L2TF on IPSec CA, from W2K to IOS

[Asbjorn Hojmark]

Has anyone successfully made Windows 2000 clients connect to
IOS routers with L2TP on IPSec with a CA? We're trying to make
this work to a couple of 7100s without much luck.

The W2K clients connect just fine to a W2K server and two
routers also connect fine to each other, but the Windows
machines cannot connect to the routers when using a CA. (When
run with pre-shared keys, everything is fine and dandy).

The Windows machines were configured according to the paper
"L2TP and IPSec - Cisco IOS and Microsoft Windows 2000" by
Natalie Timms, Cisco.

We have tried 12.0(7)T, 12.1(2) and 12.1(2)T. The first two
just doesn't work, the last one crashes the router when we
attempt to connect from the Windows machine.

Any thoughts are welcome,

-A
--
Heroes: Vint Cerf  Bob Kahn, Leonard Kleinrock, Robert Metcalfe
Links : http://www.hojmark.org/networking/


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Hierarchical Design questions

[JEK]

John,

( 1 )If your wanting to connect all of your remotes that will not
connect up to the same
logical lan; the host will need a connection to the internet and the remotes
will need the
same.You will then need to setup Tunnel Interfaces which are software
interfaces and
then setup your own certain criteria for your  tunnel mode / tunnel source
/ tunnel destination 
and then an IP Address on both ends that are in the same subnetThen you
can setup
static routes on the routers to forward information that they need on the
host LAN to the
IP Address if the Tunnel Interface on the host router.Then you can setup
your gateway of
last resort pointing out to the Internets IP Address...

PS: You don't even have to setup a routing protocol just a routed
protocol..Keep in mind
that all of your static routes would have to be setup properly..

( 2 )If your talking about the three Cisco Layers.Example would be

7200 Core

 4000366036403620 Distrbution

7008001000160017002500 Access


Joe
Senior Systems/Network Engineer
CCNA

"JohnMail" [EMAIL PROTECTED] wrote in message
006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]">news:006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]...
 Folks:

 I am preparing for the CCDA and plan to write same before 31 July, 2000. I
 have two questions.  The first one revolves around VPN.  The other
question
 deals with CISCO's Hierarchical Network Design concepts.

 (1)  Assume that I have six simple LANs - one HQ  LAN and 5 Branch LANs.
 Assume also that each LAN consists of one Server and 4 workstations.  If I
 want to link these simple networks using VPN;  what king of Hardware and
 Software would I have to buy. I would also like to compare and contrast
 Microsoft's VPN (which I believe is built into Win2000) and CISCO's VPN.
 Thanks in advance guys.

 (2)   In this second scenario, I want to connect a router at each LAN site
 and make use of CISCO'S hierarchical network design principles.  Can
anyone
 explain or draw a simple diagram of what the network structure would look
 like at the CORE, DISTRIBUTION, and ACCESS layers.



 Thanks,
 John

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Which access-list increase load the most?

[Kenny Sallee]

That's a good point.  According to some Cisco guys here at networkers,
TurboACLs are even less CP intensive than static routes to null0cool

Kenny

- Original Message -
From: "Erick" [EMAIL PROTECTED]
To: "Robert Cabeca" [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, June 27, 2000 6:46 PM
Subject: Re: Which access-list increase load the most?



 Another thing, you can use the newer TurboACL
 (compiled  ACLs) on higher platforms.

 access-list compiled


http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
limit/120s/120s6/turboacl.htm

 --- Robert Cabeca [EMAIL PROTECTED] wrote:
  Just want to say that this was a great and useful
  response!!
  Rob
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [EMAIL PROTECTED]
  To: [EMAIL PROTECTED] [EMAIL PROTECTED]
  Date: Tuesday, June 27, 2000 19:51
  Subject: Which access-list increase load the most?
 
 
  
  
  
  It depends (well, what did you expect??)
  As a general rule, you're better off putting the
  access list on the
  outgoing
  interface.  That way you don't waste bandwidth by
  transmitting traffic
  you're
  just going to throw away anyway.
  BUT, your *first* priority is to make sure the
  access list does what you
  want.
  To do this, you may need to use an incoming access
  list instead.
  
  Example...
  
  rtrA  rtrB
  
  Let's say you want to prevent telnet traffic from
  rtrA to rtrB.
  Assume for now that the link between the routers is
  a serial link (int S0
  on
  both routers).
  You could put an outgoing access list on S0 on
  rtrA:
  rtrA:
  access-list 101 deny tcp any any eq 23
  access-list 101 permit ip any any
  int s 0
  access-class 101 out
  
  This will work fine (assuming my access list syntax
  is correct which I am
  making
  no guarantees about - I haven't checked it).  You
  could put the same access
  list
  on rtrB as an incoming access list instead, and it
  would have the same
  effect,
  but your telnet traffic would cross the serial link
  before being dropped -
  generally not very efficient.
  
  OK, what if it's not a serial link, but an
  ethernet?  Time to throw another
  router into the mix...
  
  rtrA  rtrB
   |
  rtrC
  
  Now, putting that same outgoing access list on rtrA
  has a different effect
  to
  putting it as an incoming access list on rtrB.  If
  you put the outgoing
  access
  list on rtrA, you will not be able to telnet from
  rtrA to rtrB *or to
  rtrC*.  If
  you put it as an incoming access list on rtrB, you
  will not be able to
  telnet
  from rtrA to rtrB but you will be able to telnet
  from rtrA to rtrC.
  In this case, where should you put the access list?
   That depends
  completely on
  what you are trying to achieve with your access
  list.
  
  Regardless of where you are putting your access
  list, try to put the lines
  that
  will get the most hits near the top (again, make
  sure you don't change the
  meaning of the access list if you change the order
  of statements).  The
  lines of
  an access list are checked in order, and once a
  match for a packet is
  found, the
  rest of the list isn't checked - so if most of your
  packets match the first
  line, rather than the last, your router will spend
  less time checking
  access
  lists.
  
  Here endeth the chapter :-)
  
  JMcL
  
  -- Forwarded by Jenny
  Mcleod/NSO/CSDA on 27/06/2000
  16:28
  ---
  
  
  "K.FUJIWARA" [EMAIL PROTECTED] on 26/06/2000
  15:59:31
  
  Please respond to "K.FUJIWARA"
  [EMAIL PROTECTED]
  
  
  To:   "[EMAIL PROTECTED]" [EMAIL PROTECTED]
  cc:(bcc: JENNY MCLEOD/NSO/CSDA)
  Subject:  Which access-list increase load the most?
  
  
  
  Hi, all.
  
  Though the null interface is the best solution for
  load in the ruter
  CPU, which
  extended / standard access-list is the best to
  reduce the load?
  Extended one's result may be depends on where it
  will be put or the
  case, so where
  should it be configured? Destination?
  If you have some good examples, please show me.
  
  And then, do you know good tools or utility to
  monitor the routers
  performance on
  CPU or RAM in real time?
  
  Kazuyo Fujiwara
  MCSE/CCNA
  Japan Kobe
  
  
  
  ___
  UPDATED Posting Guidelines:
  http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]
  
  
  
  
  
  
  
  ___
  UPDATED Posting Guidelines:
  http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]
  
 
  ___
  UPDATED Posting Guidelines:
  http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info:
  

Re: AUX - Dial up

[Kenny Sallee]

There are certain dip switch settings required on the USR.  I can't remember
them but they can be found on CCO.

Kenny

- Original Message -
From: "Feliz, Edgar" [EMAIL PROTECTED]
To: "Tan Choh Koon" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, June 27, 2000 9:30 PM
Subject: RE: AUX - Dial up


 Set a speed. "speed 38400". Also configure "transport input all" . You can
 also try configuring the exact modem type rather then auto/discovery

 EF

 -Original Message-
 From: Tan Choh Koon [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, June 27, 2000 11:57 PM
 To: [EMAIL PROTECTED]
 Subject: AUX - Dial up


 Hi,

 I had connected the US Robotic Sportster modem to the 1720 Aux port, but
 router cannot detect the modem. I had used correct cable as what manual
 shown.
 What I am not aware off ?



 line con 0
  transport input none
 line aux 0
  autobaud
  modem InOut
  modem autoconfigure discovery
  stopbits 1
  flowcontrol hardware
 line vty 0 4

 Debug confmodem :
 0:03:59: TTY5: detection speed (115200) response --
 00:04:05: TTY5: detection speed (57600) response --
 00:04:10: TTY5: detection speed (38400) response --
 00:04:15: TTY5: detection speed (19200) response --
 00:04:21: TTY5: detection speed (9600) response --
 00:04:26: TTY5: detection speed (2400) response --
 00:04:32: TTY5: detection speed (1200) response --
 00:04:37: TTY5: detection speed (300) response --
 00:04:37: TTY5: No modem found

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route Summarisation, once again!

[Ishtiaque Mahbub]

Hello Group!

Could someone be kind enough to explain a dilemma that I have been facing 
with route summarisation? In Todd's book I found the following question:

How the following networks should be summarised?
172.16.1.0/24
172.16.2.0/24
172.16.3.0/24

a) They cant be summarised
b) 172.16.1.0/24 and 172.16.2.0/23
c) 172.16.1.0/22
d) 172.16.0.0

Well I chose C.

Here is my explanation:
Considering third octet Binary format of 1:  0001
Considering third octet Binary format of 2:  0010
Considering third octet Binary format of 3:  0011
So the highest number of similar bits for this octet is 6
The total number of bits similar for the networks: 8+8+6=22
That summarises the network to 172.16.1.0/22

But the answer says B with the explanation: Networks must share the same 
high-order bits. Look at the binary values to understand more clearly.

What am I missing?

Regards,

Ishtiaque


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: AUX - Dial up

[Tan Choh Koon]

Hi,

Thanks all of you for input. I had found the problems.
The modems I had (US robotic  Motorola Bit surf ) it had been some
configuration on it.
After I used terminal and issued the AtF ( factory default ) and save it it
works, the router is detected my both units of modem.

C.K.Tan
CCNP,CCDA


- Original Message -
From: Kenny Sallee [EMAIL PROTECTED]
To: Feliz, Edgar [EMAIL PROTECTED]; Tan Choh Koon
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, June 28, 2000 1:42 PM
Subject: Re: AUX - Dial up


 There are certain dip switch settings required on the USR.  I can't
remember
 them but they can be found on CCO.

 Kenny

 - Original Message -
 From: "Feliz, Edgar" [EMAIL PROTECTED]
 To: "Tan Choh Koon" [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Tuesday, June 27, 2000 9:30 PM
 Subject: RE: AUX - Dial up


  Set a speed. "speed 38400". Also configure "transport input all" . You
can
  also try configuring the exact modem type rather then auto/discovery
 
  EF
 
  -Original Message-
  From: Tan Choh Koon [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, June 27, 2000 11:57 PM
  To: [EMAIL PROTECTED]
  Subject: AUX - Dial up
 
 
  Hi,
 
  I had connected the US Robotic Sportster modem to the 1720 Aux port, but
  router cannot detect the modem. I had used correct cable as what manual
  shown.
  What I am not aware off ?
 
 
 
  line con 0
   transport input none
  line aux 0
   autobaud
   modem InOut
   modem autoconfigure discovery
   stopbits 1
   flowcontrol hardware
  line vty 0 4
 
  Debug confmodem :
  0:03:59: TTY5: detection speed (115200) response --
  00:04:05: TTY5: detection speed (57600) response --
  00:04:10: TTY5: detection speed (38400) response --
  00:04:15: TTY5: detection speed (19200) response --
  00:04:21: TTY5: detection speed (9600) response --
  00:04:26: TTY5: detection speed (2400) response --
  00:04:32: TTY5: detection speed (1200) response --
  00:04:37: TTY5: detection speed (300) response --
  00:04:37: TTY5: No modem found
 
  ___
  UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info: http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: #!$ lab setup problems

[JEK]

Brian,

If you are using ADTRAN setup one of the CSU's to be the Master for
timing/clocking and then let the other CSU get the timing/clocking from the
Master CSU.

Joe
Senior Network/Systems Engineer
CCNA


"Brian Lodwick" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am having a rough time getting my home lab up and running, and would
love
 to get some reccomendations on what to try next from the group. I feel
like
 I have tried everything, but obviously I haven't, because it isn't
working.
 Anyone care to help out?

 CSU/DSU#1
 TXD=solid green light
 RXD=flashing green light
 RTS=solid green light
 CTS=solid green light
 DCD=flashing green light
 DTR=solid green light
 OOS=flashing red light
 LOS=flashing red light
 ERR=flashing red light
 TST=nothing

 CSU/DSU#2
 DSR=nothing
 RTS=nothing
 CTS=nothing
 DCD=solid green light
 TXD=nothing
 RXD=solid green light
 TST=nothing
 NIS=nothing

   CSU/DSU#1 is set for internal clocking and #2 is set for external
 clocking. These are both set for synchronous 56k. The pinout noted in both
 instruction booklets shows pins 1 and 2 are transmit and pins 7 and 8 are
 receive and 3-6 are not used. I have 1 crossed to 8 and 2 crossed to 7.
 I
 also tried crossing 1 to 7 and 2 to 8 got the same thing).
 CSU/DSU#1 is an ADC Kentrox D-serv 56, and CSU/DSU#2 is a 56K ROUTERmate
 made by Cray Communications.
   If I turn off #2 the flashing lights stop flashing and go dark, and the
 LOS goes to a solid red light.

   I have a 2501 connected to CSU/DSU#1 and a 2502 connected to CSU/DSU#2

   I just can't figure out what I am doing wrong anyone have any
suggestions?
 I would be more than happy to give information I am not sure what else
would
 be pertinent. Thank you in advance.
 Brian
 
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dial up usinng Asyn interface

[JEK]

Tan,

 You need to run the command  
show line  this will give you an output of all
of the  vty's / tty's / con .What you 
need to do is then setup an Async interface
with the coorresponding tty# of the AUX 
Port.Then you need to setup a  dialer-rotary
group X  which 
you can then setup to correspond to to the  interface dialer X 
.Then
you can setup your  pap / chap 
 encapsulation  dialer string And 
what
ever else that is needed.Your then good to 
go.

Example

show line
aux tty1

config mode
interface aysnc 1
encap ppp
dialer-rotary group 1

interface dialer1
ip address X.x.x.x X.x.x.x
dialer string XXX
encap ppp
ppp auth chap

Joe
Senior Network / Systems Engineer
CCNA

"Tan Choh oon" [EMAIL PROTECTED] wrote in 
message 002901bfd42f$9ab3f6a0$[EMAIL PROTECTED]">news:002901bfd42f$9ab3f6a0$[EMAIL PROTECTED]...

  Hi,
  
  I had 2501 router, 1 Ethernet , 2 Syn port and 1 
  Aux port.
  I like to coonect the 56k dial up modem to serial 
  0 , and configure it to DDR to ISP.
  My question is how do i configure the serial 0 ( 
  syn interface) to dial out ?
  
  As far as i knew only asyn serial, Aux port and 
  syn/async serial is capable to do dial up. 
  Can Sync serial port do dial out ?? If can please 
  give sample config.
  
  Thanks.
  
  C.K.Tan

Re: two T1s

[JEK]

Also you can use floating static routes on the router for when the traffic
that is
defaultly going thru one T1 and fails and you want it to go thru the other
T1
that's up and running.You can also load balance with EIGRP also.

Joe
Senior Network / Systems Engineer
CCNA


"Joseph J Szczepanski" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 SH -
 What does the current setup look like?  What type of routing is currently
 being used?  For instance, if you are running ospf, most of this is
already
 taken care of for you.  If you running static routes, you will need to do
 some work, but not much.

 Joe

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 SH Wesson
 Sent: Wednesday, June 21, 2000 12:08 PM
 To: [EMAIL PROTECTED]
 Subject: two T1s


 I'm at one location with two T1s to corporate.  How can I configure these
 two T1s to load balance each other, provide redundancy for each other etc.
 For instance, if one T1 goes down, all traffic that normally goes through
 that T1 would now be re-routed to the other T1 which is up.  Also is there
a
 way to sort of multiplex or in Catalyst switch term port-channel, so that
 these two T1s can be load balancing and redundant.
 
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem with Caslow's mutual redistribution example - pg 423

[Kenny Sallee]

For those who don't have the book, the problem is 
mutual redistibution from rip to ospf and ospf to rip. The admin distance 
of OSPF is lower so without any distro lists or filters, a routing loop is 
formed.

What he is saying makes sense - you don't want to 
advertise a route redistributed into ospf from rip, back to rip again. 
That doesn't solve the problem he's talking about though. 

For this scenerio to work ( I think ) you need to 
actually do a combo of things:

1. Use a route map to deny the 172.16.1.0 /24 
network from being redistro from ospf to rip
2. Set the admin distance on the 
redistributing routers for RIP to be lower than OSPF. This will stop the 
routers from preferring the OSPF routes advertised by OSPF-11 - even though as 
soon as the RIP route is gone, a loop will still occur.
OR 
3. Use a distribute list on the redistro 
routers in the ospf process that denies the 172.16.1.0 /24 network. I 
actually don't think this can be done - cuz OSPF is a link state 
protocol

So the commands for the 3rd option mightbe 
something like:

!!On router RIP-10

router rip
network 172.16.1.0

!!On Border-1 and Border-2

router ospf 1
network link to area 0 etc...
redistribute rip subnets route-map rip_in 
in
distribute-list2 in serial0 
  ##possible link to ospf area 
0

router rip 
network 172.16.2.0 ( possible link to RIP-10 
)
redistribute route-map ospf_in in



access-list 1 permit 172.16.1.0 
255.255.255.0

access-list 2 deny 172.16.1.0 
255.255.255.0
access-list 2 permit any


route-map ospf_in permit 10
match address 2

route-map rip_in permit 10
match address 1

I know OSPF is a Link state protocol, so the LSDB 
on Border-1 and 2 will have the 172.16.1.0 network, but the route will not be 
installed in the routing table because of the "distribute-list 2 in serial0" 


Does this make sense to anyone? Will this 
work ( I'll lab it later - for now I'm stuck in a hotel room with no lab access 
).

Kenny

Re: Route Summarisation, once again!

[Kenny Sallee]

If you chose the answer C you would have to change the network statement to
172.16.0.0 255.255.252.0.  This would summarize networks 172.16.0.0,
172.16.1.0, 172.16.2.0, and 172.16.3.0.  So you would summ an extra
etwork( the 172.16.0.0 /24 ).  The answer B then is more correct.  The
second statement ( 172.16.2.0/23 ) would cover only networks .2 and .3 and
the first would cover .1 of course.

If it were my network and it was private addressing - I would choose C.  But
for a test question it would be B.

Kenny

- Original Message -
From: "Ishtiaque Mahbub" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 28, 2000 4:56 AM
Subject: Route Summarisation, once again!


 Hello Group!

 Could someone be kind enough to explain a dilemma that I have been facing
 with route summarisation? In Todd's book I found the following question:

 How the following networks should be summarised?
 172.16.1.0/24
 172.16.2.0/24
 172.16.3.0/24

 a) They cant be summarised
 b) 172.16.1.0/24 and 172.16.2.0/23
 c) 172.16.1.0/22
 d) 172.16.0.0

 Well I chose C.

 Here is my explanation:
 Considering third octet Binary format of 1:  0001
 Considering third octet Binary format of 2:  0010
 Considering third octet Binary format of 3:  0011
 So the highest number of similar bits for this octet is 6
 The total number of bits similar for the networks: 8+8+6=22
 That summarises the network to 172.16.1.0/22

 But the answer says B with the explanation: Networks must share the same
 high-order bits. Look at the binary values to understand more clearly.

 What am I missing?

 Regards,

 Ishtiaque

 
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Does the CCDA also expire?

[NeoLink2000]

Hey group,
It was brought to my attention today by someone that the CCDA also 
expires on July 31st. I thought it was just the CCNA. If anyone is absolutly 
sure about this please respond to me ASAP because I am about to register for 
like July 25th if its true that it does expire. Thanks for all the help. I'll 
wait like 2 more hours before I officially date my test. Why won't I wait 
untill I get a responce? Because this stuff excites me! ;) Yee-ha...another 
cert, can't wait!!! ;) Thanks group,

Mark Zabludovsky ~ CCNA
A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN backup - Time based access lists or backup interface - help needed

[Andrew Larkins]

 Hi all.
 
 A client of mine has ISDN backup at all of their sites. A few leased line
 flaps during the night caused a rather large ISDN bill for the month. What
 I want to know is, is there a way to block the ISDN from dialling at
 night. The reason for this is that this is a sales office and is NOT
 active 24 hours. We need to have the ISDN line active from around 7am to
 7pm, but there after it must NOT be able to dial.
 The way the backup ISDN is configured is by means of a default route out
 with a higher administrative distance - ip route 0.0.0.0 0.0.0.0 x.x.x.x
 200. Routing process is eigrp.
 
 Are time based access lists a good option, and if so, how do I do it?
 OR
 Should I change the backup to "backup interface" and specify a longer
 delay before ISDN kicks in?
 
 
 All help appreciated
 
 Regards
 
 Andrew Larkins
 BCom, CCNA
 Usko Communications
 Tel: +2711 800-9300  
 Fax: +2711 800-9495/6/7/8/9
 Cell: +2783-656-7214
 Email: [EMAIL PROTECTED] 
 OR   [EMAIL PROTECTED]

 
 "This message may contain information which is confidential and subject to
 legal privilege.  If you are not the intended recipient, you may not
 peruse, use, disseminate, distribute or copy this message.  If you have
 received this message in error, please notify the sender immediately by
 email, facsimile or telephone and return and/or destroy the original
 message."
 
 
 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route Summarisation, once again!

[Erick]

Hi,

Comments inline.

--- Ishtiaque Mahbub [EMAIL PROTECTED] wrote:
 Hello Group!
 
 Could someone be kind enough to explain a dilemma
 that I have been facing 
 with route summarisation? In Todd's book I found the
 following question:
 
 How the following networks should be summarised?
 172.16.1.0/24
 172.16.2.0/24
 172.16.3.0/24
 
 a) They cant be summarised
 b) 172.16.1.0/24 and 172.16.2.0/23
 c) 172.16.1.0/22
 d) 172.16.0.0
 
 Well I chose C.
 
 Here is my explanation:

3rd octet in Binary: 

1234 5678
-
172.16.1.0/24 =  0001
172.16.2.0/24 =  0010
172.16.3.0/24 =  0011

 So the highest number of similar bits for this octet
 is 6
 The total number of bits similar for the networks:
 8+8+6=22
 That summarises the network to 172.16.1.0/22

When summarizing, the similar bit is 1 and where the
bit-boundary is common you can summarize. Remember
1=network and 0=host. 

In this example, 2 and 3 have a common bit-boundry on
the 7th bit (8+8+7=23), so 172.16.2.0/23 for networks
172.16.2.0/24 and 172.16.3.0/24. 

The first network, 172.16.1.0 the 8th bit is 1 and
there are no common bits with the other networks
provided so can't summarize it with others. 

Hope this helps... keep at it. 

 But the answer says B with the explanation: Networks
 must share the same 
 high-order bits. Look at the binary values to
 understand more clearly.

- Erick B.

__
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you block CDP with an access list???

[Phil Barker]

Aaron/Erick,
 I believe that CDP uses ARPA code 0x2000 so you
could try the following.

 access-list 200 deny 0x2000

although I don't understand why you would want to do
this. It is an extremely useful tool that uses minimal
b/w.

Phil.

--- Erick [EMAIL PROTECTED] wrote:  Hi again,
 
 I tried blocking it going out the router with ACL
 but
 didn't succeed. I think this is because you can only
 apply MAC-address ACLs to certain objects (bridge
 groups, etc) and my lab setup isn't setup right to
 really see if this works.
 
 CDP uses 01000C-CC which is a Multicast MAC. 
 
 Below is the config I thru together which wasn't
 working from sniffer traces I was doing on my
 ethernet
 segment. As others have said, disable CDP on the
 interface (no cdp enable) so the information isn't
 advertised. Lots of useful information can be
 learned
 from sniffing a segment and looking at CDP packet
 entries :)
 
 interface Ethernet0
  ip address 192.168.1.2 255.255.255.0
  bridge-group 1
  bridge-group 1 output-address-list 701
 !   
 
 access-list 701 deny .. 0100.0ccc.
 (I reversed this and also tried extended)
 
 --- Aaron Prather [EMAIL PROTECTED]
 wrote:
  If you can what protocol does it use? UDP? i know
  its a protocol in
  itself, but can this be done? what port number?
  
  Thanks guys,
  
  Aaron
 
 
 __
 Do You Yahoo!?
 Get Yahoo! Mail - Free email you can access from
 anywhere!
 http://mail.yahoo.com/
 
 ___
 UPDATED Posting Guidelines:
 http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]



Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Local Director

[malzubt]

 There could only be one active local director on your network, and one in failover 
mode.  Connect the failover cable between them, and also, use an Ethernet interface to 
establish statefull failover.  The 2 local directors have to be in parallel of each 
other.

If you have each LD connected to a different switch (on both sides of the network) 
then you must dual home your web servers to achieve the uptime required.


--

On Mon, 26 Jun 2000 14:10:20   nitu wrote:
Can somebody provide me this information:
does the failover secondary local director only kick in if the primary is
dead or it remains functional in parallel to the primary Local director.

We have a config in which we have two LD's both feeding to seperate switch,
so if one switch (connected to primary) goes down, there is no path to the
web servers.


Thanks in advance


nitu


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Serial0 is up, line protocol is down!

[Omer Shommo]

Hello to All,

If Serial0 is up, line protocol is down, then what should I check? Give me as many 
answers as you can.

BTW what  is the line protocol? is it a network protocol like ip, ipx? or is it the 
data link layer protocol?

Omer


___
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you block CDP with an access list???

[paul doyl]

Chaps
Why not just disable it on the interface? I have done it for security 
purposes in the past. Perhaps I'm missing sommat, if so, my apologies.
Paul

From: Phil Barker [EMAIL PROTECTED]
Reply-To: Phil Barker [EMAIL PROTECTED]
To: Erick [EMAIL PROTECTED], Aaron Prather [EMAIL PROTECTED],  
   [EMAIL PROTECTED]
Subject: Re: Can you block CDP with an access list???
Date: Wed, 28 Jun 2000 08:14:43 +0100 (BST)


Aaron/Erick,
  I believe that CDP uses ARPA code 0x2000 so you
could try the following.

  access-list 200 deny 0x2000

although I don't understand why you would want to do
this. It is an extremely useful tool that uses minimal
b/w.

Phil.

--- Erick [EMAIL PROTECTED] wrote:  Hi again,
 
  I tried blocking it going out the router with ACL
  but
  didn't succeed. I think this is because you can only
  apply MAC-address ACLs to certain objects (bridge
  groups, etc) and my lab setup isn't setup right to
  really see if this works.
 
  CDP uses 01000C-CC which is a Multicast MAC.
 
  Below is the config I thru together which wasn't
  working from sniffer traces I was doing on my
  ethernet
  segment. As others have said, disable CDP on the
  interface (no cdp enable) so the information isn't
  advertised. Lots of useful information can be
  learned
  from sniffing a segment and looking at CDP packet
  entries :)
 
  interface Ethernet0
   ip address 192.168.1.2 255.255.255.0
   bridge-group 1
   bridge-group 1 output-address-list 701
  !
 
  access-list 701 deny .. 0100.0ccc.
  (I reversed this and also tried extended)
 
  --- Aaron Prather [EMAIL PROTECTED]
  wrote:
   If you can what protocol does it use? UDP? i know
   its a protocol in
   itself, but can this be done? what port number?
  
   Thanks guys,
  
   Aaron
 
 
  __
  Do You Yahoo!?
  Get Yahoo! Mail - Free email you can access from
  anywhere!
  http://mail.yahoo.com/
 
  ___
  UPDATED Posting Guidelines:
  http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]



Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA v1 vs CCNA v2

[NHK]

Just taken CCNA 2.0 this afternoon and I get 806/1000 (failed!).
The question is not tough at all but rather too many choices.
For instant, chose 4 correct question out of 7.. so on and so forth. So it
is advisable to
focus on igrp, rip, console command, isdn, vlan and switching. Read in
depth of all the
advantage of uses them. I think I'll attempt for another one later.

Best wishes,
Ryan




Jorge Rodriguez [EMAIL PROTECTED] on 28-06-2000 02:49:59 AM

Please respond to Jorge Rodriguez [EMAIL PROTECTED]

To:   Joe Lin [EMAIL PROTECTED], [EMAIL PROTECTED]
cc:(bcc: Ryan Ngai Hon Kong/GHL Technologies/MY)
Subject:  RE: CCNA v1 vs CCNA v2




It has been said that CCNA v2 has more switching question than CCNA v1,
VLAN
and so forth.

--Original Message--
From: Joe Lin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: June 27, 2000 6:21:00 PM GMT
Subject: CCNA v1 vs CCNA v2


I am going to get my CCNA certification.  Cisco's website says CCNA v2 is
out..

Whats the difference between that and CCNA v1?  and what books cover the
CCNA v2?

I am currently reading the Sybex book.


Joe Lin
Network Engineer
916.933.5412 x304
Electronic Freight Exchange, Corp.


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Jorge Rodriguez /CCNA
Network Analyst
RS Networks Inc
1112 Boylston Street
Suite 222
Boston, MA 02115
1-781-614-1294
http://www.netwire.n3.net/
http://www.learncisco.n3.net/


iWon.com   http://www.iwon.com why wouldn't you?


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]






___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Alist of good study companions

[Omer Shommo]

Hello all,

These questions are for all people who are studying for CCNP, CCDP or CCIE. My 
intention is to create a list of materials 
( CD-ROMs , Handbooks, Web sites, etc ) that 
every 
body should have on his desktop.  These materials should serve as a quick answer to 
many  technical questions that 
arise in our mind as we prepare ourself for 
certifications. Your contribution with the information you have will make this list a 
valuable resource for all.

What CD-ROM you always use? What kind of information does it provide? example Univer 
CD by Cisco

What reference or handbook do you always refer to?  How did that help you? Example 
Router handbook 

What web sites are helpful in preparation for CCNP, CCDP and CCIE?


Omer



















_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Console get disconnected

[Omer]

Hello to all,

When I connect to the router through the console port, I get disconnected after a 
specific period of inactivity and  I 
would receive the following message 

R3 con0 is now available





Press RETURN to get started.

How can I control the length of the inactivity period so that I get disconnected only 
after a long period of inactivity. How 
can I control this on a vty or telnet line?


Omer



 









_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

A good telnet program

[Omer]

Hello,

I hate the telnet program that came with windows 95 because it does not give me any 
screen buffer space. Does any body 
know of any good telnet program that I can download from the internet?

Omer



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

% Password: timeout expired!

[Omer]

Hello,

How can I change the enable password timeout. Please look the output of the command 
bellow.


R1enable
Password:
% Password:  timeout expired!
Password:
% Password:  timeout expired!  



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

LAN subinterfaces

[Omer]

Hello,

the ethernet interface (e0) on my router looks like it is connected to tow LANs at the 
same time, as it appears from the 
output of the command bellow. Why is that and what causes it? How can I remove subnet 
166.166.0.0 from the ethernet 
interface? I have no LAN sub-interface configured as part of a VLAN. That subnet ( 
166.166.0.0) does not appear in the 
output of any of the following commands:

sh ru 
sh int
sh ip int




Omer




R1#sh ip route
Gateway of last resort is not set

C170.170.0.0/16 is directly connected, Serial0
C170.16.0.0/16 is directly connected, Ethernet0
C166.166.0.0/16 is directly connected, Ethernet0
R180.180.0.0/16 [120/1] via 170.170.0.1, 00:00:04, Serial0









_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access-lists question??

[John Nemeth]

On Nov 5, 11:41am, "Johnny Dedon" wrote:
}
} Guys, be very careful with advice on access-list on production routers.  The
} best practice for adding or changing access-list is to remove it from the
} interface before modifying it.  The implicit deny all can be a real disaster
} with typos and the like when working from remote location. Be sure to remove
} the old access-list with a no access-list # before pasteing back the new
} one.

 Another good idea is to create a new access-list using a new
number, and then switch the interface to the new access-list when it is
ready.

}-- End of excerpt from "Johnny Dedon"

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

suppressing null update

[Omer]

Hello,

My router,R3, does not send any rip update. Bellow is the output of the debug ip rip 
command on R3. How can configure 
the router so that RIP updates are sent?

Omer

R3#debug ip rip
RIP protocol debugging is on
R3#
RIP: sending v1 update to 255.255.255.255 via Serial0 (180.180.2.2) - suppressin
g null update
RIP: received v1 update from 180.180.2.1 on Serial0
 170.170.0.0 in 1 hops
 170.16.0.0 in 1 hops
 166.166.0.0 in 2 hops






_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

No Point-to-point subinterfaces

[Omer]

Hello to All,

I wanted to configure s0.4 as a point-to-point interface but I could not. why is that? 
Does this has any thing  to do with 
the encapsulation used on s0. I am using HDLC as the encapsulation on s0. 


R3(config-subif)#int s0.4 ?
% Unrecognized command



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Serial0 is up, line protocol is down!

[Olden Pieterse]

The line protocol down means that the other end are not sending keepalives .
So yes its datalink (correct me if I am wrong ).
If you are using back to back is there clocking on your dce side ( do a show
control serial 0 )
look for dce .
If not check that your NTU (clocking device is plugged in)
See that your addressing is correct on both sides .

So in short you should have a dce---dte scene
and there should be clocking on the dce side.
and make sure your addressing is ok !

Hope it helps !
Cheers
Olden


-Original Message-
From: Omer Shommo [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 23, 2000 8:00 AM
To: Cisco Group Study
Subject: Serial0 is up, line protocol is down!


Hello to All,

If Serial0 is up, line protocol is down, then what should I check? Give me
as many answers as you can.

BTW what  is the line protocol? is it a network protocol like ip, ipx? or is
it the data link layer protocol?

Omer


___
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route Summarisation, once again!

[Ishtiaque Mahbub]

Thanks for your answer but this triggered a few more questions(!)

My summary of thoughts are like this:

1. If there had not been the choice no. 2, my arithmatic is correct?

2. The question that I had just asked, there was a similar question on the 
book, which proposed almost the same network summarasation:
172.16.12.0/24, 172.16.13.0/24, 172.16.14.0/24:
and the summarasation of 172.16.12.0/22 was the correct answer..(choice 
was a) 172.16.0.0/24 b)172.16.14.0/24 c)172.16.12.0/22 d)172.16.14.0/22)

3. if the purpose of the route summarasation is to reduce routing table 
entry so why not a single entry rather than two?

hope you dont mind my asking, just trying nail the idea into my thick skull!

Regards,

Ishtiaque

From: "Kenny Sallee" [EMAIL PROTECTED]
Reply-To: "Kenny Sallee" [EMAIL PROTECTED]
To: "Ishtiaque Mahbub" [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Route Summarisation, once again!
Date: Tue, 27 Jun 2000 23:49:32 -0700

If you chose the answer C you would have to change the network statement to
172.16.0.0 255.255.252.0.  This would summarize networks 172.16.0.0,
172.16.1.0, 172.16.2.0, and 172.16.3.0.  So you would summ an extra
etwork( the 172.16.0.0 /24 ).  The answer B then is more correct.  The
second statement ( 172.16.2.0/23 ) would cover only networks .2 and .3 and
the first would cover .1 of course.

If it were my network and it was private addressing - I would choose C.  
But
for a test question it would be B.

Kenny

- Original Message -
From: "Ishtiaque Mahbub" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 28, 2000 4:56 AM
Subject: Route Summarisation, once again!


  Hello Group!
 
  Could someone be kind enough to explain a dilemma that I have been 
facing
  with route summarisation? In Todd's book I found the following question:
 
  How the following networks should be summarised?
  172.16.1.0/24
  172.16.2.0/24
  172.16.3.0/24
 
  a) They cant be summarised
  b) 172.16.1.0/24 and 172.16.2.0/23
  c) 172.16.1.0/22
  d) 172.16.0.0
 
  Well I chose C.
 
  Here is my explanation:
  Considering third octet Binary format of 1:  0001
  Considering third octet Binary format of 2:  0010
  Considering third octet Binary format of 3:  0011
  So the highest number of similar bits for this octet is 6
  The total number of bits similar for the networks: 8+8+6=22
  That summarises the network to 172.16.1.0/22
 
  But the answer says B with the explanation: Networks must share the same
  high-order bits. Look at the binary values to understand more clearly.
 
  What am I missing?
 
  Regards,
 
  Ishtiaque
 
  
  Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
 
  ___
  UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info: http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: re to all of Mlists_1999 posts...

[NeoLink2000]

All of the answers to your questions should be in your book or on cisco's 
site...Try the archive of Groupstudy also.

Mark Zabludovsky ~ CCNA
A HREF="mailto: [EMAIL PROTECTED]"[EMAIL PROTECTED]/A

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No debug over telnet

[Olden Pieterse]

do a Router#term mon 
and all will be revealed 

Cheers
Olden

-Original Message-
From: Omer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 3:49 AM
To: Cisco Group Study
Subject: No debug over telnet


Hello,

I have noticed that although I can turn debugging on over a telnet
connection, I cannot watch the debug information over a 
telnet connection to the router. I deduced that if you want to debug
activities on the router you have to connect to it 
through the console port. If that is not true please let me know.

Omer



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No debug over telnet

[Atif Awan]

Whenever you telnet to a router it does not display console messages and
debug traces by default on your terminal screen. you will have to enter the
command "terminal monitor" and then you should be able to see the debug
ouput.

Regards
Atif Awan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Omer
Sent: Wednesday, June 28, 2000 1:49 AM
To: Cisco Group Study
Subject: No debug over telnet


Hello,

I have noticed that although I can turn debugging on over a telnet
connection, I cannot watch the debug information over a
telnet connection to the router. I deduced that if you want to debug
activities on the router you have to connect to it
through the console port. If that is not true please let me know.

Omer



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No Point-to-point subinterfaces

[Atif Awan]

It seems that you are already in the sub-interface configuartion mode. Get
out of this mode by typing exit and then issue the command sequence you are
trying to issue.

Regards
Atif Awan



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Omer
Sent: Wednesday, June 28, 2000 12:19 AM
To: Cisco Group Study
Subject: No Point-to-point subinterfaces


Hello to All,

I wanted to configure s0.4 as a point-to-point interface but I could not.
why is that? Does this has any thing  to do with
the encapsulation used on s0. I am using HDLC as the encapsulation on s0.


R3(config-subif)#int s0.4 ?
% Unrecognized command



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW-1 configuration

[Gunjan Mathur]

Hi, 
Sorry for posting out of topic msg on this list, but i
found that so many of this list members has the
working knowledge of checkpoint FW-1.

Can somebody guide to configure the fw-1 or send me
the links from where i can configure it.

Is there any tech. problem to have web server and fw1
on same mc.

Gm

__
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Console get disconnected

[Olden Pieterse]

Hi there
go 
conf t
line con 0
no exec-timeout
ctrl-z

Hope it helps !
Cheers
Olden

-Original Message-
From: Omer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 3:02 AM
To: Cisco Group Study
Subject: Console get disconnected




Hello to all,

When I connect to the router through the console port, I get disconnected
after a specific period of inactivity and  I 
would receive the following message 

R3 con0 is now available





Press RETURN to get started.

How can I control the length of the inactivity period so that I get
disconnected only after a long period of inactivity. How 
can I control this on a vty or telnet line?


Omer



 









_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Documentation CD

[John Nemeth]

On Oct 3,  3:58am, ElephantChild wrote:
} On Sat, 17 Jun 2000, Bharat Suneja wrote:
} 
}  Please help Cisco!! A lot of us are now using Windows 2000 (it works great
} 
} rant mode="cynical, weary"
} Remember you're speaking about a corporation that believes Slowlaris is
} the only Unix platform and that NT is a great OS for network management,
} and that apparently never heard of lynx or text-only web pages.

 Actually, I have used Lynx to look at CCO a number of times.  The
site isn't the most Lynx-friendly, but it certainly isn't the worst I've
seen by far.

}-- End of excerpt from ElephantChild

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Analog Dial Backup

[Atef Rostom]

Hi All,

I am trying to configure a 1720 to use the Aux port as a backup for the
serial port.

I want it to dial using a USRobotics Courier modem.

Please tell me if you tried this before.

Thanks, Atef


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Setting Configuration for VPN

[Erwin Novriyanto]

Dear All,

Does anyone have setting configuration for implement Virtual Private
Network? What IOS can support for VPN..? Actually, VPN can implement in two
Internet connection, for Example, we have conection to internet using dial
up with serioal async to internet service provider use fix IP for head
office and for remote user using dynamic IP with the same configuration as
head office. Is this possible to make our VPN come true...?

BTW, sould our router in online (already connect to internet) condition if i
want configure for VPN, can make in offline..?

I really need your assisstance for this problem, thanks for your help

Regards

Erwin


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Earthquakes?

[John Nemeth]

On Nov 10,  9:01am, Shaq Patel wrote:
} 
} How do you make machines in california or where ever reistent and shock
} proof, best possible way during an earthquake?

 This topic is way beyond this list, since it gets into structural
engineering.  If you really want to do this right, you will need the
services of a good structural engineer.  Anyways, the basic process is
pick a good solid location (i.e. it wouldn't do any good to have your
building stay intact while it sinks into the ground), get redundancies
for utilities if required, make sure the building is as earthquake
proof as required, and make sure that ALL equipment is bolted into
racks which are in turn bolted to concrete floors with shock mounts.

 If you want an example of a company that has taken this idea to an
extreme, check out http://www.infosure.com/ , which is a company that is
located in Victoria, B.C., which is at the northern end of the San Andreas
faultline, the same one that California is on.

}-- End of excerpt from Shaq Patel

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Console get disconnected

[ALI SHEERAZ]

hi,

you should try this,

conf t
line con 0
exec-timeout 0 0
exit

I hope this works fine..

ALI SHEERAZ
MCSE+I, CCNA






From: "Omer  " [EMAIL PROTECTED]
Reply-To: "Omer  " [EMAIL PROTECTED]
To: "Cisco Group Study" [EMAIL PROTECTED]
Subject: Console get disconnected
Date: Wed, 28 Jun 2000 01:01:47



Hello to all,

When I connect to the router through the console port, I get disconnected 
after a specific period of inactivity and  I
would receive the following message

R3 con0 is now available





Press RETURN to get started.

How can I control the length of the inactivity period so that I get 
disconnected only after a long period of inactivity. How
can I control this on a vty or telnet line?


Omer













_NetZero Free Internet Access and Email__
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Serial0 is up, line protocol is down!

[Andrew Larkins]

could also be a wrong encapsulation type that was set

-Original Message-
From: Olden Pieterse [mailto:[EMAIL PROTECTED]]
Sent: 28 June 2000 11:20
To: 'Omer Shommo'
Cc: '[EMAIL PROTECTED]'
Subject: RE: Serial0 is up, line protocol is down!


The line protocol down means that the other end are not sending keepalives .
So yes its datalink (correct me if I am wrong ).
If you are using back to back is there clocking on your dce side ( do a show
control serial 0 )
look for dce .
If not check that your NTU (clocking device is plugged in)
See that your addressing is correct on both sides .

So in short you should have a dce---dte scene
and there should be clocking on the dce side.
and make sure your addressing is ok !

Hope it helps !
Cheers
Olden


-Original Message-
From: Omer Shommo [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 23, 2000 8:00 AM
To: Cisco Group Study
Subject: Serial0 is up, line protocol is down!


Hello to All,

If Serial0 is up, line protocol is down, then what should I check? Give me
as many answers as you can.

BTW what  is the line protocol? is it a network protocol like ip, ipx? or is
it the data link layer protocol?

Omer


___
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: FW-1 configuration

[Oz]

When you got FW1 there is a book with it. That walks you thru the basic
config. Did you try www.checkpoint.com ?
Mine were already setup  by Verisign (they have great tech support )

Considering the job of the firewall, IMHO  you would be better having it on
it's own machine. Under NT it's kinda fussy as to the way the box has to be
setup and it may conflict with the web server.
What platforn are you running it on ???
Oz
http://www.mcseco-op.com/Cheap_Cisco_stuff.htm

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you block CDP with an access list???

[Wolf-Gero Krause]

CDP uses multicast-packets (8kB) for the MAC-adress 01-00-0C-CC-CC


Erick [EMAIL PROTECTED] schrieb in im Newsbeitrag:
[EMAIL PROTECTED]

 CDP is layer 2.  Offhand, I don't remember the MAC
 address it uses but perhaps a MAC-address ACL will do
 the trick.

 Personally, I disable it since it is Cisco-only and I
 work in multi-vendor environments.

 --- Aaron Prather [EMAIL PROTECTED] wrote:
  If you can what protocol does it use? UDP? i know
  its a protocol in
  itself, but can this be done? what port number?
 
  Thanks guys,
 
  Aaron
 
  ___
  UPDATED Posting Guidelines:
  http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]


 __
 Do You Yahoo!?
 Get Yahoo! Mail - Free email you can access from anywhere!
 http://mail.yahoo.com/

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE:

[Chris Larson]

The 1.0 test (at least for all the CCNP requirements) are going away 7/31,
so I would recommend that if the literature for 2.0 is different for CCNA
stuff that you focus on 2.0 material.

-Original Message-
From: Douglas Baltazar de Queiroz [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 1:09 AM
To: [EMAIL PROTECTED]
Cc: Douglas Baltazar de Queiroz
Subject: 


Dear Members,

I've just started studying for CCNA, but I'm not sure if it' worthy taking
version 1.0.
Do I have to take CCNA 2.0 instead?
Is there any problem for taking CCNP 2.0 holding CCNA 1.0?

Thanks,

Douglas

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN Balanced v Unbalanced ? UK E1

[Phil Barker]

Hi folks,
 Just inherited another disaster waiting to
happen.
Just been using Config Maker at cisco.com to spec up
the following. 

2 x 3620, 2 x serial  1E(LAN) for leased circuit,
ISDN for backup.

I've picked out the NM-1E2W card with the idea that
the least circuit can be future-proofed to 4Mb/s,
hopefully this is correct.

Main Problem : I'm looking at the ISDN PRI backup
solution, 1 port only and I don't understand the
difference between Balanced and Unbalanced apart from
the fact that the cables have a different Resistance
i.e 75 v 120.

I would be very grateful for any assistance.

Thanx,

Phil.




Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: collision on cut-through switch

[dward]

A late collision usually occurs when one end of a switched ethernet link
is set to full duplex but the other end of the link is set to half-duplex.

Darren

On Thu, 22 Jun 2000, ANIL.YADAV wrote:

 
 
 
 How to avoid late collisions ? 
 
 thanks 
 Anil
 
 
 On Tue, 20 Jun 2000, Heskett, Tony wrote:
 
  
  Not a white paper, but let's see whether *I* understand
  how it's supposed to work dons flameproof underwear ;-
  
  Cut-thru waits for the dest addy, then starts forwarding.
  
  Frag-free waits for 64bytes, then starts forwarding.
  
  Store'n'forward waits for the whole packet and CRC's it,
  so will only forward truly valid (tm) packets.
  
  Sooo...  cut-thru will forward runts, and you'll get
  those if there's a collision after the dest addy but
  within the first 64.
  
  Frag-free will /not/ forward runts, so will protect
  you from collisions that really should have happened.
  It won't protect you from 'late collisions' (that
  shouldn't have happened), but you're gonna fix your
  cable plant to remedy those (aren't you? :-)
  
  Or am I lying ?   :-)
  
  (big quote for context, below; sorry)
  
  Tone
  
   From: Barry Hofland [mailto:[EMAIL PROTECTED]]
  
   Hi, Priscilla,
   
   I think the best way to find this out is to just get yourself 
   a network
   tester to connect between the transmitting host on port 1 and 
   the CISCO box.
   ( like a FLUKE ) You will be able to see ( or not ) the JAMS 
   on port 1. When
   you connect the host in that segment only and there's a jam during a
   collision on port 2 you know enough...
   
   In my humble opinion you are right, but that's male intuition ;-)
  
   Priscilla Oppenheimer [EMAIL PROTECTED] wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  
I got into a discussion with a knowledgeable Sniffer 
   instructor recently.
When he teaches cut-through-switching theory, he warns his 
   students that a
cut-through switch does not really isolate collision 
   domains. Consider this example:
   
* The switch is receiving a frame from port 1 destined for 
   a station out
port 2.
* The switch recognizes the destination address and starts 
   forwarding the
frame to port 2 ASAP.
* There is a collision on port 2. (It's a shared and/or half-duplex
   Ethernet.)
   
According to the instructor, the Switch sends a jam signal 
   back to port 1
to let the initial sender know that the frame experienced a 
   collision.
   This
allows the sender to retransmit.
   
If you read some of the books on switching, you would think 
   that this is
true. The books make it sound like the frame is passing 
   through the switch
and disappearing out the destination port as soon as the destination
address is recognized.
   
I don't think the Sniffer instructor's conclusion is true, 
   however. I
believe that a Cisco cut-through switch buffers the frame 
   and hence has
   the
ability to retransmit. There is no requirement to send a jam to the
original sender because port 2 in our example retransmits 
   after sensing
   the
collision.
   
I believe that Cisco switches store frames, even when doing 
   cut-through,
whereas the instructor assumed that the frame has passed 
   through and out
the port and is no longer available for retransmission by 
   the switch.
   
Cisco positions cut-through as reducing delay, not reducing 
   the need for
buffering, so I'm contending that I'm right.
   
Who do you think is right? Can you point me to any white 
   papers that would
prove who is right?
  
  ___
  UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info: http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  
 
 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Analog Dial Backup

[Olden Pieterse]

Hi there 
Here is my shot in the dark on this one .
First configure yor aux port , I think its line 0
so...
conf t
line aux 0
speed 38500
modem inout ( so you can call in  out)
transport input all   (so it'll take anything , but change it to your fancy
)
transport preferred telnet  (so if you telnet you dont have to wait)
autoselct ppp
modem autoconfigure type usr_courier
flowcontrol hardware
exec-timeout 0 0
exec

logical setup
interface async 1 (uax 0 === async 1)
ip unnumbered ethernet 0
ip tcp header-compression passive
encap ppp
async default ip address x.x.x.x  (keep this address in the same subnet as
your ethernet 0)
async mode interactive

I got this at www.cisco.com/warp/701/6.html

It explains it really well !
Hope it helps 

Cheers
Olden


-Original Message-
From: Atef Rostom [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 12:16 PM
To: [EMAIL PROTECTED]
Subject: Analog Dial Backup


Hi All,

I am trying to configure a 1720 to use the Aux port as a backup for the
serial port.

I want it to dial using a USRobotics Courier modem.

Please tell me if you tried this before.

Thanks, Atef


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Hierarchical Design questions

[Chris Larson]

Maybe I am not reading your response right. From what I read your saying you
need both peers tunnel endpoints to be in the same subnet? If that is what
your saying that is incorrect.


You do not need to setup addresses in the same subnet on each end of the
tunnel. You simply identify you encrypting peers address which can be any
accessible address in any subnet. As well, the router that you define as
your peer simply has an access-list that defines any traffic passing through
it that gets encrypted. This is based on source and destination and can be
any source any destination inlcluding subnets that this encrypting router is
not directly connected to as long of course as the traffic passes the
encryprting router on the way out, and the destination is accessible.

On the Microsoft W2K thing. I would avoid it if you can. It is a little more
complex in that you have to setup L2TP on the router and the W2K and
configure IPSEC to use the L2TP tunnel. It will be much easier to encrypt
from router to router based on access-lists. The access-list will only
define what get's encrypted, and is not applied to any interface just the
Crypto map.
 
You do not need any special hardware unless your VPN network grows
considerably large and you are using 3-des. Then you will want to look into
the PL2 or PL3 card which will take the encrypting decrypting engine process
of the routers CPU and put it on the PL2 or PL3 card.


CCNP + Security Specialist
-Original Message-
From: JEK [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 3:29 AM
To: [EMAIL PROTECTED]
Subject: Re: VPN  Hierarchical Design questions


John,

( 1 )If your wanting to connect all of your remotes that will not
connect up to the same
logical lan; the host will need a connection to the internet and the remotes
will need the
same.You will then need to setup Tunnel Interfaces which are software
interfaces and
then setup your own certain criteria for your  tunnel mode / tunnel source
/ tunnel destination 
and then an IP Address on both ends that are in the same subnetThen you
can setup
static routes on the routers to forward information that they need on the
host LAN to the
IP Address if the Tunnel Interface on the host router.Then you can setup
your gateway of
last resort pointing out to the Internets IP Address...

PS: You don't even have to setup a routing protocol just a routed
protocol..Keep in mind
that all of your static routes would have to be setup properly..

( 2 )If your talking about the three Cisco Layers.Example would be

7200 Core

 4000366036403620 Distrbution

7008001000160017002500 Access


Joe
Senior Systems/Network Engineer
CCNA

"JohnMail" [EMAIL PROTECTED] wrote in message
006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]">news:006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]...
 Folks:

 I am preparing for the CCDA and plan to write same before 31 July, 2000. I
 have two questions.  The first one revolves around VPN.  The other
question
 deals with CISCO's Hierarchical Network Design concepts.

 (1)  Assume that I have six simple LANs - one HQ  LAN and 5 Branch LANs.
 Assume also that each LAN consists of one Server and 4 workstations.  If I
 want to link these simple networks using VPN;  what king of Hardware and
 Software would I have to buy. I would also like to compare and contrast
 Microsoft's VPN (which I believe is built into Win2000) and CISCO's VPN.
 Thanks in advance guys.

 (2)   In this second scenario, I want to connect a router at each LAN site
 and make use of CISCO'S hierarchical network design principles.  Can
anyone
 explain or draw a simple diagram of what the network structure would look
 like at the CORE, DISTRIBUTION, and ACCESS layers.



 Thanks,
 John

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No debug over telnet

[Leonardo Rocha]

Type the "terminal monitor" command in the privileged EXEC mode to see the
debugging.

Leonardo.

-Original Message-
From: Omer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 10:49 PM
To: Cisco Group Study
Subject: No debug over telnet


Hello,

I have noticed that although I can turn debugging on over a telnet
connection, I cannot watch the debug information over a 
telnet connection to the router. I deduced that if you want to debug
activities on the router you have to connect to it 
through the console port. If that is not true please let me know.

Omer



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Serial0 is up, line protocol is down!

[Michael Fountain]

It depends on what your serial port is connected to.  Is it frame relay, 
CSU/DSU, etc.


Hello to All,

If Serial0 is up, line protocol is down, then what should I check? Give me 
as many answers as you can.

BTW what  is the line protocol? is it a network protocol like ip, ipx? or 
is it the data link layer protocol?

Omer


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: A good telnet program

[Perusek, Rick]

You can increase the amount of buffer space that telnet provides. Just click
on Terminal and select preferences. 

-Original Message-
From: Omer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 9:29 PM
To: Cisco Group Study
Subject: A good telnet program


Hello,

I hate the telnet program that came with windows 95 because it does not give
me any screen buffer space. Does any body 
know of any good telnet program that I can download from the internet?

Omer



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: suppressing null update

[Michael Fountain]

Usually you will see this when you have a distribute list in place and the 
distribute list is blocking all of the updates.  It could also happen if the 
router has only one connection active - all of the routes it knows about 
would come from that interface so it would supress all of those routes from 
going out that interface because of split horizon.



Hello,

My router,R3, does not send any rip update. Bellow is the output of the 
debug ip rip command on R3. How can configure
the router so that RIP updates are sent?

Omer

R3#debug ip rip
RIP protocol debugging is on
R3#
RIP: sending v1 update to 255.255.255.255 via Serial0 (180.180.2.2) - 
suppressin
g null update
RIP: received v1 update from 180.180.2.1 on Serial0
  170.170.0.0 in 1 hops
  170.16.0.0 in 1 hops
  166.166.0.0 in 2 hops






_NetZero Free Internet Access and Email__
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: No debug over telnet

[Michael Fountain]

use the following command -
term mon

that will turn on terminal monitoring.  that will let you see debug and log 
messages



Hello,

I have noticed that although I can turn debugging on over a telnet 
connection, I cannot watch the debug information over a
telnet connection to the router. I deduced that if you want to debug 
activities on the router you have to connect to it
through the console port. If that is not true please let me know.

Omer



_NetZero Free Internet Access and Email__
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

router crash

[[EMAIL PROTECTED]]

Networking giant Cisco has been forced to warn customers that its 
routers can crash when tested for security vulnerabilities by security 
scanning software programs. 

SOURCE: VUNet
http://www.vnunet.com/News/1104718

a 
href="http://i.winfire.com/s/isapiEng.dll/wf.exe?cmd=rl
508,180018682wf.exe"img border=0 width=120 
height=50 alt="Get FreeDSL now!" 
src=http://www.geocities.com/sstalib/freedsl.gif/a
__
123India.com - India's Premier Portal 
Get your Free Email Account at http://www.123india.com


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Console get disconnected

[Michael Fountain]

Off the top of my head I think it is the - session-timeout  - command that 
you can set on the line configuration.  I seem to remember an exec-timeout 
also, but can't remember which does what.  You should be able to look up 
those commands on Cisco's web page though.





Hello to all,

When I connect to the router through the console port, I get disconnected 
after a specific period of inactivity and  I
would receive the following message

R3 con0 is now available





Press RETURN to get started.

How can I control the length of the inactivity period so that I get 
disconnected only after a long period of inactivity. How
can I control this on a vty or telnet line?


Omer













_NetZero Free Internet Access and Email__
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IOS Upgrades

[Eric Bishop]

Looking to do some upgrades to a few 2500 series routers and need
information in regards to the IP, IP Plus, etc.  Does anyone have detailed
information on the differences between the different versions and or know
where this information is kept on the web.

Thanks,

EB


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Balanced v Unbalanced ? UK E1

[Mhiggins]

Title: RE: ISDN Balanced v Unbalanced ? UK E1





Phil,


I'm not a Cisco man... yet.. just starting on CCDA study.. but the terms balanced and unbalanced are transmission terms and refer to how the impedance on each leg of the circuit is distributed. ie evenly on each (balanced) or unevenly (unbalanced). The reason for balancing impedances on each leg is to minimise the induced noise voltage on copper pairs which otherwise can result. Consequently , balance TX lines are used where cable distances are longer and noise interference is possible... typically by Telco's in copper situations. Optical systems have largely made this issue obsolete.

The real answer is to check with your leased line supplierand see what they are offering at their interface.


  Best Regards,


  Mike Higgins
  Consulting Telecommunications Engineer
  
  email: [EMAIL PROTECTED]




-Original Message-
From: Phil Barker [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 28 June 2000 15:04
To: cisco GroupStudy
Subject: ISDN Balanced v Unbalanced ? UK E1



Hi folks,
 Just inherited another disaster waiting to
happen.
Just been using Config Maker at cisco.com to spec up
the following. 


2 x 3620, 2 x serial  1E(LAN) for leased circuit,
ISDN for backup.


I've picked out the NM-1E2W card with the idea that
the least circuit can be future-proofed to 4Mb/s,
hopefully this is correct.


Main Problem : I'm looking at the ISDN PRI backup
solution, 1 port only and I don't understand the
difference between Balanced and Unbalanced apart from
the fact that the cables have a different Resistance
i.e 75 v 120.


I would be very grateful for any assistance.


Thanx,


Phil.





Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




***
* The information transmitted  in this e-Mail,  and any files transmitted *
* with it,  is  confidential  and  intended  solely  for  the  use of the *
* individual(s)  to whom  it is addressed.   Any review,  retransmission, *
* dissemination  or other use of  or taking action  in reliance upon this *
* information by persons or entities other than the intended recipient(s) *
* is prohibited.   Any views  or opinions  expressed  are solely those of *
* the author,  and do not necessarily  represent those of Riyad Bank.  If *
* you have received  this message in error,  please notify the sender and *
* the system manager at [EMAIL PROTECTED] and delete the material *
* from your computer. *
* *
* This footnote confirms that this message and any associated attachments *
* have been scanned by MIMESweeper for content security  and the presence *
* of computer viruses.*
***

FW: Marconi Announces New Technical Education Certification Program

[Irwin Lazar]

FYI:
Marconi's primary component is the former FORE systems.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 8:17 AM
To: [EMAIL PROTECTED]
Subject: Marconi Announces New Technical Education Certification Program




   Marconi Announces New Technical Education Certification Program

   Educational Program Certifies Proficiency in Installation, Operation And
 Maintenance of Marconi Products for Service Provider and Enterprise Markets

PITTSBURGH, June 28 /PRNewswire/ -- Marconi (LONDON: MNI), a global
supplier of advanced communications solutions, today announced the new
Marconi
Technical Education -- Americas Certification Program, in which it is
offering
two new certification titles: the Enterprise Network Engineer (ENE) and the
Public Network Engineer (PNE).  The program is designed for Marconi
partners,
systems engineers and technical operations personnel -- as well as for
customers.  This job function-based certification program enables
participants
to achieve and demonstrate proficiency and become recognized industry
experts
in the installation, operation and maintenance of Marconi Intelligent
Broadband Networking solutions for the service provider and enterprise
markets.
(Photo:  http://www.newscom.com/cgi-bin/prnh/2504/MARCLOGO )
"We are delighted to introduce this new Marconi Technical Education
Program for the Americas -- the first phase of a global program.  It's an
initiative that provides quality education to ensure the smooth
installation,
operation and maintenance of the communications networks serving the needs
of
businesses and consumers across the globe," said Rock Arkie, executive vice
president and general manager of Marconi Americas Services.  "By educating
and
certifying our partners and customers as technology `experts', we can
continue
to build premium quality, reliable networks for the 21st century."

About the Marconi Technical Education -- Americas Certification Program
In order to be "certified" under the Marconi Technical Education --
Americas Certification Program, candidates must pass both Web-based written
and hands-on practical exams.  To register for Marconi's online testing,
candidates can access the Marconi Technical Education Link from the
company's
home page at www.marconi.com.
Marconi and its Certified Training Partners offer optional self-directed
and instructor-led courses at various locations throughout the world to
assist
candidates in obtaining the necessary knowledge to pass the required exams
and
attain the selected certification title.  Candidates are also encouraged to
attend elective courses to augment the skills attained during the
certification process.  To register for a Marconi Technical Education Course
in a specific location, candidates can contact the Technical Training
Registrar at [EMAIL PROTECTED], or download a zipped Excel form from
the
company's web site.
To ensure successful candidates maintain Marconi's high standards,
certification is valid for a two-year period, after which students must
re-certify by passing the written and hands-on practical exams.
Individuals certified under the FORE Systems LAN and WAN Certified
Engineer Program, which ended March 31, 2000, may retain their title for the
duration of one year after their certification date.  Individuals certified
under the FORE Systems LAN and WAN Certified Engineer Program after June 30,
1999, are eligible to become Marconi Enterprise Network Engineers or Marconi
Public Network Engineers by passing three required Web-based exams.  Those
certified under the FORE Systems LAN and WAN program before June 30, 1999,
must pass the practical, hands-on exam, as well as Web-based exams.

About Marconi Services
Marconi Services is a $1 billion global organization with more than
6,000 employees.  Its vast portfolio of services are marketed under a "Plan,
Build, Operate" banner.  It provides fast transition to a new public network
solution for established operators, and seamless integration with their
existing networks.  For new operators, Marconi Services provides total
turnkey
solutions to enable speed of network service provisioning and market entry.
It also provides services and support for Marconi's technology offerings,
including optical networking, switching and routing, applications and
network
services solutions.

About Marconi plc
Marconi plc is a global communications and IT company with 45,000
employees worldwide and sales in over 100 countries.  It supplies advanced
communications solutions and the key technologies and services for the
Internet.  Marconi plc is listed on the London Stock Exchange under the
symbol
MNI.

All brands or product names are trademarks of their respective holders.

For more information, contact Jim Blew, Media Relations of Marconi,
724-742-7745, or Email, [EMAIL PROTECTED]

SOURCE  Marconi plc
-0- 

Re: FW-1 configuration

[Matt]

The best Firewall-1 site on the Internet:
http://www.phoneboy.com/fw1/

"Gunjan Mathur" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,
 Sorry for posting out of topic msg on this list, but i
 found that so many of this list members has the
 working knowledge of checkpoint FW-1.

 Can somebody guide to configure the fw-1 or send me
 the links from where i can configure it.

 Is there any tech. problem to have web server and fw1
 on same mc.

 Gm

 __
 Do You Yahoo!?
 Get Yahoo! Mail - Free email you can access from anywhere!
 http://mail.yahoo.com/

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Flash Memory

[Chris Larson]

I had this problem before too. I am not exectlly sure about the following
but I believe this is what I did.
I loaded 1 the 8 meg in the slot I took it out of (because the bootstrap
will look in the same location) and loaded the 16 meg  in the other slot. I
copied the ios to TFTP. I then did a partition on the 16 meg of flash. I
tftp'ed the IOS to the 16 meg flash. I took out the 8 meg and moved the 16
meg to the 8 meg slot and put in the second 16 meg. The bootstrap found the
IOS on the just part'ed flash. I then erased flash,  partitioned into 1
large part and reload the the IOS again from TFTP.

-Original Message-
From: pinoal [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 4:32 AM
To: [EMAIL PROTECTED]
Subject: Flash Memory


Hi ,

Recently I had to upgrade a cisco3640 from 8 M flash to 32 M flash , I was
provided with 2 x 16 M flash .

I took out the 8M flash and plugged in the 2  16M flash ram .
I did a xmodem transfer of the ios to the flash . When I booted
the router is gave me an error .

"System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE
(fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C3600 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

get_man_dev: Unknown device - probably NOT formatted.
unknown flash device - mandev code = 0x89aa
cannot read flash info
getdevnum warning: device "flash" has size of zero
get_man_dev: Unknown device - probably NOT formatted.
unknown flash device - mandev code = 0x89aa
cannot read flash info
getdevnum warning: device "flash" has size of zero
open: read error...requested 0x4 bytes, got 0x0
trouble reading device magic number
boot: cannot open "flash:"
boot: cannot determine first file name on device "flash:"


I took out the new flash and plugged in the original flash with one 16M
Flash and I was able to boot from the original flash memory , but I still
got the error

get_man_dev: Unknown device - probably NOT formatted.
get_man_dev: Unknown device - probably NOT formatted.

I was using ios 12.08 ip/ipx/at/dec plus, I could not find any command to
format the flash . I have tried partitioning the flash and erasing the flash
but still get the
same error .


Can any noe tell me how I can format the new flash memory ?


thanks




___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: suppressing null update

[Olden Pieterse]

Check that you dont have passive interface enabled on that interface .
A passive interface will receive updates but will not send out any .

Regards
Olden

-Original Message-
From: Omer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 3:18 AM
To: Cisco Group Study
Subject: suppressing null update


Hello,

My router,R3, does not send any rip update. Bellow is the output of the
debug ip rip command on R3. How can configure 
the router so that RIP updates are sent?

Omer

R3#debug ip rip
RIP protocol debugging is on
R3#
RIP: sending v1 update to 255.255.255.255 via Serial0 (180.180.2.2) -
suppressin
g null update
RIP: received v1 update from 180.180.2.1 on Serial0
 170.170.0.0 in 1 hops
 170.16.0.0 in 1 hops
 166.166.0.0 in 2 hops






_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Calculate Bandwidth

[Nicholas Langevin]

How would I calculate bandwidth utilization on a serial interface?  The 
interface is encap frame and the CIR is 1544.  What would be the formula for 
such a calculation?

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: No debug over telnet

[Jay Hennigan]

On Wed, 28 Jun 2000, Omer   wrote:

 Hello,
 
 I have noticed that although I can turn debugging on over a telnet connection, I 
cannot watch the debug information over a 
 telnet connection to the router. I deduced that if you want to debug activities on 
the router you have to connect to it 
 through the console port. If that is not true please let me know.

Issue the command "terminal monitor" or "term mon" to display the debug
output on the telnet session.  The console monitors automatically.

-- 
Jay Hennigan  -  Network Administration  -  [EMAIL PROTECTED] 
NetLojix Communications, Inc.  NASDAQ: NETX  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you block CDP with an access list???

[Niraj Palikhey]

Hi,
So basically, if I understand, CDP can be used on serial as well as on 
Ethernet interfaces to get info. on neighboring routers. One question I had 
regarding CDP is when you do a sh cdp neighbors, it gives you config info. 
regarding the neighboring routers. I wanted to understand what AGS under 
Platform meant in this configuration. What does it stand for?
Please advise.
Thank you.
Kind regards,
[EMAIL PROTECTED]


From: "Raymond Everson (Rainman)" [EMAIL PROTECTED]
Reply-To: "Raymond Everson (Rainman)" [EMAIL PROTECTED]
To: Aaron Prather [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: Can you block CDP with an access list???
Date: Tue, 27 Jun 2000 19:47:18 -0400

again. read up udp=layer 4
cdp=NOT layer 4
 in fatto:  cdp is cisco's implementation of stretching layer 2 rules.

The Cisco Discovery Protocol (CDP) Discovery Protocol

CDP allows devices to share basic configuration information without even
configuring any protocol
specific information.  CDP is enabled by default on all interfaces.

CDP is a Datalink Protocol occuring at Layer 2 of the OSI model.   This is
important to understand
because CDP is not routable.  It can only traverse to directly connected
devices.

CDP allows you to view information such Operating System Version, Protocol
Information, and much
more.   This can be very handy for troubleshooting a variety of problems.

Aaron Prather wrote:

  If you can what protocol does it use? UDP? i know its a protocol in
  itself, but can this be done? what port number?
 
  Thanks guys,
 
  Aaron
 
  ___
  UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info: http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT vs. Proxy

[Jeff DeLoach]

Hello all,

Can anyone explain the pros and cons of NAT and Proxy server, from a
security standpoint?  It would seem to me that NAT + a firewall would be
much more secure than relying on a proxy server, but I'm having a hard time
explaining this to management.  

Also, how many times can you NAT on a network?  Is it plausible to have
remote sites connect to a distribution router (in a private frame relay
cloud), NAT there, and then connect back to the central office and be NAT-ed
again prior to going out on the internet?  Or does something get lost in
translation?  

All replies appreciated.

Jeff

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: router crash

[Dan Herlihy]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 [EMAIL PROTECTED]
 Sent: Wednesday, June 28, 2000 7:25 AM
 To: [EMAIL PROTECTED]
 Subject: router crash
 
 
 Networking giant Cisco has been forced to warn customers that its 
 routers can crash when tested for security vulnerabilities by 
 security 
 scanning software programs. 
 
 SOURCE: VUNet
 http://www.vnunet.com/News/1104718
 
 a 
 href="http://i.winfire.com/s/isapiEng.dll/wf.exe?cmd=rl
 508,180018682wf.exe"img border=0 width=120 
 height=50 alt="Get FreeDSL now!" 
 src=http://www.geocities.com/sstalib/freedsl.gif/a
 __
 123India.com - India's Premier Portal 
 Get your Free Email Account at http://www.123india.com
 
 
 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to 
 [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No debug over telnet

[Chris Larson]

No you simply need to type Term mon (Terminal Monitor) at the command prompt
on the line you are telnetting into.

You also need to set debuggin console to on.

-Original Message-
From: Omer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 9:49 PM
To: Cisco Group Study
Subject: No debug over telnet


Hello,

I have noticed that although I can turn debugging on over a telnet
connection, I cannot watch the debug information over a 
telnet connection to the router. I deduced that if you want to debug
activities on the router you have to connect to it 
through the console port. If that is not true please let me know.

Omer



_NetZero Free Internet Access and Email__
   http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A good telnet program

[Mark Boster]

I don't care much for the default telnet program even if you can increase
buffer space.
Try Tera Term Pro, a freeware telnet program. The maximum buffer space is
10,000 lines. This makes it very easy to capture even large switch configs.
It also has support ssh.

http://www.vector.co.jp/authors/VA002416/teraterm.html

 I hate the telnet program that came with windows 95 because it does not
give me any screen buffer space. Does any body
 know of any good telnet program that I can download from the internet?

 Omer



 _NetZero Free Internet Access and Email__
http://www.netzero.net/download/index.html

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS Upgrades

[Russell Lusignan]

Eric,
http://www.cisco.com/warp/customer/cc/cisco/mkt/ios/rel/113/prodlit/705_pp.h
tm

Need CCO login to get to the above URL.  This is a "Feature Matrices:
Release 10.3 12.1" outlining what features are specific to what release of
the IOS.  It doesn't give you much detail about the differences between IP,
IP Plus etc..  but the release notes may give you more information here:

http://www.cisco.com/kobayashi/releases/Release_notes.html

Hope that helps
Russ..


""Eric Bishop"" [EMAIL PROTECTED] wrote in message
8jcrl3$r4k$[EMAIL PROTECTED]">news:8jcrl3$r4k$[EMAIL PROTECTED]...
 Looking to do some upgrades to a few 2500 series routers and need
 information in regards to the IP, IP Plus, etc.  Does anyone have detailed
 information on the differences between the different versions and or know
 where this information is kept on the web.

 Thanks,

 EB


 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: LDAP Port opening on Firewall

[Mahisri]

Thanks Rahman,

I appreciate your help. That has solved my problem. I didn't know that LDAPS
require 636 port open. Thanks again for your help.

Regards
Sridhar Raju

- Original Message -
From: "Rahman, Abdul" [EMAIL PROTECTED]
To: "'Mahisri'" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: "cisco-groupstudy" [EMAIL PROTECTED]; "Rahman, Abdul"
[EMAIL PROTECTED]
Sent: Tuesday, June 27, 2000 9:05 AM
Subject: RE: LDAP Port opening on Firewall


 Good questions.

 First is the standard.  Is the MS exchange server LDAP compliant?
 Netscape has employed the author of the LDAP protocol ( he wrote
 is doctoral dissertation on LDAP) as a result they are completely
 LDAP compliant.  Make sure there are no inconsistencies with respect
 to the MS requirements.

 Second is security.  Make sure that the MS version is not requiring
 SSL over LDAP or LDAPS which uses port 636.  You maybe inadvertently
 blocking the  port it is requiring.

 Third is UDP versus TCP.  How is your access list or rule set configured.
 Make sure you are setting the rule correctly with respect to the protocol.

 These are some suggestions.  It may point you in the right direction.

 Best of luck.

 Warmest regards,

 Abdul Rahman


 A. Rahman, Ph.D.
 Product Engineer
 Digex, Inc





  -Original Message-
 From: Mahisri [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, June 27, 2000 9:23 AM
 To: [EMAIL PROTECTED]
 Cc: cisco-groupstudy
 Subject: LDAP Port opening on Firewall



 Help me please!

 I know the port 389 should be open for proper functioning of LDAP. I have
 case specific trouble - The Netscape directory server and Microsoft
exchange
 server are differed by a firewall in between. The maintenance people
 complain that they could not replicate the directory entries correctly.

 What could be the problem? The port 389 is open. I doubt it is the problem
 with Servers configurations.

 Rgds

 Sridhar



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall Manager

[Russell Lusignan]

Hmm.. my experience with the PFM wasn't too great.  Wasn't happy with it at
all, stick with the CLI for configuration.  As for syslog analysis and
alarm, there are several products out there that do a much better job.  I
use PrivateI (www.4privatei.com), works very well for NT, there are others
but I can't remember what they are, others on the list should have some more
insight :)

Hope that helps.
Russ..

""lee"" [EMAIL PROTECTED] wrote in message
8jbtop$g0c$[EMAIL PROTECTED]">news:8jbtop$g0c$[EMAIL PROTECTED]...
 Hi all, has anyone familiar with PIX Firewall Manager 4.3(2)e ???
 My PIX firewall is running ver 4.4(4) and my PFM is running 4.3(2)e. I
 managed to add the PIX firewall into the PFM, but i don't know how to
enable
 the syslog  alarm feature of PFM.

 Thanks in advance.

 rgs,
 lee


 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: collision on cut-through switch

[Chuck Larrieu]

Gentle correction - late collisions occur after the first 64 bytes of a
frame have been placed on the wire.

Essentially, a station listens, perceives the wire as clear, starts sending,
only to find that another station has already begun to transmit.

Can happen for a couple of reasons. Network too long. Faulty hardware. Real
busy network, possibly with lots of very small packets ( as might happen in
a brokerage firm, where I used to see my fair share of late collisions. )

Interesting point about the duplex settings. Having made that mistake once
or twice, my recollection is that connectivity is not established, but then
memory may not serve on this one. Does that show up as 100% collisions?

Chuck


-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent:   Wednesday, June 28, 2000 4:57 AM
To: ANIL.YADAV
Cc: Heskett, Tony; [EMAIL PROTECTED]
Subject:RE: collision on cut-through switch

A late collision usually occurs when one end of a switched ethernet link
is set to full duplex but the other end of the link is set to half-duplex.

Darren

On Thu, 22 Jun 2000, ANIL.YADAV wrote:




 How to avoid late collisions ?

 thanks
 Anil


 On Tue, 20 Jun 2000, Heskett, Tony wrote:

 
  Not a white paper, but let's see whether *I* understand
  how it's supposed to work dons flameproof underwear ;-
 
  Cut-thru waits for the dest addy, then starts forwarding.
 
  Frag-free waits for 64bytes, then starts forwarding.
 
  Store'n'forward waits for the whole packet and CRC's it,
  so will only forward truly valid (tm) packets.
 
  Sooo...  cut-thru will forward runts, and you'll get
  those if there's a collision after the dest addy but
  within the first 64.
 
  Frag-free will /not/ forward runts, so will protect
  you from collisions that really should have happened.
  It won't protect you from 'late collisions' (that
  shouldn't have happened), but you're gonna fix your
  cable plant to remedy those (aren't you? :-)
 
  Or am I lying ?   :-)
 
  (big quote for context, below; sorry)
 
  Tone
 
   From: Barry Hofland [mailto:[EMAIL PROTECTED]]
 
   Hi, Priscilla,
  
   I think the best way to find this out is to just get yourself
   a network
   tester to connect between the transmitting host on port 1 and
   the CISCO box.
   ( like a FLUKE ) You will be able to see ( or not ) the JAMS
   on port 1. When
   you connect the host in that segment only and there's a jam during a
   collision on port 2 you know enough...
  
   In my humble opinion you are right, but that's male intuition ;-)
 
   Priscilla Oppenheimer [EMAIL PROTECTED] wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
I got into a discussion with a knowledgeable Sniffer
   instructor recently.
When he teaches cut-through-switching theory, he warns his
   students that a
cut-through switch does not really isolate collision
   domains. Consider this example:
   
* The switch is receiving a frame from port 1 destined for
   a station out
port 2.
* The switch recognizes the destination address and starts
   forwarding the
frame to port 2 ASAP.
* There is a collision on port 2. (It's a shared and/or half-duplex
   Ethernet.)
   
According to the instructor, the Switch sends a jam signal
   back to port 1
to let the initial sender know that the frame experienced a
   collision.
   This
allows the sender to retransmit.
   
If you read some of the books on switching, you would think
   that this is
true. The books make it sound like the frame is passing
   through the switch
and disappearing out the destination port as soon as the destination
address is recognized.
   
I don't think the Sniffer instructor's conclusion is true,
   however. I
believe that a Cisco cut-through switch buffers the frame
   and hence has
   the
ability to retransmit. There is no requirement to send a jam to the
original sender because port 2 in our example retransmits
   after sensing
   the
collision.
   
I believe that Cisco switches store frames, even when doing
   cut-through,
whereas the instructor assumed that the frame has passed
   through and out
the port and is no longer available for retransmission by
   the switch.
   
Cisco positions cut-through as reducing delay, not reducing
   the need for
buffering, so I'm contending that I'm right.
   
Who do you think is right? Can you point me to any white
   papers that would
prove who is right?
 
  ___
  UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
  FAQ, list archives, and subscription info: http://www.groupstudy.com
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report 

RE: Serial0 is up, line protocol is down!

[Joe Quezada]

Just remember that "Serial0 is up" refers to Layer 1 and "Line Protocol is
down" refers to Layer 2.

Joe


-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Omer
Shommo
Sent:   Friday, June 23, 2000 6:00 AM
To: Cisco Group Study
Subject:Serial0 is up, line protocol is down!

Hello to All,

If Serial0 is up, line protocol is down, then what should I check? Give me
as many answers as you can.

BTW what  is the line protocol? is it a network protocol like ip, ipx? or is
it the data link layer protocol?

Omer


___
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: collision on cut-through switch

[John Neiberger]

 Not 100%, but there will be a lot of them.  We had a case here where
someone connected a server set to full duplex 10Meg to a hub with a few
other PCs connected.  There is connectivity, but anytime the server wanted
to transmit it would stomp any everyone else since collision detection was
disabled. This resulted in very poort performance on the LAN, but it did
work.  
 
Interestingly, we discovered this problem when the users complained that
they couldn't download attachments to their email.  Any file over a certain
size was certain to get mangled.  It took a while to discover the problem. 
So now when I see late collisions, the first thing I look for is duplex
mismatches.
 
John Neiberger
  
Gentle correction - late collisions occur after the first 64 bytes of
a
frame have been placed on the wire.

Essentially, a station listens, perceives the wire as clear, starts
  sending,
only to find that another station has already begun to transmit.

Can happen for a couple of reasons. Network too long. Faulty hardware.
  Real
busy network, possibly with lots of very small packets ( as might
happen
  in
a brokerage firm, where I used to see my fair share of late
collisions. )

Interesting point about the duplex settings. Having made that mistake
  once
or twice, my recollection is that connectivity is not established, but
  then
memory may not serve on this one. Does that show up as 100%
collisions?

Chuck


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
[EMAIL PROTECTED]
Sent: Wednesday, June 28, 2000 4:57 AM
To:   ANIL.YADAV
Cc:   Heskett, Tony; [EMAIL PROTECTED]
Subject:  RE: collision on cut-through switch

A late collision usually occurs when one end of a switched ethernet
link
is set to full duplex but the other end of the link is set to
  half-duplex.

Darren

On Thu, 22 Jun 2000, ANIL.YADAV wrote:




 How to avoid late collisions ?

 thanks
 Anil


 On Tue, 20 Jun 2000, Heskett, Tony wrote:

 
  Not a white paper, but let's see whether *I* understand
  how it's supposed to work dons flameproof underwear ;-
 
  Cut-thru waits for the dest addy, then starts forwarding.
 
  Frag-free waits for 64bytes, then starts forwarding.
 
  Store'n'forward waits for the whole packet and CRC's it,
  so will only forward truly valid (tm) packets.
 
  Sooo...  cut-thru will forward runts, and you'll get
  those if there's a collision after the dest addy but
  within the first 64.
 
  Frag-free will /not/ forward runts, so will protect
  you from collisions that really should have happened.
  It won't protect you from 'late collisions' (that
  shouldn't have happened), but you're gonna fix your
  cable plant to remedy those (aren't you? :-)
 
  Or am I lying ?   :-)
 
  (big quote for context, below; sorry)
 
  Tone
 
   From: Barry Hofland [mailto:[EMAIL PROTECTED]]
 
   Hi, Priscilla,
  
   I think the best way to find this out is to just get yourself
   a network
   tester to connect between the transmitting host on port 1 and
   the CISCO box.
   ( like a FLUKE ) You will be able to see ( or not ) the JAMS
   on port 1. When
   you connect the host in that segment only and there's a jam
during
  a
   collision on port 2 you know enough...
  
   In my humble opinion you are right, but that's male intuition
;-)
 
   Priscilla Oppenheimer [EMAIL PROTECTED] wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
I got into a discussion with a knowledgeable Sniffer
   instructor recently.
When he teaches cut-through-switching theory, he warns his
   students that a
cut-through switch does not really isolate collision
   domains. Consider this example:
   
* The switch is receiving a frame from port 1 destined for
   a station out
port 2.
* The switch recognizes the destination address and starts
   forwarding the
frame to port 2 ASAP.
* There is a collision on port 2. (It's a shared and/or
  half-duplex
   Ethernet.)
   
According to the instructor, the Switch sends a jam signal
   back to port 1
to let the initial sender know that the frame experienced a
   collision.
   This
allows the sender to retransmit.
   
If you read some of the books on switching, you would think
   that this is
true. The books make it sound like the frame is passing
   through the switch
and disappearing out the destination port as soon as the
  destination
address is recognized.
   
I don't think the Sniffer instructor's conclusion is true,
   

Re: VLSM Question

[Edward Solomon]

   I came up with summary-address 172.16.10.0 255.255.255.224

The summary-address command is only used on OSPF ASBRs. Use the area
area-id range address supernet-mask command to summarise routes on an
OSPF ABR.

The succinct difference lies in the type of LSA generated by these two
commands. The ABR generates Summary LSAs (Type 3/4), whereas the ASBR
generates Autonomous System External LSAs (Type 5). The summary-address
command, therefore, will not work correctly on an ABR. You must use the area
area-id range command to enable summarisation of inter-area routes.

--

Edward Solomon
CCNA, CCSI
Senior I/T Specialist
Networking Solutions
IBM Canada Ltd. - Learning Services
Tel.: (905) 316-3241  Fax: (905) 316-3101
E-mail: [EMAIL PROTECTED]
Internet: http://www.can.ibm.com/services/learning/net_internet.html



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 3600 error on startup??

[Palikhey, Niraj]

Hi,
I am getting an error msg. when my 3600 router boots up. The error msg.
reads:
device: does not contain a valid magic number
boot: cannot open file "flash:"
boot: cannot determine first file name on device flash

Then it takes me to the rommon  prompt.
Then I typed in confreg and tried to get into the router by bypassing the
NVRAM, but once it reloads, it takes me back to the rommon  prompt.

Can someone please advise.
Thank you.
Kind regards,
[EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A good telnet program

[Security Administrator]

Try Tera Term.  I believe it is available from Winfiles and download.com.
It is very easy to configure.  I like the ability to set "transmit delay"
this prevent any buffer overruns when I can pasting config files.  Best of
all it is freeware.

This is the link I have for it from Download.com:
http://download.cnet.com/downloads/0-10061-100-890547.html?tag=st.dl.10001_1
03_1.lst.td



Charles Jouglard
Network Engineer
Cox @Home - New Orleans, LA
"Cable Modems" - Now Your Living


- Original Message -
From: Omer [EMAIL PROTECTED]
To: Cisco Group Study [EMAIL PROTECTED]
Sent: Wednesday, June 28, 2000 1:29 AM
Subject: A good telnet program


 Hello,

 I hate the telnet program that came with windows 95 because it does not
give me any screen buffer space. Does any body
 know of any good telnet program that I can download from the internet?

 Omer


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco stuff for sale...

[Circusnuts]

Hey guys- just a note before I start 
the tedious task on making an Ebay page (taking the pictures with the digital 
camera, etc., etc.)...

I am selling:

2501 2502 

Both have 16 Megs of RAM/ 8 Megs of 
FLASH, 12.0.8Enterprise IOS installed  the newest version 11.0 boot 
ROM upgrades installed (11.0 10c). I purchased both of these routers new 
(de-installs that were never used). I have all the OE boxes, 
documentation,  never opened rack mounts. Both routers haveno 
physical flaws (no scratcheson their cases)  have been cleaned 
regularly.

I am includinga back to back (DCE 
to DTE) DB60 cable, an HP transceiver, crossover RJ45, Ethernet NIC (16 or 32 
bit- you choose),1 Cisco console kit with baluns, a Token Ring NIC (32 
bit) with RJ45  DB9 connections,  an 8228 IBM MAU with all the IBM 
cables...

Iam looking for $1525 + Shipping 
for everything.

1924 Catalyst 
Switch (Firmware)

24X 10 base T ports  2X100 
base T ports. This switch works great. I have had it for a few 
months  am making way for a new Catalyst $$$ :-( in my home 
lab.

I am including the DB15 null 
modem cable neededfor console-ing  the rack mounts (I did not have 
the manuals or OE box for this one...

I am look for $475 + shipping on 
this

Any questionsabout my trading 
integrity...
http://cgi2.ebay.com/aw-cgi/eBayISAPI.dll?ViewFeedbackuserid=circusnuts

Thanks All !!!
Phil

Re: Cisco 3600 error on startup??

[Brad Ellis]

It's broke.  Send it to me, I'll give you $200 for it.

lol
-Brad
""Palikhey, Niraj"" [EMAIL PROTECTED] wrote in message
9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3">news:9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3...
 Hi,
 I am getting an error msg. when my 3600 router boots up. The error msg.
 reads:
 device: does not contain a valid magic number
 boot: cannot open file "flash:"
 boot: cannot determine first file name on device flash

 Then it takes me to the rommon  prompt.
 Then I typed in confreg and tried to get into the router by bypassing the
 NVRAM, but once it reloads, it takes me back to the rommon  prompt.

 Can someone please advise.
 Thank you.
 Kind regards,
 [EMAIL PROTECTED]

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

(no subject)

[Ashley Padua]

Hi all,,,
i have one small ques. regarding the CCNA 1.0, I believe it's gonna be
retired on the 31 of july, so what if someone took the CCNA 1.0 test and

passed it before the 31 of july will the certificate also be retired or
what will happen with his certificate.

thanks alot ,

Ahmed



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: router crash

[Heskett, Tony]

 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]

 Networking giant Cisco has been forced to warn customers that its 
 routers can crash when tested for security vulnerabilities by 
 security 
 scanning software programs. 
 
 SOURCE: VUNet
 http://www.vnunet.com/News/1104718

Looks like an old one, and looks like it (fortunately...)
doesn't affect my 2600 boxes...

http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml

Tone

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Serial0 is up, line protocol is down!

[Chris Larson]

It could alos be a carrier problem. The way to tell is to loopback your DSU
use HDLC or PPP encaps on the interface and ping it. Clear couters before
you do this. Do it on both ends, and look for errors etc. If you get good
replies on both ends w/o errors the problem is probably not yours (as long
as the config on both ends is correct) but the Telc's. This proves good and
reliable connectivity between you and you DSU on both ends.

-Original Message-
From: Joe Quezada [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 10:13 AM
To: 'Omer Shommo'; 'Cisco Group Study'
Subject: RE: Serial0 is up, line protocol is down!


Just remember that "Serial0 is up" refers to Layer 1 and "Line Protocol is
down" refers to Layer 2.

Joe


-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Omer
Shommo
Sent:   Friday, June 23, 2000 6:00 AM
To: Cisco Group Study
Subject:Serial0 is up, line protocol is down!

Hello to All,

If Serial0 is up, line protocol is down, then what should I check? Give me
as many answers as you can.

BTW what  is the line protocol? is it a network protocol like ip, ipx? or is
it the data link layer protocol?

Omer


___
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: A good telnet program

[Chris Larson]

ProComm works very well for us.

-Original Message-
From: Mark Boster [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 28, 2000 9:51 AM
To: [EMAIL PROTECTED]
Subject: Re: A good telnet program


I don't care much for the default telnet program even if you can increase
buffer space.
Try Tera Term Pro, a freeware telnet program. The maximum buffer space is
10,000 lines. This makes it very easy to capture even large switch configs.
It also has support ssh.

http://www.vector.co.jp/authors/VA002416/teraterm.html

 I hate the telnet program that came with windows 95 because it does not
give me any screen buffer space. Does any body
 know of any good telnet program that I can download from the internet?

 Omer



 _NetZero Free Internet Access and Email__
http://www.netzero.net/download/index.html

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 3600 error on startup??

[Wolf-Gero Krause]

have you configured with the confreg 0x2102 or 0x2142 ? first one it's
right. Try it again.

Good luck - not sell it.


"Palikhey, Niraj" [EMAIL PROTECTED] schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
 Hi,
 I am getting an error msg. when my 3600 router boots up. The error msg.
 reads:
 device: does not contain a valid magic number
 boot: cannot open file "flash:"
 boot: cannot determine first file name on device flash

 Then it takes me to the rommon  prompt.
 Then I typed in confreg and tried to get into the router by bypassing the
 NVRAM, but once it reloads, it takes me back to the rommon  prompt.

 Can someone please advise.
 Thank you.
 Kind regards,
 [EMAIL PROTECTED]

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Using off the shelf DRAM in cisco 3620

[Greg Smythe]

The price that Cisco is charging for 16mb dram sticks is outrageous. $725
for the MEM3620-16D!! I was looking on cisco's website and I found this:
http://www.cisco.com/warp/public/cc/cisco/mkt/access/3600/prodlit/544_pp.htm

It looks like I can use a standard EDO 8x32 60ns 16MB stick and it'll work
fine. Anyone have any thoughts on using regular memory? I'd really like to
upgrade my DRAM so I can load bigger IOS images.


Thanks!


Greg

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 3600 error on startup??

[Jorge Rodriguez]

Try loading/TFTP a new IOS image, if that does not solve your problem then I
would think that your flash has problems.



--Original Message--
From: "Brad Ellis" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: June 28, 2000 2:56:17 PM GMT
Subject: Re: Cisco 3600 error on startup??


It's broke.  Send it to me, I'll give you $200 for it.

lol
-Brad
""Palikhey, Niraj"" [EMAIL PROTECTED] wrote in message
9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3">news:9FAB5E2F32B2D31187E4009027468CA79E0B77@WAXSNA-USDC-3...
 Hi,
 I am getting an error msg. when my 3600 router boots up. The error msg.
 reads:
 device: does not contain a valid magic number
 boot: cannot open file "flash:"
 boot: cannot determine first file name on device flash

 Then it takes me to the rommon  prompt.
 Then I typed in confreg and tried to get into the router by bypassing the
 NVRAM, but once it reloads, it takes me back to the rommon  prompt.

 Can someone please advise.
 Thank you.
 Kind regards,
 [EMAIL PROTECTED]

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Jorge Rodriguez /CCNA
Network Analyst
RS Networks Inc
1112 Boylston Street
Suite 222
Boston, MA 02115
1-781-614-1294
http://www.netwire.n3.net/
http://www.learncisco.n3.net/

 
iWon.com   http://www.iwon.com why wouldn't you? 


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

No Subject

[Olusola A Agbi]

Hi guys,
Sorry for coming a bit late. I was between waiting to write CCNA2.0 or to do
CCNA 1.0 . I have finally made up my mind to write 1.0 before it is retired, so
I will appreciate if anyone  can send useful materials to me on CCNA 1.0(Demo
questions, tips and aids.). It will really go a long way. You can reach me on
the above e-mail or [EMAIL PROTECTED] thanx a miilion for your ever ready
assistance.

Olusola


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Dialer Profile Not Working

[Odell, Jeff]

A Cisco TAC engineer told me that the SPID1 not valid, SPID2 not valid info
in the Show ISDN Stat is a "cosmetic bug".  As long as you have the two
entries showing state=Multiple_Frame_Established, the SPIDs are valid.  I
experienced this bug in versions 12.0.5T and 12.0.7T on a 2600 router.  It
appeared to be fixed in 12.1.1.  I am still working with the TAC to get past
some other issues so I am not completely confident that this is purely a
cosmetic bug.  I will let you know if I find anything interesting.

Jeff Odell
CCNA CCDA
Network Specialist
949-453-4377
800-739-5837 pager
949-500-3184 cell phone


-Original Message-
From: Kevin Wigle [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 9:34 PM
To: Kari Nurdin; [EMAIL PROTECTED]
Subject: Re: ISDN Dialer Profile Not Working


Without analyzing your config deeply, the "spid1 NOT valid" and "spid2 NOT
valid" are pretty good clues that something's not right with your spids.

I'm surprised that any config worked, but since your configs here are
sanitized, can't tell if the spids in the working config are the same as in
the dialer-profile config.

Kevin Wigle
CCNP, CCDA

- Original Message -
From: "Kari Nurdin" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, 27 June, 2000 23:52
Subject: ISDN Dialer Profile Not Working


 Hi Everyone,

 First time placing a post, I hope someday to share and
 contribute to the group like all of you.

 Recently, I had a ISDN install, the central site router consisted of two
 BRI interfaces.  Each BRI to be connected to a remote site.  My first task
 was to get BRI0 up and running to the remote location.  BRI1 to be done at
a
 later date.

 I configured the router using dialer profiles, however, I was not able to
 get it to work.  When doing the "show isdn status" , layer 2 status
echoed:

 Layer 2 Status:
 TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI = 69, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI 67, ces = 1, state = 8(established)
 spid1 configured, spid1 sent, spid1 NOT valid
 TEI 69, ces = 2, state = 8(established)
 spid2 configured, spid2 sent, spid2 NOT valid

 As normal, I had to get this link up and functioning ASAP.  After looking
 over the configuration (the pressure didn't help), I decided to configure
 the router not using dialer profiles.  Using this configuration(NO dialer
 profiles) I was able to get the ISDN connection to the remote site up and
 running instantly.

 I am stumped as to why my dialer profile configuration did not work.

 I would like to use dialer profile in the future and I really would like
to
 find out whats wrong with my configuration (with the groups help).  The
 following is the dialer profile configuration followed by my currently
 working configuration.  Does anyone one see something I don't.  Thanks in
 Advance.

 DIALER GROUP CONFIG (not able to get working)
 Central_H #show run
 Building configuration...

 Current configuration:
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname Central_H
 !
 enable secret 5 $1$64Kr$yjggfj7dlti
 !
 username Remote_R1 password 0 password
 username Central_H  password 0 password
 username Remote_R2  password 0 password
 !
 !
 !
 !
 memory-size iomem 25
 ip subnet-zero
 no ip routing
 no ip domain-lookup
 !
 isdn switch-type basic-ni
 isdn voice-call-failure 0
 !
 !
 !
 interface BRI0
 description Remote_R1
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 1 max-link 2
 isdn switch-type basic-ni
 isdn spid1 55512300 123
 isdn spid2 555123111200 1231112
 no peer default ip address
 ppp multilink
 !
 interface BRI1
 description Remote_R2
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 2 max-link 2
 isdn switch-type basic-ni
 isdn spid1 55512300 123
 isdn spid2 555123111200 1231112
 no peer default ip address
 ppp multilink
 !
 interface FastEthernet0
 description Central_H
 ip address 10.10.10.238 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 half-duplex
 bridge-group 1
 !
 interface Dialer1
 description Remote_R1
 ip address 10.10.10.238 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Remote_R1
 dialer pool 1
 dialer idle-timeout 2147483
 dialer load-threshold 2 outbound
 dialer-group 1
 pulse-time 0
 ppp authentication chap
 ppp multilink
 bridge-group 1
 !
 interface Dialer2
 description Remote_R2
 ip address 10.10.10.238 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Remote_R2
 dialer pool 2
 dialer idle-timeout 2147483
 dialer string 333
 dialer string 3331112
 dialer load-threshold 2 outbound
 dialer-group 2
 pulse-time 0
 ppp authentication chap
 ppp multilink
 bridge-group 1
 !
 no 

CIPT course

[Shumake, Derrick]

Does anyone know were I can take a good course on CIPT?


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2900 AutoInstall

[Deloso, Elmer G.]

Title: 2900 AutoInstall





Hello, group.
Is there an equivalent to an AutoInstall for 2900XL switches?
For e.g., Hughes ATM switches not only query the BootP server for auto-configuration
of its IP address, but also auto-download its configuration file. If there is a way to accomplish
this with the Cisco switches I would like to know. Thanks so much.


Elmer Deloso.

Hello Packet From Kumar @ California: Wireless Keen

[EXT-Pradeep . Kumar]

Hello Folks,
Do I have the consent of the learned to join this group. I am not much of a
CISCO technocrat.I work on wireless routers. I use Cisco box for testing
only.
I can help you folks who are " Wireless Keen".

The wireless technolgy is being chased by all. The spread spectrum , license
free band of 2.4 Ghz is getting popular ( and populated ). Frankly , no one
knows the future, but everyone is working on it aggressively.

The wireless routers use RIP, learn about their neighbours dynamically and
there is not much " exciting configuration" involved. The fun is in gettting
the whole thing going on site and monitoring it.

Well then , I rather be a good listener till I can really contribute.
If anyone is keen on a free demo , lemme know.

BTW , how many folks out there are really wireless keen
Regards
Pradeep

 Pradeep Kumar
 Technical Support Engineer 
 Nokia/NET/RAS/Wireless Routing
 Nokia Wireless Routers.
 313 Fairchild Drive
 Mt. View, CA  94043
 
 * (650)  625 - 2374( Tech Support )
 * (650)  302 - 4717( Mobile )
 *   (650)  625 - 2058   ( FAX)
 * [EMAIL PROTECTED]
   ... http://www.nwr.nokia.com  
 
  
 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Using off the shelf DRAM in cisco 3620

[Chuck Larrieu]

I've been buying generic flash and ram from http://www.memoryx.net/

If I can hook up with Oz, I'll be giving his operation a try. His operation
supports a study group, if memory serves. ( lost the web link, but I got the
phone number still )

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greg
Smythe
Sent:   Wednesday, June 28, 2000 8:54 AM
To: [EMAIL PROTECTED]
Subject:Using off the shelf DRAM in cisco 3620

The price that Cisco is charging for 16mb dram sticks is outrageous. $725
for the MEM3620-16D!! I was looking on cisco's website and I found this:
http://www.cisco.com/warp/public/cc/cisco/mkt/access/3600/prodlit/544_pp.htm

It looks like I can use a standard EDO 8x32 60ns 16MB stick and it'll work
fine. Anyone have any thoughts on using regular memory? I'd really like to
upgrade my DRAM so I can load bigger IOS images.


Thanks!


Greg

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Not a Cisco-related questions

[Raymond Mak]

Hi,

Sorry it is not a Cisco-related questions.
But I really would like to know is there any newsgroup discuss FORE
products?
Thanks

Raymond


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

!!!!! WHAT IS WITH THIS INDIVIDUAL MESSAGE DISTRIBUTION ?????

[Chuck Church]

Is everyone getting each individual message?  I'm getting them faster than I
can delete them.  I know Paul had some sendmail problems.  Is this an
aftereffect?


Chuck Church
Network Engineer
CCNP, MCNE, MCSE
Magnacom Technologies 
140 Route 303 
Valley Cottage, NY 10989 
Email:[EMAIL PROTECTED] 
Voice: 914 267-4000 ext 218 
Fax:   914 267-1034 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AUX - Dial up

[Luong, David]

Hi:

Have you explicitely used the type usr_sportster 
instead of relying on autoconfig? Also, not all modems are supported by the 
MODEMCAP table but it should, however, use a generic type if the modem is not 
found on the list.

Make sure the cable type is correct because from a DTE 
to DCE, it is either rolled rj and straight DB25 adapter ; NOT same. Verify that 
the DB25 has "MODEM" written on it too.


David Luong 
CCNP,CCNA,Network+,A+,i-Net+ Telecommunications Analyst Insurance 
Corporation of B.C. Vancouver, B.C CANADA 



  -Original Message-From: Tan Choh Koon 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 27, 2000 8:57 
  PMTo: [EMAIL PROTECTED]Subject: AUX - Dial 
  up
  Hi,
  
  I had connected the US Robotic Sportster modem to 
  the 1720 Aux port, but router cannot detect the modem. I had used correct 
  cable as what manual shown.
  What I am not aware off ? 
  
  
  
  line con 0transport input noneline 
  aux 0autobaudmodem InOutmodem autoconfigure 
  discoverystopbits 1flowcontrol hardwareline vty 0 
  4
  
  Debug confmodem :
  0:03:59: TTY5: detection speed (115200) response 
  --00:04:05: TTY5: detection speed (57600) response --00:04:10: 
  TTY5: detection speed (38400) response --00:04:15: TTY5: detection 
  speed (19200) response --00:04:21: TTY5: detection speed (9600) 
  response --00:04:26: TTY5: detection speed (2400) response 
  --00:04:32: TTY5: detection speed (1200) response --00:04:37: 
  TTY5: detection speed (300) response --00:04:37: TTY5: No modem 
  found

RE: ISDN Dialer Profile Not Working

[Art Davis]

I had a similar problem on an 804, 12.0(7)T. Once I upgraded to 12.1 the
dialer profiles worked fine.






"Odell, Jeff" [EMAIL PROTECTED] wrote:
A Cisco TAC engineer told me that the SPID1 not valid, SPID2 not valid info
in the Show ISDN Stat is a "cosmetic bug".  As long as you have the two
entries showing state=Multiple_Frame_Established, the SPIDs are valid.  I
experienced this bug in versions 12.0.5T and 12.0.7T on a 2600 router.  It
appeared to be fixed in 12.1.1.  I am still working with the TAC to get past
some other issues so I am not completely confident that this is purely a
cosmetic bug.  I will let you know if I find anything interesting.

Jeff Odell
CCNA CCDA
Network Specialist
949-453-4377
800-739-5837 pager
949-500-3184 cell phone


-Original Message-
From: Kevin Wigle [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 9:34 PM
To: Kari Nurdin; [EMAIL PROTECTED]
Subject: Re: ISDN Dialer Profile Not Working


Without analyzing your config deeply, the "spid1 NOT valid" and "spid2 NOT
valid" are pretty good clues that something's not right with your spids.

I'm surprised that any config worked, but since your configs here are
sanitized, can't tell if the spids in the working config are the same as in
the dialer-profile config.

Kevin Wigle
CCNP, CCDA

- Original Message -
From: "Kari Nurdin" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, 27 June, 2000 23:52
Subject: ISDN Dialer Profile Not Working


 Hi Everyone,

 First time placing a post, I hope someday to share and
 contribute to the group like all of you.

 Recently, I had a ISDN install, the central site router consisted of two
 BRI interfaces.  Each BRI to be connected to a remote site.  My first task
 was to get BRI0 up and running to the remote location.  BRI1 to be done at
a
 later date.

 I configured the router using dialer profiles, however, I was not able to
 get it to work.  When doing the "show isdn status" , layer 2 status
echoed:

 Layer 2 Status:
 TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI = 69, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI 67, ces = 1, state = 8(established)
 spid1 configured, spid1 sent, spid1 NOT valid
 TEI 69, ces = 2, state = 8(established)
 spid2 configured, spid2 sent, spid2 NOT valid

 As normal, I had to get this link up and functioning ASAP.  After looking
 over the configuration (the pressure didn't help), I decided to configure
 the router not using dialer profiles.  Using this configuration(NO dialer
 profiles) I was able to get the ISDN connection to the remote site up and
 running instantly.

 I am stumped as to why my dialer profile configuration did not work.

 I would like to use dialer profile in the future and I really would like
to
 find out whats wrong with my configuration (with the groups help).  The
 following is the dialer profile configuration followed by my currently
 working configuration.  Does anyone one see something I don't.  Thanks in
 Advance.

 DIALER GROUP CONFIG (not able to get working)
 Central_H #show run
 Building configuration...

 Current configuration:
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname Central_H
 !
 enable secret 5 $1$64Kr$yjggfj7dlti
 !
 username Remote_R1 password 0 password
 username Central_H  password 0 password
 username Remote_R2  password 0 password
 !
 !
 !
 !
 memory-size iomem 25
 ip subnet-zero
 no ip routing
 no ip domain-lookup
 !
 isdn switch-type basic-ni
 isdn voice-call-failure 0
 !
 !
 !
 interface BRI0
 description Remote_R1
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 1 max-link 2
 isdn switch-type basic-ni
 isdn spid1 55512300 123
 isdn spid2 555123111200 1231112
 no peer default ip address
 ppp multilink
 !
 interface BRI1
 description Remote_R2
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 2 max-link 2
 isdn switch-type basic-ni
 isdn spid1 55512300 123
 isdn spid2 555123111200 1231112
 no peer default ip address
 ppp multilink
 !
 interface FastEthernet0
 description Central_H
 ip address 10.10.10.238 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 half-duplex
 bridge-group 1
 !
 interface Dialer1
 description Remote_R1
 ip address 10.10.10.238 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Remote_R1
 dialer pool 1
 dialer idle-timeout 2147483
 dialer load-threshold 2 outbound
 dialer-group 1
 pulse-time 0
 ppp authentication chap
 ppp multilink
 bridge-group 1
 !
 interface Dialer2
 description Remote_R2
 ip address 10.10.10.238 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Remote_R2
 dialer pool 2
 dialer idle-timeout 2147483
 dialer string 333
 

RE: Do fragments always match extended access-list ?

[Alexandre K]

As the final conclusion in this thread:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120cavs/120m
cavs.htm

Caveats for Cisco IOS 12.0
IP Routing Protocols
CSCdm44976: IP access lists always permit IP fragments. There is no
workaround. 


I was told that it is fixed since 12.0(11), 12.1(2).
So beware of this bug in earlier IOS versions, especially when using
policy-routing.


Alex
CCNP

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNA 2.0 # of question

[Leonardo Silva - Tecnologia]

Could any one tell me how many questions there are in this exam?

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using off the shelf DRAM in cisco 3620

[Brad Ellis]

With using off the shelf memory you will void any Cisco warrantee and also
smartnet maint. contracts.  If it is out of warrantee and you have no
contracts, then go for it!  Shoot me an e-mail, I might be able to give you
a better price than any of them.

-Brad
""Greg Smythe"" [EMAIL PROTECTED] wrote in message
006501bfe119$263988c0$020b010a@ei">news:006501bfe119$263988c0$020b010a@ei...
 The price that Cisco is charging for 16mb dram sticks is outrageous. $725
 for the MEM3620-16D!! I was looking on cisco's website and I found this:

http://www.cisco.com/warp/public/cc/cisco/mkt/access/3600/prodlit/544_pp.htm

 It looks like I can use a standard EDO 8x32 60ns 16MB stick and it'll work
 fine. Anyone have any thoughts on using regular memory? I'd really like to
 upgrade my DRAM so I can load bigger IOS images.


 Thanks!


 Greg

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Analog Dial Backup

[News Cisco]

this will definitely work, but I had some problems dialing into my ISP 
getting assigned an IP address dynamicaly, any hints ?
'Bliss'


Olden Pieterse [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi there
 Here is my shot in the dark on this one .
 First configure yor aux port , I think its line 0
 so...
 conf t
 line aux 0
 speed 38500
 modem inout ( so you can call in  out)
 transport input all   (so it'll take anything , but change it to your
fancy
 )
 transport preferred telnet  (so if you telnet you dont have to wait)
 autoselct ppp
 modem autoconfigure type usr_courier
 flowcontrol hardware
 exec-timeout 0 0
 exec

 logical setup
 interface async 1 (uax 0 === async 1)
 ip unnumbered ethernet 0
 ip tcp header-compression passive
 encap ppp
 async default ip address x.x.x.x  (keep this address in the same subnet as
 your ethernet 0)
 async mode interactive

 I got this at www.cisco.com/warp/701/6.html

 It explains it really well !
 Hope it helps

 Cheers
 Olden


 -Original Message-
 From: Atef Rostom [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, June 28, 2000 12:16 PM
 To: [EMAIL PROTECTED]
 Subject: Analog Dial Backup


 Hi All,

 I am trying to configure a 1720 to use the Aux port as a backup for the
 serial port.

 I want it to dial using a USRobotics Courier modem.

 Please tell me if you tried this before.

 Thanks, Atef


 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]