Re: BGP Route Reflectors [7:66488]
""Mike Martins"" wrote in message news:[EMAIL PROTECTED] > Yes, EBGP multihop is between different AS's, that is a different setup, it > must also have a way of reaching across the hops, an IGP. nope - works just fine for iBGP as well. > > On a IBGP you can have a hop across ie 5 routers in a IBGP peering session. ?? anyBGP assumes it's neighbor is directly connected - i.e. on the same segment. The EBGP-multihop command changes the TTL to whatever the configured hop count is. ( default 255 ) Refer to RFC 1771 for the specification. > As long as the IGP can reach the other peer it will work. Also, the full > mesh requirement of IBGP is in logical and not physical links. In other > words if you had 5 routers fully meshed each router would need 4 neighbour > statments. And then consider the amount of BGP updates running to and fro, > that is why route-reflectors are used, to minimize peering sessions. different issue. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66533&t=66488 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Route Reflectors [7:66488]
wrote in message news:[EMAIL PROTECTED] > All, > > Please can someone clear this up for me, if you have the time. > > IBGP peers do not have to be physically connected to one another, as long as > an IGP (most preferably) is running between them. nope. direct connect is preferred, but nope - don't have to be > > On page 128 (paragraph 1) of the Routing TCP/IP Volume 2 book, it says the > following about route reflectors and clients :- > "The clients have physical connections to each of the route reflectors, and > they peer to each" preferred but not necessary. that's why there is an "neighbor ebgp-multihop" command :-> > > I assume that each client in a iBGP domain, does not need to share a > physical data-link to each RR? nope > > Many thx. (maybe im just tired from studying all weekend). > > Regards, > Ken > > > > For more information about Barclays Capital, please > visit our web site at http://www.barcap.com. > > > Internet communications are not secure and therefore the Barclays > Group does not accept legal responsibility for the contents of this > message. Although the Barclays Group operates anti-virus programmes, > it does not accept responsibility for any damage whatsoever that is > caused by viruses being passed. Any views or opinions presented are > solely those of the author and do not necessarily represent those of the > Barclays Group. Replies to this email may be monitored by the Barclays > Group for operational or business reasons. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66493&t=66488 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF BGP redistiribution question [7:66430]
I hate to say what the problem appears to be. think summarization :- wrote in message news:[EMAIL PROTECTED] > Chuck, > My first thought is what does the "sh ip bgp for the > routes that does not show up in BGP indicate. > > I believe there is a requirement not to disable "sync" which suggest that > the routes not being added to the BGP, isn't sync'd with the IGP. Does any > of this have route information being propagated from an IBGP neighbor. > > Nigel > > > ----- Original Message - > From: "The Long and Winding Road" > To: > Sent: Saturday, March 29, 2003 2:27 AM > Subject: OSPF BGP redistiribution question [7:66430] > > > > NLI ( b..o..o..t..c..a..m..p.. lab 8 ) redistribution of OSPF and BGP > > > > I checked CCO and the "answer" key > > > > everything "appears" to be correct. > > > > So why is it that half my OSPF routes do not show up in the BGP table??? > > > > *> 137.20.0.0 0.0.0.0 0 32768 ? > > * i137.20.40.16/28 137.20.25.2164100 0 i > > *> 0.0.0.0110 32768 i > > *> 137.20.100.33/32 0.0.0.0138 32768 i > > *> 137.20.100.34/32 0.0.0.0 74 32768 i > > *> 137.20.100.35/32 0.0.0.0 74 32768 i > > *>i172.168.70.0/24 137.20.10.70 170100 0 3 i > > *> 172.168.80.0/24 137.20.86.1 0 0 1 i > > R# > > > > O IA 200.200.200.0/24 [110/75] via 137.20.64.5, 02:27:46, Ethernet0 > > 137.20.0.0/16 is variably subnetted, 12 subnets, 4 masks > > O E1137.20.200.16/28 [110/110] via 137.20.64.5, 02:27:46, Ethernet0 > > O IA137.20.30.0/24 [110/84] via 137.20.64.5, 02:27:46, Ethernet0 > > O IA137.20.25.0/24 [110/74] via 137.20.64.5, 02:27:46, Ethernet0 > > O IA137.20.20.0/24 [110/84] via 137.20.64.5, 02:27:46, Ethernet0 > > O E1137.20.40.16/28 [110/110] via 137.20.64.5, 02:27:46, Ethernet0 > > O IA137.20.88.0/24 [110/75] via 137.20.64.5, 02:27:46, Ethernet0 > > O IA137.20.100.33/32 [110/138] via 137.20.64.5, 02:19:42, Ethernet0 > > O IA137.20.100.35/32 [110/74] via 137.20.64.5, 02:19:42, Ethernet0 > > O IA137.20.100.34/32 [110/74] via 137.20.64.5, 02:19:42, Ethernet0 > > O IA137.20.100.0/24 [110/10] via 137.20.64.5, 02:19:42, Ethernet0 > > O IA 200.200.100.0/24 [110/75] via 137.20.64.5, 02:27:46, Ethernet0 > > > > lest you wonder, I am using the proper ( so I think ) form of the > > redistribute comand, covering OSPF internal and external ) > > > > router bgp 2 > > no synchronization > > bgp log-neighbor-changes > > network 137.20.20.0 mask 255.255.255.0 backdoor > > network 137.20.25.0 mask 255.255.255.0 backdoor > > network 137.20.30.0 mask 255.255.255.0 backdoor > > network 137.20.40.16 mask 255.255.255.240 > > network 137.20.88.0 mask 255.255.255.0 backdoor > > network 137.20.100.33 mask 255.255.255.255 > > network 137.20.100.34 mask 255.255.255.255 > > network 137.20.100.35 mask 255.255.255.255 > > network 137.20.100.0 mask 255.255.255.0 backdoor > > network 137.20.200.16 mask 255.255.255.240 backdoor > > network 200.200.100.0 backdoor > > network 200.200.200.0 backdoor > > redistribute ospf 239 match internal external 1 external 2 > ((( ---SEE > > I told you so! > > neighbor 137.20.25.1 remote-as 2 > > neighbor 137.20.25.1 ebgp-multihop 3 > > neighbor 137.20.86.1 remote-as 1 > > > > > > any help appreciated > > > > Chuck! > > > > -- > > TANSTAAFL > > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66495&t=66430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF BGP redistiribution question [7:66430]
NLI ( b..o..o..t..c..a..m..p.. lab 8 ) redistribution of OSPF and BGP I checked CCO and the "answer" key everything "appears" to be correct. So why is it that half my OSPF routes do not show up in the BGP table??? *> 137.20.0.0 0.0.0.0 0 32768 ? * i137.20.40.16/28 137.20.25.2164100 0 i *> 0.0.0.0110 32768 i *> 137.20.100.33/32 0.0.0.0138 32768 i *> 137.20.100.34/32 0.0.0.0 74 32768 i *> 137.20.100.35/32 0.0.0.0 74 32768 i *>i172.168.70.0/24 137.20.10.70 170100 0 3 i *> 172.168.80.0/24 137.20.86.1 0 0 1 i R# O IA 200.200.200.0/24 [110/75] via 137.20.64.5, 02:27:46, Ethernet0 137.20.0.0/16 is variably subnetted, 12 subnets, 4 masks O E1137.20.200.16/28 [110/110] via 137.20.64.5, 02:27:46, Ethernet0 O IA137.20.30.0/24 [110/84] via 137.20.64.5, 02:27:46, Ethernet0 O IA137.20.25.0/24 [110/74] via 137.20.64.5, 02:27:46, Ethernet0 O IA137.20.20.0/24 [110/84] via 137.20.64.5, 02:27:46, Ethernet0 O E1137.20.40.16/28 [110/110] via 137.20.64.5, 02:27:46, Ethernet0 O IA137.20.88.0/24 [110/75] via 137.20.64.5, 02:27:46, Ethernet0 O IA137.20.100.33/32 [110/138] via 137.20.64.5, 02:19:42, Ethernet0 O IA137.20.100.35/32 [110/74] via 137.20.64.5, 02:19:42, Ethernet0 O IA137.20.100.34/32 [110/74] via 137.20.64.5, 02:19:42, Ethernet0 O IA137.20.100.0/24 [110/10] via 137.20.64.5, 02:19:42, Ethernet0 O IA 200.200.100.0/24 [110/75] via 137.20.64.5, 02:27:46, Ethernet0 lest you wonder, I am using the proper ( so I think ) form of the redistribute comand, covering OSPF internal and external ) router bgp 2 no synchronization bgp log-neighbor-changes network 137.20.20.0 mask 255.255.255.0 backdoor network 137.20.25.0 mask 255.255.255.0 backdoor network 137.20.30.0 mask 255.255.255.0 backdoor network 137.20.40.16 mask 255.255.255.240 network 137.20.88.0 mask 255.255.255.0 backdoor network 137.20.100.33 mask 255.255.255.255 network 137.20.100.34 mask 255.255.255.255 network 137.20.100.35 mask 255.255.255.255 network 137.20.100.0 mask 255.255.255.0 backdoor network 137.20.200.16 mask 255.255.255.240 backdoor network 200.200.100.0 backdoor network 200.200.200.0 backdoor redistribute ospf 239 match internal external 1 external 2 ((( ---SEE I told you so! neighbor 137.20.25.1 remote-as 2 neighbor 137.20.25.1 ebgp-multihop 3 neighbor 137.20.86.1 remote-as 1 any help appreciated Chuck! -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66430&t=66430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specifying a filter-list & wt in one cmd? [7:66339]
oh never mind.. Now I remember why I couldn't find the command earlier this week. -- TANSTAAFL "there ain't no such thing as a free lunch" ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > looks like it was put back in somewhere in among several versions: > > R5#she ve > 1d02h: %SYS-5-CONFIG_I: Configured from console by consoler > Cisco Internetwork Operating System Software > IOS (tm) 2500 Software (C2500-IS-L), Version 12.2(8)T5, RELEASE SOFTWARE > (fc1) > > R5(config-router)#neigh 1.1.1.1 remote 111 > R5(config-router)#neigh 1.1.1.1 w? > weight > > R5(config-router)#neigh 1.1.1.1 w > > > R2#sh ver > Cisco Internetwork Operating System Software > IOS (tm) 2500 Software (C2500-JS-L), Version 12.1(5)T9, RELEASE SOFTWARE > (fc1) > TAC Support: http://www.cisco.com/tac > Co > > ( this one is, I believe, an enterprise version ) > > R2(config-router)#neigh 1.1.1.1 remote 111 > R2(config-router)#neigh 1.1.1.1 w? > weight > > R2(config-router)#neigh 1.1.1.1 w > > R3#sh v > 1d02h: %SYS-5-CONFIG_I: Configured from console by consoleer > Cisco Internetwork Operating System Software > IOS (tm) 2500 Software (C2500-IS-L), Version 12.1(5)T10, RELEASE SOFTWARE > (fc2) > > I know I ran into this on one of my routers. just can't find it at the > moment. > > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""Daniel Cotts"" wrote in message > news:[EMAIL PROTECTED] > > Quoting Parkhurst Page 170 > > "...Peer group support was added in Release 11.0, and the weight keyword > was > > removed in Release 12.1" > > May I assume that you're practicing with 12.1?? > > I'll leave it up to you to determine if he means that you can enter the > > weight value without the keyword "weight" and have it work. > > > > > -Original Message- > > > From: Cisco Nuts [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 27, 2003 2:02 PM > > > To: [EMAIL PROTECTED] > > > Subject: Specifying a filter-list & wt in one cmd? [7:66339] > > > > > > > > > Hello, > > > I have seen this example on 2 Cisco links and I think that it > > > is wrong as it > > > does not work but anyone with a different experience? > > > Ex. > > > > > > AS300-F(config)#router bgp 300 > > > AS300-F(config-router)#nei 180.80.10.2 filter-list 5 weight 200 > > > ^ > > > % Invalid input detected at '^' marker. > > > > > > AS300-F(config-router)# > > > > > > > > > Is this a problem with 25xx's series only? > > > > > > Specifying a route-map to match the filter list and setting > > > the wt works but > > > this way?? > > > > > > Any ideas?? > > > > > > > > > > > > > > > _ > > > Add photos to your messages with MSN 8. Get 2 months FREE*. > > > http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66356&t=66339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specifying a filter-list & wt in one cmd? [7:66339]
looks like it was put back in somewhere in among several versions: R5#she ve 1d02h: %SYS-5-CONFIG_I: Configured from console by consoler Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.2(8)T5, RELEASE SOFTWARE (fc1) R5(config-router)#neigh 1.1.1.1 remote 111 R5(config-router)#neigh 1.1.1.1 w? weight R5(config-router)#neigh 1.1.1.1 w R2#sh ver Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 12.1(5)T9, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Co ( this one is, I believe, an enterprise version ) R2(config-router)#neigh 1.1.1.1 remote 111 R2(config-router)#neigh 1.1.1.1 w? weight R2(config-router)#neigh 1.1.1.1 w R3#sh v 1d02h: %SYS-5-CONFIG_I: Configured from console by consoleer Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.1(5)T10, RELEASE SOFTWARE (fc2) I know I ran into this on one of my routers. just can't find it at the moment. -- TANSTAAFL "there ain't no such thing as a free lunch" ""Daniel Cotts"" wrote in message news:[EMAIL PROTECTED] > Quoting Parkhurst Page 170 > "...Peer group support was added in Release 11.0, and the weight keyword was > removed in Release 12.1" > May I assume that you're practicing with 12.1?? > I'll leave it up to you to determine if he means that you can enter the > weight value without the keyword "weight" and have it work. > > > -Original Message- > > From: Cisco Nuts [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 27, 2003 2:02 PM > > To: [EMAIL PROTECTED] > > Subject: Specifying a filter-list & wt in one cmd? [7:66339] > > > > > > Hello, > > I have seen this example on 2 Cisco links and I think that it > > is wrong as it > > does not work but anyone with a different experience? > > Ex. > > > > AS300-F(config)#router bgp 300 > > AS300-F(config-router)#nei 180.80.10.2 filter-list 5 weight 200 > > ^ > > % Invalid input detected at '^' marker. > > > > AS300-F(config-router)# > > > > > > Is this a problem with 25xx's series only? > > > > Specifying a route-map to match the filter list and setting > > the wt works but > > this way?? > > > > Any ideas?? > > > > > > > > > > _ > > Add photos to your messages with MSN 8. Get 2 months FREE*. > > http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66352&t=66339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Solie Lab, Bad and Ugly BGP [7:66353]
Does this solution make sense? AS 2010R2 eBGP eBGP AS 2001 R5 ---iBGP--- R4 eBGP AS 5 R1 R1 has an eBGP link to R5 R5 and R4 each have an eBGP link to R2 the requirement is for traffic from R1 ( AS5) to R2 ( AS2010 ) to specifically travel from R1 to R5 to R3 to R2. likewise, traffic from AS 2010 to AS 5 must travel from R2 to R3 to R5 to R1 My answer to the second requirement was to a) configure R2 to place a higher weight for incoming routes from R3 to influence the path or b) send a high MED to R1 from R3. Both ways appear to accomplish what I need to according to my trace routes. My answer to the first was to set the local preference via the neighbor statement on both of the AS 2001 routers. Then I got to wondering about the reality of this. On the OSPF side, there is only one way for traffic to get from R1 to R2, and that is by way of the instructed path.So in effect, it doe not matter what happens on the BGP side. Anyone familiar with the Solie practice labs have a comment? -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66353&t=66353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Solie Lab Solutions [7:66349]
In case anyone was wondering, there is a set of solutions for the Solie CCIE Practice labs ( just the big ones at the end of the book ) found at: http://www.informit.com/isapi/product_id~%7B9E5835BB-4972-4956-B7F7-B4C8AE56 C918%7D/selectDescTypeId~%7B5F7BB313-BBC4-4A9E-A577-562A760FE491%7D/st~CA1FE B69-C272-4194-9449-92E4E051EC35/content/index.asp watch this wrap - what a m*f* ! The "answers" to the "Lab, Bad, and Ugly" don't really explain how they ever got the BGP route preferences to work -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66349&t=66349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Adjacency Question [7:66206]
""CiscoNewbie"" wrote in message news:[EMAIL PROTECTED] > Hi all. my cisco router keeps reporting this error when trying to bring up > an adjacency accross a P2P link. > > OSPF: Rcv pkt from xxx.xxx.xxx.13, Serial0/0.1, area 0.0.0.1: src not on the > same network my eperience is that you should take this error literally. triple check the serial interface addresses on both sides of the link. the network prefix must match router---1.1.1.13/30--1.1.1.14/30---router for kicks, change the addresses on both sides to a /24 and see what happens. also - since you are using subinterfaces, do you have more than one router connected via different subinterfaces? got your dlcis crossed? > > I am presuming that the issue here is the subnet mask that I have specified > the network statement as under OSPF. My serial interface (frame-relay > subinterface) has a /30 mask. How should my network statement be configured > if the IP address of the interface is xxx.xxx.xxx.14? I have tried the > following: > > network xxx.xxx.xxx.0 0.0.0.255 area 1 > > as well as: > > network xxx.xxx.xxx.12 0.0.0.3 area 1 the network mask command places interfaces into the OSPF process, and nothing more. any interface which falls within the rage covered by the network / mask will be placed into OSPF, no matter what the interface address / mask may be. So even if you had 20 different interfaces with 20 different masks, so long as the interface address falls within the definition of the ospf network / mask it will be placed into the OSPF process and OSPF hellos will be sent out those interfaces. > > Neither one seemed to work. I still got the same error. > > The other side is also on the same subnet and it has an IP address of > xxx.xxx.xxx.13/30 configured as a P2P as well. If the network statement is > not the issue, please advise. > > Thanks. > > > > - > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66330&t=66206 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Practice Labs - Redustribution Strategies [7:66306]
For the past couple of weeks I've been whacking out various CCIE practice labs. I've also been suffering various degrees of euphoria and depression, depending upon how badly I was suckered by the redistribution problems. After a particularly long and frustrating day with the Cisco ASET Lab #1, it suddenly occurred to me that there are many ways to do things, and for some reason, I've been overlooking what may be the best way to deal with redistribution. Those of you who have worked these practice labs know how it goes. You read through the lab, then you start configuring. Step 1 - set up OSPF Step 2 - set up RIP Step 3 - redistribute between OSPF and RIP Step 4 - set up EIGRP Step 5 - redistribute between EIGRP and RIP Step 6 - set up IS-IS Step 7 - redistribute between IS-IS and OSPF Step 8 - scream in anguish as you discover that your routing tables have turned to trash and half your network becomes unreachable. ASET #1 was particularly nasty in how it accomplished Step 8 Which brings me to the topic of this post. CCIE's and folks who've been through the Lab without success - what do you think of this approach: 1) do NOT do any redistribution anyplace until all routing protocols have been configured everywhere. Yes, I know that typically you have a section with several steps, one of which is redistribution. But mark your place and return after the IGPs are up and running and all routes for a particular IGP are where they should be. 2) return to the first redistribution task. Before configuring anything, refer to your diagram ( you DO write out a nice diagram, don't you? ) and ask yourself: "after I do one way redistribution, what routes will appear where?" 2a) Consider how administrative distance might change things 2b) Follow the redistribution to it's extreme. For example, if you redistribute EIGRP into OSPF, what routers will these routes end up on? Will there be any implications to the routing tables? 3) repeat step 2 for every redistribution point, each time considering the totality of the contents of the redistributed routes. So if you have redistributed IS-IS into OSPF, how do those redistributed routes flow through the OSPF domain? 4) Keep an eye out for things like split horizon 5) every step along the way, consider what routers need to see what routes. Watch for situations where necessary routes do not appear. ( you have probably trashed it because of overzealous filtering. ) 5) If problems occur, such as a routing loop, trace back where the problem route came from, and see what can be done to evade the problem. Summary routes work wonders sometimes. So do route-maps and distribute lists. Re-reading this, I see that this topic does not lend itself well to text. I can say with certainty that I now have a very clear vision of redistribution methodology. I've tested it three times now with different labs, and I believe I am solving the redistribution problems more quickly than ever. I hope that I have painted enough of a picture that some of you can fill in the rest. Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66306&t=66306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab IOS Feature Set? [7:66304]
""Mike Mihalas"" wrote in message news:[EMAIL PROTECTED] > I am in the process of putting together a CCIE practice lab. I have a bunch > of 2500 routers with varying memory. I know the lab uses 12.1 but my > question is what feature set do I need? Will IP do what I need or do I need > IP Plus, or even Enterprise. Since IPX is gone will just the basic IP image > do all I need? you want to be able to practice with all of the various routing protocols, as you accountable for them. that usually means Enterprise Plus. > > Thanks, > > Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66307&t=66304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Tricks of the Trade [7:66308]
After wrestling with Solie this afternoon, it suddenly occurred to me that there is a typical instruction in the various practice labs that can end up driving you nuts if you look at it from one direction, but which is really simple if looked at from another. The topology: several routers over frame relay. Usually four routers. One acts as hub, The others as spokes. the instruction: you must use subinterfaces only on the hub. On the spokes you MUST use the physical interfaces. two of the spoke routes connect to the hub via one subinterface. The other router connects to the hub on the other subinterface. the catch: some bizarre restriction or other about network types, commands that can or cannot be used, the usual BS. It occurs to me that working backwards, you can solve most problems, whatever the restrictions and twists. Frame relay: OSPF default - physical interface non broadcast subinterface - p2ppoint-to-point subinterface - multipoint non broadcast I think the knee jerk reaction is to create a multipoint subinterface for the link to the two spoke routers, and a p2p subinterface for the link to the single spoke router. Then moan in despair as you realize that the instructions forbid the use of any ip ospf network commands anywhere. But if you look from the higher level viewpoint, you see that the physical and the multipoint subinterface default to the same type of OSPF network. Life is easier after that. Is this making sense? I'm at the end of a very long day, with too many subtleties floating around in what's left of my brain. Good night, everyone. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66308&t=66308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP default-originate crashes the router everytime - Why?? [7:66274]
""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > Everytime, I configure #nei a.b.c.d default-originate on my routers, it > crashes the router. I have tried this on different routers and it's the > same result every time. Is this a problem on 25xx's series? My routers have > 16Flash and 16Dram. > Anyone with a similar experience? this is a known bug with several versions of IOS 12.1. the answer is to upgrade - or never issue the command 12.1.5Tx seems to be stable. 12.2.12a seems to be OK when I ran into this a year or so ago I had to upgrade from 12.1.2 to something like 12.1.10. As I said - the T train seems to be stable also. > Thank you. > Sincerely, > CN > > Excerpt from my router: > > AS1239-A(config-router)#nei 180.80.10.1 default-originate > AS1239-A(config-router)# > > === Flushing messages (21:04:23 UTC Mon Mar 1 1993) === > > Buffered messages: > > 00:00:12: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram > 00:00:14: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up > 00:00:14: %LINK-3-UPDOWN: Interface Serial0, changed state to up > 00:00:14: %LINK-3-UPDOWN: Interface Serial1, changed state to down > 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed > state to up > 00:00:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed > state to up > 00:01:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed > state to up > 00:01:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed > state to up > 00:02:01: %LINK-5-CHANGED: Interface Serial1, changed state to > administratively down > 00:02:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed > state to down > 00:02:02: %SYS-5-CONFIG_I: Configured from memory by console > 00:02:50: %SYS-5-RESTART: System restarted -- > Cisco Internetwork Operating System Software > IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1), RELEASE SOFTWARE > (fc2) > Copyright (c) 1986-2001 by cisco Systems, Inc. > Compiled Fri 27-Apr-01 15:20 by cmong > 00:03:10: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Up > 01:20:21: %SYS-5-CONFIG_I: Configured from console by console > 01:50:45: %SYS-5-CONFIG_I: Configured from console by console > 19:09:35: %SYS-5-CONFIG_I: Configured from console by console > 19:12:12: %BGP-5-ADJCHANGE: neighbor 160.60.10.1 Up > 19:30:06: %SYS-5-CONFIG_I: Configured from console by console > 19:52:26: %SYS-5-CONFIG_I: Configured from console by console > 20:02:48: %SYS-5-CONFIG_I: Configured from console by console > 20:11:47: %SYS-5-CONFIG_I: Configured from console by console > 20:35:37: %SYS-5-CONFIG_I: Configured from console by console > 20:44:02: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Down Interface flap > 20:44:02: %SYS-5-CONFIG_I: Configured from console by console > 20:44:04: %LINK-5-CHANGED: Interface Ethernet0, changed state to > administratively down > 20:44:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed > state to down > 20:49:20: %SYS-5-CONFIG_I: Configured from console by console > 20:49:21: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up > 20:49:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed > state to up > 20:49:30: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Up > 21:00:44: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Down Interface flap > 21:00:45: %SYS-5-CONFIG_I: Configured from console by console > 21:00:46: %LINK-5-CHANGED: Interface Ethernet0, changed state to > administratively down > 21:00:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed > state to down > 21:01:19: %SYS-5-CONFIG_I: Configured from console by console > 21:01:21: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up > 21:01:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed > state to up > 21:01:47: %BGP-5-ADJCHANGE: neighbor 180.80.10.1 Up > Queued messages: > Exception: Illegal Instruction at 0x0 (PC) > > System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE > Copyright (c) 1986-1995 by cisco Systems > 2500 processor with 14336 Kbytes of main memory > > F3: 15343148+1154396+1180856 at 0x360 > > Restricted Rights Legend > > Use, duplication, or disclosure by the Government is > subject to restrictions as set forth in subparagraph > (c) of the Commercial Computer Software - Restricted > Rights clause at FAR sec. 52.227-19 and subparagraph > (c) (1) (ii) of the Rights in Technical Data and Computer > Software clause at DFARS sec. 252.227-7013. > >cisco Systems, Inc. >170 West Tasman Drive >San Jose, California 95134-1706 > > > > Cisco Internetwork Operating System Software > IOS (tm) 2500 Software (C2500-JK8OS-L), Version 12.2(1), RELEASE SOFTWARE > (fc2) > Copyright (c) 1986-2001 by cisco Systems, Inc. > Compiled Fri 27-Apr-01 15:20 by cmong > Image text-base: 0x0307EE08, data-base: 0x1000 > > > Compliance with U.S. Export Laws and Regulations - Encryption > > This product performs encryption
Re: ebgp-multihop default value?? [7:66157]
""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > Is the ebgp-multihop default value = 255 ?? > From all the examples that I have seen and done, it has always been set to a > number ex. 2 or 200 or 255 etc. but doing an example from CCO, is just uses > the cmd. # neighbor a.b.c.d ebgp-multihop - with no value and it works!! > Thus, I am assuming that the ebgp-multihop default value = 255?? trying to remember who it was who put a sniffer on the line and verified this, but yes the answer is 255 is the default. don't you just love what the documentation has to say about this? > Anyone?? > Thank you. > Sincerely, > CN > > > > > > > > _ > STOP MORE SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66169&t=66157 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ebgp vs ebgp multihop [7:66127]
wrote in message news:[EMAIL PROTECTED] > Hi all, > > i would like to know your opinion/experience about using ebgp multihop > comparing with ebgp. AFAIK, ebgp was designed for directly connected only > and using ebgp multhop is not recomended for ISP envy. would you please > tell me the caveat of using ebgp multihop for ISP envy. While I don't know about the ISP environment, I've done several BGP labs with other folks in different parts of the country. EBGP Multihop is a necessary part of this, obviously. I suppose in real world the advantage is that you can peer loopbacks, rather than just the physical interfaces. Another thing that comes to mind, applicable to ISP and corporate environments, is that your iBGP routers can be located in different parts of your network, eliminating the need for physical adjaceny. > > Any comments would be appreciated. > > regards > hendro > > > > mail2web - Check your email from the web at > http://mail2web.com/ . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66154&t=66127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
More ISDN Practice Labs - You gotta see this one [7:66056]
Another CCIE practice lab. You gotta see this. What's wrong with this picture? Router 1 ( relevant configurations ) interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 0101 isdn spid2 11120101 1112 ppp multilink ! interface Dialer1 ip address 170.100.12.1 255.255.255.240 encapsulation ppp dialer pool 1 dialer string dialer watch-group 1 dialer-group 1 ppp multilink ! access-list 101 deny ospf any any access-list 101 permit ip any any dialer watch-list 1 ip 170.100.124.2 255.255.255.255 dialer-list 1 protocol ip list 101 Router 2 ( relevant configurations ) interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-ni isdn spid1 22210101 2221 isdn spid2 0101 ppp multilink ! interface Dialer1 ip address 170.100.12.2 255.255.255.240 encapsulation ppp dialer pool 1 dialer string dialer-group 1 ppp multilink ! interface Serial1.124 multipoint backup delay 10 30 backup interface Dialer1 ip address 170.100.124.2 255.255.255.0 ip ospf network point-to-multipoint ip ospf priority 100 frame-relay interface-dlci 203 frame-relay interface-dlci 204 ! access-list 101 deny ospf any any access-list 101 permit ip any any dialer-list 1 protocol ip list 101 hint - one side uses a dialer watch for an interface that is on a frame relay link ( physical interface ) the other side uses a backup interface tracking a frame relay link. So if R1 no longer sees the OSPF route for R2's frame, it tries to dial. So sorry, but since R2 has backup interface in place, which disables the dialer interface, it will not take R1's call. Real well thought out. Wonder how the Proctors would grade this one? Good night, everyone -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66056&t=66056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
This is even better - RIP / OSPF redistribution [7:66057]
Again, a CCIE practice lab - R5 - the task calls for mutual redistribution of OSPF and RIP The next task says that no routes are to be advertised out the RIP interface - only in. So tell me, why are we even bothering with the OSPF into RIP redistribution? I'm not sure I can fall asleep tonight, I'm laughing so hard. Goodnight. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66057&t=66057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sanity Check - ISDN and EIGRP [7:66016]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > The Long and Winding Road wrote: > > > > The lab in question is one of the current crop of Cisco ASET > > labs. > > > > My answer: > > access-list 120 deny ip any host 255.255.255.255 > > access-list 120 permit ip any host 224.0.0.9 > > access-list 120 permit ip any any > > > > The book answer: > > access-list 120 deny ip any host 255.255.255.255 > > access-list 120 permit ip any any > > > > Yes the ISDN link is practically permantently up. Depending on > > the flow of > > hellos, it may drop for an instant, but it pops right back up. > > The book answer does seem a little brain-damaged. ;-) Generally you wouldn't > want IDSN to stay up just for a routing protocol, from what I understand. > > Could you change the hello interval? The default on ISDN BRI is 5 seconds. > You could make it a lot longer. You know, Cil, that's a great idea. In the real world that would be one solution. This practice lab is bizarre - running EIGRP over ISDN as the only link to half the network is something that could only happen in the owrld of CCIE studies. :-> Well, I was gonna show how changing the hello and hold timers to outrageous lengths would solve this problem, but the link insistas on statying up Another time. > > But then EIGRP would take a long time to converge. You could fix this with a > shorter hold-time. > > Well, you're probably on to bigger and better things by now anyway! > > Priscilla > > > > > In answer to someone else's point, no, snapshot routing is not > > an option > > with either ospf or eigrp. I am assuming that it is possible > > for bgp. not > > that I want to get off on a tangent right bow. :-O > > > > -- > > TANSTAAFL > > "there ain't no such thing as a free lunch" > > > > > > > > > > ""Nigel Taylor"" wrote in message > > news:[EMAIL PROTECTED] > > > Folks, > > >I'm sure this a pretty straight forward but as > > this ISDN > > > connection relates to the lab requirements as a complete > > scenario should > > > dictate how the requirements are interpreted. > > > > > > It seems strange that the ISDN link should stay up > > indefinitely. > > > > > > Another question here would be what "broadcast packets" are > > they referring > > > to that could bring up the line. > > > > > > Nigel > > > Dazed and confused :-> > > > > > > - Original Message - > > > From: "David j" > > > To: > > > Sent: Sunday, March 23, 2003 2:50 AM > > > Subject: RE: Sanity Check - ISDN and EIGRP [7:66016] > > > > > > > > > > See below: > > > > > > > > The Long and Winding Road wrote: > > > > > > > > > > I'm working on a practice lab problem. > > > > > > > > > > there are two domains - OSPF and EIGRP > > > > > > > > > > The two domains can only communicate via ISDN > > > > > > > > > > OSPF---R1---ISDN--R2EIGRP > > > > > > > > > > R1 is where redistribution takes place. The ISDN link is > > in the > > > > > EIGRP > > > > > domain. > > > > > > > > > > Pretty much I've concluded that the only way this works > > is that > > > > > here have to > > > > > be static default routes on R1 and R2 pointing to > > eachother. > > > > > The only other > > > > > way I can see this working is for the ISDN link to be > > > > > permanently up. > > > > > > > > > > Unfortunately, the lab instructions are not very clear on > > this > > > > > point. The > > > > > only relevant instructions are: > > > > > > > > > > 1) no broadcast packets should initiate a DDR session. > > > > > Multicast packets > > > > > should be able to traverse the ISDN link. > > > > > > > > > > 2) use an access-list 120 for any filters you may need > > for DDR > > > > > > > > > > 3) only IP traffic will need to traverse the link > > > > > > > > > > That multicast instruction is interesting. Am I on the > > right > > > > > track thinking > > > > > the test here is to let the link stay up forever by > > defining > > > > > the EIGRP > > > > > hellos as "interesting" ?? thoughts? > > > > > > > > I think so, in fact if the link were used as backup of a > > serial link it > > > > would be logical that eigrp multicast packets bring it up > > when the > > serial > > > > link is down. We have our backups defined more or less in > > that way ( on > > a > > > > eigrp - eigrp domain, but this is not so important here). > > We have > > defined > > > as > > > > interesting traffic any ip packet, but I think you could > > fulfill all > > > > requirements of this lab doing some "acl engineering", > > perhaps denying > > > > explicitly broadcast packets at the beginning of the acl. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66051&t=66016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sanity Check - Redistributing BGP into an IGP [7:66018]
the rules of this particular lab exercise is that synchronization MUST be enabled. Thus the route has to be in the IGP in order for iBGP to use it. What equipment are you using? What IOS? I'm using 12.1.5T10 and 12.2.12a - IP Plus versions on 25xx routers. Yes, "subnets" is in the command line. Again, the "book" answer is to place the route in question into the OSPF process using the network statement. If I use "no synch" on the various routers I can accomplish the task as well. I suspect this is an IOS/equipment issue Yep - if I try this on one of my 26xx's it works just fine. Thanks to all who responded. Does not bode well for future CCIE Lab prep. -- TANSTAAFL "there ain't no such thing as a free lunch" ""Andrew Cook"" wrote in message news:[EMAIL PROTECTED] > ""The Long and Winding Road"" wrote in > message news:[EMAIL PROTECTED] > > > > I am unable to successfully redistribute BGP into OSPF, although it works > > just fine if I redistribute BGP into EIGRP, for example. The command > takes. > > All the proper switches are there. But no route in OSPF or in the OSPF > > database. > > > Chuck, I quickly mocked this up and I am able to do the BGP into OSPF > redistribution. Did you remember to add subnets to the redistribute > statement? > > Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66039&t=66018 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sanity Check - Redistributing BGP into an IGP [7:66018]
""Willy Schoots"" wrote in message news:[EMAIL PROTECTED] > Hi Chuck, > > I don't know what scenario you are working on, so its hard to give a > specific answer. > > It might be that you ran into the issue that by default I-BGP learned > routes are NOT redistributed unless you use the command below. (E-BGP > routes are redistributed without it !!) > > bgp redistribute-internal Intersting. I looked up the command, and then checked around CCO fo more info - because it apparently does not work on my routers. The route does not show up in the ospf database, nor is it forwarded through ospf. I tried this on two differnt routers after taking a literal reading of the command. R3--OSPF--R1-BGP---eBGP_domain |-iBGP---| I tried it both ways - on R3, and on R1. In neither case does the route in question appear in the ospf database, indicating to me that my humble 25xx routers do not seem to recognize this process. Maybe this is permitted only on the big boys? Maybe I need a different IOS? The routers in question or doing, I believe IP Plus, 12.1.5T10 and 12.2.12a. the later router has to be reloaded quite a lot. It is very flaky. The "book" answer is to add the route to ospf using a network statement. Doing that, it works fine. One of the current crop of Cisco ASET labs. Not a very well written lab IMHO. It's the kind of lab that turns you into a proctor pest. thanks. > > To allow the redistribution of internal Border Gateway Protocol (iBGP) > routes into an Interior Gateway Protocol (IGP) such as Intermediate > System-to-Intermediate System (IS-IS) or Open Shortest Path First > (OSPF), use the bgp redistribute-internal command in address family > configuration mode. To restore the system to the default condition, use > the no form of this command. > > bgp redistribute-internal > no bgp redistribute-internal > > But this also needed for EIGRP, so it might not apply to your scenario > as you say that it works with EIGRP. > > Cheers, > > Willy > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > The Long and Winding Road > Sent: zondag 23 maart 2003 8:38 > To: [EMAIL PROTECTED] > Subject: Sanity Check - Redistributing BGP into an IGP [7:66018] > > Yes I know it's not a bright idea ;-> > > I'm working on a practice lab which appears to me to be poorly written. > Some > of the solutions are out of left field, but I suppose that's to be > expected > of CCIE practice labs. > > Question - redistribution of BGP into OSPF? Problematic? Impossible on a > Cisco router? > > I checked TAC and found the docs on OSPF into BGP writings. But nothing > the > other way around. > > I am unable to successfully redistribute BGP into OSPF, although it > works > just fine if I redistribute BGP into EIGRP, for example. The command > takes. > All the proper switches are there. But no route in OSPF or in the OSPF > database. > > Incidentally, the "book" solution to this lab is to manually place the > particular interface into the OSPF process with a network statement, in > addition to placing it manually into the BGP process with a network / > mask > statement. > > What am I missing that I can't seem to find on TAC? > > Thanks. > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66034&t=66018 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Sanity Check - ISDN and EIGRP [7:66016]
The lab in question is one of the current crop of Cisco ASET labs. My answer: access-list 120 deny ip any host 255.255.255.255 access-list 120 permit ip any host 224.0.0.9 access-list 120 permit ip any any The book answer: access-list 120 deny ip any host 255.255.255.255 access-list 120 permit ip any any Yes the ISDN link is practically permantently up. Depending on the flow of hellos, it may drop for an instant, but it pops right back up. In answer to someone else's point, no, snapshot routing is not an option with either ospf or eigrp. I am assuming that it is possible for bgp. not that I want to get off on a tangent right bow. :-O -- TANSTAAFL "there ain't no such thing as a free lunch" ""Nigel Taylor"" wrote in message news:[EMAIL PROTECTED] > Folks, >I'm sure this a pretty straight forward but as this ISDN > connection relates to the lab requirements as a complete scenario should > dictate how the requirements are interpreted. > > It seems strange that the ISDN link should stay up indefinitely. > > Another question here would be what "broadcast packets" are they referring > to that could bring up the line. > > Nigel > Dazed and confused :-> > > - Original Message - > From: "David j" > To: > Sent: Sunday, March 23, 2003 2:50 AM > Subject: RE: Sanity Check - ISDN and EIGRP [7:66016] > > > > See below: > > > > The Long and Winding Road wrote: > > > > > > I'm working on a practice lab problem. > > > > > > there are two domains - OSPF and EIGRP > > > > > > The two domains can only communicate via ISDN > > > > > > OSPF---R1---ISDN--R2EIGRP > > > > > > R1 is where redistribution takes place. The ISDN link is in the > > > EIGRP > > > domain. > > > > > > Pretty much I've concluded that the only way this works is that > > > here have to > > > be static default routes on R1 and R2 pointing to eachother. > > > The only other > > > way I can see this working is for the ISDN link to be > > > permanently up. > > > > > > Unfortunately, the lab instructions are not very clear on this > > > point. The > > > only relevant instructions are: > > > > > > 1) no broadcast packets should initiate a DDR session. > > > Multicast packets > > > should be able to traverse the ISDN link. > > > > > > 2) use an access-list 120 for any filters you may need for DDR > > > > > > 3) only IP traffic will need to traverse the link > > > > > > That multicast instruction is interesting. Am I on the right > > > track thinking > > > the test here is to let the link stay up forever by defining > > > the EIGRP > > > hellos as "interesting" ?? thoughts? > > > > I think so, in fact if the link were used as backup of a serial link it > > would be logical that eigrp multicast packets bring it up when the serial > > link is down. We have our backups defined more or less in that way ( on a > > eigrp - eigrp domain, but this is not so important here). We have defined > as > > interesting traffic any ip packet, but I think you could fulfill all > > requirements of this lab doing some "acl engineering", perhaps denying > > explicitly broadcast packets at the beginning of the acl. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66033&t=66016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sanity Check - Redistributing BGP into an IGP [7:66018]
Yes I know it's not a bright idea ;-> I'm working on a practice lab which appears to me to be poorly written. Some of the solutions are out of left field, but I suppose that's to be expected of CCIE practice labs. Question - redistribution of BGP into OSPF? Problematic? Impossible on a Cisco router? I checked TAC and found the docs on OSPF into BGP writings. But nothing the other way around. I am unable to successfully redistribute BGP into OSPF, although it works just fine if I redistribute BGP into EIGRP, for example. The command takes. All the proper switches are there. But no route in OSPF or in the OSPF database. Incidentally, the "book" solution to this lab is to manually place the particular interface into the OSPF process with a network statement, in addition to placing it manually into the BGP process with a network / mask statement. What am I missing that I can't seem to find on TAC? Thanks. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66018&t=66018 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sanity Check - ISDN and EIGRP [7:66016]
I'm working on a practice lab problem. there are two domains - OSPF and EIGRP The two domains can only communicate via ISDN OSPF---R1---ISDN--R2EIGRP R1 is where redistribution takes place. The ISDN link is in the EIGRP domain. Pretty much I've concluded that the only way this works is that here have to be static default routes on R1 and R2 pointing to eachother. The only other way I can see this working is for the ISDN link to be permanently up. Unfortunately, the lab instructions are not very clear on this point. The only relevant instructions are: 1) no broadcast packets should initiate a DDR session. Multicast packets should be able to traverse the ISDN link. 2) use an access-list 120 for any filters you may need for DDR 3) only IP traffic will need to traverse the link That multicast instruction is interesting. Am I on the right track thinking the test here is to let the link stay up forever by defining the EIGRP hellos as "interesting" ?? thoughts? Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66016&t=66016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP header [7:65718]
""KW S"" wrote in message news:[EMAIL PROTECTED] > Can someone tell me what is the function of the protocol field in the IP > header. > > I get a little confused after reading from some many sources. here's the horse's mouth: http://www.iana.org/assignments/protocol-numbers ( it says everything that RFC 791 says on the subject :-> ) > > Regards > kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66012&t=65718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:65998]
""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > I have 2 routers in AS300 > RTF is connected to RTA in AS 1239 & > RTG is connected to RTH in AS 701 > In AS300 I have set communities via a route-map to be advertised as follows: > 1239:110 to AS 1239 & > 701:120 to AS 701 > > Routers in AS 1239 and AS 701 have been configured with a community list and > a route-map to match these communities and change the local pref to 110 and > 120 respectively. > > These work fine: > Ex.AS701-H#bt >Network Next HopMetric LocPrf Weight Path > *> 3.3.3.0/24 190.90.10.1 120 0 300 i > > Ex. AS1239-A#bt >Network Next HopMetric LocPrf Weight Path > *> 3.3.3.0/24 180.80.10.1 0110 0 300 i > > > > AS1239 and AS701 are connected to RTE AS7018-NAP > > From AS7018, I wanted to route to be preferred through AS701 which has a > higher local pref of 120 > BUT AS7018 still prefers the route thru AS1239 which has a local pref. > And I do not see the local pref values in AS7018. Why?? > > Ex. AS7018-NAP#bt >Network Next HopMetric LocPrf Weight Path > * 3.3.3.0/24 170.70.10.20 701 300 i > *> 160.60.10.20 1239 300 i > > 160.60.10.2 is AS1239 > Now I do understand that all things being equal, BGP will prefer the router > with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus > AS7018 chooses this route. > > BUT I want AS7018 to choose AS701 to get to AS300's networks!!! > > Question: Should AS7018 on receiving the communites from AS1239 and AS701 > set the desired local pref?? > Why not?? > What am I missing? > Please advise. My read on it ( after checking Halabi's and Stewart's books ) is that LOCAL_PREF is typically set on the inbound side, not with the outbound side. LOCAL_PREF is an optional attribute. You don't want others to be able to impose their criteria on you. also - are you remembering to use the bgp send-communities switch? > > Thank you. > Sincerely, > CN > > > > > > > _ > Add photos to your e-mail with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65998&t=65998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS-Path acl question?? [7:65988]
""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > > Hello, > > Can any explain what these EXACTLY mean? > > > > ip as-path access-list 1 permit _109_ > > Matches any prefix that passed through AS 109. the book answer is that the underscore _ matches a lot of things including the beginning and the end of string. so _109_ should in theory match anything with 109 in it, including origination or most recent > > > ip as-path access-list 2 permit _200$ > > Matches any prefix that originated in AS 200. > > > ip as-path access-list 2 permit ^100$ > > Matches any prefix that only has AS 100 in the AS path. This would assume > that AS100 is directly adjacent and the prefix originated there. > > It would probably be helpful for you to learn about BGP regular expressions. > Do a search on Google using the terms "unix regular expressions" and you'll > find plenty of information that should clarify their use. The Cisco world of regulat expressions is found in, of all places, the dial solutions part of the documentation http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial _r/drdapp/drdrapre.htm#1017420 watch the wrap. better just to memorize the few most likely _x$ ^x_ _x_ ,* _x_y_ _x_y$ ^x_y_ should serve you pretty well. > > Good luck, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65997&t=65988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP bestpath as-path ignore - Hidden cmd?? [7:65987]
""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > Why is BGP bestpath as-path ignore a hidden cmd - if it indeed is?? Here is > what I got: > AS7018-NAP(config)#router bgp 7018 > AS7018-NAP(config-router)#bgp bestpath as? > % Unrecognized command > AS7018-NAP(config-router)#bgp bestpath as-path ? > % Unrecognized command > AS7018-NAP(config-router)#bgp bestpath as-path ignore > AS7018-NAP(config-router)# > > AS7018-NAP#rbr > router bgp 7018 > no synchronization > bgp router-id 150.50.100.100 > bgp log-neighbor-changes > bgp bestpath as-path ignore > > > Any ideas?? I've been going through the Parkhurt book again, and I have found a couple of these kinds of things on the IOS images I am using. IOS 12.1.5T10 and 12.2.12a. I believe both of these are IP Plus. neighbor x.x.x.x filter-list x weight is not in either of those versions, even though Parkhurst uses the command on page 173 and 174 I suspect these commands are available on higher end equipment. I'm pretty sure Parkhurst was not using 2501's when he did his work. I'm sure he had access to at least 7204's or 6's. > > > > > _ > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65996&t=65987 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: redistribution loop? [7:65962]
Sorry if I am misunderstanding your diagram. Where do you think the loop should appear? Routes originating on R8 would appear as connected, and therefore not be overwritten by redistribution, Same on R7. I guess I am just not seeing what the topology is or where you think the break should be. ""paul dong so"" wrote in message news:[EMAIL PROTECTED] > Hi All, > > Practicing redistribution. > > (route) - r8 - (eigrp) - r7 - ospf- r6 > | | > --- eigrp > > 150.50.3.0/24 is redistributed by r8 eigrp, r8 advertises it to r7 via > eigrp. R7 redistributes eigrp to ospf, also redistribute ospf to eigrp. > On r7, ospf database has type 5 LSA for 150.50.3.0/24, AD 110. eigrp > topology has EX route, AD 170. But r7 routing table use eigrp learned > path for forwarding. Why? I was expecting a loop. When will a loop created? > > r6 learns the route from ospf and eigrp, it use ospf as the forwarding > path, which is expected. > > Partial router config: > > r8: > interface Ethernet0 > ip address 150.50.3.8 255.255.255.0 > router eigrp 1 > redistribute connected > no auto-summary > > r8#sh ip route | i 150.50.3.0 > C 150.50.3.0/24 is directly connected, Ethernet0 > > r7: > router eigrp 1 > redistribute ospf 1 metric 56 100 255 1 1500 > router ospf 1 > redistribute eigrp 1 metric-type 1 subnets > > r7#sh ip route | i 150.50.3 > D EX150.50.3.0/24 [170/46251776] via 150.50.5.69, 01:40:13, Serial4/1 > r7#sh ip ospf database | i 150.50.3 > Type-5 AS External Link States > 150.50.3.0 200.0.0.7 796 0x8003 0x00186A 1 > > r7#sh ip route 150.50.3.0 > Routing entry for 150.50.3.0/24 >Known via "eigrp 1", distance 170, metric 46251776, type external >Redistributing via ospf 1, eigrp 1 >Advertised by ospf 1 metric-type 1 subnets tag 1 >Last update from 150.50.5.69 on Serial4/1, 01:44:46 ago >Routing Descriptor Blocks: >* 150.50.5.69, from 150.50.5.69, 01:44:46 ago, via Serial4/1 >Route metric is 46251776, traffic share count is 1 >Total delay is 21000 microseconds, minimum bandwidth is 56 Kbit >Reliability 255/255, minimum MTU 1500 bytes >Loading 1/255, Hops 1 > > r6 > r6#sh ip route | i 150.50.3.0 > O E1150.50.3.0/24 [110/30] via 150.50.7.7, 01:19:53, Ethernet0 > r6#sh ip ospf database > Type-5 AS External Link States > 150.50.3.0 200.0.0.7 927 0x8003 0x186A 1 > > > Thanks > > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65964&t=65962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE switch suggestions [7:65904]
Cisco has already answered this question Your first point of reference: http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html and in particular for the 3550 switches http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#13 and http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html#15 Do you need the particular switches to study? Well, there are things common to the 3550 and the 3500XL and maybe a couple of the other switches. The IOS image is similar enough to routers, that you can practice the configs on a router. Ask yourself - what is Cisco likely to test, and plan you studies accordingly. Rather than spend a lot of money on equipment so you can duplicate the Lab, you may want to invest in fewer pieces of equipment, and some on rack rental to practice a few particular things. -- TANSTAAFL "there ain't no such thing as a free lunch" ""Troy Leliard"" wrote in message news:[EMAIL PROTECTED] > Correct me if I am wrong, but does the CCIE have a IOS based switched or a > CatOS? I thought it was CatOS > > I know this question probably has been asked here before, so > > forgive me. I > > already have three routers (2x2514 and a 2509) and a Catalyst > > 1900 in my > > home lab. I want to get a switch that will help me in preparing > > for the > > CCIE. Can anyone make a suggestion on a switch that will give > > me the IOS > > features that I need while not being outrageously priced? > > > > -- > > Brad A. Nixon > > CCDA, CCNP, MCP, NNCSS > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65945&t=65904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why did Cisco do this? Off Topic [7:65834]
""Elijah Savage"" wrote in message news:[EMAIL PROTECTED] > Cisco buys Linksys. > > http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a 5141_1048177983.var&p=CSCO > Note that Cisco will continue with the Linksys name and operate the company as a separate division. Cisco failed miserably in the SOHO / Consumer market. But there is a LOT of money to be made there. So Cisco did what Cisco does - go out and buy a company that does it right. The advantage of operating the acquisition under its existing name, and operating it separately is that Cisco doesn't get into the game of trying to make their products interoperable from top to bottom. Part of their earlier problem is customers expected seamless integration of the low end with the high end, and Cisco couldn't make it happen. Linksys comsumer products - wireless, DSL, cable, switches, etc are great products, especially for the home market. Now Cisco is in the market as a player, not a wannabe. > > -- > "BSD is for people who love Unix - > Linux is for people who hate Microsoft" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65861&t=65834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Large number of VLANS [7:65815]
""Skarphedinsson Arni V."" wrote in message news:[EMAIL PROTECTED] > I was testing this in my lab, and could not get VTP to work with this setup, > as soon as I went over 254 vlans the Cat2950 gave me this message > > 00:17:11: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from > CLIENT to TRANSPARENT. > 00:17:11: VTP LOG RUNTIME: VTP mode changed to Transparent > > so it looks like I cant use VTP with this one, but I gues it will work if I > dont use VTP and just configure the vlans myself on the switches. You could if you planned it well. Just limit which VLANs are allowed over your trunks. May I ask? Why do you need so many VLANs? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65848&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eBGP Multi-hop [7:65823]
""Jim Devane"" wrote in message news:[EMAIL PROTECTED] > hello all, > > (Re-post...not sure if original msg made it our not) > > playing around again and have a question. eBGP multi-hop cannot come up if > the peer is known through a default route. > Is there a reason why? > I mean, what is the point of a static route that causes a recursive lookup > or a static route that simply points to the same next hop as a default route? > For that matter, I can't see it being a matter of proximity either. If > convergence time were not an issue, what is really wrong with having a 10 > hop or even 50 hop BGP session? (I know it is unlikely and there are > cetainly better ways to handle it (GRE or IPSec tunnel)) but for the sake of > argument... I've done BGP peering with other folks across the internet - as many as 25 hops away. It's doable with no problems, so long as your provider is not filtering BGP somewhere. > > Just curious, not able to find much on WHY it is like this... > I've run into this problem as well. My theory - it's part of the code, requiring a specific route to a peer. BGP in general is not supposed to do much of anything with any information unless there is a specific route in the router's routing table. Counter intuitive, but rational in that BGP is meant to be reliable, and dependence on a default route is not reliable. > thanks, > Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65850&t=65823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Large number of VLANS [7:65815]
""Skarphedinsson Arni V."" wrote in message news:[EMAIL PROTECTED] > Hi > > One question > > If I have the need to use many VLANS, let4s say around 400, can could I use > a 3550 switch that supports 1005 vlans as the core, and then 2950 switches > in the wiring closets, but they dont support more than 250 vlans, i.e. can I > use the 3550 with all the vlans, and the just trunk for example vlans 100-50 > to switch 1, 151-200 to switch 2, and so one, and would be possible to > implement that with VTP ? With careful planning, why not? OTOH, with such a large number of vlans required, can you justify at least 3550's everywhere? Good, cheap, fast - you can only have 2. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65841&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP header [7:65718]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > KW S wrote: > > > > Can someone tell me what is the function of the protocol field > > in the IP header. > > > > I get a little confused after reading from some many sources. > > > > Regards > > kws > > The Protocol field identifies the next layer, in other words the type of > payload that IP is carrying. Almost every protocol has a way of identifying > what the next layer is. The recipient layer uses this information to figure > out which process to pass the payload to. Given previous discussions here regarding "next layer" may I offer that this does not refer to the "next OSI layer" but rather something else? Otherwise we will have to go through anopther cycle of people thinking they are being told that OSPF operates at layer 4. :-> > > Ethernet II has EtherType. > IEEE 802.3 has the 802.2 Logical Link Control (LLC) Service Access Points > (SAPs). > IP has the Protocol field. > UDP and TCP have port numbers. > > The IP Protocol field identifies the next layer as being one of these: > > Protocol Type in Decimal > ICMP 1 > IGMP 2 > IP 4 (tunneling) > TCP6 > IGRP 9 > UDP 17 > GRE 47 > ESP 50 > AH51 > EIGRP 88 > OSPF 89 > > There are others but those are the most common. > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65794&t=65718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Getting out of hand?? [7:65676]
""Peter van Oene"" wrote in message news:[EMAIL PROTECTED] > At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote: > >Maccubbin, Duncan wrote: > > > > > > How is the industry supposed to keep up with this?? > > > >What's the issue? Not sure I'm seeing your point. What's wrong with Cisco > >announcing that their product received some sort of certificaton? > > Exactly.. I think the poster mistook the possibly ambiguous announcement as > yet another CCXX cert. > > >Now, if you were concerned that Cisco has too many ways for people to get > >certified and that the situation is getting out of hand, I might agree. > > I really am surprised at how many folks pour their heart/money into getting > one after another. I'm also amazed at how many folks will try and devote > a good portion of interview time to showing me their various certificates. > After the first couple I pretty much grasp that you have enough short term > memory to get through a multiple choice exam and we should really get back > to talking about technologies. > > Cisco makes big bucks on these certifications. The recert requirements > create a beautiful residual revenue stream making this business unit very > attractive internally to Cisco. Since they doubled the cost of the CCIE > recert, purely for profit, I have decided to let my certification lapse vs > give in to this obvious cash grab. Kudos to Cisco for making their VAR > channels one of their more lucrative revenue sources. The cycle historically runs such that as the demand ( people seeking certification ) peaks the value of the cert has already begun its decline. Coincidentally, there is a move to a new technology that blows away the old one. Witness Novell. ( OK so there aren't a lot of examples here ) But I really do have to wonder if technology is changing such that certs of any kind are less relevant. A long time ago, in a galaxy far away, Isaac Azimov wrote a short story about a society in which everyone certified in some technology or other, and when that technology changed, people could not find work. ( IIRC there were other aspects to the story as well, but that's an aside ) So, Peter, Howard, Priscilla, Dave, and anyone else - what's sneaking down the pipe? Or are things becoming such that no human intervention is required? > > >Priscilla > > > > > > > > > > "Cisco also announced today highly prestigious certification > > > support across > > > the entire PIX Family of security appliances. Certifications > > > earned include > > > the Common Criteria Evaluation Assurance Level 4 (EAL4) > > > certification, and > > > both ICSA Labs firewall and IPSec certifications. These > > > certifications > > > provide customers with independent and objective validation > > > that a company's > > > product meets certain levels of quality and reliability, and > > > are among the > > > industry's most respected and stringent criteria for > > > certification. > > > Providing customers broad certification support across the > > > Cisco PIX family > > > within a common operating system increases operational > > > efficiencies and > > > lowers support and management costs." > > > > > > > > > Duncan Maccubbin > > > US Network Support, Cable and Wireless > > > CCNA, CCNP, CSS1, MCSE4 > > > Work (703)287-6975 > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65703&t=65676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP header [7:65718]
""KW S"" wrote in message news:[EMAIL PROTECTED] > Can someone tell me what is the function of the protocol field in the IP > header. > > I get a little confused after reading from some many sources. here's the horse's mouth: http://www.iana.org/assignments/protocol-numbers ( it says everything that RFC 791 says on the subject :-> ) > > Regards > kws Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65725&t=65718 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Virtual link authentication - observations [7:65628]
a comment or to in line ( like the states ) ""Nigel Taylor"" wrote in message news:[EMAIL PROTECTED] > Chuck, > Let's see if I can make any sense in my reply to your comments. > When I think of a "virtual-link" as it relates to opsf, I think of it in > terms of being a tunnel. Also, short of being able to use a virtual-link, a > tunnel is what's recommended to maintain connectivity for any non-area0 > connected areas. Nigel, you're making me grind my teeth. A virtual link is NOT a tunnel. Who started the "tunnel" idea? Even Moy backed away from the use of the term "tunnel" in his second book. :-> > > Here's a excerpt from rfc 2328 which describes a virtual link. > > 12.4.1.3. Describing virtual links > > For virtual links, a link description is added to the > router-LSA only when the virtual neighbor is fully > adjacent. In this case, add a Type 4 link (virtual link) > with Link ID set to the Router ID of the virtual > neighbor, Link Data set to the IP interface address > associated with the virtual link and cost set to the > cost calculated for the virtual link during the routing > table calculation (see Section 15). > > > And then this excerpt from section 15.. > > The virtual link is treated as if it were an unnumbered point-to-point > network belonging to the backbone and joining the two area border routers. > An attempt is made to establish an adjacency over the virtual link. When > this adjacency is established, the virtual link will be included in backbone > router-LSAs, and OSPF packets pertaining to the backbone area will flow over > the adjacency. Such an adjacency has been referred to in this document as a > "virtual adjacency". It occurs to me that most of us think / are told that a virtual link is in area 0. I can't remember all the stuff I've read about this over the years. This recent observation tells me that the virtual link is an odd animal that is really part of the transit area. It doesn't quite follow the other OSPF rules. I know what the VL is supposed to do. It links the non adjacent area directly to area 0. It would "seem" reasonable that the link would have to be area 0. Judging from the workings of authentication, it would appear that on Cisco routers that the link is treated as part of the transit area. > > So as you noted it would be safe to say that a virtual-link is governed by > the termination points of it's unnumbered p-2-p links. So where your > transit-area uses MD5 authentication so must your virtual-link. > > Alex Zinin's Cisco IP Routing [pg. 489] clearly states that the virtual-link > always belongs to the backbone. In saying this, the characteristics of the > transit area to identify the peering ABR and then receive > packets(encrypted/decrypted) would be the only things that associates the > virtual-link to the transit area. It wouldn't be the first time that someone was incorrect about the way things really work versus the way it appears they work. Recall my statement above. The virtual link is NOT a tunnel. It operates solely based on the presense of the V-bit in the OSPF header. I imagine that the router code is such that it passes packets based on the presence of the V-bit. The router code has to base it's operation on SOMETHING in the OSPF header. So when it comes to authentication, Cisco router code determines the need for authentication based on the various values of the headers involved. After all, there's nothing in the RFC that requires that authentication work in a certain manner. Someone asked me off line about how the Lab proctors might grade this kind of task. The answer of course is "who knows?" All you're given is a percentage of the general section. The key is understanding how to make it work without spending too much time "trying things" > > HTH > > Nigel :-) > > > > > - Original Message - > From: "The Long and Winding Road" > To: > Sent: Tuesday, March 18, 2003 12:04 AM > Subject: OSPF Virtual link authentication - observations [7:65628] > > > > Not sure I have this all sorted out correctly. Perhaps those with a bit > more > > experience might add their wisdom, not to mention their corrections. > > > > The ospf virtual link being what it is, it follows rules similar to any > > other interface. > > > > It does appear, though, that in terms of structure, it looks something > like > > this: > > > > ( commands under the ospf process ) > > > > area X authentication > > area X
Re: OSPF Virtual link authentication - observations [7:65628]
a comment or to in line ( like the states ) ""Nigel Taylor"" wrote in message news:[EMAIL PROTECTED] > Chuck, > Let's see if I can make any sense in my reply to your comments. > When I think of a "virtual-link" as it relates to opsf, I think of it in > terms of being a tunnel. Also, short of being able to use a virtual-link, a > tunnel is what's recommended to maintain connectivity for any non-area0 > connected areas. Nigel, you're making me grind my teeth. A virtual link is NOT a tunnel. Who started the "tunnel" idea? Even Moy backed away from the use of the term "tunnel" in his second book. :-> > > Here's a excerpt from rfc 2328 which describes a virtual link. > > 12.4.1.3. Describing virtual links > > For virtual links, a link description is added to the > router-LSA only when the virtual neighbor is fully > adjacent. In this case, add a Type 4 link (virtual link) > with Link ID set to the Router ID of the virtual > neighbor, Link Data set to the IP interface address > associated with the virtual link and cost set to the > cost calculated for the virtual link during the routing > table calculation (see Section 15). > > > And then this excerpt from section 15.. > > The virtual link is treated as if it were an unnumbered point-to-point > network belonging to the backbone and joining the two area border routers. > An attempt is made to establish an adjacency over the virtual link. When > this adjacency is established, the virtual link will be included in backbone > router-LSAs, and OSPF packets pertaining to the backbone area will flow over > the adjacency. Such an adjacency has been referred to in this document as a > "virtual adjacency". It occurs to me that most of us think / are told that a virtual link is in area 0. I can't remember all the stuff I've read about this over the years. This recent observation tells me that the virtual link is an odd animal that is really part of the transit area. It doesn't quite follow the other OSPF rules. I know what the VL is supposed to do. It links the non adjacent area directly to area 0. It would "seem" reasonable that the link would have to be area 0. Judging from the workings of authentication, it would appear that on Cisco routers that the link is treated as part of the transit area. > > So as you noted it would be safe to say that a virtual-link is governed by > the termination points of it's unnumbered p-2-p links. So where your > transit-area uses MD5 authentication so must your virtual-link. > > Alex Zinin's Cisco IP Routing [pg. 489] clearly states that the virtual-link > always belongs to the backbone. In saying this, the characteristics of the > transit area to identify the peering ABR and then receive > packets(encrypted/decrypted) would be the only things that associates the > virtual-link to the transit area. It wouldn't be the first time that someone was incorrect about the way things really work versus the way it appears they work. Recall my statement above. The virtual link is NOT a tunnel. It operates solely based on the presense of the V-bit in the OSPF header. I imagine that the router code is such that it passes packets based on the presence of the V-bit. The router code has to base it's operation on SOMETHING in the OSPF header. So when it comes to authentication, Cisco router code determines the need for authentication based on the various values of the headers involved. After all, there's nothing in the RFC that requires that authentication work in a certain manner. Someone asked me off line about how the Lab proctors might grade this kind of task. The answer of course is "who knows?" All you're given is a percentage of the general section. The key is understanding how to make it work without spending too much time "trying things" > > HTH > > Nigel :-) > > > > > - Original Message - > From: "The Long and Winding Road" > To: > Sent: Tuesday, March 18, 2003 12:04 AM > Subject: OSPF Virtual link authentication - observations [7:65628] > > > > Not sure I have this all sorted out correctly. Perhaps those with a bit > more > > experience might add their wisdom, not to mention their corrections. > > > > The ospf virtual link being what it is, it follows rules similar to any > > other interface. > > > > It does appear, though, that in terms of structure, it looks something > like > > this: > > > > ( commands under the ospf process ) > > > > area X authentication > > area X
OSPF Virtual link authentication - observations [7:65628]
Not sure I have this all sorted out correctly. Perhaps those with a bit more experience might add their wisdom, not to mention their corrections. The ospf virtual link being what it is, it follows rules similar to any other interface. It does appear, though, that in terms of structure, it looks something like this: ( commands under the ospf process ) area X authentication area X virtual-link y.y.y.y authentication area X virtual-link y.y.y.y authentication-key WORD where X is the non zero area number over which the virtual link transits. In other words, for purposes of structure, the virtual link is not really part of area 0. It is a point-to-point link that is part of the non zero transit area. Am I understanding this correctly? I have a setup working, where the area 0 authentication is simple and the transit area authentication is MD5, and no adjacency is formed across the virtual link with simple authentication, but comes up just fine with MD5. Any comments are appreciated. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65628&t=65628 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Authentication Reference Chart [7:65601]
Glad you like it. You may want to check again, as I noticed that my text box did not make it through. I rewrote the page to include some helpful text. -- TANSTAAFL "there ain't no such thing as a free lunch" ""NKP"" wrote in message news:[EMAIL PROTECTED] > thanks Chuck , it has cleared my doubts on OSPF authentication. > > ""The Long and Winding Road"" wrote in > message news:[EMAIL PROTECTED] > > For those struggling with OSPF authentication, I have created an OSPF > > authentication reference chart on my web site: > > > > http://www.chuckslongroad.info/OSPF_Authentication.htm > > > > While visiting, you might also want to read through the essay I wrote on > > this topic a couple of months back on Groupstudy. > > > > http://www.chuckslongroad.info/2003_01_03.htm > > > > HTH > > > > Chuck > > > > > > > > -- > > TANSTAAFL > > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65626&t=65601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Authentication Reference Chart [7:65601]
For those struggling with OSPF authentication, I have created an OSPF authentication reference chart on my web site: http://www.chuckslongroad.info/OSPF_Authentication.htm While visiting, you might also want to read through the essay I wrote on this topic a couple of months back on Groupstudy. http://www.chuckslongroad.info/2003_01_03.htm HTH Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65601&t=65601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Simple IP address question [7:65597]
""Sam"" wrote in message news:[EMAIL PROTECTED] > Hey there > > I had a simple question. > > I came across this router which had an ip address of 199.66.15.252/27 > > I wonder how that is possible because it doesn't seem a legal address. > With a subnet mask of 27, you get 6 subnets as follows: > 32-64 > 64-96 > 96-128 > 128-160 > 160-192 > 192-224 this is true in terms of legacy. In the new world, the all zero's and the all one's subnets may be used. On Cisco equipment, the all one's subnet has been a default for quite a while. The all zero's was invoked with the command ip subnet-zero I believe that with IOS images greater than 12.1, that all zero's is enabled by default. > > Thx, > Sam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65602&t=65597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Topology Question - Parkhurst's Book [7:65532]
""Mike"" wrote in message news:[EMAIL PROTECTED] > Since the spoke routers are NBMA, multicast hello's will not locate the > neighbor. The ospf router neighbor command must be used to manually identify > the neighbor so routing updates can be exchanged. I'm not sure why you > would want to implement in this way, but it will work. Parkhurst is attempting to tach a lesson about the neighbor statement. Unfortunately, the lesson appears not be be complete. You say it should work. So I srt this one up again. Observe: Router 1 OSPF database excerpt OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 138 0x8003 0x005E7F 4 2.2.2.2 2.2.2.2 214 0x8004 0x00D1F1 1 206.6.6.6 206.6.6.6 138 0x8002 0x00C348 1 Router 1 routing table: Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback1 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial1.2 C 10.1.1.4 is directly connected, Serial1.3 R1# Router 2 OSPF database excerpt OSPF Router with ID (2.2.2.2) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 198 0x8003 0x5E7F 4 2.2.2.2 2.2.2.2 273 0x8004 0xD1F1 1 206.6.6.6 206.6.6.6 199 0x8002 0xC348 1 Router 2 routing table: 2.0.0.0/32 is subnetted, 1 subnets C 2.2.2.2 is directly connected, Loopback1 10.0.0.0/30 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Serial1 R2# Router 3 OSPF database excerpt OSPF Router with ID (206.6.6.6) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 238 0x8003 0x5E7F 4 2.2.2.2 2.2.2.2 313 0x8004 0xD1F1 1 206.6.6.6 206.6.6.6 238 0x8002 0xC348 1 Router 3 routing table Gateway of last resort is not set 3.0.0.0/32 is subnetted, 1 subnets C 3.3.3.3 is directly connected, Loopback0 10.0.0.0/30 is subnetted, 1 subnets C 10.1.1.4 is directly connected, Serial1 R3# Change the spoke ospf network types from non broadcast to point-to-multipoint and ( sample from one router, but it is true for all:) pops right up: 01:16:07: OSPF: Database request to 2.2.2.2 01:16:07: OSPF: sent LS REQ packet to 10.1.1.2, length 12 01:16:07: OSPF: Synchronized with 206.6.6.6 on Serial1.3, state FULL 01:16:07: %OSPF-5-ADJCHG: Process 1, Nbr 206.6.6.6 on Serial1.3 from LOADING to FULL, Loading Done 01 R1#:16:07: OSPF: Rcv DBD from 2.2.2.2 on Serial1.2 seq 0x9C5 opt 0x42 flag 0x1 l en 32 mtu 1500 state EXCHANGE 01:16:07: OSPF: Exchange Done with 2.2.2.2 on Serial1.2 01:16:07: OSPF: Send DBD to 2.2.2.2 on Serial1.2 seq 0x9C5 opt 0x42 flag 0x0 len 32 01:16:07: OSPF: Synchronized with 2.2.2.2 on Serial1.2, state FULL 01:16:07: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial1.2 from LOADING to FU LL, Loading Done R1# and routing table has ospf routes: Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback1 2.0.0.0/32 is subnetted, 1 subnets O IA2.2.2.2 [110/65] via 10.1.1.2, 00:00:02, Serial1.2 3.0.0.0/32 is subnetted, 1 subnets O IA3.3.3.3 [110/65] via 10.1.1.6, 00:00:02, Serial1.3 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks O 10.1.1.2/32 [110/64] via 10.1.1.2, 00:00:02, Serial1.2 C 10.1.1.0/30 is directly connected, Serial1.2 O 10.1.1.6/32 [110/64] via 10.1.1.6, 00:00:03, Serial1.3 C 10.1.1.4/30 is directly connected, Serial1.3 R1# as to whether this is one of the vagueries of the IOS versions I am running, I cannot say. But even speaking teoretically, a point-to-point link will not form a proper adjacency with an NMBA link, neighbor staement or no. Each side thinks the other is like itself, and they are not the same. Examples to the contrary are welcome. > > Regards > > ""The Long and Winding Road"" wrote in > message news:[EMAIL PROTECTED] > > Ran into something in Parkhurst's OSPF book while studying tonight. > Looking > > for validation of my observation. > > > > The example: OSPF over frame relay > > > > The topology: hub and spoke, with a twist. The hub uses subinterfaces ( > one > > to each spoke router ) and the spokes use physical interfaces. > > > > Now, the Parkhurst examples show leaving the physical interfaces as ospf > > type non-broa
The Joys of The OSPF Database [7:65546]
I've been hunkering down with the Parkhurst OSPF book, just refreshing my memory. BTW, for the nitty gritty on how commands work on Cisco routers, Parkhurst is da man. However, I am noticing a lot of glitches for which I have neither the patience nor the time to sort out. For example, redistribution into OSPF. As I go through the Parkhurst exercises, I find odd things in my routing tables - routes that should have been filtered in the route-map. route tags assigned by the route-map but not showing up in the ospf database ( show ip ospf database ) or into the routing table ( show ip route x.x.x.x ) Sometimes "clear ip ospf redistribution" does not clear all the routes. I have also noticed this odd thing: When reditributing EIGRP, for example, if I enter a "no redistribute eigrp x route-map etc" command under the ospf process, I go back and look at the configuration, and there is a "redistribute eigrp x" statement still there. it wasn't there to start with. This has happened a couple of times. another one is the application of route tags. This happened a couple of times, and it took several applications of the "clear ip ospf redistribution" to finally get the route tags to attach to the routes. for those who have experienced bizarre behaviour like this during your studies, all I can say is I feel your pain. It is apparent that some of the IOS images out there can produce odd behaviour sometimes. All of this further validates my belief that I ran into one of those "one of" bugs in the Lab last time through. I can't say what it was, fearing an NDA violation rap, but it involved something I have done many times here at home and works exactly the way it is described in the documentation - EXCEPT in the Lab pod I was using - and ended up costing me about 10 points, in my estimation :-< -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65546&t=65546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Topology Question - Parkhurst's Book [7:65532]
Ran into something in Parkhurst's OSPF book while studying tonight. Looking for validation of my observation. The example: OSPF over frame relay The topology: hub and spoke, with a twist. The hub uses subinterfaces ( one to each spoke router ) and the spokes use physical interfaces. Now, the Parkhurst examples show leaving the physical interfaces as ospf type non-broadcast, change the ospf timers on the subinterfaces, place neighbor statements on the spoke routers ( physical interfaces ) and all is well. Except I don't believe it works this way. The subinterfaces are point-to-point networks, and expect the other side to be a point-to-point connection and adjacency. the physical interfaces are non-broadcast, and expect DR elections to occur, something the router with the subinterfaces will not do. I believe the correct solution is to make the physical interfaces ospf type point-to-multipoint. An alternative is to change the physical interfaces to ospf point-to-point. In any case - can anyone else verify what I see and do not see - that Parkhurst chapter 11, example 3, pages 275-279 answer is incomplete? thanks. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65532&t=65532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF over frame relay quick reference document [7:65517]
A byproduct of some recent study. Probably should be classed a work in progress. Hope it helps http://www.chuckslongroad.info/OSPF_Frame_Reference.htm Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65517&t=65517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Demand Circuit - interesting and frustrating [7:65509]
an interesting evening, all things considered. where's that woman from Australia been lately? Jen - your insight and experience would be most welcome here :-> Got an OSPF demand circuit to work as advertised: R2#o data OSPF Router with ID (10.7.7.7) (Process ID 2) Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 10.7.7.710.7.7.727 0x8022 0xEEC3 5 10.9.9.910.9.9.97 (DNA) 0x80BE 0x940D 2 10.111.111.110.111.111.1103 0x8039 0xE4F3 5 Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.1.2.110.111.111.1103 0x800B 0x2C03 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.4.1.110.9.9.9318 (DNA) 0x8003 0x14E6 10.4.2.110.9.9.9318 (DNA) 0x8003 0x9F0 10.8.8.010.9.9.9318 (DNA) 0x8003 0x3CBE 10.9.9.010.9.9.9318 (DNA) 0x8003 0x25D3 10.34.34.0 10.9.9.918780x8030 0xE3AC 10.44.1.0 10.9.9.9860 0x8002 0x3E96 172.16.1.1 10.9.9.966(DNA) 0x8002 0x430A R2# HOWEVER: it only worked for a little while. Note the time stamps. R2#sh di 01:26:47: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 2221 R3, call lasted 120 secondsaler 01:26:47: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 01:26:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down 01:26:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down Link goes down at 1:26 and change. BRI0 - dialer type = ISDN Dial String Successes FailuresLast DNIS Last status 222138 100:02:04 successful 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle R2# 01:48:19: %OSPF-5-ADJCHG: Process 2, Nbr 10.9.9.9 on BRI0 from FULL to DOWN, Neighbor Down: Dead timer expired R2# NOTE - the time stamp indicates the adjacency dies at 1:48 and change - roughly 22 minutes later. This is the best result I've had so far, but still a bit short of expectation. IMHO the demand situation SHOULD last FOREVER!! Note that the OSPF database still shows the DNA's for the routes in question. R2#o data OSPF Router with ID (10.7.7.7) (Process ID 2) Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 10.7.7.710.7.7.7713 0x8025 0xE3F3 10.9.9.910.9.9.97 (DNA) 0x80BE 0x940D 2 10.111.111.110.111.111.1763 0x803B 0xE0F5 5 Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.1.2.110.111.111.1763 0x800D 0x2805 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.4.1.110.9.9.9318 (DNA) 0x8003 0x14E6 10.4.2.110.9.9.9318 (DNA) 0x8003 0x9F0 10.8.8.010.9.9.9318 (DNA) 0x8003 0x3CBE 10.9.9.010.9.9.9318 (DNA) 0x8003 0x25D3 172.16.1.1 10.9.9.966(DNA) 0x8002 0x430A R2# Anyone with real world experience got any thoughts? Recall that this is done with IOS 12.1.5T10 and an ISDN simulator, which has proven interesting, to say the least. TAC docs indicate that lots of things ISDN related have been "fixed" in 12.2 releases. Good night, all. Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65509&t=65509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PREVENT RIP ROUTING PROTOCOL FROM TRIGGER DIALER. [7:65482]
""Abdallah Quqas"" wrote in message news:[EMAIL PROTECTED] >> Dear ALL; > > > > How we may prevent and block Rip Routing protocol from trigger dialing > > through isdn BRI. And HOW we can be assured that the unknown trigger come > > from RIP. access-list 101 deny udp any any eq RIP ( 520 ) access-list 101 permit ip any any dialer-list 1 protocol ip list 101 int bri 0 dialer-group 1 should do the trick assuming all things are equal. > > Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65510&t=65482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - CCIE Certification Junkies [7:65499]
With the announcement of the CCIE Voice certification ( a Good Thing, IMHO ) I wonder a couple of things: 1) who will be the first quadruple CCIE? 2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid certifications, making it possible to have more than four? 3) When will the CCIE become just another useless cert in the long history of useless networking certs? NRF - you out there tonight? -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65499&t=65499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65348]
""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > >Can't find the link off hand, but recently I read something on the > Cisco web > >site about L2 vulnerabilities - mac flooding or something. > > > >In any case, what it comes down to is that the possibility exists > that > >someone of evil intent could sniff a network and discover something > useful > >that could be used to cause problems later. > > > >Why have OSPF authentication on internal links? Why have chap > authentication > >on dial up lins? After all, who's out there tapping your telephones? > > I understand your reasoning here but I have to slightly disagree with > it. In a LAN I'd possibly agree with this, but if someone is sniffing > your WAN or MAN connections then you have way bigger problems than CDP! > If someone at the telco has inserted a sniffer into the frame relay > network or onto a point-to-point link then they're already going to be > getting a lot more information than CDP provides, and turning CDP off > would be worthless. They'll already see all of your routing updates as > well as all unencrypted traffic. They'll also already know what the > endpoints of that circuit are so how would CDP help them? It wouldn't. > > On a LAN you run into the problem of physical access. If someone can > physically access a hub or a switch they might be able to access your > network. In a case like that perhaps you'd want to turn off CDP, but I'd > suggest upgrading your physical security before turning off CDP. If > there's the potential for a stranger to get into one of your wiring > closets and hook up with a laptop then again, you have much bigger > problems than just CDP. Like there is just about every place I've ever worked? Your most vulnerable place for physical access is your MDF, and surprise - that seems to be the place where lots of strangers need to get - PBX service people, telco people, electricians, HVAC people, misc vendors from various trades. 2nd most vulnerable place? Branch office / small office closets, which often double as file rooms. None other than Very Large Brokerage Firm had no control process when I worked there. Techs would just show up, and the bozos in New York considered it beneath them to ever bother to inform a branch office tech to expect visitors. Thing is, the room in question contained one of the Company's major communications nodes, covering all of the west coast and asia-pacific data communications for maybe 300 other offices and service centers. My job was to shut up, open the door, and otherwise mind my own business. :-O > > > > > >What do you want - convenience or security? Cuz maybe you can't have > both. > > > >Kinda like at the airport. Maybe you feel safer because they're > searching > >people like me, who really do look like criminals, but do you feel > safer if > >they're searching 80 year old ladies and 5 year old children? Could > either > >one of those types pose a security risk? Interesting tradeoff, isn't > it. > >particularly given certain incidents in a particular country of late. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65348&t=65348 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Life with an ISDN simulator [7:65399]
Lesson 1 - if you can't get it to work, call tech support. It will start working the instant you are talking to a tech. Lesson 2 - if it was working on the physical interface, and not working when you moved everything to the dialer interface, just power cycle the hardware. Things start working like a charm. Lesson 3 - When reading through TAC docs on troubleshooting ISDN, do not become discouraged when you read that IOS 12.2 has fixed just about all the problems with that occurred in 12.0 and 12.1 Instead plan your strategy, knowing that ( according to Cisco ) IOS 12.1 is still in the CCIE lab. Does OSPF demand circuit REALLY work the way it is supposed to? I see all the routes on both sides of the ISDN link as DNA in the OSPF table, and both interfaces show "spoofing" but hellos are still being sent every 10 seconds. Depending on the dialer-list, this means either that the link keeps popping back up or the adjacency is lost. Snapshot routing with RIP works as advertised. Backup interface is a real pain. Forget dialer watch. Enjoying my reading of a number of documents found in the TAC portion of CCO. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65399&t=65399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65279]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > chris kane wrote: > > > > It recently came to my attention that my company may plan to > > disable all CDP > > in our network. The current vibe is that they see it as a > > security risk. My > > intent is to research this and provide a paper arguing for the > > use of CDP. > > The purpose for my post is to see if my opinions of the > > benefits of CDP are > > realistic (sanity check) and to see how others view CDP, > > weighing it's > > usefulness vs. any possible risk. > > > > I have already begun researching any security releases on CCO > > in regards to > > CDP. Initial scan shows a 'vulnerability' notice that Cisco > > most recently > > updated on Feb 12, 2003. This information can be found at this > > link: > > > http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09 > > 186a0080093ef0.shtml > > > > Looking at CDP from a troubleshooting tool perspective, I am > > all for it. > > I've personally been saved unknown hours tracing down a problem > > because CDP > > allowed me to bounce around the network quickly. Our network is > > not small. > > And as most people would agree, documentation is never what we > > all would > > like it to be. Therefore, I find that CDP's ability to display > > the network > > below Layer 3 is appreciated. > > So will a hacker appreciate CDP's ability to display information about the > internetwork. > > I think that's the reasoning behind the security experts saying to turn it > off. That is indeed the current vibe. > > I took a Cisco security class at the Usenix Security Symposium in August > 2002. The instructor said to turn it off. > > Have you looked at the documents at the Center for Internet Security? They > have benchmarks for Cisco security. They have 2 levels. Even with the less > severe level, they say to turn off CDP. > > The Center for Internet Security tries to develop consensus on security > measures. Their partners include The SANS Institute, the DoD Computer > Emergency Response Team, NASA, National Institute of Standards and > Technology, etc. > > Their Web site is here: > > http://www.cisecurity.org/ > > On the other hand, I think you could certainly make a good case for not > disabling CDP. Being able to troubleshoot efficiently is just as important > as security when considering network availability. A network that's broken > and due to typical network problems is experiencing a denial of service just > as bad as if a hacker had broken in. Good troubleshooting tools mean a more > available network, there's no question. > > I hope others answer too. I know that all the security people say to turn it > off and most people who actually work in the trenches say, "Hunh?" Can't find the link off hand, but recently I read something on the Cisco web site about L2 vulnerabilities - mac flooding or something. In any case, what it comes down to is that the possibility exists that someone of evil intent could sniff a network and discover something useful that could be used to cause problems later. Why have OSPF authentication on internal links? Why have chap authentication on dial up lins? After all, who's out there tapping your telephones? What do you want - convenience or security? Cuz maybe you can't have both. Kinda like at the airport. Maybe you feel safer because they're searching people like me, who really do look like criminals, but do you feel safer if they're searching 80 year old ladies and 5 year old children? Could either one of those types pose a security risk? Interesting tradeoff, isn't it. particularly given certain incidents in a particular country of late. > > Priscilla > > > > > > Also from a tool perspective, I know CiscoWorks has tools to > > offer that > > utilize CDP. And I've seen software from other companies that > > does as well. > > Think Layer 2 traceroute capability. > > > > Looking at CDP from a multi-vendor platform perspective, I > > realize that it's > > often beneficial to turn off CDP on interfaces that connect to > > non-Cisco > > devices. No point in bothering a non-Cisco device with traffic > > that it can't > > process. But note, this is not turning off CDP globally per > > router/switch, > > but rather, disabling on an as-needed basis per interface. > > > > I'd like to hear other views and I'd appreciate feedback and > > opinions about > > this. > > > > Thanks, > > -chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65279&t=65279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet phone, is it possible? [7:65123]
""nrf"" wrote in message news:[EMAIL PROTECTED] > ""The Long and Winding Road"" wrote in > message news:[EMAIL PROTECTED] > > ""supernet"" wrote in message > > news:[EMAIL PROTECTED] > > > A friend of mine wants to establish a business that use internet to make > > > phone calls. He wants to set up PSTN gateways in some countries and sell > > > IP phones to high speed customers so customers can talk to each other > > > free of charge and they can call PSTN for a fee. I think net2phone.com > > > has the same thing. > > > > > > Anyone remember Blue Kangaroo? > > > > Risky business model. Capital intense. High customer support costs. > > > > Businesses can get long distance nationwide at less than 3 cents a minute > > these days. I gotta wonder if there really is enough demand to make this a > > profitable business, given the thin margins. > > Yeah, but that's 3 cents a minute for calls in the US. International > tariffs are significantly more expensive and hence offer more opportunities > for arbitrage. yeah, different assumptions mean different results. A couple three years ago I was working at Well Known Clothing manufacturer in San Francisco. The folks there were working hard to get VoIP toll bypass going between HQ and their manufacturing plants in the far east. The number I heard was 80,000 a month in potential savings - well worth investing a few thousand a month in equipment and bandwidth for lease lines. I would imagine that these days, voice over internet would be worth looking at for that kind of money. I still think, despite the continued cannibalization of the telco network, the economics just does not favor telecom startups in this field. One would hope that the telcos wake up and begin leveraging t=what they already have in place. Too bad the regulatory environment discourages this. > > > > > ( Looking at low balance in bank account ) Obviously I know something > about > > making money.. :-Anyway, He has some questions that I couldn't > > > answer. I appreciate if someone can help me: > > > > > > 1. Should he use SIP or CCM? > > > 2. Is round trip delay 200-300 msec acceptable? > > > > > > Thanks. > > > Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65259&t=65123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 Switches Vs Routers [7:65215]
The problem with this whole discussion is that it focuses around hardware that has been defined as something by the manufacturers, and does not focus on function. In the end, it is software - code - that does what it does, and the hardware it runs on is irrelevant. The OSI model is just a way of looking at things. Even Cisco says as much. OSI is not a hard and fast rule about how thing have to work. If an action is taken based on the IP header info, it is L3. If action is taken based on ethernet header info, it is L2. How that action is coded, where that code resides, is irrelevant. JMHO -- TANSTAAFL "there ain't no such thing as a free lunch" ""aletoledo"" wrote in message news:[EMAIL PROTECTED] > a "layer three switch" is a router, just as a "switch" is really a bridge. a > layer 3 switch 'routes' in hardware, while a router routes in software. > > thats the easiest way to look at them. it has gaps, but once you get the big > picture you can then start to talk about the specifics. > > probably the biggest thing that a layer 3 switch can't do (unless its > changed recently) is route anything but IP. while designing the hardware > routing circuits for a L3-switch they had to compromise and IP being the > most popular won out. thats not to say that one day they won't have made > enough chipsets to route every other kind of protocol also. I suppose since > we saw the death of bridges due to switches, we'll also see the death of > routers to L3-switch. > > scott > > ""nanda"" wrote in message > news:[EMAIL PROTECTED] > > Hi ... > > > > We have switches that operate at Layer 3..right.. > > My Question is when we have Routers that are good enough why do we need > > switches at layer3? > > Under what circumtances do we use switches instead of routers? > > > > Hope I made Myself Clear...Thanks in Advance!!! > > > > Regards... > > Nanda Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65255&t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Workbook homelab ? [7:65161]
""richard dumoulin"" wrote in message news:[EMAIL PROTECTED] > I was wondering whether the people who passed the lab and used the well > known prep lab workbooks did adapt their own home lab to do the exercises or > bought all the necessary routers/switches to set up the 13 router lab or > just purchased remote rack. This is one of my gripes about the various places that sell study materials. The practice labs are written to reflect racks which you rent from them. There is only so much you can do to adapt. > I myself possess 6 routers but they are only sufficient to do the Solie's > labs, not more. Is it breaking NDA to state that the CCIE lab contains a certain number of routers? More than? Fewer than? More than two and fewer than 50? ;-> The other thing - if you do a google search on - CCIE rack rental ( words, not phrase ) you will find a LOT of places that offer rack rental and practice labs. We all know the big three, but there are many other sources, and I'm sure that many of their packages use fewer than the dozen plus that some places require for their labs. > Thanks for any comment on this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65230&t=65161 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Internet phone, is it possible? [7:65123]
""supernet"" wrote in message news:[EMAIL PROTECTED] > A friend of mine wants to establish a business that use internet to make > phone calls. He wants to set up PSTN gateways in some countries and sell > IP phones to high speed customers so customers can talk to each other > free of charge and they can call PSTN for a fee. I think net2phone.com > has the same thing. Anyone remember Blue Kangaroo? Risky business model. Capital intense. High customer support costs. Businesses can get long distance nationwide at less than 3 cents a minute these days. I gotta wonder if there really is enough demand to make this a profitable business, given the thin margins. ( Looking at low balance in bank account ) Obviously I know something about making money.. :-Anyway, He has some questions that I couldn't > answer. I appreciate if someone can help me: > > 1. Should he use SIP or CCM? > 2. Is round trip delay 200-300 msec acceptable? > > Thanks. > Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65129&t=65123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - Apologies to Mr. Solie [7:65029]
OK, enough already. I messed up the guy's name. Like it's never happened to me Mr. Solie, I am enjoying reading your book and I sincerely apologize for mis spelling and therefore mis representing your name. As I said last night, I find this one more understandable than Caslow in many places, including ISDN. Chuck who must have been thinking Soltie and Pepper-ie -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65029&t=65029 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any w2k syslog server avaiable? [7:64883]
wrote in message news:[EMAIL PROTECTED] > 3com > > (tftp , syslog and ftp all in one program...) you know, I've used the 3com TFTP server for a year or two now. never paid attention to the other features. thanks much. I appreciate the tip. Chuck > > > > - Original Message ----- > From: "The Long and Winding Road" > To: > Sent: Monday, March 10, 2003 11:15 AM > Subject: Re: Any w2k syslog server avaiable? [7:64883] > > > > ""Richard Campbell"" wrote in message > > news:[EMAIL PROTECTED] > > > Hi.. I used to use unix syslog server to log the cisco device event. > But > > > there is no unix box in my new company. Only w2k. May I know is there > > any > > > syslog software avaiable that I can install in W2k? > > > > check out Beverly Hills Software - www.bhs.com > > > > do a search after clicking on "downloads" there are a couple available. > > > > HTH > > > > > > > > > > Thanks > > > > > > _ > > > Add photos to your messages with MSN 8. Get 2 months FREE*. > > > http://join.msn.com/?page=features/featuredemail > > Virus taramasi Vexira AV programi kullanilarak Is Net tarafindan > yapilmistir. > > This e-mail is checked by Is Net against all known types of viruses using > Vexira AV. > > Is Net'in en ucuz saatlik kullanim paketi Teneffus.Net'i ve en ucuz > sinirsiz erisim paketi Taksitli Ekonet'i duymus muydunuz? > > http://www.isnet.net.tr/teneffusnet/ > > http://www.isnet.net.tr/taksitliekonet/ > > > > > -- > Virus taramasi Vexira AV programi kullanilarak Is Net tarafindan yapilmistir. > This e-mail is checked by Is Net against all known types of viruses using > Vexira AV. > Is Net'in en ucuz saatlik kullanim paketi Teneffus.Net'i ve en ucuz sinirsiz > erisim paketi Taksitli Ekonet'i duymus muydunuz? > http://www.isnet.net.tr/teneffusnet/ > http://www.isnet.net.tr/taksitliekonet/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65011&t=64883 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Basic Frame Relay question [7:64923]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > DeVoe, Charles (PKI) wrote: > > > > I am looking at frame relay. As I understand it, the frame > > relay connection > > goes from the CPE to the service provider CO. My question is, > > does the > > destination device on the other side of the CO also need to run > > frame relay? > > Could they perhaps run ATM? > > > > My CPE CODest. CPE > > | Frame Relay|ATM | > > > > Good question. Yes, the Frame Relay Forum defines a method for doing this. > It's called Frame Relay ATM Interworking. (Yes, the word is really > interworking.) I think it's somewhat common. It's been around for a while very common. particularly in hub and spoke situations, where the host site needs to aggregate a lot of bandwidth from a lot of remotes. way cool also is that if your telco supports it, you can do DSL to ATM also, giving quite a bit of flexibility. I have customers who are doing FRATM ( frame relay in the remote sites, and ATM at the host ) and RLAN ( DSL at the remote sites and ATM at the host site ) I don't have any customers shooting the works myself, but a couple of my co-workers have done some pretty exciting designs mixing ATM, frame, and DSL at remote sites and high cap ATM at the host. neet! > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65013&t=64923 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuring 2621 router with G.U.I. [7:64937]
""Alan poettker"" wrote in message news:[EMAIL PROTECTED] > Hi, > Can anyone tell me where I may find specific information reguarding > cofiguring a 2600 series router with the GUI interface..(through my internet > browser). I would like to know what specific softare may be required to do > this or what settings I may need. I do have access to it throush CLI mode. > link to the Master Command Reference: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_ r/frprt1/frd1005.htm#1020067 watch the wrap at present, there is not much to it. following is the text of the web interface page. as you can see, nothing here for configuration. This is with IOS 12.1.5T10 to a 25xx router. Maybe the higher end routers have more functionality? The 3550 switches sure do! Their web interface is nice! Cisco Systems Accessing Cisco 2500 "R4" Telnet - to the router. Show interfaces - display the status of the interfaces. Show diagnostic log - display the diagnostic log. Monitor the router - HTML access to the command line interface at level 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 Connectivity test - ping the nameserver. Show tech-support - display information commonly needed by tech support. Help resources CCO at www.cisco.com - Cisco Connection Online, including the Technical Assistance Center (TAC). [EMAIL PROTECTED] - e-mail the TAC. 1-800-553-2447 or +1-408-526-7209 - phone the TAC. [EMAIL PROTECTED] - e-mail the HTML interface development group. All you need to do is issue the command "ip http server" and you're ready to rock and roll. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65009&t=64937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difficult RFPs [7:64957]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > Scott Roberts wrote: > > > > wow, I've never worked on such a large order, but the RFPs I've > > designed out > > have never been this much of a joke. it seems that the IT staff > > of this > > company had no clue what they wanted or needed and decided to > > get some free > > advice! > > > > the only similair scenario I can mention is when a small > > private school was > > looking to upgrade their network to gigabit (yet never fully > > utilized the > > old FE) and were shocked at the cost of the equipment. they > > dropped the > > whole upgrade totally at that point. > > > > I'm interested in hearing if any others have seen such a poor > > of a 'scope of > > work' put out before? > > I think it's pretty typical, although this particular customer is more > annoying than most. > > My favorite one is this, from Chuck's comments: > > 1) for any wireless response this complex, detailed site surveys are > required. there is not time to do this. > > answer: well then just do a site survey. besides, we have aerial photographs > of all of our locations posted on our web site. you can use those to > determine what you need. > > Sure, aerial photos will help a lot!? :-) They showed where all the trees were. :-> > > Priscilla > > > > > > scott > > > > ""Symon Thurlow"" wrote in message > > news:[EMAIL PROTECTED] > > > Yikes! You must have big plums to persist with a customer > > like that. > > > > > > It sounds like a disaster waiting to happen! > > > > > > Symon > > > > > > -Original Message- > > > From: The Long and Winding Road > > > [mailto:[EMAIL PROTECTED] > > > Sent: 08 March 2003 19:44 > > > To: [EMAIL PROTECTED] > > > Subject: Network Design - What Priscilla did NOT cover in her > > book: WAS > > > [7:64842] > > > > > > > > > ""Symon Thurlow"" wrote in message > > > news:[EMAIL PROTECTED] > > > > Hey Chuck, > > > > > > > > How did that big design go, the one you mentioned on the > > list a few > > > > months ago? > > > > > > > > Symon > > > > > > You mean the Never Ending Design? The Nightmare before the > > CCIE Lab? > > > > > > Here is a brief rundown. I will say in advance that as all of > > you who > > > work in the real world with real world management, real world > > customers, > > > and real world situations already know, the real work is at > > layers 8,9, > > > and 10. > > > > > > Project Summary: large organization, 2000+ employees, 10,000 > > data ports, > > > 3 dozen locations, with each location being a campus of > > several > > > buildings or several floors within buildings. The project RFP > > called for > > > a complete forklift of the existing infrastructure - routers, > > switches, > > > PBX. It also called for wireless for voice and data. The > > project goal > > > was to create a network fully capable of providing seamless > > integrated > > > services for data, voice, and video. Oh yes, there was a > > three week > > > turnaround deadline for the response, and there was no > > flexibility in > > > this. Meet the customer date or lose the opportunity. On top > > of that, as > > > is typical with most RFP's, all questions are to be submitted > > in > > > writing, and all responses go to all bidders. > > > > > > Clues that something is strange: > > > > > > 1) for any wireless response this complex, detailed site > > surveys are > > > required. there is not time to do this. > > > > > > answer: well then just do a site survey. besides, we have > > aerial > > > photographs of all of our locations posted on our web site. > > you can use > > > those to determine what you need. > > > > > > 2) you're RFP provides numbers of IDF's in each location and > > total > > > number of ports required. e.g. site X has 7 IDF's and 257 > > data ports. do > > > you have detail as to how many data ports are in each > > specific closet? > > > > > > answer: use an average, or come out here and do a site survey > > and figure > > > i
Re: General comments on Cisco Teaching [7:64833]
seeing as the CCSI number uses only 2 digits for the date field, did the program implode as Y2K came and went? ;-> -- TANSTAAFL "there ain't no such thing as a free lunch" ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > Cisco Nuts wrote: > > > > Howard, > > > > Why in the world would Cisco start at 92001 for the CCSI? Any > > particular > > reason for such a high number? > > I think CCSI uses hierarchical addressing unlike the flat addressing used > for CCIE. :-) > > Also, to answer someone else's question, I think you get to keep your number > (and use it?) indefinitely. I'm 96110, the 110th one in 1996. Must have been > a good year. > > But as Howard has said, you can't really use the number and be an active > CCSI unless you are currently employed at a Cisco Certified Learning Partner > (or employed at Cisco itself.) > > My guess is that if you were inactive for a while and then went to a new > learning partner, you would have to go through a barrage of tests again, but > probably keep your number. But I don't know for sure Maybe if the > economy ever picks up again there will be a lot of people trying to get an > answer to that question. Not looking good for now, though. > > By the way, did y'all see this excellent article about teaching in TCP > Magazine. It's called "So You Wanna Teach." The comments on the article are > worth reading too. > > http://www.tcpmag.com/linkstate/article.asp?EditorialsID=135 > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > > Now we all know for a fact why the CCIE # start at 1025? > > > > So > > > > >From: "Howard C. Berkowitz" >Reply-To: "Howard C. Berkowitz" > > >To: > > [EMAIL PROTECTED] >Subject: RE: General comments on Cisco > > Teaching > > [7:64833] >Date: Sun, 9 Mar 2003 01:04:28 GMT > > >Howard > > > >CSSI 93005 > > > > > > > > > >Howard, > >If you were a Cisco Instructor years > > ago, is it > > safe to assume the CSSI > >number started at 93000?? Just > > curios. > > > >92001, I believe. Not sure. > > >On a serious note, are you > > allowed to > > still add the cert and number > >after your name if you become > > inactive? > > > >No one ever really came up with a good set of rules. > > Recertification > > >was never as well defined as it was with CCIE and the like. I > > have no > > >problem in saying "inactive" -- the irony being that I'm > > currently on >a > > subcontract developing internal courseware for Cisco staff. > > > >Since a > > CSSI is not all that meaningful except in the context of a > > >training > > partner, the active-versus-inactive distinction isn't that > > >significant > > -- if you are doing approved Cisco training, it will be >active > > with the > > partner; if you aren't, it won't. It's not as if you >can go > > into > > business as a Cisco instructor just by having a CSSI. > > > > > > >Message > > Posted at: > > >http://www.groupstudy.com/form/read.php?f=7&i=64854&t=64833 > > >-- >FAQ, list > > archives, > > and subscription info: > > http://www.groupstudy.com/list/cisco.html >Report > > misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > Add photos to your messages with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65007&t=64833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any w2k syslog server avaiable? [7:64883]
""Richard Campbell"" wrote in message news:[EMAIL PROTECTED] > Hi.. I used to use unix syslog server to log the cisco device event. But > there is no unix box in my new company. Only w2k. May I know is there any > syslog software avaiable that I can install in W2k? check out Beverly Hills Software - www.bhs.com do a search after clicking on "downloads" there are a couple available. HTH > > Thanks > > _ > Add photos to your messages with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64884&t=64883 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Last topic for tonight - Soltie's Book [7:64882]
I've waffled on this one before. But lately I've been spending more time with Soltie ( CCIE Practical Studies, Volume 1 ) Previously, I've said the jury is still out on this one. Now that I've given Mr. Soltie his due, I am finding this is a very good book, and well worth considering when choosing CCIE prep books. In fact, if I dare say so, I am finding that Mr. Soltie is much more effective than is Mr. Caslow. Anyone else finding the same? Good night, everyone. Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64882&t=64882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question on a particular ISDN simulator [7:64814]
Thanks to the folks who responded, and who have shared a number of files. I recently purchased the ISDN package from o..p..t..s..y..s.net - consists of 2x2503 routers and the B-link-2 ISDN sim. I checked prices versus what I was seeing on the auction site, and the price seemed reasonable all things considered. ( side note - anthonypanda.com is advertising an isdn sim for a few bucks less than B..r..a.dis ) ( no I don't get anything out of saying nice things about you-know-where. I would, however, appreciate someone buying my token ring routers as advertised on the auction site so I can reduce my credit card debt :-> ) In any case, experiments have shown that using the UK format ( isdn switch basic-net3 ) I experience none of the problems that basic-ni1 cause. I look forward to the firmware upgrade so I can use basic-ni1. F***ing A, three weeks and my life is a mess... goodnight, all. -- TANSTAAFL "there ain't no such thing as a free lunch" ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > been fooling around with the B-Link 2 that a particular someone ( whose name > is not supposed to be mentioned here on this list ) sells at what seems to > be a reasonable price. > > not looking for specific answers - just a general question - ever get both B > channels to come up? just a yes or no. > > ( ISDN is not my strongest point, but when working with unfamiliar > equipment, it helps to know the high level answer so I know whether or not > to go back to the seller or hit the books a little harder. ) > > Thanks > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64881&t=64814 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router IOS Upgrade bug in 12.1 images [7:52489]
Ran into this one again on a router I recently purchased. In searching the archives for the methodology, I realized I had not documented the procedure anyplace last time I ran into this last September of so. The bug: with versions of IOS 12.0, upgrade is impossible. Copy TFTP flash fails The fix: 1) boot to rommon this is done using the password recovery process - hit control-break key a few times during the 1st 30 seconds of the boot process 2) this places you into the > prompt 3) enter the command 0x2101 ( not 0x2142, as is done during the normal password recover process ) 4) reload. this gets you to a "Router(boot)>" prompt 5) erase the flash 6) now the copy tftp flash command works. ( maybe you can skip step 5 ) 7) when done, enter config mode, and enter the command "config-reg 0x2102" 8) reload the router 9) life is good. 10) curse Cisco under your breath, but not too loudly, not in public, particularly when your lab date is close HTH Chuck -- TANSTAAFL "there ain't no such thing as a free lunch" ""Chuck's Long Road"" wrote in message news:[EMAIL PROTECTED] > painful process. > > I'm more concerned that a technique that I've used successfully many times > on these routers suddenly stops working. This is a "by the book" technique > that I haven't had problems with before, and is supposed to work. > > Given that I have better things to do ( going to the config(boot) mode and > working through is pretty time consuming ) > The fact that neither RSL or the manual process works correctly tells me > this might have more serious ramifications > > So thanks for the suggestions. this one does work. But I think I'll make > Cisco take some responsibility here. Folks will be back to work Tuesday and > I'll get the inform I need to pursue this ticket. > > Chuck > -- > > www.chuckslongroad.info > > still a work in progress, > but on line for your enjoyment > > z > ""Dan Penn"" wrote in message > news:[EMAIL PROTECTED] > > Did you try booting directly to rommon and erasing the flash manually > > first? > > > > Dan > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Chuck's Long Road > > Sent: Sunday, September 01, 2002 2:01 PM > > To: [EMAIL PROTECTED] > > Subject: Router IOS Upgrade bug in 12.1 images [7:52489] > > > > I've done this before, and it's not like it's real tough, but. > > > > I am trying to upgrade my IOS images. Neither the Router Software > > Loader, > > not the good old copy tftp: flash: is working. > > > > RSL gives me some odd message > > > > the copy function never asks if I want to erase the current image on the > > flash - it just starts to copy, then stops, with a message that there is > > not > > enough rook on the destination device. > > > > sample output of my process: > > > > Router_7#copy tftp flash: > > NOTICE > > Flash load helper v1.0 > > This process will accept the copy options and then terminate > > the current system image to use the ROM based image for the copy. > > Routing functionality will not be available during that time. > > If you are logged in via telnet, this connection will terminate. > > Users with console access can see the results of the copy operation. > > > > Proceed? [confirm] > > Address or name of remote host []? 192.168.1.49 > > Source filename []? c2500-js56i-l.121-5.T10.bin > > Destination filename [c2500-js56i-l.121-5.T10.bin]? > > > > %FR-5-DLCICHANGE: Interface Serial0 - DLCI 201 state changed to DELETED > > %FR-5-DLCICHANGE: Interface Serial0 - DLCI 202 state changed to DELETED > > %FLH: c2500-js56i-l.121-5.T10.bin from 192.168.1.49 to flash ... > > > > System flash directory: > > File Length Name/status > > 1 16294768 c2500-jos56i-l.121-11.bin > > [16294832 bytes used, 482384 available, 16777216 total] > > Accessing file 'c2500-js56i-l.121-5.T10.bin' on 192.168.1.49... > > Loading c2500-js56i-l.from 192.168.1.49 (via Ethernet0): ! [OK] > > > > %Error: Image size exceeds free space > > %FLH: Flash download failed > > F3: 16002988+291748+1049272 at 0x360 > > > > As you can see - no asking to erase. I suspect this is a problem with > > the > > particular image. I had no problem upgrading a different router with a > > different image. Unfortunately, just about all my routers have this > > identical image in place. > > > > Anyone seen this? got a fix? > > > > CCO searches have not been regarding. TAC won't talk to me even though I > > work for a major partner. Apparently my management made some procedural > > changes, and I can't locate anyone internally who can help me out. They > > apparently have lives :-> > > > > > > thanks much > > -- > > > > www.chuckslongroad.info > > > > still a work in progress, > > but on line for your enjoyment Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64880&t=52489 -- FAQ, list archive
PING BIFF TERRIFIC: Re: Question on a particular ISDN simulator [7:64873]
hey, BT, can you contact me off line please. I have a question regarding the firmware versions. thanks. chuck -- TANSTAAFL "there ain't no such thing as a free lunch" ""Biff Terrific"" wrote in message news:[EMAIL PROTECTED] > I used to have those problems only with basic-ni; I upgraded the firmware. > It still has the ocasional hiccup but overall it is good now. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64873&t=64873 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I see Cisco still hasn't fixed that bug [7:64813]
""Henry D."" wrote in message news:[EMAIL PROTECTED] > Chuck, you might want to read up on classful properties of > this command...here's a tip: Thanks, but I have read the documentation, and I know how it works. The "bug" I refer to is the inability to remove what the IOS automatically puts into the running config when you do what I have described below. It takes a router reload before the negation command will function correctly. Just an observation. > > http://www.cisco.com/en/US/customer/tech/tk648/tk365/technologies_tech_note0 > 9186a0080094374.shtml#ipnetwork > > > > ""The Long and Winding Road"" wrote in > message news:[EMAIL PROTECTED] > > you know the one. you're working with subnets of a classful network. let's > > say 10.0.0.0. you enter the command ip default-network 10.1.1.0 and what > > shows up in the running config is ip route 10.0.0.0 255.0.0.0 10.1.1.0. > > > > Then try as you might, the command no ip route 10.0.0.0 255.0.0.0 10.1.1.0 > > does not work. The error message states there is no matching route. Have > to > > reload before you can get the command to take. > > > > This one has been the bane of many a poor CCIE Lab candidate. Maybe that's > > why Cisco leaves it in there. > > > > -- > > TANSTAAFL > > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64870&t=64813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Natting with a CISCO 1601R [7:64757]
I presume that's 12.2.21a plus image? from software adviser- all images that support NAT. the numbers below each image name is the dram and flash required. these are minimums. I concur with the other writer - more DRAM IP PLUS 40 c1600-sy40-mz.12.0-21a 10 4 IP PLUS 56 c1600-sy56-mz.12.0-21a 10 4 IP PLUS IPSEC 56 c1600-sy56i-mz.12.0-21a 12 4 IP PLUS c1600-sy-mz.12.0-21a 10 4 IP/FW PLUS IPSEC 56 c1600-osy56i-mz.12.0-21a 12 4 IP/FW c1600-oy-mz.12.0-21a 8 4 IP/IPX/AT/IBM PLUS c1600-bnr2sy-mz.12.0-21a 16 6 IP/IPX/AT/IBM/FW PLUS IPSEC 56 c1600-bnor2sy56i-mz.12.0-21a 16 6 IP/IPX/AT/IBM c1600-bnr2y-mz.12.0-21a 12 4 IP/IPX/FW PLUS c1600-nosy-mz.12.0-21a 10 4 IP/IPX c1600-ny-mz.12.0-21a 8 4 IP c1600-y-mz.12.0-21a 8 4 software adviser requires a customer CCO login http://www.cisco.com/cgi-bin/Support/CompNav/Index.pl -- TANSTAAFL "there ain't no such thing as a free lunch" ""Hyman, Craig"" wrote in message news:[EMAIL PROTECTED] > Scott - > > I already have 8 mb of memory. What about the IOS or the config? Should IP > PLUS handle Dynamic or Static natting? > > SRS Implementation Team > SRS Tier 2 > Pager# 1-888-860-5913 > Virtual Office# 303-604-0037 > SUN Office# 303-272-2661 > > > -Original Message- > From: Scott Roberts [mailto:[EMAIL PROTECTED] > Sent: Friday, March 07, 2003 1:30 PM > To: [EMAIL PROTECTED] > Subject: Re: Dynamic Natting with a CISCO 1601R [7:64757] > > > try putting more memory in, the max i think is 24, but default is like 12. > ios 12.0 requires 8MB, so you're only really working with 4MB. > > scott > > ""Hyman, Craig"" wrote in message > news:[EMAIL PROTECTED] > > ALL- > > > > I am having a problem with Dynamic Natting using a 1601R router over Frame > > Relay. Every time I set it up to use over 60 addresses the router hangs or > > reboots. > > > > I am using IOS 120221a IP PLUS > > I am being told by CISCO that this IOS is not specifically used for any > form > > of natting. What do I do if I need to use Dynamic or PAT NAT Mapping? > > > > Any help would be well appreciated? > > > > Thanks in Advance > > > > SRS Implementation Team > > SRS Tier 2 > > Pager# 1-888-860-5913 > > Virtual Office# 303-604-0037 > > SUN Office# 303-272-2661 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64863&t=64757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Telephony [7:64847]
""Nate"" wrote in message news:[EMAIL PROTECTED] > Guys, > >I'm thinking of recommending IP Telephony for our company. I have > limited knowledge on the subject and I was wondering if any of you are > experts (or fraction thereof) that could help me make out a project plan for > this. Any comments would be appreciated. Is there a business case to be made? Do you have PBX's for example, whose leases are going to be up? Will you save money? What is your current infrastructure? Will it support VoIP? Are there features your users have now via the PBX that are not available on Call Manager? Will you save money on your voice trunking? How about your WAN - is it sufficient to support voice and QoS requirements? Will your routers support QoS and voice compression/decompression? Are there applications available via IP phones that will provide better productivity and hence more profit for the company? Does your company have the staff on hand to support IP telephony, especially on top of the other work they do? Hey, I think VoIP is as kewl as any other geek out there. But I wore a white shirt and tie for a long time. Masters degree class 101 taught me lesson number one - what is the business case? What is the ROI? What is the discounted net present value of future cash flows? Not that management listens to us geeks anyway... :-> > > Thanks in advance, > > -Nate Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64860&t=64847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Back to DV vs LS - WASRe: Dogs and Cats, Re: OT Re: EIGRP for [7:64843]
""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > Wow. Good thing Paul didn't really bring down Group Study and make it so we > couldn't have this important discussion! :-) He said it would be down for > maintenance, but I didn't notice any downtime, (not that I spent the whole > night checking!) Thank-you Paul, either way, for all the work you do to let > us participate in these conversations. mega dittos > > Seriously, have you ever noticed that some people see similarities in two > things and jump to the conclustion that the two things are the same or can > be put in the same category? We see that a lot of that on this list I > guess it's because there's not enough info on how to categorize stuff like > DV versus LS protocols. first of all, we all like clear distinctions. something is either this or that. ever notice there are two kinds of people: the kind who believe there are two kinds of people, and the kind who do not? ;-> secondly, all of us who are not experts tend to fall back to cliches and authoritative texts for our answers. we see this regularly in the OSI versus Cisco's version of OSI, and we certainly see it in Cisco's characterization of EIGRP and a"hybrid" protocol > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64843&t=64843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Design - What Priscilla did NOT cover in her book: WAS [7:64842]
""Symon Thurlow"" wrote in message news:[EMAIL PROTECTED] > Hey Chuck, > > How did that big design go, the one you mentioned on the list a few > months ago? > > Symon You mean the Never Ending Design? The Nightmare before the CCIE Lab? Here is a brief rundown. I will say in advance that as all of you who work in the real world with real world management, real world customers, and real world situations already know, the real work is at layers 8,9, and 10. Project Summary: large organization, 2000+ employees, 10,000 data ports, 3 dozen locations, with each location being a campus of several buildings or several floors within buildings. The project RFP called for a complete forklift of the existing infrastructure - routers, switches, PBX. It also called for wireless for voice and data. The project goal was to create a network fully capable of providing seamless integrated services for data, voice, and video. Oh yes, there was a three week turnaround deadline for the response, and there was no flexibility in this. Meet the customer date or lose the opportunity. On top of that, as is typical with most RFP's, all questions are to be submitted in writing, and all responses go to all bidders. Clues that something is strange: 1) for any wireless response this complex, detailed site surveys are required. there is not time to do this. answer: well then just do a site survey. besides, we have aerial photographs of all of our locations posted on our web site. you can use those to determine what you need. 2) you're RFP provides numbers of IDF's in each location and total number of ports required. e.g. site X has 7 IDF's and 257 data ports. do you have detail as to how many data ports are in each specific closet? answer: use an average, or come out here and do a site survey and figure it out for yourself. 3) you're RFP calls for L3 switching in each and every closet. Is this necessary, given that there is only a single ingress/egress, and that all sites are hub and spoke? plus L3 is more expensive, and I'm not sure there is anything to gain. answer: we want L3 everywhere. are you saying your ( Cisco ) equipment does not do L3? Customer: oh by the way, we will be opening a new location sometime in the next 18 months. I want you to include that location in this response. 4) how many closets? how many phones? how many data ports? answer: just take locations a,b, and c, and average those out to get the numbers. These were the major things, and should give you a pretty good idea of the upper layer issues. Well, I work my ass off to meet the deadlines. We and a couple of other vendors respond. The presentation meeting takes place with all vendors in the same room at the same time. Oh joy, but at least we can see eachothers' hands. All vendors come back with total cost in the 8-9 million range. Now the customer reveals that his budget is 5 million. This is something that was asked, and which the customer refused to discuss previously. I should add that as this is a non profit organization, and some of the funding is from grant money with particular restrictions, this is not as straightforward in terms of budget as might first appear. The grants will pay for some types of equipment and services, but not others. The 5 mil is for a "complete package" including data circuits, all equipment, and all services. so subtract the total 5 year cost of data circuits from that 5 mil. divvy up what's left between what the grants will buy and what the customer himself will buy. OK, so now we have to scramble. The customer finally gets a clue that things cost money, and the more you want, the more you have to pay. So - trim your proposals, and get back with just what is required for end to end voice over IP plus new WAN equipment. No wireless. No new switches other than those needed to directly support the IP telephones. back to the drawing board. All non-phone switches are out. all wireless is out. next big problem. the customer RFP states specifically that there are numbers of site with poor wiring, and inadequate equipment. There are express concerns with the ability of existing infrastructures to handle existing loads, let alone adding unified messaging to the mix. we suggest using a voicemail only solution. the customer goes into apoplexy. my network is my business, not yours. well, what if performance suffers and you end up with unhappy and complaining users. well that's my responsibility and none of your business. OK. we all know what's gonna happen, but ok. In the mean time, one of my fellow workers is doing physical site surveys. Among the things he discovers is an additional 21 data closets that the customer was unaware of. the numbers of data closets as expressed in the RFP is wrong. Many sites have one or two fewer. Other sites have as many as 6 or 7 more. scramble again to change the design to reflect this.all the time under this damn budget restriction. The customer will not hear of doing this over a cou
Off Topic - some router equipment available [7:64815]
This is a notice of equipment available on that well known auction site. Ignore if you are not interested in acquiring routers for your study. package of three 2502 token rings routers, with 16/16, IOS 12.1.5, 2 each of serial cables, TR media filters, and TR MAU's great way to start out your CCNA/CCNP hands on studies. if interested check out you-know-where. sorry to have bothered those not interested. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64815&t=64815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question on a particular ISDN simulator [7:64814]
been fooling around with the B-Link 2 that a particular someone ( whose name is not supposed to be mentioned here on this list ) sells at what seems to be a reasonable price. not looking for specific answers - just a general question - ever get both B channels to come up? just a yes or no. ( ISDN is not my strongest point, but when working with unfamiliar equipment, it helps to know the high level answer so I know whether or not to go back to the seller or hit the books a little harder. ) Thanks -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64814&t=64814 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I see Cisco still hasn't fixed that bug [7:64813]
you know the one. you're working with subnets of a classful network. let's say 10.0.0.0. you enter the command ip default-network 10.1.1.0 and what shows up in the running config is ip route 10.0.0.0 255.0.0.0 10.1.1.0. Then try as you might, the command no ip route 10.0.0.0 255.0.0.0 10.1.1.0 does not work. The error message states there is no matching route. Have to reload before you can get the command to take. This one has been the bane of many a poor CCIE Lab candidate. Maybe that's why Cisco leaves it in there. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64813&t=64813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
""MADMAN"" wrote in message news:[EMAIL PROTECTED] > I agree 100%, it is ENHANCED, read glorified, IGRP. the REAL question is "which is better, EIGRP or L3 switching?" ;-> > >Dave > > John Neiberger wrote: > > This really isn't the case. EIGRP is purely distance vector. In no way > > does it behave like a link state protocol. It establishes neighbor > > relationships and it uses hellos, as do OSPF and IS-IS, but those have > > nothing whatsoever to do with whether protocol is DV or LS. Some people > > get hung up on the complex metric, but who says DV protocols have to use > > only hop count? > > > > The actual operation of EIGRP is DV. There are no LS components to > > EIGRP. > > > > Regards, > > John > > > > > "Scott Terminiello" 3/7/03 8:28:00 > >>> > > AM >>> > > EIGRP is a hybrid. It can be said that it is a distance vector > > routing > > protocol that acts like a link state routing protocol. > > > > Scott > > - Original Message - > > From: "Johan Bornman" > > To: > > Sent: Friday, March 07, 2003 7:11 AM > > Subject: EIGRP for CCIE Written [7:64707] > > > > > > > >>Is EIGRP a Hybrid or Distance Vector protocol? > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > I would rather have a German division in front of me than a French one > behind me." > --- General George S. Patton Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64775&t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: network design [7:64422]
""Scott Roberts"" wrote in message news:[EMAIL PROTECTED] > I guess I'm the only one with the problem of that many then. I'll take your > words for it that it works OK, but I still keep thinking back to that one > study (don't recall its name), and can't help but think effiecency would go > by some noticeable degree. anybody can through switch and hubs around, > we're supposed to do it right, not just "to get by". > > I mean if 700 is ok, then why not 1000? at some point you have to agree > there is going to be a performance hit. hasn't any manufacturor thought to > retest this performance issue with the newer equipment? to bring a bit of real world into this, I am working with a couple of large organizations, for projects that involve good sized campus switched networks. Several of my coworkers are involved in similar projects. We are finding places where there may well be a couple thousand ddevices in a single broadcast domain. The IT folks in these orgs do know that sometimes there are problems. However, most also say that in general, they don't have a great deal of problems. an apocryhal story, but a couple of years back I interviewed with a large bank in this area. They were looking for detailed sniffer experience ( which I did not have ) because, they said, they had as many as 1000 stations on a segment, and whenever there were network performance issues, they sniffed like crazy, swapped out any nic that they considered "over the edge" and in general did everything they could to limit things that might adversely effect the ability of their users to do what they had to do, much of which was to get wire ( money ) transfers completed quickly and accurately. I worked in brokerage a few years. In that business, broadcast IS the business. About 200 stations in a shared hub domain was too much. Moving folks to 24 stations on a hub, with the hubs connected to switch ports, was quite effective. in terms of reduction of performance complaints. I would never do it this way these days. As for the manufacturers, all they care about is selling equipment, so of course they are going to promote thresholds which support the selling of more equipment. > > scott > > ""Priscilla Oppenheimer"" wrote in message > news:[EMAIL PROTECTED] > > Great answer Chuck. It sounds like you figured out his/her basic needs, > > though we would need more detail to provide a detailed design, of course, > > and payment for design services. :-) Well, actually your idea of asking a > > vendor to do an RFP might mean a free design (that would be biased toward > > the vendor, of course, but still a good start.) > > > > I'm not in disagreement that today 700 nodes in one broadcast domain might > > be OK. In other words, I would probably recommend no VLANs as a start. > VLANs > > complicate matters. If the network admins are somewhat new to networking, > > they should avoid VLANs to start. > > > > The reason 700 nodes in one broadcast domain could work is because NICs > and > > CPUs are really not bothered by broadcasts like they were in the > mid-1990s. > > They are much fast, have better buffers, etc. Some would argue they never > > were affected as much as Cisco claimed! > > > > I help out once in a while on a city-wide school network with that many > > nodes in one broadcast domain. It has all the risk factors: > > > > Lots of AppleTalk traffic > > Lots of Novell traffic > > Lots of NetBIOS traffic > > Lots of IP traffic > > Ancient PCs with slow CPUs > > > > There are no performance issues. > > > > Priscilla > > > > The Long and Winding Road wrote: > > > > > > ""ferry ferry"" wrote in message > > > news:[EMAIL PROTECTED] > > > > I need a scheme of network.It need seven hundreds > > > points.please give me > > > some > > > > advice on how to design it.It include that how to select > > > network > > > > product,product configuration.They are seted in a building.It > > > have twenty > > > > layers. > > > > > > > > > Let's see if I understand you correctly. > > > > > > A company is located in a multistory building. There are 700 > > > users spread > > > out among 20 floors. So on average there are 35 users per floor. > > > > > > I'm going to assume a single data center with your servers and > > > internet > > > connection. > > > > > > Got fiber running from your data center to the various floors? > > > How is this > > > struc
Re: EIGRP for CCIE Written [7:64707]
""John Hutchison"" wrote in message news:[EMAIL PROTECTED] > My netacad states: > > "Technically, EIGRP is an advanced distance-vector routing protocol that > relies on features commonly associated with link-state protocols" > in none of the Cisco exams I have ever taken has there ever been the more appropriate answer of "it depends" :-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64745&t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
""Peter van Oene"" wrote in message news:[EMAIL PROTECTED] > At 12:11 PM 3/7/2003 +, Johan Bornman wrote: > >Is EIGRP a Hybrid or Distance Vector protocol? > > Cisco calls it Hybrid. It looks pretty distance vector to me though. in what way? the hop count is pretty well hidden in the dark interior of the code. all those cost numbers, the ( also somewhat hidden ) topology table, and the ( somewaht hidden ) successor table certainly give it the appearance of link state. Chuck who considers all this stuff a kind of magic >A hello mechanism and adjacencies does not a link state one make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64728&t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
""MADMAN"" wrote in message news:[EMAIL PROTECTED] > speaking of NDA... if this is a question directly off the CCIE written it deserves to be revealed and publicly ridiculed :-> > >Dave > > Reza wrote: > > Hybrid. > > > > > > ""Johan Bornman"" wrote in message > > news:[EMAIL PROTECTED] > > > >>Is EIGRP a Hybrid or Distance Vector protocol? > -- > David Madland > CCIE# 2016 > Sr. Network Engineer > Qwest Communications > 612-664-3367 > > I would rather have a German division in front of me than a French one > behind me." > --- General George S. Patton Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64727&t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
""Johan Bornman"" wrote in message news:[EMAIL PROTECTED] > Is EIGRP a Hybrid or Distance Vector protocol? > Yes. Cisco docs call it a "hybrid" protocol because it combines some link state features, yet also has hop count ( distance ) limitations. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64717&t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New Voice CCIE [7:64620]
""DAve Diaz"" wrote in message news:[EMAIL PROTECTED] > how are you supposed to prepare for this buty all that equipment no thanks > there would be a distinct advantage to substantial hands on experience. maybe this marks the start of the trend away from the "paper" ( some use the term "lab rat" ) CCIE's of the last couple of years? > > > > > >From: "Maurizio Moroni" > >Reply-To: "Maurizio Moroni" > >To: [EMAIL PROTECTED] > >Subject: New Voice CCIE [7:64620] > >Date: Thu, 6 Mar 2003 16:12:11 GMT > > > >Hi Group, > > > >I would like to know what's your take on the new CCIE Voice Certification > >Track > >(http://www.cisco.com/warp/customer/625/ccie/ccie_program/whatsnew.html) > > > >Regards, > >Maurizio > _ > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. > http://join.msn.com/?page=features/virus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64675&t=64620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: it started out as a really good idea ... [7:64638]
""garrett allen"" wrote in message news:[EMAIL PROTECTED] > i have a need for a high availability solution for a default gateway > configuration. just finished the ccdp and thought it might be > interesting to try hsrp on a pair of 2514's. put some of that theory > to work. instead of highly resiliant i've managed to configure it for > mass failure. arg.., not exactly what i had in mind. now, any time i > take down 1 of the 4 links, the connect between 2 remote hosts dies. > this is in a lab (production is not a lab, production is not a lab...) > so it is a mystery i would like to solve, but it is not critical. > > here is the basic config (hope it makes it): > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > | | > |- e0 router 2, e1 | > > the routers act as a default gateway between the internal network > (represented by pc host 1) and the external world (represented by pc > host 2). i have used 10.3 and 10.4 /16 as the addresses for each side > of the divide. i want to run hsrp on both sets of router interfaces so > that in the event a router or an interface fails, the traffic impact is > minimized. in the real world pc host 2 will be a firewall and there > will be other hosts off that segment as well > > looks easy. sounds plausible. read the cisco docs. looks like it > should work. minimal incantations before tickling the keyboard. key > in the configs and it fires up nicely. do the show standby thingee and > all looks cool. can ping the 2 stations end to end. most excellent. > put a router in debug mode. when i pull one of the 4 router cables the > router goes through a state change but no bits make it to the far end. > not even the shiney ones. bitstream courtesy of ping. > > maybe i misunderstood what hsrp was suppose to do. the configs are > below, along with the show standby results. both are 2514's (2 aui's) > and both are running 12.2(1d). probably forgot to put the interface in > mumble mode or something equally easy. no laughter, please. HSRP assumes the ehternet interfaces to be on the same subnet. your ehternet side is on two different subnets. hence - no failover. to get this to work using 2514's: E0--2514_1---E1 E0--2514_2---E1 the e0's on the same subnet, the e1's on the same subnet > > thanks in advance. > > router 1 > interface Ethernet0 > ip address 10.3.255.2 255.255.0.0 > no ip route-cache > no ip mroute-cache > standby 1 priority 200 preempt > standby 1 ip 10.3.0.2 > ! > interface Ethernet1 > ip address 10.4.254.2 255.255.0.0 > no ip route-cache > no ip mroute-cache > standby 2 priority 200 preempt > standby 2 ip 10.4.254.10 > > > router 2 > interface Ethernet0 > ip address 10.3.255.1 255.255.0.0 > no ip route-cache > no ip mroute-cache > standby 1 priority 225 preempt > standby 1 ip 10.3.0.2 > ! > interface Ethernet1 > ip address 10.4.254.1 255.255.0.0 > no ip route-cache > no ip mroute-cache > standby 2 priority 150 preempt > standby 2 ip 10.4.254.10 > > results of show standby > Router1#show standby > Ethernet0 - Group 1 > Local state is Standby, priority 200, may preempt > Hellotime 3 holdtime 10 > Next hello sent in 00:00:00.940 > Hot standby IP address is 10.3.0.2 configured > Active router is 10.3.255.1 expires in 00:00:09, priority 225 > Standby router is local > 20 state changes, last state change 00:22:34 > Ethernet1 - Group 2 > Local state is Active, priority 200, may preempt > Hellotime 3 holdtime 10 > Next hello sent in 00:00:01.676 > Hot standby IP address is 10.4.254.10 configured > Active router is local > Standby router is 10.4.254.1 expires in 00:00:08 > Standby virtual mac address is .0c07.ac02 > 17 state changes, last state change 00:23:26 > Router1# > > Router2#show standby > Ethernet0 - Group 1 > Local state is Active, priority 225, may preempt > Hellotime 3 holdtime 10 > Next hello sent in 00:00:01.010 > Hot standby IP address is 10.3.0.2 configured > Active router is local > Standby router is 10.3.255.2 expires in 00:00:09 > Standby virtual mac address is .0c07.ac01 > 24 state changes, last state change 00:22:04 > Ethernet1 - Group 2 > Local state is Standby, priority 150, may preempt > Hellotime 3 holdtime 10 > Next hello sent in 00:00:01.272 > Hot standby IP address is 10.4.254.10 configured > Active router is 10.4.254.2 expires in 00:00:09, priority 200 > Standby router is local > 32 state changes, last state change 00:22:25 > Router2# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64660&t=64638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Memory purchase [7:64605]
""Angel Leiva"" wrote in message news:[EMAIL PROTECTED] > Here are my two favorite WEB based Cisco router memory dealers: > > http://www.memoryx.net/routers.html > > http://www.kg2.com/memory-2500-series.html I've had good results from both of these places, and they are good choices. Another that you might want to check is www.anthonypanda.com hong kong based, but cheap ( if a bit slow ) shipping > > Hth, > > Angel > > Angel Leiva, EE, CCNP R&S + WAN, MCSE > Senior Network System Consultant > International Network Services > Irving, TX 75038 > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, March 06, 2003 8:29 AM > To: [EMAIL PROTECTED] > Subject: Memory purchase [7:64605] > > Where can I find flash memory for 2500 series routers? > > Thanks in advance. > MF Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64631&t=64605 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New Voice CCIE [7:64620]
""Skarphedinsson Arni V."" wrote in message news:[EMAIL PROTECTED] > I would say it sound very intresting, sepcialy for those that have call > manager / voice experince. > I wonder how much routing it has, for example, I doubt you have to configure > BGP on this one, or what do you think ? OTOH, bet you'd have QoS up the wazoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64630&t=64620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
""fred barreras"" wrote in message news:[EMAIL PROTECTED] > CiscoPress book for CCNP routing is very specific on changing hello setting > and having dead/interval setting changing automatically. just like the documentation. a couple of IOS releases ago, the trick question used to be, how do you change the hello timer without using the ip ospf hello command. but alas, in the more current IOS releases, changing the dead timer does not automatically change the hello, rendering a number of CCIE practice labs obsolete. >I would have given > the answer and said where I found it. What some people are suggesting is > that when anybody posts a question the answer should be, "buy my book". If > people do not to want help other people out, or at least point them in the > right direction, then what is the point of groupstudy? good question. seriously. let's look at it another way "Tell me the answer" or "I was reading this book, or doing this practice lab and this point came up. I re-read the materials but I'm missing it. Where can I find the answer?" that's why I posted the link to the page on CCO where the appropriate comands are found. it is also why I suggested that a good habit to get into is to use the doc page first. >Just like any other > sire, this one is also not perfect. I guess I just have to learn whose > threads to bypass and not read at all. Just curious. nilesh bothra wrote: well, the list may not be perfect, but most of us on it are. :-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64609&t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Many Vlans [7:64569]
""Ron"" wrote in message news:[EMAIL PROTECTED] > I have need to put public access machines on the same pipe as my private > network. I also have need for each of the public machines not to talk to > each other. Is there a way to keep all ports connected to public machines > from talking to each other except for one port connected to a printer and > one port connected to a router going to the Internet? Maybe all separate > Vlans? All of my private machines can talk to each other, but not the > public machines, and will be going over the same Internet pipe. I will > probably be using Cisco 3550-48-EMI switches. Can anyone get me an easy way > to do this one? I knew I recalled reading something like this the other day. Check out the "protected ports" feature and see if this is what you are looking for: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/s wtrafc.htm#xtocid6 watch the wrap Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64614&t=64569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "Extra" IP addresses for VLANs? [7:64570]
""Mossburg, Geoff (MAN-Corporate)"" wrote in message news:[EMAIL PROTECTED] > I'm full of questions tonight... > My company's Catalyst 6509's MSFC has VLANs configured with IP addresses in > the x.x.x.1 format, but I've noticed that I can telnet to the MSFC by > substituting x.x.x.0 or x.x.x.255 for any of the VLAN addresses. Is this > normal??? It seems to me like it may be a security risk, but I really don't > know enough about VLANs to be sure. Any ideas? this might seem like a dumb question, but are there vlans or even hosts with the paticular address? in a subnet with a prefix shorter than /24, the 0 or the 255 might be a legitimate host address. could be a bug too, but I'd want to know the prefix length and more detail. > Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64612&t=64570 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cheap Domain Name register? [7:64557]
""Wes Stevens"" wrote in message news:[EMAIL PROTECTED] > Any advice on a cheap and good domain name register? I am > tired of paying out the nose for register.com. I find it hard to believe you are not receiving at least three spam messages a day from alternative registrars. I'm sending you some names off line - recovered from my spam blocker Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64560&t=64557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router 2500 series crashed in BGP!!! [7:64554]
""Xy Hien Le"" wrote in message news:[EMAIL PROTECTED] > Hi, > I have experienced the Cisco 25xx routers crashed many time when configuring > BGP with the 26xx and 36xx routers, connected in a lab environment; most of > time happened when I do the "clear ip bgp *" command. > Does anyone have the same problem? The 25xx routers have 16RAM and 16 FLASH > installed. > Any suggestion to fix this problem is very much appreciated. there is a known bug with IOS versions lower than 12.1. Thids bug manifests itself when you do a bgp default-information originate command under the BGP process. Casues the router to reload. Real pain, especially when you are as fast with the write mem as I am. :-> I have not experienced an issue related to the "clear ip bgp *" command, but that doesn't mean there isn't one. Which IOS version you using? Which image? > > Thanks, > Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64559&t=64554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Has anyone used this ? [7:64532]
""jeffrey schwartz"" wrote in message news:[EMAIL PROTECTED] > I thought I posted this before but I guess not. I am preparing for CCIE > written then the lab and was wondering if anyone has used these guys > http://www.amilabs.com before I invest any money? The price seems decent for > a starter before I go to ccbootcamp labs etc. > > Any info would be helpful... personally, I wouldn't do busness with anyone whose web site is 120 columns wide. Having to scroll right and left to read the pages irritates me to no end. yeah I could do that, but then these old eyes wouldn't be able to read the damn thing. before commiting, you may want to do a google search on CCIE rack rental ( no quotes - just these three words ), and see what you come up with. Also, check out e-bay, where lots of rack rentals are being auctioned at pretty reasonable prices. best wishes in your studies > > Thanks... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64552&t=64532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - just screwing around and what do I [7:64454]
""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > The only protocol for routing is eigrp... > Looks like split horizon is on to me... sure, but the interface report serves a different purpose. The only routing protocols that honor split horizon are IGRP and RIP. BGP, OSPF and EIGRP use topology tables of one kind or another ( stop steaming at the ears, Howard :-> ) it is highly feasible that any of these latter protocols would need to advertise routes back out the interface from which they were learned. Eg DR, BDR, etc. BGP neighbor, etc. > > GigabitEthernet1/1 is up, line protocol is up > Internet address is 171.71.243.34/30 > Broadcast address is 255.255.255.255 > Address determined by non-volatile memory > MTU is 1500 bytes > Helper address is not set > Directed broadcast forwarding is disabled > Outgoing access list is not set > Inbound access list is not set > Proxy ARP is enabled > Local Proxy ARP is disabled > Security level is default > Split horizon is enabled > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: Troy Leliard > To: [EMAIL PROTECTED] > Sent: Wednesday, March 05, 2003 4:57 AM > Subject: Re: Off Topic - just screwing around and what do I [7:64454] > > > Split Horizon for EIGRP ... dont think so. !!! > > Larry Letterman wrote: > > > > r3 sends to r2, then r2 sends back to r3.. > > you sure about that...split horizon should be enabled for > > eigrp and igrp..and igrp and eigrp will work together in the > > same as number..not sure about different as #'s > > > > Larry Letterman > > Network Engineer > > Cisco Systems > > > > > > - Original Message - > > From: The Long and Winding Road > > To: [EMAIL PROTECTED] > > Sent: Tuesday, March 04, 2003 11:04 PM > > Subject: Off Topic - just screwing around and what do I see? > > [7:64449] > > > > > > three routers in a circle. but that's irrelevant. > > > > inbound from r3---r1--r2-r3->back to r1 > > > > > > I have IGRP between two of the routers. I have loopback on > > each of the two > > routers -- 222.222.222.x/32 > > > > watching the 222.222.222.0/24 subnet advertisement. R2 sends > > it to R3 and > > R3 > > sends it to R2 > > > > ??? > > > > wait a minute - since when does EIGRP automatically > > redistribute into IGRP, > > even when the AS numbers are DIFFERENT > > > > router eigrp 200 > >passive-interface default > >no passive-interface Serial1 > >network 199.35.1.0 > >network 222.222.222.0 > >no auto-summary > >no eigrp log-neighbor-changes > > ! > > router igrp 100 > >passive-interface default > >no passive-interface Serial0 > >network 199.34.1.0 > > ! > > Router_3#sh ip route 222.222.222.0 > > Routing entry for 222.222.222.0/24, 2 known subnets > > Attached (1 connections) > > Variably subnetted with 2 masks > > Redistributing via eigrp 200 > > Advertised by igrp 100 > > > > > > > > well, at least IGRP isn't in the Lab any longer.. > > > > -- > > TANSTAAFL > > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64515&t=64454 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Password recovery without reload? [7:64453]
""oscar"" wrote in message news:[EMAIL PROTECTED] > Can I see the configuration of a Cisco router without a password recovery? > The problem is that the configuration was removed from the startup-config by > mistake and nobody remember the password and a password recovery here means > loose the configuration. > what? you don't have all your passwords printed out in large type on a sheet of paper taped to the equipment rack? what kind of operation you running there? :-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64483&t=64453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 3550 SMI or EMI [7:64442]
""Steve Wilson"" wrote in message news:[EMAIL PROTECTED] > On the 3550 devices that I have the label on the back indicates whether it > is EMI or SMI, beyond that if you can type in the command IP ROUTING it > would seem logical that it is an EMI rather than an SMI. I believe the SMI does RIP routing, so this is not necessarily proof. the label on the switch only tells what the device was when Cisco shipped. It is common practice for sellers on e-bay to up the image to EMI and sell the boxes as EMI to command a few more bucks. the sh ver will also proclaim the device as SMI, even with the EMI image loaded. I coulda sworn that there was somewhere else in the output that indicated the image type, but it doesn't surprise me that I am wrong. >Seriously though > the software revision has all the information needed, you just need to > understand what the filename means. > > Steve Wilson > Network Engineer > -Original Message- > From: John Tafasi [mailto:[EMAIL PROTECTED] > Sent: 05 March 2003 06:33 > To: [EMAIL PROTECTED] > Subject: Catalyst 3550 SMI or EMI [7:64442] > > How do I know if a catalyst 3550 is running EMI or SMI image. I tried using > show version but that gave me no clue. > > Thanks > > John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64480&t=64442 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - just screwing around and what do I see? [7:64478]
R2 loop = 222.222.222.2/32 IGRP 100 loopback is in the igrp domain R3 loop = 222.222.222.3/32 IGRP 100 EIGRP 200 loopback is in the eigrp domain R2 SHOULD be advertising 222.222.222.0/24 to R3. And it is. However, R3 is also advertising 222.222.222.0/24 to R2 Split horizon IS enable. I checked that. I watched debug traces for an hour, and was writing my post when it occurred to me that eigrp was interacting with igrp. 222.222.222.0/24 is variably subnetted, 3 subnets, 2 masks C 222.222.222.4/32 is directly connected, Loopback1001 O IA222.222.222.5/32 [110/65] via 199.45.1.5, 10:53:34, Serial1 I 222.222.222.0/24 is possibly down, routing via 199.34.1.3, Serial0 199.34.1.0/29 is subnetted, 1 subnets C 199.34.1.0 is directly connected, Serial0 199.45.1.0/27 is subnetted, 1 subnets C 199.45.1.0 is directly connected, Serial1 C199.1.1.0/24 is directly connected, TokenRing0 Router_2# 222.222.222.0/24 is variably subnetted, 2 subnets, 2 masks C 222.222.222.3/32 is directly connected, Loopback1001 I 222.222.222.0/24 [100/8976] via 199.34.1.4, 00:02:19, Serial0 199.34.1.0/29 is subnetted, 1 subnets C 199.34.1.0 is directly connected, Serial0 199.35.1.0/28 is subnetted, 1 subnets C 199.35.1.0 is directly connected, Serial1 C199.1.1.0/24 is directly connected, TokenRing0 C193.1.1.0/24 is directly connected, Loopback1 Router_3# the "possibly down" moves from router to router slowly, as the dead time expires. the "problem" as I see it, it that EIGRP and IGRP are interacting. If I remove 222.222.222.0 from the eigrp process, the problem disappears. as a matter of intellect, it could well be a split horizon type issue, in that both routers believe they are the source of 222.222.222.0 ( igrp on r2 and eigrp on r3 ) on the other hand, automatic summarization was turned off. in my mind, there is some thing happening within the code that is the cause of this problem. as I said, I thought igrp and eigrp interacted only if both were in the same AS on the same router. ""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > r3 sends to r2, then r2 sends back to r3.. > you sure about that...split horizon should be enabled for > eigrp and igrp..and igrp and eigrp will work together in the > same as number..not sure about different as #'s > > Larry Letterman > Network Engineer > Cisco Systems > > > - Original Message - > From: The Long and Winding Road > To: [EMAIL PROTECTED] > Sent: Tuesday, March 04, 2003 11:04 PM > Subject: Off Topic - just screwing around and what do I see? [7:64449] > > > three routers in a circle. but that's irrelevant. > > inbound from r3---r1--r2-r3->back to r1 > > > I have IGRP between two of the routers. I have loopback on each of the two > routers -- 222.222.222.x/32 > > watching the 222.222.222.0/24 subnet advertisement. R2 sends it to R3 and > R3 > sends it to R2 > > ??? > > wait a minute - since when does EIGRP automatically redistribute into IGRP, > even when the AS numbers are DIFFERENT > > router eigrp 200 >passive-interface default >no passive-interface Serial1 >network 199.35.1.0 >network 222.222.222.0 >no auto-summary >no eigrp log-neighbor-changes > ! > router igrp 100 >passive-interface default >no passive-interface Serial0 >network 199.34.1.0 > ! > Router_3#sh ip route 222.222.222.0 > Routing entry for 222.222.222.0/24, 2 known subnets > Attached (1 connections) > Variably subnetted with 2 masks > Redistributing via eigrp 200 > Advertised by igrp 100 > > > > well, at least IGRP isn't in the Lab any longer.. > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64478&t=64478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ??? collapsed backbone ??? [7:64467]
""Steven Aiello"" wrote in message news:[EMAIL PROTECTED] > Hello all, > >in a recent post I saw the term "collapsed backbone". I know that > the network backbone is usually a high speed connection that a server > farm sits on, and could even extend out to your IFD's. However I'm > fuzzy on the term collapsed backbone. What dose this imply. I believe the term comes out of the wiring / cabling world, and not from routing architecture. A "collapsed" backbone has all wiring closets linked back directly to the BDF / MDF a "distributed" backbone has the wiring going from closet to closet in a series > > Thank you all, > Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64473&t=64467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - just screwing around and what do I see? [7:64449]
three routers in a circle. but that's irrelevant. inbound from r3---r1--r2-r3->back to r1 I have IGRP between two of the routers. I have loopback on each of the two routers -- 222.222.222.x/32 watching the 222.222.222.0/24 subnet advertisement. R2 sends it to R3 and R3 sends it to R2 ??? wait a minute - since when does EIGRP automatically redistribute into IGRP, even when the AS numbers are DIFFERENT router eigrp 200 passive-interface default no passive-interface Serial1 network 199.35.1.0 network 222.222.222.0 no auto-summary no eigrp log-neighbor-changes ! router igrp 100 passive-interface default no passive-interface Serial0 network 199.34.1.0 ! Router_3#sh ip route 222.222.222.0 Routing entry for 222.222.222.0/24, 2 known subnets Attached (1 connections) Variably subnetted with 2 masks Redistributing via eigrp 200 Advertised by igrp 100 well, at least IGRP isn't in the Lab any longer.. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64449&t=64449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 3550 SMI or EMI [7:64442]
""John Tafasi"" wrote in message news:[EMAIL PROTECTED] > How do I know if a catalyst 3550 is running EMI or SMI image. I tried using > show version but that gave me no clue. sure? I think it's there somewhere... if nothing else, the SMI image contains an "i9" while the EMI image contains and "i5" c3550-i9q3l2-mz.121-12c.EA1.bin = smi c3550-i5q3l2-mz.121-12c.EA1.bin = emi > > Thanks > > John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64448&t=64442 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE over IPSec [7:64435]
""zino"" wrote in message news:[EMAIL PROTECTED] > Hi, > > I want know different Among the crypto access-list of gre and ip command it's morte like IPSec over a GRE tunnel, and watch the MTU if you do this. Hard and long experience :- > ex)access-list 100 per gre 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255 > access-list 100 per ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255 I'm not sure I'm understanding you. GRE is a tunnel protocol between two endpoints. interface tunnel 1 tunnel source loopback 1 tunnel destination 100.1.1.2 ip address 200.1.1.1 255.255.255.252 then add your crypto commands to enable IPSec over this tunnel your IPSec command access-list might look something like access-list 101 permit ip 121.1.1.0 0.0.0.255 122.1.1.0 0.0.0.255 this would permit hosts with a source address on the 121.1.1.0/24 subnet sending traffic to hosts on the 122.1.1.0 subnet to be permitted across the IPSec interface. am I understanding you correctly? It's late and I'm getting sleepy. :O > > -- > Thanks for Regards > > MCSE,CSE,CCNA,CCDA,CSS1,CCNP > ASE,MasterASE,CCIE Security Candidate > TEL:02-2190-5536 > C P:011-9154-1607 > Narae System Co.,Ltd > System Technical Division > Technical 4Team Section Manager Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64439&t=64435 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: network design [7:64422]
""ferry ferry"" wrote in message news:[EMAIL PROTECTED] > I need a scheme of network.It need seven hundreds points.please give me some > advice on how to design it.It include that how to select network > product,product configuration.They are seted in a building.It have twenty > layers. Let's see if I understand you correctly. A company is located in a multistory building. There are 700 users spread out among 20 floors. So on average there are 35 users per floor. I'm going to assume a single data center with your servers and internet connection. Got fiber running from your data center to the various floors? How is this structured? how far from the dataccenter to each of the floors? the answer to this will help determine if you use a collapsed backbone or if you connect your switches in series. do you have groups of users who should logically be separated from eachother. Some companies like their payroll department to be on a separate network from other departments, for example. are there some services that need to be separated and unavailable to some users? These days, 700 uses, particularly in a switched environment, is not such a large braodcast domain ( stop grinding your teeth, Priscilla ;-> ) but still, you might just want to separated out logical groups into vlans. or maybe do it by grouping a couple of florrs together into vlans. my knee jerk thought, not knowing too much about the particulars, is determine your port counts per floor, determine connectivity - fiber runs between closets, and where those runs terminate. if it's copper, you got troubles :-> determine your logical / vlan structures. who needs to see what and when. Then go through the provisioning process. Don't be afraid to call in a couple of vendors to help you. ask for proposals. If you have a vendor who works closely with you and wants to help educate you, that's your guy ( or gal, for the politically correct ) hope this helps you get started. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64429&t=64422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
