Re: [FW-1] Nokia trouble

Thu, 30 Jun 2005 06:52:04 -0700 

hi,
if someone else is answering arp-requests to the IP or your default-gw you will always have a problem. nokia can't do anything about that. 


maybe you can hardcode the IP of your default-gw (vrrp) on your switch 
somehow, so that any other client with that IP is droped.


cheers
reinhard

At 14:19 30.06.2005, you wrote:

Hi,

I am currently seeing situations where a duplicate IP address (a client in 
my lan duplicating VRRP
address) forces a pair of 380s (IPSO 3.7.1) to stop working. At this time 
both Nokia suffer from a
high CPU load, they are not reachable with SSH, HTTPs, they respond to 
pings in only 10 %. CP
Smart View Status show that on the side of FW-1 everything is fine. VRRP 
is fine but they do not

route any traffic anymore.
When I log on to the console I see lots of messages:

[LOG_CRIT] kernel: plicate IP address 10.49.136.1! sent from mac address: 
00:50:56:8a:1e:b3
[LOG_ERR] kernel: duplicate IP address 10.49.136.1! sent from mac address: 
00:50:56:8a:1e:b3

In the messages file I also see
[LOG_CRIT] kernel: FW-1: Log buffer is full
[LOG_CRIT] kernel: FW-1: fw_asm_send_log: fwloghandle_send_log failed

As soon as the duplicate IP has gone everything is fine again - I can 
reach them again, they work

as expected and cpu load is reasonable.

I searched Nokia KB for a way to prevent this and found Res 1693, but this 
does not match my case.

Has anybody an idea how I can prevent the Nokia from this behaviour?
Steffen





___________________________________________________________

Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier 
anmelden: http://mail.yahoo.de


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


--
Reinhard Stich  ASSIST  [EMAIL PROTECTED]
Internet Security AG,      1150 Wien, Johnstrasse 29

Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================






















					Reply via email to