eXPlosionas

Members
  • Content count

    70
  • Joined

  • Last visited

Community Reputation

-1 Poor

About eXPlosionas

  • Rank
    Member

Profile Information

  • Location
    Lithuania
  1. I have more examples about same arp problem here is the basic scheme (our) Switch --- (client) Router (ip xxx.xxx.56.159, gateway xxx.xxx.56.190) --- (client) PC (ip 192.168.0.101, gateway 192.168.0.1) examples from switch logg Mar 25 23:26:43.227 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:43 GMT Thu Mar 25 2015]) Mar 25 23:26:44.234 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:43 GMT Thu Mar 25 2015]) Mar 25 23:26:45.240 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:44 GMT Thu Mar 25 2015]) Mar 25 23:33:52.508 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([344d.f73e.xxxx/192.168.0.103/0000.0000.0000/192.168.0.1/23:33:51 GMT Thu Mar 25 2015]) The last line is clear. Computer was connected to router. got 192.168.0.103 ip adress and 192.168.0.1 gateway (clients router), and then clients' cable was plugged into lan port on router not into wan, and that's why switch logged invalid arp request. But first three lines are not clear. How did computer got private ip address from clients' router and also default gateway xxx.xxx.56.190, that is gateway of the router. The router somehow tols pc tu use gateway xxx.xxx.56.190 ant then main cable between switch and router also was plugged into routers lan port?
  2. in 3 years i have to take second exam and after another 3 years third?
  3. I have a simmilar question. When you first do one of CCNP exams, how much time do you have to pass other two, until that first becomes invalid?
  4. Yes, but that doesn't answer my questions
  5. Let's say there is a client router connected on switch port G1/0/6. But command on switch "show mac address table int G1/0/6" shows nothing. Also command "sh ip dhcp snooping binding int G1/0/6" also shows nothing. So i do not see routers mac or ip adress on that port. Then i run the command "no ip verify source port-security" and i see routers mac with "sh mac address table" command but do not see routers ip with "dhcp snooping". Then in the loggs appears folowing lines: Aug 1 07:08:18.434 EEST: %SW_DAI-4-INVALID_ARP: 1 Invalid ARPs (Req) on Gi1/0/6 , vlan 376.([0024.a534.55f3/192.168.0.100/001b.0dff.5e00/192.168.0.1/07:08:18 It seems like router got private ip address from rogue dhcp which is on the same vlan. The question then is why "ip dhcp snooping binding" doesn't show this private ip address 192.168.0.100. Because it is not in the dhcp snooping database switch doesn't accept packets from this router (because of ip verify source port-security command) and that's why routers mac address isn't also in mac adddress table before i used command "no ip verify source port-security". Am i right?
  6. What about this case: RT2 advertises the route to 192.168.20.0/24 to RT1 with an origin of IGP, as the BGP route is originated within the AS – RT5 redistributes the static route into OSPF and advertises it to RT2. Static route is redistributed into OSPF (IGP), and BGP works on top of that, so it's i? But doesn't the route originated on router RT6?
  7. So it seems like Origin is routers perspective on how it's neighboor (that sent route to my router) got that route (from E, I or incomplete).
  8. Any ideas?
  9. If i remove lease from process i see DISCOVER and OFFER three times. Is this reallocation process? How does client know if server's lease for that client is still valid. Client still should broadcast REQUEST. This logg is from one client. (MikroTik) maybe was other computer, but from Feb 6 17:38:16 with (Teex-PC) which has the same mac as Microtik, the DHCP whole process doesn't make sense to me.
  10. Feb 6 17:19:09 src@dhcp2 dhcpd: DHCPREQUEST for x.240.25.74 from d4:ca:6d:eb:d0:x (MikroTik) via x.240.9.190 Feb 6 17:19:09 src@dhcp2 dhcpd: DHCPACK on x.240.25.74 to d4:ca:6d:eb:d0:x (MikroTik) via x.240.9.190 Feb 6 17:38:16 src@dhcp2 dhcpd: Lease for x.240.25.74 , is connected to interface 1/11 , VLAN 110 , on switch 0:1e:79:1b:73:x , client MAC d4:ca0 Feb 6 17:38:16 src@dhcp2 dhcpd: DHCPDISCOVER from x:ca:6d:eb:d0:ae via x.240.9.190 Feb 6 17:38:16 src@dhcp2 dhcpd: DHCPOFFER on x.240.25.74 to d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Feb 6 17:38:30 src@dhcp2 dhcpd: Lease for x.240.25.74 , is connected to interface 1/11 , VLAN 110 , on switch 0:1e:79:1b:73:x , client MAC d4:ca0 Feb 6 17:38:30 src@dhcp2 dhcpd: DHCPDISCOVER from d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Feb 6 17:38:30 src@dhcp2 dhcpd: DHCPOFFER on x.240.25.74 to d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Feb 6 17:42:37 src@dhcp2 dhcpd: Lease for x.240.25.74 , is connected to interface 1/11 , VLAN 110 , on switch 0:1e:79:1b:73:x , client MAC d4:ca0 Feb 6 17:42:37 src@dhcp2 dhcpd: DHCPDISCOVER from d4:ca:6d:eb:d0:x via x.240.9.190 Feb 6 17:42:37 src@dhcp2 dhcpd: DHCPOFFER on x.240.25.74 to d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Feb 6 17:42:39 src@dhcp2 dhcpd: Lease for x.240.25.74 , is connected to interface 1/11 , VLAN 110 , on switch 0:1e:79:1b:73:x , client MAC d4:ca0 Feb 6 17:42:39 src@dhcp2 dhcpd: DHCPREQUEST for x.240.25.74 (x.240.1.25) from d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Feb 6 17:42:39 src@dhcp2 dhcpd: DHCPACK on x.240.25.74 to d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Feb 6 17:42:42 src@dhcp2 dhcpd: DHCPACK to x.240.25.74 (d4:ca:6d:eb:d0:x) via eth0 Feb 6 17:42:45 src@dhcp2 dhcpd: DHCPACK to x.240.25.74 (d4:ca:6d:eb:d0:x) via eth0 Feb 6 17:58:39 src@dhcp2 dhcpd: Lease for x.240.25.74 , is connected to interface 1/11 , VLAN 110 , on switch 0:1e:79:1b:73:x , client MAC d4:ca0 Feb 6 17:58:39 src@dhcp2 dhcpd: DHCPREQUEST for x.240.25.74 from d4:ca:6d:eb:d0:x via x.240.9.190 Feb 6 17:58:39 src@dhcp2 dhcpd: DHCPACK on x.240.25.74 to d4:ca:6d:eb:d0:x (Teex-PC) via x.240.9.190 Here is the log from dhcp server. Can anyone explain how can IP adress be leased without request message? at time 17:38:16 as you can see there is discover, offer and lease only. Also why 3 ACK are being sent? is this a bug or something?
  11. I have Cisco VPN client 5.0.07.0440 and using windows 8. I want to authenticate to VPN server with aladdin etoken, but getting error in logs: 20 19:54:09.850 02/16/13 Sev=Warning/2 CERT/0xA3600009 Could not load certificate e=/deleted here/= from store Microsoft User Certificate. Reason: store empty 21 19:54:09.850 02/16/13 Sev=Warning/2 CERT/0xA3600004 If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again. 22 19:54:09.850 02/16/13 Sev=Warning/2 IKE/0xE3000008 Unable to open certificate (e=deleted here). If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again. Anyone had similar issue? Btw Found this on google: Try exporting the cert from your user store, with private key, and import it to your Local Machine store. I cannot export cert with private key because private key is not exportable from my Console root \certificates - current user\ personal\ certificates
  12. "Traffic from an Uplink port to an isolated port will be permitted if it is in the primary VLAN" How can isolated port be in primary VLAN? I don't clearly understand difference between let's say isolated VLAN and isolated port.
  13. Ok, here is from wikipedia: " Any switch ports associated with a common community VLAN can communicate with each other and with the primary VLAN but not with any other secondary VLAN." Do they mean local traffic? What about routing between two community VLANs. Also the last sentence confused me: "Traffic from an Uplink port to an Isolated port will be denied if it is in the Isolated VLAN. Traffic from an Uplink port to an isolated port will be permitted if it is in the primary VLAN." How can isolated port be in primary VLAN? I thought isolated port is in isolated VLAN. Also confuses me isolated and comunity ports and VLANs. Isn't it the same?
  14. I do not clearly understand how routing between two community vlans works as vlans belong to the same subnet, computer will not send arp broadcast looking for gateway's (router's) mac. It will be looking for computer's mac in another community vlan. How does router knows when to reply? Here is from some blog: "When we split VLAN using PVLANs, hosts in different PVLANs still belong to the same IP subnet, but they need to use router (another L3 device) to talk to each other (for example, by means of local Proxy ARP)." Proxy ARP is when router knows how to get to another network and then responds to computer with it's mac. In PVLANS case it's local subnet. So i don't understand
  15. I actually changed from not defined to 0 all requirements and it worked.