RE: Catalyst 6500 Architecture [7:74460]

[R. Benjamin Kessler]

I think the SFM's were an interim step; the current direction seems to be
the Sup720 blades.  What kind of speeds  feeds are you requiring?

~~
R. Benjamin Kessler
Network Engineer
CCIE #8762, CISSP, CCSE
Kessler Consulting
Email:  [EMAIL PROTECTED]
http://www.kesslerconsulting.com
Phone: 260-625-3273
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of neil
K
Sent: Friday, August 29, 2003 4:31 AM
To: [EMAIL PROTECTED]
Subject: Catalyst 6500 Architecture [7:74460]

Folks,

The Catalyst 6500 uses a Shared bus Architecture and to increase the
Backplane capacity you have to have Switch fabric module (SFM) with fabric
Enabled modules to make it work. Is there a vendor which has a better
architecture or a better solution.

Thanks,

neil K.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74518t=74460
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: CCNP and future CCIE lab setup [7:73696]

[R. Benjamin Kessler]

I think they're suggesting that you make a short cross-over male to female
cable (instead of the standard male to male patch cable).

The idea being that you could still use your standard patch cables and where
a cross-over cable was required and simply connect the short cross-over to
one end.

Does this clear it up for you or are you more confused?

~~
R. Benjamin Kessler
Network Engineer
CCIE #8762, CISSP, CCSE
Kessler Consulting
Email:  [EMAIL PROTECTED]
http://www.kesslerconsulting.com
Phone: 260-625-3273
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 08, 2003 5:10 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP and future CCIE lab setup [7:73696]

I honestly do not know what you are referring to.  A plug on one side and a
jack on the other?  I am probably missing something simple but nothing rings
a bell!!!  Of course, I am a girl from Thailand and maybe my slang English
is not up to par.  Hee hee

Can you please explain what that is about?
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73762t=73696
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: udld [7:73730]

[R. Benjamin Kessler]

Absolutely!  I have a client that uses UDLD Aggressive Mode on all
switch-to-switch Gig links.

We found out about this the hard way when we had a SUP in a 6509 that had
faulty GIG interface; after several spanning-tree events and high-level
conf. calls with Cisco they informed us about this feature (this was approx.
2 yrs. ago).

Since then, we've been using it quite successfully.  I have seen some
weirdness when initially setting up trunks or gig-Etherchannel links (UDLD
will sometimes cause the port to go 'err-disable').  Once you get the
trunk/GEC link setup though it seems to work pretty well.

HTH

~~
R. Benjamin Kessler
Network Engineer
CCIE #8762, CISSP, CCSE
Kessler Consulting
Email:  [EMAIL PROTECTED]
http://www.kesslerconsulting.com
Phone: 260-625-3273
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Lopez, Robert
Sent: Friday, August 08, 2003 9:00 AM
To: [EMAIL PROTECTED]
Subject: udld [7:73730]

Anyone out there make it a common practice to implement UDLD on Cat 6509
GigE uplinks?  

TIA,

Robert 


LEGAL NOTICE
Unless expressly stated otherwise, this message is confidential and may be
privileged. It is intended for the addressee(s) only. Access to this E-mail
by anyone else is unauthorized. If you are not an addressee, any disclosure
or copying of the contents of this E-mail or any action taken (or not taken)
in reliance on it is unauthorized and may be unlawful. If you are not an
addressee, please inform the sender immediately.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73736t=73730
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Forrest Gump-like arp(?) question [7:56680]

[R. Benjamin Kessler]

I have a couple of 6509's with Sup1/MSFC1 cards that have a feature (I
can't get TAC to agree that it is a bug) which cause this type of
problem.

If you have an MLS entry built for a host and the MAC address associated
with that host's IP address (ARP entry) changes, the MSFC will see this
(via the gratuitous ARP) but the change will not be propagated down to
the MLS cache on the L2 side.  (hence the bug in my opinion)  The L2
cache will not change even though the L3 side knows of the new address;
I think there should be better communication between the two engines but
perhaps I'm way over-simplifying things.

If you perform a global clear arp on the MSFC this does flush the
entire MLS cache on the L2 side so this will fix the problem but it is
a bit like performing brain surgery with a sledge hammer.  You can
perform a selective clearing at the L2 prompt by issuing the following:

clear mls entry ip destination x.x.x.x

By default, an MLS entry will age-out pretty quickly if there is no
traffic going to the destination (two minutes I think); unfortunately,
the HPOV guy has his box pinging everything he can find (and I do mean
everything but that's a story for another time) on a two-minute
interval and being a Windows shop we never see our entries age-out
because of no traffic (the short aging time).  

Every MLS entry will be cleared (regardless of traffic) after the long
aging time.  Somewhere between CatOS version 5.4.2 and 5.5.7 this timer
was changed from 900 seconds to 1920 seconds (15 minutes to 32 minutes)
and there isn't an option to modify this (unless you run your switches
in Native IOS mode).

The good news is that Cisco radically changed how MLS works with the
Sup2's and this is no longer a problem.  The PFC uses CEF so when the
router's ARP cache changes, the appropriate CEF tables are updated and
MLS keeps humming along.

So, you might want to ask Sprint how their 6509 is configured and see if
it matches the above scenario that I laid-out.  As a work-around, you
can spoof the MAC address of your new router to match that of the old
router.

Hope this helps,

Ben





-Original Message-
From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] 
Sent: Friday, November 01, 2002 1:42 PM
To: [EMAIL PROTECTED]
Subject: RE: Forrest Gump-like arp(?) question [7:56680]

A cisco router broadcasts a gratuitous ARP response announcing to the
world
its IP address when it boots. See this example:

Ethernet Header
  Destination:  FF:FF:FF:FF:FF:FF  Ethernet Broadcast
  Source:   00:00:0C:3F:00:D4
  Protocol Type:0x0806  IP ARP
ARP - Address Resolution Protocol
  Hardware: 1  Ethernet (10Mb)
  Protocol: 0x0800  IP
  Hardware Address Length:6
  Protocol Address Length:4
  Operation:2  ARP Response
  Sender Hardware Address:00:00:0C:3F:00:D4
  Sender Internet Address:172.16.10.1
  Target Hardware Address:FF:FF:FF:FF:FF:FF  Ethernet Broadcast
  Target Internet Address:172.16.10.1

Is your router not doing that for some reason? You could do some
sniffing to
see whether it does it. The gratuitous ARP should put the right ARP data
into the 6509's ARP cache.

So, I'm wondering if the ARP cache is the real problem. 

When you had the new router installed, what did show int ethernet
display?
Was it up/up?

Can you send us some of your config for some more clues??

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com

Mark Smith wrote:
 
 Unfortunately I don't have access to the 6509 or it would be a
 done deal. My stuff's at a Sprint co-lo facility and getting
 thru to a live tech across the country at Sprint is next to
 impossible. The 6509 is theirs and is what I connect to on
 their network to get out to the world. I was just looking for a
 way to force their equipment to clear or refresh it's arp cache.
 Thanks.
 
 Quoting Priscilla Oppenheimer :
 
  Can't you just do a clear arp on the 6509? That's a
  commonly-used IOS
  command. I would assume it works on the 6509. Or
  should I say ass-u-me it
  works. :-)
  
  Priscilla
  
  Mark Smith wrote:
   
   I need to replace a router in a cabinet at the
  facility where
   my hosted servers and equipment is. My equipment is
  talking
   to the hosting facility's network via a port on a
  6509 switch.
   I replaced my router and then nothing from my
  network could
   connect to the outside world. I waited about 2
  minutes (during
   which time my entire site's down and my bosses get
  VERY
   nervous) and I never was able to connect from inside
  and my
   tester on the outside was never able to get in to
  me. I finally
   put router #1 back in and all was well again. I've
  scoured the
   configuration and #2's is identical with #1 so I
  don't believe
   that is the problem. I'm ass-u-me-ing that the
  reason for this
   is the 6509 port's ARP cache is looking for the MAC
  address of
   router #1 and it ain't there anymore. Would this
  

RE: Question on ATM OC-3 WAN connection and TcpWindowSize [7:56614]

[R. Benjamin Kessler]

You could be experiencing the long, fat network (LFN) problem.

How far apart are these locations? (average round-trip time with ping?)

-Original Message-
From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of
Kim Seng
Sent: Thursday, October 31, 2002 11:57 AM
To: [EMAIL PROTECTED]
Subject: Question on ATM OC-3 WAN connection and TcpWindowSize [7:56612]

Hi all,

I have an OC-3 155Mbps UBR WAN link between two sites.
When I transfer files between these two sites using
windows explorer or ftp, I only have about 8Mbps.
Sprint told me I need to change the registry:
TcpWindowSize to get better throughput. Have anyone
experienced this before?

Thanks in advance.

Kim.

__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56614t=56614
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Catalyst 8540CSR [7:56172]

[R. Benjamin Kessler]

I have a client that used to have a pair of them...chucked them about
a year ago.  8540's (at least in the L2/L3 LAN-Switching arena) were an
abortion of a product; it was merely a stop-gap measure to say that
Cisco had a L3 switch on the market.  With the 6500-series they've got a
capable product now and they have successfully wiped the egg from their
faces.  I have yet to hear of a customer that purchased 8540's to do L3
switching functions that was happy with the purchase.  I have heard that
the ATM version of the 8540's performed quite well (basically an upgrade
to the LS1010) but don't have any personal experience with that.

-Original Message-
From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of
Ellis, Andrew
Sent: Wednesday, October 23, 2002 6:25 PM
To: [EMAIL PROTECTED]
Subject: Catalyst 8540CSR [7:56172]

Hi,

Is there anyone out there that has 8540CSRs or MSRs in their network? If
so,
what version of IOS are you running and are they really problematic? Are
you
disgusted with them and ready to chuck 'em?

-Drew




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56223t=56172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Extended Vlan across Wan [7:54866]

[R. Benjamin Kessler]

I'm surprised Howard hasn't chimed in yet, this is definitely a what
problem are you trying to solve sort of case...

More details please.  Personally, I don't believe VLANs should extend
outside a building (even with Dark Fibre); but perhaps you have
requirements that would justify this...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
gladston vidali
Sent: Friday, October 04, 2002 9:05 AM
To: [EMAIL PROTECTED]
Subject: Extended Vlan across Wan [7:54866]

Hi Guys,

Could you give me your opinion about the following ?

What is the best technology nowadays to extend Vlans across a ATM Wan
backbone ?


-- 
__
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


Free price comparison tool gives you the best prices and cash back!
http://www.bestbuyfinder.com/download.htm




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54881t=54866
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Non-disruptive IOS upgrade on 6513? [7:51508]

[R. Benjamin Kessler]

Check out the following link; it talks about high availability and
versioning.

I've not had a chance personally to try the versioning support to
perform an upgrade but I think this might be what you're after...

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg
_gd/redund.htm#23097

If you have a chance to go through this procedure, let us know how well
it works.

HTH,

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John Neiberger
Sent: Friday, August 16, 2002 9:51 AM
To: [EMAIL PROTECTED]
Subject: Non-disruptive IOS upgrade on 6513? [7:51508]

I have a 6513 with redundant sup modules and I'd like to update the IOS
image.  Is it possible to do this while remaining mostlly transparent to
users on the switch?  I've read the instructions on CCO and according to
them I'd still have to reload the entire switch.  Is it possible to do
one engine at a time while the other is running as primary?

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51752t=51508
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT - Networkers, Orlando [7:47846]

[R. Benjamin Kessler]

Anyone from the list going?  Is there going to be a GroupStudy
gathering?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47846t=47846
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - Networkers, Orlando [7:47846]

[R. Benjamin Kessler]

Sounds good.  When?  Where?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Paul Borghese
Sent: Monday, July 01, 2002 3:04 PM
To: [EMAIL PROTECTED]
Subject: Re: OT - Networkers, Orlando [7:47846]

Sure.  I will be there.  Two years ago we had a GroupStudy dinner in
Orlando.  Anyone else interested?

Paul
- Original Message -
From: ken clifford 
To: 
Sent: Monday, July 01, 2002 3:21 PM
Subject: RE: OT - Networkers, Orlando [7:47846]


 I'm going.  I'd be interested in a groupstudy get together.
 I am taking the CCIE PS on Monday and 350-001 exam on Tuesday morning.

 Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47880t=47846
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: New Subnet Rule [7:47670]

[R. Benjamin Kessler]

Try configuring your machine(s) with addresses in the following
networks:

198.62.0.0/28 - e.g. 192.168.0.1-14
and
192.168.0.240/28 - e.g. 192.168.0.241-254

This would be utilizing the all-zeros and all-ones subnets of
192.168.0.0/24

You tested configuring machines in the *networks* 192.168.0.0/24 and
192.168.255.0/24 - not subnets of 192.168.0.0/16


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Michael L. Williams
Sent: Saturday, June 29, 2002 11:49 AM
To: [EMAIL PROTECTED]
Subject: Re: New Subnet Rule [7:47670]

I have successfully used both an all-zeros and an all-ones subnet on
Windows 9x.  (192.168.0.0/24 and 192.168.255.0/24)  Works fine.

Mike W.

Kazan, Naim  wrote in message
news:[EMAIL PROTECTED]...
 Ok, now that we know the answer to that question? Will windows support
 subnets 0-255.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47756t=47670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: New Subnet Rule [7:47670]

[R. Benjamin Kessler]

To be more correct I should have said:

Try configuring your machine(s) with addresses in the following
subnets:

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
R. Benjamin Kessler
Sent: Saturday, June 29, 2002 12:43 PM
To: [EMAIL PROTECTED]
Subject: RE: New Subnet Rule [7:47670]

Try configuring your machine(s) with addresses in the following
networks:

198.62.0.0/28 - e.g. 192.168.0.1-14
and
192.168.0.240/28 - e.g. 192.168.0.241-254

This would be utilizing the all-zeros and all-ones subnets of
192.168.0.0/24

You tested configuring machines in the *networks* 192.168.0.0/24 and
192.168.255.0/24 - not subnets of 192.168.0.0/16


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Michael L. Williams
Sent: Saturday, June 29, 2002 11:49 AM
To: [EMAIL PROTECTED]
Subject: Re: New Subnet Rule [7:47670]

I have successfully used both an all-zeros and an all-ones subnet on
Windows 9x.  (192.168.0.0/24 and 192.168.255.0/24)  Works fine.

Mike W.

Kazan, Naim  wrote in message
news:[EMAIL PROTECTED]...
 Ok, now that we know the answer to that question? Will windows support
 subnets 0-255.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47757t=47670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NE Indiana [7:47507]

[R. Benjamin Kessler]

Sorry for the cross-post.  Anyone from Northeast Indiana please reply to
me  off-list.

Thanks,

Ben




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47507t=47507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: max routers in a hsrp group [7:46584]

[R. Benjamin Kessler]

I know I've done four at one time (long story) without incident; I
generally don't like to have more than two...how many are you trying to
configure?  Why?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Phil Wallisch
Sent: Friday, June 14, 2002 10:19 AM
To: [EMAIL PROTECTED]
Subject: max routers in a hsrp group [7:46584]

Hi all.  Does anyone know the maximum # of routers allowed in a HSRP
group?  I've read through the RFC and don't see this limit mentioned but
a coworker says it's 4.



Get your FREE download of MSN Explorer at http://explorer.msn.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46590t=46584
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Parity errors and Cosmic radiation! [7:46282]

[R. Benjamin Kessler]

I have a client who experienced this as well on a pair of 7206VXR's.
The two routers rebooted themselves due to memory parity error.  The
cosmic radiation was kind enough to cause the reload in the wee hours
so no harm done.

What's weird is that we have six 7206's in the same cabinet but only two
experienced the problem.  The two afflicted routers just happened to
service the same group of subnets (HSRP peers)...kinda strange.

TAC dude wanted me to remove and re-seat the memory in the routers.  He
said that if the problem happened again that they'd replace the memory.

I opened up one of the routers to find that the memory is not only
secured by retaining clips on each side but it also has a screw through
it...I didn't bother on the other router.

(knocking on wood) It has been several months since that happened and
we've run clean since.

If you're seeing this on a brand-new box, I'd guess infant mortality.
Perhaps you can convince TAC to send you some new memory if you're still
fighting this problem.

If new memory still has the problem then you'll need to look at
environmental conditions in your data center - e.g. grounding, heat, a
lot of EMI, etc.

Farooq Ali  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all:

 I am a giga-lurker on this list and over the past 3 years have
benefitted
a
 lot. Have been able to achieve a lot due to the knowledge shared on
this
 list. I would like to thank all for that.

 The reason I am writing now is an issue which is a bit mind boggeling.
We
do
 have a solution but I found it a bit funny hence sharing it here.

 One of our offsite routers a 7206 vxr in New York site was having a
problem,
 we had this brand new router crash on us twice in a week and after
opening
a
 ticket with TAC, we sent them an upload of our sh tech output.

 They told us that we have parity issues and guess what? the parity is
bad
 cause of Cosmic radiation!
 I am taking the solution on face value and not making a fuss about it,
but
 wanted to hear from the more experianced folks on this list on how
does
 minimal radiation is able to set the 0 to 1 or viceversa, while my
router
is
 not located in say Alpha quadrant in subnebular terrain. Its in NYC!
:)

 here is a link to this phenomena on cisco site:

http://216.239.51.100/search?q=cache:xbNsvjHnXUIC:www.cisco.com/warp/pub
lic/
122/crashes_pmpe.html+soft+parity+errors+and+cosmic+radiationhl=en



 Any ideas!
 Kfali CCNP security, afraid of the written.
 --
 ___
 Sign-up for your own FREE Personalized E-mail at Email.com
 http://www.email.com/?sr=signup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46397t=46282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: which is the best Router for the following tasks [7:46288]

[R. Benjamin Kessler]

Look at the new 1700's (I think it's called 1760 or 1761) - they've got
a 1U rack form factor.

I haven't laid hands on one yet but it looks promising.

It's only got one 10/100 Ethernet built-in but you can add a 10mb
Ethernet via a WIC.

Obviously you'd need another WIC for the serial

I don't know how much punishment the CPU on these routers can take -
thinking about QoS, Firewall, IPsec, NAT, etc.  Anyone work on one of
these yet?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John Kaberna
Sent: Tuesday, June 11, 2002 4:43 PM
To: [EMAIL PROTECTED]
Subject: Re: which is the best Router for the following tasks [7:46288]

2611 if you want Ethernet and 2621 if you want Fast Ethernet.  I
generally
don't like to work with anything under a 2600.  You can also look at the
1751.  The problem with the 17XX series is they aren't rack mountable.


Fab Perez  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi news

 I need to pickup a Router with the following features:
 _ 2 Ethernets
 _ 1 V.35 Serial / Sync
 _ QoS
 _ Load Balancing (EIGRP ?)
 _ NAT
 _ Firewall

 Thanks in advance.

 --
 Fab Perez
 .net .admin
 www.inet.co.cr
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46398t=46288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS Caveats: Do I just need more coffee?? [7:46346]

[R. Benjamin Kessler]

Nothing like the bleeding edge...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John Neiberger
Sent: Wednesday, June 12, 2002 9:37 AM
To: [EMAIL PROTECTED]
Subject: IOS Caveats: Do I just need more coffee?? [7:46346]

I just don't get this.  I'm looking at the IOS releases for the Cat6k
and I see there is now 12.1(11b)E4 and we're running 12.1(11b)E3.  So, I
check to see if there are any new features...none listed.  Then, more
interestingly, I check the resolved caveatsnone listed.

So, if there are no resolved caveats and no new features, why is there
an E4 release in the first place??  With no bug fixes and no new
features, how is E4 different than E3?

Okay, back to work

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46396t=46346
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: why copy tftp run retain some old config ??? [7:45323]

[R. Benjamin Kessler]

Do a copy tftp start and then reload.

 Hi.. Dear all,

 Why you I copy the config from the tftp server to replace the old
config
on
 the router (copy tftp run) or copy the config from startup to running
(copy
 star run).  But the resulting config is not exactly the same as the
config
 that I copy run.  It retain some of the old parameter or config.  For
eg.

 When I copy start run

 My start-up config is
 ip route 10.0.0.0 255.0.0.0 50.100.45.4

 My running config is
 ip route 10.0.0.0 255.0.0.0 50.100.45.3

 After I copy start run, the resulting config become
 ip route 10.0.0.0 255.0.0.0 50.100.45.4
 ip route 10.0.0.0 255.0.0.0 50.100.45.3


 And when I copy the config from tftp server to my run config (copy
tftp
run)

 My tftp config

 interface Ethernet0
  description To Office Ethernet
  ip address 80.8.200.113 255.255.255.240
  no ip directed-broadcast
  ip accounting output-packets
  ip route-cache same-interface

 My running config

 interface Ethernet0
  description To Office Ethernet
  ip address 70.8.200.113 255.255.255.240
  no ip directed-broadcast
  ip accounting output-packets
  ip route-cache same-interface
  traffic-shape group 105 5000 7000 7000 1000

 But the resulting config become as below
 interface Ethernet0
  description To Office Ethernet
  ip address 80.8.200.113 255.255.255.240
  no ip directed-broadcast
  ip accounting output-packets
  ip route-cache same-interface
  traffic-shape group 105 5000 7000 7000 1000

 WHY???   Why it is not the same as the config that I copy from but
the
 combination.  How to solve this??

 CT




 ==
 De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
 is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
 onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
 de afzender direct te informeren door het bericht te retourneren.
 ==
 The information contained in this message may be confidential
 and is intended to be exclusively for the addressee. Should you
 receive this message unintentionally, please do not use the contents
 herein and notify the sender immediately by return e-mail.


 ==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45452t=45323
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Provider Backbone Engineering and CCIEs [7:44876]

[R. Benjamin Kessler]

One of the nice features of Ethereal is that you can do TCP Stream
Analysis.  Basically, this shows the ASCII stream of data going
back-and-forth between the client and server.  When analyzing telnet
sessions it is pretty easy to see the clear-text passwords this way.

HTH

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Sasa Milic
Sent: Friday, May 24, 2002 2:32 PM
To: [EMAIL PROTECTED]
Subject: Re: Provider Backbone Engineering and CCIEs [7:44876]

Because pop3 username and password use two packets (one for
USER username and another for PASS password command).
With telnet, every keystroke is transmitted in separate
packet. It is possible to collect them all and reconstruct
username/password, but it's not trivial as with pop3.

Sasa
CCIE 8635

Henrique Duarte wrote:
 
 Why can't I sniff my telnet login/password in clear text but can sniff
my
 pop3 login/password in clear text? I'm using Sniffer Pro 4.5.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45226t=44876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SYSLOG time stamp problem [7:44949]

[R. Benjamin Kessler]

I know on RedHat you have to ensure that syslogd is started with the -r
flag so that it accepts syslog messages from remote systems.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Steven A. Ridder
Sent: Friday, May 24, 2002 10:16 AM
To: [EMAIL PROTECTED]
Subject: Re: SYSLOG time stamp problem [7:44949]

Speaking of syslog, if a syslog daemon is running on a unix machine, is
that
all that needs to happen for it to collect messages.  I can get a Kiwi
syslog program to work, but if I have a customer set up syslog on unix,
nothing is in the logs, even though the router claims to have sent him
messages (and all connectivity is working).

--

RFC 1149 Compliant.



Jeffrey Reed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I set up a syslog server and have a problem with the time stamp in a
sys
log
 message. When a message is sent to my syslog server (using solar
winds
 syslog monitor) the date/time field is correct, but the time stamp
with
the
 message itself is not, its 4 hours ahead. I show calendar and clock on
the
 6500 MSFC and they are both set correctly. I have the system set up
for
EST
 and daylight savings, so I think the syslog facility is not factoring
in
 those settings.

 How can I get the syslog message to display the correct time?

 Thanks!!

 Jeff Reed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45227t=44949
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bridge and switch [7:44649]

[R. Benjamin Kessler]

If you substitute the word segment where they have subnet then I'd
be happy with the description.

I've seen others use the two terms to mean the same thing, I suppose you
could argue it both ways.  In my mind, segment = L2; subnet = L3.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Kevin Jones
Sent: Wednesday, May 22, 2002 1:59 PM
To: [EMAIL PROTECTED]
Subject: Re: Bridge and switch [7:44649]

I was under the impression that, while a switch is often termed a
multiport
bridge, there is one fundamental difference in the way the two devices
forward frames.  While my source is not always the most credible or
reliable
(Course Technology Networks Plus book), it does cause me to stop and
think
for a minute.  Anyway, the difference (as described in the book) is as
follows:

If a multiport bridge determines (based on the destination MAC address)
that
the destination node is on another subnet, it will broadcast the frame
out
all ports except the originating port.  A switch, on the other hand, is
smart enough to only forward the frame out the destination port.  Both
devices handle unknown frames and broadcasts the same way, ie. they will
forward the packets out all ports except the one the frame was received
on.

Any thoughts?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44806t=44649
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Relation between port and interface [7:44804]

[R. Benjamin Kessler]

Jose,

Here's a snip that talks about your message...

http://www.cisco.com/warp/public/473/62.shtml#casestudy5:

Unfortunately, given their explanation, it doesn't really explain what
port 51 is now does it...

I know this is a cop out, but if you can you might want to look into
upgrading code on the cat3500 because later versions produce better
debug output.

Here's a sample that I took from one of my 3548's:

May 15 17:06:53: .0c07.ac01 has moved from port Gi0/2 
to port Fa0/12 in vlan 115
May 15 17:06:56: Addaddress .0c07.ac01, on port Gi0/1 vlan 115
May 15 17:06:56: .0c07.ac01 has moved from port Fa0/12 
to port Gi0/1 in vlan 115

The above is from a switch that I've been running 12.0(5)WC3b on for the
last three months.

HTH,

Ben


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jose Celestino
Sent: Thursday, May 23, 2002 6:02 AM
To: [EMAIL PROTECTED]
Subject: Relation between port and interface [7:44804]

So what's the relation between a port and an interface in a

IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU,
MAINTENANCE INTERIM SOFTWARE

when in debug ethernet-controller address.

For instance:

May 23 12:00:00 aaa.bbb.ccc.ddd 622964: 1y9w: 0050.8bd3.f768 has moved
from
port 10 to port 51 in vlan 1
May 23 12:00:00 aaa.bbb.ccc.ddd 622966: 1y9w: 0050.8bd3.f768 has moved
from
port 51 to port 10 in vlan 1
May 23 12:00:00 aaa.bbb.ccc.ddd 622968: 1y9w: 0002.a5e8.d9a1 has moved
from
port 39 to port 51 in vlan 1
May 23 12:00:00 aaa.bbb.ccc.ddd 622970: 1y9w: 0002.a5e8.d9a1 has moved
from
port 51 to port 39 in vlan 1

How can I locate port 39 and port 51 physically on the switch?

Is this int fa0/39 and gi 0/2 ?

-- 
Jose Celestino  SAPO.pt::Systems http://www.sapo.pt
-
Quod licet Iovi non licet bovi.
(What Jove may do, is not permitted to a cow.)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44817t=44804
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Design... Hmmm [7:44417]

[R. Benjamin Kessler]

Ah yes, the financial industry...I'm glad someone else can feel my pain.
I've been consulting in this industry for the last five years and let me
say that I'm not surprised by too much anymore.

I actually had the pleasure of meeting the authors of the Advanced IP
Network Design book when they were writing it.  Our paths in life
crossed because of a CAP case I had open with one of my previous clients
(this is circa 1998).  My knowledge if IP routing (EIGRP specifically)
was greatly enhanced after a couple of days at the white board with
them.

Personally, I don't think you could do an either-or comparison between
their book and the Top-Down Net. Design; it's more of an AND.

If only my client had gained as much from the meeting as I did...

We implemented the short-term band-aids to achieve stability but I
couldn't get them to address the root cause of their problem - a bad
network design...but I digress.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Chuck
Sent: Sunday, May 19, 2002 3:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Network Design... Hmmm [7:44417]

obviously you've never worked in a brokerage firm ;-

my point being that you can get away with a lot, up to a certain point.
When
that point is reached, you can throw hardware and/or bandwidth at the
thing,
and buy some more time. Maybe a lot of time. Or you start over, and do
things right, from the start.

I would suggest that there are special cases even in the most well
designed
and planned networks, where there are islands of chaos.

I agree that there is nothing like having whomever tell you what the
solution is, rather than tell you the problem. We need a T1. We need a
P5
machine. We need more RAM. Whatever. Working for whom I work for these
days,
the answer is always yes, sir. Sign right here ;-


Steve Watson  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I was speaking in general terms. While it is conceivable to build a
 network without customer requirements and (to a degree) it will be
 functional, the network has no room for growth and more than likely
will
 be hard to manage. The buzzwords scalability and efficiency come to
 mind.

 The best place to start (correction the ONLY place to start) is to
 define the customer's requirements (now and for the 18 - 24 months) so
 you design and implement a viable solution that has room to grow.

 I have done, in the past, what you have mentioned below and were met
 with the same frustration you were (inefficiency and network loading
 problems). That's why I tell my customers; don't tell me you need a
T-1
 (nowadays everybody wants a DS3) tell me what will ride this circuit
and
 we will do an analysis of bandwidth to determine what is best...
yada..
 yada.. yada..

 Steve

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
 Chuck
 Sent: Sunday, May 19, 2002 12:22 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Network Design... Hmmm [7:44417]

 Steve Watson  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  This was not a comparison of network design methodologies, it was
mean
  to be humorous (I totally agree with the top down process). The idea
 of
  build a network and they will come simply does not work!


 CL: au contraire, mon ami! I give you the small brokerage firm I used
to
 work for. Filled with unsophisticated users. When I arrived there was
no
 WAN
 and no LAN to speak of - the so called LAN was dictated by the quote
 service
 vendor.

 I put in a real LAN with e-mail. That took off like crazy.

 I put in a real WAN with the branches able to send e-mail to
eachother,
 and
 that took off even crazier.

 I put in an internet connection, and sure there was the usual crap
with
 people checking out the adult entertainment, but you know, I had guys
 who
 could prior to my arrival couldn't tun their computers on going out
and
 finding some realy nice investment sites and services that helped them
 tremendously in their business.

 At the time of my leaving, the LAN./WAM was starting to show signs of
 stress. In the course of my cetification pursuit, I have learned all
the
 things I did wrong. But I gotta say, you have to start someplace, and
it
 remains true that if the facilities exist, the user community will
find
 a
 lot of ways to use those facilities.




 
  The context of the other book was that no network will function
 properly
  if Layer 1 is not designed correctly.
 
  BTW, how many is too many? :-)
 
  Steve
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
 Of
  Priscilla Oppenheimer
  Sent: Saturday, May 18, 2002 2:04 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Network Design... Hmmm [7:44417]
 
  At 08:49 PM 5/17/02, Steve Watson wrote:
  I am reading Priscilla's book Top Down Network Design for the
 second
  time for a refresher and decided to hit the pool after I got home.
 
  Thanks for reading Top-Down Network 

RE: traffic analyzer [7:41327]

[R. Benjamin Kessler]

While we're off-topic (somewhat) -

What are people doing for non-Ethernet traffic analysis?
I'm specifically interested in T1 and V.35 interfaces

I've used Sniffers for this in the past with quite a bit of success however
given the current state of the economy, etc. my current client is interested
in seeing what their options are in this area.

Obvously in the Ethernet Market there's Ethereal, Etherpeek, Network
Instruments, etc.  My preference would be to have the same interface
(assuming it would be GUI...) regardless of the network technology being
analyzed.

I've been spoiled by the distributed sniffer product for remote sniffing
and am looking for similar functionality.

Thanks for the input.

Ben
- Original Message -
From: supernet
To:
Sent: Friday, April 12, 2002 12:42 AM
Subject: traffic analyzer [7:41267]


 Hi Dear Friends,

 I have 1 branch office connected to main office by frame relay. I
 noticed a lot of traffic across this link and would like to find out
 what they are. The problem is I don't have access to the branch office,
 therefore, everything has to be done in main office. I tried sniffer
 pro, etherpeek and anasil but they only allow me to specify a particular
 source IP, not the whole branch office subnet. Is there any other
 software I can use?

 Thanks.
 Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41327t=41327
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: traffic analyzer [7:41343]

[R. Benjamin Kessler]

While we're off-topic (somewhat) -

What are people doing for non-Ethernet traffic analysis?
I'm specifically interested in T1 and V.35 interfaces

I've used Sniffers for this in the past with quite a bit of success however
given the current state of the economy, etc. my current client is interested
in seeing what their options are in this area.

Obvously in the Ethernet Market there's Ethereal, Etherpeek, Network
Instruments, etc.  My preference would be to have the same interface
(assuming it would be GUI...) regardless of the network technology being
analyzed.

I've been spoiled by the distributed sniffer product for remote sniffing
and am looking for similar functionality.

Thanks for the input.

Ben
- Original Message -
From: supernet
To:
Sent: Friday, April 12, 2002 12:42 AM
Subject: traffic analyzer [7:41267]


 Hi Dear Friends,

 I have 1 branch office connected to main office by frame relay. I
 noticed a lot of traffic across this link and would like to find out
 what they are. The problem is I don't have access to the branch office,
 therefore, everything has to be done in main office. I tried sniffer
 pro, etherpeek and anasil but they only allow me to specify a particular
 source IP, not the whole branch office subnet. Is there any other
 software I can use?

 Thanks.
 Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41343t=41343
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Line protocol goes up and down [7:39766]

[R. Benjamin Kessler]

I've seen similar behavior when both ends receive clock but no data passes
end-to-end.  I recently experienced this when the telco didn't have a
cross-connect set right somewhere in the middle of the long-haul ckt.  I saw
that both ends were sending packets (via simple 'show int' counters) but
weren't receiving any.

PPP will try to come up but eventually times-out when it doesn't get
anything back from the remote end.  You can turn-on some debugs to see if
you're having similar problems.

HTH,

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
maamun Murangwa
Sent: Thursday, March 28, 2002 10:05 AM
To: [EMAIL PROTECTED]
Subject: Line protocol goes up and down [7:39766]


Hi,

I'm having a problem with a serial interface line
protocol going up and down every few seconds. All i
can see is the the carrier trasitions increasing, this
is a fiber link, so i presume, there shouldn't be alot
of errors. I have changed the cable, still no luck.
 Telco still says they have run loops and dont see any
thing wrong with the link. I have also changed encap
to PPP, still no luck
Attached is the show interface output


Serial1/5 is up, line protocol is up
  Hardware is M8T-X.21
  Description: Bussiness Systems Ltd
  Internet address is 212.xx.xx.xx/30
  MTU 1500 bytes, BW 1024 Kbit, DLY 2 usec,
 reliability 172/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, crc 16, loopback not set
  Keepalive set (10 sec)
  Last input 00:00:02, output 00:00:02, output hang
never
  Last clearing of show interface counters 04:58:14
  Input queue: 0/75/0 (size/max/drops); Total output
drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max
total/threshold/drops)
 Conversations  0/8/256 (active/max active/max
total)
 Reserved Conversations 0/0 (allocated/max
allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
 208 packets input, 4992 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0
throttles
 3946 input errors, 3059 CRC, 0 frame, 17 overrun,
0 ignored, 870 abort
 5703 packets output, 451522 bytes, 0 underruns
 0 output errors, 0 collisions, 707 interface
resets
 0 output buffer failures, 0 output buffers
swapped out
 707 carrier transitions DCD=up  DSR=up
DTR=up  RTS=up  CTS=up
 --More--
*Mar 28 03:25:33.997 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:28:24.013 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:28:44.025 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:29:34.029 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:29:54.029 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:31:24.037 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:31:26.029 gmt: %LINK-3-UPDOWN: Interface
Serial1/5, changed state to
up
*Mar 28 03:31:54.061 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:32:04.057 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:32:34.065 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:32:44.065 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:33:04.065 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:33:14.065 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:33:34.073 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to down
*Mar 28 03:34:34.081 gmt: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Serial
1/5, changed state to up
*Mar 28 03:34:36.073 gmt: %LINK-3-UPDOWN: Interface
Serial1/5, changed state to
up


Thanx in advance

Maamun

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39774t=39766
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: clock rate [7:38908]

[R. Benjamin Kessler]

1. in FR, when we specify clock rate for 64k, we use clock rate 64000, why
not 64 x 1024 = 65536 ? and for 1.544 mbps, we use 148000, why not 1.544 x
1024 x 1024 ?

This isn't just FR, but any connection that uses T1 signaling.

At 8000 frames/s (these are T1 frames); each frame is composed of 8-bits per
channel (x 24 channels) plus a framing/signaling bit (ESF).

As a result, each DS0 (channel) is 64000 bits/s.

This has nothing to do with the binary calculation of 2**16 which equals
65535.

There is a common confusion between base10 and base2 in the computing
industry - just check any Dell ad; they footnote their definition of GB to
equal a billion bytes (Toshiba does this too - I'm sure there are others)
rather than the 2**30 that we may be used to.

2. in OSPF, when config a loop back interface with address 128.10.10.10/24
and in other router, we can see the rout to 128.10.10.10/32 ?? but if we
config an ethernet interface, it is 128.10.10.10/24, any reason ?? or
simply
the behaviour in OSPF ?

I don't know if this is per the RFC or just Cisco's implementation
(actually, I really don't care...so I haven't bothered to look it up) but
because the router sees the interface as a loopback type (vs. broadcast,
non-broadcast, point-to-point, point-to-multipoint) it knows that there is
only one valid address for that network and advertises the host route.

This causes a classic VLSM/FLSM problem when redistributing to IGRP as the
loopbacks in the OSPF domain become unreachable in the IGRP domain without
taking specific steps to provide reachability.

One method is to manually modify the ospf interface type of the loopback; if
you change it to point-to-point the network configured on the loopback
interface (in your example 128.10.10.0/24) will be advertised in OSPF rather
than the host route.

Another way to handle this is via the default-network command but that
wasn't your question and it has been covered many times on this list so if
you want more info about it check the archives.

HTH,

Ben




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38921t=38908
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Management VLANs? [7:38282]

[R. Benjamin Kessler]

I think Cisco generally recommends that your switch mgmt interface is on a
different VLAN than your regular (read: end-user/server) devices.  This
helps isolate broadcast/multicast traffic so the switch CPU doesn't have to
process it - especially critical in networks where there is a high
percentage of broadcast/multicast traffic.

Additionally, there's a security component to this line of thinking; if you
have an isolated subnet purely for switch management then you can restrict
(at the router) who is allowed into that network; this is in addition to the
various access controls you can employ on the individual switches.

A word of caution though...I wouldn't recommend that you have a single mgmt
VLAN that spanned your entire network unless you work in a really small
shop - this breaks all sorts of rules in the Core-Distribution-Access
religion and can be difficult to manage.

Last note; I've seen a document (but can't place my fingers on it now) that
recommended that you NOT use VLAN # 1 as your mgmt VLAN.  Unfortunately it
didn't elaborate as to why.

HTH,

Ben


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Michael Kelker
Sent: Thursday, March 14, 2002 2:14 PM
To: [EMAIL PROTECTED]
Subject: Management VLANs? [7:38282]


this isn't a direct CCNP cert question, but I was thinking of trying to make
my network infrastructure easier to navigate.  I was thinking of creating a
VLAN on a certain IP scheme and have each piece of equipment have  a virutal
interface on it.

Am I going about this the right way?  How do some of you address this issue?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38296t=38282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 4006 with Sup III [7:37504]

[R. Benjamin Kessler]

I haven't seen the Sup III for Cat4K's yet but I do have a bit of experience
with the L3 cards and am fairly unimpressed.  After working with the 6500's
(with MSFCs) configuring a Cat4K with L3 module certainly seems like a few
steps backwards.  My current client has a couple of Cat4K's with L3 modules
that we'll be replacing this year with 6509's and MSFCs.

Last time I checked (perhaps this is different now) there were only three
different versions of IOS available for the L3 module; to make matters
worse, the code seemed to be written by the same group that writes 8540
code - based-on my personal experiences with the 8540 platform this didn't
give me a high level of comfort.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Daniel Kekai
Sent: Wednesday, March 06, 2002 8:23 PM
To: [EMAIL PROTECTED]
Subject: Cisco 4006 with Sup III [7:37504]


Hello,

Is anyone out there running Cisco 4006's with the new Sup III? If so what
has been your experience with them?

We are interested in using a pair of them as distribution switches with L3
capabilities to run OSPF. I know the 4000's had problems with this before so
I was wondering if the new Sup III solved some of the old issues.

Thanks in advance,
Daniel

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37568t=37504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cissps [7:36391]

[R. Benjamin Kessler]

As someone who has achieved both certs, I'd have to voice an objection to
the common myth that the CISSP is on the same level as the CCIE; it's not
even close.

The CISSP is well-known (it was listed in some rag as one of the top ten
certs to get this year), but it is entirely theory.  That in itself isn't
bad; but if I were looking to hire someone for a security position, I would
not hire someone who only had their CISSP; I would also be interested in
something
that certifies them on a particular platform (e.g. Checkpoint CCSE).

I agree with Godswill's statement though If you can't beat them, join
them.
I see a lot more positions requiring a CISSP cert when doing US Gov't work;
but
it seems to be moving more into the mainstream.  I think it's kinda like the
CCNA
three or so years ago; not too many people had it so it was worth $$.  Now
that a lot
of people have the CCNA, it doesn't open as many doors as it used to (and
the $$ aren't
there either) - it won't be too long before the CISSP is in a similar boat;
then there will
be some other cert that everyone has to get...

You gotta love this industry :)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Godswill Oletu
Sent: Monday, February 25, 2002 11:57 AM
To: [EMAIL PROTECTED]
Subject: Re: Cissps [7:36391]


Though it is a paper and ink certification, it seems to be the Security
certification most recruiters know off. If you can't beat them join them. I
have not seem any recruiter naming CSS1 or stuff like that, though that
might be because it is relatively new, however they do not even give the
CCNP+Security specialist good exposure.

Many also consider the CISSP as the security equavilant of CCIE, I really do
not seem the similarities or where both of them have a tie.

Enjoy.
Godswill Oletu

- Original Message -
From: Chris Sweeting
To:
Sent: Monday, February 25, 2002 8:52 AM
Subject: Cissps [7:36391]


 Is Cissp worth getting?
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36426t=36391
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Secondary ip address and ip helper-address [7:35533]

[R. Benjamin Kessler]

flip-flop your primary and secondary addresses on the hub router:

interface Ethernet0
 ip address 192.168.1.1 255.255.255.0 secondary
 ip address 192.168.13.1 255.255.255.0
 ip helper-address 192.168.12.17

This will let the old 192.168.1.x addresses age-out gracefully while
assigning new addresses from the 192.168.13.x range.

I'm assuming here that your DHCP server is configured to pass-out addresses
from 192.168.13.x.

You were having the problem because the router helpers the DHCP request
using its primary address

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
J-B
Sent: Friday, February 15, 2002 1:50 PM
To: [EMAIL PROTECTED]
Subject: Re: Secondary ip address and ip helper-address [7:35533]


I have done what you just mentioned(everything works except DHCP), the range
that needs to be pass out is the new range which is related to the new ip
secondary address. The user in Hub site(current ip layout is 192.168.1.0)
should get an ip address for the new layout(192.168.13.0)
Steven A. Ridder  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 As a test, statically configure a client to be on the 192.168.2.0 network
 with correct gateway info, mask, etc. Then 1, try pinging the server and
see
 if that works, and two, change config to dhcp then.  What range is the
dhcp
 server supposed to be passing out, the secondary addresses range, because
it
 won't work either.  The DHCP server must pass out the primary address
range
 because that's where the packet is coming from.

 --
 RFC 1149 Compliant.

 J-B  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Well the clients have not ip address, what we are doing is remove all ip
  address from the clients and enable DHCP
  Steven A. Ridder  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I bet the clients are on the new secondary networks?   Is that true,
  because
   if so, ip helper only works on the primary interface's address and not
 on
   the clients on the secondary network.  It won't pick up the secondary
   networks broadcasts.
  
   --
   RFC 1149 Compliant.
  
   J-B  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Team,
I have the following problem:
   
Our network has 10 sites, I am in the process of readdressing
current
network. I have setup secondary ip address on every site, At the
 present
time I am setting up a wk2000 dhcp/win server in one site. The
problem
  is
that I am not able to obtain ip address from the DHCP server via the
  WAN,
   it
works fine in the site where it is locate. The layout is the
 following:
   
Hub site
   
interface Ethernet0
 ip address 192.168.13.1 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 192.168.12.17
 ip directed-broadcast
 no cdp enable
   
interface Serial0
 no ip address
 ip directed-broadcast
 encapsulation frame-relay IETF
 no ip mroute-cache
 frame-relay lmi-type ansi
   
interface Serial0.3 point-to-point
 description Spoke site
 bandwidth 384
 ip unnumbered Ethernet0
 ip helper-address 192.168.12.17
 ip directed-broadcast
 frame-relay interface-dlci 26
   
Spoke site
   
interface Ethernet0
 ip address 192.168.12.1 255.255.255.0 secondary
 ip address 192.168.2.1 255.255.255.0
   
interface Serial0
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
 description connection to Hub
 ip unnumbered Ethernet0
 bandwidth 384
 frame-relay interface-dlci 16
!
   
The ip address of the DHCP sever is 192.168.12.17
   
Be aware that I have not problem pinging to the DHCP server from the
 Hub
site.
   
Team, what I am doing wrong
 here...HELP
   
   
Thanks (nothing can replace experiencewo)
   
   
JB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=35548t=35533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Off Topic - CCIE LAB and NDA [7:34244]

[R. Benjamin Kessler]

We could debate the TR vs. Ethernet thing 'till the cows come home

Are there any new Token-Ring networks being deployed?  Probably not.

Unfortunately, there are still a TON of Token-Ring networks in use.  Lately,
I've seen these in financial settings mostly.  I know of one brokerage
company (who shall remain anonymous) that recently moved some legacy
AS/400's from one location to another and had to update a bunch of DLSw
peering statements (~200) so a customer contact database application still
worked.

The Financial industry (banks, brokerages, etc.) is notorious for using
really old technology.

Anyone ever see how ATM (Automatic Teller Machine) networks are built?
There are a lot of them still running on analog multi-drop 4.8K lines.

Some of the on-line brokerages send their orders via old bi-synch or x.25
technology rather than the various IP-based methods available (don't believe
all the commercials you see to the contrary).

What are the chances that a CCIE candidate will see Token-Ring in a
production network?  I guess it depends on the industry they work in.  Up
until a year ago CCIE candidates needed to know AppleTalk for the lab; I
would bet that the percentage of engineers who have to support
TR/DLSw/Bridging in their regular jobs is quite a bit higher than those who
support AppleTalk networks. (sorry Priscilla :)

Cisco may remove TR at some point just as they did with AT and DECNet, etc.
but for now it's on the test so buck-up and learn it :)

My $0.02

Ben


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Sunday, February 03, 2002 8:19 PM
To: [EMAIL PROTECTED]
Subject: Re: Off Topic - CCIE LAB and NDA [7:34244]


Token Ring is still on the written because Cisco doesn't seem to have the
resources to update the test??

Is it still on the lab? (Or can't you tell me because of NDA?) ;-)

I haven't run into a Token Ring shop that wasn't planning to update to
Ethernet in a long time. But that planning to update can take years..

Priscilla

At 12:32 AM 2/3/02, Chuck Larrieu wrote:
before I shut down for the evening, a few random thoughts on the CCIE Lab
and NDA. Inspired by several posts here of late from persons asking about
topology, IOS versions, or speaking of rumors about equipment changes.

1) It is unclear what really constitutes NDA. Caslow? The ECP1 class? NLI's
practice labs? Caslow's new prep class? Cisco's own ASET lab? All of these
could be considered violations of NDA in many ways, from topic content to
lab topology. Cisco's own ASET program used real but retired CCIE labs.

2) what is it Cisco really considers CCIE level skill? In the past, things
like DecNet, Apollo, and Vines were core topics. Cisco has recently dropped
those, plus ATM LANE, presumably in response to market conditions. Which
leads one to ask - why token ring? The only real world token ring project I
have been involved with the past couple of years is ripping them out and
replacing them with ethernet. The apologia that there are still some major
token ring networks around is a bit lame. There are still some major DecNet
networks around, I'm sure. Until very recently ( and maybe they still
are ),
a major utility company out this way was still running Vines. As was the
U.S
Navy.

3) Is the CCIE a forward looking certification or not? Based on what I am
seeing in the marketplace, the advanced skill levels that one needs to meet
demand center around VPN, VoIP, wireless, security, and the underlying
infrastructure required to support these technologies. that means lots of
QoS, switching, L2-L3 interaction, ATM, giga-whatever, etc.

I would purely love to see discussed good focused discussion on core
competencies, core issues. But there is that awful specter of NDA that
hangs
over all of our heads.

In a very strange way, NDA is kinda like Santa Claus and the Easter Bunny.
We all know what's in the Lab. We all know what study materials are
designed
to model the Lab. But we don't dare speak the truth in front of the
children
( those who haven't been yet ) for fear that some higher authority will
trou
nce on us if we do.

I'm not sure if there is a real point to this message. Maybe what I want to
say to all of those who keep asking about Lab equipment, Lab topology, Lab
IOS versions, and the like, is that understanding of the core topics is the
most important thing. If you have them down cold, the equipment and the
topology will not matter.

I'd like to comment on the rumor about changes in the equipment, but that
damn NDA.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34333t=34244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX over IPSec Tunnel - mystery solved?!?!? [7:34231]

[R. Benjamin Kessler]

hope your customer isn't a subscriber to this list :)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Chuck Larrieu
Sent: Saturday, February 02, 2002 6:20 PM
To: [EMAIL PROTECTED]
Subject: IPX over IPSec Tunnel - mystery solved?!?!? [7:34231]


It's been a while, so let me restate the problem.

R1--internet---R2--ethernet---R3---frame_relayre
st of network
   |-IPsec_tunnel---|
  IPX encapsulated

IPX RIP |  |-IPX
EIGRP---|

hope this makes sense.

all routers are seeing all servers and all routes.

However, the IPX client workstation cannot see or log on to a server located
somewhere in the EIGRP domain.

I had been blowing off the customer, telling him it was a workstation / NIC
problem. He finally got ticked at me, and I finally went on site to see what
I can see. Note - I am in sales, not implementation. The implementation
people closed the project once they saw all IPX routes on the R1 router.

So I arrive on site, and find that IPX pinging is not properly working. R1
can IPX ping to R2, but not to R3, or anywhere else in the IPX EIGRP domain
and visa versa. HHHmmm.. IPX routes are showing up
everywhere. IPX servers show up everywhere. debug IPX routing shows routing
exchanges taking place. But IPX ping fails from the IPX RIP domain into the
IPX EIGRP domain and back. Got a clue?

I didn't, so I opened a TAC case.

Let me add that R1 and R2 are 827 routers with IP/IPX/IPSec IOS images. R3
and the rest of the network are 1720 routers with desktop images.

Cisco's answer, given in an offhand manner after reviewing my configs, blew
me away. I can come up with no rationale as to why their solution worked.
But here it is:

add the statement no ipx route-cache to the tunnel interfaces of the
827's. One of my pals in implementation telneted in, did so, and told me
that IPX ping was now working fine from every place to every other place in
the network.

Cisco TAC told me that it sounded like a problem with fast cache Huh?

What further puzzles me is that I cannot duplicate the issue here in my own
lab. IPX pinging works just fine from the RIP domain to the EIGRP domain
across the IPsec tunnel. 25xx routers all, with more or less the same IOS
versions.

Well, this one has been fun. chalk up another one to the vagaries of the
bloatware that the IOS is becoming/has become.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34236t=34231
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Question [7:34222]

[R. Benjamin Kessler]

Re your questions:

1 - I think you are correct.  In the past candidates were required to
configure the F/R switch but I believe this is done for you now.  Whether or
not you have any access to it is another question...I would have to assume
no but I won't know for sure for another 7 days :)

2 - IS-IS routing is one of the topics you may see in the CCIE lab; CLNS
routing and other OSI networking protocols are not part of the exam any
longer but knowing IS-IS requires at least a basic understanding of CLNS
topics (e.g. the NET for one).

HTH,

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Darrell Newcomb
Sent: Saturday, February 02, 2002 4:31 PM
To: [EMAIL PROTECTED]
Subject: CCIE Lab Question [7:34222]


My subscription to the lab mailing list hasn't gone through yet so I
figured I should post this question here.  We know that in preparation
most folks use various products to emulate a Frame Relay switch.  Cisco
also details the questions I have about FR, but in regards to ATM.
http://www.cisco.com/warp/customer/625/ccie/certifications/ATM_FAQs.html

1)It is my understanding that in the lab any FR switch will be an
external device not to be configured by the candidate.  Just like item 1
in the above URL explains about ATM.  Is this correct?

2)Is IS-IS included in the CCIE Lab or does the removal of CLNS stated
from
http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#43
mean that CLNS is so far out of coverage that it can't be used as local
L2 transport for ISIS.

Thanks in advance for your input,
Darrell
http://www.hayaitacos.net/ccie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34225t=34222
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show MAC and in-lost [7:34100]

[R. Benjamin Kessler]

I'm guessing duplex-mismatch problem.  Your in-lost packets are equal to
your Rcv-Err, I would read this as the switch saw an incoming packet but it
was malformed and threw it away.

Generally when I see a switch configured for 100/full and incrementing runts
and FCS errors it means the device on the other end is running half-duplex.

Hope this helps.

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Buri, Heather L.
Sent: Friday, February 01, 2002 1:04 PM
To: [EMAIL PROTECTED]
Subject: show MAC and in-lost [7:34100]


Hi all,

I am troubleshooting a couple of servers which users say they are losing
access to intermittently.  I am seeing increasing Rcv-errors on the
switch ports and a direct correlation on the In-lost on the show mac
command.

Instinctively, I would think this means that the errors are being
received on the switch port from the NIC.  According to Cisco's website,
the in-lost errors are caused by an excessive input rate of traffic to
the switch port.  Which sounds like the switch port is not able to
buffer all the information it is receiving.  Is there a way to see the
buffers on a switch port?  I know you can in a router but I don't see a
command to do this on the switch.

Here is a snippet of what I am seeing.  (Keep in mind,  I am not even
sure this is the cause of the problem the users are experiencing but
this is the only unusual item I am seeing.)

12:00  Feb 2, 2002

hodcsan1 (enable) sh port 2/8
Port  Name   Status Vlan   Level  Duplex Speed Type
- -- -- -- -- -- -

 2/8  HOEXMB1 87.140 connected  1  normal   full   100
10/100BaseTX

Port  AuxiliaryVlan AuxVlan-Status
- - --
 2/8  none  none


Port  Security Violation Shutdown-Time Age-Time Max-Addr Trap
IfIndex
-  - -   
---
 2/8  disabled  shutdown 001 disabled
18

Port  Num-Addr Secure-Src-Addr   Age-Left Last-Src-Addr
Shutdown/Time-Left
-  -  -
--
 2/8 0 -- --
-

Port  Status Channel  Admin Ch
 Mode Group Id
- --  - -
 2/8  connected  off 30 0

Port  Align-Err  FCS-ErrXmit-Err   Rcv-ErrUnderSize
- -- -- -- -- -
 2/8   -  6  0 20 0

Port  Single-Col Multi-Coll Late-Coll  Excess-Col Carri-Sen Runts
Giants
- -- -- -- -- - -
-
 2/8   0  0  0  0 014
0

hodcsan1 (enable) sh port 2/11
Port  Name   Status Vlan   Level  Duplex Speed Type
- -- -- -- -- -- -

 2/11 HOEXMB3 87.144 connected  1  normal   full   100
10/100BaseTX

Port  AuxiliaryVlan AuxVlan-Status
- - --
 2/11 none  none


Port  Security Violation Shutdown-Time Age-Time Max-Addr Trap
IfIndex
-  - -   
---
 2/11 disabled  shutdown 001 disabled
21

Port  Num-Addr Secure-Src-Addr   Age-Left Last-Src-Addr
Shutdown/Time-Left
-  -  -
--
 2/110 -- --
-

Port  Status Channel  Admin Ch
 Mode Group Id
- --  - -
 2/11 connected  off 30 0

Port  Align-Err  FCS-ErrXmit-Err   Rcv-ErrUnderSize
- -- -- -- -- -
 2/11  -  9  0 24 0

Port  Single-Col Multi-Coll Late-Coll  Excess-Col Carri-Sen Runts
Giants
- -- -- -- -- - -
-
 2/11  0  0  0  0 015
0

Last-Time-Cleared
--
Fri Feb 1 2002, 09:56:38
hodcsan1 (enable)
hodcsan1 (enable) sh port 2/16
Port  Name   Status Vlan   Level  Duplex Speed Type
- -- -- -- -- -- -

 2/16 HOEXPF1 87.152 connected  1  normal   full   100
10/100BaseTX

Port  AuxiliaryVlan AuxVlan-Status
- - --
 2/16 none  none


Port  Security Violation Shutdown-Time Age-Time Max-Addr Trap
IfIndex
-  - -   
---
 2/16 disabled  shutdown 001 disabled
26

Port  Num-Addr Secure-Src-Addr   Age-Left Last-Src-Addr

RE: whats the diff [7:32819]

[R. Benjamin Kessler]

Can I ask why you're buying 7204's vs. 7206's?  I don't think the cost
difference between the two is that great and you get 50% more slots - not to
sound like a sales guy or anything.

At any rate, my take on the VXR vs. non-VXR thing.  The 'regular' 7200's
were the first edition of the product line.  The VXRs are the new, latest
and greatest.  I don't think you can put anything faster than a NPE-225 in
a non-VXR chassis; so to get the performance boost of an NPE-300 or 400
you'll need to go with the VXR chassis.

Taking a quick look at the price list (an old one at that) I don't see the
non-VXR chassis listed as an option for the 7204.  You used to be able to
buy a 7202 but that doesn't seem to be offered anymore either.

The on-line docs talk specifically about the MIX interconnects in the
mid-plane of the VXR chassis; this is basically for TDM and/or voice
applications.  I think the bigger kicker is the support for the faster NPEs.

http://cco.cisco.com/univercd/cc/td/doc/pcat/7200.htm#xtocid4

Of all the 7200's I've seen in production, they've all be 06's and VXRs
except for two non-VXR 7206's that my client is looking to upgrade this
year.

Last note, there are a few less popular port adapters that aren't supported
in the VXR chassis (a full-duplex T/R port adapter for one); I believe for
all of those (and there's not many) PAs not supported by VXRs there are
other modules that serve a similar purpose which are supported.  So this
should only bite you if you have a stock of existing PAs that you want to
put into the new chassis.

Have fun.

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Richard Tufaro
Sent: Tuesday, January 22, 2002 10:13 AM
To: [EMAIL PROTECTED]
Subject: whats the diff [7:32819]


Whats the Diff between an Cisco 7204 and an 7204VXR. I can't seem to find it
anywhere. When you do the config maker on Cisco's site they make you choose
that one as the only option for the 7204. Are they the same thing. According
to the docs, there ate 3 prod #'s. Cisco7204-DC, Cisco7204-CH and
Cisco7204VXR.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32830t=32819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dialer idle-timeout [7:32740]

[R. Benjamin Kessler]

dialer-watch will do this as well; it basically removes the interesting
traffic requirement.

To answer what I think is your original question - with basic ppp dial-in if
one side is set to an idle-timeout of 60 seconds and the other set to 600,
if the router with the 60-second timeout doesn't see any interesting traffic
within the minute, it will tear-down the call.

That is why you generally want to make sure that you define the same traffic
as interesting on both sides and make sure that the idle-timeout matches
(when dialing router-to-router).

Obviously, Windoze machines don't have an interesting traffic parameter
but I think you can set a timeout if the connection is idle for some period
of time.

I've seen a lot of dial-up users start a background ping (i.e. minimized DOS
box with a ping x.x.x.x -t running) if they want to camp on a dial-up
line.  That is until ping becomes uninteresting.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Erick B.
Sent: Monday, January 21, 2002 4:04 PM
To: [EMAIL PROTECTED]
Subject: Re: Dialer idle-timeout [7:32740]


Hi,

12.2(4)T has a new feature called 'dialer persistant'
which keeps a ISDN line up no matter what.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
t/122t4/ftdperst.htm

--- Gaz  wrote:
 I would have thought by definition, if they're not
 sending or receiving
 traffic, then  no, but am open to correction.
 What sort of override do you mean. Do you mean
 something as simple as
 setting outlook express to poll for new mail every 4
 minutes, or a script to
 ping every 4 minutes, or something more permanent?

 Gaz


 kevhed  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi all,
 
  I have a 3640 as a RAS box for remote dial-in
 users and have the dialer
  idle-timeout set for 5 minutes (eitherbound).  My
 question is, does anyone
  know of a way that a user can override that 5
 minute dialer idle-timeout
  window and keep his/her connection up
 indefinitely, assuming that the
 person
  is not sending or rcv'ing any traffic?
 
  Regards,
 
  Kevin
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32766t=32740
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS Recommendation [7:32532]

[R. Benjamin Kessler]

The only way I've seen Cisco recommend any one version of IOS/CatOS over
another is 1) for customers with an open P1 case (that has been open for
quite a while, escalated to the Nth degree, etc.) where moving to a
different version of code would resolve particular known issues that they
are facing; or 2) paying for an NSA agreement (big $$ over and above
SmartNet).

I've also gotten several recommendations from 1st level TAC to upgrade to
the latest and greatest but I usually ignore these suggestions.

My current client calls this process finding the 'least offensive' version
of code.

Doing a bug scrub can be quite labor-intensive and unfortunately as
Joe-Customer, I'm not able to see all of the open bugs - some are
Cisco-internal.  I only found that out when I had an open TAC case and the
engineer referenced a bug that I couldn't pull up in the bug navigator.

Fortunately, my current client runs the network that Noah built - i.e. two
of everything; as such I'm usually able to upgrade one of the devices and
wait some period of time to see of anything goes wrong before upgrading the
other.  Obviously not a foolproof method...but, what can you do.

I also refrain from using code that hasn't been given time to age several
weeks (at a minimum); I figure the chance of a bug being known is higher on
code that is 6 weeks old  than it is on code 6 days old.  I've already
identified a few bugs for Cisco, I'm more than happy to spread this
experience to others who haven't had the opportunity.

If anyone has better ideas I'd love to hear them.

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Richard Tufaro
Sent: Friday, January 18, 2002 3:45 PM
To: [EMAIL PROTECTED]
Subject: IOS Recommendation [7:32532]


Anyone know where on Cisco's site there is a place to recommend an image
for IOS upgrade?

Richard Tufaro - MCSE - GSEC- CCNA
Network Engineer - Anda Inc.
[EMAIL PROTECTED]
MSN IM - [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32590t=32532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Blues [7:32440]

[R. Benjamin Kessler]

Scott, I'm in a similar spot regarding both the calendar and mental state.

Let me preface this by saying that I've not (yet) attended the 1-day lab and
thus can't be accused of breaking NDA.  For what it's worth, these are the
operating assumptions I'm using to prepare for my 1st attempt at the 1-day
lab.  These may or may not be anywhere close to what is contained in the
actual lab but I would say that anyone who confirms or dispels my
assumptions would be breaking NDA so you probably won't get a real answer.

I agree with Brad's comments that you shouldn't be worried with these
issues but depending on your study/prep style some people prefer to make
checklists of topics/issues to run through.

In addition, I feel that getting mentally prepared will help you with issue
spotting (ala Mr. Caslow).

Without further delay, here are my thoughts on the subject (perhaps worth
the $0.02...who knows):

### What I'm assuming will be configured/setup:
- Physical cabling
- Access-Server configuration (complete)
- Frame-Relay switch configuration (complete)
- IP addressing on all LAN interfaces
- IP addressing on most WAN/Dial interfaces
- IP addressing on most Loopback interfaces
- Cat IP address(es)

### What may be configured (but maybe not depending on the lab scenario):
- Cat default gateway (unless a dynamic solution is required)
- ISDN SPIDs
- Frame-Relay sub-interfaces (if required)
- IP addressing on some F/R interfaces (e.g. main S0 frame interface)
- VLANs defined (some)
- Ports assigned to VLANs (some)
- Simple routing protocol stuff (e.g. RIP on a stub router)

### Simple L1-3 stuff that will probably be left unconfigured (because of
the problems that can be caused and/or multiple config. options that 'work'
where only one is 'right'):
- IP addressing on key loopback interfaces (e.g. routers involved in Virt.
Links, etc.)
- Frame-Relay address mapping
- Dialer maps / dialer string
- Datalink encapsulation (PPP, Frame, HDLC, Ethernet trunking, E-net frame
types)
- Tunnels
- NAT
- Bridging
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: reverse-telnet info [7:32518]

[R. Benjamin Kessler]

Yes, and do an atdt5551212 to dial-out...pretty cool stuff (see below).

I setup some 3640's a while back as out-of-band management for a client's
different data center locations.  It was a bit over-engineered (read: $$,
see my note on WICs below) but highly-available - thus would provide
connectivity in almost any foreseeable outage.

Really quick, there were three sites, each with redundant L2 backbone
segments.  Each 3640 had a dual-port Ethernet - one connecting to each
backbone segment, the 8-port analog modem card and a 32-port async module.

I configured a loopback interface and advertised it into EIGRP (denying
everything else of course, so the term-server didn't become a transit path);
and pointed DNS at the loopback interfaces.

I had the electricians wire-up some back-to-back patch panels so I could
take the octopus cables from the A/S module and plug them in one side and
use regular patch cables from the other side to the managed device.  (I've
since seen a company that sells a patch panel with a scsi cable out the
back to connect to the A/S port - a more elegant solution).

I convinced the phone guys to give me a few analog lines to connect to each
term svr and was in business.

For added flair, I setup an autocommand menu system so when people connected
(via Telnet or modem) they would be given a menu that simplified the reverse
telnet process.  Throw in a little TACACS for good measure.

What I thought was really sweet (getting back to the original topic) - I
took one of my extra data ports at my desk and connected my roll-over
cable to it.  I patched back through the structured cabling to the console
port on the Term Svrs in the location I worked so I could have full-time
connectivity OOB to all network gear in my location thus permanently
avoiding the laptop drag.

In addition, I was able to dial out through the Analog Modem card to the
Term Svrs in the other locations as well as any of the remote routers in the
field (~200).  This was really helpful for remote support from home. :)

The thing I didn't like about it was that it didn't come in a smaller
package.  What I'd really like to see is a WIC adapter that was a 1 or
2-port analog modem or better yet, make the AUX port on the access-level
routers an analog modem capable - it can't cost that much.  I obviously
didn't need eight analog ports for each router on this project but at the
time (late 2000) that was what I had to work with.  If WICs were an option,
I would have been able to do this same thing with 2600's - huge cost
difference vs. the 3640's!

Anyway, have fun.

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
NetEng
Sent: Friday, January 18, 2002 1:34 PM
To: [EMAIL PROTECTED]
Subject: reverse-telnet info [7:32518]


Is it possible to do reverse-telnet with an 8-AM card?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32526t=32518
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 6509 cards hot swapable? [7:32288]

[R. Benjamin Kessler]

Yes, even the Sup if you have two of them :)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
George Dodds
Sent: Thursday, January 17, 2002 9:08 AM
To: [EMAIL PROTECTED]
Subject: 6509 cards hot swapable? [7:32288]


Are 6509 cards hot swapable or does the box need
powered down.

Cheers

George

=
George Dodds

CCNA, MCP

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32296t=32288
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: First Impressions - CCIE Practical Studies [7:32237]

[R. Benjamin Kessler]

I have a couple of nit-picky complaints about the book (as I do about
almost every book I read).  There are some typo's as a previous poster
indicated.  One of my biggest pet peeves is the use of the term continuous
when the author (probably) means contiguous - one sees this most often
when discussing OSPF.  Note, this book isn't unique in this mis-use of the
term; there are many CCO documents that also make this error.  I'm
assuming that this is the product of a spell-checker that didn't know the
term contiguous, suggested continuous and someone hit replace all.  Before
the flame-war starts, I know that these two words have *similar* meanings
but in this case I - my personal opinion - think that contiguous is 'more
right' - besides, it's the term used in the RFC.

Since I'm picking nits; the author indicates that the OSPF process ID on a
router should be thought of as an Autonomous System ID.  This number should
be the same on all routers within the autonomous system.  Per CCO, this is
a locally significant setting used only to distinguish between multiple OSPF
routing process on a particular router.  If we were to apply the RFC2119
definition of should to this statement one might think that certain
problems may occur if this practice wasn't followed.  I don't believe this
to be the case but I'm sure someone on the list will correct me if I'm
wrong.  There's nothing wrong with using the same process ID on all of your
OSPF routers; I would guess that networks are configured that way more often
than not; but isn't a requirement.  Given that the lab exam is all about
splitting hairs to the most minute detail and knowing the various protocols
in depth, it probably should have been noted (as in other texts) that two
adjacent routers can have different process IDs configured.

There are some outright mistakes in the book - I just checked the CiscoPress
site for an errata and didn't see one yet.  Here one that I recall off the
top of my head:

EIGRP - (p.691) at the bottom of the page, the 'distance' command.
- this is almost a direct copy/paste from the IGRP chapter; does not include
the required information to change the admin distance of the EIGRP routing
process (which requires both an internal and external distance); it only
lists the syntax to change the distance of a specific neighbor's updates.  I
find it funny that the EIGRP chapter says For a specific example and more
practice with the 'distance' command, see the IGRP chapter.  When you look
at the IGRP chapter, it uses the same sentence to point you to the RIP
chapter.

Anyone who has walked into an EIGRP network with multiple, unfiltered
redistribution points into a RIP domain will know first-hand the importance
of knowing how a router handles internal vs. external EIGRP routes.

Additionally, I thought the section on PPP authentication could have used
some more work on the one-way authentication options (both PAP and CHAP).

Bottom-line, this seems to be a well written book; it gives you some good
examples and labs to work on your own, etc.  It won't replace any of the
other must haves on the bookshelf (e.g. Doyle, Caslow, Thomas, etc.) and
unfortunately, (as it seems with all of the books published these days) you
have to play 'reporter' and verify the information in the book with some
other source (CCO, RFCs, other texts) - this is a topic I could rant on for
quite some time (considering the $thousands - literally - I've spent on
training materials which contain errors).

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 7:18 PM
To: [EMAIL PROTECTED]
Subject: OT: First Impressions - CCIE Practical Studies [7:32237]


Just got my copy.

Reading the About the Authors section alone is impressive. All those
associated with the book are CCIE's. I look forward to discovering if there
are any errors in the book. One would hope not, given the credentials of the
writers and reviewers, one of whom was the Halifax Lab Proctor for several
years.

So far I have browsed all of the first chapter The Key Components for
Modeling an Internetwork

This chapter covers in good detail all those basic questions - the config
register, configuring a router as a frame switch, password recovery, show
and debug ( called the big show and the big d respectively, throughout
the book. ) building a terminal server, and much much more. This alone tells
me that this book might be a good investment for those just starting out, as
well as those prepping for the CCIE Lab. Sure, all of this information is
available elsewhere, but with this book, it is in one place, easily located,
and clearly explained.

There is even a section about configuring networking on windoze computers.
Considering the number of raw beginners who are coming into the
certification process, this is helpful.

I'll have more comments after I have had a chance to look at the good
stuff.

Chuck




Message Posted at:

RE: ISDN PRI in a Server PCI slot? [7:32126]

[R. Benjamin Kessler]

Yes, I think Digi made/makes one.  I have a client that used that for their
remote access (NT RAS) before I installed an AS5300.

I don't have a part number or any experience with them, I just know they
exist.

Sorry I can offer more...

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bruce Williams
Sent: Tuesday, January 15, 2002 11:02 PM
To: [EMAIL PROTECTED]
Subject: OT: ISDN PRI in a Server PCI slot? [7:32126]


Has anyone ever heard of a ISDN PRI module which can be installed in a
server?

Bruce
mailto:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32153t=32126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP neighbor limitations [7:32058]

[R. Benjamin Kessler]

Obviously a high-bandwidth application. :)  What are you installing, a bunch
of ATMs or something?

I'm assuming that the remote routers will be pretty low-end - 2500/2600 at
most.

Of the three options, I'd say if you have to do this, EIGRP would probably
be the best option.  Make sure you design your address space such that you
can take advantage of auto summarization in EIGRP.

With OSPF, the Design Guide on CCO is purposely vague, but I've heard
various Cisco people say you generally want to avoid more than 4-5 areas per
router.  Assuming that the core of the network also includes other
stuff - meaning, these hub routers will connect to other backbone routers,
that leaves us with four OSPF areas for these remote sites with each area
having ~100 routers which seems a bit excessive (especially considering the
supposed low-end routers on the remote side).

How would you do BGP?  I'm assuming that each remote site is only connected
to the hub routers, so would you do a separate BGP AS per remote?  If I'm
understanding this right, it would be (at best) an administrative challenge
at the hub side, manually configuring all of those remote-AS commands.  I
don't know what the practical limit is on the number of remote AS
connections a single router can support.

Bottom line, I don't think I'd want to build a new network with this
configuration.  I'd probably dial-back the horsepower on the hub routers and
add a middle (distribution) layer to aggregate the remotes.  Given the
apparent bandwidth requirements, I'd say that a 3600-series router at the
distribution-layer would be sufficient.  Connect each remote to two
distribution routers and then aggregate all of the distribution routers to
the two hub/core routers - say 7200-series.  I would recommend that you add
to the number of head-end T1's so you can reduce the number of sites per
circuit - say no more than 50 per ckt (still a bit high for my tastes but
probably workable).  If you went with 3620's you probably wouldn't want to
have more than one head-end ckt. per distribution router.  If you're not
interested in having that many distribution routers then you'll need to
bump-up the horsepower and we're back to the how many EIGRP neighbors per
router question.

Well, I've blathered too long.  Hope this helps.

Ben


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Robertson, Douglas
Sent: Wednesday, January 16, 2002 7:31 AM
To: [EMAIL PROTECTED]
Subject: RE: EIGRP neighbor limitations [7:32058]


This is actually for a practical issue, I have a customer that wants to
implement +-400 remote sites connected with redundancy to two core routers.
Each router will have three T1's and the 400 sites will be split between the
three T1's. This still brings the EIGRP to +-133 EIGRP neighbors per
interface and 400 neighbors per router. The customer wants to run EIGRP. I
am asking this question to determine if this will be an issue and to find
documentation to back this up. The alternative would be to run OSPF or BGP
but I need backup info to get the customer to change.

Thanks Doug

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 15, 2002 4:49 PM
To: [EMAIL PROTECTED]
Subject: Re: EIGRP neighbor limitations [7:32058]


I don't know about a hard limit but me thinks you'll hit the practical
limit first anyway:)  Is this an acedemic question???

  Dave

Robertson, Douglas wrote:

 Does anyone know of limitation in the amount of EIGRP neighbors on a
router.
 If there is,  is this a limitation per physical interface or a limitation
 per router. I found a document on CCO a couple of months ago that
mentioned
 these limits but I have now searched and searched but cannot find that
 document again.

 Appreciate any input

 D. Robertson
--
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32162t=32058
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Summarization [7:32035]

[R. Benjamin Kessler]

David,

Another thing that I wonder about is the remote end; what do those routers
look like?

If  you have something like this:

+-Hub1---Hub3-+
| \ / |
RemoteX-+  X  +-RemoteY
| / \ |
+-Hub2---Hub4-+

You'll probably want to restrict what routes the remote routers can
advertise.

Given the size of your network, it would seem to me that something similar
to the following would be more appropriate (disclaimer here, I know nothing
of your business requirements nor am I looking at $$ as a limiting factor -
which I'm certain it is).  I'm making these basic assessments off the fact
that your network doesn't seem to follow the standard Cisco
Core-Distribution-Access model (yes, I've probably consumed too much of the
Cisco Kool-Aid).

+-Distr1---Hub1---Hub3---Distr3-+
|  |\ /\ /\ /|  |
RegionA-+  | X  X  X |  +-RegionZ
|  |/ \/ \/ \|  |
+-Distr2---Hub2---Hub4---Distr4-+

Within each region you'd have a contiguous block of addresses (both WAN and
LAN segments) you then summarize from the distribution-layer routers to the
hubs.  The hub forward these summary routes to the other hub routers and so
on until they reach the remote routers in the other regions.

Again, I don't know the requirements of your network but if I were starting
with a clean sheet of paper and we wanted to use RFC1918 addresses, I'd
probably consider using the 172.x.x.x space.  Each region could be a
separate /16.  If we define the core as the including all of the hub routers
as well as the networks connecting them to the various distribution routers
and make that the network 172.16.0.0/16 (obviously, there are multiple
subnets needed, but they'd all be summarizable in this major net).  Then
assign a /16 to each region - so RegionA would be 172.17.0.0/16, RegionB
would be 172.18.0.0/16, etc.

Assuming that you have a data center or two, the server farms in these
locations would also connect to the hub routers (ideally behind their own
distribution-layer routers which summarize the address space for the server
farms into the core).

Generally speaking, a design like this will scale into the thousands of
sites - obviously YMMV depending on your requirements.

The key rule to follow here is that the core of the network is optimized to
route packets.  This is not the place to enforce network policy (ACLs, QOS,
manual summarization, etc.).

We all love the network 10.0.0.0/8; it gives us great freedom and allows
networks to be built without concern for addressing efficiency.  There are
some downsides to this though and you've found one.  You've been dealt a
slightly worse hand though because you sandwich 172.x.x.x networks between
10.x.x.x.  I'm going to go out on a limb (kidding) and suggest that your
EIGRP configurations have no auto-summary configured, right?  In the
configuration above, you could allow EIGRP to auto-summarize - you'd
actually prefer it because it would mean that you didn't need to manually
summarize at all.

There are some things you can do to probably make your existing hardware
investment work with the current number of sites but it will require that
you re-address your network to follow something similar to the design I
outlined above just without the separate distribution routers.  If you're
growing like mad you'll want to ensure that you can get funding for the
distribution layer because at some point (if not already) you'll have too
many neighbors on each core router which will spark a whole new set of
problems.

Quickly, on the remote routers, I don't care how big or small the network
is, in a (highly) redundant network I try to make sure that each router only
advertises networks it's responsible for (e.g. directly connected or
down-stream subnets).  With EIGRP one of the easiest ways to do this is with
the distribute-list command.  I try to select a standard ACL number (for
example # 5) across the enterprise and then on each router permit only the
networks we want - in this case, the remote routers would advertise their
directly-connected Ethernet network(s) and maybe a loopback.  This will keep
EIGRP from thinking that the remote router is a possible transit path to all
other networks (especially a problem if you use sub-interfaces on the remote
side).

Well, I could go on and on but I've got to get back to studying.  These are
just some suggestions that have worked for me in the past, I'd be interested
in what others on the list have experienced.

Hope this helps,

Ben


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 15, 2002 5:51 AM
To: [EMAIL PROTECTED]
Subject: RE:Summarization (to Ben Kessler) [7:31975]


Ben, I'm afraid that when I answered your post it was already buried under
tons of other post. I'm sorry, these are the consequences of living in
Europe...:-
Anyway, thanks for your detailed answer, I hope to get more 

RE: NAT Problems with 12.2(5)? RE: Gawd I hate my [7:31999]

[R. Benjamin Kessler]

I can't speak for the 3600's - the latest I have running on them is
12.1(5)T8 but I only have a couple doing NAT and they're configured with
static entries not multiple pools.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kaminski, Shawn G
Sent: Tuesday, January 15, 2002 10:07 AM
To: [EMAIL PROTECTED]
Subject: RE: NAT Problems with 12.2(5)? RE: Gawd I hate my [7:31999]


We are using static NATs, no pooling.

-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 14, 2002 4:24 PM
To: [EMAIL PROTECTED]
Subject: NAT Problems with 12.2(5)? RE: Gawd I hate my life [7:31883]


Does this have anythign to do with the wrong nat pool being used for a given
interface?  Or the use of only one nat pool regardless fo interface?

-Patrick

 Kaminski, Shawn G  01/14/02 03:32PM 
Regarding IOS's, has anyone had any problems with NAT when using 12.2(5)?
Without going into details, we're having some NAT issues and it seems to
have started after upgrading our routers to 12.2(5). CCO doesn't currently
show any NAT problems or bugs with this version.

Shawn K.

-Original Message-
From: Brad Ellis [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 14, 2002 11:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Gawd I hate my life ;-gt; [7:31817]


snip
 Cisco Internetwork Operating System Software
 IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10,  RELEASE
 SOFTWARE (f
snip

dont use IOS 12.(5)T10.  you folks you should be using 12.(5)T9, it has less
bugs in it.

thanks,
-Brad Ellis
CCIE#5796 (RS / Security)
Network Learning Inc
[EMAIL PROTECTED]
used Cisco gear:  www.optsys.net
CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html
Chuck Larrieu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 OK, so I've been doing rack testing for some people who are going to
 be going public Real Soon Now.

 Got some things mocked up. Some of which relate to topics discussed on
this
 forum yesterday and today. I need to check something and issue the
 command show ip prot enter.

 r2#sh ip prot
 % Ambiguous command:  sh ip prot
 r2#

 well, now...

 r2#show ip prot?
 protocol-discovery  protocols

 r2#show ip prot

 so what is show ip protocol-discovery?

 r2#sh ip protocol-discovery ?
   interface  Show for a specific interface
   protocol   Show stats about a pariticula protocol
   stats  Show Stats
   top-n  Show Top-N protocols by bytes
   |  Output modifiers


 OK. so a command I've been using since 11.2 is no longer valid. except
that
 it is on other routers.

 but look - still good on other routers:

 r3#sh ip prot?
 protocols

 r3#sh ip prot


 OK, check CCO, no record of any such command as show ip
 protocol-discovery in any command reference I check. A search of CCO
 for the phrase reveals nothing.

 now what?

 the IOS version in question is:

 r2#sh ver
 Cisco Internetwork Operating System Software
 IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10,  RELEASE
 SOFTWARE (f
 c2)

 sigh. have not run into this before, not in two trips through the lab,
 not on any number of routers and IOS versions, both at home and in
 customer installations.

 Anyone got any clue what show IP protocol-discovery does?

 sheesh.. another good shortcut down the tubes.

 Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32036t=31999
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: show buffers?? clearing totals........ [7:32103]

[R. Benjamin Kessler]

I think you may have to reload the router to reset these counters.  I've
never seen a command to reset these counters and given what you're doing a
reload might be called for anyway to avoid problems (i.e. memory
fragmentation, etc.).

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Scott Nawalaniec
Sent: Tuesday, January 15, 2002 7:12 PM
To: [EMAIL PROTECTED]
Subject: show buffers?? clearing totals [7:32103]


Hello everyone,

I have been looking on Cisco's site for the last hour trying to find a
command to clear the counters on the show buffers command. Does anyone know
how to clear the totals for the hits, misses, trims, created and so forth?

Background Info: I modified the small and middle buffers permanent and min
fields to reduce failures which equals dropped packets. I found a few good
articles on Cisco's site for explanations and possible causes. First time
actually modifying the buffers. =)

[OUTPUT]
Admin_3662#sho buff
Buffer elements:
 499 in free list (500 max allowed)
 293099375 hits, 0 misses, 0 created

Public buffer pools:
Small buffers, 104 bytes (total 100, permanent 100):
 96 in free list (30 min, 150 max allowed)
 314004167 hits, 11608 misses, 13038 trims, 13038 created
 1671 failures (0 no memory)
Middle buffers, 600 bytes (total 50, permanent 50):
 48 in free list (20 min, 150 max allowed)
 31006372 hits, 304 misses, 350 trims, 350 created
 52 failures (0 no memory)
Big buffers, 1524 bytes (total 50, permanent 50):
 50 in free list (5 min, 150 max allowed)
 1071944 hits, 0 misses, 0 trims, 0 created
 0 failures (0 no memory)
VeryBig buffers, 4520 bytes (total 10, permanent 10):
 10 in free list (0 min, 100 max allowed)
 0 hits, 0 misses, 0 trims, 0 created
 0 failures (0 no memory)
Large buffers, 5024 bytes (total 0, permanent 0):
 0 in free list (0 min, 10 max allowed)
 0 hits, 0 misses, 0 trims, 0 created

Thank you for any help.

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32117t=32103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: conditional static route [7:32108]

[R. Benjamin Kessler]

policy routing (using route-maps).

You can specify next-hop and/or which outbound interface to use, etc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Joy Wang
Sent: Tuesday, January 15, 2002 8:25 PM
To: [EMAIL PROTECTED]
Subject: conditional static route [7:32108]


Hi Guys,

Is there a way to setup a static route on a cisco router so that packets
going to the same target get forwarded to different interfaces/addresses
according to the source addresses?

Your help is greatly appriciated.
Joy Wang




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32116t=32108
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gawd I hate my life ;- [7:31817]

[R. Benjamin Kessler]

Chuck,

See my post to the CCIE list from Sat (1/12) titled Re: IGRP Timers

I ran into this too...

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 13, 2002 10:39 PM
To: [EMAIL PROTECTED]
Subject: OT: Gawd I hate my life ;- [7:31817]


OK, so I've been doing rack testing for some people who are going to be
going public Real Soon Now.

Got some things mocked up. Some of which relate to topics discussed on this
forum yesterday and today. I need to check something and issue the command
show ip prot enter.

r2#sh ip prot
% Ambiguous command:  sh ip prot
r2#

well, now...

r2#show ip prot?
protocol-discovery  protocols

r2#show ip prot

so what is show ip protocol-discovery?

r2#sh ip protocol-discovery ?
  interface  Show for a specific interface
  protocol   Show stats about a pariticula protocol
  stats  Show Stats
  top-n  Show Top-N protocols by bytes
  |  Output modifiers


OK. so a command I've been using since 11.2 is no longer valid. except that
it is on other routers.

but look - still good on other routers:

r3#sh ip prot?
protocols

r3#sh ip prot


OK, check CCO, no record of any such command as show ip protocol-discovery
in any command reference I check. A search of CCO for the phrase reveals
nothing.

now what?

the IOS version in question is:

r2#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10,  RELEASE
SOFTWARE (f
c2)

sigh. have not run into this before, not in two trips through the lab, not
on any number of routers and IOS versions, both at home and in customer
installations.

Anyone got any clue what show IP protocol-discovery does?

sheesh.. another good shortcut down the tubes.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31839t=31817
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Gawd I hate my life ;- [7:31847]

[R. Benjamin Kessler]

Chuck,

See my post to the CCIE list from Sat (1/12) titled Re: IGRP Timers

I ran into this too...

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 13, 2002 10:39 PM
To: [EMAIL PROTECTED]
Subject: OT: Gawd I hate my life ;- [7:31817]


OK, so I've been doing rack testing for some people who are going to be
going public Real Soon Now.

Got some things mocked up. Some of which relate to topics discussed on this
forum yesterday and today. I need to check something and issue the command
show ip prot enter.

r2#sh ip prot
% Ambiguous command:  sh ip prot
r2#

well, now...

r2#show ip prot?
protocol-discovery  protocols

r2#show ip prot

so what is show ip protocol-discovery?

r2#sh ip protocol-discovery ?
  interface  Show for a specific interface
  protocol   Show stats about a pariticula protocol
  stats  Show Stats
  top-n  Show Top-N protocols by bytes
  |  Output modifiers


OK. so a command I've been using since 11.2 is no longer valid. except that
it is on other routers.

but look - still good on other routers:

r3#sh ip prot?
protocols

r3#sh ip prot


OK, check CCO, no record of any such command as show ip protocol-discovery
in any command reference I check. A search of CCO for the phrase reveals
nothing.

now what?

the IOS version in question is:

r2#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10,  RELEASE
SOFTWARE (f
c2)

sigh. have not run into this before, not in two trips through the lab, not
on any number of routers and IOS versions, both at home and in customer
installations.

Anyone got any clue what show IP protocol-discovery does?

sheesh.. another good shortcut down the tubes.

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31847t=31847
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT Problems with 12.2(5)? RE: Gawd I hate my [7:31913]

[R. Benjamin Kessler]

What platform?  I was doing a bug search for 7200's and saw several NAT
bugs - some of which are unresolved.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Ramsey
Sent: Monday, January 14, 2002 3:24 PM
To: [EMAIL PROTECTED]
Subject: NAT Problems with 12.2(5)? RE: Gawd I hate my life [7:31883]


Does this have anythign to do with the wrong nat pool being used for a given
interface?  Or the use of only one nat pool regardless fo interface?

-Patrick

 Kaminski, Shawn G  01/14/02 03:32PM 
Regarding IOS's, has anyone had any problems with NAT when using 12.2(5)?
Without going into details, we're having some NAT issues and it seems to
have started after upgrading our routers to 12.2(5). CCO doesn't currently
show any NAT problems or bugs with this version.

Shawn K.

-Original Message-
From: Brad Ellis [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 14, 2002 11:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Gawd I hate my life ;-gt; [7:31817]


snip
 Cisco Internetwork Operating System Software
 IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10,  RELEASE
 SOFTWARE (f
snip

dont use IOS 12.(5)T10.  you folks you should be using 12.(5)T9, it has less
bugs in it.

thanks,
-Brad Ellis
CCIE#5796 (RS / Security)
Network Learning Inc
[EMAIL PROTECTED]
used Cisco gear:  www.optsys.net
CCIE Labs, racks, and classes:  http://www.ccbootcamp.com/quicklinks.html
Chuck Larrieu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 OK, so I've been doing rack testing for some people who are going to
 be going public Real Soon Now.

 Got some things mocked up. Some of which relate to topics discussed on
this
 forum yesterday and today. I need to check something and issue the
 command show ip prot enter.

 r2#sh ip prot
 % Ambiguous command:  sh ip prot
 r2#

 well, now...

 r2#show ip prot?
 protocol-discovery  protocols

 r2#show ip prot

 so what is show ip protocol-discovery?

 r2#sh ip protocol-discovery ?
   interface  Show for a specific interface
   protocol   Show stats about a pariticula protocol
   stats  Show Stats
   top-n  Show Top-N protocols by bytes
   |  Output modifiers


 OK. so a command I've been using since 11.2 is no longer valid. except
that
 it is on other routers.

 but look - still good on other routers:

 r3#sh ip prot?
 protocols

 r3#sh ip prot


 OK, check CCO, no record of any such command as show ip
 protocol-discovery in any command reference I check. A search of CCO
 for the phrase reveals nothing.

 now what?

 the IOS version in question is:

 r2#sh ver
 Cisco Internetwork Operating System Software
 IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10,  RELEASE
 SOFTWARE (f
 c2)

 sigh. have not run into this before, not in two trips through the lab,
 not on any number of routers and IOS versions, both at home and in
 customer installations.

 Anyone got any clue what show IP protocol-discovery does?

 sheesh.. another good shortcut down the tubes.

 Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31913t=31913
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: GBIC ??? [7:31770]

[R. Benjamin Kessler]

Actually, both are fabric-enabled.

In the main 65xx box you have the 32Gb/s backplane (BUS) and now you can
also take advantage of the Switch Fabric to bump your capacity up to
256Gb/s.  Regarding the different 16-port GBIC cards you have three options:

6416 - BUS-only (32Gb/s) - SUP handles all packet forwarding
6516 - BUS and fabric (single fabric attachment) (up to 256Gb/s*) - SUP
handles forwarding by default but an optional daughter card can be added to
upgrade to dCEF.
6816 - fabric only (dual fabric attachments) (256Gb/s) - dCEF only;
integrated daughter card.

Here's a link that talks more about the different options:

http://cco.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/c60ge_ds.htm

Obviously, to take advantage of the switch fabric you need SFMs (Switch
Fabric Modules) in the chassis (two to be redundant).

* I seem to recall when these products were introduced to me by our local
Cisco team someone said that the 6500-series cards (for the 6500-series
chassis, it's a bit confusing - you'd think they could use another number) -
e.g. 6516 listed above - were only capable of doing 128Gb/s because they
were only attached to a single switch fabric and that to do the full 256Gb/s
you'd need the fabric-only cards (the 6800-series modules).  Just looking
really quick, I don't see any docs on CCO that substantiate my memory so if
it matters to you, you might want to ask Cisco - perhaps my memory is
incorrect or I was given bum scoop from our Cisco reps.

Have fun.

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
kenairs
Sent: Sunday, January 13, 2002 9:10 AM
To: [EMAIL PROTECTED]
Subject: GBIC ??? [7:31770]


Hi Group ,
From the cisco cd ,

WS-X6816-GBIC
   16-port fabric-enabled Gigabit Ethernet switching
module. The module has integrated distributed
   forwarding and has dual serial connections to the
switch fabric module. The module requires GBICs. GBICs
   are available in three models (SX, LX/LH, and ZX) and
have an SC-type connector for use with either MMF
   and SMF.

What is mean by the  fabric-enable Gigabit Ethernet switching module  ??
Tks

WS-X6516-GBIC
   16-port Gigabit Ethernet switching module. The module
requires GBICs. GBICs are available in three models
   (SX, LX/LH, and ZX) and have an SC-type connector for
use with either MMF and SMF.


What is the difference between  WS-X6816-GBIC ( fabric-enable ) and
WS-X6516-GBIC ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31785t=31770
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Summarization [7:31766]

[R. Benjamin Kessler]

I've done it with about 100 interfaces on 7513's and didn't see this
problem.  It may be a limitation of the code on the box, memory (as you
indicated), or something else.  Have you been able to rule-out as many
something elses as possible?

What does the network topology look like?  Do you have redundancy in place -
e.g. spoke routers connected to two different hub routers?  Are you getting
a lot of SIAs?  Routes flapping, etc.?  How's the CPU on your RSP's looking?
Free memory?  Buffer misses?

There's a common view that EIGRP works fine and can scale infinitely big
without going through all of the steps that you'd have to go through for a
large-scale OSPF installation.
Obviously, this thought is very wrong.

I'm guessing that you need to do manual summarization on 200 interfaces per
box is because you don't have clearly-defined summarization points in the
network - that's the situation I was in when I had to do it on ~100
interfaces.  For good or ill, EIGRP will work with a bad network design (I'm
speaking from an ideal perspective - please don't be offended, we all have
to things at one time or another that are considered bad) up until a
point.  Beyond that point, it gets really ugly - quickly.

In the network I was working on we had 140 sites connected without problems.
We started adding more offices and by the time we hit 170 the network was
totally unstable.  After several weeks of P1/CAP cases we met with the guys
who write the code and found out what we were doing wrong - they have since
published several CiscoPress books on EIGRP; none existed four years ago :)

You can band-aid a broken network by using a lot of the EIGRP features
(manual summarization, distribute-lists, etc.).  In my case that's exactly
what we did, unfortunately, I was not given the opportunity to correct the
mistakes that required the band-aids.  I have since moved on to new
challenges but that network is still in the same state - four years later.

Anyhow, if you can offer more specifics, I'm sure those of us on the list
would be happy to comment and offer suggestions.  I think that if we can
solve the reason you need to manually summarize on 200 interfaces you'll be
better off down the road.

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 13, 2002 5:02 AM
To: [EMAIL PROTECTED]
Subject: Summarization [7:31766]


Hello folks,
I'm working in a EIGRP enviroment, and I have some questions for you:

Has anyone tried to do a manual route sumarization per interface with more
or less 200 interfaces in a 7500?
I've tried but I'm having a few problems, the summary routes aren't
advertised sufficiently fast to the routers in branch offices.
The summary routes are sometimes marked as possibly down in the routers of
branch offices, sometimes are up and sometimes are down.

Do you know any relationship between memory or cpu (or whatever) of the 7500
and number of interfaces in which you can perform manual summarization?

David




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31787t=31766
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN dialer watch VS floating static routes [7:31609]

[R. Benjamin Kessler]

I agree with Jenny's comments.  I've also used floating-statics for quite
some time to backup frame links.  I was playing around with dialer watch in
the lab this weekend and it does some 'interesting' things...

For one, it seems to do away with the interesting traffic requirement.  If
the main link goes down and any of the routes in the watch list disappear,
the backup link will be brought on-line.

I can think of a couple of reasons why this would be attractive but by the
same token, it could get rather expensive especially if you have large
blocks of time where nothing is going across the line - nights/weekends -
but it's still up.

With the floating static method, you can utilize time-based ACLs to specify
your interesting traffic thus minimizing the impact of a circuit outage over
a weekend for example.

Definitely try them both out in a lab though; I intend to kick the tires of
dialer watch a bit more myself.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, January 13, 2002 6:31 PM
To: [EMAIL PROTECTED]
Subject: Re: ISDN dialer watch VS floating static routes [7:31609]


I have always used floating statics to back up a frame relay network.
Why?
Easy - we're only just migrating to IOS 12.1.  And anyway, this particular
network has been using floating static routes for the last several years
(since *long* before dialer watch was available) - they are flexible, suit
the network topology and design, and they work.  And our support mob are
familiar with them, which is also a useful reason to keep using them.
I'd look more closely at dialer watch for a brand new network or major
redesign, but right now I personally have no good reasons for changing.
YMMV.
JMcL




Charlie
Wehner  To:
[EMAIL PROTECTED]
   Subject: ISDN dialer watch VS floating
static
Sent by: routes
[7:31609]

nobody@groups

tudy.com



11/01/2002
12:49
pm

Please
respond
to

Charlie

Wehner






When configuring an ISDN backup for a frame relay circuit do most people
typically use dialer watch or floating static routes.  In my scenerio,
it's for an eigrp network and a single router.

I've seen the following article on Cisco's website:

http://www.cisco.com/warp/public/123/backup-main.html

However, all things being equal, which one would you use?

Thanks in advance,
Charlie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31809t=31609
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2500 Power Question [7:29869]

[R. Benjamin Kessler]

Per the docs. a 2500 has a *max* draw of 1A @ 110V - YMMV but I'd imagine
that you'll see these boxes pull significantly less than the advertised max
value.

Using the worst case number:

110W/hr * 12hrs = 1320W or 1.32KW

At $0.10/KW Hour it will cost ~ $0.13 per router

Again, this is based off the advertised max draw.  In reality, I'd be
surprised if it cost you much more than $0.50/day to run all four full-time.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lin Mi
Sent: Friday, December 21, 2001 4:55 AM
To: [EMAIL PROTECTED]
Subject: 2500 Power Question [7:29869]


Anyone know how much power a 2500 pulls? I mean how
many kilowatts does it use per hour? How can I tell
how much it will cost to run 4 2500s for 12 hours if
it costs 10 cents per kilowatt-hour.



__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29875t=29869
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Stimulators [7:29787]

[R. Benjamin Kessler]

Even Cisco 2600/3600
routers with ISDN interfaces can simulate the ISDN network, now. Fun stuff!

really?  cool...can you point me to a link with a sample config?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29798t=29787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: That Friday Follies Question... [7:29473]

[R. Benjamin Kessler]

Warning, this is a bit longish...I'd be interested in feedback to see if
anyone agrees/disagrees, finds this at all helpful, etc.  Part of this
exercise is to make sure I've got this straight in my head.

Here's a CCO link that may help:

http://www.cisco.com/warp/public/103/5.html

The scenario you outlined can be examined as a straight IGRP problem
without confusing the issue by redistributing from/to OSPF.

To allow more routes to be advertised in a single update packet, the
designers of IGRP decided to only send the three significant bytes of the
network address.  For Interior links the last three bytes are sent - the
first byte is assumed to match that of the outgoing interface; for Exterior
and System links, only the first three bytes are sent and the last byte is
assumed to be zero.

Regarding the three different portions of update messages (snipped from the
above link):

/Begin SNIP/
Note that an IGRP update message has three portions: interior, system
(meaning this autonomous system but not interior), and exterior. The
interior section is for routes to subnets. Not all subnet information is
included. Only subnets of one network are included. This is the network
associated with the address to which the update is being sent. Normally
updates are broadcast on each interface, so this is simply the network on
which the broadcast is being sent. (Other cases arise for responses to an
IGRP request and point to point IGRP.) Major networks (i.e. non-subnets) are
put into the system portion of the update message unless they are
specifically flagged as exterior.

A network will be flagged as exterior if it was learned from another gateway
and the information arrived in the exterior portion of the update message.
Cisco's implementation also allows the system administrator to declare
specific networks as exterior. Exterior routes are also referred to as
candidate default. They are routes that go to or through gateways that are
considered to be appropriate as defaults, to be used when there is no
explicit route to a destination.
/End SNIP/

Consider the following topology:

   R1-R2-R3-R4-R5

Where the following interfaces are configured:

R1 - Lo0  - 192.168.10.1/28
 E0   - 192.168.10.17/28

R2 - E0   - 192.168.10.18/28
 Lo0  - 192.168.10.33/28
 S0.1 - 192.168.10.49/28

R3 - S0.1 - 192.168.10.50/28
 Lo0  - 192.168.10.65/28
 Lo1  - 192.168.10.99/27
 E0   - 192.168.10.129/27

R4 - E0   - 192.168.10.130/27
 Lo0  - 192.168.10.161/27
 S0.1 - 192.168.10.193/27

R5 - S0.1 - 192.168.10.194/27
 Lo0  - 192.168.10.225/27

All routers are configured as follows:

router IGRP 1
  network 192.168.10.0

Here's the routing tables from R1, R3, and R5.  Obviously, R3 can see and
get to everything but R1 and R5 only see the networks with the matching mask
lengths:

R1#sh ip ro
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

 192.168.10.0/28 is subnetted, 5 subnets
I   192.168.10.64 [100/9076] via 192.168.10.18, 00:00:02, Ethernet0
I   192.168.10.32 [100/1600] via 192.168.10.18, 00:00:02, Ethernet0
I   192.168.10.48 [100/8576] via 192.168.10.18, 00:00:02, Ethernet0
C   192.168.10.0 is directly connected, Loopback0
C   192.168.10.16 is directly connected, Ethernet0
R1#

R3#sh ip ro
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
   U - per-user static route, o - ODR

Gateway of last resort is not set

 192.168.10.0/24 is variably subnetted, 10 subnets, 2 masks
C   192.168.10.96/27 is directly connected, Loopback1
C   192.168.10.64/28 is directly connected, Loopback0
I   192.168.10.32/28 [100/8976] via 192.168.10.49, 00:00:52, Serial0.1
C   192.168.10.48/28 is directly connected, Serial0.1
I   192.168.10.0/28 [100/9076] via 192.168.10.49, 00:00:52, Serial0.1
I   192.168.10.16/28 [100/8576] via 192.168.10.49, 00:00:52, Serial0.1
I   192.168.10.224/27 [100/9076] via 192.168.10.130, 00:00:09, Ethernet0
I   192.168.10.192/27 [100/8576] via 192.168.10.130, 00:00:09, Ethernet0
I   192.168.10.160/27 [100/1600] via 192.168.10.130, 00:00:10, Ethernet0
C   192.168.10.128/27 is directly connected, Ethernet0
I192.168.1.0/24 is possibly down, routing via 192.168.10.130, Ethernet0
R3#

R5#sh ip ro
Codes: C - connected, S - 

RE: STP and Fast Etherchannel / Giga Etherchannel [7:28526]

[R. Benjamin Kessler]

You can implement fast/gigabit EtherChannels in a STP environment.  One of
the benefits to F/GEC is that it can take redundant paths between switches
and make them appear to STP as a single link (thus no blocking).  Don't
believe the hype entirely about the performance benefits.  Because of the
way the traffic is load-shared across the links, you won't get more data
between two hosts across a F/GEC than you would across a single link.

See:

http://www.cisco.com/warp/public/cc/techno/media/lan/ether/channel/prodlit/f
aste_an.htm

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
William
Sent: Saturday, December 08, 2001 12:27 PM
To: [EMAIL PROTECTED]
Subject: STP and Fast Etherchannel / Giga Etherchannel [7:28526]


When running STP, can fast etherchannel or giga etherchannel can't be
implemented??

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28538t=28526
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question about moving PVC's. [7:28062]

[R. Benjamin Kessler]

The ASCII Art didn't come through too well on my e-mail so let me see if I
have this straight...

NY is the hub, PVCs between DLCI's 300 and 301 (CH) and 300 and 302 (SF).

If you want to make CH the hub you'll need to add a PVC between 301 (CH) and
302 (SF); you can then remove the PVC between 300 and 302.  This will move
the hub from NY to CH.  You'll need to contact the provider to have them
build the new PVC (and possibly delete the one that isn't required any more
if you want to remove the one between NY and SF).

Does this answer your question?

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
CiscoG
Sent: Tuesday, December 04, 2001 8:39 AM
To: [EMAIL PROTECTED]
Subject: Question about moving PVC's. [7:28062]


Hey all. I have a question regarding Frame Relay PVC's. Let's use the below
as an example;


   NY (dlci 300)
 |
  /\
(dlci 301)CH   SF (dlci 302)

  In a Hub+Spoke topology, NY is the hub in this example. What I am unclear
of is: is it possible for myself to reconfigure the routers to make CH (dlci
301) the hub and the rest Spokes? Or do I have to call the Frame Relay
provider and have them move the circuits for me???

 Thanks in advance for your help!

-C



This electronic mail transmission contains confidential information intended
only for the person(s) named.  Any use, distribution, copying, or disclosure
by any other person is strictly prohibited.  If you received this
transmission in error, please notify the sender by replying to e-mail and
destroy message.  Opinions, conclusions, and other information in this
message that do not relate to the official business of MARAKON ASSOCIATES
shall be understood to be neither given nor endorsed by the company.  When
addressed to MARAKON clients, any information contained in this e-mail is
subject to the terms and conditions in the governing client contract.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28070t=28062
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Flash Trouble. [7:28069]

[R. Benjamin Kessler]

try using the commands

dir disk0:

and

format disk0:

you'll need to modify the boot string as well - for example:

boot system flash disk0:c7200-io3s-mz.121-5.T8.bin

use the copy tftp disk0: command to get files on the disk.

HTH,

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
NK Sat
Sent: Tuesday, December 04, 2001 9:54 AM
To: [EMAIL PROTECTED]
Subject: Flash Trouble. [7:28069]


Hi All,
I am having a 7204VXR with 40MG of Flash. The router boots fine when powered
Off/On. But i cannot say  show flash I see the IOS on disk0:  I have
already tried a bunch of IOS. Formating the disk0: doesn;t help.

46976K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
4096K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x102

MISRAN01#sh flash
Open device slot0 failed (Device not ready)


MISRAN01#sh file systems
File Systems:

 Size(b) Free(b)  Type  Flags  Prefixes
4789043239772160 flash rw   disk0:
   -   - flash rw   disk1:
   -   -opaque rw   null:
   -   -opaque rw   system:
   -   -   network rw   tftp:
  129016  124129 nvram rw   nvram:
*  -   - flash rw   slot0: flash:
   -   - flash rw   slot1:
 3407872  379204 flash rw   bootflash:
   -   -opaque wo   lex:
   -   -   network rw   rcp:
   -   -   network rw   ftp:

MISRAN01#



Can anybody tell me how to make show flash work
1) Sh file system always says flash is with slot0:
2) I cannot make flash associate with disk0:


Please Help.

Thanks
Satish Kumar.
[EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28082t=28069
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CPU Usage - How Much Is Too Much? [7:26739]

[R. Benjamin Kessler]

Been there, done that...not any fun.  Brokerage environment; UDP
directed-broadcast traffic to nearly 200 sites.  Buffers tuned to the max to
keep from dropping packets because the application didn't handle
re-transmissions...etc., etc.,  Of course, priority queuing was required to
ensure that web browsing wasn't stepping on the mission-critical app.
RSP4's in the 7500's were running into the 90% range on a regular
basis...couldn't talk the client into spending the $$ to re-design the
network; they couldn't understand why the users were complaining about poor
network performance.  They figured that if the processors were running near
100% that they were getting their $$ out of the infrastructure investment -
I still have bad dreams about it :)  - working for a new client now... :)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 19, 2001 4:34 PM
To: [EMAIL PROTECTED]
Subject: Re: CPU Usage - How Much Is Too Much? [7:26739]


From personal experience I'd put that figure at 3% too high :-)
In the dim dark past we were running some 7500s with badly overloaded RSPs.
They would run with no discernible problems up to 97% or 98% CPU.  Then
late morning the traffic load would build up, and output queues on some of
the ports would eventually overrun, and DLSW circuits would start to
bounce, and the network would go into meltdown very spectacularly.
For various reasons it took us a while to get hold of upgraded RSPs, so
peak hour wasn't a lot of fun for us or the network users...

YMMV.  I do *not* recommend running at 97% CPU on a production network.

JMcL
- Forwarded by Jenny Mcleod/NSO/CSDA on 20/11/2001 09:26 am -


MADMAN

cc:
Sent by: Subject: Re: CPU Usage -  How
Much Is Too
nobody@groupsMuch?
[7:26739]

tudy.com



20/11/2001
06:06
am

Please
respond
to

MADMAN






101%

  but seriously there is no hard 'n fast number but there is no reason
you can't run at 60-70%, leaving enough room for burst in CPU activity
so that you never hit 101%.

  Dave

Andrew Michael wrote:

 Hi everyone.

   Percentage-wise, what is the general consensus on excessive CPU usage
on
a
 router?

   Thanks in advance.
--
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26892t=26739
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco TACACS+ Problem [7:26783]

[R. Benjamin Kessler]

Verify that the router can reach the TACACS server (ping) and verify that
the TACACS server and router are configured with matching parameters.  Note:
you may have to restart the TACACS server process when you add a router.

I'm assuming that you copy/pasted the same set of config lines in all of the
routers; you might want to verify that all of the lines made it into the
config properly.  If you created your script on a 12.1 router it may have
problems getting entered into a 12.0 router, for example.

Hope this helps.

 I have configured a number of routers to authenticate to the TACACS+
 server we have on site.  some routers get the login prompt and some dont
 and at time others do.

 Has anyone got any ideas to this.

 *** Thomas Jreige
 *** Communications Engineer
 *** CSC Network Services, Wollongong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26895t=26783
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Spanning Tree Protocol [7:26538]

[R. Benjamin Kessler]

Drew, I don't know if your question has already been answered or not but
here my $0.02.

One reason to use the MAC-layer multicast address is to minimize the impact
of the BPDU flooding on non-switch/bridge devices.  Regular end-stations
will not need to process the BPDU packets because the destination is not one
they listen for.  If the packets were sent to the broadcast address then
every device would need to copy them off the wire and process them further
up the stack.

Matt, if you search the CCIE-list archives for Canonical or bit-swapping
you should get several hits - the Big-Endian/Little-Endian question has been
well-discussed because of its impact on certain DLSw/bridging issues.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Drew Simonis
Sent: Friday, November 16, 2001 4:30 PM
To: [EMAIL PROTECTED]
Subject: Re: Spanning Tree Protocol [7:26538]


Randy Lopez wrote:

 What Multicast address does STP use?


Since spanning tree is a layer 2 protocol,
why would it use any multicast address?  STP
is used between directly connected switches
and uses BPDU packets, flooded out all ports
for set up.  Not multicast.

http://www.cisco.com/warp/public/473/5.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26731t=26538
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What frame format used by TCP/IP? [7:25924]

[R. Benjamin Kessler]

I believe it is Ethernet_II (in Novell-speak) or ARPA (in Cisco-language)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
CCIE TB
Sent: Monday, November 12, 2001 7:55 AM
To: [EMAIL PROTECTED]
Subject: What frame format used by TCP/IP? [7:25924]


Compared with IPX/SPX, what type of frames does TCP/IP use?

Thanks @ Regards to all

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25957t=25924
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Subnet Mask question [7:25694]

[R. Benjamin Kessler]

I didn't see this come through the list so I'm re-posting.

-Original Message-
From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 08, 2001 10:01 AM
To: Cisco GroupStudy List
Subject: RE: Subnet Mask question [7:25602]


I'm assuming that you entered something like this in a router:

ip route 63.182.182.182 255.0.0.0 

where  = an interface name or IP address of a neighboring
router.

If this is an accurate assumption when you do a show run you'll probably
see the following instead:

ip route 63.0.0.0 255.0.0.0 

This would explain why you're sending these other packets to 63.x.x.x to
la-la land.
Do a trace and see where the packets are going to confirm what I'm saying.

Note:  On more recent versions of IOS the router will complain and tell you
that you have an inconsistent address and mask.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Telemachus Luu
Sent: Wednesday, November 07, 2001 3:37 PM
To: [EMAIL PROTECTED]
Subject: Subnet Mask question [7:25602]


Hi,

Can someone provide a good explanation to this?

Imaginary IPs:

Static host ip: 63.182.182.182
mask: 255.255.255.0

I accidently specified an incorrect mask of 255.0.0.0.  However, I was still
able to ping some sites out in the net but was unable to ping a host in the
same class, eg. 63.221.133.4.

1. Why was I able to ping out even though the mask specified was incorrect?
2. Why was I unable to ping the host in the same class?

thanks,
Telemachus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25694t=25694
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP helper address and subnet broadcast [7:25485]

[R. Benjamin Kessler]

I had a similar situation in the past where the DHCP servers were on *nix
boxes and they got flooded with the NetBT stuff (from 3000+ workstations)
needlessly.  In this type of a situation no ip forward protocol is your
friend.

To just foward the DHCP requests you need to do the following:

no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs

It would be nice if you could disable all and then specifically add the ones
you want (i.e. the passive-interface default / no passive-interface method)
but - at least on the versions I've tried - she's a no go.  You can disable
all udp flooding with the command:

no ip forward-protocol udp 

But as soon as you enable a specific service this command gets
'un-done'...perhaps a it can be a feature request for the programmers @
Cisco watching this list (do any?).

Hope this helps.

Ben

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 07, 2001 2:44 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IP helper address and subnet broadcast [7:25485]


Thank-you very much for your research and testing, Ben.

The person who started this discussion (offline) also wrote back and
confirmed that the subnet broadcasts are indeed forwarded to the address in
his IP helper address command. I agree that it makes sense from the point
of view that the subnet broadcast (10.10.255.255) is no different from an
ordinary broadcast (255.255.255.255) at the MAC layer. They both go to
FF:FF:FF:FF:FF:FF.

There are concerns about this behavior however. In his case the DHCP server
is the helper address. It is receiving all sorts of junk that it shouldn't
receive, including WINS and BROWSE stuff. The IP Helper Address
configuration is causing these packets to be sent as unicast packets to the
DHCP server. It's probably just a minor performance issue, but worth fixing.

I don't know enough about his network to recommend this definitely, but he
may be able to configure no ip forward-protocol 137 and no ip
forward-protocol 138 to ensure that the WINS and BROWSE stuff is not
forwarded. I believe he has an actual WINS server also that can handle the
WINS service and the nodes are configured as H-Nodes so they are unicasting
to the WINS server in addition to sending their broadcasts.

I thought this was interesting! I wonder how many people have thought about
how much junk by default gets forwarded with IP helper address. And
offline, some experts asked me why would a router forward a subnet
broadcast, so they all agreed that this was not completely expected
behavior.

Thanks again,

Priscilla



At 10:00 AM 11/7/01, R. Benjamin Kessler wrote:
I setup a remote unix box running nmap and had it send packets to the
subnet
broadcast address (in my case 192.168.72.255).  I configured my router with
an ip helper command (sending to a single host).  I executed the nmap
command with and without IP directed broadcast configured on the router
interface and didn't see any difference.

Running a sniffer-like device on the target (of the ip helper command) I
was
able to verify the receipt of the packets sent via nmap.

Given a network similar to the following:

  +---++---+
-| rtr a || rtr b |-
   e0 +---+ e1  e1 +---+ e0

My understanding of directed-broadcast is that if a packet sourced from rtr
a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will
forward it if directed-broadcast is enabled and drop if not.

IP helper impacts packets heading out (from the router) to the interface in
question not packets inbound.

To take this discussion a step further, the IP helper function processes
packets sent to the MAC-layer broadcast address for the specified
protocols.
A packet sent to the local IP broadcast address (10.10.255.255 in
Priscilla's example) will have the same MAC-layer destination address as a
packet sent to 255.255.255.255.

Comments, questions?  Anyone think my logic is all wet?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Tuesday, November 06, 2001 9:43 PM
To: [EMAIL PROTECTED]
Subject: Re: IP helper address and subnet broadcast [7:25485]


I know how IP helper address, directed broadcasts, NetBIOS, etc. work.
(NetBIOS session service doesn't broadcast, by the way, and in fact uses
TCP not UDP, so I doubt that it needs to be added to the list. It's used
between a client and server after the client has mapped the NetBIOS name to
the server's address.)

The question is: will the router (with IP helper address) forward if the
source sends to a subnet broadcast such as 10.10.255.255 instead of sending
to 255.255.255.255? Nowhere does the documentation say that it won't, so I
guess it will.

Note that I am not asking

RE: IP helper address and subnet broadcast [7:25485]

[R. Benjamin Kessler]

Depends on what you're trying to do...the utility I used here is just
nmap - see www.insecure.org (note: this is a bit of a hacking tool, so
use with caution).

This is basically a port scanning tool, you can specify a remote subnet to
scan but you give it the range of addresses to probe, I don't see why you
couldn't probe a remote host that just happened to have the same address as
the subnet broadcast somewhere.

I guess by definition, if you've got a default gateway configured and are
sending traffic to a remote subnet you'll have the local router's MAC
address as the destination.

If you're looking to do something a bit more elaborate you can try to use a
Sniffer to manufacture a string of packets but it is probably more trouble
than it's worth.  I'm sure that there are plenty of hacker tools that will
do this but you'll probably need to go lurking on some different lists to
find them...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Logan, Harold
Sent: Wednesday, November 07, 2001 2:32 PM
To: [EMAIL PROTECTED]
Subject: RE: IP helper address and subnet broadcast [7:25485]


Interesting... By any chance do you have a packet manipulator available?
For added fun you could put together a frame with a destination IP of
the subnet's broadcast addy, and a destination MAC of the routers MAC
address...


 -Original Message-
 From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, November 07, 2001 2:03 PM
 To: [EMAIL PROTECTED]
 Subject: RE: IP helper address and subnet broadcast [7:25485]


 I setup a remote unix box running nmap and had it send
 packets to the subnet
 broadcast address (in my case 192.168.72.255).  I configured
 my router with
 an ip helper command (sending to a single host).  I executed the nmap
 command with and without IP directed broadcast configured on
 the router
 interface and didn't see any difference.

 Running a sniffer-like device on the target (of the ip helper
 command) I was
 able to verify the receipt of the packets sent via nmap.

 Given a network similar to the following:

  +---++---+
 -| rtr a || rtr b |-
   e0 +---+ e1  e1 +---+ e0

 My understanding of directed-broadcast is that if a packet
 sourced from rtr
 a's e0 network is sent to the broadcast address of rtr b's
 e0; rtr b will
 forward it if directed-broadcast is enabled and drop if not.

 IP helper impacts packets heading out (from the router) to
 the interface in
 question not packets inbound.

 To take this discussion a step further, the IP helper
 function processes
 packets sent to the MAC-layer broadcast address for the
 specified protocols.
 A packet sent to the local IP broadcast address (10.10.255.255 in
 Priscilla's example) will have the same MAC-layer destination
 address as a
 packet sent to 255.255.255.255.

 Comments, questions?  Anyone think my logic is all wet?

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Priscilla Oppenheimer
 Sent: Tuesday, November 06, 2001 9:43 PM
 To: [EMAIL PROTECTED]
 Subject: Re: IP helper address and subnet broadcast [7:25485]


 I know how IP helper address, directed broadcasts, NetBIOS, etc. work.
 (NetBIOS session service doesn't broadcast, by the way, and
 in fact uses
 TCP not UDP, so I doubt that it needs to be added to the
 list. It's used
 between a client and server after the client has mapped the
 NetBIOS name to
 the server's address.)

 The question is: will the router (with IP helper address)
 forward if the
 source sends to a subnet broadcast such as 10.10.255.255
 instead of sending
 to 255.255.255.255? Nowhere does the documentation say that
 it won't, so I
 guess it will.

 Note that I am not asking about the forwarding of directed
 broadcasts. The
 IP helper address is configured with an actual server's address, not a
 directed broadcast address.

 I'm not looking for the boring answers to the boring questions. The
 question is not the same one that you have seen many times. ;-)

 Priscilla

 At 10:09 PM 11/6/01, Erick B. wrote:
 Priscalla,
 
 They need to enable one more 'ip forward-protocol udp'
 globally for this to work, as well as enable
 directed-broadcast on target router interface where
 ip-helper is forwarding to.
 
 Also, I replied to nrf on this as well in more detail
 just explaining helper-address and
 directed-broadcasts.
 
 Default ports forwarded:
 
 Trivial File Transfer (TFTP) (port 69)
 Domain Name System (port 53)
 Time service (port 37)
 NetBIOS Name Server (port 137)
 NetBIOS Datagram Server (port 138)
 BootP datagrams (port 67)
 TACACS service (port 49)
 
 The one missing is:
 
 netbios-ss - Netbios session service (port 139)
 
 Also, I have done this and it works.
 
 Erick
 
 --- Priscilla Oppenheimer  wrote:
   This message came to me offline. The Cisco
   documentation doesn't answer the
   question, but some of you might know.
  
   In a Windows environment

RE: IP helper address and subnet broadcast [7:25692]

[R. Benjamin Kessler]

sorry if you've received this before...I'm having problems posting it
seems...

-Original Message-
From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 08, 2001 10:01 AM
To: Priscilla Oppenheimer; Cisco GroupStudy List
Subject: RE: IP helper address and subnet broadcast [7:25485]


I had a similar situation in the past where the DHCP servers were on *nix
boxes and they got flooded with the NetBT stuff (from 3000+ workstations)
needlessly.  In this type of a situation no ip forward protocol is your
friend.

To just foward the DHCP requests you need to do the following:

no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs

It would be nice if you could disable all and then specifically add the ones
you want (i.e. the passive-interface default / no passive-interface method)
but - at least on the versions I've tried - she's a no go.  You can disable
all udp flooding with the command:

no ip forward-protocol udp 

But as soon as you enable a specific service this command gets
'un-done'...perhaps a it can be a feature request for the programmers @
Cisco watching this list (do any?).

Hope this helps.

Ben

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 07, 2001 2:44 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IP helper address and subnet broadcast [7:25485]


Thank-you very much for your research and testing, Ben.

The person who started this discussion (offline) also wrote back and
confirmed that the subnet broadcasts are indeed forwarded to the address in
his IP helper address command. I agree that it makes sense from the point
of view that the subnet broadcast (10.10.255.255) is no different from an
ordinary broadcast (255.255.255.255) at the MAC layer. They both go to
FF:FF:FF:FF:FF:FF.

There are concerns about this behavior however. In his case the DHCP server
is the helper address. It is receiving all sorts of junk that it shouldn't
receive, including WINS and BROWSE stuff. The IP Helper Address
configuration is causing these packets to be sent as unicast packets to the
DHCP server. It's probably just a minor performance issue, but worth fixing.

I don't know enough about his network to recommend this definitely, but he
may be able to configure no ip forward-protocol 137 and no ip
forward-protocol 138 to ensure that the WINS and BROWSE stuff is not
forwarded. I believe he has an actual WINS server also that can handle the
WINS service and the nodes are configured as H-Nodes so they are unicasting
to the WINS server in addition to sending their broadcasts.

I thought this was interesting! I wonder how many people have thought about
how much junk by default gets forwarded with IP helper address. And
offline, some experts asked me why would a router forward a subnet
broadcast, so they all agreed that this was not completely expected
behavior.

Thanks again,

Priscilla



At 10:00 AM 11/7/01, R. Benjamin Kessler wrote:
I setup a remote unix box running nmap and had it send packets to the
subnet
broadcast address (in my case 192.168.72.255).  I configured my router with
an ip helper command (sending to a single host).  I executed the nmap
command with and without IP directed broadcast configured on the router
interface and didn't see any difference.

Running a sniffer-like device on the target (of the ip helper command) I
was
able to verify the receipt of the packets sent via nmap.

Given a network similar to the following:

  +---++---+
-| rtr a || rtr b |-
   e0 +---+ e1  e1 +---+ e0

My understanding of directed-broadcast is that if a packet sourced from rtr
a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will
forward it if directed-broadcast is enabled and drop if not.

IP helper impacts packets heading out (from the router) to the interface in
question not packets inbound.

To take this discussion a step further, the IP helper function processes
packets sent to the MAC-layer broadcast address for the specified
protocols.
A packet sent to the local IP broadcast address (10.10.255.255 in
Priscilla's example) will have the same MAC-layer destination address as a
packet sent to 255.255.255.255.

Comments, questions?  Anyone think my logic is all wet?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Tuesday, November 06, 2001 9:43 PM
To: [EMAIL PROTECTED]
Subject: Re: IP helper address and subnet broadcast [7:25485]


I know how IP helper address, directed broadcasts, NetBIOS, etc. work.
(NetBIOS session service doesn't broadcast, by the way, and in fact uses
TCP not UDP, so I doubt that it needs to be added to the list. It's used
between a client and server after the client has

RE: Subnet Mask question [7:25602]

[R. Benjamin Kessler]

I'm assuming that you entered something like this in a router:

ip route 63.182.182.182 255.0.0.0 

where  = an interface name or IP address of a neighboring
router.

If this is an accurate assumption when you do a show run you'll probably
see the following instead:

ip route 63.0.0.0 255.0.0.0 

This would explain why you're sending these other packets to 63.x.x.x to
la-la land.
Do a trace and see where the packets are going to confirm what I'm saying.

Note:  On more recent versions of IOS the router will complain and tell you
that you have an inconsistent address and mask.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Telemachus Luu
Sent: Wednesday, November 07, 2001 3:37 PM
To: [EMAIL PROTECTED]
Subject: Subnet Mask question [7:25602]


Hi,

Can someone provide a good explanation to this?

Imaginary IPs:

Static host ip: 63.182.182.182
mask: 255.255.255.0

I accidently specified an incorrect mask of 255.0.0.0.  However, I was still
able to ping some sites out in the net but was unable to ping a host in the
same class, eg. 63.221.133.4.

1. Why was I able to ping out even though the mask specified was incorrect?
2. Why was I unable to ping the host in the same class?

thanks,
Telemachus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25688t=25602
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP [7:25125]

[R. Benjamin Kessler]

Some books describe the topology table as a compilation of routing tables
from all the neighboring routers.

Gareth did a good job trying to explain the feasible distance vs. advertised
distance thing...there's also a good explanation of this in Ch 1 of the
EGIRP Network Design Solutions (Cisco Press) - you may need to re-read it a
few times though.

Another thing to remember is that the receiving router adds its interface
metric to the distance reported by the neighboring router.

A router's feasibility distance is its minimum distance to a destination -
put another way, the best path to a destination network.

A neighbor router meets the feasibility condition if it reports a lower
distance than the feasibility distance.  As Gareth said, this ensures that
the neighbor isn't using a path back through the querying router

If a router meets the feasibility condition it is a feasible successor.

Clear as mud yet?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hunt Lee
Sent: Friday, November 02, 2001 4:03 PM
To: [EMAIL PROTECTED]
Subject: EIGRP [7:25125]


Can anyone please help me on this?

For EIGRP, I understand that for routing table, EIGRP has kept a separate
routing table for each protocol:  so it has one for IP EIGRP, another one
for IPX EIGRP, and another one for AppleTalk EIGRP.  But what's a topology
table (show ip eigrp topology)?

Also, I have read the BSCN book (by Cisco Press) many many times... I
understand that the successor is the EIGRP main route, while the feasible
successor is the backup route.  but the book states that to qualify as a
feasible successor, the next-hop router must have an advertised distance
less than the feasible distance of the current successor - also, what's the
difference between the advertised distance and the feasible distance?

Thanks in advance.

Best Regards,
Hunt




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25191t=25125
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to find serial number of router? [7:24760]

[R. Benjamin Kessler]

Are you sure that it is reporting the same serial # that is on the chassis?
In my experience, the only way I could get the serial number remotely is by
entering the snmp-server chassis-id command into the config manually.

I just double-checked on a 3600, 7200 and 7500 (running various 12.x code)
and the serial number I get with show diag or show version aren't the same
as the one I entered manually (based-on physical verification).

Note:  I also did this on my IOS-based switches (cat3500's) even though the
show version command will give you this info - System serial number: x

Bottom-line is that when you open a case w/TAC and they ask for a serial
number of the system, they're interested in the one on the chassis not some
internal component.

Just my $0.02

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Carroll Kong
Sent: Wednesday, October 31, 2001 5:42 PM
To: [EMAIL PROTECTED]
Subject: Re: How to find serial number of router? [7:24760]


Wow, excellent tip!  However, this does not seem to work on the
2500s series.  (using 12.1(11) with a 2514).  It does work on my
2610.  (using 12.1(11)).

At 02:44 AM 10/31/01 -0800, Budi Widjojo wrote:
you can use
show diag command.

or as you said, you can use cisco resource manager
also.

cheers,
budi
--- IT Guy  wrote:
  Hi Guys,
 
  Can anyone here please help what are the possible
  software ways to findout
  the serial number of router without looking at the
  hardware itself??
 
  Can we findout by using any management software like
  Cisco resource manger
  or etc??
 
  Thanks for help.
 
 
_
  Get your FREE download of MSN Explorer at
  http://explorer.msn.com/intl.asp
[EMAIL PROTECTED]


__
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com


-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24931t=24760
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Setting up TACACs on catalyst switches [7:23944]

[R. Benjamin Kessler]

I have a text file that I do a 'select-all', 'copy' from and then 'paste'
into a new CatOS switch.  Here's the AAA lines that I paste, in the order I
paste them:

#authentication
set authentication login tacacs enable console primary
set authentication login tacacs enable telnet primary
set authentication login tacacs enable http primary
set authentication enable tacacs enable console primary
set authentication enable tacacs enable telnet primary
set authentication enable tacacs enable http primary
#accounting
set accounting commands enable all stop-only tacacs+
#authorization
set authorization exec enable tacacs+ if-authenticated console
set authorization exec enable tacacs+ if-authenticated telnet
set authorization enable enable tacacs+ if-authenticated console
set authorization enable enable tacacs+ if-authenticated telnet
set authorization commands enable all tacacs+ if-authenticated console
set authorization commands enable all tacacs+ if-authenticated telnet

Note:  I also issue a set ip http server disable so the HTTP lines above
are probably not needed but this group of commands seem to work pretty well.

Hope it helps.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Shane Stockman
Sent: Tuesday, October 23, 2001 2:44 PM
To: [EMAIL PROTECTED]
Subject: Setting up TACACs on catalyst switches [7:23944]


I have intstalled a couple of switches (6509,5500,4000,3548,2924)in my
network a couple of months ago and would now like to add tacacs to the
switches for AAA.

Does anyone have any ideas with regards to the set commands and as well not
letting me lock myself out of the switch.

Thanks in advance

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24799t=23944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mentor Technologies Info (am I screwed?) [7:24825]

[R. Benjamin Kessler]

I was scheduled to take the class in December...I don't think my CC has been
charged yet but I'll be calling them to check for sure.  I have a whole list
of Mentor phone #'s but all of the ones I called weren't answered by humans.

Can anyone offer feedback on the CCBootcamp 5-day course (anyone other than
Mark and Brad that is)?

It seems to me that this may be a possible substitute for the ECP-1 class.
If anyone has a really fat training budget and has attended both a
comparison would be great - I'm guessing that there aren't too many people
in that situation though.

Thanks,

Ben

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of J
Sent: Wednesday, October 31, 2001 1:41 PM
To: [EMAIL PROTECTED]
Subject: OT: Mentor Technologies Info (am I screwed?) [7:24825]


Just wondering if I am the only person caught up in
the Mentor Technologies apparant bankruptcy.

I have paid for ECP-1 in Falls Chuch on Nov. 12th,
called Mentor to find out what was going on once I
heard they were going under.  Nobody answering the
phone, mail boxes full, lines busy, in short, nobody
is home.

I've made calls to the Consumer Protection Division of
Annapolis's Attorney General, they gave me the
bankruptcy court's number, but I haven't gotten thru
there yet.

I'd love to hear it if anyone has any
suggestions/advice on how to get my $4,000.00 dollars
back.  Wasn't smart enough to pay via credit card,
sent them a check.

Thanks,

=
Jason Lynch
MCP,CCNA,CCNP+Security,CCIE Written

__
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24867t=24825
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Redundancy design question [7:6646]

[R. Benjamin Kessler]

...in an attempt to torch the straw man...

We could talk at length about the pros and cons of the straw man you
present; if I understand the main question at hand the question is how to
provide some redundancy to the WAN link.

Short answer is that real-world solutions would include some type of
alternate or backup circuit (ISDN has already been mentioned on this thread)
connected to the same router or a redundant one.

To look at the hypothetical scenario you propose - I assume there is some
way to do as you propose, I don't know how you could have the router
interface active on both routers at once such that automagic failover was
possible.  Aside from the physical-layer issues (splitting the wire(s),
noise, clocking problems, etc.) and the data-link layer issues (having three
devices on what is supposed to be a point-to-point circuit); consider the
network-layer problems.

If Core-Rtr1 is primary and Core-Rtr2 is backup connecting to some remote
router(s) (Remote-RtrX) and assume we're talking IP - say the network is
192.168.1.0/24.  Then Each core router will need an (active) interface on
the 192.168.1.0/24 network but, Core-Rtr2 needs to send all traffic via
Core-Rtr1 when it is alive and well.

Well, I'm sure that somebody, somewhere is doing something pretty similar to
this (I continue to be amazed at what I find out there...) but I would make
sure that my pager number wasn't on the call list for support.

The closest thing I've seen to what you're talking about (in a common,
supportable, lowest $$  configuration) would be to utilize frame-relay and
connect every router into the cloud.  Yes, you end up paying for the
additional local loop and F/R port charge for the 2nd core router but most
carriers offer DR PVCs at little or no cost to customers.  Throw a little
ISDN into the pot to backup the frame network...just keep adding the $$

In the real world, it all boils down to how many 9's the company is willing
to pay for - I don't care how hard you try, you're not going to get 99.999%
availability on a three-9's budget.

Since this is purely an academic discussion...I think others will agree that
having a hot-standby router (especially a fairly costly one - you did say
7206, right) but only one serial link is probably a mis-direction of funds.
In my experience, serial lines fail much more frequently than hardware.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jon
Sent: Thursday, May 31, 2001 4:38 PM
To: [EMAIL PROTECTED]
Subject: RE: Redundancy design question [7:6646]


Keep in mind, this is not the typical help me design/fix my network for
free question.  I have been reading various papers, chapters, and case
studies, and am trying to get my head wrapped around the details, now.
I've built some scenarios in my head, trying to see problems and
solutions, rather than ways to buy more gear.  I'm also not trying to
solve the WAN redundancy problem, just trying to get the WAN to connect
into my LAN redundancy solution.

The fundamental problem I'm trying to solve is how to protect against any
hardware failure of my core devices knocking out normal operations.  I am
not concerned with protecting against any other faults outside my direct
control (e.g. loss of WAN circuit, loss of server, Howard sets off a
tactical device in the CO, etc.).

For the sake of having a straw man to burn:

A remote site is connected to the main office over a SHNS/SONET DS-3
connection, with full SONET protection to the demarc equipment on the wall
of the MDF.  (To limit the discussion scope, I will only describe the
remote site -- we will assume the main facility is impervious to faults).
The telco provides a coax connection for connecting the router to their
gear.

Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module,
a Cat4006 with multiple GBIC blade and 10/100 blade.  There are three IDF
wiring closets, one per floor, each with a Cat4006 fully populated with
10/100 blades.  Each IDF switch is connected over a single GBIC/GigE
connection to the MDF switch.  All users are connected to their IDF over a
single Cat5 run.  All servers are connected (single-homed) to the MDF
switch.

To add some protection to this model, I will add a second Cat4006 in the
MDF, with the same blades as the first.  I will also dual-home all the
servers to both MDF switches -- assume that the proper NICs are present to
allow this, and that they are properly configured.

I am now protected against the loss of one of my blades, or chassis, or
running over a single cable with my handy BOFH rolling chair.  But, my
router might break, so I need to protect against that risk.

Add a second 7206, same blades, dual-homed to both switches.  Except I
only have one coax cable from the demarc to carry the WAN signal.  How do
I connect the coax to two router blades, so that both routers could use
the media?  Or, is there a type of service available that allows for
physical failover of the 

RE: Migration EIGRP-OSPF [7:5724]

[R. Benjamin Kessler]

 can't stress more that you have to have a solid network design to start
and you have to limit the query scope of DUAL (effectively breaking the
network into areas) in order to have a stable, scalable network.  If you
don't do these things, at some point it will break and you'll be looking to
migrate to OSPF.

Sorry for the long response...

I hope this helps,

Ben

-Original Message-
From: Carroll Kong [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 31, 2001 10:32 AM
To: R. Benjamin Kessler
Cc: [EMAIL PROTECTED]
Subject: RE: Migration EIGRP-OSPF [7:5724]


At 08:27 AM 5/31/01 -0400, R. Benjamin Kessler wrote:

What is the reason for going to OSPF in this instance, stability problems
with EIGRP or multi-vendor support?

In my experience people seem to view EIGRP as easier than OSPF - while
probably true in really small networks, networks these days just seem to be
getting bigger and the same planning required for a successful OSPF
implementation is required for EIGRP.  I haven't seen too many companies
with all-Cisco routers and a healthy EIGRP network looking to change
things - thus the question above.

Well, a few points I would bring up is.

Stuck in Active problem of EIGRP.  As the updates are being done, the
routers will stay in active mode (cannot receive new updates I
believe).  If the EIGRP network is big, it must wait for the very last
router in the periphery to respond back.  This could cause issues with
convergence time.  You may have to modify the timers to increase the hold
time (which might cause bad convergence) since genuine requests might take
so long that they will get zonked out and the the router will delete it's
entry.  This only happens in huge AS (in the EIGRP sense of an area of
sorts).  So, if the idea of using OSPF and breaking into areas is bad,
you technically get the same issue with EIGRP, except in the form of ASes.

Also, you are running a proprietary protocol now.  Although it seems to
work fine now.  If say, they feel another vendor's product is superior in a
particular aspect of their network, they might be hard pressed or you will
need to do some redistribution/distribution lists which is probably going
to be difficult as well.

I suppose all in all it is still easier to use EIGRP.  I agree
wholeheartedly with your statements.  The cost of going to OSPF might seem
higher if they are really not that good with it.  In that way it somewhat
validates them sticking to EIGRP.



-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6747t=5724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Migration EIGRP-OSPF [7:5724]

[R. Benjamin Kessler]

You also need to make sure that you have good address summarization if you
want it to be successful.  I've seen more than my fair share of networks
that ran EIGRP, didn't have proper summarization and/or had a lot of
redundancy.  Because, out of the box EIGRP doesn't require you to build
networks with summarization, etc. like OSPF.  A few years back (before Cisco
started publishing more details about scaling EIGRP) I saw several networks
that were experiencing stability problems when running EIGRP and the thought
was that OSPF would fix their problems.  Most of these companies balked at
the thought of re-addressing the network to properly support OSPF and stayed
with EIGRP - using a lot of distribute-lists, etc. (although the same
reasons that OSPF requires summarization would be of great benefit in an
EIGRP network).

I've found that binary math is not commonly held skill-set.

What is the reason for going to OSPF in this instance, stability problems
with EIGRP or multi-vendor support?

In my experience people seem to view EIGRP as easier than OSPF - while
probably true in really small networks, networks these days just seem to be
getting bigger and the same planning required for a successful OSPF
implementation is required for EIGRP.  I haven't seen too many companies
with all-Cisco routers and a healthy EIGRP network looking to change
things - thus the question above.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
David Wolsefer
Sent: Tuesday, May 29, 2001 7:00 PM
To: [EMAIL PROTECTED]
Subject: RE: Migration EIGRP-OSPF [7:5724]


Yes,

We laid in OSPF over EIGRP since the administrative distance of EIGRP is 90
and OSPF is 110. We were then able to check the OSPF databases on each
router to make sure that all routes are advertised correctly. The final step
was to remove eigrp. This results in some downtime, but it was easier to
schedule a block of downtime and cut over.


Regards,

David Wolsefer, CCIE #5858

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dyson Kuben
Sent: Thursday, May 24, 2001 5:59 AM
To: [EMAIL PROTECTED]
Subject: Migration EIGRP-OSPF [7:5724]


anyone out there ever migrated a large-scale network from EIGRP to OSPF?
Would you be able to share your experiences?

Thanks,

Dyson
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6597t=5724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 6509 and logging messages [7:6479]

[R. Benjamin Kessler]

If you're connecting to the switch via telnet - keeping with the below
suggestion - assuming you're running CatOS, you might want to also turn off
session logging.  That combined with creating a big buffer for the logging
messages and/or sending them to a syslog host will keep these messages off
your screen.

If you don't care about these messages, you can also change the logging
parameters for the switch.  See the following link for info:

http://www.cisco.com/warp/customer/473/34.shtml#PAGP_MESSAGES



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Peter I. Slow
Sent: Wednesday, May 30, 2001 12:24 PM
To: [EMAIL PROTECTED]
Subject: Re: 6509 and logging messages [7:6479]


conf t
logging buffered 99 debug
no logging console

- Original Message -
From: Nabil Fares
To:
Sent: Wednesday, May 30, 2001 12:50 PM
Subject: 6509 and logging messages [7:6479]


 Greetings all,

 How can I disable messages to prompt me when someone connects to the
switch?
 Basically when someone connects, the switch issues port 4/3 left the
bridge,
 port 4/3 joined the bridge.  Can this be disabled?

 Thanks

 Nabil
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6620t=6479
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Ethernet frame format [7:5996]

[R. Benjamin Kessler]

Just getting started, there are probably some easier reads out there but
that book will definitely give you the goods on TCP/IP...

Regarding your question/statement, you are accurate that the raw Ethernet
frame format has DA, SA, EtherType, Data, and FCS - to be a valid frame it
just has to be between 64 and 1518 bytes (if we're including the 4 bytes of
the FCS in our calculations) - notice that the top end number is not 1500 -
the common max MTU size for Ethernet-attached devices talking IP.  MTU is
a function of L3, not L2.

The IP header will indicate how many bytes of the Ethernet payload is
consumed by IP stuff - add this to the 14 bytes consumed by the
destination address (6), source address (6) and ethertype (2) to get the
total frame size (+ plus the trailing 4 bytes for the FCS).  This statement
will be true unless adding all that up equals a number less than 60 (64
w/FCS) in which case the packet will be padded with 0's to make it a legal
Ethernet packet.

I think it is generally considered a good thing that packets aren't padded
to the full Ethernet size (or MTU) - it that were the spec, I'm thinking
that ATM would be a lot more popular as a LAN medium.

Hope this helps.

Ben



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, May 25, 2001 6:59 PM
To: [EMAIL PROTECTED]
Subject: Ethernet frame format [7:5996]


Dear Members List,

I've just started the track for CCNA and, following all the repeated advices
posted in this list, I started studing for Internetworking with TCP/IP, by
Douglas Comer.

The ethernet frame format stablishes as necessary information for the frame
as DA, SA, Type, Data Area(variable from 46 to 1500 bytes) and a trailer FCS
4 bytes.

I don't see how can we have different frame sizes correctly received, since
there is no information about the specific lenght for every single frame,
taking in account the asynchrounous nature of this communication.

I thought that the layer 3 would pad till the MTU was reached, but I saw a
trace on an ethernet network and I could see different frame sizes.

Thanks in advance,

Douglas Baltazar de Queiroz - Field Enginner

---
UOL: o melhor da Internet.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6007t=5996
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]