Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About jneiberger
Stats
Member since
11-09-2004
279
Posts
12
Helpful
2
Solutions
Created by
jneiberger
in Server Networking
in Server Networking
06-27-2013
08:42 AM
06-27-2013
08:42 AM
Thanks! That's very helpful information. I'll have the server owners check into that setting. I suspect we'll probably just disable LLDP since we don't really need it on any of these interfaces. I appreciate the help!
... View more
Created by
jneiberger
in Server Networking
in Server Networking
06-27-2013
08:16 AM
06-27-2013
08:16 AM
Isn't a CNA for FC or FCoE? Can they do regular Ethernet, too? I thought that a CNA was only for FC or FCoE. I verified that we're not doing FC or FCoE on these Nexus switches. I'll have the server owners check into it. Thanks!
... View more
Created by
jneiberger
in Server Networking
in Server Networking
06-27-2013
07:34 AM
06-27-2013
07:34 AM
I'm super new to Nexus, so I'm not really sure how to troubleshoot this. I did a quick search and found that this is related to DCBX TLVs in LLDP, which we apparently shouldn't be getting on a regular ethernet port. I'm pretty sure this is just a regular ethernet port. (Like I said, I'm pretty new to nexus. lol) I wonder if the following output indicates that we are receiving and sending DCBX TLVs in LLDP. If so, it sounds like the interface will go into err-disable state if the server stops sending ACK frames. # show lldp dcbx int e1/17 Local DCBXP Control information: Operation version: 00 Max version: 00 Seq no: 1 Ack no: 1 Type/ Subtype Version En/Will/Adv Config 004/000 000 Y/N/Y 8906001b21 08 002/000 000 Y/N/Y 0000000064 00000000 00000001 Peer's DCBXP Control information: Operation version: 00 Max version: 00 Seq no: 1 Ack no: 1 Type/ Max/Oper Subtype Version En/Will/Err Config 004/000 000/000 Y/Y/N 8906001b21 08 003/000 000/000 Y/Y/Y ff08 002/000 000/000 Y/Y/N ffffffff00 00000000 00000008 This is the first time we've run into this. Any idea what might really be going on? Thanks!
... View more
Labels:
Created by
jneiberger
in Other Security Subjects
in Other Security Subjects
06-18-2012
05:31 PM
06-18-2012
05:31 PM
Well, i guess for the sake of posterity and anyone who stumbles across this, it was ZoneAlarm. It was blocking it but not logging that it was blocking it. I uninstalled ZA and now my VPN client works just fine.
... View more
Created by
jneiberger
in Other Security Subjects
in Other Security Subjects
06-18-2012
06:49 AM
06-18-2012
06:49 AM
I'm starting to think it's my software firewall. I just installed it a few days ago. I'm wondering now if there is an incompatibility with ZA and the Cisco VPN Client. I'll uninstall it tonight and see if that fixes the problem.
... View more
Created by
jneiberger
in Other Security Subjects
in Other Security Subjects
06-17-2012
09:41 PM
06-17-2012
09:41 PM
I'm running the latest v5 of the client on Vista 64-bit. It's been working for weeks and suddenly quit working. I don't see any errors in the logs. The only thing I notice in the statistics is that there are zero packets decrypted or encrypted. I'm able to connect and authenticate to the VPN, but no traffic passes at all. I've completely uninstalled and reinstalled to no avail. I'm running ZoneAlarm firewall, which is new for me, and it is specifically allowing the VPN client. There does not appear to be any blocked traffic in the firewall logs. Any idea what to do? I'm at a loss.
... View more
Labels:
07-13-2009
06:55 AM
No, that wouldn't work. I'd have to create a static ARP entry for every device requiring internet access. I'm beginning to think this isn't the problem, anyway. It doesn't look to me like we have any sort of ARP spoofing protection turned on.
... View more
07-13-2009
06:45 AM
The more I look into this, the more I think we don't even have that feature enabled. But it's the only thing that makes sense. If that's not the problem, I have no idea what is. I'm really starting to think this has nothing to do with any sort of ARP spoofing protection.
... View more
07-13-2009
06:33 AM
I'm not sure how that applies to what I'm talking about. Proxy ARP is when the ASA responds to an ARP request with its own MAC address even when it doesn't own it. That shouldn't be happening in our configuration anyway. The problem appears to be that the ASA is populating its ARP cache with the real MAC addresses of these devices. Then this other box (a sort-of brouter) passes traffic through it with the source IPs of our other network devices but with its own MAC address. It seems like the ASA thinks this is an ARP spoofing attack and is stopping the traffic. We're going to do some more testing this morning, but I still can't figure out how to disable that behavior.
... View more
07-12-2009
09:59 AM
We have an ASA and need to find a way to disable ARP security on the inside interface. We are going to put a device in front of it that is a sort of nearly-transparent proxy, but it unfortunately rewrites packets that travel through it with its own MAC address. The ASA seems to not like this very much at all. Is there a way to disable that function? I have no idea what the command would be. The only thing I found related to this was ARP inspection, but that didn't seem to have anything to do with the dynamic ARP cache. It seemed to only be relevant when you have static ARP entries. Regardless, it doesn't look like we have that turned on, anyway. Any thoughts?
... View more
Labels:
01-17-2009
06:55 AM
That looks like it might be exactly what we're looking for. These laptops would be in one of two possible networks. We could put both of those networks in the client config. This is still fraught with peril because the laptop will detect two available networks when it is in wifi range. The Sprint card will still be active at that point, so we need to find a way to force the VPN to use the wifi link if it's available. This is all kind of tricky. We're trying to replace an old, slow and complicated system with a fresher approach.
... View more
01-16-2009
08:04 AM
I'm only lightly familiar with the ASA, so I don't know if this is even possible. Here's what we'd like to do: We have some mobile laptops with Sprint cards as well as wifi cards. These laptops would have a Cisco VPN client installed. We want them to be able to use the VPN when their in Sprint coverage areas, but they also need to be able to use it when they pull into certain wifi hotspots we have created for them throughout our city. Their IP address will change when the switch networks, so I'm sure that would break the VPN. One option is to have the user disconnect and reconnect every time they move in and out of these zones, but we'd rather find a way for it to happen dynamically. These are emergency service workers and they have enough on their minds without having to deal with our VPN issues. We want to make it transparent to them, if possible. Is there a way to make the tunnel dynamically reconnect every time the laptop grabs a new IP address?
... View more
Labels:
12-19-2008
01:26 PM
I should also mention that the other person I saw with this problem (in Russia) was seeing the exact same MAC address. Very strange!
... View more
12-19-2008
01:10 PM
Thanks for the ideas, but I'm just not sure what would cause a MAC address like e8be.5bd3.5558. That's a pretty strange MAC address. Until this started happening, I had never seen one that started with anything like e8be. It doesn't appear to be happening very often. I've only seen it twice and I've only found out one instance where I know it happened to someone else. I'd sure love to get to the bottom of it, though.
... View more
12-19-2008
11:16 AM
This is a weird one and it's happened twice in the past couple of months. We have port security active on our switches and twice we've seen it get tripped by an invalid MAC address like e8be.5bd3.5558. It's as if the machines that are connected to it temporarily switch to a different MAC address, which I've never heard of. If I recall correctly, the first time it happened was with a printer, but I'm not 100% sure. Last night it happened again with a workstation. I did find someone else on a different forum who had experienced it but they did not know the cause. Any ideas? thanks, John
... View more
Labels:
Created by
jneiberger
in Server Networking
06-27-2013
06-27-2013
Thanks! That's very helpful information. I'll have the server owners
check into that setting. I susp...
Created by
jneiberger
in Server Networking
06-27-2013
06-27-2013
Isn't a CNA for FC or FCoE? Can they do regular Ethernet, too? I thought
that a CNA was only for FC ...
Created by
jneiberger
in Server Networking
06-27-2013
06-27-2013
I'm super new to Nexus, so I'm not really sure how to troubleshoot this.
I did a quick search and fo...
Created by
jneiberger
in Other Security Subjects
06-18-2012
06-18-2012
Well, i guess for the sake of posterity and anyone who stumbles across
this, it was ZoneAlarm. It wa...
Created by
jneiberger
in Other Security Subjects
06-18-2012
06-18-2012
I'm starting to think it's my software firewall. I just installed it a
few days ago. I'm wondering n...
Created by
jneiberger
in Other Security Subjects
06-17-2012
06-17-2012
I'm running the latest v5 of the client on Vista 64-bit. It's been
working for weeks and suddenly qu...
07-13-2009
No, that wouldn't work. I'd have to create a static ARP entry for every
device requiring internet ac...
07-13-2009
The more I look into this, the more I think we don't even have that
feature enabled. But it's the on...
07-13-2009
I'm not sure how that applies to what I'm talking about. Proxy ARP is
when the ASA responds to an AR...
07-12-2009
We have an ASA and need to find a way to disable ARP security on the
inside interface. We are going ...
01-17-2009
That looks like it might be exactly what we're looking for. These
laptops would be in one of two pos...
01-16-2009
I'm only lightly familiar with the ASA, so I don't know if this is even
possible. Here's what we'd l...
12-19-2008
I should also mention that the other person I saw with this problem (in
Russia) was seeing the exact...
12-19-2008
Thanks for the ideas, but I'm just not sure what would cause a MAC
address like e8be.5bd3.5558. That...
Public Statistics
| Date Registered | 11-09-2004 03:36 PM |
| Date Last Visited | 08-18-2017 04:03 AM |
| Total Messages Posted | 279 |
| Total Helpful Votes Received | 12 |
