Hi Pierre, > > > Ping first generates an ARP (broadcast) packet... long story short, > > > sounds like the VLAN is expiring the "this MAC address is on that > > > port" entry in its table, then failing to "flood" packets for which > > > there is no such entry (bug in VLAN)... your network _guru_ should > > > be able to take it from here... > > > > This seems plausible but it seems like it should give the same results > > in Win2K. Or maybe there's something else that MS is doing to preserve > > the ARP cache entry that Linux isn't? > > Actually, I was refering to the network itself... think of a VLAN as a > bridge/switch... each port keeps tabs on which computer(s) (MAC > address(es)) is/are attached -- for a period of time. If the network > expires the cache identifying which ports the W2K and server are > connected to, then any subsequent packet in one/both directions can't be > delivered to a specific port since the destination port is no longer > known... in this case, the network device should flood any unicast > packets (as though they were broadcast) to all ports in the hope that > the target host gets the packet and responds -- the initial [flooded] > packet should refresh the network device's cache for one end and if the > target responds, refresh the cache for the other end/direction... > > If either end host expires its ARP cache, it should re-ARP for the > destination... If the network device does not flood unicast packets > after expiring a cache entry; I'd consider that a bug... since VLANs > are the equivalent of a single subnet, no routers/gateways are involved > -- except to create a VLAN over a routed network -- smoke and mirrors... > :^) > > > By the way, I had originally claimed that I wasn't running any > > firewalls or packet filtering software. I should clarify that by > > saying that I don't have either of the iptables or ipchains rpm's > > installed and don't see anything else firewall-ish running in any of > > my services config files. There is still, of course, msec which is > > currently set to it's lowest level of security. My impression was that > > it didn't handle firewall duty, at least not at its lowest level. > > True? > > msec may control security; but it does not control/limit any packet > flows... if iptables/ipchains are not running, then packets should just > flow... > > While the connection is OK, try "arp -a" (don't know the W2K equiv.) and > make sure the other host is in the table; when it fails, recheck... if > the other host's MAC is still there (both ends), then the network is > likely at fault. Could be a VLAN misconfiguration...
Okay, so from my dhcp laptop I ran "arp -a" (yep, it's the same under Win2K) while I had an active happy connection to mybox and it lists mybox by its IP and MAC. Likewise mybox lists my laptop in its arp output. Five or six minutes the ssh connection has died and arp no longer lists mybox. mybox, on the other hand, still has the entry in its listing which is consistent at least since it never has any trouble ping'ing the laptop. Seems like this doesn't quite fit the pattern but is it still a sign of a misconfigured VLAN or something else? cheers, ::mark
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
