thenetwraith
MIS
Hello:
I have a strange issue.. I have used PIX for a while now, but, never more than a couple on any single network. This network I am working on now has six... and I am staring to track this issue. Below are 4 'show version' from different PIX boxes. All show some similar and matching MAC addresses. I have seen one MAC used as a hostid (i.e. SUN), but, I have not seen this behavior from PIX'en... (until now).
I did a little snipping in the config to clean it up and delete unique numbers.. (Confirmed:: All PIX have differing serial numbers and keys!). Note that the MAC :: 00b4.0080.d29c shows up in all four boxes.
Now.. the PIX'en are one each on the 3 Internet connections, one for main internal translations (They have a legacy lan -- STILL!) and one for an internal connection to the next door neighbor company.. The 3 Internet boxes ate 6.3(5), the main internal is 5.1(5) and the inter-company is 5.0(3).. They are all connected to Cisco switches, either 5500 or 2926(68040 base/5000 software). The switch versions are relatively current. There are no virtual interfaces used on any of the PIX interfaces. Currently, there are no virtual interfaces on any of the routers (all Cisco -- 2514's, & 4500M+).. Some are planned, but, not even started.. but, there is HSRP & spanning tree running (about a dozen VLANS)...
I am hoping this behavior has something to do with the fact that HSRP/Spanning tree is running, but, am unsure. As I said, I have never seen it.. First time is always a b*$@#! .. At any rate, a few searches at Cisco have yielded a possible fix, (ARP ALIAS), but, no diagnostic as to why it is occurring in the first place...
Anyone have any ideas ???
Reply-to: netwraith@pcrd.net
thenetwraith (There is a picture here, but, you just can't see it!)
I have a strange issue.. I have used PIX for a while now, but, never more than a couple on any single network. This network I am working on now has six... and I am staring to track this issue. Below are 4 'show version' from different PIX boxes. All show some similar and matching MAC addresses. I have seen one MAC used as a hostid (i.e. SUN), but, I have not seen this behavior from PIX'en... (until now).
I did a little snipping in the config to clean it up and delete unique numbers.. (Confirmed:: All PIX have differing serial numbers and keys!). Note that the MAC :: 00b4.0080.d29c shows up in all four boxes.
Now.. the PIX'en are one each on the 3 Internet connections, one for main internal translations (They have a legacy lan -- STILL!) and one for an internal connection to the next door neighbor company.. The 3 Internet boxes ate 6.3(5), the main internal is 5.1(5) and the inter-company is 5.0(3).. They are all connected to Cisco switches, either 5500 or 2926(68040 base/5000 software). The switch versions are relatively current. There are no virtual interfaces used on any of the PIX interfaces. Currently, there are no virtual interfaces on any of the routers (all Cisco -- 2514's, & 4500M+).. Some are planned, but, not even started.. but, there is HSRP & spanning tree running (about a dozen VLANS)...
I am hoping this behavior has something to do with the fact that HSRP/Spanning tree is running, but, am unsure. As I said, I have never seen it.. First time is always a b*$@#! .. At any rate, a few searches at Cisco have yielded a possible fix, (ARP ALIAS), but, no diagnostic as to why it is occurring in the first place...
Anyone have any ideas ???
Code:
pix-MAIN> sho version
Cisco Secure PIX Firewall Version 5.1(5)
Compiled on Fri 22-Jun-01 20:15 by morlee
Finesse Bios V3.3
pix-MAIN up 2 days 23 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 599 MHz
Flash AT29C040A @ 0x300, 2MB
BIOS Flash AM28F256 @ 0xfffd8000, 32KB
0: ethernet0: address is 00b4.0080.d29c, irq 11
1: ethernet1: address is 00b4.0080.d29c, irq 5
2: ethernet2: address is 00a4.0080.d29c, irq 10
3: ethernet3: address is 00a4.0080.d29c, irq 9
Licensed connections: 65536
Serial Number: <deleted>
Activation Key: <deleted>
pix-MAIN>
------------------------------------------------------------------------------
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
snet-t1-pix up 8 mins 4 secs
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 499 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 00b4.0080.d29c, irq 11
1: ethernet1: address is 0090.2794.04da, irq 10
2: ethernet2: address is 00a4.0080.d29c, irq 7
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 12
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: <deleted>
Running Activation Key: <deleted>
Configuration has not been modified since last system restart.
snet-t1-pix#
-----------------------------------------------------------------------------
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
dsl-net-pix up 2 days 23 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 399 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0090.27a7.23c6, irq 11
1: ethernet1: address is 0090.27a7.228d, irq 10
2: ethernet2: address is 00b4.0080.d29c, irq 7
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 12
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: <deleted>
Running Activation Key: <deleted>
Configuration has not been modified since last system restart.
dsl-net-pix>
---------------------------------------------------------------------------
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
snet-adsl-pix up 2 days 23 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 399 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 00b4.0080.249d, irq 11
1: ethernet1: address is 00b4.0080.d29c, irq 10
2: ethernet2: address is 00b4.0080.d29c, irq 7
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 12
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: <deleted>
Running Activation Key: <deleted>
Configuration has not been modified since last system restart.
snet-adsl-pix>Reply-to: netwraith@pcrd.net
thenetwraith (There is a picture here, but, you just can't see it!)