Troubleshooting Public Servers with packet-trace.
Hi, I'm new to Cisco, I've tried googling my problem but cannot find anything.
I am trying to setup Public Servers and my config looks great, but it doesn't work. I tried to packet-trace my config and I get an ALLOW when I use the same port from my source, but if I try with a different port, I get a DROP. I can't find where I can tell it to use any port from the source. Did I missed something?
ASA5510, Firmware : 9.1, ASDM : 7.5
SAME SOURCE PORT (Port 88 to Port 88)
Result of the command: "packet-tracer input outside tcp 123.123.123.1 88 W.W.W.13 88 detailed"
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network MYOFFICE-PVR-PRIVATE-IP
nat (inside,outside) static MYOFFICE-PVR-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate W.W.W.13/88 to A.A.A.254/88
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_0 any object MYOFFICE-PVR-PRIVATE-IP
object-group service DM_INLINE_SERVICE_0
service-object object MYOFFICE-PVR-88
service-object object MYOFFICE-PVR-9000
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacefb350, priority=13, domain=permit, deny=false
hits=3, user_data=0xaa490880, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=88, tag=0
dst ip/id=A.A.A.254, mask=255.255.255.255, port=88, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xaca012b8, priority=1, domain=nat-per-session, deny=true
hits=10478473, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xace37850, priority=0, domain=inspect-ip-options, deny=true
hits=7278021, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
inspect icmp
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad53bef0, priority=70, domain=inspect-icmp, deny=false
hits=214393, user_data=0xad53b418, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad4981d0, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=65468, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 7
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source dynamic any interface
Additional Information:
Forward Flow based lookup yields rule:
out id=0xacef3c40, priority=6, domain=nat-reverse, deny=false
hits=4577, user_data=0xacef2a38, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=inside
Phase: 8
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xaca012b8, priority=1, domain=nat-per-session, deny=true
hits=10478475, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 9
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xace84c40, priority=0, domain=inspect-ip-options, deny=true
hits=6598652, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=inside, output_ifc=any
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 6654364, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
DIFFERENT SOURCE PORT (Port 6000 to Port 88)
Result of the command: "packet-tracer input outside tcp 123.123.123.1 6000 W.W.W.13 88 detailed"
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network MYOFFICE-PVR-PRIVATE-IP
nat (inside,outside) static MYOFFICE-PVR-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate W.W.W.13/88 to A.A.A.254/88
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacefccb0, priority=11, domain=permit, deny=true
hits=307712, user_data=0x5, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Never mind, I got it
object service MYOFFICE-PVR-88
service tcp source range 1 65535 destination eq 88
Similar Messages
-
Trying to troubleshoot with Packet Trace
Hi Folks,
Having a bit of issues, i am trying to access a http/https server from the Guest interface (10.10.10.0/24) to the Inside interface (192.168.190.0/24)
I can ping the server, but when i try to access it with http/https.. no luck
So when i am on the 192.168.190.0/24 network i have no problem using http/https to the server.
Inside: Security level 100 (VLAN1)
Guest: Security level 40 (VLAN23)
ASA version: 8.0(4)
ASDM version: 6.1(5)57
I have attached an image when trying to troubleshoot the access list entry from the 10.10.10.1 to 192.168.190.1.
But for some reason the packet is dropped..So i am wondering if i am able to ping the server when i am on the 10 network. Well then the rule shouldn't be wrong right?
Any tips and tricks, i prob missed something
Thanks
ShaneYes sorry about that, you were right the output in the CLI is much better
Yeah and your were right about the .1, my bad Feel stupid..
I tried with 10.10.10.10 to 192.168.190.27 and the packet was allowed
Here is the output from
# packet-tracer input inside tcp 10.10.10.10 12345 192.168.190.27 443
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.190.0 255.255.255.0 inside
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
So i see that its drop at Phase 5..
I added another rule on the inside interface
Allow packet from the guest network to 192.168.190.27 which is the https server.
Get the output:
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.190.0 255.255.255.0 inside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Outgoing in interface inside
access-list Outgoing extended permit tcp 10.10.10.0 255.255.255.0 host 192.168.190.27 object-group DM_INLINE_TCP_4
object-group service DM_INLINE_TCP_4 tcp
port-object eq www
port-object eq https
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
match ip inside 192.168.190.0 255.255.255.0 inside 10.10.10.0 255.255.255.0
NAT exempt
translate_hits = 0, untranslate_hits = 1
Additional Information:
Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside) 1 192.168.190.0 255.255.255.0
match ip inside 192.168.190.0 255.255.255.0 inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) x.x.x.x 192.168.190.27 netmask 255.255.255.255
match ip inside host 192.168.190.27 outside any
static translation to x.x.x.x
translate_hits = 739399, untranslate_hits = 2012692
Additional Information:
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 36837297, packet dispatched to next module
Phase: 12
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.190.27 using egress ifc inside
adjacency Active
next-hop mac address 000c.2946.f8e5 hits 85
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow -
EtherChannel with Packet Tracer
I tried in Packet Tracer to bundle 4 links between 2 switches, each switch is connected to a host.
when I try to ping from host to other, it pings and successful, but when I try to disconnect a cable, which the selected link by the PAgP, it says Request timed out.
and it can't ping till I return that cable back again, what is the problem?Hello, i have packet tracer 6.2, and i use Switches 3560(L3), my portchannel have two ports, when i reload de Switch1, after to startup the Switch appear this message
%EC-5-CANNOT_BUNDLE2: Fa0/1 is not compatible with Po1 and will be suspended (trunk encap of Fa0/1 is auto Po1 is dot1q)
%EC-5-CANNOT_BUNDLE2: Fa0/2 is not compatible with Po1 and will be suspended (trunk encap of Fa0/2 is auto Po1 is dot1q)
Do you Know what is the problem
CONFIG S1
interface Port-channel 1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode auto
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode auto
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
CONFIG S2
interface Port-channel 1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode desirable
switchport trunk allowed vlan 10,20
switchport mode trunk
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode desirable
switchport trunk allowed vlan 10,20
switchport mode trunk
Thanks -
Where can I get scenarios for Packet Tracer?
I want to use PT to get used to commands. I want to start from easy router configuration to advanced (no more than CCNA-level for now). I have Packet Tracer, but where can I get scenarios along with guidance?
Hi There
What study material are you using. Usually the study material will give you lab scenarios to configure.
For CCNA level check out the following
1, Wendell Odoms ICND 1 and ICND 2 books.
(I have never seen these books, but Wendell Odom is a pretty well respected person in the Cisco certification circles and is CCIE. I have one of his CCIE books for my CCNP studies and find it really good.)
2, Todd Lammles CCNA study Guide, 6th edition.
(The 6th edition is geared towards the upgraded CCNA exam. I used the 5th edition of this book as part of my own CCNA studies.This will give you lots of hands on practice and you build up your lab up as you move through the book.)
3, The Byrant Advantage CCNA study guide.
(I have used Chris Bryant's study material for my CCNA and am still using it as part of my CCNP studies. I find it quite good and lab work books are provided.)
Be prepared though for some problems with Packet Tracer. For as good as it is, it does not have all the commands available. So you may come across somethings that you can not configure or get to work correctly.
If you have access to some IOS versions you should check out Dynamips/Dynagen, which is better than any simulator on the market.
Best Regards,
Michael -
Packet Tracer 6.0.1 - Buffer Full
Hey,
I'm experiencing an issue with Packet Tracer 6.0.1. When I try to send any packet over my network I recieve a "Buffer Full" error after so many hops. It gives me the option to clear the buffer but once I do the packet simulation resets. Because of this it's impossible to tell if my network is flawless, because it's impossible to simulate a packet on through the entire journey.
Does anyone have a solution to this "Full Buffer" issue?Looks like this is using wineskin, I couldn't get it to work.
I'm using parallels though, so I just installed the exe provided by Totamann77.
Look at his guide here, it explains what you have to do to run the package.
https://discussions.apple.com/message/22917652#22917652 -
The new updates sound great. Anyone got any documentation on the "Provides new capability with PT Bridge to connect real network equipment to the Packet Tracer environment" bit?
RichPT Bridge is an external java applet allowing Packet Tracer to communicate with real world networks through multiuser cloud. Have a look on http://www.packettracernetwork.com/ for more details (end of the home page)
-
Shared public IP with same tcp port (round robin/load balance)
Hi all,
I want to know if I can do that with my ASA5515-X, I have two servers that can do the same thing, there are SSO servers, What I want to do is to publish the 2 servers on Internet with the same public IP address and on TCP 443.
Is it supported ? will it works like load balancing per sessions ?
or do I need to add an HLB between ASA and my SSO servers ?
ThanksHi Yann,
You can configure the ASA to allow traffic to your SSO server from outside on two public IP's. Users can hit either of the IP to reach the inside server. Now, load balancing would be achieved based on source devices sending request to public IP's. If source machine son internet use one public IP more to access the server, ASA can't do anything to load balance in such scenario. Here is how you can accomplish this:
Assuming SSO server on inside is 192.168.16.110 and two public IP's are 192.168.17.110 and 192.168.17.111
object network SSO_1
host 192.168.17.110
object network SSO_2
host 192.168.17.111
object network SSO
host 192.168.16.110
object service https
service tcp source eq https
nat (inside,outside) source static SSO SSO_1 service https https
nat (inside,outside) source static SSO SSO_2 service https https
Hostname(config)# sh xl
2 in use, 6 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
TCP PAT from inside:192.168.16.110 443-443 to outside:192.168.17.110 443-443
flags sr idle 0:00:06 timeout 0:00:00
TCP PAT from inside:192.168.16.110 443-443 to outside:192.168.17.111 443-443
flags sr idle 0:00:08 timeout 0:00:00
Verification:
Hostname(config)# packet-tracer input outside tcp 4.4.4.4 discard 192.168.17.110 443
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) source static SSO SSO_1 service https https
Additional Information:
NAT divert to egress interface inside
Untranslate 192.168.17.110/443 to 192.168.16.110/443
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside in interface outside
access-list outside extended permit ip any any
Additional Information:
Phase: 3
Type: CONN-SETTINGS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source static SSO SSO_1 service https https
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 3670, packet dispatched to next module
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Hostname(config)# packet-tracer input outside tcp 4.4.4.4 discard 192.168.17.111 443
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) source static SSO SSO_2 service https https
Additional Information:
NAT divert to egress interface inside
Untranslate 192.168.17.111/443 to 192.168.16.110/443
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside in interface outside
access-list outside extended permit ip any any
Additional Information:
Phase: 3
Type: CONN-SETTINGS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source static SSO SSO_1 service https https
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 3671, packet dispatched to next module
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
Sourav -
Sun Fire V490 x 2 servers with Oracle RAC facing Split brain problem
Hi all,
I have Sun Fire V490 x 2 servers with Oracle RAC and they faced a Split brain problem. One of the node's database instance has gone down, The DBA claims it is due to network problem, but as such the networks are OK. We use the on board CE1 interface for Cluster interconnect and CE0 as the public interface.
Did anybody face this kind of a problem? Could this be a hardware/OS patch problem?
I had kept a continuous ping for 24 hours after this happened last time and the output shows no packet loss
Many thanks in advance.
Ushas SymonIn order to diagnose this properly, you'll need to provide too much detail and far too many log files for a generic discussion forum to handle.
Use your service contract and open a support case.
Because a cluster environment is involved you'll likely end up talking to the cluster support staff.
They can analyze hardware and software errors as well as review whether you configured the systems in a supportable fashion.
Be prepared to make a direct connection to each system and gather data using such as by using the Explorer tool. The technical support staff will tell you what they will actually need. -
After installing a VPN I tried to see if outbound traffic was actually encrypted.
When the VPN is activated, ifconfig shows a new interface "tun0:" so I ran a packet trace against tun0. The trace was started with...
sudo tcpdump -i tun0 -s 0 -w VPNActivetun0.dmp
...and then Mail was started. Once mail had connected to the mail servers the trace was stopped and then formatted with...
tcpdump -s 0 -n -e -X -r VPNActivetun0.dmp
...and it contains lots of clear text including email account passwords being transmitted.
What am I doing wrong ?I've also see that I'm tracing gobs and gobs of non-Internet packets, to and from 10.?.?.?. Do you know how I can filter these out?
Presumably your local network is 10.x.x.x, otherwise you shouldn't see these at all.
However, that said, if your local network is 10.x.x.x then you cannot tell tcpdump to blindly ignore anything to/from 10.x.x.x because that will include the very traffic you're trying to trace.
The best solution is to tell tcpdump specifically which traffic you DO want to see, either via IP address or port number.
For example, if you're trying to see what (if any) SMTP traffic (port 25) is going to/from your machine:
<pre class=command>sudo tcpdump -i en1 port 25</pre>
To see traffic going to/from a specific IP address:
<pre class=command>sudo tcpdump -i en1 host 1.2.3.4</pre>
You can also use the keywords and and not to further refine what traffic to look for. e.g. to watch all non-http traffic going to 1.2.3.4:
<pre class=command>sudo tcpdump -i en1 host 1.2.3.4 and not port 80</pre> -
Package Packet Tracer 6.0.1.exe for native for Mac OS X
Hello everyone, share a way to package Packet Tracer.exe possibly any .exe to a native app on Mac OS X with WineSkin.
You can download the Packet Tracer 6.0.1 for windows and WineSkin from here:
Download Packet Tacer 6.0.1
Download WineSkin
After download and install WineSkin is necessary to download certain Engines and Wrappers that allow you to run windows on mac and itself packaging libraries. The Engines that must install are:
WS9Wine1.5.27
WS9Wine1.5.2AMDSpeedHack
The Wrapper that we will use is:
WineSkin-2.5.12
For the following steps you can follow this tutorial video made by my
http://rafavg77.wordpress.com/2013/09/07/como-empaquetar-packet-tracer-exe-a-una -app-nativa-en-mac-os-x/
Any question or observation I am open to comments. Best regards.hi,
i have already followed all your instructions and after after many times, i was stuck at the same place.
i want to click the icon so that i can "install this software" but the dialog box opened and "Cisco Packet Tracer 6.0.1 can't be open"
i really hope you saw my message and please guide me on how to proceed.
thanks! -
Bug in packet tracer 5.3
Hi all.
I have a L3 switch in packet tracer. If i put the command "no ip routing" the switch can route.. Its a bug?¿¿?
I add a pkt file... If anyone ping from pc3 to , for example, pc1 ping works using the no ip routing command.
Regards.The "redistribute" command works for all IP routing protocol groups
The format of the command is documented here:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_pi/command/iri-cr-a1.html#GUID-9C67E447-FD2B-47E3-9A2C-334A41829A76
You have to identify the routing protocol (and AS, if applicable) that from which you intent to redistribute before adding any other arguments.
e.g.
redistribute rip (details)
redistribute eigrp 109 (details)
In your case, you omitted that and the command parser tried to interpret "metric" as if it were the name of a routing protocol.
"metric" is a valid argument (which is why the "help" works), but it needs to appear later in the multi-staged redistribute command.
Once could argue that Cisco should enhance the help to be more clever, but if you start with "redistribute ?" that step should be clear. -
Can't read load RSA public key with JDK 1.4.2_08?
We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.
This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.
This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?
The code that is failing on the client side is:
try {
encKey = new byte[this.publicKeyInputStream.available()];
this.publicKeyInputStream.read(encKey);
spec = new X509EncodedKeySpec(encKey);
keyFactory = KeyFactory.getInstance("RSA", "org.bouncycastle.jce.provide.BouncyCastleProvider");
myPublicKey = keyFactory.generatePublic(spec);
return myPublicKey;
catch (Exception e) {
e.printStackTrace();
}The stack trace that I'm getting includes ...
java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
at java.security.KeyFactory.generatePublic(Unknown Source)
at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
at org.opencoral.util.Encryption.<init>(SourceFile:119)
at org.opencoral.main.Coral.<init>(SourceFile:338)
at org.opencoral.main.Coral.main(SourceFile:1919)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.
Any thoughts or insights?
Thanks,
John ShottI'm facing the same Exception here,
With JDK 1.5 (SUNJce) i'm getting --
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.secu
rity.InvalidKeyException: Invalid RSA public key
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(Unknown Source)
With BouncyCastle i'm getting --
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.lang
.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(
JDKKeyFactory.java:345)
Any Solution? -
Question: Packet Tracer Use
Hello, sorry if this is the wrong place to send a message but couldn't find a suitable email address.
I am at current in full time education studying for a degree in Computer Networks, on the final year. For my dissertation, i have chosen to investigate routing protocols (eigrp, RIPv2, OSPF etc).
Up until July 2013, i was part of the networking academy studying for the CCENT and CCNA qualifications, and as such have a copy of packet tracer.
What i would like to know, is if it is acceptable for me to use Packet Tracer to develop the network(s) for my dissertation and aid me in describing, analysing and comparing the different options for routing protocols?
ThanksWhat i would like to know, is if it is acceptable for me to use Packet Tracer to develop the network(s) for my dissertation and aid me in describing, analysing and comparing the different options for routing protocols?
C'mon, give the newbie/noobie a break!
You have no idea how difficult it is to cut-and-paste someone else's answer and pass it to your faculty advisor as your own. The mere act of posting their school work question(s) on the forum is wrought with difficulty and danger. This means that the OP has to stop playing his console game, get someone (maybe an out-of-work nuclear physicist from Chernobyl) to write the opening thread above before getting his sorry azz off the couch to post this in the esteemed Cisco Support Forum.
And to Neale's question, the answer is YES.
And Neale, if you want a more detailed response (2500 words) that will guarantee you an A+, I am willing to share you my publication (written by me, of course) for a small fee of 250 Bitcoins. Please don't waste time as some of your classmates have already made contact. I've already provided them with a short essay (1500) which contains lines from Homer's The Eliad and translated in Rihannsu. (Don't worry, neither your classmates, faculty advisor nor your professor/instructor will know. They'll all come to the same conclusion that the phrase could be the new "buzz word".) -
Multihomed servers with IPv4 and IPv6
We have a set up where we have virtual servers with two NIC's. One NIC is connected to our corporate network and the other NIC is connected (via layer 2 over MPLS) to the customer network. The NIC on our network is only assigned an IPv6 address
and the NIC on the customer network is only assigned an IPv4 address from the customer DHCP server. The problem we are running into is when the server does an NSLOOKUP for a URL that is associated with a server located on our network (the server has
an IPv6 and IPv4 address and is publicly accessable to the internet) the traffic goes out the customer NIC then out their internet connection and back to our public facing load balancer. Our application that runs on the server needs to communicate with
a server at the customer site and then send that data to a server on our side. We believe this behavior is happening because the customer server is responding as an "Authoritative" DNS server. We are trying to avoid using the HOSTS file
if possible (when we use the HOSTS file and specify the FQDN with the IPv6 address our application works fine and goes out our NIC).
Any help would be appreciated
Thanks,Thanks for the idea Bruno, however we did try this already. I moved the adapter with IPv6 to the top of the binding order and rebooted the VM. However when I run NSLOOKUP it still goes out the adapter with IPv4 which is now second in the binding
order.
Side question. When I do an IPCONFIG /all what determines the order of listed adapters? I have changed the adapter names (so it isn't alphabetical), I have looked at the adapters in device manager and it isn't based on which one is #1 next to
it. And now I have changed the binding order and it still hasn't changed. The adapter with IPv4 is always listed first. Not sure if that means anything but just an observation.
Any other ideas?
Thanks,
Adam -
Etherchannel in switch multilayer packet tracer
Hi experts this is my first post,
I´m practicing with SW multilayer in packet tracer, I´ve created a port-channel between 2 multilayer switches with the next commands
channel-group 1 mode desirable
but when i´m trying to assign an ip to this port channel with the command "no switchport" I can not do it and I´m getting this:
Switch(config)#int port-channel 1
Switch(config-if)#no switchport
% Incomplete command.
and also I get this message:
Switch(config-if-range)#no switchport
Command rejected (Port-channel): Either port is L2 and port-channel is L3, or vice-versa
Command rejected (Port-channel): Either port is L2 and port-channel is L3, or vice-versa
So my question is, how can I assign an ip address to a port channel in a multilayer switch in packet tracer? is it possible to do that in PT?
Thanks in advance may be I´m doing something wrong.I just did this same setup in Packet Tracer 6.1.1 and it appears to work.
Default the configurations in each of your existing links, set the individual links as "no switchport" first, then place them into a port-channel, then enter into the port-channel interface and set the IP address.
interface Port-channel 1
no switchport
ip address 10.10.1.1 255.255.255.0
interface FastEthernet0/1
no switchport
channel-group 1 mode desirable
no ip address
duplex auto
speed auto
interface FastEthernet0/2
no switchport
channel-group 1 mode desirable
no ip address
duplex auto
speed auto
Hope that helps.
Maybe you are looking for
-
Audio incorrectly translated in XML from FCP7 to Premiere Pro
Hi, I'm sure others are dealing with this also, XMLs from FCP7 to Premiere 6.0.2 not translating audio levels correctly. I'm working on 10 episodes @ 30 min each and the rough cut of approx. 450 to 500 shots, all the audio is faded to -999db!?! Is th
-
Mac OS X Update 10.5.6 Installation's process stopped in about 8%
I have MacBook (intel) with Mac OS X 10.5.1 and i want to install the update. after download Mac OS X 10.5.6 Update Combo,I tried to install it. but the installation's process stopped in about 8%,it wasn't really stop, it said configuring Installatio
-
German version - gap between expiration of beta and availability
All, my beta 4.1 will expire on Feb 28th, but the German version will be available "most likely in March", as the Adobe website tells me. And in the meantime? Has anybody any information on how to proceed? Can I buy the English version and change the
-
Installing new software update causes crash of my ipdo
I just downloadeed the new sofware update. After installation I tunes wasn't abble to connect with my touch anymore. As I wantet to sett back the settings, its not able reset the ipod and always gets back to the page when asking for setting back the
-
Problem Installing Microsoft Works 4.0 c
My internal hard drive crashed (died) with all of my applications (programs) on it. I have successfully installed back all of my applications from the original program disks with the exception of Microsoft Works Vers. 4.0c. Works will not install the