new-model
  dot11 syslog
  dot11 ssid main
     authentication open
     authentication key-management wpa version 2
     wpa-psk ascii 7 1234567890abcdefghi
     ip redirection host 10.0.1.254 access-group 102 in
  dot11 ssid secondary
     authentication open
     authentication key-management wpa version 2
     guest-mode
     wpa-psk ascii 7 075E731F1A5C4F524F4B5B0D06292F212E343D2B
     ip redirection host 10.0.1.254 access-group 103 in
  username Cisco password 7 01300F175804
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid main
  ssid secondary
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  antenna gain 0
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  ip address 10.0.2.150 255.255.252.0
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.0.2.150 255.255.252.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  access-list 101 permit ip any host 10.0.1.254
  access-list 101 permit ip any host 10.0.1.221
  access-list 101 deny   ip 10.0.0.0 0.0.3.255 10.0.0.0 0.0.3.255
  access-list 101 permit ip any any
  access-list 102 permit ip any 10.0.0.0 0.0.3.255
  access-list 103 permit 80 any any
  access-list 103 permit ip any host 10.0.1.254
  access-list 103 permit ip any host 10.0.1.221
  access-list 103 deny   ip 10.0.0.0 0.0.3.255 10.0.0.0 0.0.3.255
  access-list 103 permit ip any any
  access-list 120 permit ip host 10.0.3.41 any
  access-list 120 permit ip any host 10.0.3.41
  bridge 1 route ip
  line con 0
  logging synchronous
  line vty 0 4
  login local
  end

  James:
  Welcome to the forum.
  To enable both encrypted and unencrypted traffic on same radio you need to use VLANs. If you are using only the native VLAN then you are abide by only one encryption method for all SSIDs.
  Check this for multiple SSIDs and multiple VLANs:
  https://supportforums.cisco.com/docs/DOC-14496
  For your network above, you should review the ACL and make sure it allows the needed traffic. Make sure both ports 80 and 23 are opened. Make sure to choose correct ports (udp, tcp) on the ACL.
  You can also try configuring ip redirect from GUI. give a look to the ip redirect doc: http://tiny.cc/gdsekw.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Having trouble with pop-up windows and ads for MacKeeper

  I've been having trouble with pop-up windows and ads for MacKeeper and similar "services." Tried to download "MPlayerX" a week ago and it all started then. I thought I deleted the file but I'm still having trouble. I've been digging for solutions on here, but nothing I've found on here has worked yet--the VSearch stuff (I think) isn't on my hard drive. Any advice?

  You installed a variant of the "VSearch" trojan. Remove it as follows.
  This malware has many variants. Anyone else finding this comment should not expect it to be applicable.
  Back up all data before proceeding.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.venus.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.venus.daemon.plist
  /Library/LaunchDaemons/com.venus.helper.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/venus
  /System/Library/Frameworks/v.framework
  The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• Apply QOS to vrf traffic?(Ethernet SubInts)

  Hi,
  I'm trying to apply "GOLD" QOS to vrf traffic that is terminated on eth subints, but class-map is not allowing me to match on subinterfaces:
  class-map match-any GOLD
  match mpls experimental topmost 5
  match ip precedence 5
  match input-interface fastEthernet 0/0 (Subints not allowed)
  I also cannot match on access-group, as the traffic is within a vrf.
  Should I be creating a seperate policy-map marking the traffic as GOLD, and then apply this as a "service-policy input" to each eth subint the vrf is associated with?

  Hi,
  when you apply the service-policy to an interface you do NOT need to specify the interface in the class-map! Example:
  class-map match-any VoIP
  match ip precedence 5
  match ip dscp ef
  policy-map Marking
  class VoIP
  set mpls experimental imposition 5
  interface FastEthernet0/0.100
  ip address ...
  encapsulation dot1q 100
  service-policy input Marking
  This will set MPLS exp bits on all traffic coming into F0/0.100 and being marked with either Prec 5 or DSCP EF.
  Sidenote: using an ACL in class VoIP will also only match traffic on the interface, where the policy is applied. So overlapping customer addresses are not an issue.
  Hope this helps! Please rate all posts.
  Regards, Martin

• ZBFW design with vrf

  Hello,
  I am preparing a zbfw design with 400+ ISR/ASR remote  routers, Flexvpn and 1 vrf.  Each router has a tunnel for visitors and another tunnel for normal users. Config below. In the documentation, I read "All interfaces in a zone must belong to the same Virtual Routing and Forwarding (VRF) instance"
  There is no need to communicate between vrf visitor and the GRT, but both use the common wan zone on gigibit 0/0 and gigabit 0/2  to communicate to central.
  My question: Can I put all 4 tunnel interfaces below in the same zone :vpn ?
  ip vrf Visitors
  interface Tunnel1111
  description === FlexVPN to nrtc102 (DC1 AVC - primary line) ===
  ip unnumbered Loopback1
  ip mtu 1380
  ip tcp adjust-mss 1340
  tunnel source GigabitEthernet0/0
  tunnel destination 10.255.117.104
  tunnel protection ipsec profile Primary-line
  interface Tunnel1112
  description === FlexVPN to nrtc102 (DC1 AVC - Secondary line) ===
  ip unnumbered Loopback2
  ip mtu 1380
  ip tcp adjust-mss 1340
  tunnel source GigabitEthernet0/2
  tunnel destination 10.255.117.105
  tunnel protection ipsec profile Secondary-line
  interface Tunnel1113
  description === FlexVPN to nrtcDMZ (DC1 - visitors - primary line) ===
  ip vrf forwarding Visitors
  ip unnumbered Loopback3
  ip mtu 1380
  ip tcp adjust-mss 1340
  tunnel source GigabitEthernet0/0
  tunnel destination 10.255.112.104
  tunnel protection ipsec profile Primary-line-visitors
  interface Tunnel1114
  description === FlexVPN to nrtcDMZ (DC1 - visitors - Secondary line) ===
  ip vrf forwarding Visitors
  ip unnumbered Loopback4
  ip mtu 1380
  ip tcp adjust-mss 1340
  tunnel source GigabitEthernet0/2
  tunnel destination 10.255.112.105
  tunnel protection ipsec profile Secondary-line-visitorsinterface
  Many thanks Karien

  Hello Karien,
  Not sure I get the question..
  The definition you are looking I guess is this one:
  A router can only inspect inter-VRF traffic if traffic must enter or leave a VRF through an interface to cross to a different VRF. If traffic is routed directly to another VRF, there is no physical interface where a firewall policy can inspect traffic, so the router is unable to apply inspection.
  Based on that I would say that on each VRF there will need to be a dedicated security zone applied,
  I will try to run a lab real quick tomorrow and get back to u,
  Remember to rate all of the helpful posts. That's as important as a Thanks.
  Julio Carvajal Segura

• Vpn trouble with 10.8.2

  I everybody,
  I have trouble with vpn on OSx Mountain Lion.
  I use a pptp vpn connection, the vpn can connect and access the Internet bug I can't ping local address... I get a time out error message.
  (I choose "Send all traffic over VPN connection" in the advanced settings)
  Is there a known problem with 10.8.2 VPN ? And how can I fix it.
  I had the same problem using Shrew Soft as VPN client.
  Everything worked before update to 10.8.2.
  Thanks,

  #UPDATE
  The problem only occured when both LAN are on the same subnet (ex : 192.168.0.0/24)...

• I have been having a lot of trouble with the latest itunes update and my ipod classic 80Gb i.e. being unable to sync songs, but now i have no files at all on my ipod, it is completely blank when i view it from my computer. I need help, please, anybody.

  As it says above, i have been having a lot f trouble with my ipod classic and the latest itunes update, i was unable to sync songs or anything to it and have tried every conceivable 'fix' i could find. i have run an itunes diagnostic and the results are posted below. a major problem is that when i try and view my ipod through my computer it displays nothing at all on the ipod, no files or anything, this may be the problem but i have no idea how it has happened or how i could resolve it.
  This ipod holds huge sentimental value and i am loathe to buy a new one! If anybody can help it is greatly appreciated, than kyou in advanced.
  Microsoft Windows 7 x64 Home Premium Edition Service Pack 1 (Build 7601)
  ASUSTeK Computer Inc. K50IJ
  iTunes 11.1.5.5
  QuickTime not available
  FairPlay 2.5.16
  Apple Application Support 3.0.1
  iPod Updater Library 11.1f5
  CD Driver 2.2.3.0
  CD Driver DLL 2.1.3.1
  Apple Mobile Device 7.1.1.3
  Apple Mobile Device Driver 1.64.0.0
  Bonjour 3.0.0.10 (333.10)
  Gracenote SDK 1.9.6.502
  Gracenote MusicID 1.9.6.115
  Gracenote Submit 1.9.6.143
  Gracenote DSP 1.9.6.45
  iTunes Serial Number 0038B8600B98D1E0
  Current user is not an administrator.
  The current local date and time is 2014-03-21 16:52:39.
  iTunes is not running in safe mode.
  WebKit accelerated compositing is enabled.
  HDCP is not supported.
  Core Media is supported.
  Video Display Information
  Intel Corporation, Mobile Intel(R) 4 Series Express Chipset Family
  Intel Corporation, Mobile Intel(R) 4 Series Express Chipset Family
  **** External Plug-ins Information ****
  No external plug-ins installed.
  Genius ID: 2fd81a1f13cf3ff25a8b4f0e8e725116
  **** Device Connectivity Tests ****
  iPodService 11.1.5.5 (x64) is currently running.
  iTunesHelper 11.1.5.5 is currently running.
  Apple Mobile Device service 3.3.0.0 is currently running.
  Universal Serial Bus Controllers:
  Intel(R) ICH9 Family USB Universal Host Controller - 2934.  Device is working properly.
  Intel(R) ICH9 Family USB Universal Host Controller - 2935.  Device is working properly.
  Intel(R) ICH9 Family USB Universal Host Controller - 2936.  Device is working properly.
  Intel(R) ICH9 Family USB Universal Host Controller - 2937.  Device is working properly.
  Intel(R) ICH9 Family USB Universal Host Controller - 2938.  Device is working properly.
  Intel(R) ICH9 Family USB Universal Host Controller - 2939.  Device is working properly.
  Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A.  Device is working properly.
  Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C.  Device is working properly.
  No FireWire (IEEE 1394) Host Controller found.

  Here is what worked for me:
    My usb hub, being usb2, was too fast. I moved the wire to a usb port directory on my pc. That is a usb1 port which is slow enough to run your snyc.

• Trouble with Toshiba built-in webcam: "unable to enumerate USB device"

  I am running archlinux on a Toshiba Satellite L70-B-12H laptop, and having troubles with the Webcam. *Once in a while*, everything goes well and I get
  # lsusb
  Bus 004 Device 002: ID 8087:8000 Intel Corp.
  Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  Bus 003 Device 004: ID 04f2:b448 Chicony Electronics Co., Ltd
  Bus 003 Device 003: ID 8087:07dc Intel Corp.
  Bus 003 Device 002: ID 8087:8008 Intel Corp.
  Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  # dmesg
  [ 3433.456115] usb 3-1.3: new high-speed USB device number 4 using ehci-pci
  [ 3433.781119] media: Linux media interface: v0.10
  [ 3433.809842] Linux video capture interface: v2.00
  [ 3433.826889] uvcvideo: Found UVC 1.00 device TOSHIBA Web Camera - HD (04f2:b448)
  [ 3433.835893] input: TOSHIBA Web Camera - HD as /devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.3/3-1.3:1.0/input/input15
  [ 3433.835976] usbcore: registered new interface driver uvcvideo
  [ 3433.835977] USB Video Class driver (1.1.1)
  Unfortunately, *most of the time* the camera seems invisible to my system, and I get
  # lsusb
  Bus 004 Device 002: ID 8087:8000 Intel Corp.
  Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  Bus 003 Device 003: ID 8087:07dc Intel Corp.
  Bus 003 Device 002: ID 8087:8008 Intel Corp.
  Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  (note the missing "04f2:b448 Chicony Electronics Co., Ltd" device), and
  # dmesg
  [ 480.104252] usb 3-1.3: new full-speed USB device number 4 using ehci-pci
  [ 480.171097] usb 3-1.3: device descriptor read/64, error -32
  [ 480.341235] usb 3-1.3: device descriptor read/64, error -32
  [ 480.511375] usb 3-1.3: new full-speed USB device number 5 using ehci-pci
  [ 480.578007] usb 3-1.3: device descriptor read/64, error -32
  [ 480.748151] usb 3-1.3: device descriptor read/64, error -32
  [ 480.918282] usb 3-1.3: new full-speed USB device number 6 using ehci-pci
  [ 481.325196] usb 3-1.3: device not accepting address 6, error -32
  [ 481.392091] usb 3-1.3: new full-speed USB device number 7 using ehci-pci
  [ 481.798926] usb 3-1.3: device not accepting address 7, error -32
  [ 481.799166] hub 3-1:1.0: unable to enumerate USB device on port 3
  Searching on the web, most results I found lead to this page, where it is said that the problem is due to badly tuned overcurrent protection, and advocated that unplugging and switching off the computer for a little while gets things back into normal. This does not really work for me; the problem seems to occur more randomly, unfortunately with high probability (my camera is available after less than one boot out of ten).
  I tried to ensure that the ehci-hcd module is loaded at boot with the ignore-oc option (with a file in /etc/module-load.d/), to no avail.
  I also wrote a script which alternatively removes and reloads the ehci-pci driver until my device is found in lsusb. It is sometimes helpful, but usually not. And even when my device is found that way, it can only be used for a while before disappearing again.
  Anyway, such a hack is unacceptable... So, my questions are:
  is it indeed related to overcurrent protection ?
  is there anything else I can try ?
  should I file somewhere an other of the numerous bug reports about "unable to enumerate USB device" already existing ?
  If of any importance, I am running linux 3.15.7, because at the time I installed my system, I couldn't get the hybrid graphic card Intel/AMD working under 3.16.
  Last edited by $nake (2014-10-18 16:29:06)

  uname -a
  Linux libra 3.9.4-1-ARCH #1 SMP PREEMPT Sat May 25 16:14:55 CEST 2013 x86_64 GNU/Linux
  pacman -Qi linux
  Name : linux
  Version : 3.9.4-1
  Description : The linux kernel and modules
  Architecture : x86_64
  URL : http://www.kernel.org/
  Licences : GPL2
  Groups : base
  Provides : kernel26=3.9.4
  Depends On : coreutils linux-firmware kmod mkinitcpio>=0.7
  Optional Deps : crda: to set the correct wireless channels of your country
  Required By : nvidia
  Optional For : None
  Conflicts With : kernel26
  Replaces : kernel26
  Installed Size : 65562.00 KiB
  Packager : Tobias Powalowski <[email protected]>
  Build Date : Sat 25 May 2013 16:28:17 CEST
  Install Date : Sun 02 Jun 2013 15:30:35 CEST
  Install Reason : Explicitly installed
  Install Script : Yes
  Validated By : Signature