Re: unable to session tunnel to a msfc ---- hr's why ans
how do you get back to the console for the switch once you are in the console for msfc ""mike moran"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Handy to know:- > > > switch console (hidden command, g to Cisco) > > > > Bug Id : CSCds38294 > Headline MSFC cannot be accesed via switch console or session commands > Product cat6000 Model f6k-msfc > Componentsup-msfcDuplicate of > Severity 2 Status C > Version Found 12.12E Fixed-in Version > Release Notes > > In certain rare instances while performing disaster recovery, the cat6000 > Supervisor > Engine is not able to see the MSFC module installed on it. The "show module" > will > not show the module 15 or 16, even though it is physically present. The > "session 15" > or "session 16" command returns an error stating that "module # not > installed". > "reset 15" will return the same message. > There are a few disaster recovery methods to deal with this situation: > (i) The first method is to try the "switch console" command, which actually > switches > the console port over to the MSFC. In most cases you will find the MSFC > sitting in > "rommonitor" mode. From the rommon prompt, you can invoke the standard > disaster recover > procedure i.e. type "boot" to boot off any existing bootable files in > bootflash, > or do an x-modem to download an msfc-boot image. In some cases, this will > fail > and you will see the console hang at "connecting to router" message. At > this point, > you should try entering the appropriate break sequence e.g. ctrl-break, and > then you should be able to > break in to the rommonitor mode. In the extreme cases, the break sequence > will not work > and you will either drop back to the switch prompt or get stuck in the > "connecting > to router" message". > (ii) If the methods described in (i) fail, the last option is to try and > use the physical > console port on the MSFC card and connect to it using a Straight-Through > cable. > If you are able to acces the command line from here, you can invoke the > standard disaster recovery procedure. In extreme cases > > even this will fail. Refer to (iii) for the last technique in this > situation. > (iii) In this extreme situation, and having tried all of the techniques > described above, remove the Supervisor Engine > from the chassis and then remove the Bootflash Simm on the MSFC card. > Reinsert the Bootflash Simm and > make sure it is seated propery in the simm slot. Put the Supervisor back in > the chassis > and this time the MSFC should get recognized by the switch upon reload. > (Try the "switch console" command just in case the > > MSFC comes up in rommon on the reload, because it will not show up in the > "sh mod" in this case). > > > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 802.11g info [7:35422]
google is your friend ;) http://grouper.ieee.org/groups/802/11/private/Draft_Standards/11g/802.11g-D2 .1.doc well, sometimes. - Original Message - From: "Simon Yang (ITeX)" To: Sent: Thursday, February 14, 2002 5:28 PM Subject: 802.11g info [7:35422] > Does anyone has IEEE spec for 802.11g. I can't find it on IEEE's site. > Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35428&t=35422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIP exam info [7:36483]
I have looked at the content that is included on the Building Scalable Cisco Internetworks exam and the only difference I see is the addition of IS-IS material (ok I know it can get as complex as OSPF) but people are saying the sylabus is far more 'extensive'. Could anyone elaborate. (i like details ;) ) - Original Message - From: "Godswill Oletu" To: Sent: Tuesday, February 26, 2002 12:47 PM Subject: Re: CCIP exam info [7:36483] > BSCI is different from the BSCN exam. The BSCI exam is more extensive and > include additional materials like IS-IS, etc and it is one of the exam you > must take in the CCIP track. BSCN cannot substitute BSCI in the CCIP track, > but the CCNP/CCDP track the BSCI exam can be stand in for the BSCN exam. > > It means that if you take the BSCI exam, you have fulfilled one exam > requirement for 1.)CCNP/CCDP track and 2.)CCIP track. But the BSCN have > nothing to do with the CCIP track. > > Enjoy. > Godswill Oletu > > - Original Message - > From: Christophe Nemeth > To: > Sent: Tuesday, February 26, 2002 2:48 AM > Subject: CCIP exam info [7:36483] > > > > Hi, > > > > I would like to go for CCIP and I have a question about one of the exams. > > > > What is the difference between BSCN and BSCI. > > I have the courseware for BSCN and I would like to know if that is the > same > > as for BSCI. > > thanks a lot > > > > cheers > > > > chris > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36488&t=36483 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
calculating allowable hosts [7:11902]
Greetz, Can anyone explain how you get the allowable host addresses from the following 213.13.184.184 with 255.255.255.248?(or show where I can figure this out ) Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11902&t=11902 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
serving websites through frame-relay [7:11941]
Greetings Wizards, I need to setup a webserver using a frame-relay "link" and was given 6 host addresses to use for whatever services I needed. However, I wasn4t given any dlci "details" ( I am already using a dlci # on one subinterface to access the internet from inside), do I need to get this from my SP or I am going about this the wrong way (no dlci needed to config the subint for webserver?). Can anyone "enlighten" me here, please.(or point me to sample config) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11941&t=11941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: isochronous [7:12486]
If you haven't already try: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/itai.htm http://www.webopedia.com/ http://www.worldcom.com/tools-resources/communications_library Cheers, Paul - Original Message - From: Donald B Johnson jr To: [EMAIL PROTECTED] Sent: Monday, July 16, 2001 4:26 PM Subject: isochronous [7:12486] Does anyone have a link to some detailed information concerning isochronous, pleisochronous, or any other flavor of communication. I did a couple of searches and was not satisfied with the results. Thanks Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12490&t=12486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: isochronous [7:12486]
http://grouper.ieee.org/groups/1394/1/Documents/BR052R01.pdf Best I have got! - Original Message - From: Donald B Johnson jr To: Paul ; [EMAIL PROTECTED] Sent: Monday, July 16, 2001 9:00 PM Subject: Re: isochronous [7:12486] I was looking for something more in-depth than a dictionary definition. - Original Message - From: "Paul" To: Sent: Monday, July 16, 2001 8:41 AM Subject: Re: isochronous [7:12486] > If you haven't already try: > > http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/itai.htm > > http://www.webopedia.com/ > > http://www.worldcom.com/tools-resources/communications_library > > Cheers, Paul > > > - Original Message - > From: Donald B Johnson jr > To: [EMAIL PROTECTED] > Sent: Monday, July 16, 2001 4:26 PM > Subject: isochronous [7:12486] > > > Does anyone have a link to some detailed information concerning > isochronous, > pleisochronous, or any other flavor of communication. I did a couple of > searches and was not satisfied with the results. > Thanks > Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12509&t=12486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Problems [7:15236]
Check your switch type is right. It might also be an IOS problem might be worth upgrading your IOS. http://www.cisco.com/warp/public/129/isdn_disc_code.html Cheers, Paul - Original Message - From: Albert Lu To: [EMAIL PROTECTED] Sent: Wednesday, August 08, 2001 11:59 AM Subject: ISDN Problems [7:15236] Hello group, I'm having a little trouble with my ISDN config. Now, this is what I'm getting after a single ping. It looks like it's telling me "Mandatory IE missing". Could someone please take a look. Thanks Albert ! interface BRI0 ip address 196.1.1.1 255.255.255.0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer map ip 196.1.1.2 name RouterB broadcast dialer-group 1 isdn switch-type basic-ni ppp authentication chap ppp multilink ! no ip classless ! dialer-list 1 protocol ip permit ! ! RouterA#ping Protocol [ip]: ip Target IP address: 196.1.1.2 Repeat count [5]: 1 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 196.1.1.2, timeout is 2 seconds: 21:05:10: ISDN BR0: TX -> SETUP pd = 8 callref = 0x65 21:05:10: Bearer Capability i = 0x8890 21:05:10: Channel ID i = 0x83 21:05:10: Called Party Number i = 0x80, '' 21:05:10: ISDN BR0: RX CONNECT pd = 8 callref = 0xCC 21:05:10: Channel ID i = 0x8A 21:05:10: ISDN BR0: RX DISCONNECT pd = 8 callref = 0x65 21:05:10: . Success rate is 0 percent (0/1) RouterA#Cause i = 0x80E034 - Mandatory IE missing 21:05:10: ISDN BR0: RX RELEASE_COMP pd = 8 callref = 0x65 21:05:10: ISDN BR0: RX RELEASE pd = 8 callref = 0xCC 21:05:10: ISDN BR0: RX <- RELEASE_COMP pd = 8 callref = 0x4C 21:05:10: Cause i = 0x8090 - Normal call clearing _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15245&t=15236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: True story about console port access problem [7:17860]
And I thought the 'scroll lock' key was to turn on the scroll lock LED. Anyway, thanks for the tip, just hope I4ll remember it when I need it :=) - Original Message - From: Guy Russell To: Sent: Thursday, August 30, 2001 3:42 PM Subject: Re: True story about console port access problem [7:17860] > LOL, Oh yea, luckily, I happened to look at the keyboard and just tried > turning scroll lock off... > > and it worked. it was a lucky first attempt > > - Original Message - > From: Wilson, Bradley > To: > Sent: Thursday, August 30, 2001 8:37 AM > Subject: RE: True story about console port access problem [7:17860] > > > > To paraphrase Danny Vermin... > > > > "I had that same problem once. ONCE." > > > > ;-) > > > > > > > > -Original Message- > > From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 30, 2001 9:19 AM > > To: [EMAIL PROTECTED] > > Subject: True story about console port access problem [7:17860] > > > > > > Let me tell you a little story this rainy Thursday morning in Texas. > > > > I thought I had seen most problems with console port access - the flow > > control that is set to hardware instead of none, the cable being wrong, > etc. > > But, I was wrong! > > > > I was trying to get access to a 2924, but could only see output. It would > > not react to anything I typed. I was using the standard Hyper Terminal > that > > comes with NT. > > > > Okay, my first thought was that the PC I was using was just weird (which > it > > is btw), so I tried a different PC - same problem. > > > > Then I tried another cable - same problem. > > > > Then I tried another cable with another terminal adapter (rj45 to db9) - > > same problem. > > > > Then I tried another cisco device that I had telnet access to also - same > > problem. > > > > Then I telnettet into the cisco device to verify the 9600/N/8/1 - no > > problem. > > > > Then I tried a cisco device that I just pulled out of the box, so I was > sure > > that there was no restrictions or anything on it - same problem. > > > > After an hour of playing around with cables, adapters, settings and all, I > > happened to look at the keyboard, and I noticed that Scroll Lock was on. > The > > keyboard is connected to a keyboard/mouse/monitor switch where you get the > > menu by clicking the scroll lock. After I turned scroll lock off, > everything > > worked just fine. > > > > The reason for this e-mail is to save you guys out there time, and prevent > > you from start throwing around with the equipment because of frustration. > > Simply check the scroll lock, and you have found or ruled out one cause. > > > > Hope you found this a good little lesson to add in your trouble shooting > > book. > > > > Have a great day, > > > > Ole > > > > ~~~ > > Ole Drews Jensen > > Systems Network Manager > > CCNA, MCSE, MCP+I > > RWR Enterprises, Inc. > > [EMAIL PROTECTED] > > ~~~ > > http://www.RouterChief.com > > ~~~ > > NEED A JOB ??? > > http://www.oledrews.com/job > > ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17889&t=17860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall newsgroup [7:27471]
- Original Message - From: William To: Sent: Tuesday, November 27, 2001 4:22 PM Subject: Firewall newsgroup [7:27471] > Who know any firewall newsgroup? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27485&t=27471 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN + 1720 [7:27841]
Maby i am asking to much ;) anyway, here goes 'nothing'; Can anyone show me a sample config(or a url) for a VPN on a router 1720?( assuming it connects through a frame-relay cloud) thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27841&t=27841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN + 1720 [7:27858]
Just want to say thankx to Murphy and Steve for helping out. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27858&t=27858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
%static entry in use, cannot remove [7:31560]
Hi, can anyone tell me how i go about removing a static entry from the router ?i am using nat (#ip nat inside source static ) , however when i remove that entry i get : %static entry in use, cannot remove . that host is no longer up and i am running out of solutions, any suggestions are obviously welcome ;) thanx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31560&t=31560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: %static entry in use, cannot remove [7:31560]
Just wanted to say thank you all for your help. yes i had to clear up the nat translation table before removing it. worked wonders ;) thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31625&t=31560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cpu utilization with MRTG [7:32677]
its somewhere in there ;)) - Original Message - From: "Mohammed Saro" To: Sent: Monday, January 21, 2002 11:25 AM Subject: cpu utilization with MRTG [7:32677] > Any ideas about object ID of CPU utilization on Cisco routers for monitoring > with MRTG > > > > Mohamed Saro Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32679&t=32677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cpu utilization with MRTG [7:32677]
(what happened to the url i sent?) Target[$CFGNAME]: 1.3.6.1.4.1.9.2.1.57.0&1.3.6.1.4.1.9.2.1.58.0:$COMMUNITY@$IPADDRESS YLegend[$CFGNAME]: CPU Utilization ShortLegend[$CFGNAME]: % MaxBytes[$CFGNAME]: 100 Options[$CFGNAME]: nopercent, gauge, unknaszero Unscaled[$CFGNAME]: dwmy Legend1[$CFGNAME]: CPU Utilization Legend2[$CFGNAME]: . Legend3[$CFGNAME]: Max value per interval on graph Legend4[$CFGNAME]: . LegendI[$CFGNAME]: CPU: LegendO[$CFGNAME]: . Title[$CFGNAME]: $DEVICE PageTop[$CFGNAME]: $DEVICE Colours[$CFGNAME]: GREEN#00eb0c,BLUE#ff,GRAY#AA,VIOLET#ff00ff WithPeak[$CFGNAME]: ymw hope this helps, anyway, there4s a great site with a huge MRTG 'repository' at somix.com (trying to sneak a url past our moderator ;) ) - Original Message ----- From: "paul" To: Sent: Monday, January 21, 2002 12:03 PM Subject: Re: cpu utilization with MRTG [7:32677] > its somewhere in there ;)) > > - Original Message - > From: "Mohammed Saro" > To: > Sent: Monday, January 21, 2002 11:25 AM > Subject: cpu utilization with MRTG [7:32677] > > > > Any ideas about object ID of CPU utilization on Cisco routers for > monitoring > > with MRTG > > > > > > > > Mohamed Saro Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32685&t=32677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
another OT: Cisco´s first web site? [7:33558]
Sorry for the way OT content, but i thought there should be at least someone interested in seeing Cisco4s first site ;) http://web.archive.org/web/19961106114149/http://ieng.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33558&t=33558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: another OT: [7:33569]
my apologies, here is a better link http://web.archive.org/web/*/http://www.cisco.com - Original Message - From: Jim Dixon To: 'paul' Sent: Tuesday, January 29, 2002 2:45 PM Subject: RE: another OT: Paul, I am confused. This is IENG's site. What is Cisco4s? -Original Message----- From: paul [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 05:01 To: [EMAIL PROTECTED] Subject: another OT: Cisco4s first web site? [7:33558] Sorry for the way OT content, but i thought there should be at least someone interested in seeing Cisco4s first site ;) http://web.archive.org/web/19961106114149/http://ieng.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33569&t=33569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network degradation question
I have a question about network degradation. I will soon be installing a Cisco SM25-T1 module on a Cisco 2524 router and two T1 lines will be connected to the module. My question is: Could this cause network degradation or are there any performance issues with this? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network degradation question
I have a question about network degradation. I will soon be installing a Cisco SM25-T1 module on a Cisco 2524 router and two T1 lines will be connected to the module. My question is: Could this cause network degradation or are there any performance issues with this? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network degradation question
I have a question about network degradation. I will soon be installing a Cisco SM25-T1 module on a Cisco 2524 router and two T1 lines will be connected to the module. My question is: Could this cause network degradation or are there any performance issues with this? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Slighlty Off Topic .... IP Phone Ring Tones [7:64461]
I have converted some mp3 sounds to RAW. I copy these to the call manager, and my 7940 can select the new ring tone. However, the quality is really poor !!! I was wondering if anyone has done this, how they resolved it, and if anyone knows where I can download RAW sound files from. Kind regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64461&t=64461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Basic QOS Frame MPLS question [7:66210]
Hi, Quick question to everyone At work I have a Frame Cloud that links all our sites together in a hub and spoke manner. At some of the sites I would like to extend our IP Telephony and perhaps introduce Video Conferencing. Assume I have adequate bandwidth throughout for video and IP telephony. I would like to implement QOS. Am I correct in assuming that I can only prioritise voice/video over the frame circuit, and that if I want to implement QOS I would have to 'swap' Frame for MPLS/Layer 4 Switching ??? Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66210&t=66210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quick Pix Question. [7:70145]
Hi all ... One of my 515's has all its access-list counters set to 0, when I ping for instance, the counter for the relevant ICMP access-list does not increment ??? How do I turn it on ??? I have searched the Cisco website and my Pix book without any luck ?? Kind regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70145&t=70145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix Labs ... [7:40801]
Does anybody know of any sites similiar to R1R2.com that allow you to configure a Pix Firewall ??? Or any software similiar to Boson Router Sim that will allow you to configure a Pix ??? Or any other suggestions regarding Pix hands-on training ... Kind regards ... Paul .. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40801&t=40801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PAT, PIX 515 and VPN ..... [7:41662]
Cisco say that one gloabal IP address can be used for up to 64,000 local addresses I want to use the same method for 100 - 130 predominantly web-browsing end-users through a PIX 515. Has anyone had any experience of this .. and does anyone forsee any problems !!! this is the first time I have done this and I don't want to make any basic mistakes :) Also The PIX 515 can have a VAC installed to allow up to 2000 similtaneous VPN connections at any one time . but .. how many sessions can the PIX 515 manage on its own, without a VAC ?? Any help or suggestions will be greatly received ... Kind regards .. Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41662&t=41662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Basic PIX clarification ... [7:41779]
Are the following statements correct ??? Connections on the Pix are defined as either from lower to higher security level or higher to lower security level. Higher to Lower security connections are controlled by the access-list command. Lower to Higher security connections are controlled by nat and global commands. Any help on clearing this will help me enormously ... Many thanks in advance ... Paul .. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41779&t=41779 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN client and NAT/PAT [7:45473]
Hi I have setup a Pix 515 so that it authenticates and accepts a remote user via dial-up, allowing them full access to the corporate LAN. The only problem that I have is that the remote user cannot connect via cable modem/adsl etc the connection is initialised, the remote security gateway is contacted and the error message is "Remote peer is no longer responding" ... Has anyone ever come accross any issues similiar to this ??? Any help will be greatly welcomed ... Sometimes ... I can get connected via cable modem/adsl etc ... but cannot browse, ping or get access to any corporate site or applications ??? I can get several people simultaneously dialed-up and vpn'd onto the corporate LAN .. and I am using Cisco VPN Client 3.0.6 .. I have also tried with client 3.5 with the same results ... Kind regards .. Paul .. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45473&t=45473 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vty privilege [7:46182]
I have recently used the following ... I guess its just the same ??? username USER01 privilige level 15 password CISCO ! line vty 0 4 login local ! This provides for a local username and password without having to use a TACACS or some other authentication server which can be quite monotonous if you have a relatively large amount of routers/switches ... as I do :( - Original Message - From: "SJ Bair" To: Sent: Monday, June 10, 2002 1:02 PM Subject: RE: vty privilege [7:46182] > Try this: > > username USER01 password cisco > ! > line vty 0 4 > privilege 15 > login local > ! > > > It should work. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46232&t=46182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Privilige Password Advice ... [7:46246]
Hi ... I am just about to change all the router/switch passwords in my company (about 40) ... I have only been there several weeks and I have only worked in a very small routing/switching environment before I have had to give access to an outside company so they can monitor certain WA N links they have set-up ... I have setup privilige level 7 for these guys with a relevant line vty username and password and priv level 15 for me All the routers and switches currently have different passwords because I have very little expereince in this field .. I was wondering what the norm would be ??? and what you guys yourselves have done in situations like this or is there another way I could do this ??? Oh yes ... and I don't have any TACACS or Radius servers or the such for remote authentication . Any comments or advice will be greatly welcomed ... Thanks .. Paul .. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46246&t=46246 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Interesting traffic problem ..... [7:46761]
Hiya Jenny When I try to ping, tracert, ftp or telnet to the remote router from the main office.. I just get 'Request time out' etc. However, when I try this from the remote router to the main office ... I get connectivity !!! I am using debug isdn q931 when I try to connect from the main office to the remote router the debug does not show anything . and when I try to connect from the remote router to the main office I get what appears to be good debug then after several minutes the BRI interface brings itself down again ... I really have no idea what to do next :) Any help would be greatly appreciated ... Thanks again ... Regards .. Paul ... - Original Message - From: To: Sent: Monday, June 17, 2002 11:46 PM Subject: Re: Interesting traffic problem . [7:46761] > Einstooge makes some good points. > Also, when you say you can't initiate a connection from the main office to > the remote site, what do you really mean? > 1) Does the main office never try to connect? > 2) Does the main office try to connect but fail? > 3) Does the connection happen but drop out? > > Debug dialer could give some useful information, especially if it really > is an interesting traffic problem (in which case I would expect the > symptom to be the first above, or possibly the third). > > JMcL > > - Forwarded by Jenny Mcleod/NSO/CSDA on 18/06/2002 08:41 am - > > > "Paul" > Sent by: [EMAIL PROTECTED] > 17/06/2002 08:38 pm > Please respond to "Paul" > > > To: [EMAIL PROTECTED] > cc: > Subject:Re: Interesting traffic problem . [7:46761] > Is this part of a business decision process?: > > > Sorry .. when I said European ISDN I meant Basic Net 3 > - Original Message - > From: "Paul" > To: > Sent: Monday, June 17, 2002 9:54 AM > Subject: Interesting traffic problem . [7:46761] > > > > Hi ... I'm quite new to ISDN I have configured a 1603 for a remote > > site. > > However, I cannot initiate a connection from the main office to the > remote > > site !! the connection has to be initiated at the remote site !!! The > remote > > site uses European ISDN, there are no SPID's involved as it is point to > point > > ... I think this might be something to do with interesting traffic ? > > > > Can anyone plase offer any advice > > > > Regards .. > > > > Paul .. > Important: This e-mail is intended for the use of the addressee and may > contain information that is confidential, commercially valuable or subject > to legal or parliamentary privilege. If you are not the intended recipient > you are notified that any review, re-transmission, disclosure, use or > dissemination of this communication is strictly prohibited by several > Commonwealth Acts of Parliament. If you have received this communication in > error please notify the sender immediately and delete all copies of this > transmission together with any attachments. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46876&t=46761 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN client and NAT [7:47430]
Hi ... Im using the Cisco VPN clients 3.1 and 3.0.6. When dialing up everything works fine !!! However, when a user connects from a remote office, ie behind some NAT'ing device ... a connection is made .. but the remote office client cannot access/ping any devices on the private IP address side like the dialup client can All the clients are using Microsoft 2000 or XP ... I have tried enabling IPSec on the Win2K boxes without success ?? I am using Cisco Pix ver 6 at the main office. Do I need to configure the Pix to allow IPSec from Win2K ??? I have looked at the Cisco site heaps ... but cannot really find any solutions . Any advice would be greatly received ... Thanks Paul .. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47430&t=47430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN client and NAT [7:47430]
Cool, so the PIX will not support VPN's over PAT !!! So if I had my Main Office PIX, and a VPN Concentrator . could I succesfully connect from a remote office via a cable/adsl modem that does PAT using the Cisco VPN software client ??? If so ... and if I had say ... 30 - 40 remote offices, potentially connecting simultaneously would a VPN 3000 be overkill ??? or would I be better getting a VAC for the PIX (would the PIX VAC supplrt VPN's over PAT), or there other VPN concentrators that would do the job Regards ... Paul ... - Original Message - From: "Robertson, Douglas" To: Sent: Wednesday, June 26, 2002 6:15 PM Subject: RE: Cisco VPN client and NAT [7:47430] > In most cases the PIX does not support VPN's over PAT you need a static NAT > to establish a VPN tunnel. > Protocol 50 (Encapsulating Security Payload [ESP]) handles the > encrypted/encapsulated packets of IPSec. PAT devices > don't work with ESP since they have been programmed to work only with > Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and > Internet Control Message Protocol (ICMP). In addition, PAT devices are > unable to map multiple security parameter indexes (SPIs). An alternative is > implemented in some devices like the VPN 3000 Concentrator by encapsulating > ESP within UDP and sending it to a negotiated port. > > Doug > > -Original Message- > From: ""[EMAIL PROTECTED] [mailto:""[EMAIL PROTECTED]] > Sent: Wednesday, June 26, 2002 11:20 AM > To: [EMAIL PROTECTED] > Subject: RE: Cisco VPN client and NAT [7:47430] > > > Lidiya, > > On the pix when you configure Ipsec you configure a pool of addresses that > your Ipsec clients will use on your own network. For instance your inside > network will have the ip addressing scheme of 192.168.0.0 with a class c > subnet mask. You set the pool to give the 10.0.0.0 subnet with a class C > subnet mask. Therefore when you your clients behind your firewall try to > talk to the 10.0.0.0 network they will hit the firewall and be passed to the > translation from the pool. You cannot have any devices in the middle which > pat (IE a router which pats the ip address of your pix if your pix is > establishing the tunnel) It must be a one to one translation from one end of > the tunnel to the other. Everyone feel free to correct me if I'm wrong > which I'm sure will be the case. > > Jason > > -Original Message- > From: Alex Lee [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 26, 2002 3:20 PM > To: [EMAIL PROTECTED] > Subject: Re: Cisco VPN client and NAT [7:47430] > > So how does the Linksys or cisco 800 handles the IPSec thru PAT then ? > Thanks. > > Alex Lee > > ""Lidiya White"" wrote in message > news:[EMAIL PROTECTED]... > > PIX doesn't support IPSec transparency/IPSec over TCP. Concentrators do. > > It all depends on the device that is between your client and PIX, that > > is doing PAT. > > IPSec uses ESP protocol, that doesn't have ports, so how can you perform > > PAT (port address translation) for a protocol that doesn't understand > > port concept? > > Some routers can pass IPSec through the PAT (like Linksys, Cisco 800). > > So if the router/device that is doing PAT is IPSec aware, then you > > should be able to pass IPSec through. If not, then you have to make sure > > that one-to-one address translation happens for your VPN clients, not > > one-to-many (PAT)... > > Hope this helps... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47520&t=47430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dual Link redundancy .... [7:47854]
I have two switches that will be connected over fibre ... two connections at each end (hope you like the top Ascii art :)) | 1 |---| 1 | | A | | B | |_2 _|---|_2_ | How can I fix it so that if A1-B1 goes down A2-B2 automatically becomes active ?? Or even use both links to load balance and hence take the full load if the other falls over . Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47854&t=47854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: backing up IOS on workstation [7:18512]
Kiwi is great and free :), but these guys have one just as great and free http://solarwinds.net (Just thought i might add that) - Original Message - From: Michael L. Williams To: Sent: Wednesday, September 05, 2001 4:40 AM Subject: Re: backing up IOS on workstation [7:18512] > Funny you mention Kiwi although I don't use their TFTP software, I > do use their FREE syslog daemon.. works great. > So if you need to keep a log or output alot of debug, the Kiwi syslog daemon > is GREAT!!! > > Mike W. > > "Ednilson Rosa" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Try Kiwi's Cat Tools: > > > > http://www.kiwi-enterprises.com/ > > > > There are free versions for download. > > > > ER > > - Original Message - > > From: > > To: > > Sent: Tuesday, September 04, 2001 8:09 PM > > Subject: backing up IOS on workstation [7:18512] > > > > > > I would like to know if there is a software or method that will allow me > to > > backup the IOS to my windows ME workstation? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18573&t=18512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay - Behind The Scenes... [7:18653]
Without an IP from your ISP, all u can do is #sh cdp , nothing much, not even pinging 'outside', you4ll probably see the dlci if your ISP has already set it up (#sh fra pvc), though i had to wait for an IP to anything else. - Original Message - From: EA Louie To: Sent: Thursday, September 06, 2001 7:05 AM Subject: Re: Frame Relay - Behind The Scenes... [7:18653] > ummm...did you try a 'no shut' on ser0/0? > > - Original Message - > From: "Ole Drews Jensen" > To: > Sent: Wednesday, September 05, 2001 11:16 AM > Subject: Frame Relay - Behind The Scenes... [7:18653] > > > > I am getting a Frame Relay setup and I just got the local loop installed > and > > tested today by the local telco. > > > > I know that the Frame Relay provider hasn't started their configuration > yet, > > but shouldn't I be able to see just one little change on my router when I > > connect the CSU/DSU to the local loop box? > > > > I have done a: > > > > show interface serial 0/0 > > show interface serial 0/0.101 > > show frame-relay lmi > > show controllers serial 0/0 > > > > and everything is exactly the same before and after connecting the cable. > > > > Thanks for any comments on this. > > > > Ole > > > > ~~~ > > Ole Drews Jensen > > Systems Network Manager > > CCNA, MCSE, MCP+I > > RWR Enterprises, Inc. > > [EMAIL PROTECTED] > > ~~~ > > http://www.RouterChief.com > > ~~~ > > NEED A JOB ??? > > http://www.oledrews.com/job > > ~~~ > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=18771&t=18653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Topic of conversation [7:19891]
This is the Internet! It is available around the world to many different people with even more varied backgrounds and beliefs. We each have our own views and ideas as to the way things do or do not work! This is a discussion group with a very focused common goal which we all seem to share (otherwise we wouldn't subscribe)! If you feel you need to give your opinion about a non related subject please mark it so with OT Thanks, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19891&t=19891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
my frame-relay [7:20417]
Hello, I have a frame-relay link set up, however i haven4t specified any bandwidth restrictions (its using default settings: BW 1544 with an MTU 1500), does this affect my overall CIR on my link? And is there anyway i can measure the bandwidth on that interface? Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20417&t=20417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Strange Routing ... [7:55701]
Hi, R1 can ping/traceroute through R2 so on and so forth untill it reaches its destination at PC1. The same ping/traceroute fails when executed from R2 Why does this happen ??? The ping result can be see below from R2. WHA4006-1#ping 10.9.9.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.9.9.3, timeout is 2 seconds: ..U.U Success rate is 0 percent (0/5) We use static routes throughout ... Any thoughts or ideas ... Kind regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55701&t=55701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix can't ping permimeter router ?? [7:55729]
Hi Guys A firewall failed today, so as a hopefully short-term interim measure I have fed a second public wire to a 515 PIX. This Pix now has 2 public interfaces A & B. Interface A is connected to ISP A, and Interface B is connected to ISP B. The default gateway is set to Perimeter Router A out through interface A. My problem is that I can't ping out Interface A to Perimeter Router A. I have setup several static routes to point out through Interface B (due to global IP, and external company firewall rules) and these work. I beleive I have the necessary config in place for Interface A, such as Global NAT pair, Statics and a test ACL permitting IP any any applied to the inside and outsideA interfaces .. What is more strange is that I can ping from an external source to the outside interface of A, and mail is traversing a static entry to an internal mail server !!! I totally understand that the Pix was not designed to perform this way, but I was wondering if anyone has configured a Pix in such a way ?? or if anyone has any advice !!! apart from fix the broken firewall :) . Kind regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55729&t=55729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PC Anywhere through PIX 506 [7:55973]
I am lucky that I can tie down all our remote site Pix's, so that a PC Anywhere session will only be allowed from a main site Pix Global IP address . and remote users need to VPN in to use PC Anywhere ... Regards Paul .. - Original Message - From: "John Hutchison" To: Sent: Friday, October 25, 2002 5:25 PM Subject: Re: PC Anywhere through PIX 506 [7:55973] > You should just be able to open up tcp and udp on port 5361 and udp only on > 5362 to allow pcany traffic to go through. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56294&t=55973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Double NAT fails through PIX. [7:55425]
Hi guys ... Workstation 10.10.10.10 gets NATed to 20.20.20.20 at R1, traverses the WAN Link through R2 onto the DMZ, 20.20.20.20 then gets NATed to 30.30.30.30 by the PIX 515 and traverses onto the Private LAN. Workstation-R1---(WAN)R2- --(DMZ)-PIX--(Private LAN)--Server 10.10.10.10 -> NAT to 20.20.20.20 NAT from 20.20.20.20 to 30.30.30.3 30.30.30.30 It is required that NAT be used to mask the IP address of 30.30.30.30 upon return to the workstation 10.10.10.10. I can NAT fine over R1 and into the DMZ, this works fine. However, the 2nd NAT is not working through the PIX ! Workstation 10.10.10.10 pings 30.30.30.30 and gets a reply from 20.20.20.20 ??? I guess the reply shoulb be from 30.30.30.30 !! Are there any pitfalls to be aware of when double NATing I have NAT'de before on a PIX but not with a router. I have no idea why the second NAT on the PIX does not work ... Any input would be greatly appreciated .. Kind Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55425&t=55425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX .. Basic Inside to DMZ Question ... [7:55447]
Hi, I have the DMZ as security 50, and the Inside as security 100. I have an access-list applied to the DMZ and the Inside for permit IP any any. My problem is that I cannot Telnet to any routers/switches on the DMZ from the Inside LAN. Ping and Traceroute work !!! (ICMP permit inside/dmz any). How can I get round this ??? Am I missing something real basic here ??? I can't trash the PIX and start over as I have regular VPN, NAT and Global traffic Any input welcome .. Kind regards .. Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55447&t=55447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Intermittant PIX error ... [7:56404]
Hi guys ... Intermittantly I get the following error when trying to telnet to a Pix: Router_1#telnet 10.1.1.1 Trying 10.1.1.1 ... % Connection refused by remote host I can ping the Pix fine when this happens, this usually lasts only for several minutes (but worries me none the less) ... then all of a sudden the telnet session works I can't find much on the Cisco website Does any have any ideas, or has anyone experienced this themselves ??? Regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56404&t=56404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Intermittant PIX error ... [7:56404]
Yeah, thanks AMR ... what a great help you are !!! - Original Message - From: "AMR" To: Sent: Monday, October 28, 2002 12:02 PM Subject: Re: Intermittant PIX error ... [7:56404] > This description is vague at best. > > ""Paul"" wrote in message > news:200210281035.KAA21202@;groupstudy.com... > > Hi guys ... > > > > Intermittantly I get the following error when trying to telnet to a Pix: > > > > Router_1#telnet 10.1.1.1 > > Trying 10.1.1.1 ... > > % Connection refused by remote host > > > > I can ping the Pix fine when this happens, this usually lasts only for > > several > > minutes (but worries me none the less) ... then all of a sudden the > > telnet session works > > > > I can't find much on the Cisco website > > > > Does any have any ideas, or has anyone experienced this themselves ??? > > > > Regards > > > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56406&t=56404 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame with ISDN Backup [7:56449]
Hi All I need to know how you configure say, a 7200 Frame Relay Switch to use ISDN as backup !!! I don't know if you use some sort of HSRP variant, or Dialer Watch ??? I have absolutley no idea ... If anyone could tell me the name of the concept or the command line entry then I can read up and learn the rest .. Thanks in advance Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56449&t=56449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame with ISDN Backup [7:56449]
Thanks for all your input guy's I think I confused the issue somewhat !! What I meant was that 'the 7200 is terminating frame relay circuits and not acting as a switch' !! (Thanks MADMAN), and that if the Frame fails the ISDN would immediately kick in to provide connectivity Anways ... I've got enough info from you all to start reading up ... Thankx again ... Kind regards Paul - Original Message - From: "John Neiberger" To: Sent: Tuesday, October 29, 2002 3:50 PM Subject: Re: Frame with ISDN Backup [7:56449] > Hmm...I just noticed something about what Paul is asking. He said he > has a _frame relay switch_ that he wants to use ISDN as a backup. Paul, > are you asking how to tunnel frame relay over ISDN? I believe this can > be done but I don't recall the configuration. I remember at one time I > had a configuration that allowed a frame PVC to be tunneled over an > async port to allow one more port on my frame switch, but unfortunately > I don't recall the details. > > I believe there is also a Cisco IOS feature that has something to do > with frame relay over ISDN but I've never researched it. > > Is this what you're trying to accomplish? > > John > > >>> "Casey Fahey" 10/29/02 8:23:25 AM >>> > Sounds like you are looking for DDR (Dial-on-Demand routing): > > http://www.cisco.com/en/US/tech/tk13/tk133/tech_protocol_family_home.html > > > Let us know if you have any questions. > > -- > Casey Fahey, CCNP, MCSE > [EMAIL PROTECTED] > > > ""Paul"" wrote in message > news:200210291407.OAA32059@;groupstudy.com... > > Hi All > > > > I need to know how you configure say, a 7200 Frame Relay Switch to > use > ISDN > > as backup !!! > > > > I don't know if you use some sort of HSRP variant, or Dialer Watch > ??? > > > > I have absolutley no idea ... If anyone could tell me the name of > the > concept > > or the command line entry then I can read up and learn the rest .. > > > > Thanks in advance > > > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56462&t=56449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dual Link redundancy .... [7:47854]
Can't I use the port group 1 distribution destination on both switches ??? I tried using set trunk ... but the switch did'nt understand the command ... the switch is running Version 12.0(5.3) and it is a WS-C3524-XL. I tried running the set trunk command from global config and int config mode do I assume that this will only run on a router and not a switch ??? and if so .. do I need to use the port group 1 distribution destination on both switches ??? Thankx Paul ... - Original Message - From: "Chris Harshman" To: Sent: Monday, July 01, 2002 7:58 PM Subject: RE: Dual Link redundancy [7:47854] > Configure both links as trunks then form an ether-channel. Both links will > pass traffic but a failure of one will not affect the other. > > Cisco Example: > set trunk 1/1 dot1q on > set trunk 1/2 dot1q on > > set port channel 1/1-2 on Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47929&t=47854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Specify DNS on a Router ... [7:48009]
Hi all ... Quick easy question to you all ... can and how do you specify what DNS server to use on a router ??? Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48009&t=48009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specify DNS on a Router ... [7:48009]
Doh Cheers Tim ... The underlying problem that I have is that within my LAN at work .. I can ping externally using DNS and IP fine .. However, If I try to traceroute it does not work !!! All I get is the timeout asterisks but I can successfully traceroute from workstations, servers and even Novell boxes Do anyone have any ideas ??? Regards .. Paul .. - Original Message - From: "Bob Timmons" To: Sent: Wednesday, July 03, 2002 4:22 PM Subject: Re: Specify DNS on a Router ... [7:48009] > ip name-server x.x.x.x > > > Hi all ... > > > > Quick easy question to you all ... can and how do you specify what DNS > > server to use on a router ??? > > > > Regards > > > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48017&t=48009 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specify DNS on a Router ... [7:48009]
Wow ... spot on ... I also found out that the traceroute also fails from Unix boxes too !!! sounds like your theory is spot on We have 3 exit points .. 2 Pix Firewalls and a Novell BorderManager ... Tomorrow I will explicitly allow all traffic in and out from a Unix box and a Router through a Pix to test your theory !!! but it sounds good to me ... I know that ICMP is allowed ... and from what I can remember I think UDP may be getting filtered Nice one Daniel Regards Paul ... - Original Message - From: "Daniel Cotts" To: "'Paul'" ; Sent: Wednesday, July 03, 2002 8:42 PM Subject: RE: Specify DNS on a Router ... [7:48009] > If the issue is true for all routers and switches then extended trace isn't > the solution. I believe that Microsoft implements tracert differently from > the standard which Cisco uses. Next guess is that you have a firewall that > is blocking the traffic. Here's some snips from old GroupStudy posts: > > "Unix and Cisco send UDP packets, but > Microsoft actually sends 3 ICMP echo requests. Using traceroute on > different platforms may yield different results. Especially when you have > firewall rulesets involved." > > "Here's a description of how it works in Unix. > > Traceroute sends out a UDP packet addressed to the target machine, port > 33434, with a "TTL" field set to 1. The first hop accepts the packet, > decrements the "TTL" field (as required by the IP spec), and sees that > the resulting TTL is 0. It then sends an ICMP Time Exceeded message to > the original host. > > This is repeated twice, and the host records the elapsed time between > sending the packet and receiving the "Time Exceeded" packet. It reports > this for each of the three packets. > > Then, the host increments the port number (33434 + 1 = 33435) and the > TTL field (1 + 1 = 2), and sends another packet to the same target > machine. This time, the packet will get to the second hop before the > TTL field becomes a 0. So now the second hop will send ICMP Time > Exceeded messages to the host. > > This is repeated over and over until an ICMP Port Unreachable message is > received. This is how the host knows it's reached the destination. > This is also why it uses UDP port 33434 and up, because it's pretty safe > to assume that no service will be running on any of those ports." > > > > > -Original Message- > > From: Paul [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 03, 2002 2:00 PM > > To: Daniel Cotts > > Subject: Re: Specify DNS on a Router ... [7:48009] > > > > > > Cheers Daniel ... > > > > I was using 'traceroute aaa.bbb.ccc.ddd' > > > > Does traceroute perform differently to trace > > > > I am experiencing this problem from all routers and switches > > !!! but all > > workstations and servers perform a tracert without any problems !!! > > > > I will try the extended trace tomorrow in work ... > > > > Thanks again ... > > > > Paul ... > > - Original Message - > > From: "Daniel Cotts" > > To: > > Sent: Wednesday, July 03, 2002 6:11 PM > > Subject: RE: Specify DNS on a Router ... [7:48009] > > > > > > > I'm assuming that your trace problem is from your router. > > > Standard trace would be: > > > router#trace aaa.bbb.ccc.ddd > > > > > > Just in case it's choking on your external ip address -- > > > Try an extended trace: > > > > > > router#trace > > > Protocol [ip]: > > > Target IP address: aaa.bbb.ccc.ddd > > > Source address: xxx.yyy.zzz.111 (one of your internal interfaces) > > > Numeric display [n]: > > > Timeout in seconds [3]: > > > Probe count [3]: > > > Minimum Time to Live [1]: > > > Maximum Time to Live [30]: > > > Port Number [33434]: > > > Loose, Strict, Record, Timestamp, Verbose[none]: > > > Type escape sequence to abort. > > > Tracing the route to aaa.bbb.ccc.ddd > > > > > > > -Original Message- > > > > From: Paul [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, July 03, 2002 10:46 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: Specify DNS on a Router ... [7:48009] > > > > > > > > > > > > Doh Cheers Tim ... > > > > > > > > The underlying problem that I have is that within my LAN > > > > at work .. I > > > > can ping externally using
Quick question .... [7:48196]
I should know this but ... I have two bin files in flash ... I want to set my live router not to boot from ' c3640-is-mz.122-6a.bin ' but to boot from 'c3640-is-mz.122-10a.bin' .. Do I change the confreg in some way ??? or is there some other to way to choose a default boot image ??? It is currently booting from image 'c3640-is-mz.122-6a.bin ' . Regards .. Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48196&t=48196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Cisco Cable [7:48170]
Stab in the dark ... but is it a Pix failover cable ??? - Original Message - From: "Thomas Muller" To: Sent: Friday, July 05, 2002 3:15 PM Subject: Strange Cisco Cable [7:48170] > Hi, > > I've got a strange Cisco cable that I'm hoping someone can help me identify. > > It's an original moulded Cisco cable. DB15 Female both sides. About 2m. > > It's got the following markings : 72-1213-01 LDM27/00 REV. A0 > Also the one side is marked Primary and the other Secondary. > > Anyone have any ideas ? > > Thanks - Thomas > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48197&t=48170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quick question .... [7:48196]
Cheers Steve ... - Original Message - From: "Steven A. Ridder" To: Sent: Friday, July 05, 2002 6:03 PM Subject: Re: Quick question [7:48196] > It's in config mode: > > boot system (image name) > > > ""Paul"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I should know this but ... I have two bin files in flash ... I want to set > my > > live router not to boot from ' c3640-is-mz.122-6a.bin ' but to boot > > from 'c3640-is-mz.122-10a.bin' .. Do I change the confreg in some > way > > ??? or is there some other to way to choose a default boot image ??? > > > > It is currently booting from image 'c3640-is-mz.122-6a.bin ' . > > > > Regards .. > > > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48203&t=48196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix timeout settings ... [7:48786]
Hi all Is it possible to set a timeout on a Pix so that if for instance, say an FTP session was left unattended for X minutes ... the Pix will close this session ?? I know you can set Uauth Timeouts so that a user has to logon with their credentials after a set amount of inactivity, but in this situation the logon criteria is not relevant ... Kind regards ... Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48786&t=48786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco VPN client and dial-up [7:49036]
Hi guy's ... If I dial-up to an ISP .. get a connection .. then activate the Cisco VPN client 3.1 .. I get a secure VPN connection ... However, if I set the VPN client to dial the ISP automatically then create a secure VPN connection .. I fail to get connected nad get a connection to ISP error !!! I am waiting for a newer Cisco VPN client Has anyone experienced this connectivity issue Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49036&t=49036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN call hanging up ??? [7:49548]
Hi all I can't connect to another router over ISDN using BRI1 ... the following is from a 'debug isdn events' I don't understand the 'Call was hung up' part ??? Hopefully this means that my end is Ok .. and the other end has an issue that needs to be resolved ... Can anyone please enlighten me :) Kind regards Paul ... C4500-1#ping 10.209.31.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.209.31.1, timeout is 2 seconds: ISDN BR0: Outgoing call id = 0x8FD2 ISDN BR1: Event: Call to 0123456789 at 64 Kb/s ISDN BR1: received HOST_INFORMATION. ISDN Event: B channel assigned by switch ISDN BR1: received HOST_DISCONNECT ISDN BR1: Event: Call to 0123456789 was hung up.. ISDN BR0: Outgoing call id = 0x8FD3 ISDN BR1: Event: Call to 0123456789 at 64 Kb/s ISDN BR1: received HOST_INFORMATION. ISDN Event: B channel assigned by switch ISDN BR1: received HOST_DISCONNECT ISDN BR1: Event: Call to 0123456789 was hung up.. ISDN BR0: Outgoing call id = 0x8FD4 ISDN BR1: Event: Call to 0123456789 at 64 Kb/s ISDN BR1: received HOST_INFORMATION. Success rate is 0 percent (0/5) C4500-1# ISDN Event: B channel assigned by switch ISDN BR1: received HOST_DISCONNECT ISDN BR1: Event: Call to 0123456789 was hung up. C4500-1# C4500-1# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49548&t=49548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN call hanging up ??? [7:49548]
Cheers Scott I forgot to mention that the ISDN connection is a point to point connection from our Main Office (MO) to a Branch Office (BO) So no SPID issues here . I have a dialer-map at the MO and assume that the BO too, has a dialer-map I have configured another similiar ISDN point to point between the MO and another BO with success. However, this situation is really confusing me . I will reload the router as you suggest tomorrow night .. and hope that makes a difference .. If not .. I guess it's back to the old drawing board :) Thankx again .. Regards Paul ... - Original Message - From: "CCIE #9340" To: Sent: Wednesday, July 24, 2002 7:41 PM Subject: Re: ISDN call hanging up ??? [7:49548] > Possibly a SPID issue. Do a "show isdn status" and see if the spids are > valid. Assuming you replaced the number listed in the debug. You may also > want to try "debug isdn q921"--it will most likely give you a more definite > direction to go in. > > These isdn issues are sometimes tricky. I have seen cards not work that are > fixed with a simple reload of the router. > > HTH, > Scott > > ""Paul"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all > > > > I can't connect to another router over ISDN using BRI1 ... the > following > > is from a 'debug isdn events' I don't understand the 'Call was hung up' > part > > ??? Hopefully this means that my end is Ok .. and the other end has an > issue > > that needs to be resolved ... > > > > Can anyone please enlighten me :) > > > > Kind regards > > > > Paul ... > > > > C4500-1#ping 10.209.31.1 > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 10.209.31.1, timeout is 2 seconds: > > > > ISDN BR0: Outgoing call id = 0x8FD2 > > ISDN BR1: Event: Call to 0123456789 at 64 Kb/s > > ISDN BR1: received HOST_INFORMATION. > > ISDN Event: B channel assigned by switch > > ISDN BR1: received HOST_DISCONNECT > > ISDN BR1: Event: Call to 0123456789 was hung up.. > > ISDN BR0: Outgoing call id = 0x8FD3 > > ISDN BR1: Event: Call to 0123456789 at 64 Kb/s > > ISDN BR1: received HOST_INFORMATION. > > ISDN Event: B channel assigned by switch > > ISDN BR1: received HOST_DISCONNECT > > ISDN BR1: Event: Call to 0123456789 was hung up.. > > ISDN BR0: Outgoing call id = 0x8FD4 > > ISDN BR1: Event: Call to 0123456789 at 64 Kb/s > > ISDN BR1: received HOST_INFORMATION. > > Success rate is 0 percent (0/5) > > C4500-1# > > ISDN Event: B channel assigned by switch > > ISDN BR1: received HOST_DISCONNECT > > ISDN BR1: Event: Call to 0123456789 was hung up. > > C4500-1# > > C4500-1# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49577&t=49548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
static routing [7:51599]
Hi guys, I have recently inherited a 30+ strong network that only uses static routing!!! Some of the equipment includes 2900s 3500s 3600s 4000s amongst others. I would very much like to move towards dynamic routing!!! What would you guys suggest? I also believe that the next IOS for the 4006s does not support EIGRP ! (If i am correct!) I am not sure if I should use RIP IGRP etc. Have any of you guys experienced this before and what would you suggest? Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51599&t=51599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: static routing [7:51599]
Yeah, thankx ... I want to move to dynamic routing ... I was just wondering what your experiences were ... and if there were any pitfalls I should avoid and if you guy's think that RIPv2 will do the job fine Im not particularly experienced ... hence my caution !!! Cheers ... Paul ... - Original Message - From: "Chuck's Long Road" To: Sent: Sunday, August 18, 2002 10:10 PM Subject: Re: static routing [7:51599] > other than the fact that dynamic routing is kewl, why do you think you need > it? > > I doubt that Cisco is going to drop EIGRP any time soon. My understanding is > that Cisco is not supporting IS-IS on any of the lower end switches, but > that's a different story. > > > ""Paul"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi guys, > > > > I have recently inherited a 30+ strong network that only uses static > > routing!!! Some of the equipment includes 2900s 3500s 3600s 4000s amongst > > others. I would very much like to move towards dynamic routing!!! What > would > > you guys suggest? I also believe that the next IOS for the 4006s does not > > support EIGRP ! (If i am correct!) > > > > I am not sure if I should use RIP IGRP etc. Have any of you guys > experienced > > this before and what would you suggest? > > > > Kind regards > > > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51601&t=51599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PSTN Router to Router ... [7:52132]
Hello all ... I need to provide a tertiary backup for a remote site !!! I was thinking of using PSTN Can this be done ??? I guess I would have to buy FXO cards for both routers ... or can you utilise the AUX ports ??? Any comments will be greatly received .. Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52132&t=52132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PAT on PIX using ouside interface [7:52258]
How do you do that I thought that if say, you had 10.1.1.1 as the IP for your outside interface. Then you could not use 10.1.1.1 as the PAT'ed address !!! I tried this two months ago and it failed (Ver 6.2) !!! So I had to use a different IP address as the PAT'ed address ie. 10.1.1.2 ... Therefore I ended up having to use two Public IP addresses ... one for the interface and the other for the global NAT/PAT ... Please tell me if Im incorrect !!! Regards Paul ... - Original Message - From: "nrf" To: Sent: Thursday, August 29, 2002 2:59 AM Subject: Re: PAT on PIX using ouside interface [7:52258] > Yes > > ""mindiani mindiani"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Can I use the outside interface IP address to do PAT on the PIX Firewall > > ?. > > > > > > > > Send and receive Hotmail on your mobile device: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52313&t=52258 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1601 R AUI & Ethernet ports ... [7:52820]
Hi Quick question to you all I have a 1601, with 1 serial interface, 1 ethernet interface, 1 console port, 1 AUI interface. I also have a transceiver. Is there anyway that I can create a secone 'ethernet interface' by utilising either the AUI or the console port I have looked on the cisco website and also books that I have ... But I cannot find any documentation anywhere If I can't use the AUI port as another ethernet port .. then what is the purpose of this interface Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52820&t=52820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX to PIX ISAKMP Policy ... [7:53082]
Hi .. I have setup site to site from a 506 to a 515 this all works fine ... I now want to set up another site site from a 501 to the same 515 ... When doing so ... can I use the same ISAKMP policy that I already created on the 515 PIX ??? If so ... do I just add another 'ISAKMP key address' line ??? I guess that I would have to create another 'crypto ipsec transform-set' !! Has anyone done anything similiar to this Regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53082&t=53082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2924 reboots when I plug in a console cable [7:53135]
Yeah .. same thing happened to me .. about a year ago in my previous job ... I had Win 2000 too. I plugged the console cable in .. then as i was talking to a colleague i realised that that the 2924 had rebooted I only ever accesssed the 2924 once more with a console cable, after the second time of rebooting I left well alone I was just breaking into the networking arena ... so I thought I must have done something wrong :) - Original Message - From: "Jason Owens" To: Sent: Wednesday, September 11, 2002 8:50 PM Subject: 2924 reboots when I plug in a console cable [7:53135] > When I plug in a console cable to some of my 2924's they reboot (My coworker > is convinced that it is Win2000 sending out a probe because of > plug-and-play). I have only seen this on the 2924 and it doesn't happen on > all of the ones I have. Has this happened to anyone else? I have been unable > to find anything about this on the Cisco web site. > > Here is a sh ver from one of the switches this has happened on: > > Cisco Internetwork Operating System Software > IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE > SOFTWARE (fc1) > Copyright (c) 1986-2000 by cisco Systems, Inc. > Compiled Mon 03-Apr-00 16:37 by swati > Image text-base: 0x3000, data-base: 0x00301398 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53136&t=53135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX to PIX ISAKMP Policy ... [7:53082]
How do I apply two different crypto maps to the same interface ??? I have two crypto maps ... bmw and ferarri . However, if I apply the bmw crypto map to the oustside interface this removes the ferarri crypto map from the outside interface .. and vice versa ... Regards Paul ... - Original Message - From: "Mark W. Odette II" To: Sent: Thursday, September 12, 2002 6:52 AM Subject: RE: PIX to PIX ISAKMP Policy ... [7:53082] > Heed the warning... That little tip came a little too late for me a > while back and it bit me in the butt hard. I had to wait until the next > morning to get someone at the remote location to give the PIX the ol' > 'boot. > > -Mark > > -Original Message- > From: David Armstrong [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 11, 2002 8:55 AM > To: [EMAIL PROTECTED] > Subject: Re: PIX to PIX ISAKMP Policy ... [7:53082] > > Paul, > > You can have the same isakmp policy and the same crypto ipsec > transform-set > for all of your ipsec vpn's but will need to define a new crypto map and > access-list. Remember to run isakmp disable outside BEFORE making > configuration changes to your interface or you could lock up the PIX. > > David Armstrong > > ""Paul"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi .. > > > > I have setup site to site from a 506 to a 515 this all works > fine > ... > > I now want to set up another site site from a 501 to the same 515 ... > > > > When doing so ... can I use the same ISAKMP policy that I already > created > on > > the 515 PIX ??? > > If so ... do I just add another 'ISAKMP key **** address' line ??? > > > > I guess that I would have to create another 'crypto ipsec > transform-set' > !! > > > > Has anyone done anything similiar to this > > > > Regards > > > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53190&t=53082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: 2924 reboots when I plug in a console cable [7:53135]
Yeah ... I was using a Dell CPx or CPt when this happenned to me ... - Original Message - From: To: Sent: Thursday, September 12, 2002 9:14 PM Subject: Re: RE: 2924 reboots when I plug in a console cable [7:53135] > Are you using a DELL laptop. There is know problem with the Dell's and some > Cisco devices. Check CCO for more details. > > > > From: "Haakon Claassen (hclaasse)" > > Date: 2002/09/11 Wed PM 04:14:33 EDT > > To: [EMAIL PROTECTED] > > Subject: RE: 2924 reboots when I plug in a console cable [7:53135] > > > > Never had it > > > > Configured over a hundred of these devices the field > > Using w2k and XP with Hyperterm or terraterm > > > > regs > > > > > > Haakon Claassen > > EMEA - IT Transport Services -WAN > > > > Cisco Systems > > De Kleetlaan 6b - Pegasus Park > > B-1831 Diegem (Belgium) > > > > > > > > -Original Message- > > From: Jason Owens [mailto:[EMAIL PROTECTED]] > > Sent: woensdag 11 september 2002 21:51 > > To: [EMAIL PROTECTED] > > Subject: 2924 reboots when I plug in a console cable [7:53135] > > > > When I plug in a console cable to some of my 2924's they reboot (My > > coworker > > is convinced that it is Win2000 sending out a probe because of > > plug-and-play). I have only seen this on the 2924 and it doesn't happen > > on > > all of the ones I have. Has this happened to anyone else? I have been > > unable > > to find anything about this on the Cisco web site. > > > > Here is a sh ver from one of the switches this has happened on: > > > > Cisco Internetwork Operating System Software > > IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE > > SOFTWARE (fc1) > > Copyright (c) 1986-2000 by cisco Systems, Inc. > > Compiled Mon 03-Apr-00 16:37 by swati > > Image text-base: 0x3000, data-base: 0x00301398 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53250&t=53135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX .. Basic Inside to DMZ Question ... [7:55447]
Thanks for your input guy's ... I found a Switch in the DMZ that had an IP default-gateway, pointing to a Novell box with an interface on both the Inside and DMZ LAN's ... As soon as I changed the IP def-gateway I could telnet around the DMZ switches and routers .. Regards Paul ... - Original Message ----- From: "Paul" To: Sent: Saturday, October 12, 2002 1:14 PM Subject: PIX .. Basic Inside to DMZ Question ... [7:55447] > Hi, > > I have the DMZ as security 50, and the Inside as security 100. I have an > access-list applied to the DMZ and the Inside for permit IP any any. > > My problem is that I cannot Telnet to any routers/switches on the DMZ from > the > Inside LAN. Ping and Traceroute work !!! (ICMP permit inside/dmz any). > > How can I get round this ??? Am I missing something real basic here ??? > I can't trash the PIX and start over as I have regular VPN, NAT and Global > traffic > > Any input welcome .. > > Kind regards .. > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55449&t=55447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SPAN problem [7:72507]
Hi all, Quick question, I have enabled SPAN to mirror from one port to another. However, when doing so the transmitting port appears detached form the network. i.e.. I cannot ping from the PC attached to that port and nothing on the network can ping it too. When I remove the port from the session I get connectivity again. Could anyone give me any ideas on why this is occurring please. I used the 'monitor session' command and left it blank at the end implying 'both' rather than explicitly specifying 'TX or 'RX. None of the ports are involved in trunking, they are in the same VLAN and they are on the same physical switch, and even on the same blade (4006). Any help would be greatly appreciated. Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72507&t=72507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Slow Browsing via 500 Pix firewall [7:74583]
Hi, I have had similar problems in the past when one person was downloading several Linux ISO's from there PC all at once !!! They had come in early to do so. After doing a clear xlate the problem was resolved and everyone could browse at the normal speed. The person started their ISO donwloads again but at a slower speed and one at a time. If you know of a user similiar to this you can clear only their xlate and leave everyone elses alone. Hope this helps. Regards Paul ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jurkouich, Brett, CNTR, DCAA Sent: 02 September 2003 19:20 To: [EMAIL PROTECTED] Subject: RE: Slow Browsing via 500 Pix firewall [7:74583] Try turning off the port 80 inspecting with the "no fixup protocol http 80" command -Original Message- From: Faisal [mailto:[EMAIL PROTECTED] Sent: Monday, September 01, 2003 1:38 AM To: [EMAIL PROTECTED] Subject: Slow Browsing via 500 Pix firewall [7:74583] Hi All, I am having problem of slow or interminnent browsing through pix firewall. If I bypass the traffic speeds are fine. But if all that traffic is going via firewall then it becomes extremely slow. Please anybody can help me how to sort this out. Regards Faisal **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74688&t=74583 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
remove pwynn@logical.com from list
Please remove [EMAIL PROTECTED] from mailing list Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Tunneling - Typical requirement
If I understand your requirements correctly, what you need to do is configure and IPSEC tunnel between your network and the customer network. Many companies that are doing business via the internet use IPSEC to create secure encrypted access into their intranets or extranets. If you not concerned about security of clear text traffic between your companie and your partners then just simply open up your router/firewall to permit this connection. --- A Mateen <[EMAIL PROTECTED]> wrote: > Hi ! > > I have a typical requirement as follows > 1. I have a public network > 2. One of the customers is having the public IP from > other service provider. > 3. my requirement is that I want to route the IP > packets of the other ISP network via my routing > policies and my IP network. > 4. I was planning to put a tunnel ip over ip and > convert the other ISP IPs into my registered public > IPs at interface with both the routers. > 5. I am looking for such configuration > > Pls guide me to do so > > _ > Chat with your friends as soon as they come online. > Get Rediff Bol at > http://bol.rediff.com > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Possible BCMSN Errata??
Hello All. While working on examples of converting Multicast IP addresses to Multicast MAC addresses in the Cisco book I came across one that doesn't seem to be correct. I ask for opinions on the following to possibly save my sanity on this one. Thanks The IP address in the book is 224.0.9.45 It is shown as 1110 1010 0101 0010 1101 Seems to me that this IP should read 224.0.165.45 and this would work out to the Multicast MAC being 01-00-5e-00-a5-2d and not the 01-00-5e-00-09-2d given in the book. Did I just lose my mind on this one?? I have not found errata on Cisco Press site that corrects this. Thanks for any input Paul _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Possible BCMSN Errata??
Okay. now I see you have the same answer I came up with. So I guess I can assume the boot IS wrong. Thanks again..Paul "Ole Drews Jensen" <[EMAIL PROTECTED]> wrote in message 2019FB428FD3D311893700508B71EBFB54AEB7@RWR_MAIL_SVR">news:2019FB428FD3D311893700508B71EBFB54AEB7@RWR_MAIL_SVR... > You can probably find a lot of good sites about Multicast if you start > searching for them on the web. > > I thought the Multicast IP to MAC address in the BCMSN book by Karen Webb > was a little confusing, but after I read the LAN switching book by Clark and > Hamilton, I understood exactly what to do. > > If you picture an IP address as octet1.octet2.octet3.octet4, the way to > convert it to a MAC address is: > > 1) Take (octet2, octet3 and octet4) > 2) AND octet2 with 127 (or subtract 128 if octet2 >= 128) > 3) Convert each octet to hexadecimal values > 4) MAC = 01.00.5E.new-octet2.new-octet3.new-octet4 > > Let's take your example 224.0.165.45 > > 1) 0.165.45 > 2) 0.165.45 > 3) 00.A5.2D > 4) MAC = 01.00.5E.00.A5.2D > > As you can see on this method, 224 uses the 3 first bits in octet1 to > specify it self as a Multicast IP address, which leaves 5 bit left for > addresses. These 5 bits plus the 1 bit of octet2 that is cleared gives you 6 > bits or 32 different IP addresses that will end up with the same MAC > address. > > Let's take IP address 225.128.165.45 and do the same 4 steps: > > 1) 128.165.45 > 2) 0.165.45 > 3) 00.A5.2D > 4) MAC = 01.00.5E.00.A5.2D > > This means that you have to think about this before you assign your > Multicast IP addresses to networks where you have more than one group, > because you could end up with two different groups pointing to the same > physical address. > > Hth, > > Ole > > > > > Ole Drews Jensen > Systems Network Manager > CCNA, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > http://www.CiscoKing.com > > NEED A JOB ??? > http://www.oledrews.com/job > > > -Original Message- > From: jim klane [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 06, 2001 2:04 PM > To: [EMAIL PROTECTED] > Subject: RE: Possible BCMSN Errata?? > > > > do you have a link on thie multicast stuff? > > > > let me know > > > > jim > > > > >From: Ole Drews Jensen > >Reply-To: Ole Drews Jensen > >To: "'Paul Mandella'" , [EMAIL PROTECTED] > >Subject: RE: Possible BCMSN Errata?? > >Date: Tue, 6 Feb 2001 13:20:31 -0600 > > > >I do not have the book in front of me, but yes, the given binary IP address > > >is 224.0.165.45 and the MultiCast MAC will be 01-00-5E-00-09-2D. > > > >Ole > > > >~~~~ > > Ole Drews Jensen > > Systems Network Manager > > CCNA, MCSE, MCP+I > > RWR Enterprises, Inc. > > [EMAIL PROTECTED] > > http://www.CiscoKing.com > > > > NEED A JOB ??? > > http://www.oledrews.com/job > > > > > > > > > >-Original Message- > >From: Paul Mandella [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, February 06, 2001 12:48 PM > >To: [EMAIL PROTECTED] > >Subject: Possible BCMSN Errata?? > > > > > >Hello All. While working on examples of converting Multicast IP addresses > to > >Multicast MAC addresses in the Cisco book I came across one that doesn't > >seem to be correct. I ask for opinions on the following to possibly save my > > >sanity on this one. Thanks > > > >The IP address in the book is 224.0.9.45 > >It is shown as 1110 1010 0101 0010 1101 > > > >Seems to me that this IP should read 224.0.165.45 and this would work out > to > >the Multicast MAC being 01-00-5e-00-a5-2d and not the 01-00-5e-00-09-2d > >given in the book. > > > >Did I just lose my mind on this one?? I have not found errata on Cisco > Press > >site that corrects this. Thanks for any input > > > >Paul > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > >_ > >FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: Sniffer Program
>Can someone recommend a good WindowsME sniffer? Well, I am not sure if it works on Windows ME boxes, but there is a protocol analyzer that will work on most other Winthings (95,98, NT4, etc.) It is fairly decent given the cost(free). My understanding is that it comes from a Win32 ported version of TCPdump. There is only one downside that I am aware of. All of the help files are in Italian. If you can figure out how to get it all loaded, its fairly decent. I am trying to work on the documentation side of things by trying to get a deal struck between my wife and the guy that wrote the code for the program as part of his doctoral thesis. He is in no hurry to get everything translated into English. OTOH, if I give the right type of gratuity to my wife :-), she might be willing to do it herself (I hope). We'll see how (and if) it works out. Here it is: http://netgroup-serv.polito.it/windump/ http://netgroup-serv.polito.it/analyzer/ HTH, Paul Werner Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: telnet access to pix
Frank, Telnet access is only allowed from the inside interface UNLESS you have IPSEC (Encryption standard for VPN's) configured and then you would do this telnet 192.168.1.1 255.255.255.0 outside Paul --- Frank Kim <[EMAIL PROTECTED]> wrote: > Hey guys, > I got eth0= security0 and eth1=security100. I'm > able to telnet from the > inside network. Is there any way for me to telnet > from the outside? Pix > has disabled this by default. > > -Frank > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: In the market to buy routers
Check out www.kg2.com I have ordered lab routers from there, all went very well.. Have fun.Paul ""Billy Bob"" <[EMAIL PROTECTED]> wrote in message 969aeu$um5$[EMAIL PROTECTED]">news:969aeu$um5$[EMAIL PROTECTED]... > Hello, > If anyone out there has spare equipment or looking to unload their lab, I am > looking to setup my home lab in the near future. I am in the market for > 25xx or 26xx routers and 19xx or 29xx switch. > > Thanks, > BB > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how many ccnp's worldwide
Does anyone know or have a link to how many CCNP's there are worldwide?? I am kinda curious about this?? Thank you. :) _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP's worldwide
Anyone know how many CCNP's there are worldwide or in the U.S Thank you :) _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DDR and RRAS
A couple of things stuck out in your config that may be possible culprits. Here goes: 1. I noticed that you did not have a line for your modem in line configuration mode. For example, if you were using a USR sportster, it might look like the following(watch wrap): Router(config)#line 1 Router(config-line)#modem autoconfigure type usr_sportster 2. You may want to get somewhat bold and creative on the use of a hostname. It's a thought :-). Besides, it may be used for authentication purposes, and a name of "router" is a huge security hole IMHO. 3. You do not appear to be using any form of authentication. I'll kind of bet a quick Guiness that your Winthing is definitely using authentication. To make it easy, set up a dialin account on RRAS (don't forget to give it dial in priviledges) and set the authentication method to "any method including clear text", a.k.a PAP. Set the PAP parameters on the router using the following strings: router(config)#int s0 router(config-if)#ppp auth pap router(config-if)#ppp pap sent-username bob password cisco Don't forget to have an accounton the NT server with a username of Bob and a password of Cisco with all of the necessay privileges. 4. Not that it will affect the price of tea in China, but you may want to change your bandwidth statement to reflect actual bandwidth, instead of a T-1. 5. You might want to add the key word "permanent" on the end of your static route pointing to S0. 6. I would set some form of security on that line 1 you have in the event that somebody calls your modem to connect to you. 7. I kind of noticed that you were doing 4 digit dialing. Unless this call routing is via some form of Centrex service or a local PBX, I'm guessing the minimum you will need is 7 (possibly ten) digit dialing to complete the call. A way to test this is to place a phone on the line where your modem is connected. Call the other modem using a 4 digit call. Listen for modem squalk on the other end. If no squalking is heard, see how many digits are required to dial. That is what you will need in your mapping statement. That should do it for now. In terms of running debugs, you may want to take a peek at some of these: debug confmodem (while modem is being reset) debug chat (if you insist upon using your own chat script) debug modem (to verify proper modem dialing operations) debug dialer (to see DDR working properly) debug ppp neg (assumes you get a connected call- verfies proper operation of PPP and authentication) See if some/most/all of this might help and let us know the results of your testing. HTH, Paul Werner > I am trying to set up a C1600 to connect to a remote site running a > Routing > and Ras software (MS NT4 server) > The RRAS is set up to allow to remote host to request an IP address. > Please help me to understand where I am wrong. > The modem disconts as you can see after he succesfully execute the > dial-up > chat-string > > > The debug shows me > > 02-13-200116:47:30Local7.Debug 172.24.1.5 1572: > 03:16:59: CHAT1: Dialing using Modem script: dial & System script: none > 02-13-200116:47:30Local7.Debug 172.24.1.5 1573: > 03:16:59: CHAT1: process started > 02-13-200116:47:30Local7.Debug 172.24.1.5 1574: > 03:16:59: CHAT1: Asserting DTR > 02-13-200116:47:30Local7.Debug 172.24.1.5 1575: > 03:16:59: CHAT1: Chat script dial started > 02-13-200116:47:30Local7.Debug 172.24.1.5 1576: > 03:16:59: CHAT1: Sending string: atdp2124 > 02-13-200116:47:30Local7.Debug 172.24.1.5 1577: > 03:16:59: CHAT1: Expecting string: CONNECT > 02-13-200116:47:50Local7.Debug 172.24.1.5 1578: > 03:17:20: CHAT1: Completed match for expect: CONNECT > 02-13-200116:47:50Local7.Debug 172.24.1.5 1579: > 03:17:20: CHAT1: Sending string: \c > 02-13-200116:47:50Local7.Debug 172.24.1.5 1580: > 03:17:20: CHAT1: Chat script dial finished, status = Success > 02-13-200116:47:52Local7.Error 172.24.1.5 1581: > %LINK-3-UPDOWN: Interface Serial0, changed state to up > 02-13-200116:47:53Local7.Debug 172.24.1.5 1582: > 03:17:22: TTY1: Async Int reset: Dropping DTR > 02-13-200116:47:53Local7.Debug 172.24.1.5 1583: > 03:17:23: TTY1: DSR was dropped > 02-13-200116:47:53Local7.Debug 172.24.1.5 1584: > 03:17:23: tty1: Modem: READY->HANGUP > 02-13-200116:47:54Local7.Debug 172.24.1.5 1585: > 03:17:24: TTY1: dropping DTR, hanging up > 02-13-200116:47:54Local7.Debug 172.24.1.5 1
Re: Re: A few quick Remote Access questions
I wanted to send a reply to this post, but I am glad I was delayed. Howard's post was so much more relevant in terms of depth and historical understanding. There was one particular area I did want to comment on. Modem configuration tends to give a little bit of confusion, namely the concept of autoconfigure. Let me try to simplify it as follows. Let's say you had a single modem hung off your router. You are a competent person and you can read the data plate on the modem. It says, "USR Sportster V.90". This is a job for the following command: router(config)#line 1 router(config-line)#modem autoconfigure type usr_sportster router(config)#end router# **Note- other commands will be needed, just focusing on this one area/issue. What this will do is set up the attached modem to be configured each time the line is reset to the defaults for a USR Sportster. These values can be obtained using the "show modemcap usr_sporster" command. As an example, here are some of the settings: werner-gateway#sh modemcap usr_sportster Modemcap values for usr_sportster Factory Defaults (FD): &F Autoanswer (AA): S0=1 Carrier detect (CD): &C1 Drop with DTR (DTR): &D2 Hardware Flowcontrol (HFL): &H1&R2 Lock DTE speed (SPD): &B1 DTE locking speed (DTE): [not set] Best Error Control (BER): &M4 Best Compression (BCP): &K1 No Error Control (NER): &M0 No Compression (NCP): &K0 No Echo (NEC): E0 No Result Codes (NRS): Q1 Software Flowcontrol (SFL): [not set] Caller ID (CID): [not set] On-hook (ONH): H0 Off-hook (OFH): H1 Miscellaneous (MSC): [not set] Template entry (TPL): usr_courier Modem entry is built-in. If you want to modify these default settings, you will need to build a custom modemcap entry of your own and template off one of the established entries. For example, if I liked the entry above, but wanted to change to another value(let's say for compression), I could make a new entry called, "my_sportster" and just change the compression value and template the rest from the sporster entry shown above. This is drastically contrasted with the "modem autoconfigure discovery" command. First, let me explain how it works. Once the modem gets reset, it goes through a series of language classes. The router starts talking French to the modem and says, "Parlez vous Francais?" If it gets no reply, it tries this, "Habla Espanol?" obviously, they are talking modem speak, and the question is not which language do you speak, but rather what command will you respond to? When the modem answers back in a postive manner to a series of queries, the router assumes it to be an "X modem", whatever value that is. Sometimes it's right, and sometimes it isn't. Your mileage will vary. The next question that comes to mind is why use this? The answer is as always, it depends. Let's say you don't know what modem is attached. This command might help. Another place where this might come in handy is if you are configuring an access server with lots of different modems attached (not a good practice BTW:-). In theory, let "modem autoconfigure discovery" loose, and it should nail down who is what. Here is the key to using this effectively. Once "modem autoconfigure discovery" is done polling all of the modems, it will tell you what it *believes* are the individual modems attached to all of your lines. At that point, you want to hard code the config with the "modem autoconfigure type usr_sportster" command, or a similar command for your brand of modem. If you don't do this, you will dramatically increase the time it takes to get your modem active after each reset. HTH, Paul Werner p.s. I particularly like Priscilla's explanation of why things are/are not in the IOS. I would have to default to the wise one (Tim Brown) and state that in many/most cases, it is probably just a matter of original sin 8-) > > > First, I understand the theoretical difference between > >Autoconfigure > > >and Autodiscovery, but in the book, it appears that the different > >commands > > >do the same thing. For Autoconfigure, the book says "The modem > >autoconfigure > > >command is used to instruct the router to use this feature. This > feature > > >will detect the type of modem connected to the router and then supply > the > > >initialization string to the modem-- a process that can require up to > > >five > > >seconds." > > > It sounds as if the modem autoconfigure command also performs > > >autodiscovery functions. Did they really mean to say that the command > is > > >modem autoconfigure modem_type ? Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: DISTURBING: Spanning Tree Protocol Does not Work.
> Okay, here's the jist of things. Big huge mondo snip... > So... do we have an active looped topology? I doubt it. Likely, > Spanning > Tree's working just fine. Check the LED's on both of your switches to > see > if you see a solid orange glow... Leigh Anne, I like your style and troubleshooting methodology. I think you have honed in on the root cause of the problem (pun intended:- ) I don't have the previous day's post, but there were a few entries that were dead culprits as to the problem. After reviewing the snipped configs, I am now more convinced than ever. It is a loss of connectivity issue. It is true that the uplink ports will both need to be trunked (and only one was shown as trunking), but that will not fully explain the STP problem. if you looked at the 2nd post where all of the interface stats were shown, you would have noticed that on all of the ports that were alledged to be trunking, two of them had duplex and speed status unknown. That is a dead ringer for this sort of dilemma. Always hard code your duplex and speed settings for trunks. I cannot think of a good reason not to, and lots of good reasons against. If you check the last config posted, you will note that the speed and duplex were not hard coded. HTH, Paul Werner Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2 default routes on PIX???
Cory, I'm afraid the PIX does not support load balancing (or multiple default routes). You'll need an intermediary router (in-between) to handle the load-balancing. Paul ""Stull, Cory"" <[EMAIL PROTECTED]> wrote in message 0D7A05A19CE4D211BD050008C7330FE7259076@CCUPDC">news:0D7A05A19CE4D211BD050008C7330FE7259076@CCUPDC... > Scenario: 2 2600 routers both with T1's to the same ISP. > 1 PIX firewall between internal lan and the 2 2600's. > > Can I have 2 default routes in the PIX pointing one to one 2600 and the > other to the other 2600? > If so is this doing per packet load balancing? and what happens when one T1 > goes down? > > > I would have set this up in a lab to test it but don't have a PIX. I don't > know if a router and PIX would do the same thing. > > > Thanks in advance. > > > > Cory > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: % Connection refused by remote host
Make sure 'transport input all' is set on the line you're trying to reverse-telnet into. Paul <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I'm playing with 2511 terminal server and plugged a router and a firewall on > the async ports. But when I try to connect to the fire wall with 2001 I get > an error msg "% Connection refused by remote host", I can ping it and I can > telnet to it via cross-over cable!!??. > > Any device. > > Regards, > > Tarry > > -- > Sent through GMX FreeMail - http://www.gmx.net > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Here's an easy one
Ok so we know how to convert a multicast ip into a mac, how about the reverse. I got a syslog message that made me curious:- "invalid traffic from multicast source address 0f:37:59:6f:df:0d" and i thought well i wonder what ip address that would be but i couldn't figure out the first octet. Should all multicast mac addresses start with 01-00-5e ?? Is this mac address invalid ? Anyone ? Thanks -Paul PLEASE READ: The information contained in this e-mail is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please check this e-mail for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Securities and Futures Authority Limited and is a member of the London Stock Exchange. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Starting on CCNP
I was wondering the same thing, because of my current job I was looking at the possiblity of starting with the Cisco Internetworking Troubleshooting. I was encouraged to start with either the Routing, Switching, or Remote Access exams. This is because the Support exam biuld off the first 3. So I would recommend either of the first 3 in any order that you feel comfortable with and then after you have completed them, the Support exam. Hope that helps ya some. Paul Weinstein CCNA, MCSE, A+, Network+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stuart J Pittwood Sent: Sunday, February 25, 2001 12:00 PM To: [EMAIL PROTECTED] Subject: Starting on CCNP I'm guessing that this has been asked a million times but I couldn't find it in the archives. I recently passed 640-507, and now want to go onto do the CCNP, Does anyone have any opinions on which order it is best to do the exams? Also, I have a 2501,2516 & 803 from my CCNA are these going to be good enough to do most of the CCNP? I'm guessing they won't be good enough to do BCRAN, any suggestions for a cheap access server type router? Also any recomendations on books, I will get the Cisco Press books but am also looking at the McGraw Hill & Sybex books any comments. Thanks in advance __ Stuart J Pittwood, CCNA [EMAIL PROTECTED] http://www.stuartpittwood.net _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP study partner
Just curious if there is anyone in the Tampa Bay, FL area studying for their CCNP that is looking for a study partner. I am just getting started good and would like to see if there is anyone else here in Tampa doing the same. Thanks In Advance Paul Weinstein [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT (exam # 640-506)
I used the Sybex book --- Bolaji Charles Olatunji <[EMAIL PROTECTED]> wrote: > Please, can anyone tell me what topics & where (in > the Cisco press CIT book) to focus on - as i'm due > to take the exam this week end? > > i'd appreciate direct replies as i'm not subscribed > to the list. > > thanks, > > Bolaji > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: ISDN B Channel
I was looking at your configs and noticed a few discrepancies. First, have you done a "show isdn stat" on both ends? Take a look at your dialer map statements. On router 1, your dialer map points to the following phone numbers: > dialer map ip 10.10.10.2 name ABC broadcast 9032031701 > dialer map ip 10.10.10.2 name ABC broadcast 9032031704 And the corresponding SPIDs on router two are: > isdn spid1 903203170101 > isdn spid2 903203170401 No problem there. Now go to the dialer map on router 2: > dialer map ip 10.10.10.1 name XYZ broadcast 9033190740 > dialer map ip 10.10.10.1 name XYZ broadcast 9033190741 Now take a close look at the SPIDs on router 1: > isdn spid1 90319074001 > isdn spid2 903319074101 I could be wrong, but it seems like SPID1 is missing a "3" after the first three numbers. Also, are you 100% sure that you are supposed to put in a 2nd map statement to the 2nd phone number? Additionally, I was curious why you set a dialer hold queue for one packet? Granted, the ISDN link should come up pretty fast, but not that fast. You may want to consider setting it to 10. I also noticed that your idle timeout is set to 24 hours. Assuming this is a non-metered line, why not just set it to the max, namely 2147483? I didn't explicitly notice it in your configs, but you may also want to ensure that weighted fair queueing is turned off with the "no fair queue" command. HTH, Paul Werner > Subject: ISDN B Chanell > > Hello All, > > I am setting up a simple point to point ISDN BRI connection. It > works like a charm, but for the life of me, I cannot get the secondary B > chanell to come up. When I initiate a ping, it brings up the first B > chanell > instantaneously, but it wont bring up the secondary. > > ROUTER 1 > interface BRI0 > ip address 10.10.10.1 255.255.255.240 > no ip directed-broadcast > encapsulation ppp > dialer idle-timeout 86400 > dialer map ip 10.10.10.2 name ABC broadcast 9032031701 > dialer map ip 10.10.10.2 name ABC broadcast 9032031704 > dialer hold-queue 1 > dialer load-threshold 1 either > dialer-group 1 > isdn switch-type basic-ni > isdn spid1 90319074001 > isdn spid2 903319074101 > compress stac > ppp authentication chap > ppp multilink > > ROUTER 2 > interface BRI0 > ip address 10.10.10.2 255.255.255.240 > no ip directed-broadcast > encapsulation ppp > dialer idle-timeout 86400 > dialer map ip 10.10.10.1 name XYZ broadcast 9033190740 > dialer map ip 10.10.10.1 name XYZ broadcast 9033190741 > dialer hold-queue 1 > dialer load-threshold 1 either > dialer-group 1 > isdn switch-type basic-ni > isdn spid1 903203170101 > isdn spid2 903203170401 > compress stac > ppp authentication chap > ppp multilink Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: ISDN B Channel
> Date: Fri, 2 Mar 2001 11:00:48 -0800 > From: "kd" > Subject: Re: Subject: ISDN B Channel > > 1. Yes, a 3 is missing from the isdn spid1 statement on router1 Glad we agree:-) > 2. Assuming 903 as area code in your dialermap statement, both the > routers > seem to be in the same area code. Why are you including areacode in the > dialstring part of dialer map statemet. Well, I did not specifically address this point in my post for a reason. I no longer consider it universal, or taken for granted that the original charter of the North American Numbering Plan(NANP) is adhered to these days. This is for a variety of reasons, many are political. For example, where I live in the People's Republic of Northern Virginia: http://nanpa.planet.net/area_code_maps/display.shtml?va We have two overlaid area codes that exist in one geographic area. This has the effect of making it *mandatory* now to dial a 10 digit number in the DC metro area. Southern Maryland is no different. If you are dialing an adjacent region call with a 10 digit dial string and you cannot connect, you will get the dreaded message from the Communist East German Phone Operator stating that you must dial a "1" before your number. This is the worst of all possible worlds. It is not a local call (generally free with basic service), and it is not a low cost long distance call (5-7cents per minute), it is the dreaded intrastate call. Most of the ILECs have massive price gouging going on in intrastate tariff rates. The bottom line is you have to dial the minimum number of digits prescribed by your locality and its dial plan. Since I noticed that your e-mail domain is from the pacific School of Religion out in the SF Bay Area, and the area code in question is from the Tyler, Texas area, I can only presume that you used to live there and you are familiar with the local dial plan:-) As it turns out, your assertion is correct: Tyler, Texas is in a 7 digit dial plan area: http://nanpa.planet.net/pdf/dialing_plan.pdf If for some reason you need, you > may > have to prefix it with a 1. That would be that dreaded intrastate call I mentioned :-) HTH, Paul Werner Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New Mime Software in Use, Please send me bug reports
Hi Everyone, "Elephant Child" has modified our MIME software to prevent the = signs at the end of some messages. He has done a super job and would like to publicly thank him. I have just installed the new software on the list. Please send me any bug reports. Take care, Paul Borghese _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:
I just installed the new software about an hour ago. I have not seen any messages going by without test. Did I miss something? Paul - Original Message - From: "Bradley J. Wilson" <[EMAIL PROTECTED]> To: "cisco" <[EMAIL PROTECTED]> Sent: Monday, March 05, 2001 8:32 PM > Looks like the new MIME software is removing the equal signs...and all the > rest of the text! > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switching types!!
Oh, well... Back to the drawling board. I will put the old software back on. Paul - Original Message - From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Paul Borghese" <[EMAIL PROTECTED]> Sent: Monday, March 05, 2001 8:23 PM Subject: Re: Switching types!! > Paul, > > This might be your first bug report. I spent a lot of time on a message > talking about switching types. It came out with nothing in it. > > Priscilla > > At 04:59 PM 3/5/01, Priscilla Oppenheimer wrote: > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Shutdown of List
Hi everyone, A server, I believe at Road Runner (mail.houston.rr.com) has been feeding messages back on the list. I have been receiving bounces from messages I sent in July! This has caused the list to automatically shut itself down. The theory is it is better to shutdown then have people receive 1000's of messages. If you sent a message to the list in the last day, and have not seen it appear, you will need to resend. Sorry for the inconvenience. Take care, Paul Borghese _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
List circuit breakers triggered again
Hi everyone, The circuit breakers on the list went off again last night. The list = had over 250 messages yesterday causing it to stop forwarding e-mail. = Usually we only have between 100-150 messages/day so this was abnormal. The way we have setup the list is we have a counter keeping track of = every e-mail message. When the message count reaches a large number (in = this case 250) it will shut itself down. This is to prevent things such = as mail loops from filling up our mail boxes. Sorry for the inconvenience. =20 Take care, Paul Borghese _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: ICMP Redirects
A couple of thoughts here. This is clearly the territory that HSRP was designed to address, namely failure of a primary gateway and assumption of the backup gateway while the primary is down. First, you may want to take a peek at this article (watch wrap): http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/ 121newft/121t/121t3/dt_hsrpi.htm On the other hand, you could block any ICMP redirects with a simple access list(which creates other problems). It seems that it might be more beneficial to get hardware that will ultimately do the job you are trying to do via HSRP. Regarding the issue of HSRP support for CBOS based platforms (600 series Cisco devices) you are correct, the support is not there. OTOH, I don't know if your flavor of DSL will fit the profile, but have you considered using a 1720-ADSL router? It *appears* that with the WIC-1ADSL installed, support is there for HSRP. 1720's go new in the $700-$800 range. the WIC- 1ADSL can be had for approximately $500 new. Of course, you could probably get them both used for a lot less. HTH, Paul Werner > When a host receives an ICMP redirect, it's my understanding that it > places a host route in the routing table for that destination. How long > does that route typically stay in the table? If the route is being > used, would it stay there indefinitely? Here's why I ask... > > We have a 2620 and a 675 attached to the same remote LAN. The 675 is > there in case the frame relay circuit to the building goes down. > Because they are on the same subnet, I noticed that the 2620 began > sending redirects to the users. If the circuit were to come back up, > how would the hosts know to start using their original default gateway? > > The 675 and 2620 are not speaking a routing protocol to each other, > we're using static routes only. Proxy ARP isn't an option because we > want the PCs to always use the frame relay T1 if it is available. HSRP > is not an option because the 675 does not support it. Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: ICMP Redirects
A couple of more thoughts on the issue of ICMP redirects. First, Edward Solomon had a pretty good concise analysis of the options available in the environment you have and the advantages and disadvantages to each: > (1) Proxy ARP > (2) ICMP Redirects > (3) ICMP Router Discovery Protocol > (4) Run a routing protocol on the workstations > (5) Hot Standby Router Protocol I will not replay the analysis, because it was right on track. There are still other issues involved. Muhammed Khalilullah correctly pointed out that you need to use the "no ip redirect" command in interface configuration mode to shut redirects off at the source (which I did not previously mention). I am not aware of a similar command for the CBOS based systems. Still, there is the final piece which has not been mentioned, namely the client side of this. I was curious how MS stood on these issues and I checked it out. Here is what they have to say: When a Windows-based computer is initialized, the route table normally contains only a few entries. One of those entries specifies a default gateway. Datagrams that have a destination IP address with no better match in the route table are sent to the default gateway. However, because routers share information about network topology, the default gateway may know a better route to a given address. When this is the case, then upon receiving a datagram that could take the better path, the router forwards the datagram normally. It then advises the sender of the better route, using an ICMP Redirect message. These messages can specify redirection for one host, a subnet, or for an entire network. When a Windows-based computer receives an ICMP redirect, a validity check is performed to be sure that it came from the first-hop gateway in the current route, and that the gateway is on a directly connected network. If so, a host route with a 10-minute lifetime is added to the route table for that destination IP address. If the ICMP redirect did not come from the first-hop gateway in the current route, or if that gateway is not on a directly connected network, the ICMP redirect is ignored. To answer your specific question, it will take ten minutes to purge the entry. Now you need to think about this a little bit. Is this a sort of "planned" behavior you want to see? That is your call. Another issue would probably focus on how to change the ten minute time. I have not found a registry key to do that. I have found the registry key to listen to redirects or ignore them. It is found here: HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services \Tcpip\Parameters NOTE: The above registry key is one path; it has been wrapped for readability. On the Edit menu, click Add Value, type EnableICMPRedirects, click REG_DWORD in the Data Type box, and then click OK. Type 0, and then click OK. NOTE: Setting this registry entry to a value of 1 enables ICMP Redirects. NOTE- All standard disclaimers apply on using the registry editor, namely you make changes at your own risk, and you may render your OS inoperable if you do it wrong. If you wanted to make the changes en masse, my best bet would be to put it in the netlogon directory and it will get implemented on the next login. I can't say which way is right for you. HTH, Paul Werner Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dupes to this list - RoadRunner being blocked.
We are still receiving duplications from the list (and the reason the list shutdown earlier in the week). The problem is still from Road Runner in Texas. After blocking mail.houston.rr.com, we stared receiving duplications from servers that identified themselves as mail.austin.rr.com and mail.texas.rr.com. My only recourse is to block the entire subnet. If you are with Road Runner and are using the subnet 24.93.35.0/24 you will not be able to access groupstudy.com. If you are sending mail to a mail server on that address, your mail will not be delivered to groupstudy.com. I have sent the attached letter to [EMAIL PROTECTED], but please feel free to contact rr.com and complain to anyone that is listening. The more noise we make the quicker it will be fixed. Take care, Paul Borghes Message sent to [EMAIL PROTECTED]: Hi, I run a mailing list for people studying for various Network Engineering Certifications (www.groupstudy.com). For whatever reason, mail servers from mail.houston.rr.com (24.93.35.225) dumped thousands of messages on the list that were sent months ago. After blocking the address 24.93.35.225, we are now receiving dumps from 24.93.35.226, 24.93.35.54, and 24.93.25.55. Please have someone correct this immediately! My only recourse is to block the entire subnet, forcing rr.com subscribers to obtain another service before participating in the list. Thank you, Paul Borghese _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: using shell script to update router configuration
Someone had posted some expect scripts a few months back. Go on the archives and type "expect". Take care, Paul - Original Message - From: "michael liu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 18, 2001 8:54 PM Subject: using shell script to update router configuration > Hi, Everyone: > > Does any one use shell script to update router by snmp, if you could attach a sample, I > will really appreciate. > > Thanks, > > ~mlGet your FREE download of MSN Explorer at http://explorer.msn.com">http://explorer.msn.com > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Computer Based Training
The link you mentioned below is an excellent resource. Some of the most recent training materials are available there for download, including Oracle, Cisco, MS, and others. The web site and training materials are available for free for anybody that is active duty military, AGR, or any flavor of reservist in the US Armed forces. Unfortunately, military retirees are not allowed to use the materials. If anybody on Groupstudy does qualify for any of the categories I mentioned, I would strongly encourage you to download and use the CBTs. They are free. As was posted below, if you are not in one of the categories I mentioned, attempting to download the materials may be difficult unless you are a reasonably good hacker and can spoof an IP address for a .mil domain. Additionally, penalties nowadays for hacking US DoD web sites can get rather extreme, including non-US nationals. HTH, Paul Werner p.s. Singapore currently has a rather extreme penalty with the advent of the Computer Misuse (Amendment) Act of 1998. Penalties are a maximum fine of S$10,000, or a jail term of three years, or both. > Date: Sun, 18 Mar 2001 13:05:10 -0500 > From: "Kin Mak" <[EMAIL PROTECTED]> > Subject: Re: Computer Based Training > > If you goto the home page of http://www.armycbt.army.mil, there is a warning that the website is only for Army related personnel usage only. Please be careful, you don't want to get into trouble with the US Military. > > > ""Lim Jit Cherng"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have found this cool CBT coursewares.. There are some great > training > > materials for CCNP.. > > > > http://www.armycbt.army.mil/Cbtweb/catalog.htm > > > > > > anyone have other recommendations > > > > > > cheers... Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
