On Fri, 4 Oct 2002 16:15:19 -0400 "Mark Stewart" <[EMAIL PROTECTED]> wrote:
> > Ping first generates an ARP (broadcast) packet... long story short, > > sounds like the VLAN is expiring the "this MAC address is on that > > port" entry in its table, then failing to "flood" packets for which > > there is no such entry (bug in VLAN)... your network _guru_ should > > be able to take it from here... > > This seems plausible but it seems like it should give the same results > in Win2K. Or maybe there's something else that MS is doing to preserve > the ARP cache entry that Linux isn't? Actually, I was refering to the network itself... think of a VLAN as a bridge/switch... each port keeps tabs on which computer(s) (MAC address(es)) is/are attached -- for a period of time. If the network expires the cache identifying which ports the W2K and server are connected to, then any subsequent packet in one/both directions can't be delivered to a specific port since the destination port is no longer known... in this case, the network device should flood any unicast packets (as though they were broadcast) to all ports in the hope that the target host gets the packet and responds -- the initial [flooded] packet should refresh the network device's cache for one end and if the target responds, refresh the cache for the other end/direction... If either end host expires its ARP cache, it should re-ARP for the destination... If the network device does not flood unicast packets after expiring a cache entry; I'd consider that a bug... since VLANs are the equivalent of a single subnet, no routers/gateways are involved -- except to create a VLAN over a routed network -- smoke and mirrors... :^) > By the way, I had originally claimed that I wasn't running any > firewalls or packet filtering software. I should clarify that by > saying that I don't have either of the iptables or ipchains rpm's > installed and don't see anything else firewall-ish running in any of > my services config files. There is still, of course, msec which is > currently set to it's lowest level of security. My impression was that > it didn't handle firewall duty, at least not at its lowest level. > True? msec may control security; but it does not control/limit any packet flows... if iptables/ipchains are not running, then packets should just flow... While the connection is OK, try "arp -a" (don't know the W2K equiv.) and make sure the other host is in the table; when it fails, recheck... if the other host's MAC is still there (both ends), then the network is likely at fault. Could be a VLAN misconfiguration... HTH, Pierre
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
