L2TF on IPSec CA, from W2K to IOS
Has anyone successfully made Windows 2000 clients connect to IOS routers with L2TP on IPSec with a CA? We're trying to make this work to a couple of 7100s without much luck. The W2K clients connect just fine to a W2K server and two routers also connect fine to each other, but the Windows machines cannot connect to the routers when using a CA. (When run with pre-shared keys, everything is fine and dandy). The Windows machines were configured according to the paper "L2TP and IPSec - Cisco IOS and Microsoft Windows 2000" by Natalie Timms, Cisco. We have tried 12.0(7)T, 12.1(2) and 12.1(2)T. The first two just doesn't work, the last one crashes the router when we attempt to connect from the Windows machine. Any thoughts are welcome, -A -- Heroes: Vint Cerf Bob Kahn, Leonard Kleinrock, Robert Metcalfe Links : http://www.hojmark.org/networking/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Hierarchical Design questions
John, ( 1 )If your wanting to connect all of your remotes that will not connect up to the same logical lan; the host will need a connection to the internet and the remotes will need the same.You will then need to setup Tunnel Interfaces which are software interfaces and then setup your own certain criteria for your tunnel mode / tunnel source / tunnel destination and then an IP Address on both ends that are in the same subnetThen you can setup static routes on the routers to forward information that they need on the host LAN to the IP Address if the Tunnel Interface on the host router.Then you can setup your gateway of last resort pointing out to the Internets IP Address... PS: You don't even have to setup a routing protocol just a routed protocol..Keep in mind that all of your static routes would have to be setup properly.. ( 2 )If your talking about the three Cisco Layers.Example would be 7200 Core 4000366036403620 Distrbution 7008001000160017002500 Access Joe Senior Systems/Network Engineer CCNA "JohnMail" [EMAIL PROTECTED] wrote in message 006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]">news:006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]... Folks: I am preparing for the CCDA and plan to write same before 31 July, 2000. I have two questions. The first one revolves around VPN. The other question deals with CISCO's Hierarchical Network Design concepts. (1) Assume that I have six simple LANs - one HQ LAN and 5 Branch LANs. Assume also that each LAN consists of one Server and 4 workstations. If I want to link these simple networks using VPN; what king of Hardware and Software would I have to buy. I would also like to compare and contrast Microsoft's VPN (which I believe is built into Win2000) and CISCO's VPN. Thanks in advance guys. (2) In this second scenario, I want to connect a router at each LAN site and make use of CISCO'S hierarchical network design principles. Can anyone explain or draw a simple diagram of what the network structure would look like at the CORE, DISTRIBUTION, and ACCESS layers. Thanks, John ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which access-list increase load the most?
That's a good point. According to some Cisco guys here at networkers, TurboACLs are even less CP intensive than static routes to null0cool Kenny - Original Message - From: "Erick" [EMAIL PROTECTED] To: "Robert Cabeca" [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, June 27, 2000 6:46 PM Subject: Re: Which access-list increase load the most? Another thing, you can use the newer TurboACL (compiled ACLs) on higher platforms. access-list compiled http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120 limit/120s/120s6/turboacl.htm --- Robert Cabeca [EMAIL PROTECTED] wrote: Just want to say that this was a great and useful response!! Rob -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Tuesday, June 27, 2000 19:51 Subject: Which access-list increase load the most? It depends (well, what did you expect??) As a general rule, you're better off putting the access list on the outgoing interface. That way you don't waste bandwidth by transmitting traffic you're just going to throw away anyway. BUT, your *first* priority is to make sure the access list does what you want. To do this, you may need to use an incoming access list instead. Example... rtrA rtrB Let's say you want to prevent telnet traffic from rtrA to rtrB. Assume for now that the link between the routers is a serial link (int S0 on both routers). You could put an outgoing access list on S0 on rtrA: rtrA: access-list 101 deny tcp any any eq 23 access-list 101 permit ip any any int s 0 access-class 101 out This will work fine (assuming my access list syntax is correct which I am making no guarantees about - I haven't checked it). You could put the same access list on rtrB as an incoming access list instead, and it would have the same effect, but your telnet traffic would cross the serial link before being dropped - generally not very efficient. OK, what if it's not a serial link, but an ethernet? Time to throw another router into the mix... rtrA rtrB | rtrC Now, putting that same outgoing access list on rtrA has a different effect to putting it as an incoming access list on rtrB. If you put the outgoing access list on rtrA, you will not be able to telnet from rtrA to rtrB *or to rtrC*. If you put it as an incoming access list on rtrB, you will not be able to telnet from rtrA to rtrB but you will be able to telnet from rtrA to rtrC. In this case, where should you put the access list? That depends completely on what you are trying to achieve with your access list. Regardless of where you are putting your access list, try to put the lines that will get the most hits near the top (again, make sure you don't change the meaning of the access list if you change the order of statements). The lines of an access list are checked in order, and once a match for a packet is found, the rest of the list isn't checked - so if most of your packets match the first line, rather than the last, your router will spend less time checking access lists. Here endeth the chapter :-) JMcL -- Forwarded by Jenny Mcleod/NSO/CSDA on 27/06/2000 16:28 --- "K.FUJIWARA" [EMAIL PROTECTED] on 26/06/2000 15:59:31 Please respond to "K.FUJIWARA" [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" [EMAIL PROTECTED] cc:(bcc: JENNY MCLEOD/NSO/CSDA) Subject: Which access-list increase load the most? Hi, all. Though the null interface is the best solution for load in the ruter CPU, which extended / standard access-list is the best to reduce the load? Extended one's result may be depends on where it will be put or the case, so where should it be configured? Destination? If you have some good examples, please show me. And then, do you know good tools or utility to monitor the routers performance on CPU or RAM in real time? Kazuyo Fujiwara MCSE/CCNA Japan Kobe ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info:
Re: AUX - Dial up
There are certain dip switch settings required on the USR. I can't remember them but they can be found on CCO. Kenny - Original Message - From: "Feliz, Edgar" [EMAIL PROTECTED] To: "Tan Choh Koon" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, June 27, 2000 9:30 PM Subject: RE: AUX - Dial up Set a speed. "speed 38400". Also configure "transport input all" . You can also try configuring the exact modem type rather then auto/discovery EF -Original Message- From: Tan Choh Koon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 11:57 PM To: [EMAIL PROTECTED] Subject: AUX - Dial up Hi, I had connected the US Robotic Sportster modem to the 1720 Aux port, but router cannot detect the modem. I had used correct cable as what manual shown. What I am not aware off ? line con 0 transport input none line aux 0 autobaud modem InOut modem autoconfigure discovery stopbits 1 flowcontrol hardware line vty 0 4 Debug confmodem : 0:03:59: TTY5: detection speed (115200) response -- 00:04:05: TTY5: detection speed (57600) response -- 00:04:10: TTY5: detection speed (38400) response -- 00:04:15: TTY5: detection speed (19200) response -- 00:04:21: TTY5: detection speed (9600) response -- 00:04:26: TTY5: detection speed (2400) response -- 00:04:32: TTY5: detection speed (1200) response -- 00:04:37: TTY5: detection speed (300) response -- 00:04:37: TTY5: No modem found ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route Summarisation, once again!
Hello Group! Could someone be kind enough to explain a dilemma that I have been facing with route summarisation? In Todd's book I found the following question: How the following networks should be summarised? 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24 a) They cant be summarised b) 172.16.1.0/24 and 172.16.2.0/23 c) 172.16.1.0/22 d) 172.16.0.0 Well I chose C. Here is my explanation: Considering third octet Binary format of 1: 0001 Considering third octet Binary format of 2: 0010 Considering third octet Binary format of 3: 0011 So the highest number of similar bits for this octet is 6 The total number of bits similar for the networks: 8+8+6=22 That summarises the network to 172.16.1.0/22 But the answer says B with the explanation: Networks must share the same high-order bits. Look at the binary values to understand more clearly. What am I missing? Regards, Ishtiaque Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AUX - Dial up
Hi, Thanks all of you for input. I had found the problems. The modems I had (US robotic Motorola Bit surf ) it had been some configuration on it. After I used terminal and issued the AtF ( factory default ) and save it it works, the router is detected my both units of modem. C.K.Tan CCNP,CCDA - Original Message - From: Kenny Sallee [EMAIL PROTECTED] To: Feliz, Edgar [EMAIL PROTECTED]; Tan Choh Koon [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 1:42 PM Subject: Re: AUX - Dial up There are certain dip switch settings required on the USR. I can't remember them but they can be found on CCO. Kenny - Original Message - From: "Feliz, Edgar" [EMAIL PROTECTED] To: "Tan Choh Koon" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, June 27, 2000 9:30 PM Subject: RE: AUX - Dial up Set a speed. "speed 38400". Also configure "transport input all" . You can also try configuring the exact modem type rather then auto/discovery EF -Original Message- From: Tan Choh Koon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 11:57 PM To: [EMAIL PROTECTED] Subject: AUX - Dial up Hi, I had connected the US Robotic Sportster modem to the 1720 Aux port, but router cannot detect the modem. I had used correct cable as what manual shown. What I am not aware off ? line con 0 transport input none line aux 0 autobaud modem InOut modem autoconfigure discovery stopbits 1 flowcontrol hardware line vty 0 4 Debug confmodem : 0:03:59: TTY5: detection speed (115200) response -- 00:04:05: TTY5: detection speed (57600) response -- 00:04:10: TTY5: detection speed (38400) response -- 00:04:15: TTY5: detection speed (19200) response -- 00:04:21: TTY5: detection speed (9600) response -- 00:04:26: TTY5: detection speed (2400) response -- 00:04:32: TTY5: detection speed (1200) response -- 00:04:37: TTY5: detection speed (300) response -- 00:04:37: TTY5: No modem found ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: #!$ lab setup problems
Brian, If you are using ADTRAN setup one of the CSU's to be the Master for timing/clocking and then let the other CSU get the timing/clocking from the Master CSU. Joe Senior Network/Systems Engineer CCNA "Brian Lodwick" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am having a rough time getting my home lab up and running, and would love to get some reccomendations on what to try next from the group. I feel like I have tried everything, but obviously I haven't, because it isn't working. Anyone care to help out? CSU/DSU#1 TXD=solid green light RXD=flashing green light RTS=solid green light CTS=solid green light DCD=flashing green light DTR=solid green light OOS=flashing red light LOS=flashing red light ERR=flashing red light TST=nothing CSU/DSU#2 DSR=nothing RTS=nothing CTS=nothing DCD=solid green light TXD=nothing RXD=solid green light TST=nothing NIS=nothing CSU/DSU#1 is set for internal clocking and #2 is set for external clocking. These are both set for synchronous 56k. The pinout noted in both instruction booklets shows pins 1 and 2 are transmit and pins 7 and 8 are receive and 3-6 are not used. I have 1 crossed to 8 and 2 crossed to 7. I also tried crossing 1 to 7 and 2 to 8 got the same thing). CSU/DSU#1 is an ADC Kentrox D-serv 56, and CSU/DSU#2 is a 56K ROUTERmate made by Cray Communications. If I turn off #2 the flashing lights stop flashing and go dark, and the LOS goes to a solid red light. I have a 2501 connected to CSU/DSU#1 and a 2502 connected to CSU/DSU#2 I just can't figure out what I am doing wrong anyone have any suggestions? I would be more than happy to give information I am not sure what else would be pertinent. Thank you in advance. Brian Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dial up usinng Asyn interface
Tan, You need to run the command show line this will give you an output of all of the vty's / tty's / con .What you need to do is then setup an Async interface with the coorresponding tty# of the AUX Port.Then you need to setup a dialer-rotary group X which you can then setup to correspond to to the interface dialer X .Then you can setup your pap / chap encapsulation dialer string And what ever else that is needed.Your then good to go. Example show line aux tty1 config mode interface aysnc 1 encap ppp dialer-rotary group 1 interface dialer1 ip address X.x.x.x X.x.x.x dialer string XXX encap ppp ppp auth chap Joe Senior Network / Systems Engineer CCNA "Tan Choh oon" [EMAIL PROTECTED] wrote in message 002901bfd42f$9ab3f6a0$[EMAIL PROTECTED]">news:002901bfd42f$9ab3f6a0$[EMAIL PROTECTED]... Hi, I had 2501 router, 1 Ethernet , 2 Syn port and 1 Aux port. I like to coonect the 56k dial up modem to serial 0 , and configure it to DDR to ISP. My question is how do i configure the serial 0 ( syn interface) to dial out ? As far as i knew only asyn serial, Aux port and syn/async serial is capable to do dial up. Can Sync serial port do dial out ?? If can please give sample config. Thanks. C.K.Tan
Re: two T1s
Also you can use floating static routes on the router for when the traffic that is defaultly going thru one T1 and fails and you want it to go thru the other T1 that's up and running.You can also load balance with EIGRP also. Joe Senior Network / Systems Engineer CCNA "Joseph J Szczepanski" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... SH - What does the current setup look like? What type of routing is currently being used? For instance, if you are running ospf, most of this is already taken care of for you. If you running static routes, you will need to do some work, but not much. Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SH Wesson Sent: Wednesday, June 21, 2000 12:08 PM To: [EMAIL PROTECTED] Subject: two T1s I'm at one location with two T1s to corporate. How can I configure these two T1s to load balance each other, provide redundancy for each other etc. For instance, if one T1 goes down, all traffic that normally goes through that T1 would now be re-routed to the other T1 which is up. Also is there a way to sort of multiplex or in Catalyst switch term port-channel, so that these two T1s can be load balancing and redundant. Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem with Caslow's mutual redistribution example - pg 423
For those who don't have the book, the problem is mutual redistibution from rip to ospf and ospf to rip. The admin distance of OSPF is lower so without any distro lists or filters, a routing loop is formed. What he is saying makes sense - you don't want to advertise a route redistributed into ospf from rip, back to rip again. That doesn't solve the problem he's talking about though. For this scenerio to work ( I think ) you need to actually do a combo of things: 1. Use a route map to deny the 172.16.1.0 /24 network from being redistro from ospf to rip 2. Set the admin distance on the redistributing routers for RIP to be lower than OSPF. This will stop the routers from preferring the OSPF routes advertised by OSPF-11 - even though as soon as the RIP route is gone, a loop will still occur. OR 3. Use a distribute list on the redistro routers in the ospf process that denies the 172.16.1.0 /24 network. I actually don't think this can be done - cuz OSPF is a link state protocol So the commands for the 3rd option mightbe something like: !!On router RIP-10 router rip network 172.16.1.0 !!On Border-1 and Border-2 router ospf 1 network link to area 0 etc... redistribute rip subnets route-map rip_in in distribute-list2 in serial0 ##possible link to ospf area 0 router rip network 172.16.2.0 ( possible link to RIP-10 ) redistribute route-map ospf_in in access-list 1 permit 172.16.1.0 255.255.255.0 access-list 2 deny 172.16.1.0 255.255.255.0 access-list 2 permit any route-map ospf_in permit 10 match address 2 route-map rip_in permit 10 match address 1 I know OSPF is a Link state protocol, so the LSDB on Border-1 and 2 will have the 172.16.1.0 network, but the route will not be installed in the routing table because of the "distribute-list 2 in serial0" Does this make sense to anyone? Will this work ( I'll lab it later - for now I'm stuck in a hotel room with no lab access ). Kenny
Re: Route Summarisation, once again!
If you chose the answer C you would have to change the network statement to 172.16.0.0 255.255.252.0. This would summarize networks 172.16.0.0, 172.16.1.0, 172.16.2.0, and 172.16.3.0. So you would summ an extra etwork( the 172.16.0.0 /24 ). The answer B then is more correct. The second statement ( 172.16.2.0/23 ) would cover only networks .2 and .3 and the first would cover .1 of course. If it were my network and it was private addressing - I would choose C. But for a test question it would be B. Kenny - Original Message - From: "Ishtiaque Mahbub" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 4:56 AM Subject: Route Summarisation, once again! Hello Group! Could someone be kind enough to explain a dilemma that I have been facing with route summarisation? In Todd's book I found the following question: How the following networks should be summarised? 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24 a) They cant be summarised b) 172.16.1.0/24 and 172.16.2.0/23 c) 172.16.1.0/22 d) 172.16.0.0 Well I chose C. Here is my explanation: Considering third octet Binary format of 1: 0001 Considering third octet Binary format of 2: 0010 Considering third octet Binary format of 3: 0011 So the highest number of similar bits for this octet is 6 The total number of bits similar for the networks: 8+8+6=22 That summarises the network to 172.16.1.0/22 But the answer says B with the explanation: Networks must share the same high-order bits. Look at the binary values to understand more clearly. What am I missing? Regards, Ishtiaque Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does the CCDA also expire?
Hey group, It was brought to my attention today by someone that the CCDA also expires on July 31st. I thought it was just the CCNA. If anyone is absolutly sure about this please respond to me ASAP because I am about to register for like July 25th if its true that it does expire. Thanks for all the help. I'll wait like 2 more hours before I officially date my test. Why won't I wait untill I get a responce? Because this stuff excites me! ;) Yee-ha...another cert, can't wait!!! ;) Thanks group, Mark Zabludovsky ~ CCNA A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN backup - Time based access lists or backup interface - help needed
Hi all. A client of mine has ISDN backup at all of their sites. A few leased line flaps during the night caused a rather large ISDN bill for the month. What I want to know is, is there a way to block the ISDN from dialling at night. The reason for this is that this is a sales office and is NOT active 24 hours. We need to have the ISDN line active from around 7am to 7pm, but there after it must NOT be able to dial. The way the backup ISDN is configured is by means of a default route out with a higher administrative distance - ip route 0.0.0.0 0.0.0.0 x.x.x.x 200. Routing process is eigrp. Are time based access lists a good option, and if so, how do I do it? OR Should I change the backup to "backup interface" and specify a longer delay before ISDN kicks in? All help appreciated Regards Andrew Larkins BCom, CCNA Usko Communications Tel: +2711 800-9300 Fax: +2711 800-9495/6/7/8/9 Cell: +2783-656-7214 Email: [EMAIL PROTECTED] OR [EMAIL PROTECTED] "This message may contain information which is confidential and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message." ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Summarisation, once again!
Hi, Comments inline. --- Ishtiaque Mahbub [EMAIL PROTECTED] wrote: Hello Group! Could someone be kind enough to explain a dilemma that I have been facing with route summarisation? In Todd's book I found the following question: How the following networks should be summarised? 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24 a) They cant be summarised b) 172.16.1.0/24 and 172.16.2.0/23 c) 172.16.1.0/22 d) 172.16.0.0 Well I chose C. Here is my explanation: 3rd octet in Binary: 1234 5678 - 172.16.1.0/24 = 0001 172.16.2.0/24 = 0010 172.16.3.0/24 = 0011 So the highest number of similar bits for this octet is 6 The total number of bits similar for the networks: 8+8+6=22 That summarises the network to 172.16.1.0/22 When summarizing, the similar bit is 1 and where the bit-boundary is common you can summarize. Remember 1=network and 0=host. In this example, 2 and 3 have a common bit-boundry on the 7th bit (8+8+7=23), so 172.16.2.0/23 for networks 172.16.2.0/24 and 172.16.3.0/24. The first network, 172.16.1.0 the 8th bit is 1 and there are no common bits with the other networks provided so can't summarize it with others. Hope this helps... keep at it. But the answer says B with the explanation: Networks must share the same high-order bits. Look at the binary values to understand more clearly. - Erick B. __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you block CDP with an access list???
Aaron/Erick, I believe that CDP uses ARPA code 0x2000 so you could try the following. access-list 200 deny 0x2000 although I don't understand why you would want to do this. It is an extremely useful tool that uses minimal b/w. Phil. --- Erick [EMAIL PROTECTED] wrote: Hi again, I tried blocking it going out the router with ACL but didn't succeed. I think this is because you can only apply MAC-address ACLs to certain objects (bridge groups, etc) and my lab setup isn't setup right to really see if this works. CDP uses 01000C-CC which is a Multicast MAC. Below is the config I thru together which wasn't working from sniffer traces I was doing on my ethernet segment. As others have said, disable CDP on the interface (no cdp enable) so the information isn't advertised. Lots of useful information can be learned from sniffing a segment and looking at CDP packet entries :) interface Ethernet0 ip address 192.168.1.2 255.255.255.0 bridge-group 1 bridge-group 1 output-address-list 701 ! access-list 701 deny .. 0100.0ccc. (I reversed this and also tried extended) --- Aaron Prather [EMAIL PROTECTED] wrote: If you can what protocol does it use? UDP? i know its a protocol in itself, but can this be done? what port number? Thanks guys, Aaron __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Local Director
There could only be one active local director on your network, and one in failover mode. Connect the failover cable between them, and also, use an Ethernet interface to establish statefull failover. The 2 local directors have to be in parallel of each other. If you have each LD connected to a different switch (on both sides of the network) then you must dual home your web servers to achieve the uptime required. -- On Mon, 26 Jun 2000 14:10:20 nitu wrote: Can somebody provide me this information: does the failover secondary local director only kick in if the primary is dead or it remains functional in parallel to the primary Local director. We have a config in which we have two LD's both feeding to seperate switch, so if one switch (connected to primary) goes down, there is no path to the web servers. Thanks in advance nitu ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --== Sent via Deja.com http://www.deja.com/ ==-- Before you buy. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial0 is up, line protocol is down!
Hello to All, If Serial0 is up, line protocol is down, then what should I check? Give me as many answers as you can. BTW what is the line protocol? is it a network protocol like ip, ipx? or is it the data link layer protocol? Omer ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you block CDP with an access list???
Chaps Why not just disable it on the interface? I have done it for security purposes in the past. Perhaps I'm missing sommat, if so, my apologies. Paul From: Phil Barker [EMAIL PROTECTED] Reply-To: Phil Barker [EMAIL PROTECTED] To: Erick [EMAIL PROTECTED], Aaron Prather [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Can you block CDP with an access list??? Date: Wed, 28 Jun 2000 08:14:43 +0100 (BST) Aaron/Erick, I believe that CDP uses ARPA code 0x2000 so you could try the following. access-list 200 deny 0x2000 although I don't understand why you would want to do this. It is an extremely useful tool that uses minimal b/w. Phil. --- Erick [EMAIL PROTECTED] wrote: Hi again, I tried blocking it going out the router with ACL but didn't succeed. I think this is because you can only apply MAC-address ACLs to certain objects (bridge groups, etc) and my lab setup isn't setup right to really see if this works. CDP uses 01000C-CC which is a Multicast MAC. Below is the config I thru together which wasn't working from sniffer traces I was doing on my ethernet segment. As others have said, disable CDP on the interface (no cdp enable) so the information isn't advertised. Lots of useful information can be learned from sniffing a segment and looking at CDP packet entries :) interface Ethernet0 ip address 192.168.1.2 255.255.255.0 bridge-group 1 bridge-group 1 output-address-list 701 ! access-list 701 deny .. 0100.0ccc. (I reversed this and also tried extended) --- Aaron Prather [EMAIL PROTECTED] wrote: If you can what protocol does it use? UDP? i know its a protocol in itself, but can this be done? what port number? Thanks guys, Aaron __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNA v1 vs CCNA v2
Just taken CCNA 2.0 this afternoon and I get 806/1000 (failed!). The question is not tough at all but rather too many choices. For instant, chose 4 correct question out of 7.. so on and so forth. So it is advisable to focus on igrp, rip, console command, isdn, vlan and switching. Read in depth of all the advantage of uses them. I think I'll attempt for another one later. Best wishes, Ryan Jorge Rodriguez [EMAIL PROTECTED] on 28-06-2000 02:49:59 AM Please respond to Jorge Rodriguez [EMAIL PROTECTED] To: Joe Lin [EMAIL PROTECTED], [EMAIL PROTECTED] cc:(bcc: Ryan Ngai Hon Kong/GHL Technologies/MY) Subject: RE: CCNA v1 vs CCNA v2 It has been said that CCNA v2 has more switching question than CCNA v1, VLAN and so forth. --Original Message-- From: Joe Lin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: June 27, 2000 6:21:00 PM GMT Subject: CCNA v1 vs CCNA v2 I am going to get my CCNA certification. Cisco's website says CCNA v2 is out.. Whats the difference between that and CCNA v1? and what books cover the CCNA v2? I am currently reading the Sybex book. Joe Lin Network Engineer 916.933.5412 x304 Electronic Freight Exchange, Corp. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Jorge Rodriguez /CCNA Network Analyst RS Networks Inc 1112 Boylston Street Suite 222 Boston, MA 02115 1-781-614-1294 http://www.netwire.n3.net/ http://www.learncisco.n3.net/ iWon.com http://www.iwon.com why wouldn't you? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Alist of good study companions
Hello all, These questions are for all people who are studying for CCNP, CCDP or CCIE. My intention is to create a list of materials ( CD-ROMs , Handbooks, Web sites, etc ) that every body should have on his desktop. These materials should serve as a quick answer to many technical questions that arise in our mind as we prepare ourself for certifications. Your contribution with the information you have will make this list a valuable resource for all. What CD-ROM you always use? What kind of information does it provide? example Univer CD by Cisco What reference or handbook do you always refer to? How did that help you? Example Router handbook What web sites are helpful in preparation for CCNP, CCDP and CCIE? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Console get disconnected
Hello to all, When I connect to the router through the console port, I get disconnected after a specific period of inactivity and I would receive the following message R3 con0 is now available Press RETURN to get started. How can I control the length of the inactivity period so that I get disconnected only after a long period of inactivity. How can I control this on a vty or telnet line? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A good telnet program
Hello, I hate the telnet program that came with windows 95 because it does not give me any screen buffer space. Does any body know of any good telnet program that I can download from the internet? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
% Password: timeout expired!
Hello, How can I change the enable password timeout. Please look the output of the command bellow. R1enable Password: % Password: timeout expired! Password: % Password: timeout expired! _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LAN subinterfaces
Hello, the ethernet interface (e0) on my router looks like it is connected to tow LANs at the same time, as it appears from the output of the command bellow. Why is that and what causes it? How can I remove subnet 166.166.0.0 from the ethernet interface? I have no LAN sub-interface configured as part of a VLAN. That subnet ( 166.166.0.0) does not appear in the output of any of the following commands: sh ru sh int sh ip int Omer R1#sh ip route Gateway of last resort is not set C170.170.0.0/16 is directly connected, Serial0 C170.16.0.0/16 is directly connected, Ethernet0 C166.166.0.0/16 is directly connected, Ethernet0 R180.180.0.0/16 [120/1] via 170.170.0.1, 00:00:04, Serial0 _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-lists question??
On Nov 5, 11:41am, "Johnny Dedon" wrote: } } Guys, be very careful with advice on access-list on production routers. The } best practice for adding or changing access-list is to remove it from the } interface before modifying it. The implicit deny all can be a real disaster } with typos and the like when working from remote location. Be sure to remove } the old access-list with a no access-list # before pasteing back the new } one. Another good idea is to create a new access-list using a new number, and then switch the interface to the new access-list when it is ready. }-- End of excerpt from "Johnny Dedon" ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
suppressing null update
Hello, My router,R3, does not send any rip update. Bellow is the output of the debug ip rip command on R3. How can configure the router so that RIP updates are sent? Omer R3#debug ip rip RIP protocol debugging is on R3# RIP: sending v1 update to 255.255.255.255 via Serial0 (180.180.2.2) - suppressin g null update RIP: received v1 update from 180.180.2.1 on Serial0 170.170.0.0 in 1 hops 170.16.0.0 in 1 hops 166.166.0.0 in 2 hops _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Point-to-point subinterfaces
Hello to All, I wanted to configure s0.4 as a point-to-point interface but I could not. why is that? Does this has any thing to do with the encapsulation used on s0. I am using HDLC as the encapsulation on s0. R3(config-subif)#int s0.4 ? % Unrecognized command _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial0 is up, line protocol is down!
The line protocol down means that the other end are not sending keepalives . So yes its datalink (correct me if I am wrong ). If you are using back to back is there clocking on your dce side ( do a show control serial 0 ) look for dce . If not check that your NTU (clocking device is plugged in) See that your addressing is correct on both sides . So in short you should have a dce---dte scene and there should be clocking on the dce side. and make sure your addressing is ok ! Hope it helps ! Cheers Olden -Original Message- From: Omer Shommo [mailto:[EMAIL PROTECTED]] Sent: Friday, June 23, 2000 8:00 AM To: Cisco Group Study Subject: Serial0 is up, line protocol is down! Hello to All, If Serial0 is up, line protocol is down, then what should I check? Give me as many answers as you can. BTW what is the line protocol? is it a network protocol like ip, ipx? or is it the data link layer protocol? Omer ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route Summarisation, once again!
Thanks for your answer but this triggered a few more questions(!) My summary of thoughts are like this: 1. If there had not been the choice no. 2, my arithmatic is correct? 2. The question that I had just asked, there was a similar question on the book, which proposed almost the same network summarasation: 172.16.12.0/24, 172.16.13.0/24, 172.16.14.0/24: and the summarasation of 172.16.12.0/22 was the correct answer..(choice was a) 172.16.0.0/24 b)172.16.14.0/24 c)172.16.12.0/22 d)172.16.14.0/22) 3. if the purpose of the route summarasation is to reduce routing table entry so why not a single entry rather than two? hope you dont mind my asking, just trying nail the idea into my thick skull! Regards, Ishtiaque From: "Kenny Sallee" [EMAIL PROTECTED] Reply-To: "Kenny Sallee" [EMAIL PROTECTED] To: "Ishtiaque Mahbub" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Route Summarisation, once again! Date: Tue, 27 Jun 2000 23:49:32 -0700 If you chose the answer C you would have to change the network statement to 172.16.0.0 255.255.252.0. This would summarize networks 172.16.0.0, 172.16.1.0, 172.16.2.0, and 172.16.3.0. So you would summ an extra etwork( the 172.16.0.0 /24 ). The answer B then is more correct. The second statement ( 172.16.2.0/23 ) would cover only networks .2 and .3 and the first would cover .1 of course. If it were my network and it was private addressing - I would choose C. But for a test question it would be B. Kenny - Original Message - From: "Ishtiaque Mahbub" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 4:56 AM Subject: Route Summarisation, once again! Hello Group! Could someone be kind enough to explain a dilemma that I have been facing with route summarisation? In Todd's book I found the following question: How the following networks should be summarised? 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24 a) They cant be summarised b) 172.16.1.0/24 and 172.16.2.0/23 c) 172.16.1.0/22 d) 172.16.0.0 Well I chose C. Here is my explanation: Considering third octet Binary format of 1: 0001 Considering third octet Binary format of 2: 0010 Considering third octet Binary format of 3: 0011 So the highest number of similar bits for this octet is 6 The total number of bits similar for the networks: 8+8+6=22 That summarises the network to 172.16.1.0/22 But the answer says B with the explanation: Networks must share the same high-order bits. Look at the binary values to understand more clearly. What am I missing? Regards, Ishtiaque Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: re to all of Mlists_1999 posts...
All of the answers to your questions should be in your book or on cisco's site...Try the archive of Groupstudy also. Mark Zabludovsky ~ CCNA A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No debug over telnet
do a Router#term mon and all will be revealed Cheers Olden -Original Message- From: Omer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 3:49 AM To: Cisco Group Study Subject: No debug over telnet Hello, I have noticed that although I can turn debugging on over a telnet connection, I cannot watch the debug information over a telnet connection to the router. I deduced that if you want to debug activities on the router you have to connect to it through the console port. If that is not true please let me know. Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No debug over telnet
Whenever you telnet to a router it does not display console messages and debug traces by default on your terminal screen. you will have to enter the command "terminal monitor" and then you should be able to see the debug ouput. Regards Atif Awan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Omer Sent: Wednesday, June 28, 2000 1:49 AM To: Cisco Group Study Subject: No debug over telnet Hello, I have noticed that although I can turn debugging on over a telnet connection, I cannot watch the debug information over a telnet connection to the router. I deduced that if you want to debug activities on the router you have to connect to it through the console port. If that is not true please let me know. Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No Point-to-point subinterfaces
It seems that you are already in the sub-interface configuartion mode. Get out of this mode by typing exit and then issue the command sequence you are trying to issue. Regards Atif Awan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Omer Sent: Wednesday, June 28, 2000 12:19 AM To: Cisco Group Study Subject: No Point-to-point subinterfaces Hello to All, I wanted to configure s0.4 as a point-to-point interface but I could not. why is that? Does this has any thing to do with the encapsulation used on s0. I am using HDLC as the encapsulation on s0. R3(config-subif)#int s0.4 ? % Unrecognized command _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW-1 configuration
Hi, Sorry for posting out of topic msg on this list, but i found that so many of this list members has the working knowledge of checkpoint FW-1. Can somebody guide to configure the fw-1 or send me the links from where i can configure it. Is there any tech. problem to have web server and fw1 on same mc. Gm __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Console get disconnected
Hi there go conf t line con 0 no exec-timeout ctrl-z Hope it helps ! Cheers Olden -Original Message- From: Omer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 3:02 AM To: Cisco Group Study Subject: Console get disconnected Hello to all, When I connect to the router through the console port, I get disconnected after a specific period of inactivity and I would receive the following message R3 con0 is now available Press RETURN to get started. How can I control the length of the inactivity period so that I get disconnected only after a long period of inactivity. How can I control this on a vty or telnet line? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Documentation CD
On Oct 3, 3:58am, ElephantChild wrote: } On Sat, 17 Jun 2000, Bharat Suneja wrote: } } Please help Cisco!! A lot of us are now using Windows 2000 (it works great } } rant mode="cynical, weary" } Remember you're speaking about a corporation that believes Slowlaris is } the only Unix platform and that NT is a great OS for network management, } and that apparently never heard of lynx or text-only web pages. Actually, I have used Lynx to look at CCO a number of times. The site isn't the most Lynx-friendly, but it certainly isn't the worst I've seen by far. }-- End of excerpt from ElephantChild ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Analog Dial Backup
Hi All, I am trying to configure a 1720 to use the Aux port as a backup for the serial port. I want it to dial using a USRobotics Courier modem. Please tell me if you tried this before. Thanks, Atef ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Setting Configuration for VPN
Dear All, Does anyone have setting configuration for implement Virtual Private Network? What IOS can support for VPN..? Actually, VPN can implement in two Internet connection, for Example, we have conection to internet using dial up with serioal async to internet service provider use fix IP for head office and for remote user using dynamic IP with the same configuration as head office. Is this possible to make our VPN come true...? BTW, sould our router in online (already connect to internet) condition if i want configure for VPN, can make in offline..? I really need your assisstance for this problem, thanks for your help Regards Erwin ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Earthquakes?
On Nov 10, 9:01am, Shaq Patel wrote: } } How do you make machines in california or where ever reistent and shock } proof, best possible way during an earthquake? This topic is way beyond this list, since it gets into structural engineering. If you really want to do this right, you will need the services of a good structural engineer. Anyways, the basic process is pick a good solid location (i.e. it wouldn't do any good to have your building stay intact while it sinks into the ground), get redundancies for utilities if required, make sure the building is as earthquake proof as required, and make sure that ALL equipment is bolted into racks which are in turn bolted to concrete floors with shock mounts. If you want an example of a company that has taken this idea to an extreme, check out http://www.infosure.com/ , which is a company that is located in Victoria, B.C., which is at the northern end of the San Andreas faultline, the same one that California is on. }-- End of excerpt from Shaq Patel ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console get disconnected
hi, you should try this, conf t line con 0 exec-timeout 0 0 exit I hope this works fine.. ALI SHEERAZ MCSE+I, CCNA From: "Omer " [EMAIL PROTECTED] Reply-To: "Omer " [EMAIL PROTECTED] To: "Cisco Group Study" [EMAIL PROTECTED] Subject: Console get disconnected Date: Wed, 28 Jun 2000 01:01:47 Hello to all, When I connect to the router through the console port, I get disconnected after a specific period of inactivity and I would receive the following message R3 con0 is now available Press RETURN to get started. How can I control the length of the inactivity period so that I get disconnected only after a long period of inactivity. How can I control this on a vty or telnet line? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial0 is up, line protocol is down!
could also be a wrong encapsulation type that was set -Original Message- From: Olden Pieterse [mailto:[EMAIL PROTECTED]] Sent: 28 June 2000 11:20 To: 'Omer Shommo' Cc: '[EMAIL PROTECTED]' Subject: RE: Serial0 is up, line protocol is down! The line protocol down means that the other end are not sending keepalives . So yes its datalink (correct me if I am wrong ). If you are using back to back is there clocking on your dce side ( do a show control serial 0 ) look for dce . If not check that your NTU (clocking device is plugged in) See that your addressing is correct on both sides . So in short you should have a dce---dte scene and there should be clocking on the dce side. and make sure your addressing is ok ! Hope it helps ! Cheers Olden -Original Message- From: Omer Shommo [mailto:[EMAIL PROTECTED]] Sent: Friday, June 23, 2000 8:00 AM To: Cisco Group Study Subject: Serial0 is up, line protocol is down! Hello to All, If Serial0 is up, line protocol is down, then what should I check? Give me as many answers as you can. BTW what is the line protocol? is it a network protocol like ip, ipx? or is it the data link layer protocol? Omer ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FW-1 configuration
When you got FW1 there is a book with it. That walks you thru the basic config. Did you try www.checkpoint.com ? Mine were already setup by Verisign (they have great tech support ) Considering the job of the firewall, IMHO you would be better having it on it's own machine. Under NT it's kinda fussy as to the way the box has to be setup and it may conflict with the web server. What platforn are you running it on ??? Oz http://www.mcseco-op.com/Cheap_Cisco_stuff.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you block CDP with an access list???
CDP uses multicast-packets (8kB) for the MAC-adress 01-00-0C-CC-CC Erick [EMAIL PROTECTED] schrieb in im Newsbeitrag: [EMAIL PROTECTED] CDP is layer 2. Offhand, I don't remember the MAC address it uses but perhaps a MAC-address ACL will do the trick. Personally, I disable it since it is Cisco-only and I work in multi-vendor environments. --- Aaron Prather [EMAIL PROTECTED] wrote: If you can what protocol does it use? UDP? i know its a protocol in itself, but can this be done? what port number? Thanks guys, Aaron ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE:
The 1.0 test (at least for all the CCNP requirements) are going away 7/31, so I would recommend that if the literature for 2.0 is different for CCNA stuff that you focus on 2.0 material. -Original Message- From: Douglas Baltazar de Queiroz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 1:09 AM To: [EMAIL PROTECTED] Cc: Douglas Baltazar de Queiroz Subject: Dear Members, I've just started studying for CCNA, but I'm not sure if it' worthy taking version 1.0. Do I have to take CCNA 2.0 instead? Is there any problem for taking CCNP 2.0 holding CCNA 1.0? Thanks, Douglas ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Balanced v Unbalanced ? UK E1
Hi folks, Just inherited another disaster waiting to happen. Just been using Config Maker at cisco.com to spec up the following. 2 x 3620, 2 x serial 1E(LAN) for leased circuit, ISDN for backup. I've picked out the NM-1E2W card with the idea that the least circuit can be future-proofed to 4Mb/s, hopefully this is correct. Main Problem : I'm looking at the ISDN PRI backup solution, 1 port only and I don't understand the difference between Balanced and Unbalanced apart from the fact that the cables have a different Resistance i.e 75 v 120. I would be very grateful for any assistance. Thanx, Phil. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: collision on cut-through switch
A late collision usually occurs when one end of a switched ethernet link is set to full duplex but the other end of the link is set to half-duplex. Darren On Thu, 22 Jun 2000, ANIL.YADAV wrote: How to avoid late collisions ? thanks Anil On Tue, 20 Jun 2000, Heskett, Tony wrote: Not a white paper, but let's see whether *I* understand how it's supposed to work dons flameproof underwear ;- Cut-thru waits for the dest addy, then starts forwarding. Frag-free waits for 64bytes, then starts forwarding. Store'n'forward waits for the whole packet and CRC's it, so will only forward truly valid (tm) packets. Sooo... cut-thru will forward runts, and you'll get those if there's a collision after the dest addy but within the first 64. Frag-free will /not/ forward runts, so will protect you from collisions that really should have happened. It won't protect you from 'late collisions' (that shouldn't have happened), but you're gonna fix your cable plant to remedy those (aren't you? :-) Or am I lying ? :-) (big quote for context, below; sorry) Tone From: Barry Hofland [mailto:[EMAIL PROTECTED]] Hi, Priscilla, I think the best way to find this out is to just get yourself a network tester to connect between the transmitting host on port 1 and the CISCO box. ( like a FLUKE ) You will be able to see ( or not ) the JAMS on port 1. When you connect the host in that segment only and there's a jam during a collision on port 2 you know enough... In my humble opinion you are right, but that's male intuition ;-) Priscilla Oppenheimer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I got into a discussion with a knowledgeable Sniffer instructor recently. When he teaches cut-through-switching theory, he warns his students that a cut-through switch does not really isolate collision domains. Consider this example: * The switch is receiving a frame from port 1 destined for a station out port 2. * The switch recognizes the destination address and starts forwarding the frame to port 2 ASAP. * There is a collision on port 2. (It's a shared and/or half-duplex Ethernet.) According to the instructor, the Switch sends a jam signal back to port 1 to let the initial sender know that the frame experienced a collision. This allows the sender to retransmit. If you read some of the books on switching, you would think that this is true. The books make it sound like the frame is passing through the switch and disappearing out the destination port as soon as the destination address is recognized. I don't think the Sniffer instructor's conclusion is true, however. I believe that a Cisco cut-through switch buffers the frame and hence has the ability to retransmit. There is no requirement to send a jam to the original sender because port 2 in our example retransmits after sensing the collision. I believe that Cisco switches store frames, even when doing cut-through, whereas the instructor assumed that the frame has passed through and out the port and is no longer available for retransmission by the switch. Cisco positions cut-through as reducing delay, not reducing the need for buffering, so I'm contending that I'm right. Who do you think is right? Can you point me to any white papers that would prove who is right? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Analog Dial Backup
Hi there Here is my shot in the dark on this one . First configure yor aux port , I think its line 0 so... conf t line aux 0 speed 38500 modem inout ( so you can call in out) transport input all (so it'll take anything , but change it to your fancy ) transport preferred telnet (so if you telnet you dont have to wait) autoselct ppp modem autoconfigure type usr_courier flowcontrol hardware exec-timeout 0 0 exec logical setup interface async 1 (uax 0 === async 1) ip unnumbered ethernet 0 ip tcp header-compression passive encap ppp async default ip address x.x.x.x (keep this address in the same subnet as your ethernet 0) async mode interactive I got this at www.cisco.com/warp/701/6.html It explains it really well ! Hope it helps Cheers Olden -Original Message- From: Atef Rostom [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 12:16 PM To: [EMAIL PROTECTED] Subject: Analog Dial Backup Hi All, I am trying to configure a 1720 to use the Aux port as a backup for the serial port. I want it to dial using a USRobotics Courier modem. Please tell me if you tried this before. Thanks, Atef ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Hierarchical Design questions
Maybe I am not reading your response right. From what I read your saying you need both peers tunnel endpoints to be in the same subnet? If that is what your saying that is incorrect. You do not need to setup addresses in the same subnet on each end of the tunnel. You simply identify you encrypting peers address which can be any accessible address in any subnet. As well, the router that you define as your peer simply has an access-list that defines any traffic passing through it that gets encrypted. This is based on source and destination and can be any source any destination inlcluding subnets that this encrypting router is not directly connected to as long of course as the traffic passes the encryprting router on the way out, and the destination is accessible. On the Microsoft W2K thing. I would avoid it if you can. It is a little more complex in that you have to setup L2TP on the router and the W2K and configure IPSEC to use the L2TP tunnel. It will be much easier to encrypt from router to router based on access-lists. The access-list will only define what get's encrypted, and is not applied to any interface just the Crypto map. You do not need any special hardware unless your VPN network grows considerably large and you are using 3-des. Then you will want to look into the PL2 or PL3 card which will take the encrypting decrypting engine process of the routers CPU and put it on the PL2 or PL3 card. CCNP + Security Specialist -Original Message- From: JEK [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 3:29 AM To: [EMAIL PROTECTED] Subject: Re: VPN Hierarchical Design questions John, ( 1 )If your wanting to connect all of your remotes that will not connect up to the same logical lan; the host will need a connection to the internet and the remotes will need the same.You will then need to setup Tunnel Interfaces which are software interfaces and then setup your own certain criteria for your tunnel mode / tunnel source / tunnel destination and then an IP Address on both ends that are in the same subnetThen you can setup static routes on the routers to forward information that they need on the host LAN to the IP Address if the Tunnel Interface on the host router.Then you can setup your gateway of last resort pointing out to the Internets IP Address... PS: You don't even have to setup a routing protocol just a routed protocol..Keep in mind that all of your static routes would have to be setup properly.. ( 2 )If your talking about the three Cisco Layers.Example would be 7200 Core 4000366036403620 Distrbution 7008001000160017002500 Access Joe Senior Systems/Network Engineer CCNA "JohnMail" [EMAIL PROTECTED] wrote in message 006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]">news:006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]... Folks: I am preparing for the CCDA and plan to write same before 31 July, 2000. I have two questions. The first one revolves around VPN. The other question deals with CISCO's Hierarchical Network Design concepts. (1) Assume that I have six simple LANs - one HQ LAN and 5 Branch LANs. Assume also that each LAN consists of one Server and 4 workstations. If I want to link these simple networks using VPN; what king of Hardware and Software would I have to buy. I would also like to compare and contrast Microsoft's VPN (which I believe is built into Win2000) and CISCO's VPN. Thanks in advance guys. (2) In this second scenario, I want to connect a router at each LAN site and make use of CISCO'S hierarchical network design principles. Can anyone explain or draw a simple diagram of what the network structure would look like at the CORE, DISTRIBUTION, and ACCESS layers. Thanks, John ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No debug over telnet
Type the "terminal monitor" command in the privileged EXEC mode to see the debugging. Leonardo. -Original Message- From: Omer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 10:49 PM To: Cisco Group Study Subject: No debug over telnet Hello, I have noticed that although I can turn debugging on over a telnet connection, I cannot watch the debug information over a telnet connection to the router. I deduced that if you want to debug activities on the router you have to connect to it through the console port. If that is not true please let me know. Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial0 is up, line protocol is down!
It depends on what your serial port is connected to. Is it frame relay, CSU/DSU, etc. Hello to All, If Serial0 is up, line protocol is down, then what should I check? Give me as many answers as you can. BTW what is the line protocol? is it a network protocol like ip, ipx? or is it the data link layer protocol? Omer Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A good telnet program
You can increase the amount of buffer space that telnet provides. Just click on Terminal and select preferences. -Original Message- From: Omer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 9:29 PM To: Cisco Group Study Subject: A good telnet program Hello, I hate the telnet program that came with windows 95 because it does not give me any screen buffer space. Does any body know of any good telnet program that I can download from the internet? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: suppressing null update
Usually you will see this when you have a distribute list in place and the distribute list is blocking all of the updates. It could also happen if the router has only one connection active - all of the routes it knows about would come from that interface so it would supress all of those routes from going out that interface because of split horizon. Hello, My router,R3, does not send any rip update. Bellow is the output of the debug ip rip command on R3. How can configure the router so that RIP updates are sent? Omer R3#debug ip rip RIP protocol debugging is on R3# RIP: sending v1 update to 255.255.255.255 via Serial0 (180.180.2.2) - suppressin g null update RIP: received v1 update from 180.180.2.1 on Serial0 170.170.0.0 in 1 hops 170.16.0.0 in 1 hops 166.166.0.0 in 2 hops _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: No debug over telnet
use the following command - term mon that will turn on terminal monitoring. that will let you see debug and log messages Hello, I have noticed that although I can turn debugging on over a telnet connection, I cannot watch the debug information over a telnet connection to the router. I deduced that if you want to debug activities on the router you have to connect to it through the console port. If that is not true please let me know. Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
router crash
Networking giant Cisco has been forced to warn customers that its routers can crash when tested for security vulnerabilities by security scanning software programs. SOURCE: VUNet http://www.vnunet.com/News/1104718 a href="http://i.winfire.com/s/isapiEng.dll/wf.exe?cmd=rl 508,180018682wf.exe"img border=0 width=120 height=50 alt="Get FreeDSL now!" src=http://www.geocities.com/sstalib/freedsl.gif/a __ 123India.com - India's Premier Portal Get your Free Email Account at http://www.123india.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console get disconnected
Off the top of my head I think it is the - session-timeout - command that you can set on the line configuration. I seem to remember an exec-timeout also, but can't remember which does what. You should be able to look up those commands on Cisco's web page though. Hello to all, When I connect to the router through the console port, I get disconnected after a specific period of inactivity and I would receive the following message R3 con0 is now available Press RETURN to get started. How can I control the length of the inactivity period so that I get disconnected only after a long period of inactivity. How can I control this on a vty or telnet line? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS Upgrades
Looking to do some upgrades to a few 2500 series routers and need information in regards to the IP, IP Plus, etc. Does anyone have detailed information on the differences between the different versions and or know where this information is kept on the web. Thanks, EB ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Balanced v Unbalanced ? UK E1
Title: RE: ISDN Balanced v Unbalanced ? UK E1 Phil, I'm not a Cisco man... yet.. just starting on CCDA study.. but the terms balanced and unbalanced are transmission terms and refer to how the impedance on each leg of the circuit is distributed. ie evenly on each (balanced) or unevenly (unbalanced). The reason for balancing impedances on each leg is to minimise the induced noise voltage on copper pairs which otherwise can result. Consequently , balance TX lines are used where cable distances are longer and noise interference is possible... typically by Telco's in copper situations. Optical systems have largely made this issue obsolete. The real answer is to check with your leased line supplierand see what they are offering at their interface. Best Regards, Mike Higgins Consulting Telecommunications Engineer email: [EMAIL PROTECTED] -Original Message- From: Phil Barker [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 28 June 2000 15:04 To: cisco GroupStudy Subject: ISDN Balanced v Unbalanced ? UK E1 Hi folks, Just inherited another disaster waiting to happen. Just been using Config Maker at cisco.com to spec up the following. 2 x 3620, 2 x serial 1E(LAN) for leased circuit, ISDN for backup. I've picked out the NM-1E2W card with the idea that the least circuit can be future-proofed to 4Mb/s, hopefully this is correct. Main Problem : I'm looking at the ISDN PRI backup solution, 1 port only and I don't understand the difference between Balanced and Unbalanced apart from the fact that the cables have a different Resistance i.e 75 v 120. I would be very grateful for any assistance. Thanx, Phil. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] *** * The information transmitted in this e-Mail, and any files transmitted * * with it, is confidential and intended solely for the use of the * * individual(s) to whom it is addressed. Any review, retransmission, * * dissemination or other use of or taking action in reliance upon this * * information by persons or entities other than the intended recipient(s) * * is prohibited. Any views or opinions expressed are solely those of * * the author, and do not necessarily represent those of Riyad Bank. If * * you have received this message in error, please notify the sender and * * the system manager at [EMAIL PROTECTED] and delete the material * * from your computer. * * * * This footnote confirms that this message and any associated attachments * * have been scanned by MIMESweeper for content security and the presence * * of computer viruses.* ***
FW: Marconi Announces New Technical Education Certification Program
FYI: Marconi's primary component is the former FORE systems. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 8:17 AM To: [EMAIL PROTECTED] Subject: Marconi Announces New Technical Education Certification Program Marconi Announces New Technical Education Certification Program Educational Program Certifies Proficiency in Installation, Operation And Maintenance of Marconi Products for Service Provider and Enterprise Markets PITTSBURGH, June 28 /PRNewswire/ -- Marconi (LONDON: MNI), a global supplier of advanced communications solutions, today announced the new Marconi Technical Education -- Americas Certification Program, in which it is offering two new certification titles: the Enterprise Network Engineer (ENE) and the Public Network Engineer (PNE). The program is designed for Marconi partners, systems engineers and technical operations personnel -- as well as for customers. This job function-based certification program enables participants to achieve and demonstrate proficiency and become recognized industry experts in the installation, operation and maintenance of Marconi Intelligent Broadband Networking solutions for the service provider and enterprise markets. (Photo: http://www.newscom.com/cgi-bin/prnh/2504/MARCLOGO ) "We are delighted to introduce this new Marconi Technical Education Program for the Americas -- the first phase of a global program. It's an initiative that provides quality education to ensure the smooth installation, operation and maintenance of the communications networks serving the needs of businesses and consumers across the globe," said Rock Arkie, executive vice president and general manager of Marconi Americas Services. "By educating and certifying our partners and customers as technology `experts', we can continue to build premium quality, reliable networks for the 21st century." About the Marconi Technical Education -- Americas Certification Program In order to be "certified" under the Marconi Technical Education -- Americas Certification Program, candidates must pass both Web-based written and hands-on practical exams. To register for Marconi's online testing, candidates can access the Marconi Technical Education Link from the company's home page at www.marconi.com. Marconi and its Certified Training Partners offer optional self-directed and instructor-led courses at various locations throughout the world to assist candidates in obtaining the necessary knowledge to pass the required exams and attain the selected certification title. Candidates are also encouraged to attend elective courses to augment the skills attained during the certification process. To register for a Marconi Technical Education Course in a specific location, candidates can contact the Technical Training Registrar at [EMAIL PROTECTED], or download a zipped Excel form from the company's web site. To ensure successful candidates maintain Marconi's high standards, certification is valid for a two-year period, after which students must re-certify by passing the written and hands-on practical exams. Individuals certified under the FORE Systems LAN and WAN Certified Engineer Program, which ended March 31, 2000, may retain their title for the duration of one year after their certification date. Individuals certified under the FORE Systems LAN and WAN Certified Engineer Program after June 30, 1999, are eligible to become Marconi Enterprise Network Engineers or Marconi Public Network Engineers by passing three required Web-based exams. Those certified under the FORE Systems LAN and WAN program before June 30, 1999, must pass the practical, hands-on exam, as well as Web-based exams. About Marconi Services Marconi Services is a $1 billion global organization with more than 6,000 employees. Its vast portfolio of services are marketed under a "Plan, Build, Operate" banner. It provides fast transition to a new public network solution for established operators, and seamless integration with their existing networks. For new operators, Marconi Services provides total turnkey solutions to enable speed of network service provisioning and market entry. It also provides services and support for Marconi's technology offerings, including optical networking, switching and routing, applications and network services solutions. About Marconi plc Marconi plc is a global communications and IT company with 45,000 employees worldwide and sales in over 100 countries. It supplies advanced communications solutions and the key technologies and services for the Internet. Marconi plc is listed on the London Stock Exchange under the symbol MNI. All brands or product names are trademarks of their respective holders. For more information, contact Jim Blew, Media Relations of Marconi, 724-742-7745, or Email, [EMAIL PROTECTED] SOURCE Marconi plc -0-
Re: FW-1 configuration
The best Firewall-1 site on the Internet: http://www.phoneboy.com/fw1/ "Gunjan Mathur" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Sorry for posting out of topic msg on this list, but i found that so many of this list members has the working knowledge of checkpoint FW-1. Can somebody guide to configure the fw-1 or send me the links from where i can configure it. Is there any tech. problem to have web server and fw1 on same mc. Gm __ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Flash Memory
I had this problem before too. I am not exectlly sure about the following but I believe this is what I did. I loaded 1 the 8 meg in the slot I took it out of (because the bootstrap will look in the same location) and loaded the 16 meg in the other slot. I copied the ios to TFTP. I then did a partition on the 16 meg of flash. I tftp'ed the IOS to the 16 meg flash. I took out the 8 meg and moved the 16 meg to the 8 meg slot and put in the second 16 meg. The bootstrap found the IOS on the just part'ed flash. I then erased flash, partitioned into 1 large part and reload the the IOS again from TFTP. -Original Message- From: pinoal [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 4:32 AM To: [EMAIL PROTECTED] Subject: Flash Memory Hi , Recently I had to upgrade a cisco3640 from 8 M flash to 32 M flash , I was provided with 2 x 16 M flash . I took out the 8M flash and plugged in the 2 16M flash ram . I did a xmodem transfer of the ios to the flash . When I booted the router is gave me an error . "System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. C3600 processor with 131072 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled get_man_dev: Unknown device - probably NOT formatted. unknown flash device - mandev code = 0x89aa cannot read flash info getdevnum warning: device "flash" has size of zero get_man_dev: Unknown device - probably NOT formatted. unknown flash device - mandev code = 0x89aa cannot read flash info getdevnum warning: device "flash" has size of zero open: read error...requested 0x4 bytes, got 0x0 trouble reading device magic number boot: cannot open "flash:" boot: cannot determine first file name on device "flash:" I took out the new flash and plugged in the original flash with one 16M Flash and I was able to boot from the original flash memory , but I still got the error get_man_dev: Unknown device - probably NOT formatted. get_man_dev: Unknown device - probably NOT formatted. I was using ios 12.08 ip/ipx/at/dec plus, I could not find any command to format the flash . I have tried partitioning the flash and erasing the flash but still get the same error . Can any noe tell me how I can format the new flash memory ? thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: suppressing null update
Check that you dont have passive interface enabled on that interface . A passive interface will receive updates but will not send out any . Regards Olden -Original Message- From: Omer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 3:18 AM To: Cisco Group Study Subject: suppressing null update Hello, My router,R3, does not send any rip update. Bellow is the output of the debug ip rip command on R3. How can configure the router so that RIP updates are sent? Omer R3#debug ip rip RIP protocol debugging is on R3# RIP: sending v1 update to 255.255.255.255 via Serial0 (180.180.2.2) - suppressin g null update RIP: received v1 update from 180.180.2.1 on Serial0 170.170.0.0 in 1 hops 170.16.0.0 in 1 hops 166.166.0.0 in 2 hops _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Calculate Bandwidth
How would I calculate bandwidth utilization on a serial interface? The interface is encap frame and the CIR is 1544. What would be the formula for such a calculation? Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: No debug over telnet
On Wed, 28 Jun 2000, Omer wrote: Hello, I have noticed that although I can turn debugging on over a telnet connection, I cannot watch the debug information over a telnet connection to the router. I deduced that if you want to debug activities on the router you have to connect to it through the console port. If that is not true please let me know. Issue the command "terminal monitor" or "term mon" to display the debug output on the telnet session. The console monitors automatically. -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you block CDP with an access list???
Hi, So basically, if I understand, CDP can be used on serial as well as on Ethernet interfaces to get info. on neighboring routers. One question I had regarding CDP is when you do a sh cdp neighbors, it gives you config info. regarding the neighboring routers. I wanted to understand what AGS under Platform meant in this configuration. What does it stand for? Please advise. Thank you. Kind regards, [EMAIL PROTECTED] From: "Raymond Everson (Rainman)" [EMAIL PROTECTED] Reply-To: "Raymond Everson (Rainman)" [EMAIL PROTECTED] To: Aaron Prather [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Can you block CDP with an access list??? Date: Tue, 27 Jun 2000 19:47:18 -0400 again. read up udp=layer 4 cdp=NOT layer 4 in fatto: cdp is cisco's implementation of stretching layer 2 rules. The Cisco Discovery Protocol (CDP) Discovery Protocol CDP allows devices to share basic configuration information without even configuring any protocol specific information. CDP is enabled by default on all interfaces. CDP is a Datalink Protocol occuring at Layer 2 of the OSI model. This is important to understand because CDP is not routable. It can only traverse to directly connected devices. CDP allows you to view information such Operating System Version, Protocol Information, and much more. This can be very handy for troubleshooting a variety of problems. Aaron Prather wrote: If you can what protocol does it use? UDP? i know its a protocol in itself, but can this be done? what port number? Thanks guys, Aaron ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT vs. Proxy
Hello all, Can anyone explain the pros and cons of NAT and Proxy server, from a security standpoint? It would seem to me that NAT + a firewall would be much more secure than relying on a proxy server, but I'm having a hard time explaining this to management. Also, how many times can you NAT on a network? Is it plausible to have remote sites connect to a distribution router (in a private frame relay cloud), NAT there, and then connect back to the central office and be NAT-ed again prior to going out on the internet? Or does something get lost in translation? All replies appreciated. Jeff ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: router crash
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 7:25 AM To: [EMAIL PROTECTED] Subject: router crash Networking giant Cisco has been forced to warn customers that its routers can crash when tested for security vulnerabilities by security scanning software programs. SOURCE: VUNet http://www.vnunet.com/News/1104718 a href="http://i.winfire.com/s/isapiEng.dll/wf.exe?cmd=rl 508,180018682wf.exe"img border=0 width=120 height=50 alt="Get FreeDSL now!" src=http://www.geocities.com/sstalib/freedsl.gif/a __ 123India.com - India's Premier Portal Get your Free Email Account at http://www.123india.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No debug over telnet
No you simply need to type Term mon (Terminal Monitor) at the command prompt on the line you are telnetting into. You also need to set debuggin console to on. -Original Message- From: Omer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 9:49 PM To: Cisco Group Study Subject: No debug over telnet Hello, I have noticed that although I can turn debugging on over a telnet connection, I cannot watch the debug information over a telnet connection to the router. I deduced that if you want to debug activities on the router you have to connect to it through the console port. If that is not true please let me know. Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A good telnet program
I don't care much for the default telnet program even if you can increase buffer space. Try Tera Term Pro, a freeware telnet program. The maximum buffer space is 10,000 lines. This makes it very easy to capture even large switch configs. It also has support ssh. http://www.vector.co.jp/authors/VA002416/teraterm.html I hate the telnet program that came with windows 95 because it does not give me any screen buffer space. Does any body know of any good telnet program that I can download from the internet? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS Upgrades
Eric, http://www.cisco.com/warp/customer/cc/cisco/mkt/ios/rel/113/prodlit/705_pp.h tm Need CCO login to get to the above URL. This is a "Feature Matrices: Release 10.3 12.1" outlining what features are specific to what release of the IOS. It doesn't give you much detail about the differences between IP, IP Plus etc.. but the release notes may give you more information here: http://www.cisco.com/kobayashi/releases/Release_notes.html Hope that helps Russ.. ""Eric Bishop"" [EMAIL PROTECTED] wrote in message 8jcrl3$r4k$[EMAIL PROTECTED]">news:8jcrl3$r4k$[EMAIL PROTECTED]... Looking to do some upgrades to a few 2500 series routers and need information in regards to the IP, IP Plus, etc. Does anyone have detailed information on the differences between the different versions and or know where this information is kept on the web. Thanks, EB ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LDAP Port opening on Firewall
Thanks Rahman, I appreciate your help. That has solved my problem. I didn't know that LDAPS require 636 port open. Thanks again for your help. Regards Sridhar Raju - Original Message - From: "Rahman, Abdul" [EMAIL PROTECTED] To: "'Mahisri'" [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: "cisco-groupstudy" [EMAIL PROTECTED]; "Rahman, Abdul" [EMAIL PROTECTED] Sent: Tuesday, June 27, 2000 9:05 AM Subject: RE: LDAP Port opening on Firewall Good questions. First is the standard. Is the MS exchange server LDAP compliant? Netscape has employed the author of the LDAP protocol ( he wrote is doctoral dissertation on LDAP) as a result they are completely LDAP compliant. Make sure there are no inconsistencies with respect to the MS requirements. Second is security. Make sure that the MS version is not requiring SSL over LDAP or LDAPS which uses port 636. You maybe inadvertently blocking the port it is requiring. Third is UDP versus TCP. How is your access list or rule set configured. Make sure you are setting the rule correctly with respect to the protocol. These are some suggestions. It may point you in the right direction. Best of luck. Warmest regards, Abdul Rahman A. Rahman, Ph.D. Product Engineer Digex, Inc -Original Message- From: Mahisri [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 9:23 AM To: [EMAIL PROTECTED] Cc: cisco-groupstudy Subject: LDAP Port opening on Firewall Help me please! I know the port 389 should be open for proper functioning of LDAP. I have case specific trouble - The Netscape directory server and Microsoft exchange server are differed by a firewall in between. The maintenance people complain that they could not replicate the directory entries correctly. What could be the problem? The port 389 is open. I doubt it is the problem with Servers configurations. Rgds Sridhar ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Firewall Manager
Hmm.. my experience with the PFM wasn't too great. Wasn't happy with it at all, stick with the CLI for configuration. As for syslog analysis and alarm, there are several products out there that do a much better job. I use PrivateI (www.4privatei.com), works very well for NT, there are others but I can't remember what they are, others on the list should have some more insight :) Hope that helps. Russ.. ""lee"" [EMAIL PROTECTED] wrote in message 8jbtop$g0c$[EMAIL PROTECTED]">news:8jbtop$g0c$[EMAIL PROTECTED]... Hi all, has anyone familiar with PIX Firewall Manager 4.3(2)e ??? My PIX firewall is running ver 4.4(4) and my PFM is running 4.3(2)e. I managed to add the PIX firewall into the PFM, but i don't know how to enable the syslog alarm feature of PFM. Thanks in advance. rgs, lee ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: collision on cut-through switch
Gentle correction - late collisions occur after the first 64 bytes of a frame have been placed on the wire. Essentially, a station listens, perceives the wire as clear, starts sending, only to find that another station has already begun to transmit. Can happen for a couple of reasons. Network too long. Faulty hardware. Real busy network, possibly with lots of very small packets ( as might happen in a brokerage firm, where I used to see my fair share of late collisions. ) Interesting point about the duplex settings. Having made that mistake once or twice, my recollection is that connectivity is not established, but then memory may not serve on this one. Does that show up as 100% collisions? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 4:57 AM To: ANIL.YADAV Cc: Heskett, Tony; [EMAIL PROTECTED] Subject:RE: collision on cut-through switch A late collision usually occurs when one end of a switched ethernet link is set to full duplex but the other end of the link is set to half-duplex. Darren On Thu, 22 Jun 2000, ANIL.YADAV wrote: How to avoid late collisions ? thanks Anil On Tue, 20 Jun 2000, Heskett, Tony wrote: Not a white paper, but let's see whether *I* understand how it's supposed to work dons flameproof underwear ;- Cut-thru waits for the dest addy, then starts forwarding. Frag-free waits for 64bytes, then starts forwarding. Store'n'forward waits for the whole packet and CRC's it, so will only forward truly valid (tm) packets. Sooo... cut-thru will forward runts, and you'll get those if there's a collision after the dest addy but within the first 64. Frag-free will /not/ forward runts, so will protect you from collisions that really should have happened. It won't protect you from 'late collisions' (that shouldn't have happened), but you're gonna fix your cable plant to remedy those (aren't you? :-) Or am I lying ? :-) (big quote for context, below; sorry) Tone From: Barry Hofland [mailto:[EMAIL PROTECTED]] Hi, Priscilla, I think the best way to find this out is to just get yourself a network tester to connect between the transmitting host on port 1 and the CISCO box. ( like a FLUKE ) You will be able to see ( or not ) the JAMS on port 1. When you connect the host in that segment only and there's a jam during a collision on port 2 you know enough... In my humble opinion you are right, but that's male intuition ;-) Priscilla Oppenheimer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I got into a discussion with a knowledgeable Sniffer instructor recently. When he teaches cut-through-switching theory, he warns his students that a cut-through switch does not really isolate collision domains. Consider this example: * The switch is receiving a frame from port 1 destined for a station out port 2. * The switch recognizes the destination address and starts forwarding the frame to port 2 ASAP. * There is a collision on port 2. (It's a shared and/or half-duplex Ethernet.) According to the instructor, the Switch sends a jam signal back to port 1 to let the initial sender know that the frame experienced a collision. This allows the sender to retransmit. If you read some of the books on switching, you would think that this is true. The books make it sound like the frame is passing through the switch and disappearing out the destination port as soon as the destination address is recognized. I don't think the Sniffer instructor's conclusion is true, however. I believe that a Cisco cut-through switch buffers the frame and hence has the ability to retransmit. There is no requirement to send a jam to the original sender because port 2 in our example retransmits after sensing the collision. I believe that Cisco switches store frames, even when doing cut-through, whereas the instructor assumed that the frame has passed through and out the port and is no longer available for retransmission by the switch. Cisco positions cut-through as reducing delay, not reducing the need for buffering, so I'm contending that I'm right. Who do you think is right? Can you point me to any white papers that would prove who is right? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report
RE: Serial0 is up, line protocol is down!
Just remember that "Serial0 is up" refers to Layer 1 and "Line Protocol is down" refers to Layer 2. Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Omer Shommo Sent: Friday, June 23, 2000 6:00 AM To: Cisco Group Study Subject:Serial0 is up, line protocol is down! Hello to All, If Serial0 is up, line protocol is down, then what should I check? Give me as many answers as you can. BTW what is the line protocol? is it a network protocol like ip, ipx? or is it the data link layer protocol? Omer ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: collision on cut-through switch
Not 100%, but there will be a lot of them. We had a case here where someone connected a server set to full duplex 10Meg to a hub with a few other PCs connected. There is connectivity, but anytime the server wanted to transmit it would stomp any everyone else since collision detection was disabled. This resulted in very poort performance on the LAN, but it did work. Interestingly, we discovered this problem when the users complained that they couldn't download attachments to their email. Any file over a certain size was certain to get mangled. It took a while to discover the problem. So now when I see late collisions, the first thing I look for is duplex mismatches. John Neiberger Gentle correction - late collisions occur after the first 64 bytes of a frame have been placed on the wire. Essentially, a station listens, perceives the wire as clear, starts sending, only to find that another station has already begun to transmit. Can happen for a couple of reasons. Network too long. Faulty hardware. Real busy network, possibly with lots of very small packets ( as might happen in a brokerage firm, where I used to see my fair share of late collisions. ) Interesting point about the duplex settings. Having made that mistake once or twice, my recollection is that connectivity is not established, but then memory may not serve on this one. Does that show up as 100% collisions? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 4:57 AM To: ANIL.YADAV Cc: Heskett, Tony; [EMAIL PROTECTED] Subject: RE: collision on cut-through switch A late collision usually occurs when one end of a switched ethernet link is set to full duplex but the other end of the link is set to half-duplex. Darren On Thu, 22 Jun 2000, ANIL.YADAV wrote: How to avoid late collisions ? thanks Anil On Tue, 20 Jun 2000, Heskett, Tony wrote: Not a white paper, but let's see whether *I* understand how it's supposed to work dons flameproof underwear ;- Cut-thru waits for the dest addy, then starts forwarding. Frag-free waits for 64bytes, then starts forwarding. Store'n'forward waits for the whole packet and CRC's it, so will only forward truly valid (tm) packets. Sooo... cut-thru will forward runts, and you'll get those if there's a collision after the dest addy but within the first 64. Frag-free will /not/ forward runts, so will protect you from collisions that really should have happened. It won't protect you from 'late collisions' (that shouldn't have happened), but you're gonna fix your cable plant to remedy those (aren't you? :-) Or am I lying ? :-) (big quote for context, below; sorry) Tone From: Barry Hofland [mailto:[EMAIL PROTECTED]] Hi, Priscilla, I think the best way to find this out is to just get yourself a network tester to connect between the transmitting host on port 1 and the CISCO box. ( like a FLUKE ) You will be able to see ( or not ) the JAMS on port 1. When you connect the host in that segment only and there's a jam during a collision on port 2 you know enough... In my humble opinion you are right, but that's male intuition ;-) Priscilla Oppenheimer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I got into a discussion with a knowledgeable Sniffer instructor recently. When he teaches cut-through-switching theory, he warns his students that a cut-through switch does not really isolate collision domains. Consider this example: * The switch is receiving a frame from port 1 destined for a station out port 2. * The switch recognizes the destination address and starts forwarding the frame to port 2 ASAP. * There is a collision on port 2. (It's a shared and/or half-duplex Ethernet.) According to the instructor, the Switch sends a jam signal back to port 1 to let the initial sender know that the frame experienced a collision. This allows the sender to retransmit. If you read some of the books on switching, you would think that this is true. The books make it sound like the frame is passing through the switch and disappearing out the destination port as soon as the destination address is recognized. I don't think the Sniffer instructor's conclusion is true,
Re: VLSM Question
I came up with summary-address 172.16.10.0 255.255.255.224 The summary-address command is only used on OSPF ASBRs. Use the area area-id range address supernet-mask command to summarise routes on an OSPF ABR. The succinct difference lies in the type of LSA generated by these two commands. The ABR generates Summary LSAs (Type 3/4), whereas the ASBR generates Autonomous System External LSAs (Type 5). The summary-address command, therefore, will not work correctly on an ABR. You must use the area area-id range command to enable summarisation of inter-area routes. -- Edward Solomon CCNA, CCSI Senior I/T Specialist Networking Solutions IBM Canada Ltd. - Learning Services Tel.: (905) 316-3241 Fax: (905) 316-3101 E-mail: [EMAIL PROTECTED] Internet: http://www.can.ibm.com/services/learning/net_internet.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 3600 error on startup??
Hi, I am getting an error msg. when my 3600 router boots up. The error msg. reads: device: does not contain a valid magic number boot: cannot open file "flash:" boot: cannot determine first file name on device flash Then it takes me to the rommon prompt. Then I typed in confreg and tried to get into the router by bypassing the NVRAM, but once it reloads, it takes me back to the rommon prompt. Can someone please advise. Thank you. Kind regards, [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A good telnet program
Try Tera Term. I believe it is available from Winfiles and download.com. It is very easy to configure. I like the ability to set "transmit delay" this prevent any buffer overruns when I can pasting config files. Best of all it is freeware. This is the link I have for it from Download.com: http://download.cnet.com/downloads/0-10061-100-890547.html?tag=st.dl.10001_1 03_1.lst.td Charles Jouglard Network Engineer Cox @Home - New Orleans, LA "Cable Modems" - Now Your Living - Original Message - From: Omer [EMAIL PROTECTED] To: Cisco Group Study [EMAIL PROTECTED] Sent: Wednesday, June 28, 2000 1:29 AM Subject: A good telnet program Hello, I hate the telnet program that came with windows 95 because it does not give me any screen buffer space. Does any body know of any good telnet program that I can download from the internet? Omer ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco stuff for sale...
Hey guys- just a note before I start the tedious task on making an Ebay page (taking the pictures with the digital camera, etc., etc.)... I am selling: 2501 2502 Both have 16 Megs of RAM/ 8 Megs of FLASH, 12.0.8Enterprise IOS installed the newest version 11.0 boot ROM upgrades installed (11.0 10c). I purchased both of these routers new (de-installs that were never used). I have all the OE boxes, documentation, never opened rack mounts. Both routers haveno physical flaws (no scratcheson their cases) have been cleaned regularly. I am includinga back to back (DCE to DTE) DB60 cable, an HP transceiver, crossover RJ45, Ethernet NIC (16 or 32 bit- you choose),1 Cisco console kit with baluns, a Token Ring NIC (32 bit) with RJ45 DB9 connections, an 8228 IBM MAU with all the IBM cables... Iam looking for $1525 + Shipping for everything. 1924 Catalyst Switch (Firmware) 24X 10 base T ports 2X100 base T ports. This switch works great. I have had it for a few months am making way for a new Catalyst $$$ :-( in my home lab. I am including the DB15 null modem cable neededfor console-ing the rack mounts (I did not have the manuals or OE box for this one... I am look for $475 + shipping on this Any questionsabout my trading integrity... http://cgi2.ebay.com/aw-cgi/eBayISAPI.dll?ViewFeedbackuserid=circusnuts Thanks All !!! Phil
Re: Cisco 3600 error on startup??
It's broke. Send it to me, I'll give you $200 for it. lol -Brad ""Palikhey, Niraj"" [EMAIL PROTECTED] wrote in message 9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3">news:9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3... Hi, I am getting an error msg. when my 3600 router boots up. The error msg. reads: device: does not contain a valid magic number boot: cannot open file "flash:" boot: cannot determine first file name on device flash Then it takes me to the rommon prompt. Then I typed in confreg and tried to get into the router by bypassing the NVRAM, but once it reloads, it takes me back to the rommon prompt. Can someone please advise. Thank you. Kind regards, [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
(no subject)
Hi all,,, i have one small ques. regarding the CCNA 1.0, I believe it's gonna be retired on the 31 of july, so what if someone took the CCNA 1.0 test and passed it before the 31 of july will the certificate also be retired or what will happen with his certificate. thanks alot , Ahmed ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: router crash
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Networking giant Cisco has been forced to warn customers that its routers can crash when tested for security vulnerabilities by security scanning software programs. SOURCE: VUNet http://www.vnunet.com/News/1104718 Looks like an old one, and looks like it (fortunately...) doesn't affect my 2600 boxes... http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml Tone ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial0 is up, line protocol is down!
It could alos be a carrier problem. The way to tell is to loopback your DSU use HDLC or PPP encaps on the interface and ping it. Clear couters before you do this. Do it on both ends, and look for errors etc. If you get good replies on both ends w/o errors the problem is probably not yours (as long as the config on both ends is correct) but the Telc's. This proves good and reliable connectivity between you and you DSU on both ends. -Original Message- From: Joe Quezada [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 10:13 AM To: 'Omer Shommo'; 'Cisco Group Study' Subject: RE: Serial0 is up, line protocol is down! Just remember that "Serial0 is up" refers to Layer 1 and "Line Protocol is down" refers to Layer 2. Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Omer Shommo Sent: Friday, June 23, 2000 6:00 AM To: Cisco Group Study Subject:Serial0 is up, line protocol is down! Hello to All, If Serial0 is up, line protocol is down, then what should I check? Give me as many answers as you can. BTW what is the line protocol? is it a network protocol like ip, ipx? or is it the data link layer protocol? Omer ___ Why pay for something you could get for free? NetZero provides FREE Internet Access and Email http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A good telnet program
ProComm works very well for us. -Original Message- From: Mark Boster [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 9:51 AM To: [EMAIL PROTECTED] Subject: Re: A good telnet program I don't care much for the default telnet program even if you can increase buffer space. Try Tera Term Pro, a freeware telnet program. The maximum buffer space is 10,000 lines. This makes it very easy to capture even large switch configs. It also has support ssh. http://www.vector.co.jp/authors/VA002416/teraterm.html I hate the telnet program that came with windows 95 because it does not give me any screen buffer space. Does any body know of any good telnet program that I can download from the internet? Omer _NetZero Free Internet Access and Email__ http://www.netzero.net/download/index.html ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 3600 error on startup??
have you configured with the confreg 0x2102 or 0x2142 ? first one it's right. Try it again. Good luck - not sell it. "Palikhey, Niraj" [EMAIL PROTECTED] schrieb in im Newsbeitrag: [EMAIL PROTECTED] Hi, I am getting an error msg. when my 3600 router boots up. The error msg. reads: device: does not contain a valid magic number boot: cannot open file "flash:" boot: cannot determine first file name on device flash Then it takes me to the rommon prompt. Then I typed in confreg and tried to get into the router by bypassing the NVRAM, but once it reloads, it takes me back to the rommon prompt. Can someone please advise. Thank you. Kind regards, [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Using off the shelf DRAM in cisco 3620
The price that Cisco is charging for 16mb dram sticks is outrageous. $725 for the MEM3620-16D!! I was looking on cisco's website and I found this: http://www.cisco.com/warp/public/cc/cisco/mkt/access/3600/prodlit/544_pp.htm It looks like I can use a standard EDO 8x32 60ns 16MB stick and it'll work fine. Anyone have any thoughts on using regular memory? I'd really like to upgrade my DRAM so I can load bigger IOS images. Thanks! Greg ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 3600 error on startup??
Try loading/TFTP a new IOS image, if that does not solve your problem then I would think that your flash has problems. --Original Message-- From: "Brad Ellis" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: June 28, 2000 2:56:17 PM GMT Subject: Re: Cisco 3600 error on startup?? It's broke. Send it to me, I'll give you $200 for it. lol -Brad ""Palikhey, Niraj"" [EMAIL PROTECTED] wrote in message 9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3">news:9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3... Hi, I am getting an error msg. when my 3600 router boots up. The error msg. reads: device: does not contain a valid magic number boot: cannot open file "flash:" boot: cannot determine first file name on device flash Then it takes me to the rommon prompt. Then I typed in confreg and tried to get into the router by bypassing the NVRAM, but once it reloads, it takes me back to the rommon prompt. Can someone please advise. Thank you. Kind regards, [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Jorge Rodriguez /CCNA Network Analyst RS Networks Inc 1112 Boylston Street Suite 222 Boston, MA 02115 1-781-614-1294 http://www.netwire.n3.net/ http://www.learncisco.n3.net/ iWon.com http://www.iwon.com why wouldn't you? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Subject
Hi guys, Sorry for coming a bit late. I was between waiting to write CCNA2.0 or to do CCNA 1.0 . I have finally made up my mind to write 1.0 before it is retired, so I will appreciate if anyone can send useful materials to me on CCNA 1.0(Demo questions, tips and aids.). It will really go a long way. You can reach me on the above e-mail or [EMAIL PROTECTED] thanx a miilion for your ever ready assistance. Olusola ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Dialer Profile Not Working
A Cisco TAC engineer told me that the SPID1 not valid, SPID2 not valid info in the Show ISDN Stat is a "cosmetic bug". As long as you have the two entries showing state=Multiple_Frame_Established, the SPIDs are valid. I experienced this bug in versions 12.0.5T and 12.0.7T on a 2600 router. It appeared to be fixed in 12.1.1. I am still working with the TAC to get past some other issues so I am not completely confident that this is purely a cosmetic bug. I will let you know if I find anything interesting. Jeff Odell CCNA CCDA Network Specialist 949-453-4377 800-739-5837 pager 949-500-3184 cell phone -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 9:34 PM To: Kari Nurdin; [EMAIL PROTECTED] Subject: Re: ISDN Dialer Profile Not Working Without analyzing your config deeply, the "spid1 NOT valid" and "spid2 NOT valid" are pretty good clues that something's not right with your spids. I'm surprised that any config worked, but since your configs here are sanitized, can't tell if the spids in the working config are the same as in the dialer-profile config. Kevin Wigle CCNP, CCDA - Original Message - From: "Kari Nurdin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, 27 June, 2000 23:52 Subject: ISDN Dialer Profile Not Working Hi Everyone, First time placing a post, I hope someday to share and contribute to the group like all of you. Recently, I had a ISDN install, the central site router consisted of two BRI interfaces. Each BRI to be connected to a remote site. My first task was to get BRI0 up and running to the remote location. BRI1 to be done at a later date. I configured the router using dialer profiles, however, I was not able to get it to work. When doing the "show isdn status" , layer 2 status echoed: Layer 2 Status: TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 69, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 67, ces = 1, state = 8(established) spid1 configured, spid1 sent, spid1 NOT valid TEI 69, ces = 2, state = 8(established) spid2 configured, spid2 sent, spid2 NOT valid As normal, I had to get this link up and functioning ASAP. After looking over the configuration (the pressure didn't help), I decided to configure the router not using dialer profiles. Using this configuration(NO dialer profiles) I was able to get the ISDN connection to the remote site up and running instantly. I am stumped as to why my dialer profile configuration did not work. I would like to use dialer profile in the future and I really would like to find out whats wrong with my configuration (with the groups help). The following is the dialer profile configuration followed by my currently working configuration. Does anyone one see something I don't. Thanks in Advance. DIALER GROUP CONFIG (not able to get working) Central_H #show run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Central_H ! enable secret 5 $1$64Kr$yjggfj7dlti ! username Remote_R1 password 0 password username Central_H password 0 password username Remote_R2 password 0 password ! ! ! ! memory-size iomem 25 ip subnet-zero no ip routing no ip domain-lookup ! isdn switch-type basic-ni isdn voice-call-failure 0 ! ! ! interface BRI0 description Remote_R1 no ip address no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 max-link 2 isdn switch-type basic-ni isdn spid1 55512300 123 isdn spid2 555123111200 1231112 no peer default ip address ppp multilink ! interface BRI1 description Remote_R2 no ip address no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 2 max-link 2 isdn switch-type basic-ni isdn spid1 55512300 123 isdn spid2 555123111200 1231112 no peer default ip address ppp multilink ! interface FastEthernet0 description Central_H ip address 10.10.10.238 255.255.255.0 no ip directed-broadcast no ip route-cache no ip mroute-cache half-duplex bridge-group 1 ! interface Dialer1 description Remote_R1 ip address 10.10.10.238 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name Remote_R1 dialer pool 1 dialer idle-timeout 2147483 dialer load-threshold 2 outbound dialer-group 1 pulse-time 0 ppp authentication chap ppp multilink bridge-group 1 ! interface Dialer2 description Remote_R2 ip address 10.10.10.238 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name Remote_R2 dialer pool 2 dialer idle-timeout 2147483 dialer string 333 dialer string 3331112 dialer load-threshold 2 outbound dialer-group 2 pulse-time 0 ppp authentication chap ppp multilink bridge-group 1 ! no
CIPT course
Does anyone know were I can take a good course on CIPT? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2900 AutoInstall
Title: 2900 AutoInstall Hello, group. Is there an equivalent to an AutoInstall for 2900XL switches? For e.g., Hughes ATM switches not only query the BootP server for auto-configuration of its IP address, but also auto-download its configuration file. If there is a way to accomplish this with the Cisco switches I would like to know. Thanks so much. Elmer Deloso.
Hello Packet From Kumar @ California: Wireless Keen
Hello Folks, Do I have the consent of the learned to join this group. I am not much of a CISCO technocrat.I work on wireless routers. I use Cisco box for testing only. I can help you folks who are " Wireless Keen". The wireless technolgy is being chased by all. The spread spectrum , license free band of 2.4 Ghz is getting popular ( and populated ). Frankly , no one knows the future, but everyone is working on it aggressively. The wireless routers use RIP, learn about their neighbours dynamically and there is not much " exciting configuration" involved. The fun is in gettting the whole thing going on site and monitoring it. Well then , I rather be a good listener till I can really contribute. If anyone is keen on a free demo , lemme know. BTW , how many folks out there are really wireless keen Regards Pradeep Pradeep Kumar Technical Support Engineer Nokia/NET/RAS/Wireless Routing Nokia Wireless Routers. 313 Fairchild Drive Mt. View, CA 94043 * (650) 625 - 2374( Tech Support ) * (650) 302 - 4717( Mobile ) * (650) 625 - 2058 ( FAX) * [EMAIL PROTECTED] ... http://www.nwr.nokia.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Using off the shelf DRAM in cisco 3620
I've been buying generic flash and ram from http://www.memoryx.net/ If I can hook up with Oz, I'll be giving his operation a try. His operation supports a study group, if memory serves. ( lost the web link, but I got the phone number still ) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greg Smythe Sent: Wednesday, June 28, 2000 8:54 AM To: [EMAIL PROTECTED] Subject:Using off the shelf DRAM in cisco 3620 The price that Cisco is charging for 16mb dram sticks is outrageous. $725 for the MEM3620-16D!! I was looking on cisco's website and I found this: http://www.cisco.com/warp/public/cc/cisco/mkt/access/3600/prodlit/544_pp.htm It looks like I can use a standard EDO 8x32 60ns 16MB stick and it'll work fine. Anyone have any thoughts on using regular memory? I'd really like to upgrade my DRAM so I can load bigger IOS images. Thanks! Greg ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Not a Cisco-related questions
Hi, Sorry it is not a Cisco-related questions. But I really would like to know is there any newsgroup discuss FORE products? Thanks Raymond ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
!!!!! WHAT IS WITH THIS INDIVIDUAL MESSAGE DISTRIBUTION ?????
Is everyone getting each individual message? I'm getting them faster than I can delete them. I know Paul had some sendmail problems. Is this an aftereffect? Chuck Church Network Engineer CCNP, MCNE, MCSE Magnacom Technologies 140 Route 303 Valley Cottage, NY 10989 Email:[EMAIL PROTECTED] Voice: 914 267-4000 ext 218 Fax: 914 267-1034 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AUX - Dial up
Hi: Have you explicitely used the type usr_sportster instead of relying on autoconfig? Also, not all modems are supported by the MODEMCAP table but it should, however, use a generic type if the modem is not found on the list. Make sure the cable type is correct because from a DTE to DCE, it is either rolled rj and straight DB25 adapter ; NOT same. Verify that the DB25 has "MODEM" written on it too. David Luong CCNP,CCNA,Network+,A+,i-Net+ Telecommunications Analyst Insurance Corporation of B.C. Vancouver, B.C CANADA -Original Message-From: Tan Choh Koon [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 27, 2000 8:57 PMTo: [EMAIL PROTECTED]Subject: AUX - Dial up Hi, I had connected the US Robotic Sportster modem to the 1720 Aux port, but router cannot detect the modem. I had used correct cable as what manual shown. What I am not aware off ? line con 0transport input noneline aux 0autobaudmodem InOutmodem autoconfigure discoverystopbits 1flowcontrol hardwareline vty 0 4 Debug confmodem : 0:03:59: TTY5: detection speed (115200) response --00:04:05: TTY5: detection speed (57600) response --00:04:10: TTY5: detection speed (38400) response --00:04:15: TTY5: detection speed (19200) response --00:04:21: TTY5: detection speed (9600) response --00:04:26: TTY5: detection speed (2400) response --00:04:32: TTY5: detection speed (1200) response --00:04:37: TTY5: detection speed (300) response --00:04:37: TTY5: No modem found
RE: ISDN Dialer Profile Not Working
I had a similar problem on an 804, 12.0(7)T. Once I upgraded to 12.1 the dialer profiles worked fine. "Odell, Jeff" [EMAIL PROTECTED] wrote: A Cisco TAC engineer told me that the SPID1 not valid, SPID2 not valid info in the Show ISDN Stat is a "cosmetic bug". As long as you have the two entries showing state=Multiple_Frame_Established, the SPIDs are valid. I experienced this bug in versions 12.0.5T and 12.0.7T on a 2600 router. It appeared to be fixed in 12.1.1. I am still working with the TAC to get past some other issues so I am not completely confident that this is purely a cosmetic bug. I will let you know if I find anything interesting. Jeff Odell CCNA CCDA Network Specialist 949-453-4377 800-739-5837 pager 949-500-3184 cell phone -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 9:34 PM To: Kari Nurdin; [EMAIL PROTECTED] Subject: Re: ISDN Dialer Profile Not Working Without analyzing your config deeply, the "spid1 NOT valid" and "spid2 NOT valid" are pretty good clues that something's not right with your spids. I'm surprised that any config worked, but since your configs here are sanitized, can't tell if the spids in the working config are the same as in the dialer-profile config. Kevin Wigle CCNP, CCDA - Original Message - From: "Kari Nurdin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, 27 June, 2000 23:52 Subject: ISDN Dialer Profile Not Working Hi Everyone, First time placing a post, I hope someday to share and contribute to the group like all of you. Recently, I had a ISDN install, the central site router consisted of two BRI interfaces. Each BRI to be connected to a remote site. My first task was to get BRI0 up and running to the remote location. BRI1 to be done at a later date. I configured the router using dialer profiles, however, I was not able to get it to work. When doing the "show isdn status" , layer 2 status echoed: Layer 2 Status: TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 69, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 67, ces = 1, state = 8(established) spid1 configured, spid1 sent, spid1 NOT valid TEI 69, ces = 2, state = 8(established) spid2 configured, spid2 sent, spid2 NOT valid As normal, I had to get this link up and functioning ASAP. After looking over the configuration (the pressure didn't help), I decided to configure the router not using dialer profiles. Using this configuration(NO dialer profiles) I was able to get the ISDN connection to the remote site up and running instantly. I am stumped as to why my dialer profile configuration did not work. I would like to use dialer profile in the future and I really would like to find out whats wrong with my configuration (with the groups help). The following is the dialer profile configuration followed by my currently working configuration. Does anyone one see something I don't. Thanks in Advance. DIALER GROUP CONFIG (not able to get working) Central_H #show run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Central_H ! enable secret 5 $1$64Kr$yjggfj7dlti ! username Remote_R1 password 0 password username Central_H password 0 password username Remote_R2 password 0 password ! ! ! ! memory-size iomem 25 ip subnet-zero no ip routing no ip domain-lookup ! isdn switch-type basic-ni isdn voice-call-failure 0 ! ! ! interface BRI0 description Remote_R1 no ip address no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 max-link 2 isdn switch-type basic-ni isdn spid1 55512300 123 isdn spid2 555123111200 1231112 no peer default ip address ppp multilink ! interface BRI1 description Remote_R2 no ip address no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 2 max-link 2 isdn switch-type basic-ni isdn spid1 55512300 123 isdn spid2 555123111200 1231112 no peer default ip address ppp multilink ! interface FastEthernet0 description Central_H ip address 10.10.10.238 255.255.255.0 no ip directed-broadcast no ip route-cache no ip mroute-cache half-duplex bridge-group 1 ! interface Dialer1 description Remote_R1 ip address 10.10.10.238 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name Remote_R1 dialer pool 1 dialer idle-timeout 2147483 dialer load-threshold 2 outbound dialer-group 1 pulse-time 0 ppp authentication chap ppp multilink bridge-group 1 ! interface Dialer2 description Remote_R2 ip address 10.10.10.238 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer remote-name Remote_R2 dialer pool 2 dialer idle-timeout 2147483 dialer string 333
RE: Do fragments always match extended access-list ?
As the final conclusion in this thread: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120cavs/120m cavs.htm Caveats for Cisco IOS 12.0 IP Routing Protocols CSCdm44976: IP access lists always permit IP fragments. There is no workaround. I was told that it is fixed since 12.0(11), 12.1(2). So beware of this bug in earlier IOS versions, especially when using policy-routing. Alex CCNP ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNA 2.0 # of question
Could any one tell me how many questions there are in this exam? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using off the shelf DRAM in cisco 3620
With using off the shelf memory you will void any Cisco warrantee and also smartnet maint. contracts. If it is out of warrantee and you have no contracts, then go for it! Shoot me an e-mail, I might be able to give you a better price than any of them. -Brad ""Greg Smythe"" [EMAIL PROTECTED] wrote in message 006501bfe119$263988c0$020b010a@ei">news:006501bfe119$263988c0$020b010a@ei... The price that Cisco is charging for 16mb dram sticks is outrageous. $725 for the MEM3620-16D!! I was looking on cisco's website and I found this: http://www.cisco.com/warp/public/cc/cisco/mkt/access/3600/prodlit/544_pp.htm It looks like I can use a standard EDO 8x32 60ns 16MB stick and it'll work fine. Anyone have any thoughts on using regular memory? I'd really like to upgrade my DRAM so I can load bigger IOS images. Thanks! Greg ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Analog Dial Backup
this will definitely work, but I had some problems dialing into my ISP getting assigned an IP address dynamicaly, any hints ? 'Bliss' Olden Pieterse [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi there Here is my shot in the dark on this one . First configure yor aux port , I think its line 0 so... conf t line aux 0 speed 38500 modem inout ( so you can call in out) transport input all (so it'll take anything , but change it to your fancy ) transport preferred telnet (so if you telnet you dont have to wait) autoselct ppp modem autoconfigure type usr_courier flowcontrol hardware exec-timeout 0 0 exec logical setup interface async 1 (uax 0 === async 1) ip unnumbered ethernet 0 ip tcp header-compression passive encap ppp async default ip address x.x.x.x (keep this address in the same subnet as your ethernet 0) async mode interactive I got this at www.cisco.com/warp/701/6.html It explains it really well ! Hope it helps Cheers Olden -Original Message- From: Atef Rostom [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 12:16 PM To: [EMAIL PROTECTED] Subject: Analog Dial Backup Hi All, I am trying to configure a 1720 to use the Aux port as a backup for the serial port. I want it to dial using a USRobotics Courier modem. Please tell me if you tried this before. Thanks, Atef ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]