RE: Catalyst 6500 Architecture [7:74460]
I think the SFM's were an interim step; the current direction seems to be the Sup720 blades. What kind of speeds feeds are you requiring? ~~ R. Benjamin Kessler Network Engineer CCIE #8762, CISSP, CCSE Kessler Consulting Email: [EMAIL PROTECTED] http://www.kesslerconsulting.com Phone: 260-625-3273 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of neil K Sent: Friday, August 29, 2003 4:31 AM To: [EMAIL PROTECTED] Subject: Catalyst 6500 Architecture [7:74460] Folks, The Catalyst 6500 uses a Shared bus Architecture and to increase the Backplane capacity you have to have Switch fabric module (SFM) with fabric Enabled modules to make it work. Is there a vendor which has a better architecture or a better solution. Thanks, neil K. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74518t=74460 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: CCNP and future CCIE lab setup [7:73696]
I think they're suggesting that you make a short cross-over male to female cable (instead of the standard male to male patch cable). The idea being that you could still use your standard patch cables and where a cross-over cable was required and simply connect the short cross-over to one end. Does this clear it up for you or are you more confused? ~~ R. Benjamin Kessler Network Engineer CCIE #8762, CISSP, CCSE Kessler Consulting Email: [EMAIL PROTECTED] http://www.kesslerconsulting.com Phone: 260-625-3273 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 5:10 PM To: [EMAIL PROTECTED] Subject: RE: CCNP and future CCIE lab setup [7:73696] I honestly do not know what you are referring to. A plug on one side and a jack on the other? I am probably missing something simple but nothing rings a bell!!! Of course, I am a girl from Thailand and maybe my slang English is not up to par. Hee hee Can you please explain what that is about? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73762t=73696 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: udld [7:73730]
Absolutely! I have a client that uses UDLD Aggressive Mode on all switch-to-switch Gig links. We found out about this the hard way when we had a SUP in a 6509 that had faulty GIG interface; after several spanning-tree events and high-level conf. calls with Cisco they informed us about this feature (this was approx. 2 yrs. ago). Since then, we've been using it quite successfully. I have seen some weirdness when initially setting up trunks or gig-Etherchannel links (UDLD will sometimes cause the port to go 'err-disable'). Once you get the trunk/GEC link setup though it seems to work pretty well. HTH ~~ R. Benjamin Kessler Network Engineer CCIE #8762, CISSP, CCSE Kessler Consulting Email: [EMAIL PROTECTED] http://www.kesslerconsulting.com Phone: 260-625-3273 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lopez, Robert Sent: Friday, August 08, 2003 9:00 AM To: [EMAIL PROTECTED] Subject: udld [7:73730] Anyone out there make it a common practice to implement UDLD on Cat 6509 GigE uplinks? TIA, Robert LEGAL NOTICE Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73736t=73730 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Forrest Gump-like arp(?) question [7:56680]
I have a couple of 6509's with Sup1/MSFC1 cards that have a feature (I can't get TAC to agree that it is a bug) which cause this type of problem. If you have an MLS entry built for a host and the MAC address associated with that host's IP address (ARP entry) changes, the MSFC will see this (via the gratuitous ARP) but the change will not be propagated down to the MLS cache on the L2 side. (hence the bug in my opinion) The L2 cache will not change even though the L3 side knows of the new address; I think there should be better communication between the two engines but perhaps I'm way over-simplifying things. If you perform a global clear arp on the MSFC this does flush the entire MLS cache on the L2 side so this will fix the problem but it is a bit like performing brain surgery with a sledge hammer. You can perform a selective clearing at the L2 prompt by issuing the following: clear mls entry ip destination x.x.x.x By default, an MLS entry will age-out pretty quickly if there is no traffic going to the destination (two minutes I think); unfortunately, the HPOV guy has his box pinging everything he can find (and I do mean everything but that's a story for another time) on a two-minute interval and being a Windows shop we never see our entries age-out because of no traffic (the short aging time). Every MLS entry will be cleared (regardless of traffic) after the long aging time. Somewhere between CatOS version 5.4.2 and 5.5.7 this timer was changed from 900 seconds to 1920 seconds (15 minutes to 32 minutes) and there isn't an option to modify this (unless you run your switches in Native IOS mode). The good news is that Cisco radically changed how MLS works with the Sup2's and this is no longer a problem. The PFC uses CEF so when the router's ARP cache changes, the appropriate CEF tables are updated and MLS keeps humming along. So, you might want to ask Sprint how their 6509 is configured and see if it matches the above scenario that I laid-out. As a work-around, you can spoof the MAC address of your new router to match that of the old router. Hope this helps, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] Sent: Friday, November 01, 2002 1:42 PM To: [EMAIL PROTECTED] Subject: RE: Forrest Gump-like arp(?) question [7:56680] A cisco router broadcasts a gratuitous ARP response announcing to the world its IP address when it boots. See this example: Ethernet Header Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast Source: 00:00:0C:3F:00:D4 Protocol Type:0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length:6 Protocol Address Length:4 Operation:2 ARP Response Sender Hardware Address:00:00:0C:3F:00:D4 Sender Internet Address:172.16.10.1 Target Hardware Address:FF:FF:FF:FF:FF:FF Ethernet Broadcast Target Internet Address:172.16.10.1 Is your router not doing that for some reason? You could do some sniffing to see whether it does it. The gratuitous ARP should put the right ARP data into the 6509's ARP cache. So, I'm wondering if the ARP cache is the real problem. When you had the new router installed, what did show int ethernet display? Was it up/up? Can you send us some of your config for some more clues?? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Mark Smith wrote: Unfortunately I don't have access to the 6509 or it would be a done deal. My stuff's at a Sprint co-lo facility and getting thru to a live tech across the country at Sprint is next to impossible. The 6509 is theirs and is what I connect to on their network to get out to the world. I was just looking for a way to force their equipment to clear or refresh it's arp cache. Thanks. Quoting Priscilla Oppenheimer : Can't you just do a clear arp on the 6509? That's a commonly-used IOS command. I would assume it works on the 6509. Or should I say ass-u-me it works. :-) Priscilla Mark Smith wrote: I need to replace a router in a cabinet at the facility where my hosted servers and equipment is. My equipment is talking to the hosting facility's network via a port on a 6509 switch. I replaced my router and then nothing from my network could connect to the outside world. I waited about 2 minutes (during which time my entire site's down and my bosses get VERY nervous) and I never was able to connect from inside and my tester on the outside was never able to get in to me. I finally put router #1 back in and all was well again. I've scoured the configuration and #2's is identical with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the reason for this is the 6509 port's ARP cache is looking for the MAC address of router #1 and it ain't there anymore. Would this
RE: Question on ATM OC-3 WAN connection and TcpWindowSize [7:56614]
You could be experiencing the long, fat network (LFN) problem. How far apart are these locations? (average round-trip time with ping?) -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of Kim Seng Sent: Thursday, October 31, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: Question on ATM OC-3 WAN connection and TcpWindowSize [7:56612] Hi all, I have an OC-3 155Mbps UBR WAN link between two sites. When I transfer files between these two sites using windows explorer or ftp, I only have about 8Mbps. Sprint told me I need to change the registry: TcpWindowSize to get better throughput. Have anyone experienced this before? Thanks in advance. Kim. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56614t=56614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 8540CSR [7:56172]
I have a client that used to have a pair of them...chucked them about a year ago. 8540's (at least in the L2/L3 LAN-Switching arena) were an abortion of a product; it was merely a stop-gap measure to say that Cisco had a L3 switch on the market. With the 6500-series they've got a capable product now and they have successfully wiped the egg from their faces. I have yet to hear of a customer that purchased 8540's to do L3 switching functions that was happy with the purchase. I have heard that the ATM version of the 8540's performed quite well (basically an upgrade to the LS1010) but don't have any personal experience with that. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of Ellis, Andrew Sent: Wednesday, October 23, 2002 6:25 PM To: [EMAIL PROTECTED] Subject: Catalyst 8540CSR [7:56172] Hi, Is there anyone out there that has 8540CSRs or MSRs in their network? If so, what version of IOS are you running and are they really problematic? Are you disgusted with them and ready to chuck 'em? -Drew Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56223t=56172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Extended Vlan across Wan [7:54866]
I'm surprised Howard hasn't chimed in yet, this is definitely a what problem are you trying to solve sort of case... More details please. Personally, I don't believe VLANs should extend outside a building (even with Dark Fibre); but perhaps you have requirements that would justify this... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of gladston vidali Sent: Friday, October 04, 2002 9:05 AM To: [EMAIL PROTECTED] Subject: Extended Vlan across Wan [7:54866] Hi Guys, Could you give me your opinion about the following ? What is the best technology nowadays to extend Vlans across a ATM Wan backbone ? -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Free price comparison tool gives you the best prices and cash back! http://www.bestbuyfinder.com/download.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54881t=54866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Non-disruptive IOS upgrade on 6513? [7:51508]
Check out the following link; it talks about high availability and versioning. I've not had a chance personally to try the versioning support to perform an upgrade but I think this might be what you're after... http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg _gd/redund.htm#23097 If you have a chance to go through this procedure, let us know how well it works. HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Friday, August 16, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: Non-disruptive IOS upgrade on 6513? [7:51508] I have a 6513 with redundant sup modules and I'd like to update the IOS image. Is it possible to do this while remaining mostlly transparent to users on the switch? I've read the instructions on CCO and according to them I'd still have to reload the entire switch. Is it possible to do one engine at a time while the other is running as primary? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51752t=51508 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT - Networkers, Orlando [7:47846]
Anyone from the list going? Is there going to be a GroupStudy gathering? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47846t=47846 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT - Networkers, Orlando [7:47846]
Sounds good. When? Where? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Borghese Sent: Monday, July 01, 2002 3:04 PM To: [EMAIL PROTECTED] Subject: Re: OT - Networkers, Orlando [7:47846] Sure. I will be there. Two years ago we had a GroupStudy dinner in Orlando. Anyone else interested? Paul - Original Message - From: ken clifford To: Sent: Monday, July 01, 2002 3:21 PM Subject: RE: OT - Networkers, Orlando [7:47846] I'm going. I'd be interested in a groupstudy get together. I am taking the CCIE PS on Monday and 350-001 exam on Tuesday morning. Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47880t=47846 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New Subnet Rule [7:47670]
Try configuring your machine(s) with addresses in the following networks: 198.62.0.0/28 - e.g. 192.168.0.1-14 and 192.168.0.240/28 - e.g. 192.168.0.241-254 This would be utilizing the all-zeros and all-ones subnets of 192.168.0.0/24 You tested configuring machines in the *networks* 192.168.0.0/24 and 192.168.255.0/24 - not subnets of 192.168.0.0/16 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Saturday, June 29, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: Re: New Subnet Rule [7:47670] I have successfully used both an all-zeros and an all-ones subnet on Windows 9x. (192.168.0.0/24 and 192.168.255.0/24) Works fine. Mike W. Kazan, Naim wrote in message news:[EMAIL PROTECTED]... Ok, now that we know the answer to that question? Will windows support subnets 0-255. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47756t=47670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New Subnet Rule [7:47670]
To be more correct I should have said: Try configuring your machine(s) with addresses in the following subnets: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Benjamin Kessler Sent: Saturday, June 29, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: RE: New Subnet Rule [7:47670] Try configuring your machine(s) with addresses in the following networks: 198.62.0.0/28 - e.g. 192.168.0.1-14 and 192.168.0.240/28 - e.g. 192.168.0.241-254 This would be utilizing the all-zeros and all-ones subnets of 192.168.0.0/24 You tested configuring machines in the *networks* 192.168.0.0/24 and 192.168.255.0/24 - not subnets of 192.168.0.0/16 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael L. Williams Sent: Saturday, June 29, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: Re: New Subnet Rule [7:47670] I have successfully used both an all-zeros and an all-ones subnet on Windows 9x. (192.168.0.0/24 and 192.168.255.0/24) Works fine. Mike W. Kazan, Naim wrote in message news:[EMAIL PROTECTED]... Ok, now that we know the answer to that question? Will windows support subnets 0-255. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47757t=47670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NE Indiana [7:47507]
Sorry for the cross-post. Anyone from Northeast Indiana please reply to me off-list. Thanks, Ben Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47507t=47507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: max routers in a hsrp group [7:46584]
I know I've done four at one time (long story) without incident; I generally don't like to have more than two...how many are you trying to configure? Why? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Phil Wallisch Sent: Friday, June 14, 2002 10:19 AM To: [EMAIL PROTECTED] Subject: max routers in a hsrp group [7:46584] Hi all. Does anyone know the maximum # of routers allowed in a HSRP group? I've read through the RFC and don't see this limit mentioned but a coworker says it's 4. Get your FREE download of MSN Explorer at http://explorer.msn.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46590t=46584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Parity errors and Cosmic radiation! [7:46282]
I have a client who experienced this as well on a pair of 7206VXR's. The two routers rebooted themselves due to memory parity error. The cosmic radiation was kind enough to cause the reload in the wee hours so no harm done. What's weird is that we have six 7206's in the same cabinet but only two experienced the problem. The two afflicted routers just happened to service the same group of subnets (HSRP peers)...kinda strange. TAC dude wanted me to remove and re-seat the memory in the routers. He said that if the problem happened again that they'd replace the memory. I opened up one of the routers to find that the memory is not only secured by retaining clips on each side but it also has a screw through it...I didn't bother on the other router. (knocking on wood) It has been several months since that happened and we've run clean since. If you're seeing this on a brand-new box, I'd guess infant mortality. Perhaps you can convince TAC to send you some new memory if you're still fighting this problem. If new memory still has the problem then you'll need to look at environmental conditions in your data center - e.g. grounding, heat, a lot of EMI, etc. Farooq Ali wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all: I am a giga-lurker on this list and over the past 3 years have benefitted a lot. Have been able to achieve a lot due to the knowledge shared on this list. I would like to thank all for that. The reason I am writing now is an issue which is a bit mind boggeling. We do have a solution but I found it a bit funny hence sharing it here. One of our offsite routers a 7206 vxr in New York site was having a problem, we had this brand new router crash on us twice in a week and after opening a ticket with TAC, we sent them an upload of our sh tech output. They told us that we have parity issues and guess what? the parity is bad cause of Cosmic radiation! I am taking the solution on face value and not making a fuss about it, but wanted to hear from the more experianced folks on this list on how does minimal radiation is able to set the 0 to 1 or viceversa, while my router is not located in say Alpha quadrant in subnebular terrain. Its in NYC! :) here is a link to this phenomena on cisco site: http://216.239.51.100/search?q=cache:xbNsvjHnXUIC:www.cisco.com/warp/pub lic/ 122/crashes_pmpe.html+soft+parity+errors+and+cosmic+radiationhl=en Any ideas! Kfali CCNP security, afraid of the written. -- ___ Sign-up for your own FREE Personalized E-mail at Email.com http://www.email.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46397t=46282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: which is the best Router for the following tasks [7:46288]
Look at the new 1700's (I think it's called 1760 or 1761) - they've got a 1U rack form factor. I haven't laid hands on one yet but it looks promising. It's only got one 10/100 Ethernet built-in but you can add a 10mb Ethernet via a WIC. Obviously you'd need another WIC for the serial I don't know how much punishment the CPU on these routers can take - thinking about QoS, Firewall, IPsec, NAT, etc. Anyone work on one of these yet? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Kaberna Sent: Tuesday, June 11, 2002 4:43 PM To: [EMAIL PROTECTED] Subject: Re: which is the best Router for the following tasks [7:46288] 2611 if you want Ethernet and 2621 if you want Fast Ethernet. I generally don't like to work with anything under a 2600. You can also look at the 1751. The problem with the 17XX series is they aren't rack mountable. Fab Perez wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi news I need to pickup a Router with the following features: _ 2 Ethernets _ 1 V.35 Serial / Sync _ QoS _ Load Balancing (EIGRP ?) _ NAT _ Firewall Thanks in advance. -- Fab Perez .net .admin www.inet.co.cr [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46398t=46288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS Caveats: Do I just need more coffee?? [7:46346]
Nothing like the bleeding edge... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Wednesday, June 12, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: IOS Caveats: Do I just need more coffee?? [7:46346] I just don't get this. I'm looking at the IOS releases for the Cat6k and I see there is now 12.1(11b)E4 and we're running 12.1(11b)E3. So, I check to see if there are any new features...none listed. Then, more interestingly, I check the resolved caveatsnone listed. So, if there are no resolved caveats and no new features, why is there an E4 release in the first place?? With no bug fixes and no new features, how is E4 different than E3? Okay, back to work John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46396t=46346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: why copy tftp run retain some old config ??? [7:45323]
Do a copy tftp start and then reload. Hi.. Dear all, Why you I copy the config from the tftp server to replace the old config on the router (copy tftp run) or copy the config from startup to running (copy star run). But the resulting config is not exactly the same as the config that I copy run. It retain some of the old parameter or config. For eg. When I copy start run My start-up config is ip route 10.0.0.0 255.0.0.0 50.100.45.4 My running config is ip route 10.0.0.0 255.0.0.0 50.100.45.3 After I copy start run, the resulting config become ip route 10.0.0.0 255.0.0.0 50.100.45.4 ip route 10.0.0.0 255.0.0.0 50.100.45.3 And when I copy the config from tftp server to my run config (copy tftp run) My tftp config interface Ethernet0 description To Office Ethernet ip address 80.8.200.113 255.255.255.240 no ip directed-broadcast ip accounting output-packets ip route-cache same-interface My running config interface Ethernet0 description To Office Ethernet ip address 70.8.200.113 255.255.255.240 no ip directed-broadcast ip accounting output-packets ip route-cache same-interface traffic-shape group 105 5000 7000 7000 1000 But the resulting config become as below interface Ethernet0 description To Office Ethernet ip address 80.8.200.113 255.255.255.240 no ip directed-broadcast ip accounting output-packets ip route-cache same-interface traffic-shape group 105 5000 7000 7000 1000 WHY??? Why it is not the same as the config that I copy from but the combination. How to solve this?? CT == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45452t=45323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Provider Backbone Engineering and CCIEs [7:44876]
One of the nice features of Ethereal is that you can do TCP Stream Analysis. Basically, this shows the ASCII stream of data going back-and-forth between the client and server. When analyzing telnet sessions it is pretty easy to see the clear-text passwords this way. HTH Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sasa Milic Sent: Friday, May 24, 2002 2:32 PM To: [EMAIL PROTECTED] Subject: Re: Provider Backbone Engineering and CCIEs [7:44876] Because pop3 username and password use two packets (one for USER username and another for PASS password command). With telnet, every keystroke is transmitted in separate packet. It is possible to collect them all and reconstruct username/password, but it's not trivial as with pop3. Sasa CCIE 8635 Henrique Duarte wrote: Why can't I sniff my telnet login/password in clear text but can sniff my pop3 login/password in clear text? I'm using Sniffer Pro 4.5. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45226t=44876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SYSLOG time stamp problem [7:44949]
I know on RedHat you have to ensure that syslogd is started with the -r flag so that it accepts syslog messages from remote systems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steven A. Ridder Sent: Friday, May 24, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: Re: SYSLOG time stamp problem [7:44949] Speaking of syslog, if a syslog daemon is running on a unix machine, is that all that needs to happen for it to collect messages. I can get a Kiwi syslog program to work, but if I have a customer set up syslog on unix, nothing is in the logs, even though the router claims to have sent him messages (and all connectivity is working). -- RFC 1149 Compliant. Jeffrey Reed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I set up a syslog server and have a problem with the time stamp in a sys log message. When a message is sent to my syslog server (using solar winds syslog monitor) the date/time field is correct, but the time stamp with the message itself is not, its 4 hours ahead. I show calendar and clock on the 6500 MSFC and they are both set correctly. I have the system set up for EST and daylight savings, so I think the syslog facility is not factoring in those settings. How can I get the syslog message to display the correct time? Thanks!! Jeff Reed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45227t=44949 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridge and switch [7:44649]
If you substitute the word segment where they have subnet then I'd be happy with the description. I've seen others use the two terms to mean the same thing, I suppose you could argue it both ways. In my mind, segment = L2; subnet = L3. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Jones Sent: Wednesday, May 22, 2002 1:59 PM To: [EMAIL PROTECTED] Subject: Re: Bridge and switch [7:44649] I was under the impression that, while a switch is often termed a multiport bridge, there is one fundamental difference in the way the two devices forward frames. While my source is not always the most credible or reliable (Course Technology Networks Plus book), it does cause me to stop and think for a minute. Anyway, the difference (as described in the book) is as follows: If a multiport bridge determines (based on the destination MAC address) that the destination node is on another subnet, it will broadcast the frame out all ports except the originating port. A switch, on the other hand, is smart enough to only forward the frame out the destination port. Both devices handle unknown frames and broadcasts the same way, ie. they will forward the packets out all ports except the one the frame was received on. Any thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44806t=44649 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Relation between port and interface [7:44804]
Jose, Here's a snip that talks about your message... http://www.cisco.com/warp/public/473/62.shtml#casestudy5: Unfortunately, given their explanation, it doesn't really explain what port 51 is now does it... I know this is a cop out, but if you can you might want to look into upgrading code on the cat3500 because later versions produce better debug output. Here's a sample that I took from one of my 3548's: May 15 17:06:53: .0c07.ac01 has moved from port Gi0/2 to port Fa0/12 in vlan 115 May 15 17:06:56: Addaddress .0c07.ac01, on port Gi0/1 vlan 115 May 15 17:06:56: .0c07.ac01 has moved from port Fa0/12 to port Gi0/1 in vlan 115 The above is from a switch that I've been running 12.0(5)WC3b on for the last three months. HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jose Celestino Sent: Thursday, May 23, 2002 6:02 AM To: [EMAIL PROTECTED] Subject: Relation between port and interface [7:44804] So what's the relation between a port and an interface in a IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE when in debug ethernet-controller address. For instance: May 23 12:00:00 aaa.bbb.ccc.ddd 622964: 1y9w: 0050.8bd3.f768 has moved from port 10 to port 51 in vlan 1 May 23 12:00:00 aaa.bbb.ccc.ddd 622966: 1y9w: 0050.8bd3.f768 has moved from port 51 to port 10 in vlan 1 May 23 12:00:00 aaa.bbb.ccc.ddd 622968: 1y9w: 0002.a5e8.d9a1 has moved from port 39 to port 51 in vlan 1 May 23 12:00:00 aaa.bbb.ccc.ddd 622970: 1y9w: 0002.a5e8.d9a1 has moved from port 51 to port 39 in vlan 1 How can I locate port 39 and port 51 physically on the switch? Is this int fa0/39 and gi 0/2 ? -- Jose Celestino SAPO.pt::Systems http://www.sapo.pt - Quod licet Iovi non licet bovi. (What Jove may do, is not permitted to a cow.) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44817t=44804 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Design... Hmmm [7:44417]
Ah yes, the financial industry...I'm glad someone else can feel my pain. I've been consulting in this industry for the last five years and let me say that I'm not surprised by too much anymore. I actually had the pleasure of meeting the authors of the Advanced IP Network Design book when they were writing it. Our paths in life crossed because of a CAP case I had open with one of my previous clients (this is circa 1998). My knowledge if IP routing (EIGRP specifically) was greatly enhanced after a couple of days at the white board with them. Personally, I don't think you could do an either-or comparison between their book and the Top-Down Net. Design; it's more of an AND. If only my client had gained as much from the meeting as I did... We implemented the short-term band-aids to achieve stability but I couldn't get them to address the root cause of their problem - a bad network design...but I digress. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck Sent: Sunday, May 19, 2002 3:01 PM To: [EMAIL PROTECTED] Subject: Re: Network Design... Hmmm [7:44417] obviously you've never worked in a brokerage firm ;- my point being that you can get away with a lot, up to a certain point. When that point is reached, you can throw hardware and/or bandwidth at the thing, and buy some more time. Maybe a lot of time. Or you start over, and do things right, from the start. I would suggest that there are special cases even in the most well designed and planned networks, where there are islands of chaos. I agree that there is nothing like having whomever tell you what the solution is, rather than tell you the problem. We need a T1. We need a P5 machine. We need more RAM. Whatever. Working for whom I work for these days, the answer is always yes, sir. Sign right here ;- Steve Watson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I was speaking in general terms. While it is conceivable to build a network without customer requirements and (to a degree) it will be functional, the network has no room for growth and more than likely will be hard to manage. The buzzwords scalability and efficiency come to mind. The best place to start (correction the ONLY place to start) is to define the customer's requirements (now and for the 18 - 24 months) so you design and implement a viable solution that has room to grow. I have done, in the past, what you have mentioned below and were met with the same frustration you were (inefficiency and network loading problems). That's why I tell my customers; don't tell me you need a T-1 (nowadays everybody wants a DS3) tell me what will ride this circuit and we will do an analysis of bandwidth to determine what is best... yada.. yada.. yada.. Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck Sent: Sunday, May 19, 2002 12:22 PM To: [EMAIL PROTECTED] Subject: Re: Network Design... Hmmm [7:44417] Steve Watson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This was not a comparison of network design methodologies, it was mean to be humorous (I totally agree with the top down process). The idea of build a network and they will come simply does not work! CL: au contraire, mon ami! I give you the small brokerage firm I used to work for. Filled with unsophisticated users. When I arrived there was no WAN and no LAN to speak of - the so called LAN was dictated by the quote service vendor. I put in a real LAN with e-mail. That took off like crazy. I put in a real WAN with the branches able to send e-mail to eachother, and that took off even crazier. I put in an internet connection, and sure there was the usual crap with people checking out the adult entertainment, but you know, I had guys who could prior to my arrival couldn't tun their computers on going out and finding some realy nice investment sites and services that helped them tremendously in their business. At the time of my leaving, the LAN./WAM was starting to show signs of stress. In the course of my cetification pursuit, I have learned all the things I did wrong. But I gotta say, you have to start someplace, and it remains true that if the facilities exist, the user community will find a lot of ways to use those facilities. The context of the other book was that no network will function properly if Layer 1 is not designed correctly. BTW, how many is too many? :-) Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Priscilla Oppenheimer Sent: Saturday, May 18, 2002 2:04 PM To: [EMAIL PROTECTED] Subject: Re: Network Design... Hmmm [7:44417] At 08:49 PM 5/17/02, Steve Watson wrote: I am reading Priscilla's book Top Down Network Design for the second time for a refresher and decided to hit the pool after I got home. Thanks for reading Top-Down Network
RE: traffic analyzer [7:41327]
While we're off-topic (somewhat) - What are people doing for non-Ethernet traffic analysis? I'm specifically interested in T1 and V.35 interfaces I've used Sniffers for this in the past with quite a bit of success however given the current state of the economy, etc. my current client is interested in seeing what their options are in this area. Obvously in the Ethernet Market there's Ethereal, Etherpeek, Network Instruments, etc. My preference would be to have the same interface (assuming it would be GUI...) regardless of the network technology being analyzed. I've been spoiled by the distributed sniffer product for remote sniffing and am looking for similar functionality. Thanks for the input. Ben - Original Message - From: supernet To: Sent: Friday, April 12, 2002 12:42 AM Subject: traffic analyzer [7:41267] Hi Dear Friends, I have 1 branch office connected to main office by frame relay. I noticed a lot of traffic across this link and would like to find out what they are. The problem is I don't have access to the branch office, therefore, everything has to be done in main office. I tried sniffer pro, etherpeek and anasil but they only allow me to specify a particular source IP, not the whole branch office subnet. Is there any other software I can use? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41327t=41327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: traffic analyzer [7:41343]
While we're off-topic (somewhat) - What are people doing for non-Ethernet traffic analysis? I'm specifically interested in T1 and V.35 interfaces I've used Sniffers for this in the past with quite a bit of success however given the current state of the economy, etc. my current client is interested in seeing what their options are in this area. Obvously in the Ethernet Market there's Ethereal, Etherpeek, Network Instruments, etc. My preference would be to have the same interface (assuming it would be GUI...) regardless of the network technology being analyzed. I've been spoiled by the distributed sniffer product for remote sniffing and am looking for similar functionality. Thanks for the input. Ben - Original Message - From: supernet To: Sent: Friday, April 12, 2002 12:42 AM Subject: traffic analyzer [7:41267] Hi Dear Friends, I have 1 branch office connected to main office by frame relay. I noticed a lot of traffic across this link and would like to find out what they are. The problem is I don't have access to the branch office, therefore, everything has to be done in main office. I tried sniffer pro, etherpeek and anasil but they only allow me to specify a particular source IP, not the whole branch office subnet. Is there any other software I can use? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41343t=41343 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Line protocol goes up and down [7:39766]
I've seen similar behavior when both ends receive clock but no data passes end-to-end. I recently experienced this when the telco didn't have a cross-connect set right somewhere in the middle of the long-haul ckt. I saw that both ends were sending packets (via simple 'show int' counters) but weren't receiving any. PPP will try to come up but eventually times-out when it doesn't get anything back from the remote end. You can turn-on some debugs to see if you're having similar problems. HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of maamun Murangwa Sent: Thursday, March 28, 2002 10:05 AM To: [EMAIL PROTECTED] Subject: Line protocol goes up and down [7:39766] Hi, I'm having a problem with a serial interface line protocol going up and down every few seconds. All i can see is the the carrier trasitions increasing, this is a fiber link, so i presume, there shouldn't be alot of errors. I have changed the cable, still no luck. Telco still says they have run loops and dont see any thing wrong with the link. I have also changed encap to PPP, still no luck Attached is the show interface output Serial1/5 is up, line protocol is up Hardware is M8T-X.21 Description: Bussiness Systems Ltd Internet address is 212.xx.xx.xx/30 MTU 1500 bytes, BW 1024 Kbit, DLY 2 usec, reliability 172/255, txload 1/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set Keepalive set (10 sec) Last input 00:00:02, output 00:00:02, output hang never Last clearing of show interface counters 04:58:14 Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/8/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 208 packets input, 4992 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 3946 input errors, 3059 CRC, 0 frame, 17 overrun, 0 ignored, 870 abort 5703 packets output, 451522 bytes, 0 underruns 0 output errors, 0 collisions, 707 interface resets 0 output buffer failures, 0 output buffers swapped out 707 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up --More-- *Mar 28 03:25:33.997 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:28:24.013 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:28:44.025 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:29:34.029 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:29:54.029 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:31:24.037 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:31:26.029 gmt: %LINK-3-UPDOWN: Interface Serial1/5, changed state to up *Mar 28 03:31:54.061 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:32:04.057 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:32:34.065 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:32:44.065 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:33:04.065 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:33:14.065 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:33:34.073 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to down *Mar 28 03:34:34.081 gmt: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial 1/5, changed state to up *Mar 28 03:34:36.073 gmt: %LINK-3-UPDOWN: Interface Serial1/5, changed state to up Thanx in advance Maamun __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39774t=39766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: clock rate [7:38908]
1. in FR, when we specify clock rate for 64k, we use clock rate 64000, why not 64 x 1024 = 65536 ? and for 1.544 mbps, we use 148000, why not 1.544 x 1024 x 1024 ? This isn't just FR, but any connection that uses T1 signaling. At 8000 frames/s (these are T1 frames); each frame is composed of 8-bits per channel (x 24 channels) plus a framing/signaling bit (ESF). As a result, each DS0 (channel) is 64000 bits/s. This has nothing to do with the binary calculation of 2**16 which equals 65535. There is a common confusion between base10 and base2 in the computing industry - just check any Dell ad; they footnote their definition of GB to equal a billion bytes (Toshiba does this too - I'm sure there are others) rather than the 2**30 that we may be used to. 2. in OSPF, when config a loop back interface with address 128.10.10.10/24 and in other router, we can see the rout to 128.10.10.10/32 ?? but if we config an ethernet interface, it is 128.10.10.10/24, any reason ?? or simply the behaviour in OSPF ? I don't know if this is per the RFC or just Cisco's implementation (actually, I really don't care...so I haven't bothered to look it up) but because the router sees the interface as a loopback type (vs. broadcast, non-broadcast, point-to-point, point-to-multipoint) it knows that there is only one valid address for that network and advertises the host route. This causes a classic VLSM/FLSM problem when redistributing to IGRP as the loopbacks in the OSPF domain become unreachable in the IGRP domain without taking specific steps to provide reachability. One method is to manually modify the ospf interface type of the loopback; if you change it to point-to-point the network configured on the loopback interface (in your example 128.10.10.0/24) will be advertised in OSPF rather than the host route. Another way to handle this is via the default-network command but that wasn't your question and it has been covered many times on this list so if you want more info about it check the archives. HTH, Ben Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38921t=38908 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Management VLANs? [7:38282]
I think Cisco generally recommends that your switch mgmt interface is on a different VLAN than your regular (read: end-user/server) devices. This helps isolate broadcast/multicast traffic so the switch CPU doesn't have to process it - especially critical in networks where there is a high percentage of broadcast/multicast traffic. Additionally, there's a security component to this line of thinking; if you have an isolated subnet purely for switch management then you can restrict (at the router) who is allowed into that network; this is in addition to the various access controls you can employ on the individual switches. A word of caution though...I wouldn't recommend that you have a single mgmt VLAN that spanned your entire network unless you work in a really small shop - this breaks all sorts of rules in the Core-Distribution-Access religion and can be difficult to manage. Last note; I've seen a document (but can't place my fingers on it now) that recommended that you NOT use VLAN # 1 as your mgmt VLAN. Unfortunately it didn't elaborate as to why. HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Kelker Sent: Thursday, March 14, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: Management VLANs? [7:38282] this isn't a direct CCNP cert question, but I was thinking of trying to make my network infrastructure easier to navigate. I was thinking of creating a VLAN on a certain IP scheme and have each piece of equipment have a virutal interface on it. Am I going about this the right way? How do some of you address this issue? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38296t=38282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 4006 with Sup III [7:37504]
I haven't seen the Sup III for Cat4K's yet but I do have a bit of experience with the L3 cards and am fairly unimpressed. After working with the 6500's (with MSFCs) configuring a Cat4K with L3 module certainly seems like a few steps backwards. My current client has a couple of Cat4K's with L3 modules that we'll be replacing this year with 6509's and MSFCs. Last time I checked (perhaps this is different now) there were only three different versions of IOS available for the L3 module; to make matters worse, the code seemed to be written by the same group that writes 8540 code - based-on my personal experiences with the 8540 platform this didn't give me a high level of comfort. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Kekai Sent: Wednesday, March 06, 2002 8:23 PM To: [EMAIL PROTECTED] Subject: Cisco 4006 with Sup III [7:37504] Hello, Is anyone out there running Cisco 4006's with the new Sup III? If so what has been your experience with them? We are interested in using a pair of them as distribution switches with L3 capabilities to run OSPF. I know the 4000's had problems with this before so I was wondering if the new Sup III solved some of the old issues. Thanks in advance, Daniel _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37568t=37504 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cissps [7:36391]
As someone who has achieved both certs, I'd have to voice an objection to the common myth that the CISSP is on the same level as the CCIE; it's not even close. The CISSP is well-known (it was listed in some rag as one of the top ten certs to get this year), but it is entirely theory. That in itself isn't bad; but if I were looking to hire someone for a security position, I would not hire someone who only had their CISSP; I would also be interested in something that certifies them on a particular platform (e.g. Checkpoint CCSE). I agree with Godswill's statement though If you can't beat them, join them. I see a lot more positions requiring a CISSP cert when doing US Gov't work; but it seems to be moving more into the mainstream. I think it's kinda like the CCNA three or so years ago; not too many people had it so it was worth $$. Now that a lot of people have the CCNA, it doesn't open as many doors as it used to (and the $$ aren't there either) - it won't be too long before the CISSP is in a similar boat; then there will be some other cert that everyone has to get... You gotta love this industry :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Godswill Oletu Sent: Monday, February 25, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: Re: Cissps [7:36391] Though it is a paper and ink certification, it seems to be the Security certification most recruiters know off. If you can't beat them join them. I have not seem any recruiter naming CSS1 or stuff like that, though that might be because it is relatively new, however they do not even give the CCNP+Security specialist good exposure. Many also consider the CISSP as the security equavilant of CCIE, I really do not seem the similarities or where both of them have a tie. Enjoy. Godswill Oletu - Original Message - From: Chris Sweeting To: Sent: Monday, February 25, 2002 8:52 AM Subject: Cissps [7:36391] Is Cissp worth getting? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36426t=36391 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Secondary ip address and ip helper-address [7:35533]
flip-flop your primary and secondary addresses on the hub router: interface Ethernet0 ip address 192.168.1.1 255.255.255.0 secondary ip address 192.168.13.1 255.255.255.0 ip helper-address 192.168.12.17 This will let the old 192.168.1.x addresses age-out gracefully while assigning new addresses from the 192.168.13.x range. I'm assuming here that your DHCP server is configured to pass-out addresses from 192.168.13.x. You were having the problem because the router helpers the DHCP request using its primary address -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of J-B Sent: Friday, February 15, 2002 1:50 PM To: [EMAIL PROTECTED] Subject: Re: Secondary ip address and ip helper-address [7:35533] I have done what you just mentioned(everything works except DHCP), the range that needs to be pass out is the new range which is related to the new ip secondary address. The user in Hub site(current ip layout is 192.168.1.0) should get an ip address for the new layout(192.168.13.0) Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As a test, statically configure a client to be on the 192.168.2.0 network with correct gateway info, mask, etc. Then 1, try pinging the server and see if that works, and two, change config to dhcp then. What range is the dhcp server supposed to be passing out, the secondary addresses range, because it won't work either. The DHCP server must pass out the primary address range because that's where the packet is coming from. -- RFC 1149 Compliant. J-B wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well the clients have not ip address, what we are doing is remove all ip address from the clients and enable DHCP Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I bet the clients are on the new secondary networks? Is that true, because if so, ip helper only works on the primary interface's address and not on the clients on the secondary network. It won't pick up the secondary networks broadcasts. -- RFC 1149 Compliant. J-B wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Team, I have the following problem: Our network has 10 sites, I am in the process of readdressing current network. I have setup secondary ip address on every site, At the present time I am setting up a wk2000 dhcp/win server in one site. The problem is that I am not able to obtain ip address from the DHCP server via the WAN, it works fine in the site where it is locate. The layout is the following: Hub site interface Ethernet0 ip address 192.168.13.1 255.255.255.0 secondary ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.12.17 ip directed-broadcast no cdp enable interface Serial0 no ip address ip directed-broadcast encapsulation frame-relay IETF no ip mroute-cache frame-relay lmi-type ansi interface Serial0.3 point-to-point description Spoke site bandwidth 384 ip unnumbered Ethernet0 ip helper-address 192.168.12.17 ip directed-broadcast frame-relay interface-dlci 26 Spoke site interface Ethernet0 ip address 192.168.12.1 255.255.255.0 secondary ip address 192.168.2.1 255.255.255.0 interface Serial0 no ip address encapsulation frame-relay IETF no fair-queue frame-relay lmi-type ansi ! interface Serial0.1 point-to-point description connection to Hub ip unnumbered Ethernet0 bandwidth 384 frame-relay interface-dlci 16 ! The ip address of the DHCP sever is 192.168.12.17 Be aware that I have not problem pinging to the DHCP server from the Hub site. Team, what I am doing wrong here...HELP Thanks (nothing can replace experiencewo) JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35548t=35533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - CCIE LAB and NDA [7:34244]
We could debate the TR vs. Ethernet thing 'till the cows come home Are there any new Token-Ring networks being deployed? Probably not. Unfortunately, there are still a TON of Token-Ring networks in use. Lately, I've seen these in financial settings mostly. I know of one brokerage company (who shall remain anonymous) that recently moved some legacy AS/400's from one location to another and had to update a bunch of DLSw peering statements (~200) so a customer contact database application still worked. The Financial industry (banks, brokerages, etc.) is notorious for using really old technology. Anyone ever see how ATM (Automatic Teller Machine) networks are built? There are a lot of them still running on analog multi-drop 4.8K lines. Some of the on-line brokerages send their orders via old bi-synch or x.25 technology rather than the various IP-based methods available (don't believe all the commercials you see to the contrary). What are the chances that a CCIE candidate will see Token-Ring in a production network? I guess it depends on the industry they work in. Up until a year ago CCIE candidates needed to know AppleTalk for the lab; I would bet that the percentage of engineers who have to support TR/DLSw/Bridging in their regular jobs is quite a bit higher than those who support AppleTalk networks. (sorry Priscilla :) Cisco may remove TR at some point just as they did with AT and DECNet, etc. but for now it's on the test so buck-up and learn it :) My $0.02 Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Sunday, February 03, 2002 8:19 PM To: [EMAIL PROTECTED] Subject: Re: Off Topic - CCIE LAB and NDA [7:34244] Token Ring is still on the written because Cisco doesn't seem to have the resources to update the test?? Is it still on the lab? (Or can't you tell me because of NDA?) ;-) I haven't run into a Token Ring shop that wasn't planning to update to Ethernet in a long time. But that planning to update can take years.. Priscilla At 12:32 AM 2/3/02, Chuck Larrieu wrote: before I shut down for the evening, a few random thoughts on the CCIE Lab and NDA. Inspired by several posts here of late from persons asking about topology, IOS versions, or speaking of rumors about equipment changes. 1) It is unclear what really constitutes NDA. Caslow? The ECP1 class? NLI's practice labs? Caslow's new prep class? Cisco's own ASET lab? All of these could be considered violations of NDA in many ways, from topic content to lab topology. Cisco's own ASET program used real but retired CCIE labs. 2) what is it Cisco really considers CCIE level skill? In the past, things like DecNet, Apollo, and Vines were core topics. Cisco has recently dropped those, plus ATM LANE, presumably in response to market conditions. Which leads one to ask - why token ring? The only real world token ring project I have been involved with the past couple of years is ripping them out and replacing them with ethernet. The apologia that there are still some major token ring networks around is a bit lame. There are still some major DecNet networks around, I'm sure. Until very recently ( and maybe they still are ), a major utility company out this way was still running Vines. As was the U.S Navy. 3) Is the CCIE a forward looking certification or not? Based on what I am seeing in the marketplace, the advanced skill levels that one needs to meet demand center around VPN, VoIP, wireless, security, and the underlying infrastructure required to support these technologies. that means lots of QoS, switching, L2-L3 interaction, ATM, giga-whatever, etc. I would purely love to see discussed good focused discussion on core competencies, core issues. But there is that awful specter of NDA that hangs over all of our heads. In a very strange way, NDA is kinda like Santa Claus and the Easter Bunny. We all know what's in the Lab. We all know what study materials are designed to model the Lab. But we don't dare speak the truth in front of the children ( those who haven't been yet ) for fear that some higher authority will trou nce on us if we do. I'm not sure if there is a real point to this message. Maybe what I want to say to all of those who keep asking about Lab equipment, Lab topology, Lab IOS versions, and the like, is that understanding of the core topics is the most important thing. If you have them down cold, the equipment and the topology will not matter. I'd like to comment on the rumor about changes in the equipment, but that damn NDA. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34333t=34244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX over IPSec Tunnel - mystery solved?!?!? [7:34231]
hope your customer isn't a subscriber to this list :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Larrieu Sent: Saturday, February 02, 2002 6:20 PM To: [EMAIL PROTECTED] Subject: IPX over IPSec Tunnel - mystery solved?!?!? [7:34231] It's been a while, so let me restate the problem. R1--internet---R2--ethernet---R3---frame_relayre st of network |-IPsec_tunnel---| IPX encapsulated IPX RIP | |-IPX EIGRP---| hope this makes sense. all routers are seeing all servers and all routes. However, the IPX client workstation cannot see or log on to a server located somewhere in the EIGRP domain. I had been blowing off the customer, telling him it was a workstation / NIC problem. He finally got ticked at me, and I finally went on site to see what I can see. Note - I am in sales, not implementation. The implementation people closed the project once they saw all IPX routes on the R1 router. So I arrive on site, and find that IPX pinging is not properly working. R1 can IPX ping to R2, but not to R3, or anywhere else in the IPX EIGRP domain and visa versa. HHHmmm.. IPX routes are showing up everywhere. IPX servers show up everywhere. debug IPX routing shows routing exchanges taking place. But IPX ping fails from the IPX RIP domain into the IPX EIGRP domain and back. Got a clue? I didn't, so I opened a TAC case. Let me add that R1 and R2 are 827 routers with IP/IPX/IPSec IOS images. R3 and the rest of the network are 1720 routers with desktop images. Cisco's answer, given in an offhand manner after reviewing my configs, blew me away. I can come up with no rationale as to why their solution worked. But here it is: add the statement no ipx route-cache to the tunnel interfaces of the 827's. One of my pals in implementation telneted in, did so, and told me that IPX ping was now working fine from every place to every other place in the network. Cisco TAC told me that it sounded like a problem with fast cache Huh? What further puzzles me is that I cannot duplicate the issue here in my own lab. IPX pinging works just fine from the RIP domain to the EIGRP domain across the IPsec tunnel. 25xx routers all, with more or less the same IOS versions. Well, this one has been fun. chalk up another one to the vagaries of the bloatware that the IOS is becoming/has become. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34236t=34231 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Question [7:34222]
Re your questions: 1 - I think you are correct. In the past candidates were required to configure the F/R switch but I believe this is done for you now. Whether or not you have any access to it is another question...I would have to assume no but I won't know for sure for another 7 days :) 2 - IS-IS routing is one of the topics you may see in the CCIE lab; CLNS routing and other OSI networking protocols are not part of the exam any longer but knowing IS-IS requires at least a basic understanding of CLNS topics (e.g. the NET for one). HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Darrell Newcomb Sent: Saturday, February 02, 2002 4:31 PM To: [EMAIL PROTECTED] Subject: CCIE Lab Question [7:34222] My subscription to the lab mailing list hasn't gone through yet so I figured I should post this question here. We know that in preparation most folks use various products to emulate a Frame Relay switch. Cisco also details the questions I have about FR, but in regards to ATM. http://www.cisco.com/warp/customer/625/ccie/certifications/ATM_FAQs.html 1)It is my understanding that in the lab any FR switch will be an external device not to be configured by the candidate. Just like item 1 in the above URL explains about ATM. Is this correct? 2)Is IS-IS included in the CCIE Lab or does the removal of CLNS stated from http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#43 mean that CLNS is so far out of coverage that it can't be used as local L2 transport for ISIS. Thanks in advance for your input, Darrell http://www.hayaitacos.net/ccie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34225t=34222 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show MAC and in-lost [7:34100]
I'm guessing duplex-mismatch problem. Your in-lost packets are equal to your Rcv-Err, I would read this as the switch saw an incoming packet but it was malformed and threw it away. Generally when I see a switch configured for 100/full and incrementing runts and FCS errors it means the device on the other end is running half-duplex. Hope this helps. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Buri, Heather L. Sent: Friday, February 01, 2002 1:04 PM To: [EMAIL PROTECTED] Subject: show MAC and in-lost [7:34100] Hi all, I am troubleshooting a couple of servers which users say they are losing access to intermittently. I am seeing increasing Rcv-errors on the switch ports and a direct correlation on the In-lost on the show mac command. Instinctively, I would think this means that the errors are being received on the switch port from the NIC. According to Cisco's website, the in-lost errors are caused by an excessive input rate of traffic to the switch port. Which sounds like the switch port is not able to buffer all the information it is receiving. Is there a way to see the buffers on a switch port? I know you can in a router but I don't see a command to do this on the switch. Here is a snippet of what I am seeing. (Keep in mind, I am not even sure this is the cause of the problem the users are experiencing but this is the only unusual item I am seeing.) 12:00 Feb 2, 2002 hodcsan1 (enable) sh port 2/8 Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - 2/8 HOEXMB1 87.140 connected 1 normal full 100 10/100BaseTX Port AuxiliaryVlan AuxVlan-Status - - -- 2/8 none none Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex - - - --- 2/8 disabled shutdown 001 disabled 18 Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left - - - -- 2/8 0 -- -- - Port Status Channel Admin Ch Mode Group Id - -- - - 2/8 connected off 30 0 Port Align-Err FCS-ErrXmit-Err Rcv-ErrUnderSize - -- -- -- -- - 2/8 - 6 0 20 0 Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants - -- -- -- -- - - - 2/8 0 0 0 0 014 0 hodcsan1 (enable) sh port 2/11 Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - 2/11 HOEXMB3 87.144 connected 1 normal full 100 10/100BaseTX Port AuxiliaryVlan AuxVlan-Status - - -- 2/11 none none Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex - - - --- 2/11 disabled shutdown 001 disabled 21 Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left - - - -- 2/110 -- -- - Port Status Channel Admin Ch Mode Group Id - -- - - 2/11 connected off 30 0 Port Align-Err FCS-ErrXmit-Err Rcv-ErrUnderSize - -- -- -- -- - 2/11 - 9 0 24 0 Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants - -- -- -- -- - - - 2/11 0 0 0 0 015 0 Last-Time-Cleared -- Fri Feb 1 2002, 09:56:38 hodcsan1 (enable) hodcsan1 (enable) sh port 2/16 Port Name Status Vlan Level Duplex Speed Type - -- -- -- -- -- - 2/16 HOEXPF1 87.152 connected 1 normal full 100 10/100BaseTX Port AuxiliaryVlan AuxVlan-Status - - -- 2/16 none none Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex - - - --- 2/16 disabled shutdown 001 disabled 26 Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr
RE: whats the diff [7:32819]
Can I ask why you're buying 7204's vs. 7206's? I don't think the cost difference between the two is that great and you get 50% more slots - not to sound like a sales guy or anything. At any rate, my take on the VXR vs. non-VXR thing. The 'regular' 7200's were the first edition of the product line. The VXRs are the new, latest and greatest. I don't think you can put anything faster than a NPE-225 in a non-VXR chassis; so to get the performance boost of an NPE-300 or 400 you'll need to go with the VXR chassis. Taking a quick look at the price list (an old one at that) I don't see the non-VXR chassis listed as an option for the 7204. You used to be able to buy a 7202 but that doesn't seem to be offered anymore either. The on-line docs talk specifically about the MIX interconnects in the mid-plane of the VXR chassis; this is basically for TDM and/or voice applications. I think the bigger kicker is the support for the faster NPEs. http://cco.cisco.com/univercd/cc/td/doc/pcat/7200.htm#xtocid4 Of all the 7200's I've seen in production, they've all be 06's and VXRs except for two non-VXR 7206's that my client is looking to upgrade this year. Last note, there are a few less popular port adapters that aren't supported in the VXR chassis (a full-duplex T/R port adapter for one); I believe for all of those (and there's not many) PAs not supported by VXRs there are other modules that serve a similar purpose which are supported. So this should only bite you if you have a stock of existing PAs that you want to put into the new chassis. Have fun. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Tufaro Sent: Tuesday, January 22, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: whats the diff [7:32819] Whats the Diff between an Cisco 7204 and an 7204VXR. I can't seem to find it anywhere. When you do the config maker on Cisco's site they make you choose that one as the only option for the 7204. Are they the same thing. According to the docs, there ate 3 prod #'s. Cisco7204-DC, Cisco7204-CH and Cisco7204VXR. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32830t=32819 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dialer idle-timeout [7:32740]
dialer-watch will do this as well; it basically removes the interesting traffic requirement. To answer what I think is your original question - with basic ppp dial-in if one side is set to an idle-timeout of 60 seconds and the other set to 600, if the router with the 60-second timeout doesn't see any interesting traffic within the minute, it will tear-down the call. That is why you generally want to make sure that you define the same traffic as interesting on both sides and make sure that the idle-timeout matches (when dialing router-to-router). Obviously, Windoze machines don't have an interesting traffic parameter but I think you can set a timeout if the connection is idle for some period of time. I've seen a lot of dial-up users start a background ping (i.e. minimized DOS box with a ping x.x.x.x -t running) if they want to camp on a dial-up line. That is until ping becomes uninteresting. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Erick B. Sent: Monday, January 21, 2002 4:04 PM To: [EMAIL PROTECTED] Subject: Re: Dialer idle-timeout [7:32740] Hi, 12.2(4)T has a new feature called 'dialer persistant' which keeps a ISDN line up no matter what. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122 t/122t4/ftdperst.htm --- Gaz wrote: I would have thought by definition, if they're not sending or receiving traffic, then no, but am open to correction. What sort of override do you mean. Do you mean something as simple as setting outlook express to poll for new mail every 4 minutes, or a script to ping every 4 minutes, or something more permanent? Gaz kevhed wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have a 3640 as a RAS box for remote dial-in users and have the dialer idle-timeout set for 5 minutes (eitherbound). My question is, does anyone know of a way that a user can override that 5 minute dialer idle-timeout window and keep his/her connection up indefinitely, assuming that the person is not sending or rcv'ing any traffic? Regards, Kevin [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32766t=32740 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS Recommendation [7:32532]
The only way I've seen Cisco recommend any one version of IOS/CatOS over another is 1) for customers with an open P1 case (that has been open for quite a while, escalated to the Nth degree, etc.) where moving to a different version of code would resolve particular known issues that they are facing; or 2) paying for an NSA agreement (big $$ over and above SmartNet). I've also gotten several recommendations from 1st level TAC to upgrade to the latest and greatest but I usually ignore these suggestions. My current client calls this process finding the 'least offensive' version of code. Doing a bug scrub can be quite labor-intensive and unfortunately as Joe-Customer, I'm not able to see all of the open bugs - some are Cisco-internal. I only found that out when I had an open TAC case and the engineer referenced a bug that I couldn't pull up in the bug navigator. Fortunately, my current client runs the network that Noah built - i.e. two of everything; as such I'm usually able to upgrade one of the devices and wait some period of time to see of anything goes wrong before upgrading the other. Obviously not a foolproof method...but, what can you do. I also refrain from using code that hasn't been given time to age several weeks (at a minimum); I figure the chance of a bug being known is higher on code that is 6 weeks old than it is on code 6 days old. I've already identified a few bugs for Cisco, I'm more than happy to spread this experience to others who haven't had the opportunity. If anyone has better ideas I'd love to hear them. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Tufaro Sent: Friday, January 18, 2002 3:45 PM To: [EMAIL PROTECTED] Subject: IOS Recommendation [7:32532] Anyone know where on Cisco's site there is a place to recommend an image for IOS upgrade? Richard Tufaro - MCSE - GSEC- CCNA Network Engineer - Anda Inc. [EMAIL PROTECTED] MSN IM - [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32590t=32532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Blues [7:32440]
Scott, I'm in a similar spot regarding both the calendar and mental state. Let me preface this by saying that I've not (yet) attended the 1-day lab and thus can't be accused of breaking NDA. For what it's worth, these are the operating assumptions I'm using to prepare for my 1st attempt at the 1-day lab. These may or may not be anywhere close to what is contained in the actual lab but I would say that anyone who confirms or dispels my assumptions would be breaking NDA so you probably won't get a real answer. I agree with Brad's comments that you shouldn't be worried with these issues but depending on your study/prep style some people prefer to make checklists of topics/issues to run through. In addition, I feel that getting mentally prepared will help you with issue spotting (ala Mr. Caslow). Without further delay, here are my thoughts on the subject (perhaps worth the $0.02...who knows): ### What I'm assuming will be configured/setup: - Physical cabling - Access-Server configuration (complete) - Frame-Relay switch configuration (complete) - IP addressing on all LAN interfaces - IP addressing on most WAN/Dial interfaces - IP addressing on most Loopback interfaces - Cat IP address(es) ### What may be configured (but maybe not depending on the lab scenario): - Cat default gateway (unless a dynamic solution is required) - ISDN SPIDs - Frame-Relay sub-interfaces (if required) - IP addressing on some F/R interfaces (e.g. main S0 frame interface) - VLANs defined (some) - Ports assigned to VLANs (some) - Simple routing protocol stuff (e.g. RIP on a stub router) ### Simple L1-3 stuff that will probably be left unconfigured (because of the problems that can be caused and/or multiple config. options that 'work' where only one is 'right'): - IP addressing on key loopback interfaces (e.g. routers involved in Virt. Links, etc.) - Frame-Relay address mapping - Dialer maps / dialer string - Datalink encapsulation (PPP, Frame, HDLC, Ethernet trunking, E-net frame types) - Tunnels - NAT - Bridging FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: reverse-telnet info [7:32518]
Yes, and do an atdt5551212 to dial-out...pretty cool stuff (see below). I setup some 3640's a while back as out-of-band management for a client's different data center locations. It was a bit over-engineered (read: $$, see my note on WICs below) but highly-available - thus would provide connectivity in almost any foreseeable outage. Really quick, there were three sites, each with redundant L2 backbone segments. Each 3640 had a dual-port Ethernet - one connecting to each backbone segment, the 8-port analog modem card and a 32-port async module. I configured a loopback interface and advertised it into EIGRP (denying everything else of course, so the term-server didn't become a transit path); and pointed DNS at the loopback interfaces. I had the electricians wire-up some back-to-back patch panels so I could take the octopus cables from the A/S module and plug them in one side and use regular patch cables from the other side to the managed device. (I've since seen a company that sells a patch panel with a scsi cable out the back to connect to the A/S port - a more elegant solution). I convinced the phone guys to give me a few analog lines to connect to each term svr and was in business. For added flair, I setup an autocommand menu system so when people connected (via Telnet or modem) they would be given a menu that simplified the reverse telnet process. Throw in a little TACACS for good measure. What I thought was really sweet (getting back to the original topic) - I took one of my extra data ports at my desk and connected my roll-over cable to it. I patched back through the structured cabling to the console port on the Term Svrs in the location I worked so I could have full-time connectivity OOB to all network gear in my location thus permanently avoiding the laptop drag. In addition, I was able to dial out through the Analog Modem card to the Term Svrs in the other locations as well as any of the remote routers in the field (~200). This was really helpful for remote support from home. :) The thing I didn't like about it was that it didn't come in a smaller package. What I'd really like to see is a WIC adapter that was a 1 or 2-port analog modem or better yet, make the AUX port on the access-level routers an analog modem capable - it can't cost that much. I obviously didn't need eight analog ports for each router on this project but at the time (late 2000) that was what I had to work with. If WICs were an option, I would have been able to do this same thing with 2600's - huge cost difference vs. the 3640's! Anyway, have fun. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of NetEng Sent: Friday, January 18, 2002 1:34 PM To: [EMAIL PROTECTED] Subject: reverse-telnet info [7:32518] Is it possible to do reverse-telnet with an 8-AM card? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32526t=32518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 cards hot swapable? [7:32288]
Yes, even the Sup if you have two of them :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of George Dodds Sent: Thursday, January 17, 2002 9:08 AM To: [EMAIL PROTECTED] Subject: 6509 cards hot swapable? [7:32288] Are 6509 cards hot swapable or does the box need powered down. Cheers George = George Dodds CCNA, MCP __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32296t=32288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: First Impressions - CCIE Practical Studies [7:32237]
I have a couple of nit-picky complaints about the book (as I do about almost every book I read). There are some typo's as a previous poster indicated. One of my biggest pet peeves is the use of the term continuous when the author (probably) means contiguous - one sees this most often when discussing OSPF. Note, this book isn't unique in this mis-use of the term; there are many CCO documents that also make this error. I'm assuming that this is the product of a spell-checker that didn't know the term contiguous, suggested continuous and someone hit replace all. Before the flame-war starts, I know that these two words have *similar* meanings but in this case I - my personal opinion - think that contiguous is 'more right' - besides, it's the term used in the RFC. Since I'm picking nits; the author indicates that the OSPF process ID on a router should be thought of as an Autonomous System ID. This number should be the same on all routers within the autonomous system. Per CCO, this is a locally significant setting used only to distinguish between multiple OSPF routing process on a particular router. If we were to apply the RFC2119 definition of should to this statement one might think that certain problems may occur if this practice wasn't followed. I don't believe this to be the case but I'm sure someone on the list will correct me if I'm wrong. There's nothing wrong with using the same process ID on all of your OSPF routers; I would guess that networks are configured that way more often than not; but isn't a requirement. Given that the lab exam is all about splitting hairs to the most minute detail and knowing the various protocols in depth, it probably should have been noted (as in other texts) that two adjacent routers can have different process IDs configured. There are some outright mistakes in the book - I just checked the CiscoPress site for an errata and didn't see one yet. Here one that I recall off the top of my head: EIGRP - (p.691) at the bottom of the page, the 'distance' command. - this is almost a direct copy/paste from the IGRP chapter; does not include the required information to change the admin distance of the EIGRP routing process (which requires both an internal and external distance); it only lists the syntax to change the distance of a specific neighbor's updates. I find it funny that the EIGRP chapter says For a specific example and more practice with the 'distance' command, see the IGRP chapter. When you look at the IGRP chapter, it uses the same sentence to point you to the RIP chapter. Anyone who has walked into an EIGRP network with multiple, unfiltered redistribution points into a RIP domain will know first-hand the importance of knowing how a router handles internal vs. external EIGRP routes. Additionally, I thought the section on PPP authentication could have used some more work on the one-way authentication options (both PAP and CHAP). Bottom-line, this seems to be a well written book; it gives you some good examples and labs to work on your own, etc. It won't replace any of the other must haves on the bookshelf (e.g. Doyle, Caslow, Thomas, etc.) and unfortunately, (as it seems with all of the books published these days) you have to play 'reporter' and verify the information in the book with some other source (CCO, RFCs, other texts) - this is a topic I could rant on for quite some time (considering the $thousands - literally - I've spent on training materials which contain errors). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 16, 2002 7:18 PM To: [EMAIL PROTECTED] Subject: OT: First Impressions - CCIE Practical Studies [7:32237] Just got my copy. Reading the About the Authors section alone is impressive. All those associated with the book are CCIE's. I look forward to discovering if there are any errors in the book. One would hope not, given the credentials of the writers and reviewers, one of whom was the Halifax Lab Proctor for several years. So far I have browsed all of the first chapter The Key Components for Modeling an Internetwork This chapter covers in good detail all those basic questions - the config register, configuring a router as a frame switch, password recovery, show and debug ( called the big show and the big d respectively, throughout the book. ) building a terminal server, and much much more. This alone tells me that this book might be a good investment for those just starting out, as well as those prepping for the CCIE Lab. Sure, all of this information is available elsewhere, but with this book, it is in one place, easily located, and clearly explained. There is even a section about configuring networking on windoze computers. Considering the number of raw beginners who are coming into the certification process, this is helpful. I'll have more comments after I have had a chance to look at the good stuff. Chuck Message Posted at:
RE: ISDN PRI in a Server PCI slot? [7:32126]
Yes, I think Digi made/makes one. I have a client that used that for their remote access (NT RAS) before I installed an AS5300. I don't have a part number or any experience with them, I just know they exist. Sorry I can offer more... Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bruce Williams Sent: Tuesday, January 15, 2002 11:02 PM To: [EMAIL PROTECTED] Subject: OT: ISDN PRI in a Server PCI slot? [7:32126] Has anyone ever heard of a ISDN PRI module which can be installed in a server? Bruce mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32153t=32126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP neighbor limitations [7:32058]
Obviously a high-bandwidth application. :) What are you installing, a bunch of ATMs or something? I'm assuming that the remote routers will be pretty low-end - 2500/2600 at most. Of the three options, I'd say if you have to do this, EIGRP would probably be the best option. Make sure you design your address space such that you can take advantage of auto summarization in EIGRP. With OSPF, the Design Guide on CCO is purposely vague, but I've heard various Cisco people say you generally want to avoid more than 4-5 areas per router. Assuming that the core of the network also includes other stuff - meaning, these hub routers will connect to other backbone routers, that leaves us with four OSPF areas for these remote sites with each area having ~100 routers which seems a bit excessive (especially considering the supposed low-end routers on the remote side). How would you do BGP? I'm assuming that each remote site is only connected to the hub routers, so would you do a separate BGP AS per remote? If I'm understanding this right, it would be (at best) an administrative challenge at the hub side, manually configuring all of those remote-AS commands. I don't know what the practical limit is on the number of remote AS connections a single router can support. Bottom line, I don't think I'd want to build a new network with this configuration. I'd probably dial-back the horsepower on the hub routers and add a middle (distribution) layer to aggregate the remotes. Given the apparent bandwidth requirements, I'd say that a 3600-series router at the distribution-layer would be sufficient. Connect each remote to two distribution routers and then aggregate all of the distribution routers to the two hub/core routers - say 7200-series. I would recommend that you add to the number of head-end T1's so you can reduce the number of sites per circuit - say no more than 50 per ckt (still a bit high for my tastes but probably workable). If you went with 3620's you probably wouldn't want to have more than one head-end ckt. per distribution router. If you're not interested in having that many distribution routers then you'll need to bump-up the horsepower and we're back to the how many EIGRP neighbors per router question. Well, I've blathered too long. Hope this helps. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robertson, Douglas Sent: Wednesday, January 16, 2002 7:31 AM To: [EMAIL PROTECTED] Subject: RE: EIGRP neighbor limitations [7:32058] This is actually for a practical issue, I have a customer that wants to implement +-400 remote sites connected with redundancy to two core routers. Each router will have three T1's and the 400 sites will be split between the three T1's. This still brings the EIGRP to +-133 EIGRP neighbors per interface and 400 neighbors per router. The customer wants to run EIGRP. I am asking this question to determine if this will be an issue and to find documentation to back this up. The alternative would be to run OSPF or BGP but I need backup info to get the customer to change. Thanks Doug -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 4:49 PM To: [EMAIL PROTECTED] Subject: Re: EIGRP neighbor limitations [7:32058] I don't know about a hard limit but me thinks you'll hit the practical limit first anyway:) Is this an acedemic question??? Dave Robertson, Douglas wrote: Does anyone know of limitation in the amount of EIGRP neighbors on a router. If there is, is this a limitation per physical interface or a limitation per router. I found a document on CCO a couple of months ago that mentioned these limits but I have now searched and searched but cannot find that document again. Appreciate any input D. Robertson -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32162t=32058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Summarization [7:32035]
David, Another thing that I wonder about is the remote end; what do those routers look like? If you have something like this: +-Hub1---Hub3-+ | \ / | RemoteX-+ X +-RemoteY | / \ | +-Hub2---Hub4-+ You'll probably want to restrict what routes the remote routers can advertise. Given the size of your network, it would seem to me that something similar to the following would be more appropriate (disclaimer here, I know nothing of your business requirements nor am I looking at $$ as a limiting factor - which I'm certain it is). I'm making these basic assessments off the fact that your network doesn't seem to follow the standard Cisco Core-Distribution-Access model (yes, I've probably consumed too much of the Cisco Kool-Aid). +-Distr1---Hub1---Hub3---Distr3-+ | |\ /\ /\ /| | RegionA-+ | X X X | +-RegionZ | |/ \/ \/ \| | +-Distr2---Hub2---Hub4---Distr4-+ Within each region you'd have a contiguous block of addresses (both WAN and LAN segments) you then summarize from the distribution-layer routers to the hubs. The hub forward these summary routes to the other hub routers and so on until they reach the remote routers in the other regions. Again, I don't know the requirements of your network but if I were starting with a clean sheet of paper and we wanted to use RFC1918 addresses, I'd probably consider using the 172.x.x.x space. Each region could be a separate /16. If we define the core as the including all of the hub routers as well as the networks connecting them to the various distribution routers and make that the network 172.16.0.0/16 (obviously, there are multiple subnets needed, but they'd all be summarizable in this major net). Then assign a /16 to each region - so RegionA would be 172.17.0.0/16, RegionB would be 172.18.0.0/16, etc. Assuming that you have a data center or two, the server farms in these locations would also connect to the hub routers (ideally behind their own distribution-layer routers which summarize the address space for the server farms into the core). Generally speaking, a design like this will scale into the thousands of sites - obviously YMMV depending on your requirements. The key rule to follow here is that the core of the network is optimized to route packets. This is not the place to enforce network policy (ACLs, QOS, manual summarization, etc.). We all love the network 10.0.0.0/8; it gives us great freedom and allows networks to be built without concern for addressing efficiency. There are some downsides to this though and you've found one. You've been dealt a slightly worse hand though because you sandwich 172.x.x.x networks between 10.x.x.x. I'm going to go out on a limb (kidding) and suggest that your EIGRP configurations have no auto-summary configured, right? In the configuration above, you could allow EIGRP to auto-summarize - you'd actually prefer it because it would mean that you didn't need to manually summarize at all. There are some things you can do to probably make your existing hardware investment work with the current number of sites but it will require that you re-address your network to follow something similar to the design I outlined above just without the separate distribution routers. If you're growing like mad you'll want to ensure that you can get funding for the distribution layer because at some point (if not already) you'll have too many neighbors on each core router which will spark a whole new set of problems. Quickly, on the remote routers, I don't care how big or small the network is, in a (highly) redundant network I try to make sure that each router only advertises networks it's responsible for (e.g. directly connected or down-stream subnets). With EIGRP one of the easiest ways to do this is with the distribute-list command. I try to select a standard ACL number (for example # 5) across the enterprise and then on each router permit only the networks we want - in this case, the remote routers would advertise their directly-connected Ethernet network(s) and maybe a loopback. This will keep EIGRP from thinking that the remote router is a possible transit path to all other networks (especially a problem if you use sub-interfaces on the remote side). Well, I could go on and on but I've got to get back to studying. These are just some suggestions that have worked for me in the past, I'd be interested in what others on the list have experienced. Hope this helps, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 15, 2002 5:51 AM To: [EMAIL PROTECTED] Subject: RE:Summarization (to Ben Kessler) [7:31975] Ben, I'm afraid that when I answered your post it was already buried under tons of other post. I'm sorry, these are the consequences of living in Europe...:- Anyway, thanks for your detailed answer, I hope to get more
RE: NAT Problems with 12.2(5)? RE: Gawd I hate my [7:31999]
I can't speak for the 3600's - the latest I have running on them is 12.1(5)T8 but I only have a couple doing NAT and they're configured with static entries not multiple pools. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kaminski, Shawn G Sent: Tuesday, January 15, 2002 10:07 AM To: [EMAIL PROTECTED] Subject: RE: NAT Problems with 12.2(5)? RE: Gawd I hate my [7:31999] We are using static NATs, no pooling. -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 4:24 PM To: [EMAIL PROTECTED] Subject: NAT Problems with 12.2(5)? RE: Gawd I hate my life [7:31883] Does this have anythign to do with the wrong nat pool being used for a given interface? Or the use of only one nat pool regardless fo interface? -Patrick Kaminski, Shawn G 01/14/02 03:32PM Regarding IOS's, has anyone had any problems with NAT when using 12.2(5)? Without going into details, we're having some NAT issues and it seems to have started after upgrading our routers to 12.2(5). CCO doesn't currently show any NAT problems or bugs with this version. Shawn K. -Original Message- From: Brad Ellis [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: Re: Gawd I hate my life ;-gt; [7:31817] snip Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10, RELEASE SOFTWARE (f snip dont use IOS 12.(5)T10. you folks you should be using 12.(5)T9, it has less bugs in it. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] used Cisco gear: www.optsys.net CCIE Labs, racks, and classes: http://www.ccbootcamp.com/quicklinks.html Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK, so I've been doing rack testing for some people who are going to be going public Real Soon Now. Got some things mocked up. Some of which relate to topics discussed on this forum yesterday and today. I need to check something and issue the command show ip prot enter. r2#sh ip prot % Ambiguous command: sh ip prot r2# well, now... r2#show ip prot? protocol-discovery protocols r2#show ip prot so what is show ip protocol-discovery? r2#sh ip protocol-discovery ? interface Show for a specific interface protocol Show stats about a pariticula protocol stats Show Stats top-n Show Top-N protocols by bytes | Output modifiers OK. so a command I've been using since 11.2 is no longer valid. except that it is on other routers. but look - still good on other routers: r3#sh ip prot? protocols r3#sh ip prot OK, check CCO, no record of any such command as show ip protocol-discovery in any command reference I check. A search of CCO for the phrase reveals nothing. now what? the IOS version in question is: r2#sh ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10, RELEASE SOFTWARE (f c2) sigh. have not run into this before, not in two trips through the lab, not on any number of routers and IOS versions, both at home and in customer installations. Anyone got any clue what show IP protocol-discovery does? sheesh.. another good shortcut down the tubes. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32036t=31999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: show buffers?? clearing totals........ [7:32103]
I think you may have to reload the router to reset these counters. I've never seen a command to reset these counters and given what you're doing a reload might be called for anyway to avoid problems (i.e. memory fragmentation, etc.). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Nawalaniec Sent: Tuesday, January 15, 2002 7:12 PM To: [EMAIL PROTECTED] Subject: show buffers?? clearing totals [7:32103] Hello everyone, I have been looking on Cisco's site for the last hour trying to find a command to clear the counters on the show buffers command. Does anyone know how to clear the totals for the hits, misses, trims, created and so forth? Background Info: I modified the small and middle buffers permanent and min fields to reduce failures which equals dropped packets. I found a few good articles on Cisco's site for explanations and possible causes. First time actually modifying the buffers. =) [OUTPUT] Admin_3662#sho buff Buffer elements: 499 in free list (500 max allowed) 293099375 hits, 0 misses, 0 created Public buffer pools: Small buffers, 104 bytes (total 100, permanent 100): 96 in free list (30 min, 150 max allowed) 314004167 hits, 11608 misses, 13038 trims, 13038 created 1671 failures (0 no memory) Middle buffers, 600 bytes (total 50, permanent 50): 48 in free list (20 min, 150 max allowed) 31006372 hits, 304 misses, 350 trims, 350 created 52 failures (0 no memory) Big buffers, 1524 bytes (total 50, permanent 50): 50 in free list (5 min, 150 max allowed) 1071944 hits, 0 misses, 0 trims, 0 created 0 failures (0 no memory) VeryBig buffers, 4520 bytes (total 10, permanent 10): 10 in free list (0 min, 100 max allowed) 0 hits, 0 misses, 0 trims, 0 created 0 failures (0 no memory) Large buffers, 5024 bytes (total 0, permanent 0): 0 in free list (0 min, 10 max allowed) 0 hits, 0 misses, 0 trims, 0 created Thank you for any help. Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32117t=32103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: conditional static route [7:32108]
policy routing (using route-maps). You can specify next-hop and/or which outbound interface to use, etc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joy Wang Sent: Tuesday, January 15, 2002 8:25 PM To: [EMAIL PROTECTED] Subject: conditional static route [7:32108] Hi Guys, Is there a way to setup a static route on a cisco router so that packets going to the same target get forwarded to different interfaces/addresses according to the source addresses? Your help is greatly appriciated. Joy Wang Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32116t=32108 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gawd I hate my life ;- [7:31817]
Chuck, See my post to the CCIE list from Sat (1/12) titled Re: IGRP Timers I ran into this too... Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 10:39 PM To: [EMAIL PROTECTED] Subject: OT: Gawd I hate my life ;- [7:31817] OK, so I've been doing rack testing for some people who are going to be going public Real Soon Now. Got some things mocked up. Some of which relate to topics discussed on this forum yesterday and today. I need to check something and issue the command show ip prot enter. r2#sh ip prot % Ambiguous command: sh ip prot r2# well, now... r2#show ip prot? protocol-discovery protocols r2#show ip prot so what is show ip protocol-discovery? r2#sh ip protocol-discovery ? interface Show for a specific interface protocol Show stats about a pariticula protocol stats Show Stats top-n Show Top-N protocols by bytes | Output modifiers OK. so a command I've been using since 11.2 is no longer valid. except that it is on other routers. but look - still good on other routers: r3#sh ip prot? protocols r3#sh ip prot OK, check CCO, no record of any such command as show ip protocol-discovery in any command reference I check. A search of CCO for the phrase reveals nothing. now what? the IOS version in question is: r2#sh ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10, RELEASE SOFTWARE (f c2) sigh. have not run into this before, not in two trips through the lab, not on any number of routers and IOS versions, both at home and in customer installations. Anyone got any clue what show IP protocol-discovery does? sheesh.. another good shortcut down the tubes. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31839t=31817 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Gawd I hate my life ;- [7:31847]
Chuck, See my post to the CCIE list from Sat (1/12) titled Re: IGRP Timers I ran into this too... Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 10:39 PM To: [EMAIL PROTECTED] Subject: OT: Gawd I hate my life ;- [7:31817] OK, so I've been doing rack testing for some people who are going to be going public Real Soon Now. Got some things mocked up. Some of which relate to topics discussed on this forum yesterday and today. I need to check something and issue the command show ip prot enter. r2#sh ip prot % Ambiguous command: sh ip prot r2# well, now... r2#show ip prot? protocol-discovery protocols r2#show ip prot so what is show ip protocol-discovery? r2#sh ip protocol-discovery ? interface Show for a specific interface protocol Show stats about a pariticula protocol stats Show Stats top-n Show Top-N protocols by bytes | Output modifiers OK. so a command I've been using since 11.2 is no longer valid. except that it is on other routers. but look - still good on other routers: r3#sh ip prot? protocols r3#sh ip prot OK, check CCO, no record of any such command as show ip protocol-discovery in any command reference I check. A search of CCO for the phrase reveals nothing. now what? the IOS version in question is: r2#sh ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10, RELEASE SOFTWARE (f c2) sigh. have not run into this before, not in two trips through the lab, not on any number of routers and IOS versions, both at home and in customer installations. Anyone got any clue what show IP protocol-discovery does? sheesh.. another good shortcut down the tubes. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31847t=31847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT Problems with 12.2(5)? RE: Gawd I hate my [7:31913]
What platform? I was doing a bug search for 7200's and saw several NAT bugs - some of which are unresolved. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Monday, January 14, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: NAT Problems with 12.2(5)? RE: Gawd I hate my life [7:31883] Does this have anythign to do with the wrong nat pool being used for a given interface? Or the use of only one nat pool regardless fo interface? -Patrick Kaminski, Shawn G 01/14/02 03:32PM Regarding IOS's, has anyone had any problems with NAT when using 12.2(5)? Without going into details, we're having some NAT issues and it seems to have started after upgrading our routers to 12.2(5). CCO doesn't currently show any NAT problems or bugs with this version. Shawn K. -Original Message- From: Brad Ellis [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: Re: Gawd I hate my life ;-gt; [7:31817] snip Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10, RELEASE SOFTWARE (f snip dont use IOS 12.(5)T10. you folks you should be using 12.(5)T9, it has less bugs in it. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] used Cisco gear: www.optsys.net CCIE Labs, racks, and classes: http://www.ccbootcamp.com/quicklinks.html Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK, so I've been doing rack testing for some people who are going to be going public Real Soon Now. Got some things mocked up. Some of which relate to topics discussed on this forum yesterday and today. I need to check something and issue the command show ip prot enter. r2#sh ip prot % Ambiguous command: sh ip prot r2# well, now... r2#show ip prot? protocol-discovery protocols r2#show ip prot so what is show ip protocol-discovery? r2#sh ip protocol-discovery ? interface Show for a specific interface protocol Show stats about a pariticula protocol stats Show Stats top-n Show Top-N protocols by bytes | Output modifiers OK. so a command I've been using since 11.2 is no longer valid. except that it is on other routers. but look - still good on other routers: r3#sh ip prot? protocols r3#sh ip prot OK, check CCO, no record of any such command as show ip protocol-discovery in any command reference I check. A search of CCO for the phrase reveals nothing. now what? the IOS version in question is: r2#sh ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-JS56I-M), Version 12.1(5)T10, RELEASE SOFTWARE (f c2) sigh. have not run into this before, not in two trips through the lab, not on any number of routers and IOS versions, both at home and in customer installations. Anyone got any clue what show IP protocol-discovery does? sheesh.. another good shortcut down the tubes. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31913t=31913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GBIC ??? [7:31770]
Actually, both are fabric-enabled. In the main 65xx box you have the 32Gb/s backplane (BUS) and now you can also take advantage of the Switch Fabric to bump your capacity up to 256Gb/s. Regarding the different 16-port GBIC cards you have three options: 6416 - BUS-only (32Gb/s) - SUP handles all packet forwarding 6516 - BUS and fabric (single fabric attachment) (up to 256Gb/s*) - SUP handles forwarding by default but an optional daughter card can be added to upgrade to dCEF. 6816 - fabric only (dual fabric attachments) (256Gb/s) - dCEF only; integrated daughter card. Here's a link that talks more about the different options: http://cco.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/c60ge_ds.htm Obviously, to take advantage of the switch fabric you need SFMs (Switch Fabric Modules) in the chassis (two to be redundant). * I seem to recall when these products were introduced to me by our local Cisco team someone said that the 6500-series cards (for the 6500-series chassis, it's a bit confusing - you'd think they could use another number) - e.g. 6516 listed above - were only capable of doing 128Gb/s because they were only attached to a single switch fabric and that to do the full 256Gb/s you'd need the fabric-only cards (the 6800-series modules). Just looking really quick, I don't see any docs on CCO that substantiate my memory so if it matters to you, you might want to ask Cisco - perhaps my memory is incorrect or I was given bum scoop from our Cisco reps. Have fun. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of kenairs Sent: Sunday, January 13, 2002 9:10 AM To: [EMAIL PROTECTED] Subject: GBIC ??? [7:31770] Hi Group , From the cisco cd , WS-X6816-GBIC 16-port fabric-enabled Gigabit Ethernet switching module. The module has integrated distributed forwarding and has dual serial connections to the switch fabric module. The module requires GBICs. GBICs are available in three models (SX, LX/LH, and ZX) and have an SC-type connector for use with either MMF and SMF. What is mean by the fabric-enable Gigabit Ethernet switching module ?? Tks WS-X6516-GBIC 16-port Gigabit Ethernet switching module. The module requires GBICs. GBICs are available in three models (SX, LX/LH, and ZX) and have an SC-type connector for use with either MMF and SMF. What is the difference between WS-X6816-GBIC ( fabric-enable ) and WS-X6516-GBIC ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31785t=31770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Summarization [7:31766]
I've done it with about 100 interfaces on 7513's and didn't see this problem. It may be a limitation of the code on the box, memory (as you indicated), or something else. Have you been able to rule-out as many something elses as possible? What does the network topology look like? Do you have redundancy in place - e.g. spoke routers connected to two different hub routers? Are you getting a lot of SIAs? Routes flapping, etc.? How's the CPU on your RSP's looking? Free memory? Buffer misses? There's a common view that EIGRP works fine and can scale infinitely big without going through all of the steps that you'd have to go through for a large-scale OSPF installation. Obviously, this thought is very wrong. I'm guessing that you need to do manual summarization on 200 interfaces per box is because you don't have clearly-defined summarization points in the network - that's the situation I was in when I had to do it on ~100 interfaces. For good or ill, EIGRP will work with a bad network design (I'm speaking from an ideal perspective - please don't be offended, we all have to things at one time or another that are considered bad) up until a point. Beyond that point, it gets really ugly - quickly. In the network I was working on we had 140 sites connected without problems. We started adding more offices and by the time we hit 170 the network was totally unstable. After several weeks of P1/CAP cases we met with the guys who write the code and found out what we were doing wrong - they have since published several CiscoPress books on EIGRP; none existed four years ago :) You can band-aid a broken network by using a lot of the EIGRP features (manual summarization, distribute-lists, etc.). In my case that's exactly what we did, unfortunately, I was not given the opportunity to correct the mistakes that required the band-aids. I have since moved on to new challenges but that network is still in the same state - four years later. Anyhow, if you can offer more specifics, I'm sure those of us on the list would be happy to comment and offer suggestions. I think that if we can solve the reason you need to manually summarize on 200 interfaces you'll be better off down the road. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 5:02 AM To: [EMAIL PROTECTED] Subject: Summarization [7:31766] Hello folks, I'm working in a EIGRP enviroment, and I have some questions for you: Has anyone tried to do a manual route sumarization per interface with more or less 200 interfaces in a 7500? I've tried but I'm having a few problems, the summary routes aren't advertised sufficiently fast to the routers in branch offices. The summary routes are sometimes marked as possibly down in the routers of branch offices, sometimes are up and sometimes are down. Do you know any relationship between memory or cpu (or whatever) of the 7500 and number of interfaces in which you can perform manual summarization? David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31787t=31766 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN dialer watch VS floating static routes [7:31609]
I agree with Jenny's comments. I've also used floating-statics for quite some time to backup frame links. I was playing around with dialer watch in the lab this weekend and it does some 'interesting' things... For one, it seems to do away with the interesting traffic requirement. If the main link goes down and any of the routes in the watch list disappear, the backup link will be brought on-line. I can think of a couple of reasons why this would be attractive but by the same token, it could get rather expensive especially if you have large blocks of time where nothing is going across the line - nights/weekends - but it's still up. With the floating static method, you can utilize time-based ACLs to specify your interesting traffic thus minimizing the impact of a circuit outage over a weekend for example. Definitely try them both out in a lab though; I intend to kick the tires of dialer watch a bit more myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Sunday, January 13, 2002 6:31 PM To: [EMAIL PROTECTED] Subject: Re: ISDN dialer watch VS floating static routes [7:31609] I have always used floating statics to back up a frame relay network. Why? Easy - we're only just migrating to IOS 12.1. And anyway, this particular network has been using floating static routes for the last several years (since *long* before dialer watch was available) - they are flexible, suit the network topology and design, and they work. And our support mob are familiar with them, which is also a useful reason to keep using them. I'd look more closely at dialer watch for a brand new network or major redesign, but right now I personally have no good reasons for changing. YMMV. JMcL Charlie Wehner To: [EMAIL PROTECTED] Subject: ISDN dialer watch VS floating static Sent by: routes [7:31609] nobody@groups tudy.com 11/01/2002 12:49 pm Please respond to Charlie Wehner When configuring an ISDN backup for a frame relay circuit do most people typically use dialer watch or floating static routes. In my scenerio, it's for an eigrp network and a single router. I've seen the following article on Cisco's website: http://www.cisco.com/warp/public/123/backup-main.html However, all things being equal, which one would you use? Thanks in advance, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31809t=31609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2500 Power Question [7:29869]
Per the docs. a 2500 has a *max* draw of 1A @ 110V - YMMV but I'd imagine that you'll see these boxes pull significantly less than the advertised max value. Using the worst case number: 110W/hr * 12hrs = 1320W or 1.32KW At $0.10/KW Hour it will cost ~ $0.13 per router Again, this is based off the advertised max draw. In reality, I'd be surprised if it cost you much more than $0.50/day to run all four full-time. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lin Mi Sent: Friday, December 21, 2001 4:55 AM To: [EMAIL PROTECTED] Subject: 2500 Power Question [7:29869] Anyone know how much power a 2500 pulls? I mean how many kilowatts does it use per hour? How can I tell how much it will cost to run 4 2500s for 12 hours if it costs 10 cents per kilowatt-hour. __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29875t=29869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Stimulators [7:29787]
Even Cisco 2600/3600 routers with ISDN interfaces can simulate the ISDN network, now. Fun stuff! really? cool...can you point me to a link with a sample config? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29798t=29787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: That Friday Follies Question... [7:29473]
Warning, this is a bit longish...I'd be interested in feedback to see if anyone agrees/disagrees, finds this at all helpful, etc. Part of this exercise is to make sure I've got this straight in my head. Here's a CCO link that may help: http://www.cisco.com/warp/public/103/5.html The scenario you outlined can be examined as a straight IGRP problem without confusing the issue by redistributing from/to OSPF. To allow more routes to be advertised in a single update packet, the designers of IGRP decided to only send the three significant bytes of the network address. For Interior links the last three bytes are sent - the first byte is assumed to match that of the outgoing interface; for Exterior and System links, only the first three bytes are sent and the last byte is assumed to be zero. Regarding the three different portions of update messages (snipped from the above link): /Begin SNIP/ Note that an IGRP update message has three portions: interior, system (meaning this autonomous system but not interior), and exterior. The interior section is for routes to subnets. Not all subnet information is included. Only subnets of one network are included. This is the network associated with the address to which the update is being sent. Normally updates are broadcast on each interface, so this is simply the network on which the broadcast is being sent. (Other cases arise for responses to an IGRP request and point to point IGRP.) Major networks (i.e. non-subnets) are put into the system portion of the update message unless they are specifically flagged as exterior. A network will be flagged as exterior if it was learned from another gateway and the information arrived in the exterior portion of the update message. Cisco's implementation also allows the system administrator to declare specific networks as exterior. Exterior routes are also referred to as candidate default. They are routes that go to or through gateways that are considered to be appropriate as defaults, to be used when there is no explicit route to a destination. /End SNIP/ Consider the following topology: R1-R2-R3-R4-R5 Where the following interfaces are configured: R1 - Lo0 - 192.168.10.1/28 E0 - 192.168.10.17/28 R2 - E0 - 192.168.10.18/28 Lo0 - 192.168.10.33/28 S0.1 - 192.168.10.49/28 R3 - S0.1 - 192.168.10.50/28 Lo0 - 192.168.10.65/28 Lo1 - 192.168.10.99/27 E0 - 192.168.10.129/27 R4 - E0 - 192.168.10.130/27 Lo0 - 192.168.10.161/27 S0.1 - 192.168.10.193/27 R5 - S0.1 - 192.168.10.194/27 Lo0 - 192.168.10.225/27 All routers are configured as follows: router IGRP 1 network 192.168.10.0 Here's the routing tables from R1, R3, and R5. Obviously, R3 can see and get to everything but R1 and R5 only see the networks with the matching mask lengths: R1#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 192.168.10.0/28 is subnetted, 5 subnets I 192.168.10.64 [100/9076] via 192.168.10.18, 00:00:02, Ethernet0 I 192.168.10.32 [100/1600] via 192.168.10.18, 00:00:02, Ethernet0 I 192.168.10.48 [100/8576] via 192.168.10.18, 00:00:02, Ethernet0 C 192.168.10.0 is directly connected, Loopback0 C 192.168.10.16 is directly connected, Ethernet0 R1# R3#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 192.168.10.0/24 is variably subnetted, 10 subnets, 2 masks C 192.168.10.96/27 is directly connected, Loopback1 C 192.168.10.64/28 is directly connected, Loopback0 I 192.168.10.32/28 [100/8976] via 192.168.10.49, 00:00:52, Serial0.1 C 192.168.10.48/28 is directly connected, Serial0.1 I 192.168.10.0/28 [100/9076] via 192.168.10.49, 00:00:52, Serial0.1 I 192.168.10.16/28 [100/8576] via 192.168.10.49, 00:00:52, Serial0.1 I 192.168.10.224/27 [100/9076] via 192.168.10.130, 00:00:09, Ethernet0 I 192.168.10.192/27 [100/8576] via 192.168.10.130, 00:00:09, Ethernet0 I 192.168.10.160/27 [100/1600] via 192.168.10.130, 00:00:10, Ethernet0 C 192.168.10.128/27 is directly connected, Ethernet0 I192.168.1.0/24 is possibly down, routing via 192.168.10.130, Ethernet0 R3# R5#sh ip ro Codes: C - connected, S -
RE: STP and Fast Etherchannel / Giga Etherchannel [7:28526]
You can implement fast/gigabit EtherChannels in a STP environment. One of the benefits to F/GEC is that it can take redundant paths between switches and make them appear to STP as a single link (thus no blocking). Don't believe the hype entirely about the performance benefits. Because of the way the traffic is load-shared across the links, you won't get more data between two hosts across a F/GEC than you would across a single link. See: http://www.cisco.com/warp/public/cc/techno/media/lan/ether/channel/prodlit/f aste_an.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of William Sent: Saturday, December 08, 2001 12:27 PM To: [EMAIL PROTECTED] Subject: STP and Fast Etherchannel / Giga Etherchannel [7:28526] When running STP, can fast etherchannel or giga etherchannel can't be implemented?? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28538t=28526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question about moving PVC's. [7:28062]
The ASCII Art didn't come through too well on my e-mail so let me see if I have this straight... NY is the hub, PVCs between DLCI's 300 and 301 (CH) and 300 and 302 (SF). If you want to make CH the hub you'll need to add a PVC between 301 (CH) and 302 (SF); you can then remove the PVC between 300 and 302. This will move the hub from NY to CH. You'll need to contact the provider to have them build the new PVC (and possibly delete the one that isn't required any more if you want to remove the one between NY and SF). Does this answer your question? Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of CiscoG Sent: Tuesday, December 04, 2001 8:39 AM To: [EMAIL PROTECTED] Subject: Question about moving PVC's. [7:28062] Hey all. I have a question regarding Frame Relay PVC's. Let's use the below as an example; NY (dlci 300) | /\ (dlci 301)CH SF (dlci 302) In a Hub+Spoke topology, NY is the hub in this example. What I am unclear of is: is it possible for myself to reconfigure the routers to make CH (dlci 301) the hub and the rest Spokes? Or do I have to call the Frame Relay provider and have them move the circuits for me??? Thanks in advance for your help! -C This electronic mail transmission contains confidential information intended only for the person(s) named. Any use, distribution, copying, or disclosure by any other person is strictly prohibited. If you received this transmission in error, please notify the sender by replying to e-mail and destroy message. Opinions, conclusions, and other information in this message that do not relate to the official business of MARAKON ASSOCIATES shall be understood to be neither given nor endorsed by the company. When addressed to MARAKON clients, any information contained in this e-mail is subject to the terms and conditions in the governing client contract. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28070t=28062 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flash Trouble. [7:28069]
try using the commands dir disk0: and format disk0: you'll need to modify the boot string as well - for example: boot system flash disk0:c7200-io3s-mz.121-5.T8.bin use the copy tftp disk0: command to get files on the disk. HTH, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of NK Sat Sent: Tuesday, December 04, 2001 9:54 AM To: [EMAIL PROTECTED] Subject: Flash Trouble. [7:28069] Hi All, I am having a 7204VXR with 40MG of Flash. The router boots fine when powered Off/On. But i cannot say show flash I see the IOS on disk0: I have already tried a bunch of IOS. Formating the disk0: doesn;t help. 46976K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes). 4096K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x102 MISRAN01#sh flash Open device slot0 failed (Device not ready) MISRAN01#sh file systems File Systems: Size(b) Free(b) Type Flags Prefixes 4789043239772160 flash rw disk0: - - flash rw disk1: - -opaque rw null: - -opaque rw system: - - network rw tftp: 129016 124129 nvram rw nvram: * - - flash rw slot0: flash: - - flash rw slot1: 3407872 379204 flash rw bootflash: - -opaque wo lex: - - network rw rcp: - - network rw ftp: MISRAN01# Can anybody tell me how to make show flash work 1) Sh file system always says flash is with slot0: 2) I cannot make flash associate with disk0: Please Help. Thanks Satish Kumar. [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28082t=28069 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CPU Usage - How Much Is Too Much? [7:26739]
Been there, done that...not any fun. Brokerage environment; UDP directed-broadcast traffic to nearly 200 sites. Buffers tuned to the max to keep from dropping packets because the application didn't handle re-transmissions...etc., etc., Of course, priority queuing was required to ensure that web browsing wasn't stepping on the mission-critical app. RSP4's in the 7500's were running into the 90% range on a regular basis...couldn't talk the client into spending the $$ to re-design the network; they couldn't understand why the users were complaining about poor network performance. They figured that if the processors were running near 100% that they were getting their $$ out of the infrastructure investment - I still have bad dreams about it :) - working for a new client now... :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, November 19, 2001 4:34 PM To: [EMAIL PROTECTED] Subject: Re: CPU Usage - How Much Is Too Much? [7:26739] From personal experience I'd put that figure at 3% too high :-) In the dim dark past we were running some 7500s with badly overloaded RSPs. They would run with no discernible problems up to 97% or 98% CPU. Then late morning the traffic load would build up, and output queues on some of the ports would eventually overrun, and DLSW circuits would start to bounce, and the network would go into meltdown very spectacularly. For various reasons it took us a while to get hold of upgraded RSPs, so peak hour wasn't a lot of fun for us or the network users... YMMV. I do *not* recommend running at 97% CPU on a production network. JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 20/11/2001 09:26 am - MADMAN cc: Sent by: Subject: Re: CPU Usage - How Much Is Too nobody@groupsMuch? [7:26739] tudy.com 20/11/2001 06:06 am Please respond to MADMAN 101% but seriously there is no hard 'n fast number but there is no reason you can't run at 60-70%, leaving enough room for burst in CPU activity so that you never hit 101%. Dave Andrew Michael wrote: Hi everyone. Percentage-wise, what is the general consensus on excessive CPU usage on a router? Thanks in advance. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26892t=26739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco TACACS+ Problem [7:26783]
Verify that the router can reach the TACACS server (ping) and verify that the TACACS server and router are configured with matching parameters. Note: you may have to restart the TACACS server process when you add a router. I'm assuming that you copy/pasted the same set of config lines in all of the routers; you might want to verify that all of the lines made it into the config properly. If you created your script on a 12.1 router it may have problems getting entered into a 12.0 router, for example. Hope this helps. I have configured a number of routers to authenticate to the TACACS+ server we have on site. some routers get the login prompt and some dont and at time others do. Has anyone got any ideas to this. *** Thomas Jreige *** Communications Engineer *** CSC Network Services, Wollongong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26895t=26783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Spanning Tree Protocol [7:26538]
Drew, I don't know if your question has already been answered or not but here my $0.02. One reason to use the MAC-layer multicast address is to minimize the impact of the BPDU flooding on non-switch/bridge devices. Regular end-stations will not need to process the BPDU packets because the destination is not one they listen for. If the packets were sent to the broadcast address then every device would need to copy them off the wire and process them further up the stack. Matt, if you search the CCIE-list archives for Canonical or bit-swapping you should get several hits - the Big-Endian/Little-Endian question has been well-discussed because of its impact on certain DLSw/bridging issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Drew Simonis Sent: Friday, November 16, 2001 4:30 PM To: [EMAIL PROTECTED] Subject: Re: Spanning Tree Protocol [7:26538] Randy Lopez wrote: What Multicast address does STP use? Since spanning tree is a layer 2 protocol, why would it use any multicast address? STP is used between directly connected switches and uses BPDU packets, flooded out all ports for set up. Not multicast. http://www.cisco.com/warp/public/473/5.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26731t=26538 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What frame format used by TCP/IP? [7:25924]
I believe it is Ethernet_II (in Novell-speak) or ARPA (in Cisco-language) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of CCIE TB Sent: Monday, November 12, 2001 7:55 AM To: [EMAIL PROTECTED] Subject: What frame format used by TCP/IP? [7:25924] Compared with IPX/SPX, what type of frames does TCP/IP use? Thanks @ Regards to all _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25957t=25924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnet Mask question [7:25694]
I didn't see this come through the list so I'm re-posting. -Original Message- From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 08, 2001 10:01 AM To: Cisco GroupStudy List Subject: RE: Subnet Mask question [7:25602] I'm assuming that you entered something like this in a router: ip route 63.182.182.182 255.0.0.0 where = an interface name or IP address of a neighboring router. If this is an accurate assumption when you do a show run you'll probably see the following instead: ip route 63.0.0.0 255.0.0.0 This would explain why you're sending these other packets to 63.x.x.x to la-la land. Do a trace and see where the packets are going to confirm what I'm saying. Note: On more recent versions of IOS the router will complain and tell you that you have an inconsistent address and mask. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Telemachus Luu Sent: Wednesday, November 07, 2001 3:37 PM To: [EMAIL PROTECTED] Subject: Subnet Mask question [7:25602] Hi, Can someone provide a good explanation to this? Imaginary IPs: Static host ip: 63.182.182.182 mask: 255.255.255.0 I accidently specified an incorrect mask of 255.0.0.0. However, I was still able to ping some sites out in the net but was unable to ping a host in the same class, eg. 63.221.133.4. 1. Why was I able to ping out even though the mask specified was incorrect? 2. Why was I unable to ping the host in the same class? thanks, Telemachus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25694t=25694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP helper address and subnet broadcast [7:25485]
I had a similar situation in the past where the DHCP servers were on *nix boxes and they got flooded with the NetBT stuff (from 3000+ workstations) needlessly. In this type of a situation no ip forward protocol is your friend. To just foward the DHCP requests you need to do the following: no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs It would be nice if you could disable all and then specifically add the ones you want (i.e. the passive-interface default / no passive-interface method) but - at least on the versions I've tried - she's a no go. You can disable all udp flooding with the command: no ip forward-protocol udp But as soon as you enable a specific service this command gets 'un-done'...perhaps a it can be a feature request for the programmers @ Cisco watching this list (do any?). Hope this helps. Ben -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 07, 2001 2:44 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] Thank-you very much for your research and testing, Ben. The person who started this discussion (offline) also wrote back and confirmed that the subnet broadcasts are indeed forwarded to the address in his IP helper address command. I agree that it makes sense from the point of view that the subnet broadcast (10.10.255.255) is no different from an ordinary broadcast (255.255.255.255) at the MAC layer. They both go to FF:FF:FF:FF:FF:FF. There are concerns about this behavior however. In his case the DHCP server is the helper address. It is receiving all sorts of junk that it shouldn't receive, including WINS and BROWSE stuff. The IP Helper Address configuration is causing these packets to be sent as unicast packets to the DHCP server. It's probably just a minor performance issue, but worth fixing. I don't know enough about his network to recommend this definitely, but he may be able to configure no ip forward-protocol 137 and no ip forward-protocol 138 to ensure that the WINS and BROWSE stuff is not forwarded. I believe he has an actual WINS server also that can handle the WINS service and the nodes are configured as H-Nodes so they are unicasting to the WINS server in addition to sending their broadcasts. I thought this was interesting! I wonder how many people have thought about how much junk by default gets forwarded with IP helper address. And offline, some experts asked me why would a router forward a subnet broadcast, so they all agreed that this was not completely expected behavior. Thanks again, Priscilla At 10:00 AM 11/7/01, R. Benjamin Kessler wrote: I setup a remote unix box running nmap and had it send packets to the subnet broadcast address (in my case 192.168.72.255). I configured my router with an ip helper command (sending to a single host). I executed the nmap command with and without IP directed broadcast configured on the router interface and didn't see any difference. Running a sniffer-like device on the target (of the ip helper command) I was able to verify the receipt of the packets sent via nmap. Given a network similar to the following: +---++---+ -| rtr a || rtr b |- e0 +---+ e1 e1 +---+ e0 My understanding of directed-broadcast is that if a packet sourced from rtr a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will forward it if directed-broadcast is enabled and drop if not. IP helper impacts packets heading out (from the router) to the interface in question not packets inbound. To take this discussion a step further, the IP helper function processes packets sent to the MAC-layer broadcast address for the specified protocols. A packet sent to the local IP broadcast address (10.10.255.255 in Priscilla's example) will have the same MAC-layer destination address as a packet sent to 255.255.255.255. Comments, questions? Anyone think my logic is all wet? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Tuesday, November 06, 2001 9:43 PM To: [EMAIL PROTECTED] Subject: Re: IP helper address and subnet broadcast [7:25485] I know how IP helper address, directed broadcasts, NetBIOS, etc. work. (NetBIOS session service doesn't broadcast, by the way, and in fact uses TCP not UDP, so I doubt that it needs to be added to the list. It's used between a client and server after the client has mapped the NetBIOS name to the server's address.) The question is: will the router (with IP helper address) forward if the source sends to a subnet broadcast such as 10.10.255.255 instead of sending to 255.255.255.255? Nowhere does the documentation say that it won't, so I guess it will. Note that I am not asking
RE: IP helper address and subnet broadcast [7:25485]
Depends on what you're trying to do...the utility I used here is just nmap - see www.insecure.org (note: this is a bit of a hacking tool, so use with caution). This is basically a port scanning tool, you can specify a remote subnet to scan but you give it the range of addresses to probe, I don't see why you couldn't probe a remote host that just happened to have the same address as the subnet broadcast somewhere. I guess by definition, if you've got a default gateway configured and are sending traffic to a remote subnet you'll have the local router's MAC address as the destination. If you're looking to do something a bit more elaborate you can try to use a Sniffer to manufacture a string of packets but it is probably more trouble than it's worth. I'm sure that there are plenty of hacker tools that will do this but you'll probably need to go lurking on some different lists to find them... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Logan, Harold Sent: Wednesday, November 07, 2001 2:32 PM To: [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] Interesting... By any chance do you have a packet manipulator available? For added fun you could put together a frame with a destination IP of the subnet's broadcast addy, and a destination MAC of the routers MAC address... -Original Message- From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 07, 2001 2:03 PM To: [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] I setup a remote unix box running nmap and had it send packets to the subnet broadcast address (in my case 192.168.72.255). I configured my router with an ip helper command (sending to a single host). I executed the nmap command with and without IP directed broadcast configured on the router interface and didn't see any difference. Running a sniffer-like device on the target (of the ip helper command) I was able to verify the receipt of the packets sent via nmap. Given a network similar to the following: +---++---+ -| rtr a || rtr b |- e0 +---+ e1 e1 +---+ e0 My understanding of directed-broadcast is that if a packet sourced from rtr a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will forward it if directed-broadcast is enabled and drop if not. IP helper impacts packets heading out (from the router) to the interface in question not packets inbound. To take this discussion a step further, the IP helper function processes packets sent to the MAC-layer broadcast address for the specified protocols. A packet sent to the local IP broadcast address (10.10.255.255 in Priscilla's example) will have the same MAC-layer destination address as a packet sent to 255.255.255.255. Comments, questions? Anyone think my logic is all wet? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Tuesday, November 06, 2001 9:43 PM To: [EMAIL PROTECTED] Subject: Re: IP helper address and subnet broadcast [7:25485] I know how IP helper address, directed broadcasts, NetBIOS, etc. work. (NetBIOS session service doesn't broadcast, by the way, and in fact uses TCP not UDP, so I doubt that it needs to be added to the list. It's used between a client and server after the client has mapped the NetBIOS name to the server's address.) The question is: will the router (with IP helper address) forward if the source sends to a subnet broadcast such as 10.10.255.255 instead of sending to 255.255.255.255? Nowhere does the documentation say that it won't, so I guess it will. Note that I am not asking about the forwarding of directed broadcasts. The IP helper address is configured with an actual server's address, not a directed broadcast address. I'm not looking for the boring answers to the boring questions. The question is not the same one that you have seen many times. ;-) Priscilla At 10:09 PM 11/6/01, Erick B. wrote: Priscalla, They need to enable one more 'ip forward-protocol udp' globally for this to work, as well as enable directed-broadcast on target router interface where ip-helper is forwarding to. Also, I replied to nrf on this as well in more detail just explaining helper-address and directed-broadcasts. Default ports forwarded: Trivial File Transfer (TFTP) (port 69) Domain Name System (port 53) Time service (port 37) NetBIOS Name Server (port 137) NetBIOS Datagram Server (port 138) BootP datagrams (port 67) TACACS service (port 49) The one missing is: netbios-ss - Netbios session service (port 139) Also, I have done this and it works. Erick --- Priscilla Oppenheimer wrote: This message came to me offline. The Cisco documentation doesn't answer the question, but some of you might know. In a Windows environment
RE: IP helper address and subnet broadcast [7:25692]
sorry if you've received this before...I'm having problems posting it seems... -Original Message- From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 08, 2001 10:01 AM To: Priscilla Oppenheimer; Cisco GroupStudy List Subject: RE: IP helper address and subnet broadcast [7:25485] I had a similar situation in the past where the DHCP servers were on *nix boxes and they got flooded with the NetBT stuff (from 3000+ workstations) needlessly. In this type of a situation no ip forward protocol is your friend. To just foward the DHCP requests you need to do the following: no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs It would be nice if you could disable all and then specifically add the ones you want (i.e. the passive-interface default / no passive-interface method) but - at least on the versions I've tried - she's a no go. You can disable all udp flooding with the command: no ip forward-protocol udp But as soon as you enable a specific service this command gets 'un-done'...perhaps a it can be a feature request for the programmers @ Cisco watching this list (do any?). Hope this helps. Ben -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 07, 2001 2:44 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IP helper address and subnet broadcast [7:25485] Thank-you very much for your research and testing, Ben. The person who started this discussion (offline) also wrote back and confirmed that the subnet broadcasts are indeed forwarded to the address in his IP helper address command. I agree that it makes sense from the point of view that the subnet broadcast (10.10.255.255) is no different from an ordinary broadcast (255.255.255.255) at the MAC layer. They both go to FF:FF:FF:FF:FF:FF. There are concerns about this behavior however. In his case the DHCP server is the helper address. It is receiving all sorts of junk that it shouldn't receive, including WINS and BROWSE stuff. The IP Helper Address configuration is causing these packets to be sent as unicast packets to the DHCP server. It's probably just a minor performance issue, but worth fixing. I don't know enough about his network to recommend this definitely, but he may be able to configure no ip forward-protocol 137 and no ip forward-protocol 138 to ensure that the WINS and BROWSE stuff is not forwarded. I believe he has an actual WINS server also that can handle the WINS service and the nodes are configured as H-Nodes so they are unicasting to the WINS server in addition to sending their broadcasts. I thought this was interesting! I wonder how many people have thought about how much junk by default gets forwarded with IP helper address. And offline, some experts asked me why would a router forward a subnet broadcast, so they all agreed that this was not completely expected behavior. Thanks again, Priscilla At 10:00 AM 11/7/01, R. Benjamin Kessler wrote: I setup a remote unix box running nmap and had it send packets to the subnet broadcast address (in my case 192.168.72.255). I configured my router with an ip helper command (sending to a single host). I executed the nmap command with and without IP directed broadcast configured on the router interface and didn't see any difference. Running a sniffer-like device on the target (of the ip helper command) I was able to verify the receipt of the packets sent via nmap. Given a network similar to the following: +---++---+ -| rtr a || rtr b |- e0 +---+ e1 e1 +---+ e0 My understanding of directed-broadcast is that if a packet sourced from rtr a's e0 network is sent to the broadcast address of rtr b's e0; rtr b will forward it if directed-broadcast is enabled and drop if not. IP helper impacts packets heading out (from the router) to the interface in question not packets inbound. To take this discussion a step further, the IP helper function processes packets sent to the MAC-layer broadcast address for the specified protocols. A packet sent to the local IP broadcast address (10.10.255.255 in Priscilla's example) will have the same MAC-layer destination address as a packet sent to 255.255.255.255. Comments, questions? Anyone think my logic is all wet? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Tuesday, November 06, 2001 9:43 PM To: [EMAIL PROTECTED] Subject: Re: IP helper address and subnet broadcast [7:25485] I know how IP helper address, directed broadcasts, NetBIOS, etc. work. (NetBIOS session service doesn't broadcast, by the way, and in fact uses TCP not UDP, so I doubt that it needs to be added to the list. It's used between a client and server after the client has
RE: Subnet Mask question [7:25602]
I'm assuming that you entered something like this in a router: ip route 63.182.182.182 255.0.0.0 where = an interface name or IP address of a neighboring router. If this is an accurate assumption when you do a show run you'll probably see the following instead: ip route 63.0.0.0 255.0.0.0 This would explain why you're sending these other packets to 63.x.x.x to la-la land. Do a trace and see where the packets are going to confirm what I'm saying. Note: On more recent versions of IOS the router will complain and tell you that you have an inconsistent address and mask. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Telemachus Luu Sent: Wednesday, November 07, 2001 3:37 PM To: [EMAIL PROTECTED] Subject: Subnet Mask question [7:25602] Hi, Can someone provide a good explanation to this? Imaginary IPs: Static host ip: 63.182.182.182 mask: 255.255.255.0 I accidently specified an incorrect mask of 255.0.0.0. However, I was still able to ping some sites out in the net but was unable to ping a host in the same class, eg. 63.221.133.4. 1. Why was I able to ping out even though the mask specified was incorrect? 2. Why was I unable to ping the host in the same class? thanks, Telemachus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25688t=25602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP [7:25125]
Some books describe the topology table as a compilation of routing tables from all the neighboring routers. Gareth did a good job trying to explain the feasible distance vs. advertised distance thing...there's also a good explanation of this in Ch 1 of the EGIRP Network Design Solutions (Cisco Press) - you may need to re-read it a few times though. Another thing to remember is that the receiving router adds its interface metric to the distance reported by the neighboring router. A router's feasibility distance is its minimum distance to a destination - put another way, the best path to a destination network. A neighbor router meets the feasibility condition if it reports a lower distance than the feasibility distance. As Gareth said, this ensures that the neighbor isn't using a path back through the querying router If a router meets the feasibility condition it is a feasible successor. Clear as mud yet? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hunt Lee Sent: Friday, November 02, 2001 4:03 PM To: [EMAIL PROTECTED] Subject: EIGRP [7:25125] Can anyone please help me on this? For EIGRP, I understand that for routing table, EIGRP has kept a separate routing table for each protocol: so it has one for IP EIGRP, another one for IPX EIGRP, and another one for AppleTalk EIGRP. But what's a topology table (show ip eigrp topology)? Also, I have read the BSCN book (by Cisco Press) many many times... I understand that the successor is the EIGRP main route, while the feasible successor is the backup route. but the book states that to qualify as a feasible successor, the next-hop router must have an advertised distance less than the feasible distance of the current successor - also, what's the difference between the advertised distance and the feasible distance? Thanks in advance. Best Regards, Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25191t=25125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to find serial number of router? [7:24760]
Are you sure that it is reporting the same serial # that is on the chassis? In my experience, the only way I could get the serial number remotely is by entering the snmp-server chassis-id command into the config manually. I just double-checked on a 3600, 7200 and 7500 (running various 12.x code) and the serial number I get with show diag or show version aren't the same as the one I entered manually (based-on physical verification). Note: I also did this on my IOS-based switches (cat3500's) even though the show version command will give you this info - System serial number: x Bottom-line is that when you open a case w/TAC and they ask for a serial number of the system, they're interested in the one on the chassis not some internal component. Just my $0.02 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Carroll Kong Sent: Wednesday, October 31, 2001 5:42 PM To: [EMAIL PROTECTED] Subject: Re: How to find serial number of router? [7:24760] Wow, excellent tip! However, this does not seem to work on the 2500s series. (using 12.1(11) with a 2514). It does work on my 2610. (using 12.1(11)). At 02:44 AM 10/31/01 -0800, Budi Widjojo wrote: you can use show diag command. or as you said, you can use cisco resource manager also. cheers, budi --- IT Guy wrote: Hi Guys, Can anyone here please help what are the possible software ways to findout the serial number of router without looking at the hardware itself?? Can we findout by using any management software like Cisco resource manger or etc?? Thanks for help. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24931t=24760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Setting up TACACs on catalyst switches [7:23944]
I have a text file that I do a 'select-all', 'copy' from and then 'paste' into a new CatOS switch. Here's the AAA lines that I paste, in the order I paste them: #authentication set authentication login tacacs enable console primary set authentication login tacacs enable telnet primary set authentication login tacacs enable http primary set authentication enable tacacs enable console primary set authentication enable tacacs enable telnet primary set authentication enable tacacs enable http primary #accounting set accounting commands enable all stop-only tacacs+ #authorization set authorization exec enable tacacs+ if-authenticated console set authorization exec enable tacacs+ if-authenticated telnet set authorization enable enable tacacs+ if-authenticated console set authorization enable enable tacacs+ if-authenticated telnet set authorization commands enable all tacacs+ if-authenticated console set authorization commands enable all tacacs+ if-authenticated telnet Note: I also issue a set ip http server disable so the HTTP lines above are probably not needed but this group of commands seem to work pretty well. Hope it helps. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shane Stockman Sent: Tuesday, October 23, 2001 2:44 PM To: [EMAIL PROTECTED] Subject: Setting up TACACs on catalyst switches [7:23944] I have intstalled a couple of switches (6509,5500,4000,3548,2924)in my network a couple of months ago and would now like to add tacacs to the switches for AAA. Does anyone have any ideas with regards to the set commands and as well not letting me lock myself out of the switch. Thanks in advance _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24799t=23944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mentor Technologies Info (am I screwed?) [7:24825]
I was scheduled to take the class in December...I don't think my CC has been charged yet but I'll be calling them to check for sure. I have a whole list of Mentor phone #'s but all of the ones I called weren't answered by humans. Can anyone offer feedback on the CCBootcamp 5-day course (anyone other than Mark and Brad that is)? It seems to me that this may be a possible substitute for the ECP-1 class. If anyone has a really fat training budget and has attended both a comparison would be great - I'm guessing that there aren't too many people in that situation though. Thanks, Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of J Sent: Wednesday, October 31, 2001 1:41 PM To: [EMAIL PROTECTED] Subject: OT: Mentor Technologies Info (am I screwed?) [7:24825] Just wondering if I am the only person caught up in the Mentor Technologies apparant bankruptcy. I have paid for ECP-1 in Falls Chuch on Nov. 12th, called Mentor to find out what was going on once I heard they were going under. Nobody answering the phone, mail boxes full, lines busy, in short, nobody is home. I've made calls to the Consumer Protection Division of Annapolis's Attorney General, they gave me the bankruptcy court's number, but I haven't gotten thru there yet. I'd love to hear it if anyone has any suggestions/advice on how to get my $4,000.00 dollars back. Wasn't smart enough to pay via credit card, sent them a check. Thanks, = Jason Lynch MCP,CCNA,CCNP+Security,CCIE Written __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24867t=24825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
...in an attempt to torch the straw man... We could talk at length about the pros and cons of the straw man you present; if I understand the main question at hand the question is how to provide some redundancy to the WAN link. Short answer is that real-world solutions would include some type of alternate or backup circuit (ISDN has already been mentioned on this thread) connected to the same router or a redundant one. To look at the hypothetical scenario you propose - I assume there is some way to do as you propose, I don't know how you could have the router interface active on both routers at once such that automagic failover was possible. Aside from the physical-layer issues (splitting the wire(s), noise, clocking problems, etc.) and the data-link layer issues (having three devices on what is supposed to be a point-to-point circuit); consider the network-layer problems. If Core-Rtr1 is primary and Core-Rtr2 is backup connecting to some remote router(s) (Remote-RtrX) and assume we're talking IP - say the network is 192.168.1.0/24. Then Each core router will need an (active) interface on the 192.168.1.0/24 network but, Core-Rtr2 needs to send all traffic via Core-Rtr1 when it is alive and well. Well, I'm sure that somebody, somewhere is doing something pretty similar to this (I continue to be amazed at what I find out there...) but I would make sure that my pager number wasn't on the call list for support. The closest thing I've seen to what you're talking about (in a common, supportable, lowest $$ configuration) would be to utilize frame-relay and connect every router into the cloud. Yes, you end up paying for the additional local loop and F/R port charge for the 2nd core router but most carriers offer DR PVCs at little or no cost to customers. Throw a little ISDN into the pot to backup the frame network...just keep adding the $$ In the real world, it all boils down to how many 9's the company is willing to pay for - I don't care how hard you try, you're not going to get 99.999% availability on a three-9's budget. Since this is purely an academic discussion...I think others will agree that having a hot-standby router (especially a fairly costly one - you did say 7206, right) but only one serial link is probably a mis-direction of funds. In my experience, serial lines fail much more frequently than hardware. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jon Sent: Thursday, May 31, 2001 4:38 PM To: [EMAIL PROTECTED] Subject: RE: Redundancy design question [7:6646] Keep in mind, this is not the typical help me design/fix my network for free question. I have been reading various papers, chapters, and case studies, and am trying to get my head wrapped around the details, now. I've built some scenarios in my head, trying to see problems and solutions, rather than ways to buy more gear. I'm also not trying to solve the WAN redundancy problem, just trying to get the WAN to connect into my LAN redundancy solution. The fundamental problem I'm trying to solve is how to protect against any hardware failure of my core devices knocking out normal operations. I am not concerned with protecting against any other faults outside my direct control (e.g. loss of WAN circuit, loss of server, Howard sets off a tactical device in the CO, etc.). For the sake of having a straw man to burn: A remote site is connected to the main office over a SHNS/SONET DS-3 connection, with full SONET protection to the demarc equipment on the wall of the MDF. (To limit the discussion scope, I will only describe the remote site -- we will assume the main facility is impervious to faults). The telco provides a coax connection for connecting the router to their gear. Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module, a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF wiring closets, one per floor, each with a Cat4006 fully populated with 10/100 blades. Each IDF switch is connected over a single GBIC/GigE connection to the MDF switch. All users are connected to their IDF over a single Cat5 run. All servers are connected (single-homed) to the MDF switch. To add some protection to this model, I will add a second Cat4006 in the MDF, with the same blades as the first. I will also dual-home all the servers to both MDF switches -- assume that the proper NICs are present to allow this, and that they are properly configured. I am now protected against the loss of one of my blades, or chassis, or running over a single cable with my handy BOFH rolling chair. But, my router might break, so I need to protect against that risk. Add a second 7206, same blades, dual-homed to both switches. Except I only have one coax cable from the demarc to carry the WAN signal. How do I connect the coax to two router blades, so that both routers could use the media? Or, is there a type of service available that allows for physical failover of the
RE: Migration EIGRP-OSPF [7:5724]
can't stress more that you have to have a solid network design to start and you have to limit the query scope of DUAL (effectively breaking the network into areas) in order to have a stable, scalable network. If you don't do these things, at some point it will break and you'll be looking to migrate to OSPF. Sorry for the long response... I hope this helps, Ben -Original Message- From: Carroll Kong [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 10:32 AM To: R. Benjamin Kessler Cc: [EMAIL PROTECTED] Subject: RE: Migration EIGRP-OSPF [7:5724] At 08:27 AM 5/31/01 -0400, R. Benjamin Kessler wrote: What is the reason for going to OSPF in this instance, stability problems with EIGRP or multi-vendor support? In my experience people seem to view EIGRP as easier than OSPF - while probably true in really small networks, networks these days just seem to be getting bigger and the same planning required for a successful OSPF implementation is required for EIGRP. I haven't seen too many companies with all-Cisco routers and a healthy EIGRP network looking to change things - thus the question above. Well, a few points I would bring up is. Stuck in Active problem of EIGRP. As the updates are being done, the routers will stay in active mode (cannot receive new updates I believe). If the EIGRP network is big, it must wait for the very last router in the periphery to respond back. This could cause issues with convergence time. You may have to modify the timers to increase the hold time (which might cause bad convergence) since genuine requests might take so long that they will get zonked out and the the router will delete it's entry. This only happens in huge AS (in the EIGRP sense of an area of sorts). So, if the idea of using OSPF and breaking into areas is bad, you technically get the same issue with EIGRP, except in the form of ASes. Also, you are running a proprietary protocol now. Although it seems to work fine now. If say, they feel another vendor's product is superior in a particular aspect of their network, they might be hard pressed or you will need to do some redistribution/distribution lists which is probably going to be difficult as well. I suppose all in all it is still easier to use EIGRP. I agree wholeheartedly with your statements. The cost of going to OSPF might seem higher if they are really not that good with it. In that way it somewhat validates them sticking to EIGRP. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6747t=5724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Migration EIGRP-OSPF [7:5724]
You also need to make sure that you have good address summarization if you want it to be successful. I've seen more than my fair share of networks that ran EIGRP, didn't have proper summarization and/or had a lot of redundancy. Because, out of the box EIGRP doesn't require you to build networks with summarization, etc. like OSPF. A few years back (before Cisco started publishing more details about scaling EIGRP) I saw several networks that were experiencing stability problems when running EIGRP and the thought was that OSPF would fix their problems. Most of these companies balked at the thought of re-addressing the network to properly support OSPF and stayed with EIGRP - using a lot of distribute-lists, etc. (although the same reasons that OSPF requires summarization would be of great benefit in an EIGRP network). I've found that binary math is not commonly held skill-set. What is the reason for going to OSPF in this instance, stability problems with EIGRP or multi-vendor support? In my experience people seem to view EIGRP as easier than OSPF - while probably true in really small networks, networks these days just seem to be getting bigger and the same planning required for a successful OSPF implementation is required for EIGRP. I haven't seen too many companies with all-Cisco routers and a healthy EIGRP network looking to change things - thus the question above. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Wolsefer Sent: Tuesday, May 29, 2001 7:00 PM To: [EMAIL PROTECTED] Subject: RE: Migration EIGRP-OSPF [7:5724] Yes, We laid in OSPF over EIGRP since the administrative distance of EIGRP is 90 and OSPF is 110. We were then able to check the OSPF databases on each router to make sure that all routes are advertised correctly. The final step was to remove eigrp. This results in some downtime, but it was easier to schedule a block of downtime and cut over. Regards, David Wolsefer, CCIE #5858 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dyson Kuben Sent: Thursday, May 24, 2001 5:59 AM To: [EMAIL PROTECTED] Subject: Migration EIGRP-OSPF [7:5724] anyone out there ever migrated a large-scale network from EIGRP to OSPF? Would you be able to share your experiences? Thanks, Dyson FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6597t=5724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 6509 and logging messages [7:6479]
If you're connecting to the switch via telnet - keeping with the below suggestion - assuming you're running CatOS, you might want to also turn off session logging. That combined with creating a big buffer for the logging messages and/or sending them to a syslog host will keep these messages off your screen. If you don't care about these messages, you can also change the logging parameters for the switch. See the following link for info: http://www.cisco.com/warp/customer/473/34.shtml#PAGP_MESSAGES -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter I. Slow Sent: Wednesday, May 30, 2001 12:24 PM To: [EMAIL PROTECTED] Subject: Re: 6509 and logging messages [7:6479] conf t logging buffered 99 debug no logging console - Original Message - From: Nabil Fares To: Sent: Wednesday, May 30, 2001 12:50 PM Subject: 6509 and logging messages [7:6479] Greetings all, How can I disable messages to prompt me when someone connects to the switch? Basically when someone connects, the switch issues port 4/3 left the bridge, port 4/3 joined the bridge. Can this be disabled? Thanks Nabil FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6620t=6479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ethernet frame format [7:5996]
Just getting started, there are probably some easier reads out there but that book will definitely give you the goods on TCP/IP... Regarding your question/statement, you are accurate that the raw Ethernet frame format has DA, SA, EtherType, Data, and FCS - to be a valid frame it just has to be between 64 and 1518 bytes (if we're including the 4 bytes of the FCS in our calculations) - notice that the top end number is not 1500 - the common max MTU size for Ethernet-attached devices talking IP. MTU is a function of L3, not L2. The IP header will indicate how many bytes of the Ethernet payload is consumed by IP stuff - add this to the 14 bytes consumed by the destination address (6), source address (6) and ethertype (2) to get the total frame size (+ plus the trailing 4 bytes for the FCS). This statement will be true unless adding all that up equals a number less than 60 (64 w/FCS) in which case the packet will be padded with 0's to make it a legal Ethernet packet. I think it is generally considered a good thing that packets aren't padded to the full Ethernet size (or MTU) - it that were the spec, I'm thinking that ATM would be a lot more popular as a LAN medium. Hope this helps. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 25, 2001 6:59 PM To: [EMAIL PROTECTED] Subject: Ethernet frame format [7:5996] Dear Members List, I've just started the track for CCNA and, following all the repeated advices posted in this list, I started studing for Internetworking with TCP/IP, by Douglas Comer. The ethernet frame format stablishes as necessary information for the frame as DA, SA, Type, Data Area(variable from 46 to 1500 bytes) and a trailer FCS 4 bytes. I don't see how can we have different frame sizes correctly received, since there is no information about the specific lenght for every single frame, taking in account the asynchrounous nature of this communication. I thought that the layer 3 would pad till the MTU was reached, but I saw a trace on an ethernet network and I could see different frame sizes. Thanks in advance, Douglas Baltazar de Queiroz - Field Enginner --- UOL: o melhor da Internet. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6007t=5996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]