[Info-vax] tcpip gateway question

jbriggs444 jbriggs444 at gmail.com
Tue Sep 15 08:39:17 EDT 2009 

On Sep 15, 7:56 am, Anton Shterenlikht <me... at bristol.ac.uk> wrote:
> On Tue, Sep 15, 2009 at 11:26:37AM +0000, Jan-Erik S?derholm wrote:
> > > In addition to my previous MAC change observation, I discovered
> > > that all nodes in the cluster have their current MAC addresses
> > > for the first interface, either EWA0 (alpha) or EIA0 (i64) changed
> > > to a range of incremental MAC numbers from AA-00-04-00-03-08 to
> > > -06-08 (4 nodes). However, all MAC addresses for second interfaces,
> > > EWB0 or EIB0 are left at default settings.
>
> > > I'm really puzzled by this. Is this an expected behaviour?
> > > Is this something to do with VMS cluster or DECnet?
> > > Can I insist that the current MAC address for a particular
> > > interface is left as default setting?
>
> > DECnet when started change the MAC address. And it's built up
> > based on the DECnet area.node address in som e way, if I'm not wrong.
>
> yes, it is in DECnet-Plus for OpenVMS Network Management, section 9.1,
> table 9-1:
>
>         "... in the format AA-00-04-00-xx-xx, where
>         xx-xx is calculated from Phase IV node address."
>
> I guess I have to reregister my ip address to this DECnet modified
> MAC address. Or maybe better to assign the Uni ip address to the
> second, unmodified interface, to make it independent of VMS cluster
> configuration?

"reregister"?

In the typical environment there's no such concept.  The NIC is set to
use the DECnet modified MAC address very early in the boot process.
The network never sees any other MAC address.  As far as the network
is concerned, the DECnet MAC address is the machine's true MAC
address.

If your network runs on switch gear with port security (*) turned up
and if you are required to register your MAC address with the network
management people before connecting to the network then yes you need
to either re-register the DECnet MAC address or turn off DECnet.

Similarly if the network is configured for static ARP.  *shudder*.

(*)  On Cisco gear, "port security" is a setting on a switch port that
controls which MAC addresses are allowed to appear on the port.  There
are a number of settings tweaks that can be made, but the basic
behavior is that if your MAC address isn't on the list for the port
you are plugged into _or_ if it is on the list for some other port
then the port you are plugged into is automatically disabled.

Unless the "errdisable recovery" feature is also turned on, a port
that is disabled in this manner will remain disabled until reboot or
until intervention by a network admin.

In our environment it is usually the "your MAC address was already
registered on that port over there" that causes the problems with port
security.  You move your connection to a new switch port and it
doesn't work.  [Us network admin types don't appreciate it much when
users move their equipment from one port to another, especially when
it means that we have to fix something that the user broke].

More information about the Info-vax mailing list