Just had an interesting problem with a customer that seems a bit obscure, so I figured I would write it down to help someone else. All of the other solutions to this issue focus solely on there being a problem on the Windows side, which may not necessarily be the case.
Situation: customer is setting up a Windows 2008 R2 server in a VMware cluster, on a VLAN that is sitting behind a firewall. The firewall is is the gateway for the VLAN (say 192.168.34.1). When configuring the network interface on the server, picking ANY IP address in the 192.168.34.0/24 network results in the error message “Windows had detected an IP address conflict”. This happens even if there are no other devices on the VLAN aside from the firewall.
The issue? There was a static (identity) NAT entry in the Cisco ASA firewall for 192.168.34.0/24. By default, Cisco firewalls will proxy ARP for NAT entries.
- (8.3(1), 8.3(2), and 8.4(1)) The default behavior for identity NAT has proxy ARP disabled. You cannot configure this setting.
- (8.4(2) and later) The default behavior for identity NAT has proxy ARP enabled, matching other static NAT rules. You can disable proxy ARP if desired.
This is desirable behavior for a firewall on the edge of the network because the upstream router needs to know where to send traffic for NAT’ed hosts. For internal firewalls this can cause issues, especially with 8.4 code where you need to setup identity NAT to exempt devices from NAT.
The solution? Add “no-proxy-arp” to the end of your identity NAT statements:
nat (inside,outside) source static obj_Internal obj_Internal no-proxy-arp route-lookup
The other (less desirable) solution is to disable the ARP-checking functionality in Windows, but this means it won’t be able to detect a legitimate IP conflict. You can do this through a quick registry hack: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, create a DWORD named “ArpRetryCount” with a value of “0?.
I wanted to write a followup to my last post, My iPhone 5 Review. Now that I've had my hands on it for a few days and I've been able to put it through some various tests, I can update what I've already written.
First off, I'm on iPhone 5 number 2. My first one had some issues with the anodizing on the case having some scuffs and scratches out the box. I brought it back on Monday and luckily they had one in stock to trade out for me. Since then, I've have 3 days to play around with the new one, plus 2 days with the old one. So far, this is what I've seen (in addition to the first post).
- The battery life isn't as good as the 4S. I've got a femtocell that sits in my living room, a mere 15 feet from me, so you can't tell me that it's the battery life issues due to poor cell signal that other people have seen.
- Passbook, although I praised it in my last post, doesn't work worth a shit. Granted, I've only tried to use it at a few places, but none of them have worked. That may be an issue with Passsource.com, the site that I used to create the passbook cards, but either way, it still doesn't work well.
- The headphone jack being moved to the bottom kinda sucks because I use a dash mount for my phone. Nearly all dash mounts are going to cover the bottom headphone jack.
- iMessages is the greatest thing since sliced bread. I love the fact that I can send texts from my MacBook Pro or iPad and everything shows up on the phone too. If I send from my MBP, all the information shows up on the phone and the iPad, so I can continue a conversation regardless of what's in my hand. I've wanted this feature forever, and it is easily the one I use most (This is an iOS 6 Feature).
- The panoramic pictures can get a bit wonky if you don't have a steady hand.
- Apple Maps sucks. I've used the turn-by-turn directions a few times and every single time, the route was different than the TomTom that was next to it. I find this weird because TomTom provided the data for it. One time, it tried to send me somewhere that wasn't even close to my actual destination.
- The cable. Yes, I know I said I was a fan of the new doc connector, but it has come out that Apple has installed a verification chip in the new cables, so you won't be able to buy cheep cables anymore. This sucks because I've already sold 100 of them on eBay and I've had to process 10 returns already. Those will charge, but won't move any data. Also, the USB side of the cable (on the OEM ones) has a tendency to get in the USB port. They are VERY tight and could take some force to remove.
- There's a bit of chromatic aberration in the camera that causes pictures to have a purple tint to them. This is actually quite normal in small cameras and isn't extremely noticeable until you load it into Photoshop and look at the color levels.
That's pretty much all my complaints about it. Also, if you're looking into getting one, you'll find the prices that different places are paying for trade-ins below. Amazon is by far the best bet for guaranteed money. That's who I'm using!
(Jump to the tl;dr if you don't want to read the back story)
Today I got the new iPhone 5. I've been using the 4S for a little less than a year, and the 4S was the first iPhone that I had that actually made calls (the other ones were all programming platforms). I guess that's the price you pay when you're on Sprint. Before the 4S was an HTC EVO 4G and prior to that, a Treo Pro along with a Blackberry back before that. So I've had experience with iOS, Android, Windows Mobile, and Blackberry OS.
I decided to get the phone because I had an upgrade credit and I figured that despite the change in dock connector, I might as well get it over with now because Apple is going to be moving to Lightning on everything going forward. I'm going to have to do it sooner or later, might as well be sooner. I ordered my wife's 16GB on the first day of pre-orders and it arrived Friday afternoon. After toying with it for all of 30 seconds, I decided I needed to get one myself. After calling all over the place yesterday (launch day) and not finding a 64GB Black Sprint phone (quite a few places had white left), the Apple Store informed me they were getting a shipment in this morning. I showed up at 10am when they opened. Since I had already toyed with the phone yesterday, I had an idea of what it could do. My 4S was running iOS 6 already, so I had seen quite a few of the features available already.
I like the fact that it's longer. You really start to notice it after a while and you miss it when you're using apps that haven't been updated yet and are running in letterbox with the black bars on top and bottom. You don't really notice the bars because the black is good enough that it blends in.
Although I bitched and moaned about them changing the doc connecter and not making it any faster (USB 3 anyone?), I kinda like it. I thought it was going to be bigger... maybe the size of a standard USB in width, but it's only about half that. The reversible design is awesome too. The price of spare USB cables sucks.
It's weird to have an extra row of apps on the screen. You're so used to seeing 4 rows plus the bottom that 5 seems alien.
Speed: It's not faster. You may think it's faster, it may feel faster, but I had the 5 and 4S side-by-side and ran some tests. Opening apps, playing music, surfing the net... It's not any faster. Granted, if you're on LTE, your surfing will be faster than 3G, but the apps open at the same speed. That being said, it feels faster for some reason. I'm going to go with placebo effect.
It's lighter. You notice it. I put mine in an Otterbox before I left the mall, seeing as I dropped the phone before I ever made it out of the Apple store, but I hated it so it's out.
Roundest corners yet!
We're going to have to see what battery life is like. I've been dicking with it all day and the battery is at 50% still. Not bad.
That's about it. The new apps and features are pretty cool. I like Passbook because I hate carrying all those cards with me. You can create your own Passbook cards by going to Passsource.com and using their templates. I've got tons of them already, but the CVS card didn't work. They know about it and are looking for a fix.
All in all, it's your typical new Apple phone. Small, incremental changes from the last one, same outrageous price. If you get one, everyone's going to tell you how much better the Samsung Galaxy S3 is and how Android kicks Apple's ass, but they would have said that no matter what Apple did. I really wish they would have implemented NFC and went to Micro USB, but other than that, I'm happy with it.
I recently signed up for the Square service to accept credit cards on my iPhone. They have two different ways of charging fees: 2.75% per transaction when you swipe the card using their reader or 3.5% + %0.15 per transaction if you enter the card number manually. Since I've already written mobile fee calculators for both PayPal and Etsy, I decided to use the same code and make one for Square. All 3 are designed to fit perfectly on an iPhone screen and since they are very lightweight, they run pretty quick. If you use any of these services, these calculators will come in very handy!
Recently I've run into two clients that were issues with the Cisco 2960G and 2960S switches. Both clients are using PoE versions of the switch for VoIP applications. They were noticing jitter, packet loss and poor call quality, even though QoS is configured on the switch. After a lot of troubleshooting on the voice side of the house, they came to me to see if I could find anything going on. In digging around in the first customer's network, I noticed that the CLI was pretty slow and did a quick "show processes cpu" and saw that the cpu utilization was around 80%. By sorting the processes, I saw that the Hulc LED process was taking up about 15%. A quick search of the Cisco Bug Toolkit brought up Bug ID CSCtg86211 (you need a CCO account to view), even though that's not 100% correct. It's the only one that explained what's going on.
I had the client open a TAC case and TAC wanted to fight with the client, telling them that the high CPU shouldn't have any effect on the switch performance (really!). I suggested that the client upgrade the switches to the latest version of IOS and once that was done, all the voice quality issues disappeared. Total CPU utilization dropped to below 20%, calls cleared up, everything was beautiful.
Last week, I got an email from one of our project managers asking if I could look into an issue that another client was having. If I hadn't known that this was a different client, I would have thought that she had cut and pasted the exact problems that the first client was having. When I found out that they were using 2960's, I immediately thought of this and sent the client a copy of thev bug report and told him to open a TAC case. This is the email I received from him:
I tested the CPU Utilization on all of our Cisco 2960Ss and they ranged between 68-99%. I have a test switch on the bench with nothing connected and it was running at 75%. I updated it with the new code and it dropped to the 20-35 % range. I am going to update some additional switches before I call Cisco. The first question they will probably ask is are you running the latest code.
He's right... Cisco will be wanting to know that. I know that once the new IOS is on the switch, it'll solve his problems. I just wanted to put this out there so you guys don't have to do all the searching that I did when/if you run across the same issues on your end.
I'm just getting on the Xbox 360 bandwagon here, so forgive this post being "late" for most people. But, if you're like me and you're just getting your console, you may have noticed that not everything is going to work properly. To fix this is real simple, and it just following the instructions I posted a while back for port forwarding on 8.3. You'll need to start this off by giving your Xbox 360 a static IP address. This can be done under settings. You'll also need the 3 ports that you're going to have to forward. That's tcp:3074, udp:3074 and udp:88.
Step 1: Create a new object group for your Xbox 360.
asa5505(config)# object network xbox
Step 2: Add the static IP of the Xbox to the network group.
asa5505(config-network-object)# host 10.11.12.13
Step 3: Forward the ports via the NAT command.
asa5505(config-network-object)# nat (inside,outside) static interface service tcp 3074 3074 asa5505(config-network-object)# nat (inside,outside) static interface service udp 3074 3074 asa5505(config-network-object)# nat (inside,outside) static interface service udp 88 88
Step 4: Exit back to the root and add the access lists
asa5505(config)# access-list outside_access_in extended permit tcp any object xbox eq 3074 asa5505(config)# access-list outside_access_in extended permit udp any object xbox eq 3074 asa5505(config)# access-list outside_access_in extended permit udp any object xbox eq 88
That's it! If need to know exactly what's going on here, please check my previous post on port forwarding. If you do your work through the ASDM, just use my post on port forwarding via the ASDM and make the necessary changes to ports, IP addresses and names. Now you just need to go to your Xbox 360 and retest the connection. You'll see that no longer does it say that you are using restricted NAT! Also, if you're having issues with voice over Xbox Live, this should solve those problems.
After further review, I realize that I'm an idiot. You can't add more than one NAT statement to a network object. Create 3 seperate objects (I called them xbox1, xbox2 and xbox3) and add one NAT statement per object. Once you do that, adjust the ACL accordingly.
I think I'll have a little departure from my regular how-to's today. As you can see from the title of this post, I'm preparing to take my JNCIA-EX, or Juniper Networks Certified Internet Associate - Enterprise Switching. I'm sure you all know that I'm a born and bread Cisco kid. Hell, www.ciscokid.net actually points to this site! But I've been spending a lot of time working on Juniper gear lately and it's in my best interest to get some Juniper certs under my belt. Part of my preparation has been trying to stay out of my Cisco lab for a little while. I find that when I spend a lot of time playing with the Cisco gear, I instinctively try to use Cisco commands in a Juniper environment. So, if I don't get into the Cisco stuff for a little while, I'll train myself to think like a Juniper engineer!
Juniper has been a real pain in my ass lately. I absolutely love their hardware. It's some of the fastest gear I've ever worked on and I've never seen the kind of speed to the desktop on Cisco as I have seen on Juniper. It's just that I've spent so much of my career working on one thing that being thrown into something else is not fun. I thought it would be at first; learning something new would give me a challenge and be interesting. Well, it's hasn't been such a great honeymoon phase. The environment I'm working has some issues, and that's about all I'm going to say about it. I'll be going to Herndon, VA for a week to get the training I need to try to solve some of these issues, not to mention another week to attend a data center design class, and I hope that this training will bring me to the level that I can help these people.
I really wish I could speak my mind here and tell you guys about the problems I'm seeing and maybe get some ideas from my readers on how to fix some of this stuff, but I can't. I can't let out any info on the network and I won't talk good or bad about any particular hardware in public. Maybe one day I'll be able to put up a big post with a Visio to see if any of you guys can solve a problem. Hell, I just may create something and give away a prize to the first person to get the correct answer. If anyone has an idea, be sure to let me know!
I got off my ass tonight and decided to update the ASA (yes, my licensing is correct!). I haven't had a chance to play with it a while lot (you can see it's only been up for 3 and a half hours), but it seems pretty cool. I sat down and read the release notes for 8.3(2) and there's a few things you should know. First off, you're going to need more memory. Well, if you look at mine, you can see I've maxed out what the thing will accept, so I'm perfectly safe; but chances are, you're not. Cisco has a nice table to let you know what your memory needs are. In fact, if you head over to this web page, you check out the release notes for both 8.3(1) and 8.3(2). You'll see the new features as well as caveats fixed with these versions. Now that I have informed all you guys about the upgrade, I'm going to start playing with it for a little bit before the sun comes up and kills me. Dammit! It's already 1am!