what is the command for this in PIX? [7:72083]
Hey.. what command in PIX to do the following 1) copy the current config (not the startup config) to Tftp server ? 2) overwrite the current config from the start up config ? (without rebooting PIX) 3) copy the config stored in Ftp server to the PIX current config ? 4) copy the config stored in Ftp server to the PIX start-up config ? Thanks a lot _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72083&t=72083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: does anyone know the pinout on a t1 cable bet/ a [7:72069]
I'm thinking for straight through you meant to say: Straight through T1 you will need 11, 22, 44 and 55 wrote in message news:[EMAIL PROTECTED] > For a standard T1: > > Cross-over you will need 14 and 25 > Straight through T1 you will need 11, 22, 33 and 44 > > > > > Thanks, > > Mario Puras > SoluNet Technical Support > Mailto: [EMAIL PROTECTED] > Direct: (321) 309-1410 > 888.449.5766 (USA) / 888.SOLUNET (Canada) > > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] > >Sent: Wednesday, July 09, 2003 3:16 PM > >To: [EMAIL PROTECTED] > >Subject: does anyone know the pinout on a t1 cable bet/ a [7:72069] > > > > > >3660 & an ls1010...the interfaces on both are t1 > > > >thx in advance > >Report misconduct > >and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72084&t=72069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN ... connectivity [7:72051]
not possible with ISDN ""H T"" wrote in message news:[EMAIL PROTECTED] > Hi, > Can we connect 2 ISDN ports back to back for test ? (with out ISDN > simulation device) > Is there any kind cable to do this job? > > > > cheers > Heiman. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72085&t=72051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re : Cisco security exams in great demand [7:72086]
Hi all I am planning to appear for CCSP EXAMS .May I request people from Mumbai ,India to have off-line discussion to have joint efforts.This will help us in sharing idea ,study material etc.Interested people can email me offline on [EMAIL PROTECTED] . Thanks in davance . Piyush Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72086&t=72086 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re : Cisco security exams in great demand [7:72087]
Hi all I am planning to appear for CCSP EXAMS .May I request people from Mumbai ,India to have off-line discussion to have joint efforts.This will help us in sharing idea ,study material etc.Interested people can email me offline on [EMAIL PROTECTED] . Thanks in davance . Piyush Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72087&t=72087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP ReCert Questions [7:72071]
Well I decided I wouldn't push it in such a short timeframe with the one exam. With work and whatever else probably won't have enough time to study fully for it. So I will write either all 4 again, or cit/bcran and then the new Composite once it's out. Anyone know if the Composite will count towards things like CCIP? If it doesn't I'd just take the 4 exam route. Thanks John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 7:22 PM To: [EMAIL PROTECTED] Subject: Re: CCNP ReCert Questions [7:72071] Amazing wrote: > > I just did the CCNP recet test two weeks ago and passed with > not too much > studying -- used boson test to see my weak areas and just > brushed up on > those areas -- hint -- you can use the same study materials you > used three > years ago -- nothing has changed. I wouldn't recommend just using the same material as 3 years ago. There are some new topics, like IS-IS for Routing and multilayer switching for Switching. Support and Remote Access seemed to be pretty similar, but those other two were pretty different from 3 years ago, at least in my test. I found it to be a two-Tums-package test for sure, depsite a good score in the end. > > as to the answer to your questions, my experience has been that > you should > go directly to cisco with these questions so you have a I defintely agree there. Go to Cisco. Even if we give you an answer, the Authoritative Bit will not be set. :-) That won't stop me though from adding a few more comments below > documented answer > when they change their mind later on ;-) > > d > > > ""John Cianfarani"" wrote in message > news:[EMAIL PROTECTED] > > I have to recert my CCNP by the 21st of this month. (yeah I > know I left > > it late, but I was busy upgrading my CSS1 to CCSP). > > > > I notice they have a new test coming out ( 642-891 ) Called > Composite > > which is based on BSCI and BCMSN, which will also let you > recert your > > CCNP and CCDP with at the same time. Now that test doesn't > come out > > until Aug 7th. Anyone know if there is still a Beta of this > exam > > available to write? I don't think they ever did a beta for that new composite exam that suddenly popped up? Maybe it will still come out? >Or if Writing BSCI / BCMSN is equivalent? I doubt you can just write BSCI and BCMSN to get recertified. > > > > Also anyone know a way extended you recert date maybe by > writing a > > current CCNP exam or something or am I just gonna have to > buckle down > > and write the 640-851 CCNP Recert exam? Just do it. It's not that painful. :-) And I think it's your only option. Ask Cisco and check your tracking info to be sure. Good luck! Priscilla > > > > Thanks! > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72082&t=72071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
an ISIS question.... [7:72081]
Hi.. a basic ISIS question... I know that by default, an IS is L1-L2, so it can form a L1L2 adjacency with its neighbors. But what's the benefit of it? and under what kind of situation in real world people want to configure it this way? thanks! Ellie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72081&t=72081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 5:40 PM -0700 7/9/03, Zsombor Papp wrote: >At 11:07 PM 7/9/2003 +, Howard C. Berkowitz wrote: >>At 12:43 PM + 7/9/03, Zsombor Papp wrote: >>>The original question (as I understood) was about a single LSA that is >>>larger than 1500 bytes (think Type 1 LSA for a router with 200 interfaces). >>>I can't see how such an LSA could be divided into multiple OSPF messages so >>>the only logical (implementation independent) solution seems to be to >>>fragment the packet at the IP layer. Am I missing something? >> >>I missed the point that the LSA was for the same router. Without >>testing it, however, I don't immediately see why it wouldn't work to >>have multiple LSAs for the same router, > >I am not sure what you mean by "multiple LSAs for the same router", >but if you mean "multiple type 1 LSAs originated by the same >router", then my answer is "because it is impossible to distinguish >them". If I am mistaken here, then I would like to understand how >such LSAs can be distinguished. The relationship between type 1 and type 2 is essential in developing the SPF algorithm. If you think of the LSDB entries for both, they are trees. The type 1 bas the router ID as root and the attached interface IDs/prefixes as leaves. The type 2 has an interface ID/prefix as root and routers connected to that prefix as leaves. > >> as long as no prefixes were >>duplicated. Certainly, you send out a new type 2 when an additional >>prefix activates > >What is "prefix" in this context? Type 2 LSAs describe the routers >attached to a network. Are you saying that if an additional router >comes up on that network, then the DR should send only an >"incremental" Type 2 LSA, containing a single entry, describing the >new router that just came up? Which bit in the OSPF packet will let >the receiver router know that this is an "incremental" LSA, not a >replacement (because all the other routers died and a new one just >came up)? The receiving router knows the sending router is still up, at least through the hello mechanism. One of the fundamental points of using hellos is so you know if the originating router has gone down. Since you know from context it's still up, you don't need an incremental flag -- you know the update is supplemental information. Remember also that you can withdraw routes without killing the whole LSDB entry. > >> -- I don't immediately see why you couldn't send out >>a new type 1 with the additional new prefix. Neither are in an >>existing LSDB, so they shouldn't purge anything. > >How do you mean "neither are in an existing LSDB"? If an OSPF router >receives two Type 1 LSAs, both originated by the same router, how >will it differentiate between the two so that it can install both of >them into the LSDB? IMHO the receiver will try to guess which one of >the two is newer and install only the newer one. In fact it is not >even correct to think about these two LSAs as "two LSAs"; they are >two instances of the same LSA. Think not of the transmitted LSAs but its entries. You can have updates on existing information, or changes to the basic topology conveyed (such as a new interface coming up). That doesn't need a new LSA. Look at it this way: LSUpdates are encodings of information for transmission. The decision to install information in the LSDB is done after the packet is parsed into its components. > >>Another argument about fragmentation hasn't been discussed. Consider >>Hello packets. IIRC, about 47 router entries can fit into an OSPF >>hello packet with a 1500 byte MTU. Consider the timing complexities >>of waiting to defragment before you can tell if another router is >>alive. Even scarier is if the load were heavy enough (unlikely, but >>possible) that you might hit the next hello update interval before >>you had finished sending (or at least processing) all the segments. > >I think I am missing the point here. Yes, fragmentation is not good, >but there are circumstances when you have to live with it. > >Thanks, > >Zsombor > >> > >>>If you are asking about how LSAs that are individually smaller than 1500 >> >byte are grouped together, then my (moderately educated :) answer is this: >>>IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 bytes and >>>another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - >>>IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the LSAs keeps >>>packing the LSAs into the same packet as long as their total length is >>>below MAX_OSPF_DATA, the net result being that the size of the IP packet >>>can be up to 1500 bytes (and will in fact be close to it if the individual >>>LSAs are not too big) if there are enough LSAs, regardless of the MTU. So >>>for example if you set the IP MTU on an Ethernet interface to 500 bytes, >>>and you have a large enough OSPF database, then you should see a lot of >>>fragmented OSPF packets, regardless of how big the individual LSAs are. >>> >>>I didn't write the code though, so take
Re: OSPF max Router-LSA links [7:72024]
At 11:07 PM 7/9/2003 +, Howard C. Berkowitz wrote: > >Hello packets. IIRC, about 47 router entries can fit into an OSPF > >hello packet with a 1500 byte MTU. Consider the timing complexities Btw, neighbors are identified by their 4-byte router ID, so it would take more than 350 neighbors to fill up a 1500 byte packet. I guess it is rather academical to ask what would happen to the hello packet if we had more than 350 neighbors on a single interface :), but I briefly looked at the code and I think it would be fragmented at the IP level. Thanks, Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72079&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 11:07 PM 7/9/2003 +, Howard C. Berkowitz wrote: >At 12:43 PM + 7/9/03, Zsombor Papp wrote: > >The original question (as I understood) was about a single LSA that is > >larger than 1500 bytes (think Type 1 LSA for a router with 200 interfaces). > >I can't see how such an LSA could be divided into multiple OSPF messages so > >the only logical (implementation independent) solution seems to be to > >fragment the packet at the IP layer. Am I missing something? > >I missed the point that the LSA was for the same router. Without >testing it, however, I don't immediately see why it wouldn't work to >have multiple LSAs for the same router, I am not sure what you mean by "multiple LSAs for the same router", but if you mean "multiple type 1 LSAs originated by the same router", then my answer is "because it is impossible to distinguish them". If I am mistaken here, then I would like to understand how such LSAs can be distinguished. > as long as no prefixes were >duplicated. Certainly, you send out a new type 2 when an additional >prefix activates What is "prefix" in this context? Type 2 LSAs describe the routers attached to a network. Are you saying that if an additional router comes up on that network, then the DR should send only an "incremental" Type 2 LSA, containing a single entry, describing the new router that just came up? Which bit in the OSPF packet will let the receiver router know that this is an "incremental" LSA, not a replacement (because all the other routers died and a new one just came up)? > -- I don't immediately see why you couldn't send out >a new type 1 with the additional new prefix. Neither are in an >existing LSDB, so they shouldn't purge anything. How do you mean "neither are in an existing LSDB"? If an OSPF router receives two Type 1 LSAs, both originated by the same router, how will it differentiate between the two so that it can install both of them into the LSDB? IMHO the receiver will try to guess which one of the two is newer and install only the newer one. In fact it is not even correct to think about these two LSAs as "two LSAs"; they are two instances of the same LSA. >Another argument about fragmentation hasn't been discussed. Consider >Hello packets. IIRC, about 47 router entries can fit into an OSPF >hello packet with a 1500 byte MTU. Consider the timing complexities >of waiting to defragment before you can tell if another router is >alive. Even scarier is if the load were heavy enough (unlikely, but >possible) that you might hit the next hello update interval before >you had finished sending (or at least processing) all the segments. I think I am missing the point here. Yes, fragmentation is not good, but there are circumstances when you have to live with it. Thanks, Zsombor > > > >If you are asking about how LSAs that are individually smaller than 1500 > >byte are grouped together, then my (moderately educated :) answer is this: > >IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 bytes and > >another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - > >IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the LSAs keeps > >packing the LSAs into the same packet as long as their total length is > >below MAX_OSPF_DATA, the net result being that the size of the IP packet > >can be up to 1500 bytes (and will in fact be close to it if the individual > >LSAs are not too big) if there are enough LSAs, regardless of the MTU. So > >for example if you set the IP MTU on an Ethernet interface to 500 bytes, > >and you have a large enough OSPF database, then you should see a lot of > >fragmented OSPF packets, regardless of how big the individual LSAs are. > > > >I didn't write the code though, so take all this with a grain of salt. :) > > > >Thanks, > > > >Zsombor > > > >At 12:40 AM 7/9/2003 +, Howard C. Berkowitz wrote: > >>At 10:46 PM + 7/8/03, Zsombor Papp wrote: > >> >The LSA will be fragmented at the IP layer. > >> > >>Do you know for certain this is what Cisco's implementation does? > >>The OSPF code is aware of the MTU and can build OSPF packets for it. > >>I don't think you're really going to simplify it by relieving it of > >>the need to keep track of lengths. > >> > >>On the other hand, if you send a LSupdate that is at the MTU, the > >>receiving router can immediately start checking and installing it in > >>the LSDB, without waiting for fragments. This allows some concurrency > >>between OSPF packet transmission and OSPF protocol processing. > >> > >> >At 11:39 AM 7/8/2003 +, hebn wrote: > >> >>layer 2 frame has a MTU of 1500 bytes. > >> >> how does cisco router propagate router-lsa whose size exceed 1500 > > > >bytes(more than 122 links in one area)? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72078&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosu
Re: OSPF max Router-LSA links [7:72024]
Howard C. Berkowitz wrote: > > At 12:43 PM + 7/9/03, Zsombor Papp wrote: > >The original question (as I understood) was about a single LSA > that is > >larger than 1500 bytes (think Type 1 LSA for a router with 200 > interfaces). > >I can't see how such an LSA could be divided into multiple > OSPF messages so > >the only logical (implementation independent) solution seems > to be to > >fragment the packet at the IP layer. Am I missing something? > > I missed the point that the LSA was for the same router. > Without > testing it, however, I don't immediately see why it wouldn't > work to > have multiple LSAs for the same router, as long as no prefixes > were > duplicated. Are you saying the router could send out one Link State Advertisement saying this router has link 1, 2, 3, etc. etc., for example. And then send out another LSA, saying this same router has link 101, 102, 103, etc.? That should work I would think, unless the recipient thought it was supposed to replace the old one with this new one. But that doesn't seem to be what Cisco does. I couldn't easily try the Hello with lots of neighbors in it that you mention below, but I did try a single router with gobs of loopbacks that it advertises to another router in a Type 1 LSA. It sends the info in one oversized message, that the IP layer fragmented, as Zsombor said it would. I had about 140 loopbacks all part of OSPF Area 0. The sending router sent this to another router in Area 0. The sending router's IP layer put it in two IP packets, one with 1500 bytes, and one with a few hundred. IP did the fragmentation. OSPF didn't divide it up. But I agree that it shouldn't have to work that way?? But it does, and I *think* that was the original question. I said that before, but now I'm much more sure that this was what the original poster wanted to know. :-) Priscilla >Certainly, you send out a new type 2 when an > additional > prefix activates -- I don't immediately see why you couldn't > send out > a new type 1 with the additional new prefix. Neither are in an > existing LSDB, so they shouldn't purge anything. > > Another argument about fragmentation hasn't been discussed. > Consider > Hello packets. IIRC, about 47 router entries can fit into an > OSPF > hello packet with a 1500 byte MTU. Consider the timing > complexities > of waiting to defragment before you can tell if another router > is > alive. Even scarier is if the load were heavy enough > (unlikely, but > possible) that you might hit the next hello update interval > before > you had finished sending (or at least processing) all the > segments. > > > > >If you are asking about how LSAs that are individually smaller > than 1500 > >byte are grouped together, then my (moderately educated :) > answer is this: > >IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 > bytes and > >another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - > >IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the > LSAs keeps > >packing the LSAs into the same packet as long as their total > length is > >below MAX_OSPF_DATA, the net result being that the size of the > IP packet > >can be up to 1500 bytes (and will in fact be close to it if > the individual > >LSAs are not too big) if there are enough LSAs, regardless of > the MTU. So > >for example if you set the IP MTU on an Ethernet interface to > 500 bytes, > >and you have a large enough OSPF database, then you should see > a lot of > >fragmented OSPF packets, regardless of how big the individual > LSAs are. > > > >I didn't write the code though, so take all this with a grain > of salt. :) > > > >Thanks, > > > >Zsombor > > > >At 12:40 AM 7/9/2003 +, Howard C. Berkowitz wrote: > >>At 10:46 PM + 7/8/03, Zsombor Papp wrote: > >> >The LSA will be fragmented at the IP layer. > >> > >>Do you know for certain this is what Cisco's implementation > does? > >>The OSPF code is aware of the MTU and can build OSPF packets > for it. > >>I don't think you're really going to simplify it by relieving > it of > >>the need to keep track of lengths. > >> > >>On the other hand, if you send a LSupdate that is at the MTU, > the > >>receiving router can immediately start checking and > installing it in > >>the LSDB, without waiting for fragments. This allows some > concurrency > >>between OSPF packet transmission and OSPF protocol processing. > >> > >> >At 11:39 AM 7/8/2003 +, hebn wrote: > >> >>layer 2 frame has a MTU of 1500 bytes. > >> >> how does cisco router propagate router-lsa whose > size exceed 1500 > > > >bytes(more than 122 links in one area)? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72076&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP ReCert Questions [7:72071]
Two other problems with Cisco beta exams is that they are often loaded with errors (meaning you can get an answer right, but not get the points), and that you don't learn the results for months. In your case, you'd spend two months not knowing if you're CCNP is valid (I couldn't handle the pressure if it were me)... The WB On Wed, 2003-07-09 at 15:24, Amazing wrote: > I just did the CCNP recet test two weeks ago and passed with not too much > studying -- used boson test to see my weak areas and just brushed up on > those areas -- hint -- you can use the same study materials you used three > years ago -- nothing has changed. > > as to the answer to your questions, my experience has been that you should > go directly to cisco with these questions so you have a documented answer > when they change their mind later on ;-) > > d > > > ""John Cianfarani"" wrote in message > news:[EMAIL PROTECTED] > > I have to recert my CCNP by the 21st of this month. (yeah I know I left > > it late, but I was busy upgrading my CSS1 to CCSP). > > > > I notice they have a new test coming out ( 642-891 ) Called Composite > > which is based on BSCI and BCMSN, which will also let you recert your > > CCNP and CCDP with at the same time. Now that test doesn't come out > > until Aug 7th. Anyone know if there is still a Beta of this exam > > available to write? Or if Writing BSCI / BCMSN is equivalent? > > > > Also anyone know a way extended you recert date maybe by writing a > > current CCNP exam or something or am I just gonna have to buckle down > > and write the 640-851 CCNP Recert exam? > > > > Thanks! > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72077&t=72071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP ReCert Questions [7:72071]
Amazing wrote: > > I just did the CCNP recet test two weeks ago and passed with > not too much > studying -- used boson test to see my weak areas and just > brushed up on > those areas -- hint -- you can use the same study materials you > used three > years ago -- nothing has changed. I wouldn't recommend just using the same material as 3 years ago. There are some new topics, like IS-IS for Routing and multilayer switching for Switching. Support and Remote Access seemed to be pretty similar, but those other two were pretty different from 3 years ago, at least in my test. I found it to be a two-Tums-package test for sure, depsite a good score in the end. > > as to the answer to your questions, my experience has been that > you should > go directly to cisco with these questions so you have a I defintely agree there. Go to Cisco. Even if we give you an answer, the Authoritative Bit will not be set. :-) That won't stop me though from adding a few more comments below > documented answer > when they change their mind later on ;-) > > d > > > ""John Cianfarani"" wrote in message > news:[EMAIL PROTECTED] > > I have to recert my CCNP by the 21st of this month. (yeah I > know I left > > it late, but I was busy upgrading my CSS1 to CCSP). > > > > I notice they have a new test coming out ( 642-891 ) Called > Composite > > which is based on BSCI and BCMSN, which will also let you > recert your > > CCNP and CCDP with at the same time. Now that test doesn't > come out > > until Aug 7th. Anyone know if there is still a Beta of this > exam > > available to write? I don't think they ever did a beta for that new composite exam that suddenly popped up? Maybe it will still come out? >Or if Writing BSCI / BCMSN is equivalent? I doubt you can just write BSCI and BCMSN to get recertified. > > > > Also anyone know a way extended you recert date maybe by > writing a > > current CCNP exam or something or am I just gonna have to > buckle down > > and write the 640-851 CCNP Recert exam? Just do it. It's not that painful. :-) And I think it's your only option. Ask Cisco and check your tracking info to be sure. Good luck! Priscilla > > > > Thanks! > > John > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72075&t=72071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 12:43 PM + 7/9/03, Zsombor Papp wrote: >The original question (as I understood) was about a single LSA that is >larger than 1500 bytes (think Type 1 LSA for a router with 200 interfaces). >I can't see how such an LSA could be divided into multiple OSPF messages so >the only logical (implementation independent) solution seems to be to >fragment the packet at the IP layer. Am I missing something? I missed the point that the LSA was for the same router. Without testing it, however, I don't immediately see why it wouldn't work to have multiple LSAs for the same router, as long as no prefixes were duplicated. Certainly, you send out a new type 2 when an additional prefix activates -- I don't immediately see why you couldn't send out a new type 1 with the additional new prefix. Neither are in an existing LSDB, so they shouldn't purge anything. Another argument about fragmentation hasn't been discussed. Consider Hello packets. IIRC, about 47 router entries can fit into an OSPF hello packet with a 1500 byte MTU. Consider the timing complexities of waiting to defragment before you can tell if another router is alive. Even scarier is if the load were heavy enough (unlikely, but possible) that you might hit the next hello update interval before you had finished sending (or at least processing) all the segments. > >If you are asking about how LSAs that are individually smaller than 1500 >byte are grouped together, then my (moderately educated :) answer is this: >IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 bytes and >another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - >IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the LSAs keeps >packing the LSAs into the same packet as long as their total length is >below MAX_OSPF_DATA, the net result being that the size of the IP packet >can be up to 1500 bytes (and will in fact be close to it if the individual >LSAs are not too big) if there are enough LSAs, regardless of the MTU. So >for example if you set the IP MTU on an Ethernet interface to 500 bytes, >and you have a large enough OSPF database, then you should see a lot of >fragmented OSPF packets, regardless of how big the individual LSAs are. > >I didn't write the code though, so take all this with a grain of salt. :) > >Thanks, > >Zsombor > >At 12:40 AM 7/9/2003 +, Howard C. Berkowitz wrote: >>At 10:46 PM + 7/8/03, Zsombor Papp wrote: >> >The LSA will be fragmented at the IP layer. >> >>Do you know for certain this is what Cisco's implementation does? >>The OSPF code is aware of the MTU and can build OSPF packets for it. >>I don't think you're really going to simplify it by relieving it of >>the need to keep track of lengths. >> >>On the other hand, if you send a LSupdate that is at the MTU, the >>receiving router can immediately start checking and installing it in >>the LSDB, without waiting for fragments. This allows some concurrency >>between OSPF packet transmission and OSPF protocol processing. >> >> >At 11:39 AM 7/8/2003 +, hebn wrote: >> >>layer 2 frame has a MTU of 1500 bytes. >> >> how does cisco router propagate router-lsa whose size exceed 1500 > > >bytes(more than 122 links in one area)? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72074&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP ReCert Questions [7:72071]
I just did the CCNP recet test two weeks ago and passed with not too much studying -- used boson test to see my weak areas and just brushed up on those areas -- hint -- you can use the same study materials you used three years ago -- nothing has changed. as to the answer to your questions, my experience has been that you should go directly to cisco with these questions so you have a documented answer when they change their mind later on ;-) d ""John Cianfarani"" wrote in message news:[EMAIL PROTECTED] > I have to recert my CCNP by the 21st of this month. (yeah I know I left > it late, but I was busy upgrading my CSS1 to CCSP). > > I notice they have a new test coming out ( 642-891 ) Called Composite > which is based on BSCI and BCMSN, which will also let you recert your > CCNP and CCDP with at the same time. Now that test doesn't come out > until Aug 7th. Anyone know if there is still a Beta of this exam > available to write? Or if Writing BSCI / BCMSN is equivalent? > > Also anyone know a way extended you recert date maybe by writing a > current CCNP exam or something or am I just gonna have to buckle down > and write the 640-851 CCNP Recert exam? > > Thanks! > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72072&t=72071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP ReCert Questions [7:72071]
I have to recert my CCNP by the 21st of this month. (yeah I know I left it late, but I was busy upgrading my CSS1 to CCSP). I notice they have a new test coming out ( 642-891 ) Called Composite which is based on BSCI and BCMSN, which will also let you recert your CCNP and CCDP with at the same time. Now that test doesn't come out until Aug 7th. Anyone know if there is still a Beta of this exam available to write? Or if Writing BSCI / BCMSN is equivalent? Also anyone know a way extended you recert date maybe by writing a current CCNP exam or something or am I just gonna have to buckle down and write the 640-851 CCNP Recert exam? Thanks! John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72071&t=72071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: does anyone know the pinout on a t1 cable bet/ a [7:72069]
For a standard T1: Cross-over you will need 14 and 25 Straight through T1 you will need 11, 22, 33 and 44 Thanks, Mario Puras SoluNet Technical Support Mailto: [EMAIL PROTECTED] Direct: (321) 309-1410 888.449.5766 (USA) / 888.SOLUNET (Canada) >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Sent: Wednesday, July 09, 2003 3:16 PM >To: [EMAIL PROTECTED] >Subject: does anyone know the pinout on a t1 cable bet/ a [7:72069] > > >3660 & an ls1010...the interfaces on both are t1 > >thx in advance >Report misconduct >and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72070&t=72069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 05:14 PM 7/9/2003 +, Priscilla Oppenheimer wrote: >Zsombor Papp wrote: > > > > The original question (as I understood) was about a single LSA > > that is > > larger than 1500 bytes (think Type 1 LSA for a router with 200 > > interfaces). > > I can't see how such an LSA could be divided into multiple OSPF > > messages so > > the only logical (implementation independent) solution seems to > > be to > > fragment the packet at the IP layer. Am I missing something? > >OSPF could send multiple packets. How would the receiver know that the second packet holds the second half of the LSA whose first half was transmitted in the first packet? OSPF doesn't have a way of coalescing fragments of an LSA, does it? > That's what IP RIP would do. It used to be >pretty common to see bunches of RIP packets every 30 seconds. Even more >common for IPX RIP, (every 60 seconds). RIP doesn't have a concept of LSAs. A good analogy would be to say that RIP could advertise a single prefix distributed into multiple packets, which is not true. > > If you are asking about how LSAs that are individually smaller > > than 1500 > > byte are grouped together, then my (moderately educated :) > > answer is this: > > IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 > > bytes and > > another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - > > IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the LSAs > > keeps > > packing the LSAs into the same packet as long as their total > > length is > > below MAX_OSPF_DATA, the net result being that the size of the > > IP packet > > can be up to 1500 bytes (and will in fact be close to it if the > > individual > > LSAs are not too big) if there are enough LSAs, regardless of > > the MTU. So > > for example if you set the IP MTU on an Ethernet interface to > > 500 bytes, > > and you have a large enough OSPF database, then you should see > > a lot of > > fragmented OSPF packets, regardless of how big the individual > > LSAs are. > >Thanks for the info. > >As another example, say that the MTU is 1500 and there is so much info to >advertise (links, routers, routes, depending on the type) that it requires >more than 1500 bytes. Then OSPF would just send multiple packets, wouldn't >it? Yes. >And there wouldn't be any IP fragmentation? Unless there is a single LSA larger than 1500 bytes, there wouldn't be any. In case it confused anyone, MAXOSPFPACKETSIZE (ie. 1500 bytes) is *not* the size of the largest OSPF packet that IOS can generate. > I think that was the original question. Well, if the term "router-lsa whose size exceed 1500 bytes" refers to a set of LSAs whose size individually does *not* exceed 1500 bytes (as opposed to a single Type 1 LSA whose size does exceed 1500 bytes), then I misunderstood the question. :) Thanks, Zsombor >According to Howard, if I understood him correctly in his message, that's >how Nortel, Bay, Wellfleet do it (send multiple messages). But is that what >Cisco does? > >I think it is what the RFC recommends too when it says this: "The OSPF >packet types that are likely to be large (Database Description Packets, Link >State Request, Link State Update, and Link State Acknowledgment packets) can >usually be split into several separate protocol packets, without loss of >functionality. This is recommended; IP fragmentation should be avoided >whenever possible." > >Sorry to beat this to death, but I'm not sure we have an answer yet. > >Priscilla > > > > > > I didn't write the code though, so take all this with a grain > > of salt. :) > > > > Thanks, > > > > Zsombor > > > > At 12:40 AM 7/9/2003 +, Howard C. Berkowitz wrote: > > >At 10:46 PM + 7/8/03, Zsombor Papp wrote: > > > >The LSA will be fragmented at the IP layer. > > > > > >Do you know for certain this is what Cisco's implementation > > does? > > >The OSPF code is aware of the MTU and can build OSPF packets > > for it. > > >I don't think you're really going to simplify it by relieving > > it of > > >the need to keep track of lengths. > > > > > >On the other hand, if you send a LSupdate that is at the MTU, > > the > > >receiving router can immediately start checking and installing > > it in > > >the LSDB, without waiting for fragments. This allows some > > concurrency > > >between OSPF packet transmission and OSPF protocol processing. > > > > > > >At 11:39 AM 7/8/2003 +, hebn wrote: > > > >>layer 2 frame has a MTU of 1500 bytes. > > > >> how does cisco router propagate router-lsa whose size > > exceed 1500 > > > > >bytes(more than 122 links in one area)? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72068&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
does anyone know the pinout on a t1 cable bet/ a [7:72069]
3660 & an ls1010...the interfaces on both are t1 thx in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72069&t=72069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pa-fe-fx crc errors [7:72067]
Got a friend messing with a couple of these, I cant find a lot of info on these cards really, anyone got a good troubleshooting site? Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72067&t=72067 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Distributing Cisco VPN Client [7:72061]
I agree about either way of setting up the profile is not secure. My thinking is if they know the group username and password, they can call up their buddy and tell them it. But if I never give it to them, then they need to know a little bit about the client and where that information is kept. Authentication and accounting is in place so it is secure from that standpoint. I'll try out some of the suggestions mentioned and see how it works. I've read where you can modify the msi file with ORCA (or something like that) which I've played with in the past but don't have time to mess with it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72066&t=72061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
Zsombor Papp wrote: > > The original question (as I understood) was about a single LSA > that is > larger than 1500 bytes (think Type 1 LSA for a router with 200 > interfaces). > I can't see how such an LSA could be divided into multiple OSPF > messages so > the only logical (implementation independent) solution seems to > be to > fragment the packet at the IP layer. Am I missing something? OSPF could send multiple packets. That's what IP RIP would do. It used to be pretty common to see bunches of RIP packets every 30 seconds. Even more common for IPX RIP, (every 60 seconds). > > If you are asking about how LSAs that are individually smaller > than 1500 > byte are grouped together, then my (moderately educated :) > answer is this: > IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 > bytes and > another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - > IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the LSAs > keeps > packing the LSAs into the same packet as long as their total > length is > below MAX_OSPF_DATA, the net result being that the size of the > IP packet > can be up to 1500 bytes (and will in fact be close to it if the > individual > LSAs are not too big) if there are enough LSAs, regardless of > the MTU. So > for example if you set the IP MTU on an Ethernet interface to > 500 bytes, > and you have a large enough OSPF database, then you should see > a lot of > fragmented OSPF packets, regardless of how big the individual > LSAs are. Thanks for the info. As another example, say that the MTU is 1500 and there is so much info to advertise (links, routers, routes, depending on the type) that it requires more than 1500 bytes. Then OSPF would just send multiple packets, wouldn't it? And there wouldn't be any IP fragmentation? I think that was the original question. According to Howard, if I understood him correctly in his message, that's how Nortel, Bay, Wellfleet do it (send multiple messages). But is that what Cisco does? I think it is what the RFC recommends too when it says this: "The OSPF packet types that are likely to be large (Database Description Packets, Link State Request, Link State Update, and Link State Acknowledgment packets) can usually be split into several separate protocol packets, without loss of functionality. This is recommended; IP fragmentation should be avoided whenever possible." Sorry to beat this to death, but I'm not sure we have an answer yet. Priscilla > > I didn't write the code though, so take all this with a grain > of salt. :) > > Thanks, > > Zsombor > > At 12:40 AM 7/9/2003 +, Howard C. Berkowitz wrote: > >At 10:46 PM + 7/8/03, Zsombor Papp wrote: > > >The LSA will be fragmented at the IP layer. > > > >Do you know for certain this is what Cisco's implementation > does? > >The OSPF code is aware of the MTU and can build OSPF packets > for it. > >I don't think you're really going to simplify it by relieving > it of > >the need to keep track of lengths. > > > >On the other hand, if you send a LSupdate that is at the MTU, > the > >receiving router can immediately start checking and installing > it in > >the LSDB, without waiting for fragments. This allows some > concurrency > >between OSPF packet transmission and OSPF protocol processing. > > > > >At 11:39 AM 7/8/2003 +, hebn wrote: > > >>layer 2 frame has a MTU of 1500 bytes. > > >> how does cisco router propagate router-lsa whose size > exceed 1500 > > > >bytes(more than 122 links in one area)? > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72065&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Distributing Cisco VPN Client [7:72061]
You can 'push' the .pcf file profile during the install with a simple batch file, or via the .ini file utility that comes with the client. the best way, is setup a vpn package, with silent install. It will install and reboot the clients. The group user/name is encrypted in the pcf file, so I dont know how far you want to go to secure it... Once that pcf file is out there, that is all someone needs to tunnel in (then a username completes the authentication process). So telling everyone the group password, and pushing the pcf file around for the config settings are both insecure. Pick your Poison. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72063&t=72061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
We (Cisco mailing list) are moving ... [7:72060]
Hey Everyone, We will be moving the mailing list function to a new server. If you are currently receiving this list via e-mail, you will be affected. This has been planned for some time now but we need to move faster then I would like. I just received a bill from our co-location facility for the GroupStudy service and let's just put it this way, in most locations rent on a two bedroom apartment is less expensive. So we need to try and reduce our bandwidth usage (an eventually find another co-location facility). It has been quite clear for some time now that the GroupStudy server needs help. We are dropping an unacceptable number of messages (I personally have had five in a row discarded) and the messages that make it take a random amount of time to propagate. To fix this, I have purchased a new server and bandwidth (at a lower cost facility). We will be migrating to the new server in the next few days. Once the move is complete we will cut over to the new server. But wait it gets better .. We are dumping majordomo as our list software! Our new software will allow you to change a number of options. For example you will be able to suspend distribution of the e-mails, receive e-mails in digest format, change your e-mail address, etc. You will receive a welcome message with your account information. The message will contain your username/password, instructions on how to login to the server, and instructions on how to unsubscribe. Please save this e-mail for future reference. It is also a good idea to login to the server and set your password to something more memorable then the random password given. If you stop receiving e-mails from the list after the change, please send me an e-mail (after verifying it is not a problem at your end such as misconfigured anti-spam software etc.). Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72060&t=72060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Distributing Cisco VPN Client [7:72061]
If you place the profile .pcf files in the same location as setup.exe, in your temp directory, then setup will automatically install them. If you run a silent install it makes it really easy. Doug Korell wrote: > > I am getting ready to roll out the Cisco VPN client (3.6.4) and > looking for tips on the easiest way to do this. I currently > have it on a FTP site and setup as a self extracting file that > extracts to c:\temp and then launches setup.exe automatically. > > Now for the profile I want people to use. I do not want to talk > people through the profile setup or really give out the VPN > group password. So, I was going to have the user somehow copy > the profile file that I created to the Cisco VPN profile > directory but I've noticed this directory doesn't get created > till a profile is manually configured. > > Anyone find a great solution to get this out with minimal > problems? > > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72062&t=72061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redistributing default route from BGP into OSPF [7:72058]
This horse has been beat dead far too many times. The default route must come from EBGP so the tag field is populated with meaningful data (last i recall) I my lab I just know it never works from IBGP>REDIS OSPF Must be EBGP>OSPF> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72064&t=72058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Distributing Cisco VPN Client [7:72061]
I am getting ready to roll out the Cisco VPN client (3.6.4) and looking for tips on the easiest way to do this. I currently have it on a FTP site and setup as a self extracting file that extracts to c:\temp and then launches setup.exe automatically. Now for the profile I want people to use. I do not want to talk people through the profile setup or really give out the VPN group password. So, I was going to have the user somehow copy the profile file that I created to the Cisco VPN profile directory but I've noticed this directory doesn't get created till a profile is manually configured. Anyone find a great solution to get this out with minimal problems? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72061&t=72061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF max Router-LSA links [7:72024]
>hebn wrote: >> >> hello,everyone: > >>OSPF use raw socket (datagram) to communicate with peers. In >> general, layer 2 frame has a MTU of 1500 bytes. >>how does cisco router propagate router-lsa whose size exceed >> 1500 bytes(more than 122 links in one area)? > >Well, I don't have a definite answer, but I'll discuss it with >you in the >hopes of lighting a fire under one of the OSPF experts on this >list. Howard? >Chuck? Peter? Where's Pamela when we need her? :-) > >OSPF runs directly above IP. I don't know if that could be called "raw >socket" which is a UNIX thing? My perception is that with >Cisco IOS, OSPF >calls IP with a set of parameters and lets IP handle the rest. So maybe >that's sort of raw. > >I can say this: The OSPF packets I have seen coming out of >Cisco routers >have the IP fragmentation bit set to "May Fragment." This >makes me think >that Cisco's OSPF relies on IP to push the bytes into the >data-link-layer >frame and fragment if necessary. > >The OSPF RFC (RFC 2178) says this: > >"OSPF does not define a way to fragment its protocol packets, >and depends on >IP fragmentation when transmitting packets larger than the >network MTU. If >necessary, the length of OSPF packets can be up to 65,535 >bytes (including >the IP header). The OSPF packet types that are likely to be >large (Database >Description Packets, Link State Request, Link State Update, >and Link State >Acknowledgment packets) can usually be split into several >separate protocol >packets, without loss of functionality. This is recommended; IP >fragmentation should be avoided whenever possible." > >Unfortunately, that's not very clear. It implies that the >recommended method >is for OSPF to split its own protocol packets. But that the >method for doing >this is undefined and that's OK because OSPF can depend on IP to do >fragmentation. > >Cisco routers tell each other their MTU in database >description packets, per >RFC 2178. Until recently, if the routers didn't agree on the MTU, they >wouldn't become adjacent. A recent IOS version supports >telling a router to >ignore the other side's MTU so they can still become adjacent. This is true. I vaguely remember reading some notes from an IETF meeting from one of the developers of OSPF. They were discussing checks for the MTU. Basically OSPF checks whether a neighbor is using the same maximum transimission unit (mtu) on a common interface. This check is performed when neighbors exchange (exchange stage) (DD's) database description packet. If the receiving MTU in the DD packet was higher then the IP MTU configured on the incoming interface, OSPF will not establish an adjacency. The DD packet were dropped. This was done on the DD phase because initially MTU mismatches could cause flooding between 2 neighbors to fail with large LSU's being continually retransmitted. -Mario >That doesn't answer your question, but maybe there are some >hints in the >article that discusse the "ip ospf mtu-ignore" feature here: > >http://www.cisco.com/warp/public/104/12.html > >___ > >Priscilla Oppenheimer >www.priscilla.com > > >> __ > >> >> === >> [EMAIL PROTECTED] (http://bizsite.sina.com.cn) >Report misconduct >and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72059&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
The original question (as I understood) was about a single LSA that is larger than 1500 bytes (think Type 1 LSA for a router with 200 interfaces). I can't see how such an LSA could be divided into multiple OSPF messages so the only logical (implementation independent) solution seems to be to fragment the packet at the IP layer. Am I missing something? If you are asking about how LSAs that are individually smaller than 1500 byte are grouped together, then my (moderately educated :) answer is this: IOS defines a constant called MAXOSPFPACKETSIZE to be 1500 bytes and another constant called MAX_OSPF_DATA to be MAXOSPFPACKETSIZE - IPHEADERBYTES - OSPF_HDR_SIZE. The code that transmits the LSAs keeps packing the LSAs into the same packet as long as their total length is below MAX_OSPF_DATA, the net result being that the size of the IP packet can be up to 1500 bytes (and will in fact be close to it if the individual LSAs are not too big) if there are enough LSAs, regardless of the MTU. So for example if you set the IP MTU on an Ethernet interface to 500 bytes, and you have a large enough OSPF database, then you should see a lot of fragmented OSPF packets, regardless of how big the individual LSAs are. I didn't write the code though, so take all this with a grain of salt. :) Thanks, Zsombor At 12:40 AM 7/9/2003 +, Howard C. Berkowitz wrote: >At 10:46 PM + 7/8/03, Zsombor Papp wrote: > >The LSA will be fragmented at the IP layer. > >Do you know for certain this is what Cisco's implementation does? >The OSPF code is aware of the MTU and can build OSPF packets for it. >I don't think you're really going to simplify it by relieving it of >the need to keep track of lengths. > >On the other hand, if you send a LSupdate that is at the MTU, the >receiving router can immediately start checking and installing it in >the LSDB, without waiting for fragments. This allows some concurrency >between OSPF packet transmission and OSPF protocol processing. > > >At 11:39 AM 7/8/2003 +, hebn wrote: > >>layer 2 frame has a MTU of 1500 bytes. > >> how does cisco router propagate router-lsa whose size exceed 1500 > > >bytes(more than 122 links in one area)? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72055&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
one more time ISDN ... [7:72057]
Hi, I have a question I hope some one help... :) 1. Does the order of entering the commands under the physical and dialer profile makes any difference. -- interface BRI0/0 no ip address encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 isdn switch-type basic-net3 no cdp enable ppp authentication chap ppp multilink ! interface Dialer0 description Dialer 2 test_lab ip address 10.10.10.1 255.255.255.252 encapsulation ppp dialer pool 1 dialer remote-name test_lab dialer string 12123633 class myclass dialer string 12123634 class myclass dialer load-threshold 128 either dialer-group 5 ppp authentication chap ppp multilink - 2. Can we have configuration like this? and how it will work? ip route 0.0.0.0 0.0.0.0 172.20.14.2 ip route 0.0.0.0 0.0.0.0 172.21.14.2 200 cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72057&t=72057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redistributing default route from BGP into OSPF [7:72058]
I could not find a doc explaining why a default route learned from BGP is not redistributed into OSPF. Any thoughts? R5#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 2.0.0.0/32 is subnetted, 1 subnets O 2.2.2.2 [110/2] via 125.125.125.2, 1d01h, FastEthernet0/0.125 C192.168.15.0/24 is directly connected, FastEthernet0/0.51 C192.168.25.0/24 is directly connected, FastEthernet0/0.52 O192.168.24.0/24 [110/65] via 125.125.125.2, 1d01h, FastEthernet0/0.125 5.0.0.0/24 is subnetted, 1 subnets C 5.5.5.0 is directly connected, Loopback0 10.0.0.0/24 is subnetted, 4 subnets O E210.9.2.0 [110/1] via 125.125.125.2, 1d01h, FastEthernet0/0.125 O E210.9.1.0 [110/1] via 125.125.125.2, 1d01h, FastEthernet0/0.125 C 10.8.1.0 is directly connected, Loopback1 C 10.6.1.0 is directly connected, Loopback2 125.0.0.0/24 is subnetted, 1 subnets C 125.125.125.0 is directly connected, FastEthernet0/0.125 56.0.0.0/24 is subnetted, 1 subnets C 56.56.56.0 is directly connected, FastEthernet0/0.56 R2-bsa# sh run router ospf 1 redistribute bgp 1 subnets R2-bsa#sh ip bgp BGP table version is 14, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *> 0.0.0.0 192.168.24.2 0 2 i *> 10.6.1.0/24 0.0.0.0 11 32768 i *> 10.8.1.0/24 0.0.0.0 11 32768 i *> 10.9.1.0/24 192.168.24.2 0 2 i *> 10.9.2.0/24 192.168.24.2 0 2 i R2-bsa#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR Gateway of last resort is 192.168.24.2 to network 0.0.0.0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72058&t=72058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ping the PIX inside from an external interface [7:72052]
You can only ping the internal int on the pix if you are sitting on the inside. You would also need to issue the command "telnet x.x.x.x inside". You can never cross an interface to get to another interface on a pix for the purpose of ping or telnet. You must always use the interface closest to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 3:02 AM To: [EMAIL PROTECTED] Subject: ping the PIX inside from an external interface [7:72052] Can someone help me ?! I do playing around with different configurations trying to successful ping the internal interface -172.16.200.1 - of a PIX from an external Router interface. ip address outside 192.168.100.2 255.255.255.248 ip address inside 172.16.200.1 255.255.255.0 After a lot of trails I don't think that this is possible - right ? Many Thanks, Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72056&t=72052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Visio Stencils [7:72054]
Does anyone have visio stencils for Cisco 3500 series switches like the 3508's and 3548's, I use to have them but had to reinstall and now that I have done that Cisco has seemed to remove these products from their site. Here is where all the other stencils are and there is a 3500 series stencil but it only has 3550's in the zip file. http://www.cisco.com/en/US/customer/products/prod_visio_icon_list.html Any help in locating these would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72054&t=72054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vpn concentrator authentication [7:72053]
Hi GS, Does anyone know off hand whether you can authenticate a group on a Cisco vpn concentrator (3030) with digital certificates and the user with Secure ID?? So far I can do one or the other as it seems that the although the SDI server authenticates a user it is configured at group level and so seems to negate the certificate. Is this because the group is more or less a client of the SDI server?? I apologize before hand if this is not the correct forum for this question. Any help is much appreciated. Cheers, Ciaron ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72053&t=72053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN ... connectivity [7:72051]
Hi, Can we connect 2 ISDN ports back to back for test ? (with out ISDN simulation device) Is there any kind cable to do this job? cheers Heiman. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72051&t=72051 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ping the PIX inside from an external interface [7:72052]
Can someone help me ?! I do playing around with different configurations trying to successful ping the internal interface -172.16.200.1 - of a PIX from an external Router interface. ip address outside 192.168.100.2 255.255.255.248 ip address inside 172.16.200.1 255.255.255.0 After a lot of trails I don't think that this is possible - right ? Many Thanks, Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72052&t=72052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF max Router-LSA links [7:72024]
At 2:42 AM + 7/9/03, Priscilla Oppenheimer wrote: >Howard C. Berkowitz wrote: >> >> At 10:46 PM + 7/8/03, Zsombor Papp wrote: >> >The LSA will be fragmented at the IP layer. >> >> Do you know for certain this is what Cisco's implementation >> does? >> The OSPF code is aware of the MTU and can build OSPF packets >> for it. >> I don't think you're really going to simplify it by relieving >> it of >> the need to keep track of lengths. > >Can you think of a good way to test it in a lab?? Lots of loopback interfaces, with appropriate coding so they don't present as host routes, coupled with small MTUs. Part of the problem in testing will be that any practical configuration doesn't press the limits. IIRC, I ran some calculations a while back that imposed a more stringent limit on the number of routers per segment -- the number you could fit into a Hello packet was around 47, a smaller number than you could type 1 LSAs. > >The RFC says that dividing up the updates is recomended over letting IP do >the fragmentation and Cisco is generally good at doing things the >recommended way usually. The person that I know who wrote most of the _good_ OSPF code has left Cisco, but I'll hunt around on the IETF list and find out if I can find someone who knows definitively. There are a lot of things in OSPF (and, for that matter, BGP) that experience have taught are simply not good ideas in practice. You'll find the latest BGP draft (I think it's 21 now, if it's reached the editor) is both considerably different from the BGP route selection process described in RFC 1771, and is also much closer to what Cisco, Juniper, NextHop/gateD, and Zebra actually do. OSPF will continue to evolve. The classic Dijkstra algorithm won't continue to serve as faster convergence requirements are placed on OSPF. To the best of my knowledge, most implementations save at least some intermediate Dijkstra results, and the trend is to do at least some incremental updating before committing to a full SPF recomputation. > >Priscilla > > >> >> On the other hand, if you send a LSupdate that is at the MTU, >> the >> receiving router can immediately start checking and installing >> it in >> the LSDB, without waiting for fragments. This allows some >> concurrency >> between OSPF packet transmission and OSPF protocol processing. >> >> >At 11:39 AM 7/8/2003 +, hebn wrote: >> >>layer 2 frame has a MTU of 1500 bytes. >> >> how does cisco router propagate router-lsa whose size >> exceed 1500 >> > >bytes(more than 122 links in one area)? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72050&t=72024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]