Low BRI througput [7:12078]

[Mohammed Saro]

Dear Sir
  Cisco recommends for low throughput for the ISDN BRI to verify that fair
queuing is not enabled can anyone tell me the relationship between fair
queuing and BRI throughput ?

Best Regards,
Mohammed Saro
Network Engineer
GEGA NET
Tel: +202-4149771 Ext:111




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12078t=12078
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RouterSim 3.0 [7:11342]

[Lori]

Have you timed the failover? How long did it take?

Thomas Crowe wrote:

 Yes, I have that configuration at a customer's site that I configured.
(Dual
 MSFC's in a HSRP pair on Cat 6509's) It has been working well.  Let me know
 what your questions are, and maybe I can help.

 __

 Thomas Crowe
 Senior Systems Engineer / Architect
 CTS - Atlanta
 Phone: 770-664-3900 ext 45
 Cell: 404-277-4089
 __

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Lopez, Robert
 Sent: Monday, July 09, 2001 12:50 PM
 To: [EMAIL PROTECTED]
 Subject: RE: RouterSim 3.0 [7:11342]

 Has anyone configured dual MSFC's on a 6509 with HA, HSRP capabilities with
 success.  I'm reading through this document...

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd
 /redund.htm#49378

 It seems somewhat straight forward.  Any opinions

 Robert

 -Original Message-
 From: Steve Smith [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 09, 2001 11:35 AM
 To: [EMAIL PROTECTED]
 Subject: RE: RouterSim 3.0 [7:11342]

 Yeah Jen is staying!!!

 Now could someone please give me some tips on how to take my two 4006
 with RSM and make them as close to redundant as possible. I need to run
 HSRP on the RSM if possible.

 Thanks,
 Steve

 -Original Message-
 From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 09, 2001 10:13 AM
 To: [EMAIL PROTECTED]
 Subject: Re: RouterSim 3.0 [7:11342]

 I have worked so hard studying and have loved all the wonderful
 contributions from the people that make this site
 special.  But I am not a thief Phil...I really am not.  We bought the
 disk..We didn't steal it.  We all paid money that we
 had saved so we could study and pass our tests.  We had a wonderful
 instructor that cared  about us and helped us.
 They had special group studies on varied topics that people could
 participate in if they chose.  We had dinners
 together.  We were all involved together on a common mission of getting
 through our classes and passing our first cert
 together.  I was not trying to implicate anything or anybody.
 Academically,
 it was a great environment and too bad more
 aren't the same and are conductive to learning.

 Since those times are past, this group, without it being a formal
 classroom
 is the closest thing I have to college.  And
 right now, I am just discouraged...

 It is greatly distracting me from what my goals are.  I do not mind a
 debate
 but over pertinent issues that matter in the
 long run from a 'cert viewpoint' but this is not one of those issues,
 but it
 is, like I said, very distracting for me from a
 personal standpoint regarding my studying.  I have never even read one
 of
 Howards, Priscilla's or Tom's books, but I
 bet they are good.  Of course, I am only assuming that based on the
 answers
 I have seen posted by them on this site
 and the 'free' study material compiled by them posted on
 certificationzone.com that is available on a monthly basis that I
 have read.  Those people are why I stayed, because you can learn from
 them.
 But I have not stolen anything from
 them Phil as was implied by Wigle.

 And you are right..this is ridiculousI enjoy this site too much for
 one
 Wigle to run me off.
 I guess I will just wait for the dark blue sedan to pull up with all the
 haggling lawyers 

 Jenn

 7/9/2001 9:30:48 AM, Circusnuts  wrote:

 What !!!
 
 Now this is ridiculous   Jennifer- unless you're getting hate mail
 the
 rest us are not seeing, no one else on this list cares.
 
 I enjoy you posts  am surprised Kevin has carried things this far...
 Phil
 
 - Original Message -
 From: Jennifer Cribbs
 To:
 Sent: Monday, July 09, 2001 10:18 AM
 Subject: Re: RouterSim 3.0 [7:11342]
 
 
  Rational or otherwise, an already convicted thief or not, I have
 withdrawn
  my subscription from groupstudy..
 
  7/9/2001 8:42:33 AM, Kevin Wigle  wrote:
 
  Jennifer,
  
  I'm not condemning you.  I've read your posts and I thought you a
 rational
  person.
  
  But just read this
  
  We couldn't afford it otherwise.  None of us.  We all copied it to
  use from our school burner.  It was registered in
  a co-instructors name.  It was all about wanting to pass and
 learning and
  him helping us.  Not cheating or pirating.
  Right or wrong, that's what we did.  
  
  Can't get much closer to a confession than that.  We normally
 includes
 the
  person talking but I'll let the lawyers haggle that one.
  
  Anyway, think of all the people on this list that make this list
 such a
  great place for learning.
  
  Howard Berkowitz, Author and Instructor
  
  Tom Lisa, Author and Instructor
  
  Priscilla Oppenheimer, Author and Instructor
  
  Not to mention the many CCIE's on the list.
  
  They give their time freely to the list which is as good as it gets.
  
  On the other hand, some people still want to steal from them and
 others.
  

Can not find Enterprise Edition [7:12081]

[sami natour]

Hi All,
I am looking for Catalyst 1900 switch Enterprise
edition software to upgrade my 5 switches.I tried to
find it on Cisco web site it always ask for
password.Any one can help me to download it.

Regards ,
sami 


__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12081t=12081
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Router Security link - NSA [7:12082]

[EA Louie]

I saw this on another list, and felt it was worth of passing on in light of
the recent questions regarding securing/locking down routers...

http://nsa1.www.conxion.com/

-e-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12082t=12082
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routing polices [7:11896]

[Jacek Malinowski]

thank you very much.
You advices were very helpful




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12083t=11896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem On PIX Hardware [7:12084]

[Steiven Poh-\(Jaring MailBox\)]

Hello Cisco Folks,

The problem that we face is a lot unusual. We are successfully 
configured the PIX with Cicso Secure ACS software on the server and 
have created some user ID on the software for the authentication to 
access to internet through proxy server. The good thing is it can 
immediately ask for the authentication when first time to access to 
 internet. But when we successfully login it, the next PC to access to 
 internet, It doesn't ask for any authentication. Just straight away 
 can access to internet. But after the Time-out period on the PIX, it 
 will ask again for the authentication.
 
 Looks like once first ID have been logged in, the rest of the user 
 can go in smoothly without any authentication. This is not logic at 
 all. I'm not sure wether the problem is occured due to the Cisco 
 Secure ACS software of the PIX hardware. Any Advice?

Rgds,
Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12084t=12084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ACESS-LIST [7:12085]

[Mohammed Saro]

I have A problem when i enabled CEF on a 4500 router with ios 12.0(5) T i
have
a problem that when i apply a new access-list it does not make any matches
unless i disable then reenable the ip cef on the router what is that ?

Best Regards,
Mohammed Saro
Network Engineer
GEGA NET
Tel: +202-4149771 Ext:111




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12085t=12085
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cisco 1600 router [7:12088]

[kostas aggelakis]

hello everybody,
I have a cisco 1601 router in my office and windows Nt server
in my home.For administration reasons i want to configure the router to call
me back when i call him from home.
I also have an isdn bri line and two net modes to make the project the scheme
is:

CISCO_1600 --NET MODENET MODE NT SERVER

I ' ve tried to make a ppp multilink connection and it works fine  .Then i
configure the router to callback and
i install the routing and remote access service in windows nt server with all
(i thing) parameters configured well.
I configure the nt server to call as a ras client , to receive calls as ras
server , and to work for Dial on Demand Routing.Also
I a make a user with all pap credentials right and with the permission grand
dial in.
When i place a call to the router with dialup networking and then in 3
seconds
about cancel the try , the router calls me bac after 15-20 seconds,
but i cannot ping to the router . As it seems in the debugs output the router
sends pap request but the nt server does not answer,show the ppp phase
doesn t came up and no ipcp messages are shown.
has anyone idea where is the problem?
Follw is the router configurations and the debugs output,appreciated any
help!
KOSTAS AGGELAKIS


CISCO_1600#s ru
Building configuration...

Current configuration:
!
version 12.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname CISCO_1600
!
logging buffered 8192 debugging
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
enable secret 5 $1$Yx2j$fxjTmOqE0x2/hV4EI/rm..
enable password 7 130B
!
username yxydas password 7 110D1608121B0803112327282D20
username KDD\kaggelaki callback-rotary 1 password 7 155341010138242A2920
username kaggelaki password 7 041A410B0A334340080A
!
!
!
!
ip subnet-zero
ip domain-name teiath.gr
ip name-server 195.130.100.19
ip name-server 195.130.100.18
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
 description syndesh me router 7513
 ip address 195.130.XXX.XXX  255.255.255.192
 no ip mroute-cache
!
interface Serial0
 physical-layer async
 no ip address
 no ip mroute-cache
 shutdown
!
interface BRI0
 no ip address
 encapsulation ppp
 no ip mroute-cache
 dialer rotary-group 1
 isdn switch-type basic-net3
 no fair-queue
 no cdp enable
!
interface Dialer0
 no ip address
 no cdp enable
!
interface Dialer1
 description connected to callback(isdn)
 ip address 195.130.XXX.XXX  255.255.255.192
 encapsulation ppp
 no ip split-horizon
 dialer in-band
 dialer idle-timeout 300
 dialer enable-timeout 20
 dialer caller 015319789 callback
 dialer map ip 195.130.XXX.XXX name kaggelaki class callback 015319789
 dialer-group 1
 no peer default ip address
 no fair-queue
 no cdp enable
 ppp callback accept
 ppp authentication pap callin
 ppp pap sent-username CISCO_1600 password 7 074E6B414B1B160B1601
 ppp multilink
!
ip default-gateway 195.130.XXX.XXX
ip classless
ip route 0.0.0.0 0.0.0.0 195.130.XXX.XXX
no ip http server
!
!
map-class dialer callback
 dialer callback-server username
dialer-list 1 protocol ip permit
snmp-server engineID local 000902107B2CDC4C
snmp-server community public RO
!
line con 0
 transport input none
line 1
line vty 0 4
 exec-timeout 0 0
!
end

CISCO_1600#s log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 2150 messages logged
Monitor logging: level debugging, 1072 messages logged
Buffer logging: level debugging, 2150 messages logged
Trap logging: level informational, 58 message lines logged

CISCO_1600#
*Mar  1 01:37:55: ISDN BR0: RX   SETUP pd = 8  callref = 0x0E
*Mar  1 01:38:05: Bearer Capability i = 0x8890
*Mar  1 01:38:05: Channel ID i = 0x83
*Mar  1 01:38:05: Called Party Number i = 0x80, '015319789',
Plan:Unknow
n, Type:Unknown
*Mar  1 01:38:05: ISDN BR0: RX   CONNECT_ACK pd = 8  callref = 0x0E
*Mar  1 01:38:06: ISDN BR0: received HOST_CONNECT call_id 0x800E
*Mar  1 01:38:06: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
*Mar  1 01:38:06: BR0:1 PPP: Treating connection as a callout
*Mar  1 01:38:06: BR0:1 PPP: Phase is ESTABLISHING, Active Open
*Mar  1 01:38:06: BR0:1 LCP: O CONFREQ [Closed] id 16 len 31
*Mar  1 01:38:06: BR0:1 LCP:AuthProto PAP (0x0304C023)
*Mar  1 01:38:06: BR0:1 LCP:MagicNumber 0x10D5B8B5 (0x050610D5B8B5)
*Mar  1 01:38:06: BR0:1 LCP:MRRU 1524 (0x110405F4)
*Mar  1 01:38:06: BR0:1 LCP:EndpointDisc 1 Local
(0x130D01434953434F5F313630
30)
*Mar  1 01:38:06: ISDN BR0: Event: Connected to 015319789 on B1 at 64 Kb/s
*Mar  1 01:38:06: ISDN BR0: RX   DISCONNECT pd = 8  callref = 0x0E
*Mar  1 01:39:57: Cause i = 0x8090 - Normal call clearing
*Mar  1 01:39:58: ISDN BR0: RX   RELEASE_COMP pd = 8  callref = 0x0E
*Mar  1 01:39:58: ISDN BR0: received HOST_DISCONNECT_ACK call_id 0x800E
*Mar  1 01:39:58: ISDN BR0: HOST_DISCONNECT_ACK: call type is 

upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12089]

[Arun]

Hi
can anbody please help me with this i will be upgrading my catalyst 5000 IOS
what are the things that needed to be taken care before doing this .i
have supervisior card 2 runnnign on it and they are runnign in redudant mode
..i have 2 catalyst 5000what can be like probaable problems
.i think i saw somehting like this on cisco but right now i am unable to
find this .
any help will be appreciated .

Regards

Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12089t=12089
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Low BRI througput [7:12078]

[Charlie Hartwell]

It would be interesting to see the document that recommends that
action - after all, WFQ is designed to help with low bandwidth links
without the need for complicated config.

It is more likely that it is recommended to turn off WFQ when using
ppp multilink across the ISDN connection. This is probably to avoid
any unnecessary fragment delay which could lead to malformed packets
and retransmissions.

So in answer to your question, there is no real connection between
BRI performance and WFQ but cisco probably recommend disabling WFQ to
avoid other problems.

Cheers

Charlie

 --- Mohammed Saro  wrote:  Dear Sir
   Cisco recommends for low throughput for the ISDN BRI to verify
 that fair
 queuing is not enabled can anyone tell me the relationship between
 fair
 queuing and BRI throughput ?
 
 Best Regards,
 Mohammed Saro
 Network Engineer
 GEGA NET
 Tel: +202-4149771 Ext:111
[EMAIL PROTECTED] 



Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12090t=12078
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

eigrp and sec address [7:12087]

[Javier A. Herrera]

Hello,
i've got two routers sharing one common 
network...one of this routers got a 
secondary address defined over the 
interface...
is there any way to make this secondary 
net be visible on the shared network 
dynamically using EIGRP

Thank you very much in advance,


_
Javier A. Herrera
Centro de Proceso de Datos
Universidad de Oviedo
mailto:[EMAIL PROTECTED]
_




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12087t=12087
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Problem On PIX Hardware [7:12084]

[Frank Kim]

Steiven,
It sounds like those users who have logged in were using PAT(single ip
nat'ed).  If that's the case, then your ACS/pix can only see one single
ip.  Only enhance you can change on the pix is to change the time-out to
be as low as you can without annoying users logon process.


-Frank


 On Thu, 12 Jul
2001, Steiven Poh-(Jaring MailBox) wrote:

 Hello Cisco Folks,
 
 The problem that we face is a lot unusual. We are successfully 
 configured the PIX with Cicso Secure ACS software on the server and 
 have created some user ID on the software for the authentication to 
 access to internet through proxy server. The good thing is it can 
 immediately ask for the authentication when first time to access to 
  internet. But when we successfully login it, the next PC to access to 
  internet, It doesn't ask for any authentication. Just straight away 
  can access to internet. But after the Time-out period on the PIX, it 
  will ask again for the authentication.
  
  Looks like once first ID have been logged in, the rest of the user 
  can go in smoothly without any authentication. This is not logic at 
  all. I'm not sure wether the problem is occured due to the Cisco 
  Secure ACS software of the PIX hardware. Any Advice?
 
 Rgds,
 Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12086t=12084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MCNS 2.0 [7:12091]

[fahim]

Hi group
Have anyone studying for MCNS 2.0 or given the exam???/
If so, what books need to be prepared apart from Cisco press book written by
Michael Wenstrom. Any comments on how the questions are, and what level of
difficulty it is. Do we need to have hands on experience on Pix or rather
studying and understanding the concept is enough.
Thanks in advance

Fahim
CCNA, CCDA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12091t=12091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Network addresses [7:11990]

[Charles Manafa]

I have always thought that NetWare only auto-generated its internal network
number (based on date and time of installation, which semi-gurantees
uniqueness of the address), but the external network numbers had to be
entered manually for each frame type. I may be wrong, but I don't think it
auto-detects existing network numbers on the line.

CM

 -Original Message-
 From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
 Sent: 12 July 2001 03:18
 To: [EMAIL PROTECTED]
 Subject: RE: IPX Network addresses [7:11990]
 
 
 Cool. I know about the different frame formats and running 
 multiple ones 
 which means you'll have multiple network numbers. I didn't 
 know NetWare 
 would automatically assign network numbers. What does it do 
 if there are 
 other servers and/or routers sharing the segment and they 
 have already 
 assigned the network number(s)? Is it smart enough to pick up on this?
 
 Thanks
 
 Priscilla
 
 At 08:08 PM 7/11/01, Patricia Leeb-Hart wrote:
 While it's certainly preferable to assign network numbers 
 manually, NetWare
 will assign a random unique 8-digit hex IPX network number, 
 depending on the
 installation process you choose.  The express installation 
 is really only
 useful for one-server environments and is an option I never 
 used.  Now, as
 to why it would assign multiple network numbers: normally 
 only one frame
 type would be loaded (default is 802.3 with 3.2 and 4.x).  
 However, it gives
 you the option to load them all, and often inexperienced 
 admins will do so.
 So, if you loaded all the frame types and allowed NetWare to 
 generate the
 network numbers, NetWare assumes that you'd do this in order 
 to run multiple
 IPX networks.  It's analogous to creating secondary addresses or
 sub-interfaces on a router, each with its unique network 
 number and/or
 encapsulation.  (i'd really like to see the AUTOEXEC.NCF for 
 this particular
 server )
 
 This isn't as much of an issue with 5.x, as the default 
 protocol is IP.
 However, if you choose to install IPX compatibility, it will 
 still offer you
 the choice of randomly generating the IPX network number.  
 It's a NetWare
 thang.
 
   Priscilla Oppenheimer  07/11/01 01:28PM 
 Interesting. Why would it generate network numbers, though? Shouldn't
 network numbers be manually configured?
 
 Priscilla
 
 At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote:
  I finally feel qualified to comment on a question on this 
 list (having
  worked with NetWare for the past 6 years)
  
  The addresses you're seeing are generated automatically.  
 What's happening
  here is that the new server has every single Ethernet 
 frame type loaded,
 and
  as a result is using different IPX network number for 
 every frame type. 
 New
  3.x and 4.x servers will do this if you perform an install 
 using all the
  defaults.  You need to run INSTALL (or NWCONFIG if 5.x), edit the
  AUTOEXEC.NCF and remove all BIND statements referencing 
 frame types you
  don't want to use.  Ethernet_II is preferred.
  
  NetWare 5.x is more restrained and tries to use IP only.
  
Ayers, Michael  07/11/01 12:12PM 
  Those were either auto generated, or picked up from 
 reading frames on the
  wire.
  
  
  -Original Message-
  From:   Elmer Deloso [mailto:[EMAIL PROTECTED]]
  Sent:   Wednesday, July 11, 2001 11:31 AM
  To: [EMAIL PROTECTED]
  Subject:IPX Network addresses [7:11990]
  
  hi, group.
  I just noticed that after installing NetWare server, it 
 gave me this info
  regarding types of IPX frames:
  Frame type  Network address
  Ethernet_802.2  3D410DCD
  Ethernet_802.3  1E0F4F9E
  Ethernet_SNAP   FF994BB0
  Ethernet_II D393B805
  
  For the IPX gurus in the group, can someone tell me if 
 there is some type
 of
  logic as to how the network address is translated from the 
 type of frame
  used?
  Just to answer my curiosity.
  Thank you.
 
 
 Priscilla Oppenheimer
 http://www.priscilla.com
 
 
 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12092t=11990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN QUERY [7:12068]

[Charles Manafa]

Use static route on router D. This will overide the dynamically learnt route
to 10.1.1.0

CM

 -Original Message-
 From: Grad Alfons Kanon [mailto:[EMAIL PROTECTED]]
 Sent: 12 July 2001 06:49
 To: [EMAIL PROTECTED]
 Subject: VPN QUERY [7:12068]
 
 
 All,
 
 need help,
 
 I have such scenarios like this.
 
 Router A as the headquesrter connect to router B, C and D, 
 (let says using 
 star connection)
 
 Segment A's ethernet: 172.10.0.0
 segment B's ethernet: 10.0.0.0
 segment C's ethernet: 170.20.0.0
 segment D's ethernet: 170.30.0.0
 
 let's assume that all of the WAN interfaces from B C D to A 
 are using /30 
 mask and using 170.100.0.0 segment.
 Routing protocol is dynsmic (EIGRP or OSPF)
 
 The problem is:
 
 there's one small segment in C router (let says in other 
 ethernet) that has 
 10.1.1.0/24.
 
 How can I create a VPN from B to C, so if client from D want to go to 
 10.1.1.0 segment, they will go to B first , not direcly go to C.
 
 regards
 
 Grad
 
 
 
 __
 ___
 Get Your Private, Free E-mail from MSN Hotmail at 
http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12093t=12068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Completely off topic here... [7:12060]

[Charles Manafa]

I have a vinyl player capable of attaining two speeds (can't remember what
they are), with a whopping, monstrous 5watts RPM per speaker...beat that

 -Original Message-
 From: Tony van Ree [mailto:[EMAIL PROTECTED]]
 Sent: 12 July 2001 06:52
 To: [EMAIL PROTECTED]
 Subject: RE: Completely off topic here... [7:12060]
 
 
 Hi,
 
 This ole guy will make you jealous,
 
 I have a Telecaster for over 30 Years now, a Precision Bass a 
 couple of
 years newer, a 12 String Rickenbacker,  and one you won't see outside
 Australia but is about as good an acoustic aas you'll get a Maton CW80
 getting well into it 30's.
 
 Just some of a good little collection that I still use when 
 I'm short or
 just for fun.
 
 Teunis,
 Hobart, Tasmania
 Asutralia
 
 On Wednesday, July 11, 2001 at 11:47:47 PM, [EMAIL PROTECTED] wrote:
 
  Ole - I play a Strat myself, great guitars (and always a 
 fan of Mr. Ray
  Vaughn) I just bought a Spyder Line 6 Amp, but my main-stay 
 is an old
 Fender
  75...Great Amps, but they weigh a ton...
  
  As for Portland, I just moved up from the Bay Area...This 
 place is rockin'
  Good job market, very low cost of living.  The only thing 
 you have to get
  over is the weather.  Granted, it has been 80 - 90 lately, 
 it is usually
  overcast and raining.
  
  I heard Houston was really turning around, and, funny 
 thing, my wife wants
  to start looking in Austin..
  
  I heard the market is really looking good out there.
  
  Cheers,
  
  Duncan
  
  
  -Original Message-
  From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, July 11, 2001 8:10 PM
  To: '[EMAIL PROTECTED]'; Ole Drews Jensen; [EMAIL PROTECTED]
  Subject: RE: Completely off topic here...
  
  
  It sure is Duncan,
   
  It's my Fender Princeton Chorus which I use with my Standard Fender
  Stratocaster, my SRV Signature Fender Stratocaster, my 
 Jackson and my
  Epiphone.
   
  It's always nice to pick the guitar and play some riffs.
   
  I can see you're from Oregon. That's actually a place my 
 wife and I have
  talked about moving to, the day we get really really tired 
 of the traffic
  and polution in Houston. How is it workwise - are there 
 some good jobs with
  decent salaries up there?
   
  Thanks,
   
  Ole
  
   Ole Drews Jensen
   Systems Network Manager
   CCNA, MCSE, MCP+I
   RWR Enterprises, Inc.
   [EMAIL PROTECTED]
http://www.oledrews.com/ccnp
  
   NEED A JOB ???
http://www.oledrews.com/job
  
  
   
   
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, July 11, 2001 10:08 PM
  To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
  Subject: Completely off topic here...
  
  
  
  Ole - Just curious about the backround of your lab 
 shot...Is that a guitar
  amp ??? Looks so much like my lab ???
  
  Thanks,
  
  Duncan
  
  Duncan Wallace
  Sr. Network Engineer
  CCNA CCNP
  800.COM Inc.
  1516 NW Thurman St
  Portland, OR  97209-2517
  
  Direct: 503.944.3671
  Cell: 503.969.8248
  Fax: 503.943.9371
  Web: http://800.com
  Email: [EMAIL PROTECTED]
  
  
  
  -Original Message-
  From: Ole Drews Jensen [ mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, July 11, 2001 7:07 PM
  To: [EMAIL PROTECTED]
  Subject: OSPF Neighbor - I'm confused! [7:12048]
  
  
  Okay.
  
  Everything works in my new frame relay environment.
  
  I have followed the Configuring OSPF for a Single Area in an NBMA
  Environment section of my CiscoPress BSCN book.
  
  Router 1 is setup as a Frame Relay switch.
  
  Router 2 and 3 are communicating with eachother on a PVC 
 through Router 1.
  
  Router 2's connected interface has an OSPF priority of 0, 
 and Router 3 has
  therefore been elected as the DR, and I have added Router 
 2's IP address
  manually on Router 3 as it's OSPF neighbor.
  
  All this works great.
  
  If I do a show ip ospf int on Router 3, it shows that 
 it's the DR, and
  that it has one OSPF neighbor - Router 2.
  
  Now, the book tells me that even though it's not necessary, 
 I should add
  Router 3 as the OSPF neighbor on Router 2. I am a very nice 
 guy, so I did
  that right away.
  
  However, this is where I am confused...
  
  After I have added Router 3 as the OSPF neighbor on Router 
 2 (and of course
  have saved the configuration), it does not show up in my 
 sh conf like
  Router 2 does on Router 3.
  
  But, it does show up in show ip ospf int on Router 2 as 
 it's neighbor.
  
  I don't get it.
  
  Can anyone turn on the light here?
  
  Thanks,
  
  Ole
  
  
   Ole Drews Jensen
   Systems Network Manager
   CCNA, MCSE, MCP+I
   RWR Enterprises, Inc.
   [EMAIL PROTECTED]
http://www.oledrews.com/ccnp
  
   NEED A JOB ???
http://www.oledrews.com/job
  
 --
 www.tasmail.com




Message Posted 

RE: Access-list Question [7:12043]

[Charles Manafa]

I don't believe this guy will actually implement this configuration. I think
he just wants to know if it is theoretically possible.

CM

 -Original Message-
 From: Tony van Ree [mailto:[EMAIL PROTECTED]]
 Sent: 12 July 2001 06:56
 To: [EMAIL PROTECTED]
 Subject: Re: Access-list Question [7:12043]
 
 
 Hi,
 
 You have one in and one out.  It would seem a bit strange 
 blocking and/or
 allowing the same stuff in both directions however.  Also if 
 you were to
 monitor your access-list 100 it would not be able to identify 
 which way the
 data came from easily.
 
 Just a thought
 
 Teunis,
 Hobart, Tasmania
 Australia
 
 On Wednesday, July 11, 2001 at 08:12:38 PM, Washington Rico wrote:
 
  Is it true that you can have only one access-list per direction per 
  interface.  If so the below configuration be correct or incorrect.  
  
  Thank you for your input.
  
  interface BRI0/0:1
   description Connection Segment
   bandwidth 64
   ip address X.X.X.X 255.255.255.240
   ip access-group 100 in
   ip access-group 100 out
   no ip directed-broadcast
   encapsulation ppp
   no keepalive
   no cdp enable
  
 __
 ___
  Get Your Private, Free E-mail from MSN Hotmail at 
http://www.hotmail.com.
--
www.tasmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12095t=12043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: port block unicast and multicast [7:12052]

[Quek, Steven]

Hi,

I am glad that this topic is discussed here. In fact currently I am doing
a project that is trying to make use of the Port Monitoring/SPAN
feature as a form of keepalive  duplicate traffic discovery 
with a third party product. I won't go into that detail.

I had read the portion of info at the directed web link. But would like to
confirm my doubts. I need all the valuable advise and inputs from all of
you. 

May be I am poor in my English to interpret this. Appreciate to confirm,
does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
have the similar feature of blocking Unknow Unicast  Unregistered Multicast

from forwarding through the Source port  not reaching the destination
directed ports?
The traffic is also not forwarded out of the connected port to the connected
neighbouring
port?

Source Switch Port1Router-WAN
|   ^
Mirrored Traffic---|   |
|Eth
  Destine Switch Port2

Based on the above diagram for simple discussion.

Does that means EIGRP routing entries will be discarded at the Switch Port1
 not updated to the Router
Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
application, ...etc, will not able
to pass through the Monitored port?

Lastly, is there a way to enable all traffic to flow through the Monitored
switch port?

Hope to hear some comments on this. Apprecaite the inputs.

Cheers.

regard
Steven Quek

-Original Message-
From: Marty Adkins [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: port block unicast and multicast [7:12052]


Priscilla Oppenheimer wrote:
 
 Has anyone seen this and is there a workaround?
 
 On a Catalyst 1900 switch enterprise edition, the software has decided
that
 one of my ports should not flood unknown unicast or multicast. This
 wouldn't be a problem except that the port is also my monitor port for
 sniffing packets, and I WANT to see unknown unicast and multicast. I'm
 trying to see EIGRP, CDP, etc. from a router connected to another port.
The
 monitoring is working, but I'm not seeing multicasts.
 
 SwitchA#show int e 0/1
 Hardware is Built-in 10Base-T
 Address is 00B0.6426.7941
 MTU 1500 bytes, BW 1 Kbits
 802.1d STP State:  Forwarding Forward Transitions:  1
 Unknown unicast flooding: Disabled
 Unregistered multicast flooding: Disabled
 Duplex setting: Half duplex
 Back pressure: Disabled
 
 See how it says that unknown unicast and unregistered multicast are
 disabled? It doesn't say that for any of the other ports.
[snip]

Priscilla,
This is apparently an intentional side effect of enabling a port for
SPAN/port monitoring, according to:
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x
/19icweb.htm#xtocid482036
So your analyzer would get only broadcasts until you configure it to
monitor (copy) other ports on the switch.  Those other ports will be
getting unknowns and multicast so your monitor port will see a copy.

I agree that this behavior is different than all the other Cisco switches
including XLs, 4xxx, 5xxx, and 6xxx.

- Marty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12096t=12052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MCNS 2.0 [7:12091]

[Engelhard M. Labiro]

Hi,
I prepared using Michael Wenstrom book and Donald C. Lee`s
book (Enhanced IP Services for Cisco Networks, Chapter 6-8
ISBN 1-57870-106-6). I think Donald`s book is easy to
understand than Michael`s which looks like a manual that
anyone can download from CCO.
Understanding the concept to pass this exam is not enough,
since there are  a lot of Qs regarding the CLI (fo PIX or IOS)
to configure IPSec and CBAC.

Regards,
EML
CCNP+Voice, CCDP

- Original Message -
From: fahim 
To: 
Sent: Thursday, July 12, 2001 6:12 PM
Subject: MCNS 2.0 [7:12091]


 Hi group
 Have anyone studying for MCNS 2.0 or given the exam???/
 If so, what books need to be prepared apart from Cisco press book written
by
 Michael Wenstrom. Any comments on how the questions are, and what level of
 difficulty it is. Do we need to have hands on experience on Pix or rather
 studying and understanding the concept is enough.
 Thanks in advance

 Fahim
 CCNA, CCDA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12097t=12091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MCNS 2.0 [7:12091]

[Matthew Crane]

That book is good enough, concentrate on Chapters 1 thru 3 and 13 thru 14
inclusive.

When i took the exam there were very few CLI type questions, at least 70% on
putting together a security policy and PKI, IKE, ISAKMP etc.

As to CLI understand things like how to clear the NAT table, what NAT
0(Zero) does, and the process of AAA, Radius  TACACS+

Good Luck
fahim wrote:
 
 Hi group
 Have anyone studying for MCNS 2.0 or given the exam???/
 If so, what books need to be prepared apart from Cisco press
 book written by
 Michael Wenstrom. Any comments on how the questions are, and
 what level of
 difficulty it is. Do we need to have hands on experience on Pix
 or rather
 studying and understanding the concept is enough.
 Thanks in advance
 
 Fahim
 CCNA, CCDA.
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12098t=12091
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can not find Enterprise Edition [7:12081]

[Chuck Larrieu]

got your smartnet contract set up? Call 1-800-553-NETS, and the good folks
there will be happy to step you through getting your contract activated, and
your CCO login in place.

Once done, you will be able to download the software you need.

HTH

Chuck

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
sami natour
Sent: Thursday, July 12, 2001 12:05 AM
To: [EMAIL PROTECTED]
Subject: Can not find Enterprise Edition [7:12081]


Hi All,
I am looking for Catalyst 1900 switch Enterprise
edition software to upgrade my 5 switches.I tried to
find it on Cisco web site it always ask for
password.Any one can help me to download it.

Regards ,
sami


__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12099t=12081
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Duplicate Ip addresses ! [7:12100]

[shella kevin]

I am monitoring cisco routes via netview. I decommissioned 2 interfaces on 
the cisco router and put it on an other outer. Now I am getting alerts on 
netview  Duplicate Ip addresses .. it's the same ip 
addresses/FastEthernet interface which I decommissioned.

How can I address this problem ?
How to flush out this on a route ?

Cheers
Shella k

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12100t=12100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

catalyst 5000 rebooted [7:12101]

[Arun]

hi
we have catalyst 5000 in our organization and last week oneof our catalyst
5000 rebooted bu its own ...can anyboby tell me what could be the probabale
cause or where one shoulb be looking for it ...
how do i start looking for it .Please help
this reboot has caused the services to be stopped for 15 minutes and it is
really big issue for us why it happened ...i think i am totally stuck
..can anybody give a a start .


Regards

Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12101t=12101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Duplicate Ip addresses ! [7:12100]

[Chuck Larrieu]

what are you - the night shift in the NOC?

when you say you decommissioned the interfaces, did you issue shutdown
commands? physically pull the wires so they aren't connected to anything?

in general, issuing a shutdown command on an interface prevents it from
telling the network about itself. I'm wondering if your monitoring software
has failed to flush the old interfaces, and is complaining when it sees the
new interfaces come on line when it already has those addresses in its
database.

Chuck

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
shella kevin
Sent: Thursday, July 12, 2001 3:42 AM
To: [EMAIL PROTECTED]
Subject: Duplicate Ip addresses ! [7:12100]


I am monitoring cisco routes via netview. I decommissioned 2 interfaces on
the cisco router and put it on an other outer. Now I am getting alerts on
netview  Duplicate Ip addresses .. it's the same ip
addresses/FastEthernet interface which I decommissioned.

How can I address this problem ?
How to flush out this on a route ?

Cheers
Shella k

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12102t=12100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

redistribute subnet vs. redistribute connected [7:12103]

[Jeongwoo Park]

Hi all
One is ospf's subnet command: redistribute subnet
The other is eigrp's connected command: redistribute connected 
Are these two kind of same?

I know that without subnet keyword, ospf's routing table shows only major
network address that are not directly connected the redistributing router
will be redistributed. I was wondering if this  is true for eigrp's
connected

Thanks

JP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12103t=12103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Network addresses [7:11990]

[Elmer Deloso]

Thanks for all the responses. This is the only IPX speaking box on the wire
and the first NW5.1 server to be brought up. I understand that it supports
and automatically loads all IPX frame types by default if IPX is chosen
along with the default and preferred IP protocol. From the replies it seems
that each frame type would belong to a DIFFERENT IPX network? Or is it just
DIFFERENT WAYS of writing out IPX network addresses depending on the frame
type used?
Again, thanks for the enlightenment.

Elmer

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 4:29 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Interesting. Why would it generate network numbers, though? Shouldn't 
network numbers be manually configured?

Priscilla

At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote:
I finally feel qualified to comment on a question on this list (having
worked with NetWare for the past 6 years)

The addresses you're seeing are generated automatically.  What's happening
here is that the new server has every single Ethernet frame type loaded,
and
as a result is using different IPX network number for every frame type.
New
3.x and 4.x servers will do this if you perform an install using all the
defaults.  You need to run INSTALL (or NWCONFIG if 5.x), edit the
AUTOEXEC.NCF and remove all BIND statements referencing frame types you
don't want to use.  Ethernet_II is preferred.

NetWare 5.x is more restrained and tries to use IP only.

  Ayers, Michael  07/11/01 12:12PM 
Those were either auto generated, or picked up from reading frames on the
wire.


-Original Message-
From:   Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent:   Wednesday, July 11, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject:IPX Network addresses [7:11990]

hi, group.
I just noticed that after installing NetWare server, it gave me this info
regarding types of IPX frames:
Frame type  Network address
Ethernet_802.2  3D410DCD
Ethernet_802.3  1E0F4F9E
Ethernet_SNAP   FF994BB0
Ethernet_II D393B805

For the IPX gurus in the group, can someone tell me if there is some type
of
logic as to how the network address is translated from the type of frame
used?
Just to answer my curiosity.
Thank you.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12112t=11990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eigrp and sec address [7:12087]

[Mark Morenz]

I may be misunderstanding your topology...it would help if you posted config
excerpts.

As far as my experience has been, secondary addresses are configured in
eigrp in the same way as primary addresses. Just make sure you've included
the router eigrp [network#] and network xx.xx.xx.xx commands on the
relevant router. Both routers need to be using eigrp and having the same
autonomous system number in order to see each others updates (unless you are
redistributing routes, but I won't get into that).

Post your config and the group will be better able to see what's up, ok?

-Mark A. Morenz, MS Ed, CCNA, CCAI


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12113t=12087
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Study Group in Phoenix, Arizona [7:12114]

[Vik]

Is any one aware of any CCNP study groups in my area? I have equipment and
want to find some serious people to study with.

E-mail or call any time.
Thanks,

--
Vik Evans - MCSE, CCNA, CCDA
[EMAIL PROTECTED]
(602) 206-5335
(480) 633-1888




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12114t=12114
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Mawhoob [7:12107]

[Mohammed Saro]

i have a problem with one DSL customer with a speed of 128 kbps conected to
my
company through 2 exchanges via copper wires 0.4 mm  thick the line is up and
the protocols goes up and down i checked the H/W it is ok but the physical
line has input errors and crc's whta is the solution

Best Regards,
Mohammed Saro
Network Engineer
GEGA NET
Tel: +202-4149771 Ext:111




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12107t=12107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Alternatives to 2509/2511 for 8n1 console access? [7:12061]

[Neil Schneider]

you could get an older cisco cs-500.  they came in both 8 and 16 port
models.  You can pick one up for a couple of hundred on ebay.

Neil Schneider


Ryan O'Reilly  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi All,

 I'm curious if anybody knows of any inexpensive alternatives to the
 2509/2511 routers to reverse telnet into console ports?

 I've seen some products online but they don't specifically state they will
 work for Cisco console access, and none of the sales reps are able to give
 me a strait answer.

 Thanks!

  - Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12109t=12061
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12106]

[Peter]

Hi,

You need to make sure you have 32Mb RAM installed for each Supervisor
engine, even though the image still fits in 8Mb flash

Peter
Arun  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi
 can anbody please help me with this i will be upgrading my catalyst 5000
IOS
 what are the things that needed to be taken care before doing this .i
 have supervisior card 2 runnnign on it and they are runnign in redudant
mode
 ..i have 2 catalyst 5000what can be like probaable problems
 .i think i saw somehting like this on cisco but right now i am unable
to
 find this .
 any help will be appreciated .

 Regards

 Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12106t=12106
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: redistribute subnet vs. redistribute connected [7:12103]

[Charles Manafa]

OSPF also uses redistribute connected to redistribute all connected
interfaces that don't belong to any OSPF area, but have IP enabled on the
interfaces. These are redistributed as external to the AS.

CM

 -Original Message-
 From: Jeongwoo Park [mailto:[EMAIL PROTECTED]]
 Sent: 12 July 2001 12:12
 To: [EMAIL PROTECTED]
 Subject: redistribute subnet vs. redistribute connected [7:12103]
 
 
 Hi all
 One is ospf's subnet command: redistribute subnet
 The other is eigrp's connected command: redistribute connected 
 Are these two kind of same?
 
 I know that without subnet keyword, ospf's routing table 
 shows only major
 network address that are not directly connected the 
 redistributing router
 will be redistributed. I was wondering if this  is true for eigrp's
 connected
 
 Thanks
 
 JP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12108t=12103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Low BRI througput [7:12078]

[Mohammed Saro]

it is recommended  in the BCRAN book  But i didn't understande what u said
what is the fragmentation delay  ?

Best Regards,
Mohammed Saro
Network Engineer
GEGA NET
Tel: +202-4149771 Ext:111


- Original Message -
From: Charlie Hartwell 
To: 
Sent: Thursday, July 12, 2001 11:53 AM
Subject: Re: Low BRI througput [7:12078]


 It would be interesting to see the document that recommends that
 action - after all, WFQ is designed to help with low bandwidth links
 without the need for complicated config.

 It is more likely that it is recommended to turn off WFQ when using
 ppp multilink across the ISDN connection. This is probably to avoid
 any unnecessary fragment delay which could lead to malformed packets
 and retransmissions.

 So in answer to your question, there is no real connection between
 BRI performance and WFQ but cisco probably recommend disabling WFQ to
 avoid other problems.

 Cheers

 Charlie

  --- Mohammed Saro  wrote:  Dear Sir
Cisco recommends for low throughput for the ISDN BRI to verify
  that fair
  queuing is not enabled can anyone tell me the relationship between
  fair
  queuing and BRI throughput ?
 
  Best Regards,
  Mohammed Saro
  Network Engineer
  GEGA NET
  Tel: +202-4149771 Ext:111
 [EMAIL PROTECTED]


 
 Do You Yahoo!?
 Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
 or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12105t=12078
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

what are some of the best materials to prep for the CCIE lab? [7:12115]

[Wei Wu]

I just passed my RS written exam,  I want to know what study materials are
best for prepping for the lab.  I currently have Routing tcp/ip from Doyle
and Halabi's BGP book.  I am looking for a CCIE lab book and/or CDs.  Any
input appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12115t=12115
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Security Certifications [7:12116]

[Bruce Williams]

I want to get a well recognized security certification. I know about Cisco
Security Specialist and the CCIE Security, but are there any others that are
more widely recognized in the industry or any well know vendor independent
security certifications.

Bruce Williams
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12116t=12116
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Duplicate Ip addresses ! [7:12100]

[[EMAIL PROTECTED]]

I have seen this before on HP OpenView.  SNMP is and 
will still see the ip address even if it is shutdown.  
You must remove the IP address of the other router
 mmmhh ! yes i shutdown the interface and then bring it up ... looks
like
 the software issue to me too  anyother way i can check on the
cisco
 router if they still exists?
 
 btw what is NOC ?
 
 From: Chuck Larrieu 
 To: shella kevin , 
 Subject: RE: Duplicate Ip addresses ! [7:12100]
 Date: Thu, 12 Jul 2001 03:47:34 -0700
 
 what are you - the night shift in the NOC?
 
 when you say you decommissioned the interfaces, did you issue shutdown
 commands? physically pull the wires so they aren't connected to anything?
 
 in general, issuing a shutdown command on an interface prevents it from
 telling the network about itself. I'm wondering if your monitoring
software
 has failed to flush the old interfaces, and is complaining when it sees
the
 new interfaces come on line when it already has those addresses in its
 database.
 
 Chuck
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 shella kevin
 Sent: Thursday, July 12, 2001 3:42 AM
 To: [EMAIL PROTECTED]
 Subject: Duplicate Ip addresses ! [7:12100]
 
 
 I am monitoring cisco routes via netview. I decommissioned 2 interfaces on
 the cisco router and put it on an other outer. Now I am getting alerts on
 netview  Duplicate Ip addresses .. it's the same ip
 addresses/FastEthernet interface which I decommissioned.
 
 How can I address this problem ?
 How to flush out this on a route ?
 
 Cheers
 Shella k
 
 _
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
 _
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12117t=12100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN QUERY [7:12068]

[Mark Morenz]

One additional thought...you'll want to test this, but I believe you will
need to put the static route on Router A, not Router D. If you just put one
on router D, you will just be defining Router A as the next hop (which it is
anyway) and then Router A would just forward it to Router C as per it's own
routing tables because it's receiving updates from Router C as well as all
of the others...

(also, keep in mind that the new Static route on A will send *everything*
for that target to Router B, regardless of where it comes from.)

This can all be ironed out in the testing of course.

Mark A. Morenz, MS ED, CCNA, CCAI


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12118t=12068
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eigrp and sec address [7:12087]

[Debbie Westall]

Javier,

EIGRP will support secondary addresses. However,
neighbor relationships will NOT be formed with the
secondary addresses. 

Refer to:
http://www.cisco.com/warp/customer/103/eigrpfaq.html#Q1.3

A good white paper on EIGRP can be found at:
http://www.cisco.com/warp/customer/103/eigrp1.html

I found on the Cisco site, a way to get around not
getting any routing updates from the secondary IPs

If an interface is configured with secondary IP
addresses, split horizon rules can affect whether or
not routing updates are sourced by these secondary
addresses. If the primary and secondary IP address
network numbers belong to the same network class,
routing updates source by the secondary address are
suppressed unless split horizon is disabled. If the
primary and secondary addresses do not belong to the
same network class, routing updates sourced by the
secondary address are not suppressed. 

So it looks like if you disable split horizon you will
send and receive the routing updates but not form
neighbor relationships.

Hope this helps.

Debbie

--- Javier A. Herrera 
wrote:
 Hello,
 i've got two routers sharing one common 
 network...one of this routers got a 
 secondary address defined over the 
 interface...
 is there any way to make this secondary 
 net be visible on the shared network 
 dynamically using EIGRP
 
 Thank you very much in advance,
 
 
 _
 Javier A. Herrera
 Centro de Proceso de Datos
 Universidad de Oviedo
 mailto:[EMAIL PROTECTED]
 _
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12120t=12087
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: eigrp and sec address [7:12087]

[Debbie Westall]

Javier,

EIGRP will support secondary addresses. However,
neighbor relationships will NOT be formed with the
secondary addresses. 

Refer to:
http://www.cisco.com/warp/customer/103/eigrpfaq.html#Q1.3

A good white paper on EIGRP can be found at:
http://www.cisco.com/warp/customer/103/eigrp1.html

I found on the Cisco site, a way to get around not
getting any routing updates from the secondary IPs

If an interface is configured with secondary IP
addresses, split horizon rules can affect whether or
not routing updates are sourced by these secondary
addresses. If the primary and secondary IP address
network numbers belong to the same network class,
routing updates source by the secondary address are
suppressed unless split horizon is disabled. If the
primary and secondary addresses do not belong to the
same network class, routing updates sourced by the
secondary address are not suppressed. 

So it looks like if you disable split horizon you will
send and receive the routing updates but not form
neighbor relationships.

Hope this helps.

Debbie

--- Javier A. Herrera 
wrote:
 Hello,
 i've got two routers sharing one common 
 network...one of this routers got a 
 secondary address defined over the 
 interface...
 is there any way to make this secondary 
 net be visible on the shared network 
 dynamically using EIGRP
 
 Thank you very much in advance,
 
 
 _
 Javier A. Herrera
 Centro de Proceso de Datos
 Universidad de Oviedo
 mailto:[EMAIL PROTECTED]
 _
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12119t=12087
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Some questions for PIX experts [7:12122]

[nrf]

Hello all.  I'm looking for some PIX experts to help me with the following
strangeness I found while fiddling around with the Pix.

For purposes of this discussion, I am using PixOS 5.3, and I got a Pix 530
with 2 interfaces.  The inside interface has a network of 192.168.1.0/24,
and the outside interface is 50.0.0.0/8.  The inside network has a few PC's,
the outside network has a server at 50.5.5.5 running WWW, FTP, and telnet.
And I always use clear xlate after I change anything on the PIX.

1) Question on Outbound - is the documentation wrong?

I have carefully read the documentation on the Outbound keyword.  The link
is here for convenience:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
mands.htm#xtocid223341

The documentation states the following:   The outgoing_src and
outgoing_dest outbound lists are filtered independently. If any one of the
filters contain deny, the outbound packet is denied. When multiple rules are
used to filter the same packet, the best matched rule takes effect.  The
best match is based on the IP address mask and the port range check. More
strict IP address masks and smaller port ranges are considered a better
match

Now, I am not a genius, but it seems to me that this paragraph states that
the PIX will prefer an outbound statement that is a longer match (mask or
port number) over a lesser match.  Is that correct?

But the fact of the matter that this does not work for me.  I have
discovered that my PIX does not in fact do a longest match at all.   For
example, I put in the commands:

outbound 1 deny 0 0 0
outbound 1 permit 50.5.5.5 255.255.255.255 0

Then I apply it, and I find out that nobody on the inside can access the
50.5.5.5 server, even though it seems like the second outbound statement
should override the first statement (because it is a longer match).

Now, those who of you who might want to know whether the Pix is working
properly or not, or whether I applied the outbound list correctly or not,
consider this.  I then changed the outbound statements to read this:

outbound 1 deny 0 0 0
outbound 1 except 50.5.5.5 255.255.255.255 0

And I see that indeed, everybody on the internal network is indeed denied to
everything except the 50.5.5.5 server.  So I know the Pix is working, and I
am correctly applying the outbound list.

My only conclusion that I can make is that either the documentation on the
outbound keyword  is either seriously wrong  (and therefore it is false that
the Pix does a longest match)  or my Pix is seriously warped.


2) Question on direction of Apply keyword - another error in the
documentation?:

Once again, referring to the documentation, this time on the Apply keyword.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
mands.htm#xtocid223341

I am interested in whether to use 'outgoing_src' or 'outgoing_dest' with the
'Apply' keyword.

For example, in my above example, I always used outgoing_src.  I would do
something like this:
outbound 1 deny 0 0 0
outbound 1 except 50.5.5.5 255.255.255.255 0
apply (inside) 1 outgoing_src

This would serve to block all access from the inside network to the outside,
except for the 50.5.5.5 server, which is exactly the behavior I wanted.
If I replace the apply statement with
apply (inside) 1 outgoing_dest
then everybody on the internal network can go everywhere, which is not the
desired behavior I want.  So  I believe I understand how this works.  If
your Outbound list includes addresses of your internal PC's, then use
outbound_dest.  If it instead contains outside addresses, use outbound_src.
I have tested this theory many times on my PIX, and it always follows this
pattern.

Then I look at the documentation examples,  and they seem to have it
backwards.

For example, they have the following example:
The following example prevents inside host 192.168.1.49 from accessing the
World Wide Web   (port 80):

outbound 11 deny 192.168.1.49 255.255.255.255 80 tcp

apply (inside) 11 outgoing_src


I went and tried this and I discovered that it doesn't work at all.  I fire
up a spare PC that I have, give it the address of 192.168.1.49, and attach
it to my inside network.  I put in the above commands in the Pix, and I
discover that the PC can go anywhere it wants, willy nilly.  The above
outbound list never gets invoked at all.

But I found out that when I change the Apply statement to follow my pattern,
instead of what the documentation says to do:

apply (inside) 11 outgoing_dest

Then the PC is indeed blocked.   So what's up with that?  What's screwed up,
the documentation or my PIX?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12122t=12122
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Security Certifications [7:12116]

[Saleem Nathoo]

Hi,

Look into checkpoint.com for CCSA and CCSE certs.

Thanks,
Sal

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bruce Williams
Sent: Thursday, July 12, 2001 9:16 AM
To: [EMAIL PROTECTED]
Subject: OT: Security Certifications [7:12116]


I want to get a well recognized security certification. I know about Cisco
Security Specialist and the CCIE Security, but are there any others that are
more widely recognized in the industry or any well know vendor independent
security certifications.

Bruce Williams
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12121t=12116
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12123]

[Circusnuts]

Just go to the LAN Switching IOS site when you Login under Software
Upgrades.  You should see an opportunity to catch release note, etc.  You
will see an upgrade chart (if there is one for 4x to 5x).  I had one with
the Sup 1

All the best !!!
Phil

- Original Message -
From: Arun 
To: 
Sent: Thursday, July 12, 2001 4:42 AM
Subject: upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12089]


 Hi
 can anbody please help me with this i will be upgrading my catalyst 5000
IOS
 what are the things that needed to be taken care before doing this .i
 have supervisior card 2 runnnign on it and they are runnign in redudant
mode
 ..i have 2 catalyst 5000what can be like probaable problems
 .i think i saw somehting like this on cisco but right now i am unable
to
 find this .
 any help will be appreciated .

 Regards

 Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12123t=12123
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Security Certifications [7:12116]

[Andrew Whelchel]

CISSP is used by big 5 consulting firms for credibility.  See
http://www.isc2.org/ for info.

-Andrew
 Whelchel

-Original Message-
From: Bruce Williams [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:16 AM
To: [EMAIL PROTECTED]
Subject: OT: Security Certifications [7:12116]


I want to get a well recognized security certification. I know about
Cisco
Security Specialist and the CCIE Security, but are there any others that
are
more widely recognized in the industry or any well know vendor
independent
security certifications.

Bruce Williams
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12124t=12116
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Animated OSPF, EIGRP BGP examples [7:12028]

[Hire, Ejay]

I've got some CBT's that show it.  I think they are from CBT systems or
somesuch.

-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 5:37 PM
To: [EMAIL PROTECTED]
Subject: Animated OSPF, EIGRP  BGP examples [7:12028]


I was hoping that some of you might have come across a website with animated
examples, showing every little conversation being sent across the network
when routers start up, and start telling each other about their routes.

If however this does not exist, then I want to make it myself, so if anyone
instead has come across so very good descriptions about what exactly is
being sent and when it's done, I would appreciate that too.

Thanks for any comments on this.

I will try to look in Doyle's book when I get home tonight, but please let
me know if you know of an excellent site.

Thanks,

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNA, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.OleDrews.com/CCNP
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12125t=12028
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mawhoob [7:12107]

[Hire, Ejay]

You've got a line quality problem.  Since you can't drop the speed, I'd
suggest ordering a new pair from the ILEC.  Additionally, you can try
hooking up the router at the NID to eliminate Premise wiring as the possible
cause.  Does your DSLAM have a built in test head?  We use the Lucent
Stinger DSLAM's and have the ability to do a TDR and simple electronic tests
on the line remotely.

Ejay Hire
Sr. Provisioning Engineer
Broadslate Networks
http://www.broadslate.net

-Original Message-
From: Mohammed Saro [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 7:50 AM
To: [EMAIL PROTECTED]
Subject: Mawhoob [7:12107]


i have a problem with one DSL customer with a speed of 128 kbps conected to
my
company through 2 exchanges via copper wires 0.4 mm  thick the line is up
and
the protocols goes up and down i checked the H/W it is ok but the physical
line has input errors and crc's whta is the solution

Best Regards,
Mohammed Saro
Network Engineer
GEGA NET
Tel: +202-4149771 Ext:111




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12127t=12107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mawhoob [7:12107]

[Danner, John (ZoomTown)]

Did you have the phone company run a line test?  What is the loop length
between the two?  
Is it a dry pair?  You should be able to check the line quality through the
DSL modem.
You can also mess with the TX power settings. 
There other question is if it ever worked.  If not there may be a short or
crossover on the cable.

DSL troubleshooting is fun for everyone!

Good luck.
-John


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mohammed Saro
Sent: Thursday, July 12, 2001 7:50 AM
To: [EMAIL PROTECTED]
Subject: Mawhoob [7:12107]


i have a problem with one DSL customer with a speed of 128 kbps conected to
my
company through 2 exchanges via copper wires 0.4 mm  thick the line is up
and
the protocols goes up and down i checked the H/W it is ok but the physical
line has input errors and crc's whta is the solution

Best Regards,
Mohammed Saro
Network Engineer
GEGA NET
Tel: +202-4149771 Ext:111




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12126t=12107
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Security Specialization (PIX) [7:12129]

[Edgar Alves Nastri]

Anyone have informattion, where i can find simulated exams for Cisco PIX
Advanced ?
 And what best sources, prepare  for this exam ?





Regards,

Edgar Alves Nastri
CCNA, CCSA, CCSE, MCSE+I, MCNE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12129t=12129
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NDS- IPX problem [7:12020]

[Patrick Ramsey]

Are you using all cisco equipment or are you mixing cisco with other
vendors?  If you are using multiple vendors, make sure the sap and rip
updates are happening at the same time. (either when changes are made, or
every so many seconds)  a lot of vendors' default configs are to allow
updates when changes are made, where cisco is every so many seconds.  Either
will work, but both have to be configured the same.  If they aren't you'll
have sporadic problems and neither equipment will hold sap and rip updates
properly.

-Patrick

 Keith Townsend  07/11/01 05:59PM 
Where are you seeing the two different trees.  Are you seeing them from
Display Servers or from the SAP list on the router or from a Netware Client.
If you are seeing this from a Router or Server this is pretty normal.  But
if you are seeing this from the client then this points to a communications
problem between the Servers or a NDS corruption.  Try doing a Reset Router
on all the NetWare boxes within 15 seconds of each other.  Then try running
DSRepairs on each individual box that has a copy of the DS.  Start with the
Master.

I hope this helps.

Keith Townsend
MCSE, CNE, CCNA
AISA Technologies
312-629-1100
www.aisatech.com 


nusrat khwaja  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 1. One of my Netware5 server is showing two NDS trees instead of our
single
 tree. The only difference is that the name of the real one is : a-b and
the
 other one shown is a|b. a|b can not be opened but a-b is working.

 2. At the same time, SHO IPX server on a Netware5 server shows only a few
IPX
 servers but if I RESET ROUTER it shows all my IPX servers but only for
about
 15
 minutes and then all except a few ipx servers disappear from sho ipx
server.

 What could be wrong ??


 _
 Do You Yahoo!?
 Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12130t=12020
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLAN on 1750 router [7:12024]

[Jim Rampley]

I thought you could, but checked the feature navigator on CCO
http://www.cisco.com/go/fn and it looks like a 2600 running IP Plus is the
lowest end router that would.

Jim

-Original Message-
From: Ahmed Mamoor Amimi [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 4:14 PM
To: [EMAIL PROTECTED]
Subject: VLAN on 1750 router [7:12024]


Can any one tell me if we can run the command encapsulation ISL on
ethernet port of 1750 router .

-Mamoor




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12128t=12024
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Network addresses [7:11990]

[Hire, Ejay]

Each different frame type acts as a separate broadcast domain, thus they
have different network numbers.

-Original Message-
From: Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Thanks for all the responses. This is the only IPX speaking box on the wire
and the first NW5.1 server to be brought up. I understand that it supports
and automatically loads all IPX frame types by default if IPX is chosen
along with the default and preferred IP protocol. From the replies it seems
that each frame type would belong to a DIFFERENT IPX network? Or is it just
DIFFERENT WAYS of writing out IPX network addresses depending on the frame
type used?
Again, thanks for the enlightenment.

Elmer

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 4:29 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Interesting. Why would it generate network numbers, though? Shouldn't 
network numbers be manually configured?

Priscilla

At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote:
I finally feel qualified to comment on a question on this list (having
worked with NetWare for the past 6 years)

The addresses you're seeing are generated automatically.  What's happening
here is that the new server has every single Ethernet frame type loaded,
and
as a result is using different IPX network number for every frame type.
New
3.x and 4.x servers will do this if you perform an install using all the
defaults.  You need to run INSTALL (or NWCONFIG if 5.x), edit the
AUTOEXEC.NCF and remove all BIND statements referencing frame types you
don't want to use.  Ethernet_II is preferred.

NetWare 5.x is more restrained and tries to use IP only.

  Ayers, Michael  07/11/01 12:12PM 
Those were either auto generated, or picked up from reading frames on the
wire.


-Original Message-
From:   Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent:   Wednesday, July 11, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject:IPX Network addresses [7:11990]

hi, group.
I just noticed that after installing NetWare server, it gave me this info
regarding types of IPX frames:
Frame type  Network address
Ethernet_802.2  3D410DCD
Ethernet_802.3  1E0F4F9E
Ethernet_SNAP   FF994BB0
Ethernet_II D393B805

For the IPX gurus in the group, can someone tell me if there is some type
of
logic as to how the network address is translated from the type of frame
used?
Just to answer my curiosity.
Thank you.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12132t=11990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN in Germany [7:12050]

[Hire, Ejay]

Search CCO for time based access lists.  They are a new feature in of the
12.x's.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
/ipcprt1/1cdip.htm#22601

-Ejay
-Original Message-
From: Thomas Surber [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 10:18 PM
To: [EMAIL PROTECTED]
Subject: ISDN in Germany [7:12050]


How do you configure an ISDN semipermannet connection with a 10 hour
subscription but can stay up passed the subscription if there is traffic on
the line?

TIA
Thomas Surber




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12131t=12050
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: catalyst 5000 rebooted [7:12101]

[GNOME]

Hi

How about doing a show version  to see the reason of last reboot


Arun  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi
 we have catalyst 5000 in our organization and last week oneof our catalyst
 5000 rebooted bu its own ...can anyboby tell me what could be the
probabale
 cause or where one shoulb be looking for it ...
 how do i start looking for it .Please help
 this reboot has caused the services to be stopped for 15 minutes and it is
 really big issue for us why it happened ...i think i am totally stuck
 ..can anybody give a a start .


 Regards

 Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12134t=12101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT Translations and Time Left [7:12133]

[James Haynes]

I'm performing NAT translations on one of our network connections and all is
fine except that the server the people are connecting to is having an
application issue. This causes them to time out waiting for a logon. They
then try to initiate another connection and the same process occurs. If I do
a show ip nat translations verbose I can see the individual connections
and the NAT having taken place (doing an overload on the address space) and
then these connections remain open for 24 hours. As the users keep
attempting to open new connections the old connections remain up.


tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194  XXX.XXX.XXX.XXX:23
XXX.XXX.XXX.XXX:23

create 22:12:59, use 22:12:37, left 01:47:22,

Is there a NAT command that let's me specify how long a connection can
remain open? Say for instance, 2 hours instead of 24?

--
James Haynes
Network Architect
Cendant IT
A+,MCSE,CCNA,CCDA,CCNP,CCDP,
CQS-SNA/IP


--
James Haynes
Network Architect
Cendant IT
A+,MCSE,CCNA,CCDA,CCNP,CCDP,
CQS-SNA/IP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12133t=12133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Mears, Rob]

Greeting to all,

This problem proved to be a real bitch, and I thank you for all the advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages even
after TAC sent me new memory and a new router. The 3rd TAC engineer was the
charm, because he asked me if this was a TELCO version of the 3660. That was
a real good question cuss I had no idea, as I have never worked on one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.  Man
what a day. The other way to see if the router is an Enterprise version or
Telco is to run the SN numbers. I can think off all the times i do this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal (thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more then
once, so I have nothing but good to say for them. Yes I have gotten some
DORKS before, but I have the option to tell them to get lost and give me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would appreciate it if you kept this under
your hat.

Regards

Charlie


 --- Mears, Rob  wrote:  Any one ever had
a problem loading IOS on a 3660 right out of the
 box? I
 have one with 64meg flash and 256 ram and the damn thing will not
 come out
 of RMMON. I have set the confreg to boot correctly still RMMON. I
 have
 flashed it with two different IOS (12112.2), swapped out Flash,
 MEM, even
 sent the chassis back to Cisco and the new one had the same
 problem. TAC has
 no clue, they have been sending me part and giving me to different
 Engineer
 with no luck.
 
 What gives?
 
 Rob
[EMAIL PROTECTED] 


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12135t=12135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Some questions for PIX experts [7:12122]

[Ciaron Gogarty]

nrf

NRF,

I think that this may help - you have to remember that packets outgoing_src
source addresses are what are recieved on the INSIDE interface ie your local
network, outgoing_dst are the destinatio of the packets recieved.

t the fact of the matter that this does not work for me.  I have
discovered that my PIX does not in fact do a longest match at all.   For
example, I put in the commands:

outbound 1 deny 0 0 0
outbound 1 permit 50.5.5.5 255.255.255.255 0

notice the keyword change,  if you want to PERMIT a host, you should have it
above the deny all (like an access list):

outbound 1 permit 50.5.5.5 255.255.255.255 0 
outbound 1 deny 0 0 0

but if you want to EXCEPT a host have it below the blanket deny all.

outbound 1 deny 0 0 0
outbound 1 except 50.5.5.5 255.255.255.255 0

I also believe that from your example that 50.5.5.5 is the desitination ie -
it's outside the pix, therefor to do what you want there you indeed have to
use outgoing_dest because the source address of packets the pix recieve
inbound on the inside interface will never have a source address other than
192.168.1.X


For example, in my above example, I always used outgoing_src.  I would
do
something like this:
outbound 1 deny 0 0 0
outbound 1 except 50.5.5.5 255.255.255.255 0
apply (inside) 1 outgoing_src

the above should be outgoing_dst as 50.5.5.5 is the destination of the
packet.

to filter on outgoing_src you would need to filter your internal ip address
range as they are the ip's that will the source address on packets recieved
on the inside interface:


C



-Original Message-
From: nrf
To: [EMAIL PROTECTED]
Sent: 12/07/01 14:33
Subject: Some questions for PIX experts [7:12122]

Hello all.  I'm looking for some PIX experts to help me with the
following
strangeness I found while fiddling around with the Pix.

For purposes of this discussion, I am using PixOS 5.3, and I got a Pix
530
with 2 interfaces.  The inside interface has a network of
192.168.1.0/24,
and the outside interface is 50.0.0.0/8.  The inside network has a few
PC's,
the outside network has a server at 50.5.5.5 running WWW, FTP, and
telnet.
And I always use clear xlate after I change anything on the PIX.

1) Question on Outbound - is the documentation wrong?

I have carefully read the documentation on the Outbound keyword.  The
link
is here for convenience:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config
/com
mands.htm#xtocid223341

The documentation states the following:   The outgoing_src and
outgoing_dest outbound lists are filtered independently. If any one of
the
filters contain deny, the outbound packet is denied. When multiple rules
are
used to filter the same packet, the best matched rule takes effect.  The
best match is based on the IP address mask and the port range check.
More
strict IP address masks and smaller port ranges are considered a better
match

Now, I am not a genius, but it seems to me that this paragraph states
that
the PIX will prefer an outbound statement that is a longer match (mask
or
port number) over a lesser match.  Is that correct?

But the fact of the matter that this does not work for me.  I have
discovered that my PIX does not in fact do a longest match at all.   For
example, I put in the commands:

outbound 1 deny 0 0 0
outbound 1 permit 50.5.5.5 255.255.255.255 0

Then I apply it, and I find out that nobody on the inside can access the
50.5.5.5 server, even though it seems like the second outbound statement
should override the first statement (because it is a longer match).

Now, those who of you who might want to know whether the Pix is working
properly or not, or whether I applied the outbound list correctly or
not,
consider this.  I then changed the outbound statements to read this:

outbound 1 deny 0 0 0
outbound 1 except 50.5.5.5 255.255.255.255 0

And I see that indeed, everybody on the internal network is indeed
denied to
everything except the 50.5.5.5 server.  So I know the Pix is working,
and I
am correctly applying the outbound list.

My only conclusion that I can make is that either the documentation on
the
outbound keyword  is either seriously wrong  (and therefore it is false
that
the Pix does a longest match)  or my Pix is seriously warped.


2) Question on direction of Apply keyword - another error in the
documentation?:

Once again, referring to the documentation, this time on the Apply
keyword.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config
/com
mands.htm#xtocid223341

I am interested in whether to use 'outgoing_src' or 'outgoing_dest' with
the
'Apply' keyword.

For example, in my above example, I always used outgoing_src.  I would
do
something like this:
outbound 1 deny 0 0 0
outbound 1 except 50.5.5.5 255.255.255.255 0
apply (inside) 1 outgoing_src

This would serve to block all access from the inside network to the
outside,
except for the 50.5.5.5 server, which is exactly the behavior I wanted.
If I replace the apply statement with
apply 

Re: Security Certifications [7:12116]

[Patrick Bass]

CISSP...
www.isc2.org

Bruce Williams  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I want to get a well recognized security certification. I know about Cisco
 Security Specialist and the CCIE Security, but are there any others that
are
 more widely recognized in the industry or any well know vendor independent
 security certifications.

 Bruce Williams
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12136t=12116
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Some questions for PIX experts [7:12122]

[Allen May]

Think of it as more of a more specific match instead.  A rule for
50.0.0.0/8 is less specific than a rule for 50.5.5.5/32.  I would put the
deny at the bottom of the list though


- Original Message -
From: nrf 
To: 
Sent: Thursday, July 12, 2001 8:33 AM
Subject: Some questions for PIX experts [7:12122]


 Hello all.  I'm looking for some PIX experts to help me with the following
 strangeness I found while fiddling around with the Pix.

 For purposes of this discussion, I am using PixOS 5.3, and I got a Pix 530
 with 2 interfaces.  The inside interface has a network of 192.168.1.0/24,
 and the outside interface is 50.0.0.0/8.  The inside network has a few
PC's,
 the outside network has a server at 50.5.5.5 running WWW, FTP, and telnet.
 And I always use clear xlate after I change anything on the PIX.

 1) Question on Outbound - is the documentation wrong?

 I have carefully read the documentation on the Outbound keyword.  The link
 is here for convenience:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
 mands.htm#xtocid223341

 The documentation states the following:   The outgoing_src and
 outgoing_dest outbound lists are filtered independently. If any one of the
 filters contain deny, the outbound packet is denied. When multiple rules
are
 used to filter the same packet, the best matched rule takes effect.  The
 best match is based on the IP address mask and the port range check. More
 strict IP address masks and smaller port ranges are considered a better
 match

 Now, I am not a genius, but it seems to me that this paragraph states that
 the PIX will prefer an outbound statement that is a longer match (mask or
 port number) over a lesser match.  Is that correct?

 But the fact of the matter that this does not work for me.  I have
 discovered that my PIX does not in fact do a longest match at all.   For
 example, I put in the commands:

 outbound 1 deny 0 0 0
 outbound 1 permit 50.5.5.5 255.255.255.255 0

 Then I apply it, and I find out that nobody on the inside can access the
 50.5.5.5 server, even though it seems like the second outbound statement
 should override the first statement (because it is a longer match).

 Now, those who of you who might want to know whether the Pix is working
 properly or not, or whether I applied the outbound list correctly or not,
 consider this.  I then changed the outbound statements to read this:

 outbound 1 deny 0 0 0
 outbound 1 except 50.5.5.5 255.255.255.255 0

 And I see that indeed, everybody on the internal network is indeed denied
to
 everything except the 50.5.5.5 server.  So I know the Pix is working, and
I
 am correctly applying the outbound list.

 My only conclusion that I can make is that either the documentation on the
 outbound keyword  is either seriously wrong  (and therefore it is false
that
 the Pix does a longest match)  or my Pix is seriously warped.


 2) Question on direction of Apply keyword - another error in the
 documentation?:

 Once again, referring to the documentation, this time on the Apply
keyword.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com
 mands.htm#xtocid223341

 I am interested in whether to use 'outgoing_src' or 'outgoing_dest' with
the
 'Apply' keyword.

 For example, in my above example, I always used outgoing_src.  I would do
 something like this:
 outbound 1 deny 0 0 0
 outbound 1 except 50.5.5.5 255.255.255.255 0
 apply (inside) 1 outgoing_src

 This would serve to block all access from the inside network to the
outside,
 except for the 50.5.5.5 server, which is exactly the behavior I wanted.
 If I replace the apply statement with
 apply (inside) 1 outgoing_dest
 then everybody on the internal network can go everywhere, which is not the
 desired behavior I want.  So  I believe I understand how this works.  If
 your Outbound list includes addresses of your internal PC's, then use
 outbound_dest.  If it instead contains outside addresses, use
outbound_src.
 I have tested this theory many times on my PIX, and it always follows this
 pattern.

 Then I look at the documentation examples,  and they seem to have it
 backwards.

 For example, they have the following example:
 The following example prevents inside host 192.168.1.49 from accessing
the
 World Wide Web   (port 80):

 outbound 11 deny 192.168.1.49 255.255.255.255 80 tcp

 apply (inside) 11 outgoing_src


 I went and tried this and I discovered that it doesn't work at all.  I
fire
 up a spare PC that I have, give it the address of 192.168.1.49, and attach
 it to my inside network.  I put in the above commands in the Pix, and I
 discover that the PC can go anywhere it wants, willy nilly.  The above
 outbound list never gets invoked at all.

 But I found out that when I change the Apply statement to follow my
pattern,
 instead of what the documentation says to do:

 apply (inside) 11 outgoing_dest

 Then the PC is indeed blocked.   So what's up with that?  What's screwed
up,
 the documentation 

connecting T1 modules [7:12139]

[anthony moore]

Anyone know what kind of cable to use to connect two T1 modules?  I have a
2525 with the Fractional/full T1 module(RJ45) and a 2621 with the
WIC-1DSU-T1 module(RJ45).  What kind of cable can I use to connect these
momdules?

Thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12139t=12139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT Translations and Time Left [7:12133]

[James Haynes]

Thanks for the suggestions I will try them and let you know how it turns
out.

--
James Haynes
Network Architect
Cendant IT
A+,MCSE,CCNA,CCDA,CCNP,CCDP,
CQS-SNA/IP
James Haynes  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm performing NAT translations on one of our network connections and all
is
 fine except that the server the people are connecting to is having an
 application issue. This causes them to time out waiting for a logon. They
 then try to initiate another connection and the same process occurs. If I
do
 a show ip nat translations verbose I can see the individual connections
 and the NAT having taken place (doing an overload on the address space)
and
 then these connections remain open for 24 hours. As the users keep
 attempting to open new connections the old connections remain up.


 tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194  XXX.XXX.XXX.XXX:23
 XXX.XXX.XXX.XXX:23

 create 22:12:59, use 22:12:37, left 01:47:22,

 Is there a NAT command that let's me specify how long a connection can
 remain open? Say for instance, 2 hours instead of 24?

 --
 James Haynes
 Network Architect
 Cendant IT
 A+,MCSE,CCNA,CCDA,CCNP,CCDP,
 CQS-SNA/IP


 --
 James Haynes
 Network Architect
 Cendant IT
 A+,MCSE,CCNA,CCDA,CCNP,CCDP,
 CQS-SNA/IP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12140t=12133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Asynch on 3640 [7:12142]

[No Data]

Im trying to configure a my 3640 to dial a ppp server
and then route ip over that link.  It will stay up
permanently until the frame connection comes back up. 
Im putting a wic-2a/s into wic1 on the NM in slot 1. 
First off Im not real sure how the line numbering will
go (cisco's site is pretty meager unless its an 8 or
16 port NM).  Secondly how do I configure this to just
dial out?  Im thinking.

line #
speed 115200
flowcontrol hardware
transport input all
stopbits 1
modem inout
modem autoconfigure type usr_sportster

int serial #  (this is how I think the a/s will show
up)
encapsulation ppp
async dynamic address
ppp authenticaion pap
dialer-map ip ?.?.?.? name destination 555-1212
ppp pap sent-username ### password ###

then put a static route in and ping the destination. 
Does this look even remotely correct.

Ben

__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12142t=12142
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[John Neiberger]

This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would appreciate it if you kept this under
your hat.

Regards

Charlie


 --- Mears, Rob  wrote:  Any one ever had
a problem loading IOS on a 3660 right out of the
 box? I
 have one with 64meg flash and 256 ram and the damn thing will not
 come out
 of RMMON. I have set the confreg to boot correctly still RMMON. I
 have
 flashed it with two different IOS (12112.2), swapped out Flash,
 MEM, even
 sent the chassis back to Cisco and the new one had the same
 problem. TAC has
 no clue, they have been sending me part and giving me to different
 Engineer
 with no luck.
 
 What gives?
 
 Rob
[EMAIL PROTECTED] 


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk 
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12141t=12135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sniffer [7:12143]

[Larry Ogun-Banjo]

Does anyone know if there is a CBT on Sniffers or similar analyzers?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12143t=12143
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT Translations and Time Left [7:12133]

[Allen May]

I don't know the answer but you might look up the timeout command on the PIX
(if that's what you have) and see if that helps.

Allen

- Original Message -
From: James Haynes 
To: 
Sent: Thursday, July 12, 2001 9:48 AM
Subject: NAT Translations and Time Left [7:12133]


 I'm performing NAT translations on one of our network connections and all
is
 fine except that the server the people are connecting to is having an
 application issue. This causes them to time out waiting for a logon. They
 then try to initiate another connection and the same process occurs. If I
do
 a show ip nat translations verbose I can see the individual connections
 and the NAT having taken place (doing an overload on the address space)
and
 then these connections remain open for 24 hours. As the users keep
 attempting to open new connections the old connections remain up.


 tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194  XXX.XXX.XXX.XXX:23
 XXX.XXX.XXX.XXX:23

 create 22:12:59, use 22:12:37, left 01:47:22,

 Is there a NAT command that let's me specify how long a connection can
 remain open? Say for instance, 2 hours instead of 24?

 --
 James Haynes
 Network Architect
 Cendant IT
 A+,MCSE,CCNA,CCDA,CCNP,CCDP,
 CQS-SNA/IP


 --
 James Haynes
 Network Architect
 Cendant IT
 A+,MCSE,CCNA,CCDA,CCNP,CCDP,
 CQS-SNA/IP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12144t=12133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ccie lab setup [7:12145]

[Brian Clark]

Hey, can everyone help me with setting up a good CCIE lab. I need to know
what equipment would be the best to purchase for the lab. I will use it to
study for both CCNP and CCIE. My budget is between $5000-$7000. Any and all
replies would be greatly appreciated.



Thanks,

Brian Clark - A+, Network+, CCA, MCP 2000, CCNA
Network Specialist
Valley Services, Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12145t=12145
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Want to attend Networkers??? (Chicago - 7/16-7/20) [7:12146]

[Riisen, Robert (1128)]

If anyone is interested in going to Cisco Networkers (Chicago 7/16-7/20),
please let me know immediately.  I have 2 passes that I can sell at
substantially less than the early registration (at least half price) .  I'll
take the first reasonable offer.  Please let me know ASAP as the conference
is next week.  

We could jointly conference Networkers registration to transfer the name(s).
I can also assist with hotel registration, if you are concerned about lack
of hotel availability.

TIA,
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12146t=12146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN implementation [7:12063]

[Ayers, Michael]

I'd recommend a 3620 in the head office, with 2611's @ the remote sites.
You need extra RAM, flash, and IP+56 feature set.  As to the configs, there
are plenty of examples @ Cisco.com.  I found a LOT of info on VPN.  You just
have to be diligent and dig. 

Michael


 -Original Message-
From:   Tony Medeiros [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, July 11, 2001 11:06 PM
To: [EMAIL PROTECTED]
Subject:Re: VPN implementation [7:12063]

Lets see,
You want a free VPN design complete with bill of materials,  Reasons backing
up this design so you can present it to you customer.  And design of
integration of said solution into your customers existing network, again for
free.

And you want it ASAP

GEZE 

(Sorry everybody,  This post got to me,  At least he said Kindly)

- Original Message -
From: Ranjit Sabherwal 
To: 
Sent: Wednesday, July 11, 2001 10:28 PM
Subject: VPN implementation [7:12063]


 My customer wants to implement VPN over Internet between 4 offices,
namely;
 Delhi, Chennai, Bangalore and Bombay. He wants a very very secured
network.
 I want to know as to what all things are required for secured
implementation
 of VPN and why. In other words, i want a full VPN solution. The customer
 wants that there should be proper tunneling between its offices so that
the
 data is secured.What all VPN devices are required and where should they be
 installed(Consider that Delhi is the head office) Kindly enlighten me on
 this issue ASAP as i have to give the solution as early as possible. I
went
 through the Cisco site also but failed to arrive at a solution.
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12147t=12063
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN implementation [7:12063]

[Sam Sneed]

And this had what to do with Cisco certification or products? It doesn't
seem that you are asking a question on advice or for an approach. You want a
total VPN plan and design to present to your customer for direct monetary
gain not for the pursuit of knowledge. Right

Pay a consultant.


Ranjit Sabherwal  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 My customer wants to implement VPN over Internet between 4 offices,
namely;
 Delhi, Chennai, Bangalore and Bombay. He wants a very very secured
network.
 I want to know as to what all things are required for secured
implementation
 of VPN and why. In other words, i want a full VPN solution. The customer
 wants that there should be proper tunneling between its offices so that
the
 data is secured.What all VPN devices are required and where should they be
 installed(Consider that Delhi is the head office) Kindly enlighten me on
 this issue ASAP as i have to give the solution as early as possible. I
went
 through the Cisco site also but failed to arrive at a solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12148t=12063
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Giles, 2nd Edition Errata [7:11858]

[Jaspreet Bhatia]

John,
Take my advice . STAY OFF GILES ... this is the
most
confusing book I have read in my entire career as a Network Engineer . Its
full of
useless ,crappy information and trivia that will just end up confusing you
...

Jaspreet

John Neiberger wrote:

 Do any of you know where to find an errata for the 2nd edition of the
 All-in-One CCIE Study Guide?  I've found the first edition errata in
several
 locations but no luck so far with the second book.

 I've found many errors already, especially in the end-of-chapter practice
 quizzes.  Considering that this is the last book I'll read before the test
 on Saturday, I'd like to get the correct information.  :-)  I'd hate to get
 confused this late in the game!

 Thanks,
 John

 ___
 Send a cool gift with your E-Card
 http://www.bluemountain.com/giftcenter/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12149t=11858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

AAA and TACACS+ [7:12150]

[anthony moore]

Can I use a TACAC+ server to restrict access between two networks?  I have a
corporate network and a development network separated by a router.  Each
network is off of an ethernet interface on the router.  I want to restrict
access between these two networks, not based on IP addresses but based on
User accounts.  Is this possible using AAA and TACACS+.  What are the
limitations.  Can I use a TACACS+ server to retrict certain ports based on
usernames/passwords or can I only  use it to restrict IP addresses?

Thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12150t=12150
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Want to attend Networkers??? (Chicago - 7/16-7/20) [7:12152]

[PHIMHONGKONG]

i saw u posted this message alot

Noone bought any ticket from you
:-(


Riisen, Robert (1128)  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If anyone is interested in going to Cisco Networkers (Chicago 7/16-7/20),
 please let me know immediately.  I have 2 passes that I can sell at
 substantially less than the early registration (at least half price) .
I'll
 take the first reasonable offer.  Please let me know ASAP as the
conference
 is next week.

 We could jointly conference Networkers registration to transfer the
name(s).
 I can also assist with hotel registration, if you are concerned about lack
 of hotel availability.

 TIA,
 Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12152t=12152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Network addresses [7:11990]

[Ayers, Michael]

Elmer,
Novell just randomly picks numbers, probably a function of the hardware's
SN, and maybe Date Time.  Point is, I would prefer to use a coherent scheme
for net ID's, and would be removing any Frame types I'm not using.  If you
ever add another Novell server, you MUST make sure that the new server is
set with these hardware ID's.

The best way to understand this is to read the Cisco material for CCNA on
IPX sub interfaces.  It explains that each frame type must be a separate
network, and if you have older systems running Novell_ether(802.3...No LLC)
and newer ones running SAP (802.3+802.2LLC) on the same segment, you can
have the router route between sub-interfaces by encapsulating 2 sub-ifs, one
with novell_ether, and the other with sap.  You do have to specify the
network ID's per sub-if.




Thank You,


Michael Ayers
Network Engineer
  OneNeck IT Services
(480) 539-2203
(800) 272-3077


 -Original Message-
From:   Elmer Deloso [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, July 12, 2001 5:41 AM
To: [EMAIL PROTECTED]
Subject:RE: IPX Network addresses [7:11990]

Thanks for all the responses. This is the only IPX speaking box on the wire
and the first NW5.1 server to be brought up. I understand that it supports
and automatically loads all IPX frame types by default if IPX is chosen
along with the default and preferred IP protocol. From the replies it seems
that each frame type would belong to a DIFFERENT IPX network? Or is it just
DIFFERENT WAYS of writing out IPX network addresses depending on the frame
type used?
Again, thanks for the enlightenment.

Elmer

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 4:29 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Interesting. Why would it generate network numbers, though? Shouldn't 
network numbers be manually configured?

Priscilla

At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote:
I finally feel qualified to comment on a question on this list (having
worked with NetWare for the past 6 years)

The addresses you're seeing are generated automatically.  What's happening
here is that the new server has every single Ethernet frame type loaded,
and
as a result is using different IPX network number for every frame type.
New
3.x and 4.x servers will do this if you perform an install using all the
defaults.  You need to run INSTALL (or NWCONFIG if 5.x), edit the
AUTOEXEC.NCF and remove all BIND statements referencing frame types you
don't want to use.  Ethernet_II is preferred.

NetWare 5.x is more restrained and tries to use IP only.

  Ayers, Michael  07/11/01 12:12PM 
Those were either auto generated, or picked up from reading frames on the
wire.


-Original Message-
From:   Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent:   Wednesday, July 11, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject:IPX Network addresses [7:11990]

hi, group.
I just noticed that after installing NetWare server, it gave me this info
regarding types of IPX frames:
Frame type  Network address
Ethernet_802.2  3D410DCD
Ethernet_802.3  1E0F4F9E
Ethernet_SNAP   FF994BB0
Ethernet_II D393B805

For the IPX gurus in the group, can someone tell me if there is some type
of
logic as to how the network address is translated from the type of frame
used?
Just to answer my curiosity.
Thank you.


Priscilla Oppenheimer
http://www.priscilla.com
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12153t=11990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

4000 verses 4500M and 4700M [7:12154]

[Ahmed Mamoor Amimi]

Hi,
Can anyone tell me the difference b/w 4000 and 4500M.
The price for 4000 used is very low as compared to 4500M or 4700M. I
think there is no difference except of memory.
Please correct me

Thanks,
Mamoor
CNE CCIP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12154t=12154
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: connecting T1 modules [7:12139]

[Ayers, Michael]

Look up the pinout of each rj45  I think it's a roll cable, but you need to
connect TX to RX and Visa Versa.  Make sure you set up clocking one external
and one internal


-Original Message-
From:   anthony moore [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, July 12, 2001 8:13 AM
To: [EMAIL PROTECTED]
Subject:connecting T1 modules [7:12139]

Anyone know what kind of cable to use to connect two T1 modules?  I have a
2525 with the Fractional/full T1 module(RJ45) and a 2621 with the
WIC-1DSU-T1 module(RJ45).  What kind of cable can I use to connect these
momdules?

Thanks
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12155t=12139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: catalyst 5000 rebooted [7:12101]

[Ahmed Mamoor Amimi]

I think ur cooling fan is not working properly or there is a problem with the
cooling
do ur 5000 gives u any messeges on the screen like over temp.
most prob it is because of cooling... try putting in a chilled room for test
-Mamoor

Arun wrote:

 hi
 we have catalyst 5000 in our organization and last week oneof our catalyst
 5000 rebooted bu its own ...can anyboby tell me what could be the probabale
 cause or where one shoulb be looking for it ...
 how do i start looking for it .Please help
 this reboot has caused the services to be stopped for 15 minutes and it is
 really big issue for us why it happened ...i think i am totally stuck
 ..can anybody give a a start .

 Regards

 Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12156t=12101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Giles, 2nd Edition Errata [7:11858]

[John Neiberger]

So far I've found it to be interesting, but while reading I got the
impression that it had WAY too much detail in some areas and not nearly
enough detail in others.  You're right, it might be tempting to try to
remember all the details that he packs in there when a large number of
them most likely wouldn't be on the test.

It also has a large number of errors, and even though many of them are
fairly minor, they can be confusing because they often present
contradictory information.  The answer keys to the test questions are
especially spooky!  I've found a few examples where your choices might
be A,B,C, or D and the answer in the key is G!  heh heh you can't
win like that.

Thanks for the tips!

John

 Jaspreet Bhatia  7/12/01 10:05:34 AM 
John,
Take my advice . STAY OFF GILES ... this is
the
most
confusing book I have read in my entire career as a Network Engineer .
Its
full of
useless ,crappy information and trivia that will just end up confusing
you
...

Jaspreet

John Neiberger wrote:

 Do any of you know where to find an errata for the 2nd edition of
the
 All-in-One CCIE Study Guide?  I've found the first edition errata in
several
 locations but no luck so far with the second book.

 I've found many errors already, especially in the end-of-chapter
practice
 quizzes.  Considering that this is the last book I'll read before the
test
 on Saturday, I'd like to get the correct information.  :-)  I'd hate
to get
 confused this late in the game!

 Thanks,
 John

 ___
 Send a cool gift with your E-Card
 http://www.bluemountain.com/giftcenter/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12157t=11858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Bob Johnson]

Telco requirements are quite strict
There are Bellcore standards that are used at all central offices.
It has nothing to do with the goverment but will Bell ensurring that any
third party equipment will:
1) Fit in telco racks
2) No physically interfer with other equipment in telco racks
3) Not add to the fire load
4) Not cause any undue electrical problems (NEBS grounding, etc)

It's all really for infrastructure protection
Too bad they didn't have a Telco version of the IOS.

Bob

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would appreciate it if you kept this under
your hat.

Regards

Charlie


 --- Mears, Rob  wrote:  Any one ever had
a problem loading IOS on a 3660 right out of the
 box? I
 have one with 64meg flash and 256 ram and the damn thing will not
 come out
 of RMMON. I have set the confreg to boot correctly still RMMON. I
 have
 flashed it with two different IOS (12112.2), swapped out Flash,
 MEM, even
 sent the chassis back to Cisco and the new one had the same
 problem. TAC has
 no clue, they have been sending me part and giving me to different
 Engineer
 with no luck.
 
 What gives?
 
 Rob
[EMAIL PROTECTED] 


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk 
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted 

Re: port block unicast and multicast [7:12052]

[Priscilla Oppenheimer]

It is monitoring other ports. I did the three steps: enable the feature, 
configure the monitor port, and configure the monitored port. It is seeing 
traffic, but not multicasts.

It seems to disable unknown unicast and unregistered multicasts on the 
monitor port no matter what you do. I have decided that it's to protect the 
user from trouble. If you turned this feature on while the monitor port was 
connected to something more than just an analyzer, you could cause problems 
(even loops?)

Priscilla

At 10:53 PM 7/11/01, Marty Adkins wrote:
Priscilla Oppenheimer wrote:
 
  Has anyone seen this and is there a workaround?
 
  On a Catalyst 1900 switch enterprise edition, the software has decided
that
  one of my ports should not flood unknown unicast or multicast. This
  wouldn't be a problem except that the port is also my monitor port for
  sniffing packets, and I WANT to see unknown unicast and multicast. I'm
  trying to see EIGRP, CDP, etc. from a router connected to another port.
The
  monitoring is working, but I'm not seeing multicasts.
 
  SwitchA#show int e 0/1
  Hardware is Built-in 10Base-T
  Address is 00B0.6426.7941
  MTU 1500 bytes, BW 1 Kbits
  802.1d STP State:  Forwarding Forward Transitions:  1
  Unknown unicast flooding: Disabled
  Unregistered multicast flooding: Disabled
  Duplex setting: Half duplex
  Back pressure: Disabled
 
  See how it says that unknown unicast and unregistered multicast are
  disabled? It doesn't say that for any of the other ports.
 [snip]

Priscilla,
This is apparently an intentional side effect of enabling a port for
SPAN/port monitoring, according to:
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x/19icweb.htm#xtocid482036
So your analyzer would get only broadcasts until you configure it to
monitor (copy) other ports on the switch.  Those other ports will be
getting unknowns and multicast so your monitor port will see a copy.

I agree that this behavior is different than all the other Cisco switches
including XLs, 4xxx, 5xxx, and 6xxx.

- Marty




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12159t=12052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ccie lab setup [7:12145]

[Ahmed Mamoor Amimi]

Brian,
U can use as under

the price are approx
2501$600 x 2
2502$450 or less
2503$800 or less
2521$900
two 1912EN switch $1000both

for heavy stuff like 5000 and voIP

5000 loaded sup1$2300
2620$1300
1750$900
voIP modules$700

This is the complete lab except ATM.

my advice is to stuck with 2500 series routers they are really good

ooohhh!!
one router left for reverse telneting
500-C$400

-Mamoor
CCIENETWORK+MCTMCSE2000CNE
I am from Pakistan (proud to be)..



Brian Clark wrote:

 Hey, can everyone help me with setting up a good CCIE lab. I need to know
 what equipment would be the best to purchase for the lab. I will use it to
 study for both CCNP and CCIE. My budget is between $5000-$7000. Any and all
 replies would be greatly appreciated.

 Thanks,

 Brian Clark - A+, Network+, CCA, MCP 2000, CCNA
 Network Specialist
 Valley Services, Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12160t=12145
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: port block unicast and multicast [7:12052]

[Quek, Steven]

Hi,

So far I have not heard any response for this.
Anyone care to provide the info?

Thanks in advance.

With regards
Steven Quek

-Original Message-
From: Quek, Steven 
Sent: Thursday, July 12, 2001 6:02 PM
To: [EMAIL PROTECTED]
Subject: RE: port block unicast and multicast [7:12052]


Hi,

I am glad that this topic is discussed here. In fact currently I am doing
a project that is trying to make use of the Port Monitoring/SPAN
feature as a form of keepalive  duplicate traffic discovery 
with a third party product. I won't go into that detail.

I had read the portion of info at the directed web link. But would like to
confirm my doubts. I need all the valuable advise and inputs from all of
you. 

May be I am poor in my English to interpret this. Appreciate to confirm,
does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
have the similar feature of blocking Unknow Unicast  Unregistered Multicast

from forwarding through the Source port  not reaching the destination
directed ports?
The traffic is also not forwarded out of the connected port to the connected
neighbouring
port?

Source Switch Port1Router-WAN
|   ^
Mirrored Traffic---|   |
|Eth
  Destine Switch Port2

Based on the above diagram for simple discussion.

Does that means EIGRP routing entries will be discarded at the Switch Port1
 not updated to the Router
Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
application, ...etc, will not able
to pass through the Monitored port?

Lastly, is there a way to enable all traffic to flow through the Monitored
switch port?

Hope to hear some comments on this. Apprecaite the inputs.

Cheers.

regard
Steven Quek

-Original Message-
From: Marty Adkins [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: port block unicast and multicast [7:12052]


Priscilla Oppenheimer wrote:
 
 Has anyone seen this and is there a workaround?
 
 On a Catalyst 1900 switch enterprise edition, the software has decided
that
 one of my ports should not flood unknown unicast or multicast. This
 wouldn't be a problem except that the port is also my monitor port for
 sniffing packets, and I WANT to see unknown unicast and multicast. I'm
 trying to see EIGRP, CDP, etc. from a router connected to another port.
The
 monitoring is working, but I'm not seeing multicasts.
 
 SwitchA#show int e 0/1
 Hardware is Built-in 10Base-T
 Address is 00B0.6426.7941
 MTU 1500 bytes, BW 1 Kbits
 802.1d STP State:  Forwarding Forward Transitions:  1
 Unknown unicast flooding: Disabled
 Unregistered multicast flooding: Disabled
 Duplex setting: Half duplex
 Back pressure: Disabled
 
 See how it says that unknown unicast and unregistered multicast are
 disabled? It doesn't say that for any of the other ports.
[snip]

Priscilla,
This is apparently an intentional side effect of enabling a port for
SPAN/port monitoring, according to:
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x
/19icweb.htm#xtocid482036
So your analyzer would get only broadcasts until you configure it to
monitor (copy) other ports on the switch.  Those other ports will be
getting unknowns and multicast so your monitor port will see a copy.

I agree that this behavior is different than all the other Cisco switches
including XLs, 4xxx, 5xxx, and 6xxx.

- Marty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12161t=12052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT Translations and Time Left [7:12133]

[[EMAIL PROTECTED]]

You can change the IP translation timeout by issuing 
timeout xlate hh:mm:ss
 I don't know the answer but you might look up the timeout command on the
PIX
 (if that's what you have) and see if that helps.
 
 Allen
 
 - Original Message -
 From: James Haynes 
 To: 
 Sent: Thursday, July 12, 2001 9:48 AM
 Subject: NAT Translations and Time Left [7:12133]
 
 
  I'm performing NAT translations on one of our network connections and all
 is
  fine except that the server the people are connecting to is having an
  application issue. This causes them to time out waiting for a logon. They
  then try to initiate another connection and the same process occurs. If I
 do
  a show ip nat translations verbose I can see the individual connections
  and the NAT having taken place (doing an overload on the address space)
 and
  then these connections remain open for 24 hours. As the users keep
  attempting to open new connections the old connections remain up.
 
 
  tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194  XXX.XXX.XXX.XXX:23
  XXX.XXX.XXX.XXX:23
 
  create 22:12:59, use 22:12:37, left 01:47:22,
 
  Is there a NAT command that let's me specify how long a connection can
  remain open? Say for instance, 2 hours instead of 24?
 
  --
  James Haynes
  Network Architect
  Cendant IT
  A+,MCSE,CCNA,CCDA,CCNP,CCDP,
  CQS-SNA/IP
 
 
  --
  James Haynes
  Network Architect
  Cendant IT
  A+,MCSE,CCNA,CCDA,CCNP,CCDP,
  CQS-SNA/IP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12162t=12133
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 4000 verses 4500M and 4700M [7:12154]

[Frank Kim]

Ahmed,
The 4000 can go up to 16megs of ram.  With the 'm' added to it, which is
'memory enhanced', it can go up to 32megs of ram.  There is also a major
difference between the 4000m vs 4500m.  The cpu on the 4000m is a weak ass
motorola 40mhz cpu.  While on the 4500m, you get a 100mhz RISC cpu.  With
the new 12.2 ios, you can even do MLS and 802.1q vlan routing on the 4500m
with just 10mbps ethernet interfaces.  Now with the 4700m, you can
potentially go up to 64megs of dram.  The cpu on that is the same as the
4500m, but it's 133mhz instead of 100mhz.  Some cheap companies like mine
still use a 4700m for bgp routing.  Of course you have to run older codes
for it such as 11.3 in order to have enough ram to store full bgp table,
assuming you're using 64megs of ram.

If you wish to get a 4500m with 2 ethernet ports to do 802.1q vlan
routing, you can get it from me also.  I purchased about 50 of these 4500m
when i found out that it can do vlan routing on just 10mbps ethernet
interfaces, on 12.2 code of course.

-Frank

 On Thu, 12 Jul 2001, Ahmed Mamoor
Amimi wrote:

 Hi,
 Can anyone tell me the difference b/w 4000 and 4500M.
 The price for 4000 used is very low as compared to 4500M or 4700M. I
 think there is no difference except of memory.
 Please correct me
 
 Thanks,
 Mamoor
 CNE CCIP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12163t=12154
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Network addresses [7:11990]

[Priscilla Oppenheimer]

Yes, each frame type is associated with a different network number. They 
are not different representations of the same network number. They are 
different networks.

Broadcast domains have nothing to do with it. If all devices in these four 
networks are connected via hubs or switches, they see each other's 
broadcasts. They process the broadcasts at the data-link-layer and only 
process them further if they are running the same Ethernet frame type.

If these are really internal network numbers, then the question is moot. 
Internal network numbers don't need a frame type!?

Priscilla

At 10:46 AM 7/12/01, Hire, Ejay wrote:
Each different frame type acts as a separate broadcast domain, thus they
have different network numbers.

-Original Message-
From: Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Thanks for all the responses. This is the only IPX speaking box on the wire
and the first NW5.1 server to be brought up. I understand that it supports
and automatically loads all IPX frame types by default if IPX is chosen
along with the default and preferred IP protocol. From the replies it seems
that each frame type would belong to a DIFFERENT IPX network? Or is it just
DIFFERENT WAYS of writing out IPX network addresses depending on the frame
type used?
Again, thanks for the enlightenment.

Elmer

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 4:29 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Interesting. Why would it generate network numbers, though? Shouldn't
network numbers be manually configured?

Priscilla

At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote:
 I finally feel qualified to comment on a question on this list (having
 worked with NetWare for the past 6 years)
 
 The addresses you're seeing are generated automatically.  What's happening
 here is that the new server has every single Ethernet frame type loaded,
and
 as a result is using different IPX network number for every frame type.
New
 3.x and 4.x servers will do this if you perform an install using all the
 defaults.  You need to run INSTALL (or NWCONFIG if 5.x), edit the
 AUTOEXEC.NCF and remove all BIND statements referencing frame types you
 don't want to use.  Ethernet_II is preferred.
 
 NetWare 5.x is more restrained and tries to use IP only.
 
   Ayers, Michael  07/11/01 12:12PM 
 Those were either auto generated, or picked up from reading frames on the
 wire.
 
 
 -Original Message-
 From:   Elmer Deloso [mailto:[EMAIL PROTECTED]]
 Sent:   Wednesday, July 11, 2001 11:31 AM
 To: [EMAIL PROTECTED]
 Subject:IPX Network addresses [7:11990]
 
 hi, group.
 I just noticed that after installing NetWare server, it gave me this info
 regarding types of IPX frames:
 Frame type  Network address
 Ethernet_802.2  3D410DCD
 Ethernet_802.3  1E0F4F9E
 Ethernet_SNAP   FF994BB0
 Ethernet_II D393B805
 
 For the IPX gurus in the group, can someone tell me if there is some type
of
 logic as to how the network address is translated from the type of frame
 used?
 Just to answer my curiosity.
 Thank you.


Priscilla Oppenheimer
http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12165t=11990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: connecting T1 modules [7:12139]

[Jon Krabbenschmidt]

You can use a cat5 cable pin out is 1245 to 4512

Jon

-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 9:25 AM
To: [EMAIL PROTECTED]
Subject: RE: connecting T1 modules [7:12139]


Look up the pinout of each rj45  I think it's a roll cable, but you need to
connect TX to RX and Visa Versa.  Make sure you set up clocking one external
and one internal


-Original Message-
From:   anthony moore [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, July 12, 2001 8:13 AM
To: [EMAIL PROTECTED]
Subject:connecting T1 modules [7:12139]

Anyone know what kind of cable to use to connect two T1 modules?  I have a
2525 with the Fractional/full T1 module(RJ45) and a 2621 with the
WIC-1DSU-T1 module(RJ45).  What kind of cable can I use to connect these
momdules?

Thanks
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12164t=12139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Network addresses [7:11990]

[Elmer Deloso]

Thanks all.
Does makes sense now. I still like IPX better than IP for small LANs. At
least no ICMP attacks / DDOS to worry about.

Elmer

-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:21 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Elmer,
Novell just randomly picks numbers, probably a function of the hardware's
SN, and maybe Date Time.  Point is, I would prefer to use a coherent scheme
for net ID's, and would be removing any Frame types I'm not using.  If you
ever add another Novell server, you MUST make sure that the new server is
set with these hardware ID's.

The best way to understand this is to read the Cisco material for CCNA on
IPX sub interfaces.  It explains that each frame type must be a separate
network, and if you have older systems running Novell_ether(802.3...No LLC)
and newer ones running SAP (802.3+802.2LLC) on the same segment, you can
have the router route between sub-interfaces by encapsulating 2 sub-ifs, one
with novell_ether, and the other with sap.  You do have to specify the
network ID's per sub-if.




Thank You,


Michael Ayers
Network Engineer
  OneNeck IT Services
(480) 539-2203
(800) 272-3077


 -Original Message-
From:   Elmer Deloso [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, July 12, 2001 5:41 AM
To: [EMAIL PROTECTED]
Subject:RE: IPX Network addresses [7:11990]

Thanks for all the responses. This is the only IPX speaking box on the wire
and the first NW5.1 server to be brought up. I understand that it supports
and automatically loads all IPX frame types by default if IPX is chosen
along with the default and preferred IP protocol. From the replies it seems
that each frame type would belong to a DIFFERENT IPX network? Or is it just
DIFFERENT WAYS of writing out IPX network addresses depending on the frame
type used?
Again, thanks for the enlightenment.

Elmer

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 4:29 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX Network addresses [7:11990]


Interesting. Why would it generate network numbers, though? Shouldn't 
network numbers be manually configured?

Priscilla

At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote:
I finally feel qualified to comment on a question on this list (having
worked with NetWare for the past 6 years)

The addresses you're seeing are generated automatically.  What's happening
here is that the new server has every single Ethernet frame type loaded,
and
as a result is using different IPX network number for every frame type.
New
3.x and 4.x servers will do this if you perform an install using all the
defaults.  You need to run INSTALL (or NWCONFIG if 5.x), edit the
AUTOEXEC.NCF and remove all BIND statements referencing frame types you
don't want to use.  Ethernet_II is preferred.

NetWare 5.x is more restrained and tries to use IP only.

  Ayers, Michael  07/11/01 12:12PM 
Those were either auto generated, or picked up from reading frames on the
wire.


-Original Message-
From:   Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent:   Wednesday, July 11, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject:IPX Network addresses [7:11990]

hi, group.
I just noticed that after installing NetWare server, it gave me this info
regarding types of IPX frames:
Frame type  Network address
Ethernet_802.2  3D410DCD
Ethernet_802.3  1E0F4F9E
Ethernet_SNAP   FF994BB0
Ethernet_II D393B805

For the IPX gurus in the group, can someone tell me if there is some type
of
logic as to how the network address is translated from the type of frame
used?
Just to answer my curiosity.
Thank you.


Priscilla Oppenheimer
http://www.priscilla.com
Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12166t=11990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ccie lab setup [7:12145]

[Harrison, Michael]

What about a MC3810?  That has a Multi-Function T1 mod that can do native
Frame or ATM.  That takes care of the ATM (assuming that you had 2 MC3810s).
It also has telephone ports for plugging in standard phones, faxes or
modems.  Using async modems you can do DDR and backup labs with these
instead of buying a telephone simulator or having multiple lines in the
house.  So you can do VoIP, VoFR and VoATM with these 2 routers and you can
get well optioned but older ones for about 1500 each.  I have 2 of them but
I have not gotten to the ATM or Voice parts of my studies yet.

-Original Message-
From: Ahmed Mamoor Amimi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:40 PM
To: [EMAIL PROTECTED]
Subject: Re: ccie lab setup [7:12145]


Brian,
U can use as under

the price are approx
2501$600 x 2
2502$450 or less
2503$800 or less
2521$900
two 1912EN switch $1000both

for heavy stuff like 5000 and voIP

5000 loaded sup1$2300
2620$1300
1750$900
voIP modules$700

This is the complete lab except ATM.

my advice is to stuck with 2500 series routers they are really good

ooohhh!!
one router left for reverse telneting
500-C$400

-Mamoor
CCIENETWORK+MCTMCSE2000CNE
I am from Pakistan (proud to be)..



Brian Clark wrote:

 Hey, can everyone help me with setting up a good CCIE lab. I need to know
 what equipment would be the best to purchase for the lab. I will use it to
 study for both CCNP and CCIE. My budget is between $5000-$7000. Any and
all
 replies would be greatly appreciated.

 Thanks,

 Brian Clark - A+, Network+, CCA, MCP 2000, CCNA
 Network Specialist
 Valley Services, Inc.
Blue Cross Blue Shield of Florida, Inc., and its subsidiary and 
affiliate companies are not responsible for errors or omissions in this
e-mail message. Any personal comments made in this e-mail do not reflect the
views of Blue Cross Blue Shield of Florida, Inc.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12167t=12145
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: connecting T1 modules [7:12139]

[Daniel Cotts]

T-1s use pins 12 and 45. So make a special crossover cable: 1 to 4, 2 to
5, 4 to 1, 5 to 2. You can use a pair of RJ-45 jacks for the crossover using
some spare wire - then use regular patch cables from the jacks to the
routers.

Side note: 56k uses pins 12 and 78. A console rollover cable works fine
for that.

 -Original Message-
 From: anthony moore [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 12, 2001 10:13 AM
 To: [EMAIL PROTECTED]
 Subject: connecting T1 modules [7:12139]
 
 
 Anyone know what kind of cable to use to connect two T1 
 modules?  I have a
 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the
 WIC-1DSU-T1 module(RJ45).  What kind of cable can I use to 
 connect these
 momdules?
 
 Thanks
 Report misconduct 
 and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12168t=12139
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Peter Slow]

Uhh, they do!
c3660-telcoent-mz.121-5.T9.bin

-Original Message-
From: Bob Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Telco requirements are quite strict
There are Bellcore standards that are used at all central offices.
It has nothing to do with the goverment but will Bell ensurring that any
third party equipment will:
1) Fit in telco racks
2) No physically interfer with other equipment in telco racks
3) Not add to the fire load
4) Not cause any undue electrical problems (NEBS grounding, etc)

It's all really for infrastructure protection
Too bad they didn't have a Telco version of the IOS.

Bob

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would appreciate it if you kept this under
your hat.

Regards

Charlie


 --- Mears, Rob  wrote:  Any one ever had
a problem loading IOS on a 3660 right out of the
 box? I
 have one with 64meg flash and 256 ram and the damn thing will not
 come out
 of RMMON. I have set the confreg to boot correctly still RMMON. I
 have
 flashed it with two different IOS (12112.2), swapped out Flash,
 MEM, even
 sent the chassis back to Cisco and the new one had the same
 problem. TAC has
 no clue, they have been sending me part and giving me to different
 Engineer
 with no luck.
 
 What gives?
 
 Rob
[EMAIL 

RE: port block unicast and multicast [7:12052]

[Priscilla Oppenheimer]

See some comments below.

At 06:01 AM 7/12/01, Quek, Steven wrote:
Hi,

I am glad that this topic is discussed here. In fact currently I am doing
a project that is trying to make use of the Port Monitoring/SPAN
feature as a form of keepalive  duplicate traffic discovery
with a third party product. I won't go into that detail.

I had read the portion of info at the directed web link. But would like to
confirm my doubts. I need all the valuable advise and inputs from all of
you.

May be I am poor in my English to interpret this. Appreciate to confirm,
does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
have the similar feature of blocking Unknow Unicast  Unregistered Multicast

I have only seen this with the Cat 1900. You will need to check Cisco 
documentation for the other switches. I checked the 6xxx and 5xxx 
documentation and monitoring multicasts is enabled by default for those 
switches. Multicasts are not blocked.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/span.htm#xtocid147020

Monitoring multicasts is configurable. See this command:

set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx | 
tx | both] [inpkts {enable | disable}] [learning {enable | disable}] 
[multicast {enable | disable}]
[filter vlans...] [create]



from forwarding through the Source port  not reaching the destination
directed ports?
The traffic is also not forwarded out of the connected port to the connected
neighbouring
port?

 Source Switch Port1Router-WAN
 |   ^
Mirrored Traffic---|   |
 |Eth
   Destine Switch Port2

Based on the above diagram for simple discussion.

Does that means EIGRP routing entries will be discarded at the Switch Port1
 not updated to the Router

I am assuming that EIGRP multicasts arrive from the router at switch port 1 
in your diagram, and port 1 is the monitored (mirrored) port and port 2 is 
the monitor port where the analyzer resides. You will not see the EIGRP 
multicasts on the destination (monitor) port 2 when using a Cat 1900. The 
EIGRP multicasts should go out all other ports on the switch (depending on 
VLAN and other configurations.) So, it won't cause any operational problems 
on a network. It just makes monitoring difficult.

Note that EIGRP uses multicasts for hellos. It sends routing updates 
directly to neighbors, so you would see those on the monitor port.

Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
application, ...etc, will not able
to pass through the Monitored port?

I also do not see CDP on my monitor port on my Cat 1900. I haven't tried 
multicast video or other applications.


Lastly, is there a way to enable all traffic to flow through the Monitored
switch port?

Well, it blocks unregistered multicasts. Theoretically you could 
register the port to receive multicasts. I don't know how, though. IGMP?

Sorry, I don't know more about this. I'm just discovering the problems 
myself. But I think it's just a Cat 1900 problem.

Priscilla


Hope to hear some comments on this. Apprecaite the inputs.

Cheers.

regard
Steven Quek

-Original Message-
From: Marty Adkins [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: port block unicast and multicast [7:12052]


Priscilla Oppenheimer wrote:
 
  Has anyone seen this and is there a workaround?
 
  On a Catalyst 1900 switch enterprise edition, the software has decided
that
  one of my ports should not flood unknown unicast or multicast. This
  wouldn't be a problem except that the port is also my monitor port for
  sniffing packets, and I WANT to see unknown unicast and multicast. I'm
  trying to see EIGRP, CDP, etc. from a router connected to another port.
The
  monitoring is working, but I'm not seeing multicasts.
 
  SwitchA#show int e 0/1
  Hardware is Built-in 10Base-T
  Address is 00B0.6426.7941
  MTU 1500 bytes, BW 1 Kbits
  802.1d STP State:  Forwarding Forward Transitions:  1
  Unknown unicast flooding: Disabled
  Unregistered multicast flooding: Disabled
  Duplex setting: Half duplex
  Back pressure: Disabled
 
  See how it says that unknown unicast and unregistered multicast are
  disabled? It doesn't say that for any of the other ports.
 [snip]

Priscilla,
This is apparently an intentional side effect of enabling a port for
SPAN/port monitoring, according to:
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x
/19icweb.htm#xtocid482036
So your analyzer would get only broadcasts until you configure it to
monitor (copy) other ports on the switch.  Those other ports will be
getting unknowns and multicast so your monitor port will see a copy.

I agree that this behavior is different than all the other Cisco switches
including XLs, 4xxx, 5xxx, and 6xxx.

- Marty


Priscilla Oppenheimer

RE: What is a WIC card? [7:9764]

[Peter Slow]

GYAHH.
NO
db-60 is NOT high speed serial.
everyone stop calling it that
there is no high speed serial wic.
high-speed serial == HSSI == NM-xH == (about 45 Mbits/s)
multi-function/regular serial == wic-xT, nm-xT  = 4 Mbits/s

and while we're on that, they arn't serial ports. they're seial interfaces
=P.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 25, 2001 9:40 AM
To: [EMAIL PROTECTED]
Subject: Re: What is a WIC card? [7:9764]


Wan Interface Card  VWIC's are Voice Wan Interface Cards.  It's kinda hard
to go anymore in-depth than that.  This is what Cisco's named their
interface cards for the 1700/2600/3600 series routers.  A WIC-1T is a single
DB60 High Speed Serial, WIC-1 ADSL would be an Asymmetrical DSL interface
card  an NM-1E would be a single 10BaseT.

Phil

- Original Message -
From: RJ 
To: 
Sent: Monday, June 25, 2001 11:28 AM
Subject: What is a WIC card? [7:9764]


 Hello,

 What exactly is a WIC card and how does it work?

 Thanks
 RJ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12171t=9764
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what are some of the best materials to prep for the CCIE [7:12172]

[Richard Chang]

You would need the Caslow book as well. Search over the archive and you'll
see what other people are using.

Also, make sure you check out the archive for the CCIE lab mailing list. I
found it very inspiring.

Richard


Wei Wu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I just passed my RS written exam,  I want to know what study materials
are
 best for prepping for the lab.  I currently have Routing tcp/ip from Doyle
 and Halabi's BGP book.  I am looking for a CCIE lab book and/or CDs.  Any
 input appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12172t=12172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what are some of the best materials to prep for the CCIE [7:12173]

[Jaspreet Bhatia]

Hello Wei,
   I would say that you should have the following 
books and
reference material with you fo rthe lab exam :

1) Caslow
2) Doyle
3) Halabi
4) OSPF Design Guide from CCO
5) DLSW+ Design Guide from CCO
6) Token Ring Paper from  ccprep.com
7) All in one CCIE lab study guide from Mcgrawhill
8) Try to do the  Virtual Lab on mentorlabs .They are really good
9) Last but not the least sign up for Caslow's ECP 1 course two months
before the lab

That is what I am using . Thanks

Jaspreet Bhatia

Richard Chang wrote:

 You would need the Caslow book as well. Search over the archive and you'll
 see what other people are using.

 Also, make sure you check out the archive for the CCIE lab mailing list. I
 found it very inspiring.

 Richard

 Wei Wu  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I just passed my RS written exam,  I want to know what study materials
 are
  best for prepping for the lab.  I currently have Routing tcp/ip from
Doyle
  and Halabi's BGP book.  I am looking for a CCIE lab book and/or CDs.  Any
  input appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12173t=12173
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Bob Johnson]

Sorry...
I meant a version of the IOS that was as bullet proof as the physical
contruction of the telco version of the router...
Just trying for a little humour.

-Original Message-
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 10:26 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Uhh, they do!
c3660-telcoent-mz.121-5.T9.bin

-Original Message-
From: Bob Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Telco requirements are quite strict
There are Bellcore standards that are used at all central offices.
It has nothing to do with the goverment but will Bell ensurring that any
third party equipment will:
1) Fit in telco racks
2) No physically interfer with other equipment in telco racks
3) Not add to the fire load
4) Not cause any undue electrical problems (NEBS grounding, etc)

It's all really for infrastructure protection
Too bad they didn't have a Telco version of the IOS.

Bob

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would appreciate it if you kept this under
your hat.

Regards

Charlie


 --- Mears, Rob  wrote:  Any one ever had
a problem loading IOS on a 3660 right out of the
 box? I
 have one with 64meg flash and 256 ram and the damn thing will not
 come out
 

RE: catalyst 5000 rebooted [7:12101]

[Peter Slow]

werd. (right on)
-humboldt

-Original Message-
From: GNOME [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 10:53 AM
To: [EMAIL PROTECTED]
Subject: Re: catalyst 5000 rebooted [7:12101]


Hi

How about doing a show version  to see the reason of last reboot


Arun  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hi
 we have catalyst 5000 in our organization and last week oneof our catalyst
 5000 rebooted bu its own ...can anyboby tell me what could be the
probabale
 cause or where one shoulb be looking for it ...
 how do i start looking for it .Please help
 this reboot has caused the services to be stopped for 15 minutes and it is
 really big issue for us why it happened ...i think i am totally stuck
 ..can anybody give a a start .


 Regards

 Arun Sharma




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12175t=12101
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Duplicate Ip addresses ! [7:12100]

[Peter Slow]

clear your arp table.
-humboldt

-Original Message-
From: shella kevin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 7:29 AM
To: [EMAIL PROTECTED]
Subject: RE: Duplicate Ip addresses ! [7:12100]


mmmhh ! yes i shutdown the interface and then bring it up ... looks like

the software issue to me too  anyother way i can check on the cisco 
router if they still exists?

btw what is NOC ?

From: Chuck Larrieu 
To: shella kevin , 
Subject: RE: Duplicate Ip addresses ! [7:12100]
Date: Thu, 12 Jul 2001 03:47:34 -0700

what are you - the night shift in the NOC?

when you say you decommissioned the interfaces, did you issue shutdown
commands? physically pull the wires so they aren't connected to anything?

in general, issuing a shutdown command on an interface prevents it from
telling the network about itself. I'm wondering if your monitoring software
has failed to flush the old interfaces, and is complaining when it sees the
new interfaces come on line when it already has those addresses in its
database.

Chuck

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
shella kevin
Sent: Thursday, July 12, 2001 3:42 AM
To: [EMAIL PROTECTED]
Subject: Duplicate Ip addresses ! [7:12100]


I am monitoring cisco routes via netview. I decommissioned 2 interfaces on
the cisco router and put it on an other outer. Now I am getting alerts on
netview  Duplicate Ip addresses .. it's the same ip
addresses/FastEthernet interface which I decommissioned.

How can I address this problem ?
How to flush out this on a route ?

Cheers
Shella k

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12176t=12100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Mears, Rob]

that is! that's the one. Damn Telco stuff. You know it was said if they were
to burn (Telco Routers), it would not put off toxic fumes (no plastic an
telco requirment) . I looked around the CO and wondered about the billions
little blue and white analog wires we have form ceiling to floor and
wondered what's the point. Smoke from the router won't kill me, but the
plastic from the wires will.  Man


rob

-Original Message-
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:26 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Uhh, they do!
c3660-telcoent-mz.121-5.T9.bin

-Original Message-
From: Bob Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Telco requirements are quite strict
There are Bellcore standards that are used at all central offices.
It has nothing to do with the goverment but will Bell ensurring that any
third party equipment will:
1) Fit in telco racks
2) No physically interfer with other equipment in telco racks
3) Not add to the fire load
4) Not cause any undue electrical problems (NEBS grounding, etc)

It's all really for infrastructure protection
Too bad they didn't have a Telco version of the IOS.

Bob

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would 

2 routers, 1 async line [7:12178]

[No Data]

What is the simplest way to connect two routers over
an asnyc line for a permanent connection?  I have a
1720 with a serial interface and a 3640 with a
wic-2a/s.

Ben

__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12178t=12178
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: what are some of the best materials to prep for the CCIE [7:12179]

[Dennis Laganiere]

I don't think you should skip buying the 19 labs from ccbootcamp.
Everything I've heard is that they're the most intense of the available
materials.  I know the ones I've done so far are very challenging...

--- Dennis

-Original Message-
From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 10:59 AM
To: [EMAIL PROTECTED]
Subject: Re: what are some of the best materials to prep for the CCIE
[7:12173]


Hello Wei,
   I would say that you should have the following 
books and
reference material with you fo rthe lab exam :

1) Caslow
2) Doyle
3) Halabi
4) OSPF Design Guide from CCO
5) DLSW+ Design Guide from CCO
6) Token Ring Paper from  ccprep.com
7) All in one CCIE lab study guide from Mcgrawhill
8) Try to do the  Virtual Lab on mentorlabs .They are really good
9) Last but not the least sign up for Caslow's ECP 1 course two months
before the lab

That is what I am using . Thanks

Jaspreet Bhatia

Richard Chang wrote:

 You would need the Caslow book as well. Search over the archive and you'll
 see what other people are using.

 Also, make sure you check out the archive for the CCIE lab mailing list. I
 found it very inspiring.

 Richard

 Wei Wu  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I just passed my RS written exam,  I want to know what study materials
 are
  best for prepping for the lab.  I currently have Routing tcp/ip from
Doyle
  and Halabi's BGP book.  I am looking for a CCIE lab book and/or CDs.
Any
  input appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12179t=12179
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Harrison, Michael]

Not enough Watts to let the magic smoke out of the cables.  The hard gear
is MUCH more likely to catch fire from a short.  The most likely scenarios
where the wire will ignite is an external source like arson, outside fire or
burning equipment.  If fire gets to the wires and the fire suppression
systems have not done their job I hope you have geographic redundancy
built into your systems. :)

-Original Message-
From: Mears, Rob [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 2:08 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


that is! that's the one. Damn Telco stuff. You know it was said if they were
to burn (Telco Routers), it would not put off toxic fumes (no plastic an
telco requirment) . I looked around the CO and wondered about the billions
little blue and white analog wires we have form ceiling to floor and
wondered what's the point. Smoke from the router won't kill me, but the
plastic from the wires will.  Man


rob

-Original Message-
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:26 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Uhh, they do!
c3660-telcoent-mz.121-5.T9.bin

-Original Message-
From: Bob Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Telco requirements are quite strict
There are Bellcore standards that are used at all central offices.
It has nothing to do with the goverment but will Bell ensurring that any
third party equipment will:
1) Fit in telco racks
2) No physically interfer with other equipment in telco racks
3) Not add to the fire load
4) Not cause any undue electrical problems (NEBS grounding, etc)

It's all really for infrastructure protection
Too bad they didn't have a Telco version of the IOS.

Bob

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams 

PIX/w/WIN2k VPN3000 client problem [7:12181]

[Ayers, Michael]

I'm having a problem. I'm running a PIX520 (5.3) with multiple VPNGROUPs.  I
have a client installed on a WIN2k machine.  The machine was using a group
that didn't split tunnel.  I changed the group to a group that does, and now
I get a failed to negotiate error AFTER THE LOGON and the Your link is now
secure error.  I have cleared IPSEC SA and ISAKMP SA.  I even went as far
as deleting the MAPS.  The Client has been removed and re-installed.  I'm
thinking the problem is either something embedded somewhere in the WIN2k, or
an association to the peer IP in the PIX, but I have successfully changed
the group on other win 9x machines without a problem after the SA timed out,
and the Dynamic Maps cleared.  This is a production PIX, but do I get a
reboot approved to try to clear old info out of memory, or do I go after the
client and see if the problem lies there?

Any input appreciated.


Thank you,

Michael 

Privileged/Confidential Information may be contained in this message or
attachments hereto.  Please advise immediately if you or your employer do
not consent to Internet email for messages of this kind.  Opinions,
conclusions and other information in this message that do not relate to the
official business of this company shall be understood as neither given nor
endorsed by it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12181t=12181
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what are some of the best materials to prep for the CCIE [7:12182]

[Jaspreet Bhatia]

Dennis,
   How much did the labs cost ?

Jaspreet

Dennis Laganiere wrote:

 I don't think you should skip buying the 19 labs from ccbootcamp.
 Everything I've heard is that they're the most intense of the available
 materials.  I know the ones I've done so far are very challenging...

 --- Dennis

 -Original Message-
 From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 12, 2001 10:59 AM
 To: [EMAIL PROTECTED]
 Subject: Re: what are some of the best materials to prep for the CCIE
 [7:12173]

 Hello Wei,
I would say that you should have the following
 books and
 reference material with you fo rthe lab exam :

 1) Caslow
 2) Doyle
 3) Halabi
 4) OSPF Design Guide from CCO
 5) DLSW+ Design Guide from CCO
 6) Token Ring Paper from  ccprep.com
 7) All in one CCIE lab study guide from Mcgrawhill
 8) Try to do the  Virtual Lab on mentorlabs .They are really good
 9) Last but not the least sign up for Caslow's ECP 1 course two months
 before the lab

 That is what I am using . Thanks

 Jaspreet Bhatia

 Richard Chang wrote:

  You would need the Caslow book as well. Search over the archive and
you'll
  see what other people are using.
 
  Also, make sure you check out the archive for the CCIE lab mailing list.
I
  found it very inspiring.
 
  Richard
 
  Wei Wu  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I just passed my RS written exam,  I want to know what study materials
  are
   best for prepping for the lab.  I currently have Routing tcp/ip from
 Doyle
   and Halabi's BGP book.  I am looking for a CCIE lab book and/or CDs.
 Any
   input appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12182t=12182
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]