OSPF over IPSec [7:72606]
Hey would like to run something by the ospf-geeks here. For a little bit I've been mulling over OSPF over an IPSec vpn tunnel. I know it can be done with routers and a GRE tunnel but what about the two actual end devices. Im currently tinkering with a PIX506 and a VPN Concentrator 3000. Both devices are OSPF aware. But, they don't seem to accept the concept of a vpn int being . an interface and really don't like to think about forming adjencies over that. I was just wondering if anyone had any ideas about this or if they've experianced ospf between two separate networks with just these devices on the edges. google turns up only GRE methods as well it seems as CCO. Thus it probably wont work but I figured Cisco might hack a way into it since after all they implemented ospf on the pix and concentrators. Thanks in advance for any ideas or thoughts. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72606&t=72606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3524XL Error Message [7:72563]
On Friday 18 July 2003 10:47, you wrote: > Yes, I have seen it on one of my boxes. It's a hardware problem. Open a TAC > case and they'll probably RMA it. > > Shawn K. > > -Original Message- > From: Firesox [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 7:20 AM > To: [EMAIL PROTECTED] > Subject: 3524XL Error Message [7:72563] > > Folks, > I am troubleshooting the 3524XL and get the following message at the boot. > > C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: > > C3500XL POST FAILURE: looped-back packet not received > > > > It is connected to 2950G-24. 2950 is seeing the 3524XL via CDP, but not > vice versa. > > > > Has anyone seen this error messgae/condition? > > > > Thanks in advance. Yea, I've got a couple 3524 with the FastEthernet's out. They seem to go in blocks of 4 ports at a time for those. Haven't seen GigE's drop though... yet. Definatlly hardware, like a circut protection device popped. Dunno about that for optical though. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72586&t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quoting in Replies [7:71366]
On Tuesday 01 July 2003 15:29, Jamie Johnson wrote: > Cool! My cosmic ray machine must be working. Better put on your tinfoil > hats. > > From: Recent escapee from the ex-dot.commer insane asylum > > John Neiberger wrote: > > - jvd 7/1/03 12:32:02 PM >>> > > > > > >Hi my Quote button disappeared! No serious, there used to be a > > > > quote > > button > > > > >next to my Post button but now it's gone. I refreshed the page > > > > as well and > > > > >still nothing. Maybe the cosmic rays hit my PC's memory, > > > > corrupted it and > > > > >deleted my Quote button :-) > > > > > >No serious, is anybody else also having this problem? > > > > That's rather odd. What browser are you using? Could that be considered a Denial of Service attack? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71752&t=71366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
span sessions [7:65531]
hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 users network with both 100mbit and gigabit links. I have to watch a couple boxes on a very busy vlan for session data for analysis, but there is s much traffic on the specific vlan that it literally made my little laptop scream and makes other stronger boxes kinda just die. Well the application (ntop). I'd like to see if there is a way to use regexp or filtering somehow to apply to span to kinda not get the 1gig/s backup traffic that blows my application up. I've dug through various manuals and "?" is certainly my friend but I can't get anything to work and theres just way too much data off the pipe. Kinda like drinking from a fire hose ya know. If anyone has a suggestions on how to limit traffic on a span port to hosts, please let me know. Possibly also if anyone knows any neato applications that can do application stream reporting per port etc with bw graphing for the folks who think computers are like books let me know. One caveat, it has to run in a GNU enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' Thanks in advance, Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65799&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
span sessions [7:65531]
hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 users network with both 100mbit and gigabit links. I have to watch a couple boxes on a very busy vlan for session data for analysis, but there is s much traffic on the specific vlan that it literally made my little laptop scream and makes other stronger boxes kinda just die. Well the application (ntop). I'd like to see if there is a way to use regexp or filtering somehow to apply to span to kinda not get the 1gig/s backup traffic that blows my application up. I've dug through various manuals and "?" is certainly my friend but I can't get anything to work and theres just way too much data off the pipe. Kinda like drinking from a fire hose ya know. If anyone has a suggestions on how to limit traffic on a span port to hosts, please let me know. Possibly also if anyone knows any neato applications that can do application stream reporting per port etc with bw graphing for the folks who think computers are like books let me know. One caveat, it has to run in a GNU enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' Thanks in advance, Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65531&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and Cryptochecksum [7:59650]
Hey folks, I just saw a strange incident with a pix 501 in china. To be breif, this pix was doing ipsec to a site in america, PAT and smtp port redirection. One day out of the blue, all the access-list entries and crypto match rules were gone.. poof! all the access-groups were too. The static commands were still there and everything else. I think this is possibly a security violation. The one thing I noticed was the Cryptochecksum was _ALL_ zeros in the sh config. A little birdie at tac told me that it is possible that the cryptochecksum could be zeros but that strongly goes against my tuition. Does anyone have any idea on this? Afaik that should never be 0. Thanks in advance, eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59650&t=59650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
backup plan for a campus [7:7052]
hiya folks :) happy monday I'm thinking of backup solutions for a network I'm consulting for. This network consists of 7 Vlans of which 5 are used for production. The core switch is a Cat 6509 with gig uplinks to 9 closets with about 1500 nodes total. Incase the Cat catches on fire I would like to have a borg like spanning tree festival that will make the network at least usable till smartnet kicks in and replaces things. To each closet we have multiple fibers running that are unused that I can use. To the best of my little knowledge of design of networks. What Im thinking is a smaller cat3508 as a redundant link to the closets. Spanning tree will do it's job on the trunks. But this is just a bunch of 35xx switches and intervlan routing is not taken care of. Now, here I have a 2620 with a Fast Ethernet capable of ethernet trunks. if need be I can install another Fast Ethernet card in it. This would do the inter-vlan routing. questions: Is this a good idea? Any better ideas for it? Where the heck would I put the router to do the intervlan stuff and what would tell the switches to use it as such. Can I just plug it into a peripheral trunked 3524 and let er rip or does it have to be on the temp backbone switch? your design expertise would be GREATLY___ appreciated. This company is in the middle of layoffs like mad. Soon it will be back to paper like the '60s :| But anyways this is what keeps me paid. Links, replies, money, free cheeze, coupons appreciated! Thanks VERY VERY much in advance, David Cooper eosyn at linuxmafia dot org (no Im not a mafia person or '31337') Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7052&t=7052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Disaster recovery input from pros needed :) [7:4841]
Heya, I'm at a site right now where I we have a central Cat 6509 as core with a couple fiber blades and 4 more 10/100 rj45 blades (ACK). This switch does the core routing within the network. It also is the main switch for the servers at the site. The fiber blades go out to closets with stacks of 3524's. There is also another stack of 3524's right next to the Big kitty for workstations in the area. They have really good turnaround on the failure of the cat6509 but I still wonder what the downtime will cost them if the thing decides it would rather be a coffee maker. I have been talking to the tie wearing folks about an interim backup solution. Im thinking in the interim of a disaster I can grab a 2620 or higher and run the routing on a stick I hear on this group so often. I am not sure where to place this router though. I can swap all the gig modles to the 3524's next to the cat. Then from there put a router on it and do the router on a stick. I just don't know where exactly to put this in and how to design it. ( Im not versed in network design of this type and quite a few others too :) Some ideas in this matter from the grand folks on the group would be appreciated indeed. Im am very interested in learning this one. Also what to do about those 48 port modules on the Cat while it is sleeping too? Hehe. If I were here while this was being designed I would have yelled alot more about this conglomerate core/distro/access thingy. Anyway if you need drawnings of the mess or any further info I can supply them quick like :) Looking forward to your thoughts! Thanks in advance. Dave Cooper Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4841&t=4841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FS: Rack & Cat 5k (Seattle area only) [7:3331]
how much for the carpet fuzz? On Saturday 05 May 2001 16:54, Jon wrote: > I liberated a full-size rack from work, so now I have a half-size rack I'd > like to get rid of. It's meant to hang from the wall and hold a bunch of > gear -- this isn't one of those cheap racks from Musician's Friend. It's > all steel, and I have no interest in tearing it apart and shipping it, so > if anyone in the Seattle general area wants it, let me know. > > I also have a Cat 5000 that I don't need anymore. I'd prefer to not ship > this guy, as well, so if I can't find someone local, it'll stay in my rack > and collect carpet fuzz. > > -jon- > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3347&t=3331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switching (bridging across 1 vlan) [7:2579]
Hi again, I'm mulling over a possible issue on a (WINDOWS) lan here that uses a Cisco 6509 with a few vlans. One of the vlans is accessable via 2 ports (GE). On one side of the vlan, there is the subnet master browser and, on the other side of the switch are more clients. These clients that are isolated from the master browser are failing to see browse lists. A few things complicate this like the MBrowser is a w2k machine while the clients are win9X. While in the Supervisor module I notice that they are not forwarding the protocols netbios name server and netbios datagram. Other than that everything looks OK. What I'm wondering here is, on a Cat 6509 or on any other for that matter, Does the Packets from the same VLAN traverse the policies on the sup module? As in netbios requests enters ge1 then hits the access lists on the super and gets stopped? I would figure that being in the same vlan and broadcast domain that this would not be tampered with. Any insight would be appreciated. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2579&t=2579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
packet filtering and nat (yea ugh) [7:143]
Hiya, Im somewhat stumped here and could use some help from the folks. I have a 2610 doing NAT over a cablem modem and really need to tighten it up just a bit. The router is communicating with the internet via e0/0 and the internal network is running over s0/0 ( till I get an NM-1E ). My policy is somewhat open as follows: ALLOW ANYONE to communicate with the internet FROM inside. (nat'ed rfc1918) ALLOW inbound http from anyone to internal network (translated and working) ALLOW inbound ssh from anyone to internal network (translated and working) DENY anyone's incomming packets who has the SYN bit set but NOT SYN/ACK. ALLOW anything else at the momment default DENY Most of this policy is to be enforced inbound e0/0. I have tried to implement the syn !syn/ack with extended rules access-list 102 deny tcp any any syn but when I apply this with an allow any any onto e0/0, all the outbound packets die either the syn/ack's from outside sites are getting denied or it never leaves the router to begin with. I cannot define a rule to pick out pure syn bit packets from syn/ack'd ones. Does anyone know a good packet filtering rule to accomplish this? Seems it should be pretty standard fare as far as packet filtering routers go (shrug). Thanks in advance, Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=143&t=143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routing protocols over a serial link
Ya know, that fixed it right up. For some reason I was thinking it would cause troubles if I advertised the same network out but now that I read into it, thats not the context at all. Strange.. now for ospf :) Look to the south for a large mushroom cloud in the sky. Thanks again, Dave On Wednesday 04 April 2001 00:45, John Neiberger wrote: > In EIGRP, the network statement specifies which interfaces are going to > participate in the routing process. So, for every separate major network > on the router, you need a different network statement. > > For example, on Router eo1 the only interface that will run EIGRP is e0. > To have EIGRP run on all interfaces on that router, add "network 10.0.0.0". > > Do that for the necessary networks on each router and you should be good to > go! > > HTH, > John > > > Okey dokey :) > > > > 3 routers: > > > > eo1 Cisco 2516 2 Serials s0 and s1, 1 ethernet (hub). > > e0: 172.16.1.40/16 > > s0: 10.10.10.10/24 (creative huh?) s0.1 > > s1: 10.10.30.1/24 s1.1 > > > > > > eo2 Cisco 1602r 2 Serials (56K 4 wire dsu), 1 ethernet > > e0: 192.168.1.1/24 > > s0: 10.10.30.2/24 s0.1 > > s1: 10.10.20.2/24 s1.1 > > > > > > eo3 Cisco 2610 2 Serials (1 56K 4 wire dsu) , 1 WIC-T1, 1 ethernet > > e0: 192.168.200.1/24 > > s0: 10.10.10.11/24 s0/0.1 > > s1: 10.10.20.1/24 s0/1.1 > > > > just a basic run down. > > > > > > eo1's config. > > ! > > version 12.0 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname eo1 > > ! > > enable secret 5 $k3jl23.3kj2lk3jn4k3l233. > > ! > > ip subnet-zero > > ! > > ! > > ! > > > > ! > > ! > > interface Ethernet0 > > ip address 172.16.1.40 255.255.0.0 > > no ip directed-broadcast > > ! > > interface Serial0 > > no ip address > > no ip directed-broadcast > > encapsulation frame-relay > > no ip mroute-cache > > logging event subif-link-status > > logging event dlci-status-change > > no keepalive > > clockrate 200 > > ! > > interface Serial0.1 point-to-point > > ip address 10.10.10.10 255.255.255.0 > > no ip directed-broadcast > > frame-relay interface-dlci 100 > > ! > > interface Serial1 > > no ip address > > no ip directed-broadcast > > encapsulation frame-relay > > logging event subif-link-status > > logging event dlci-status-change > > no keepalive > > ! > > interface Serial1.1 point-to-point > > ip address 10.10.30.1 255.255.255.0 > > no ip directed-broadcast > > frame-relay interface-dlci 200 > > ! > > interface BRI0 > > no ip address > > no ip directed-broadcast > > shutdown > > ! > > router eigrp 1 > > network 172.16.0.0 > > ! > > ip classless > > ip route 0.0.0.0 0.0.0.0 172.16.1.16 > > ! > > ! > > line con 0 > > exec-timeout 540 0 > > password eh? > > login > > transport input none > > line aux 0 > > line vty 0 4 > > exec-timeout 540 0 > > password wee > > login > > ! > > end > > > > > > > > eo2's config > > ! > > version 11.2 > > no service password-encryption > > service udp-small-servers > > service tcp-small-servers > > ! > > hostname eo2 > > ! > > enable secret 5 $1$klwke..ekrjekwejr3lk3js. > > ! > > interface Ethernet0 > > ip address 192.168.1.1 255.255.255.0 > > no ip route-cache > > no ip mroute-cache > > logging event subif-link-status > > ! > > interface Serial0 > > no ip address > > encapsulation frame-relay > > no ip route-cache > > no ip mroute-cache > > logging event subif-link-status > > logging event dlci-status-change > > no keepalive > > service-module 56k clock source internal > > service-module 56k network-type dds > > ! > > interface Serial0.1 point-to-point > > ip address 10.10.30.2 255.255.255.0 > > no ip route-cache > > no ip mroute-cache > > no arp frame-relay > > frame-relay interface-dlci 200 > > ! > > interface Serial1 > > no ip address > > encapsulation frame-relay > > logging event subif-link-status > > logging event dlci-status-change > > no keepalive > > ! > > interface Serial1.1 point-to-point > > ip address 10.10.20.2 255.255.255.0 > > frame-relay interface-dlci 150 > > ! > > router eigrp 1 > > network 192.168.1.0 > > ! > > ip classless > > logging buffered 4096 debugging > > ! > > line con 0 > > exec-timeout 540 0 > > password cheeze > > login authentication conmethod > > line vty 0 4 > > exec-timeout 540 0 > > password milk > > login authentication vtymethod > > ! > > end > > > > > > eo3's config > > > > ! > > > > version 12.0 > > > > service timestamps debug uptime > > > > service timestamps log uptime > > no service password-encryption > > ! > > hostname eo3 > > > > ! > > > > enable secret 5 $1$T1Rz$TPvI656j4h4 > > ! > > memory-size iomem 20 > > ip subnet-zero > > ! > > ! > > ! > > ! > > > > ! > > interface Ethernet0/0 > > ip address 192.168.200.1 255.255.255.0 > > > > no ip directed-broadcast > > > > ! > >
Re: routing protocols over a serial link
Okey dokey :) 3 routers: eo1 Cisco 2516 2 Serials s0 and s1, 1 ethernet (hub). e0: 172.16.1.40/16 s0: 10.10.10.10/24 (creative huh?) s0.1 s1: 10.10.30.1/24 s1.1 eo2 Cisco 1602r 2 Serials (56K 4 wire dsu), 1 ethernet e0: 192.168.1.1/24 s0: 10.10.30.2/24 s0.1 s1: 10.10.20.2/24 s1.1 eo3 Cisco 2610 2 Serials (1 56K 4 wire dsu) , 1 WIC-T1, 1 ethernet e0: 192.168.200.1/24 s0: 10.10.10.11/24 s0/0.1 s1: 10.10.20.1/24 s0/1.1 just a basic run down. eo1's config. ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname eo1 ! enable secret 5 $k3jl23.3kj2lk3jn4k3l233. ! ip subnet-zero ! ! ! ! ! interface Ethernet0 ip address 172.16.1.40 255.255.0.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache logging event subif-link-status logging event dlci-status-change no keepalive clockrate 200 ! interface Serial0.1 point-to-point ip address 10.10.10.10 255.255.255.0 no ip directed-broadcast frame-relay interface-dlci 100 ! interface Serial1 no ip address no ip directed-broadcast encapsulation frame-relay logging event subif-link-status logging event dlci-status-change no keepalive ! interface Serial1.1 point-to-point ip address 10.10.30.1 255.255.255.0 no ip directed-broadcast frame-relay interface-dlci 200 ! interface BRI0 no ip address no ip directed-broadcast shutdown ! router eigrp 1 network 172.16.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.1.16 ! ! line con 0 exec-timeout 540 0 password eh? login transport input none line aux 0 line vty 0 4 exec-timeout 540 0 password wee login ! end eo2's config ! version 11.2 no service password-encryption service udp-small-servers service tcp-small-servers ! hostname eo2 ! enable secret 5 $1$klwke..ekrjekwejr3lk3js. ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 no ip route-cache no ip mroute-cache logging event subif-link-status ! interface Serial0 no ip address encapsulation frame-relay no ip route-cache no ip mroute-cache logging event subif-link-status logging event dlci-status-change no keepalive service-module 56k clock source internal service-module 56k network-type dds ! interface Serial0.1 point-to-point ip address 10.10.30.2 255.255.255.0 no ip route-cache no ip mroute-cache no arp frame-relay frame-relay interface-dlci 200 ! interface Serial1 no ip address encapsulation frame-relay logging event subif-link-status logging event dlci-status-change no keepalive ! interface Serial1.1 point-to-point ip address 10.10.20.2 255.255.255.0 frame-relay interface-dlci 150 ! router eigrp 1 network 192.168.1.0 ! ip classless logging buffered 4096 debugging ! line con 0 exec-timeout 540 0 password cheeze login authentication conmethod line vty 0 4 exec-timeout 540 0 password milk login authentication vtymethod ! end eo3's config ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname eo3 ! enable secret 5 $1$T1Rz$TPvI656j4h4 ! memory-size iomem 20 ip subnet-zero ! ! ! ! ! interface Ethernet0/0 ip address 192.168.200.1 255.255.255.0 no ip directed-broadcast ! ! interface Serial0/0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache no keepalive ! interface Serial0/0.1 po
routing protocols over a serial link
Hey again, I've run into a wall here trying to configure a small test lab. The problem is, In my network of three routers, No routing protocol will traverse one serial link. The serial link in question is up/up and ip traffic will pass across it. static routes work, dynamic routes aren't ever learned. The serial interfaces are all frame relay and are tested fully for ip functionality. All 3 routers have 2 serial interfaces apeice. They are linked in a triangle mesh on separate subnets for each link. They are running encapsulation frame-relay, with no keepalives. subinterfaces are point-to-point. On both the offending routers a show ip eigrp interfaces return showing just the ethernet ports of the routers as the only interfaces used in the routing process. Im just wondering if there is something crucial that I am totally missing here. If required I will paste out the configs in another email. I just don't like to write long emails with all the details if I don't have to. Sorry if I leave some holes. Any advice would be appreciated. Thanks in advance, Dave _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Break Command
It varies per Application you are using.. Check here: http://www.cisco.com/warp/public/701/61.html this has various procedures to break with and has helped alot everytime I destroyed my lab. :) HTH Dave On Monday 02 April 2001 17:06, Nathan Chessin wrote: > Is there an IOS command that will disable the break sequence on a router? > I can't seem to find any documentation on this. Thanks in advance > > Nate > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: setting up 2500's
get a couple DTE-DCE cables and connect with routers with that. Its called back-to-back. Pretty simple really. You can get the cables from ebay or some of the other folks in the list have commercial sites for them. hth. Dave On Friday 30 March 2001 19:29, Luke Everett wrote: > I have 3 Cisco 2500 routers that I want to setup to simulate WAN = > connections. What can I do to simulate this with my wan cables without = > having to buy a CSU/DSU? Thanks. > > > Luke Everett > MCP+I,MCSE,CCNA > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Back -to-Back
hey again, I've done this. I got the info on back-to-back at: http://www.cisco.com/warp/public/471/75.html This should be about all ya need :) Dave On Friday 30 March 2001 12:46, John Huston wrote: > I would appreciate someone's knowledge on how to setup two Cisco 1750's > each having T1 DSU/CSU WIC's. > > Thank you in advance for your assitance. > > > John Huston > [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Can't ping anything on LAN when connected on dial-up adapter
Hiya, This is due to when the user dials up, the Win32 pc sets a default route to the ISP. This route is taken over any others in the delivery of packets. The best way I have found around this is to add static routes back to my LAN while dialed up. This is very common. Hope this helps, Dave On Friday 30 March 2001 10:52, Ole Drews Jensen wrote: > This might be a little off topic since it is not regarding Cisco, but then > again maybe not, since it's about routing and connectivity after all. > > I have a small LAN where five workstations and one printer. Everybody can > ping eachother and the printer. However, if one of the users establish a > dial-up connection to the ISP, she can't ping anything on the LAN anymore. > > The workstations are running Windows 95/98. > > I haven't been able to find anything (yet) in Microsofts Knowledgebase (I'm > still looking), but I thought that some of you might have had this problem > yourselves. > > Any comments on this will be appreciated. > > Thanks, > > Ole > > > Ole Drews Jensen > Systems Network Manager > CCNA, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > http://www.oledrews.com/ccnp > > NEED A JOB ??? > http://www.oledrews.com/job > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF
just what I was looking for :) Thanks, Dave On Wednesday 14 March 2001 23:34, Howard C. Berkowitz wrote: > >Hey all, > > > > I've been reading into BSCN here lately with Cisco press > >books. In the book > >there is a fairly detailed discussion of OSPF. I'm not in the least > > opposed to learning it. One thing I would like to understand is why an > > organization would use it. Is this used in ISP's? What are the advantages > > of it over say, EIGRP? I always see it compared to RIPv1 but I find it > > silly for advanced routing protocols to be compared with ripV1. > > I'll preface my remarks with the observation that all three advanced > IGPs: OSPF, EIGRP, and ISIS, all work well. ISIS is more a niche > protocol for ISPs. There are pros and cons for each one. > > OSPF and ISIS require structured network topology from the very > beginning, while EIGRP is much more tolerant -- up to a point. For > me, the definitive comment came over a few beers shared with a > distinguished Cisco engineer. He observed, "to build a really big > network, you absolutely have to have clue." He burped loudly, and > then went on. "EIGRP has the advantage of letting you stay clueless > for longer." > > The biggest argument against EIGRP is that it is Cisco proprietary. > Being proprietary has implications beyond the multivendor question. > Because some of the EIGRP mechanisms have not been published by > Cisco, there isn't the external knowledge base about EIGRP that there > is about OSPF and ISIS. Protocol and network architects have a very > deep understanding how OSPF and ISIS will behave and what their > strengths and weaknesses are, but no one who hasn't been a Cisco > employee can have the same sort of insight. > > For similar topologies, EIGRP generally needs less processing than > OSPF. On the other hand, with ever-faster processors, this may not be > a significant constraint. In a fair test, with equivalent timers set > to equivalent values, both converge very fast, and convergence time > should not be an issue with any protocol (assuming reasonable network > topology). EIGRP may be able to find an alternate path faster when > that path goes through a neighbor, but OSPF is faster if the > alternate path might be several hops away. > > If you run Appletalk or IPX routing, there is a definite advantage to > using EIGRP. EIGRP also can bring incremental updating to a Netware > 3.x environment that can't be upgraded. > > A few things to consider. > > >Please forgive me if this is shortsighted of me. > > > >Thanks in advance, > >Dave > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF
Hey all, I've been reading into BSCN here lately with Cisco press books. In the book there is a fairly detailed discussion of OSPF. I'm not in the least opposed to learning it. One thing I would like to understand is why an organization would use it. Is this used in ISP's? What are the advantages of it over say, EIGRP? I always see it compared to RIPv1 but I find it silly for advanced routing protocols to be compared with ripV1. Please forgive me if this is shortsighted of me. Thanks in advance, Dave _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: icmp weirdness
Hey, thanks for the help. In the frame relay network we have, hops are transparent kind of. Only the CPE is visable. I had established that the problem was occuring at the last router's ethernet interface. When I trace the routes out it just gets to that router and times out. What Erick B. pointed out was due to the fact that the primary address on e0 was not the same network that the host in question was on. This turns out to be the case. If I do an extended ping and source the packets from the secondary address, the machine responds without haste. I've requested that the administrator of the hosts over there build a static route to the foriegn network address to help out although I don't suspect it will help alot from an analytical point of view. :) Thanks for all the help! - Sorry for the delay in replies. Dave On Thursday 01 March 2001 00:17, David Cooper wrote: > Hey folks, > > I've got an issue at work I'd like to run by you. I sent a request to > cisco's forum but have yet to hear an answer from anyone. We have a Cisco > 2610 router in Ireland. This router has 1 Ethernet connected to a local > segment and s0 point-to-point frame relay going to chicago, Ill (sub > interface). Heres the details on the Ireland router: > > Ethernet segment: e0's primary address is 132.158.132.252/24 (some hosts > refuse to change addresses). e0's secondary is 10.43.0.1/16. > Serial 0/0.1 is 10.126.43.2/24. All advertised by Eigrp. > > > Chicago's router is: > > Ethernet segment is varibly subnetted 10.4.0.0/16. > Serial 0/0.13 is 10.126.43.1/24. Once again, Eigrp is the routing protocol. > > There is a host on Ireland's lan with address 10.43.3.230/16. > > If I log into Ireland's router and issue ping 10.43.3.230, nothing happens. > It just times out. If I log into Chicago's router and ping the same host, > it replies fine. If I ping it from a host behind Chicago's router, it > replies as well. If another host on 10.43.0.0/16 pings that host it > replies fine. I can ping any of 3.230's neighbors no problem. Its just > that Ireland's router wont ping it at all. show ip route verifies a route > as directly connected. > > Has anyone heard of this? A bug? I can't verify all the way down because I > don't have physical access to Ireland's lan (thank god) to put a sniffer > up. > > > We are trying to use this host for a second default route to a vpn box > incase the frame relay ever fails (and it does... often). > > Sorry to drag this on. > > Thanks in advance. > Dave Cooper, CCNA > Littelfuse, Inc. > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN B Chanell
On Thursday 01 March 2001 21:17, Santosh Koshy wrote: > I am presently using the command "dialer load-threshold 1 either" to no > sucess... > > "Daniel Cotts" <[EMAIL PROTECTED]> wrote in message > 303479FA060CD211B893F805A88AA11009@EXCHANGE1">news:303479FA060CD211B893F805A88AA11009@EXCHANGE1... > > > On the BRI interface use "dialer load-threshold 'load'". A value of 1 for > > load brings up the second link instantaneously. Quoted from the Cisco > > Press > > > BCRAN book edited by Catherine Paquet p197. There is more detail to this > > - so best to check out CCO. > > > > > -Original Message- > > > From: Santosh Koshy [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, March 01, 2001 7:37 PM > > > To: [EMAIL PROTECTED] > > > Subject: ISDN B Chanell > > > > > > > > > Hello All, > > > > > > I am setting up a simple point to point ISDN BRI > > > connection. It > > > works like a charm, but for the life of me, I cannot get the > > > secondary B > > > chanell to come up. When I initiate a ping, it brings up the > > > first B chanell > > > instantaneously, but it wont bring up the secondary. > > > > > > ROUTER 1 > > > interface BRI0 > > > ip address 10.10.10.1 255.255.255.240 > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer idle-timeout 86400 > > > dialer map ip 10.10.10.2 name ABC broadcast 9032031701 > > > dialer map ip 10.10.10.2 name ABC broadcast 9032031704 > > > dialer hold-queue 1 > > > dialer load-threshold 1 either > > > dialer-group 1 > > > isdn switch-type basic-ni > > > isdn spid1 90319074001 > > > isdn spid2 903319074101 > > > compress stac > > > ppp authentication chap > > > ppp multilink > > > > > > ROUTER 2 > > > interface BRI0 > > > ip address 10.10.10.2 255.255.255.240 > > > no ip directed-broadcast > > > encapsulation ppp > > > dialer idle-timeout 86400 > > > dialer map ip 10.10.10.1 name XYZ broadcast 9033190740 > > > dialer map ip 10.10.10.1 name XYZ broadcast 9033190741 > > > dialer hold-queue 1 > > > dialer load-threshold 1 either > > > dialer-group 1 > > > isdn switch-type basic-ni > > > isdn spid1 903203170101 > > > isdn spid2 903203170401 > > > compress stac > > > ppp authentication chap > > > ppp multilink > > > > > > Thanx, > > > Santosh > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct > > > and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
icmp weirdness
Hey folks, I've got an issue at work I'd like to run by you. I sent a request to cisco's forum but have yet to hear an answer from anyone. We have a Cisco 2610 router in Ireland. This router has 1 Ethernet connected to a local segment and s0 point-to-point frame relay going to chicago, Ill (sub interface). Heres the details on the Ireland router: Ethernet segment: e0's primary address is 132.158.132.252/24 (some hosts refuse to change addresses). e0's secondary is 10.43.0.1/16. Serial 0/0.1 is 10.126.43.2/24. All advertised by Eigrp. Chicago's router is: Ethernet segment is varibly subnetted 10.4.0.0/16. Serial 0/0.13 is 10.126.43.1/24. Once again, Eigrp is the routing protocol. There is a host on Ireland's lan with address 10.43.3.230/16. If I log into Ireland's router and issue ping 10.43.3.230, nothing happens. It just times out. If I log into Chicago's router and ping the same host, it replies fine. If I ping it from a host behind Chicago's router, it replies as well. If another host on 10.43.0.0/16 pings that host it replies fine. I can ping any of 3.230's neighbors no problem. Its just that Ireland's router wont ping it at all. show ip route verifies a route as directly connected. Has anyone heard of this? A bug? I can't verify all the way down because I don't have physical access to Ireland's lan (thank god) to put a sniffer up. We are trying to use this host for a second default route to a vpn box incase the frame relay ever fails (and it does... often). Sorry to drag this on. Thanks in advance. Dave Cooper, CCNA Littelfuse, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
