Re: erased flash
Hi Basically you have erased your main Cisco IOS, and you router is in Rom Monitor mode (its alive but not as we know it!!) if you type the '?' key you'll get a list of processor specific commands that will help you get the router booted properly... There is the default IOS that resides in the ROM that you should be able to invoke this IOS is normally an early version and may not have all the feature set you require... but its a start... Good Luck Anthony Awatefe CCNA CCNP - Original Message - From: "Ganesh Chintalapati" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco Sent: Saturday, March 24, 2001 6:05 AM Subject: erased flash > > Dear group, > > I recently was configuring ISDN on 1750 router. But accidently I have gi= > ven > #erase flash command from the prompt. And once I rebooted the router I g= > ot > the message "not able to find some number" and "not able to locate file f= > lash" > and I am getting rommon 1> prompt. Pls let me know how do I restore my r= > outer > to its normal working condition. > > This is very urgent, I would be most thankful if someone gives me the sol= > ution > at the earliest. > > Bye group, > > Ganesh.Ch > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
client unable to browse but able to ping
Hi all, I am figuring ISDN dialout using cisco 805. I am able to ping IP and DNS from client side, but can't browse by using either explorer or netscape browser. The script workin well on modem analog but not ISDN. Any idea?. Andri _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco support for VRRP any platform ?
Thanks Kevin...in fact Henry Rollins sent following link which I found very informative regarding port tracking feature of HSRP. Thanks for the help http://www.cisco.com/warp/public/619/6.html Sumeet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Wigle Sent: Friday, March 23, 2001 10:03 AM To: Sumeet Gohri; Asbjorn Hojmark; 'Chris Lemagie'; 'Curtis Phillips' Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Cisco support for VRRP any platform ? Sumeet, It all depends on what you mean by "fancy" tracking features. Cisco HSRP can indeed track interfaces. I have configured that many times. Kevin Wigle - Original Message - From: "Sumeet Gohri" <[EMAIL PROTECTED]> To: "Asbjorn Hojmark" <[EMAIL PROTECTED]>; "'Chris Lemagie'" <[EMAIL PROTECTED]>; "'Curtis Phillips'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, March 22, 2001 10:24 PM Subject: RE: Cisco support for VRRP any platform ? > Well I have worked on number of products from different vendors supporting > VRRP and I have worked with HSRP also. I feel that both have strengths and > weaknesses however I think VRRP and its variations are slightly more mature > as it allows some fancy port tracking features. I might be wrong but I don't > HSRP has such features. Please if someone has more detailed info on the > subject...please enlighten us. > > Sumeet > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Asbjorn Hojmark > Sent: Thursday, March 22, 2001 4:57 PM > To: 'Chris Lemagie'; 'Curtis Phillips' > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco support for VRRP any platform ? > > > > Does anyone know if any IOS version supports VRRP on any of > > the standard platforms? > > > Not yet. We are working on a VRRP implementation though. > > I think you meant to write 'Not yet on the routers'. I'm sure > some of the boxes you've bought recently (such as the CSS / > ArrowPoint switches) does support VRRP. > > > HSRP offers much more functionality than VRRP, but of course > > it is limited to usage with other Cisco devices. > > Actually, since HSRP is documented in RFC2281, other companies > could have implemented it if they wanted to. I guess they don't > feel VRRP lacking in functionality, since they haven't. > > -A > -- > Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe > Links : http://www.hojmark.org/networking/ > > > **NOTE** All LAB SWAP messages should now be sent to the > LAB SWAP Message board on groupstudy.com. > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE** All LAB SWAP messages should now be sent to the LAB SWAP Message board on groupstudy.com. ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
erased flash
Dear group, I recently was configuring ISDN on 1750 router. But accidently I have gi= ven #erase flash command from the prompt. And once I rebooted the router I g= ot the message "not able to find some number" and "not able to locate file f= lash" and I am getting rommon 1> prompt. Pls let me know how do I restore my r= outer to its normal working condition. This is very urgent, I would be most thankful if someone gives me the sol= ution at the earliest. Bye group, Ganesh.Ch _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Performance Comparision between Linux OS Firewall and CiscoPIX 525
In the enterprise scenario, I would go so far as to say that 1 device is not enough, and that each device is part of an overall security policy. Perhaps access list/firewall protection, and a user/pass authorization, and nat for the more secure info. Brian On Fri, 23 Mar 2001, Moe Tavakoli wrote: > It was assumed that the question was a result of an > implementation in an enterpise system. Of course in a > school or a small comapny where uptime does not = $ > there is no issue, use Linux, use MS Proxy for all > that matters. But in an enterprise where uptime is > Essentail, there is money at stake and information has > lots of value, I would sleep easier at night knowing > that I have an enterprise level platform with a solid > proven track record, backed by a company who is > focused on producing and supporting systems to enable > me to focus on doing what I'm good at... > > Moe. > > --- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote: > > How about if the customer is strapped for money. I > > work at a school. > > Luckily our students haven't gotten sophisticated > > enough to break into the > > Linux firewall but I don't the think that day is too > > far away. Some of them > > are very smart and they are learning Linux and > > networking in their classes. > > But PIX is too expensive, I think?? > > > > Priscilla > > > > At 09:24 AM 3/23/01, Rik wrote: > > >I have seen way too many Linux firewalls hacked as > > a result of > > >mis-administration. Now, I'm not assuming anything > > about your abilities as > > >the last confirmed hack that I was notified about > > was a Linux FW setup by 2 > > >guys that I know to be excellent Linux admins. The > > problem is the inherent > > >nature of the beast. A PIX is totally secure right > > out of the box. The > > >last Linux hack I speak of was hacked based on an > > exploit within BIND and > > >had nothing to do with the FW policy. > > > > > >I also find the PIX to be MUCH easier to configure > > and setup. I can do in > > >only a few lines of code what could possibly take > > pages and pages of code in > > >Linux. When talking about firewalls, simplicity is > > a critically important > > >concern. One compromise could easily remove any > > upfront cost advantage > > >Linux has over Cisco. Also, you don't have to be > > concerned with shutting > > >down unused services on a PIX as you would on > > Linux. > > > > > >Go with the PIX. It was designed from the ground > > up to do just what it > > >does: protect your network. Cisco claims that a > > properly configured PIX has > > >never been compromised. I believe them. > > > > > >Rik > > > > > > > > >""Sean Young"" <[EMAIL PROTECTED]> wrote in > > message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi Everyone, > > > > > > > > My company is putting me in charge in > > implementing a Firewall for our > > > > company. One guy in my networking group is > > recommending PIX Firewall. > > > > Furthermore, he also recommends a Cisco > > Web-caching engine. His reason > > > > is that not only Cisco is good Firewall but it > > also provides VPN > > > > connectivity to our remote sites. Myself, on > > the other hand, would > > > > like to implement Linux-based OS firewall along > > with FreeS/WAN VPN > > > > features set. My reason is that a linux > > firewall can provide everything > > > > a Cisco PIX does and even more. In term of > > hardware, the linux Firewall/ > > > > VPN/IPSec box will be running a dual-processor > > (800MHz) with 1GB of RAM. > > > > I just feel that I can get a lot more for the > > amount that we are going > > > > to spend with linux than with Cisco PIX. I also > > feel that I tweak the > > > > source code on the LINUX kernel to increase the > > performance and security. > > > > Also, instead of purchasing the Cisco > > web-caching engine, I am thinking > > > > of building another linux box that will be > > running squid (web-caching) > > > > server. Don't get me wrong, I think Cisco has a > > lot of good products > > > > in the area of routing; however, I just don't > > think it is necessary to > > > > throw away money at Cisco when I know that Linux > > or BSD can do the same > > > > job that PIX and Cisco web-caching engine do but > > for much less and also > > > > I can control the source code. Has anyone has > > experiences with both > > > > the Linux/BSD, Squid and Cisco PIX, Cisco > > web-caching engine so that > > > > you can give advice on what I should do. I am > > open to your suggestions. > > > > > > > > Many thanks. > > > > Sean > > > > > > > _ > > > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > >http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations > > to [EMAIL PROTECTED] > > > > > > > > > > > > >___
Re: Autonomous Systems
Why would you want to, I mean if you're connected to 2 ases, isn't the point that from any prospective source, the best path to you should be taken? Bri On Fri, 23 Mar 2001, Circusnuts wrote: > I don't believe you can successfully load balance too two separate AS's > (ISP's), from a single AS (say your domain). BGP does not work that'a way. > You'd have to have separate gateway AS's coming from the two ISP's & have > IBGP make the decisions within the domain (bellow the two gateways). > > Does this make sense ??? Am I on target :-) > > Phil > > - Original Message - > From: "Brian" <[EMAIL PROTECTED]> > To: "Alassar, Sonia" <[EMAIL PROTECTED]> > Cc: "'John Neiberger'" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Thursday, March 22, 2001 7:28 PM > Subject: RE: Autonomous Systems > > > > over time, a planned migration would likely be advantageous, from a > > management perspective. > > > > Bri > > > > On Thu, 22 Mar 2001, Alassar, Sonia wrote: > > > > > Yes, I am speaking about routing on the internet with BGP-4. If I am a > > > carrier that has 1 AS and I purchase another network (that has multiple > > > ASes) from another carrier, should I integrate them into a single AS, or > > > keep them as multiple AS? It is not that I want to have multiple AS, > > > however, I will have them via the acquisition. The question is should I > keep > > > them separate, or migrate them into one. What added benefit do I get if > I > > > have one? A second question is if 1 AS is so great, why do Sprint, > WorldCom, > > > AT&T, and Genuity all have multiple AS? > > > > > > Sonia > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: multilink PPP
You could do this with a computer with 2 modems, or netopia makes a dual 56k router that is a little pricey but nice. Bri On Fri, 23 Mar 2001, Alec Smiths wrote: > Hi all, > > My customer wants to make multilink PPP to SP using 2 > analog dial-up lines. What sort of CPE device does he > need ? And do you have any idea about the prices ? > > Regards, > > Alec > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What's the benefits of using cluster between CAT3500 switches?
http://www.cisco.com/warp/public/779/smbiz/multimedia/download.html Check out this link. JJ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bri flapping with demand cirquit/igrp redistribution
I had this problem and moved the ip ospf demand-circuit statement to the other router and the problem went away. I was using 11.2 code on one end and 12.something on the other. Mick - Original Message - From: "Leah Lynch" <[EMAIL PROTECTED]> To: "'Jay Chandradas'" <[EMAIL PROTECTED]>; "'Chris Larson'" <[EMAIL PROTECTED]>; "'Bob Boone'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 6:15 PM Subject: RE: bri flapping with demand cirquit/igrp redistribution > I think you normally disable CDP in dialup lines for efficiency. > > Leah > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jay Chandradas > Sent: Friday, March 23, 2001 2:57 PM > To: Chris Larson; Bob Boone; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > I am not sure CDP will keep the line up ? And ur interesting traffic is > permit ip any any . I dont think CDP will keep the line up. When u do a > debug ip pack.. u can nvr see CDP.. CDP is layer 2. > > my 0.02 > > - Original Message - > From: "Chris Larson" <[EMAIL PROTECTED]> > To: "Bob Boone" <[EMAIL PROTECTED]>; "Jay Chandradas" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Friday, March 23, 2001 2:40 PM > Subject: RE: bri flapping with demand cirquit/igrp redistribution > > > > Will CDP keep the line up? Turn off CDP. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Bob Boone > > Sent: Friday, March 16, 2001 5:30 PM > > To: Jay Chandradas; [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > > Yes i do have passive BRI on IGRP, and also, the way it is done now, it > > restricts ALL networks, if you look at the access-list 15 it has one > > statement and then explisit deny all. > > still not working. > > > > - Original Message - > > From: "Jay Chandradas" <[EMAIL PROTECTED]> > > To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > <[EMAIL PROTECTED]> > > Sent: Friday, March 16, 2001 12:22 PM > > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > > > 1. DO u have a passive interface on bri0 under router IGRP > > > > > > 2. I wud do this way !! when u r redisributing into OSPG .. allow only > the > > > IGRP networks ( including the network conneted with is running IGRP ) > > > > > > Jay > > > > > > when u r redistributing into > > > - Original Message - > > > From: "Netguy" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Friday, March 16, 2001 12:01 PM > > > Subject: bri flapping with demand cirquit/igrp redistribution > > > > > > > > > > > Hello all you happy people. > > > > > Router A has ospf/igrp mutual redistribution and bri > > > > > int dialing elsewhere with demand circuit. it keeps > > > > > flapping. > > > > > i followed someone's advice and created a route/map > > > > > filter to filter out bri network from igrp > > > > > redistributing back into ospf. > > > > > what the hell am i doing wrong? i know its a big > > > > > thing > > > > > that lots of people had problems with. > > > > > here's the key configs: > > > > > interface BRI0/0 > > > > > ip address 173.5.8.1 255.255.255.252 > > > > > encapsulation ppp > > > > > ip ospf demand-circuit > > > > > dialer idle-timeout 15 > > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667007 > > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667008 > > > > > dialer load-threshold 128 outbound > > > > > dialer-group 1 > > > > > isdn switch-type basic-dms100 > > > > > isdn spid1 9258667005 > > > > > isdn spid2 9258667006 > > > > > ppp authentication chap > > > > > ppp chap hostname CCIE > > > > > ppp multilink > > > > > > > > > > > > > > > router ospf 1 > > > > > log-adjacency-changes > > > > > area 0 authentication message-digest > > > > > area 0 range 173.5.1.0 255.255.255.0 > > > > > summary-address 173.5.10.0 255.255.255.0 > > > > > redistribute igrp 100 metric 100 subnets route-map > > > > > stuff > > > > > network 1.1.1.0 0.0.0.3 area 0 > > > > > network 173.5.1.0 0.0.0.15 area 0 > > > > > network 173.5.7.0 0.0.0.7 area 3 > > > > > network 173.5.8.0 0.0.0.3 area 3 > > > > > network 173.5.10.0 0.0.0.127 area 3 > > > > > network 173.5.17.0 0.0.0.255 area 0 > > > > > access-list 15 permit 173.5.8.0 0.0.0.3 log > > > > > route-map stuff deny 5 > > > > > match ip address 15 > > > > > ! > > > > > route-map stuff permit 10 > > > > > set tag 4 > > > > > > > > > > __ > > > > > Do You Yahoo!? > > > > > Get email at your own domain with Yahoo! Mail. > > > > > http://personal.mail.yahoo.com/ > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Get email at your own domain with Yahoo! Mail. > > > > http://personal.mail.yahoo.
Re: What's the benefits of using cluster between CAT3500 switches?
Cost - I know that in a few sites that I have where I usually use 6500s (for floors with 200+ clients per closet), I can get away with a stack of 2 or 3 3500s (for 100 or so clients) if the lack of backplane capacity is not an issue. This way I still have the gig uplinks and I'm delivering the access switching at a significant reduction over the 6500s. ""Thomas"" <[EMAIL PROTECTED]> wrote in message 99h10e$4vv$[EMAIL PROTECTED]">news:99h10e$4vv$[EMAIL PROTECTED]... > Hi All - I know that it's possible to create cluster for a stack of CAT 3500 > switch. This way, one can use only one IP address for the whole stack. > Beside this benefit, what else can I gain from creating the cluster? > redundancy? Thanks All! > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written pass score
Just taken my wriitten paper last month. Passing score is 700/1000. > -Original Message- > From: Mantiz [SMTP:[EMAIL PROTECTED]] > Sent: Saturday, March 24, 2001 12:20 AM > To: [EMAIL PROTECTED] > Subject: CCIE written pass score > > Does anyone know what the current passing score for the CCIE written exam > is? > > Thanks, > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bri flapping with demand cirquit/igrp redistribution
Try remove the "log" from the access-list 15 associated with the route-map stuff. Also, you do not need the summary-address under OSPF. -Ya -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Murphy Sent: Friday, March 23, 2001 5:04 PM To: Leah Lynch; 'Jay Chandradas'; 'Chris Larson'; 'Bob Boone'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: bri flapping with demand cirquit/igrp redistribution Also check the BRI interface and see if you see IPCDP, it should disapper when you no cdp en! Patrick - Original Message - From: "Leah Lynch" <[EMAIL PROTECTED]> To: "'Jay Chandradas'" <[EMAIL PROTECTED]>; "'Chris Larson'" <[EMAIL PROTECTED]>; "'Bob Boone'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 7:45 PM Subject: RE: bri flapping with demand cirquit/igrp redistribution > I think you normally disable CDP in dialup lines for efficiency. > > Leah > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jay Chandradas > Sent: Friday, March 23, 2001 2:57 PM > To: Chris Larson; Bob Boone; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > I am not sure CDP will keep the line up ? And ur interesting traffic is > permit ip any any . I dont think CDP will keep the line up. When u do a > debug ip pack.. u can nvr see CDP.. CDP is layer 2. > > my 0.02 > > - Original Message - > From: "Chris Larson" <[EMAIL PROTECTED]> > To: "Bob Boone" <[EMAIL PROTECTED]>; "Jay Chandradas" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Friday, March 23, 2001 2:40 PM > Subject: RE: bri flapping with demand cirquit/igrp redistribution > > > > Will CDP keep the line up? Turn off CDP. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Bob Boone > > Sent: Friday, March 16, 2001 5:30 PM > > To: Jay Chandradas; [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > > Yes i do have passive BRI on IGRP, and also, the way it is done now, it > > restricts ALL networks, if you look at the access-list 15 it has one > > statement and then explisit deny all. > > still not working. > > > > - Original Message - > > From: "Jay Chandradas" <[EMAIL PROTECTED]> > > To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > <[EMAIL PROTECTED]> > > Sent: Friday, March 16, 2001 12:22 PM > > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > > > 1. DO u have a passive interface on bri0 under router IGRP > > > > > > 2. I wud do this way !! when u r redisributing into OSPG .. allow only > the > > > IGRP networks ( including the network conneted with is running IGRP ) > > > > > > Jay > > > > > > when u r redistributing into > > > - Original Message - > > > From: "Netguy" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Friday, March 16, 2001 12:01 PM > > > Subject: bri flapping with demand cirquit/igrp redistribution > > > > > > > > > > > Hello all you happy people. > > > > > Router A has ospf/igrp mutual redistribution and bri > > > > > int dialing elsewhere with demand circuit. it keeps > > > > > flapping. > > > > > i followed someone's advice and created a route/map > > > > > filter to filter out bri network from igrp > > > > > redistributing back into ospf. > > > > > what the hell am i doing wrong? i know its a big > > > > > thing > > > > > that lots of people had problems with. > > > > > here's the key configs: > > > > > interface BRI0/0 > > > > > ip address 173.5.8.1 255.255.255.252 > > > > > encapsulation ppp > > > > > ip ospf demand-circuit > > > > > dialer idle-timeout 15 > > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667007 > > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667008 > > > > > dialer load-threshold 128 outbound > > > > > dialer-group 1 > > > > > isdn switch-type basic-dms100 > > > > > isdn spid1 9258667005 > > > > > isdn spid2 9258667006 > > > > > ppp authentication chap > > > > > ppp chap hostname CCIE > > > > > ppp multilink > > > > > > > > > > > > > > > router ospf 1 > > > > > log-adjacency-changes > > > > > area 0 authentication message-digest > > > > > area 0 range 173.5.1.0 255.255.255.0 > > > > > summary-address 173.5.10.0 255.255.255.0 > > > > > redistribute igrp 100 metric 100 subnets route-map > > > > > stuff > > > > > network 1.1.1.0 0.0.0.3 area 0 > > > > > network 173.5.1.0 0.0.0.15 area 0 > > > > > network 173.5.7.0 0.0.0.7 area 3 > > > > > network 173.5.8.0 0.0.0.3 area 3 > > > > > network 173.5.10.0 0.0.0.127 area 3 > > > > > network 173.5.17.0 0.0.0.255 area 0 > > > > > access-list 15 permit 173.5.8.0 0.0.0.3 log > > > > > route-map stuff deny 5 > > > > > match ip address 15 > > > > > ! > > > > > route-map stuff permit 10 > > > > > set tag 4 > > > > > > >
What's the benefits of using cluster between CAT3500 switches?
Hi All - I know that it's possible to create cluster for a stack of CAT 3500 switch. This way, one can use only one IP address for the whole stack. Beside this benefit, what else can I gain from creating the cluster? redundancy? Thanks All! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
"Routing on a stick" with 3Com Switch?
Hi All - I wonder if it is possible to implement the "Routing on a stick" method using Cisco 3620 router (with 1 fast ethernet port) and the 3Com CoreBuilder 5000 switch? Thanks in advance!!! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: trunking
Hi All - My question relates to the trunking topic so I hope you would help. If I have a Cisco 3620 with 1 fast ethernet port, can I implement "routing on a stick" method with my 3Com CoreBuilder 5000 Switch? I assume I have to use "do1q" enscapsulation. If possible, how should I do it? Thanks in advance! Thomas ""Lopez, Robert"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > What are the differences between isl and 802.1q trunking. If I'm in a total > cisco switched environment, should I always use isl? What would be a good > reason to use 802.1q? Which one is more favored over the other? > > Robert > > > > Robert M. Lopez > Network Planning > Ann Arbor Data Center > Pfizer Global Research & Development > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Failed Login Notification
This email is to notify you that the login attempts for a SecureDelivery message have been exceeded. As a result, access to this message has been suspended until: Mar 24, 2001 @ 07:16 (CST) Mar 24, 2001 @ 13:16 (GMT) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bri flapping with demand cirquit/igrp redistribution
Also check the BRI interface and see if you see IPCDP, it should disapper when you no cdp en! Patrick - Original Message - From: "Leah Lynch" <[EMAIL PROTECTED]> To: "'Jay Chandradas'" <[EMAIL PROTECTED]>; "'Chris Larson'" <[EMAIL PROTECTED]>; "'Bob Boone'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 7:45 PM Subject: RE: bri flapping with demand cirquit/igrp redistribution > I think you normally disable CDP in dialup lines for efficiency. > > Leah > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Jay Chandradas > Sent: Friday, March 23, 2001 2:57 PM > To: Chris Larson; Bob Boone; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > I am not sure CDP will keep the line up ? And ur interesting traffic is > permit ip any any . I dont think CDP will keep the line up. When u do a > debug ip pack.. u can nvr see CDP.. CDP is layer 2. > > my 0.02 > > - Original Message - > From: "Chris Larson" <[EMAIL PROTECTED]> > To: "Bob Boone" <[EMAIL PROTECTED]>; "Jay Chandradas" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Friday, March 23, 2001 2:40 PM > Subject: RE: bri flapping with demand cirquit/igrp redistribution > > > > Will CDP keep the line up? Turn off CDP. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Bob Boone > > Sent: Friday, March 16, 2001 5:30 PM > > To: Jay Chandradas; [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > > Yes i do have passive BRI on IGRP, and also, the way it is done now, it > > restricts ALL networks, if you look at the access-list 15 it has one > > statement and then explisit deny all. > > still not working. > > > > - Original Message - > > From: "Jay Chandradas" <[EMAIL PROTECTED]> > > To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > <[EMAIL PROTECTED]> > > Sent: Friday, March 16, 2001 12:22 PM > > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > > > > 1. DO u have a passive interface on bri0 under router IGRP > > > > > > 2. I wud do this way !! when u r redisributing into OSPG .. allow only > the > > > IGRP networks ( including the network conneted with is running IGRP ) > > > > > > Jay > > > > > > when u r redistributing into > > > - Original Message - > > > From: "Netguy" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Friday, March 16, 2001 12:01 PM > > > Subject: bri flapping with demand cirquit/igrp redistribution > > > > > > > > > > > Hello all you happy people. > > > > > Router A has ospf/igrp mutual redistribution and bri > > > > > int dialing elsewhere with demand circuit. it keeps > > > > > flapping. > > > > > i followed someone's advice and created a route/map > > > > > filter to filter out bri network from igrp > > > > > redistributing back into ospf. > > > > > what the hell am i doing wrong? i know its a big > > > > > thing > > > > > that lots of people had problems with. > > > > > here's the key configs: > > > > > interface BRI0/0 > > > > > ip address 173.5.8.1 255.255.255.252 > > > > > encapsulation ppp > > > > > ip ospf demand-circuit > > > > > dialer idle-timeout 15 > > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667007 > > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667008 > > > > > dialer load-threshold 128 outbound > > > > > dialer-group 1 > > > > > isdn switch-type basic-dms100 > > > > > isdn spid1 9258667005 > > > > > isdn spid2 9258667006 > > > > > ppp authentication chap > > > > > ppp chap hostname CCIE > > > > > ppp multilink > > > > > > > > > > > > > > > router ospf 1 > > > > > log-adjacency-changes > > > > > area 0 authentication message-digest > > > > > area 0 range 173.5.1.0 255.255.255.0 > > > > > summary-address 173.5.10.0 255.255.255.0 > > > > > redistribute igrp 100 metric 100 subnets route-map > > > > > stuff > > > > > network 1.1.1.0 0.0.0.3 area 0 > > > > > network 173.5.1.0 0.0.0.15 area 0 > > > > > network 173.5.7.0 0.0.0.7 area 3 > > > > > network 173.5.8.0 0.0.0.3 area 3 > > > > > network 173.5.10.0 0.0.0.127 area 3 > > > > > network 173.5.17.0 0.0.0.255 area 0 > > > > > access-list 15 permit 173.5.8.0 0.0.0.3 log > > > > > route-map stuff deny 5 > > > > > match ip address 15 > > > > > ! > > > > > route-map stuff permit 10 > > > > > set tag 4 > > > > > > > > > > __ > > > > > Do You Yahoo!? > > > > > Get email at your own domain with Yahoo! Mail. > > > > > http://personal.mail.yahoo.com/ > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Get email at your own domain with Yahoo! Mail. > > > > http://personal.mail.yahoo.com/ > > > > > > > > ___ > > >
Re: 2610 Serial Interface Puzzler
this link says it - NO! http://www.cisco.com/univercd/cc/td/doc/pcat/mxne__p1.htm We had a similar discussion not long ago about FE modules and 2600s and it was interesting because there were people that said they had it working but then Cisco didn't "support" it in any of their literature. Might be the same here. Kevin Wigle - Original Message - From: "John Neiberger" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, 23 March, 2001 18:05 Subject: RE: 2610 Serial Interface Puzzler > Hmmm, you appear to be correct. I'm looking through the quick reference > guide and I don't see the NM-1E2W as an option on the 2600 series. That > might be a problem. I wonder if it's actually working. > > >>> "Jim Brown" <[EMAIL PROTECTED]> 3/23/01 3:53:34 PM >>> > I don't think that module is even supported in the 2600's. Someone > correct > me if I'm wrong, but can't you only use the NM-1E or NM-2W, not a > NM-1E2W in > the 2600's > > -Original Message- > From: John Neiberger [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 23, 2001 3:42 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: 2610 Serial Interface Puzzler > > > Those modules are numbered from right to left, but only includes > installed modules, I believe. If you had two installed, they would > be--from left to right--1/1 and 1/0. > > >>> "Gareth Hinton" <[EMAIL PROTECTED]> 3/23/01 2:50:43 PM > >>> > Hi All, > > Can anybody please explain the following: > > I've been messing with a 2600 with an NM1E2W running 12.1(5)T > I put a WIC1T in to slot W0, so this understandably became Serial 1/0. > Powered down, removed WIC1T and restarted then WR MEM so any config > for > S1/0 > is gone. > Powered down. Inserted WIC1T into slot W1. > This also came up as S1/0 as opposed to what I would have expected > (S1/1). > I had successful connections on S1/0 while WIC1T was in either slot. > > I'd be interested to see what happens with two WIC1T's in but had to > get the > router on line before I could get hold of another WIC1T. > > Anyone know the reason for this? > > Thanks, > > Gareth > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco support for VRRP any platform ?
VRRP has Critical IP feature which is similar but I think HSRPs interface tracking gives you more flexibility in your config/design. Additionally, ESRP (Extremes version) keeps track of # of active ports on a device in a VLAN and can watch the routing table to adjust whos active, priority, etc. HSRP or VRRP does neither so I guess it depends on what you need and how much control you want on what box has the Shared Virtual IP addresses active. --- Clayton Price <[EMAIL PROTECTED]> wrote: > You can track interfaces with HSRP > > ""Sumeet Gohri"" <[EMAIL PROTECTED]> wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Well I have worked on number of products from > different vendors supporting > > VRRP and I have worked with HSRP also. I feel that > both have strengths and > > weaknesses however I think VRRP and its variations > are slightly more > mature > > as it allows some fancy port tracking features. I > might be wrong but I > don't > > HSRP has such features. Please if someone has more > detailed info on the > > subject...please enlighten us. > > > > Sumeet > > > > -Original Message- > > > > > Does anyone know if any IOS version supports > VRRP on any of > > > the standard platforms? > > > > > Not yet. We are working on a VRRP > implementation though. > > > > I think you meant to write 'Not yet on the > routers'. I'm sure > > some of the boxes you've bought recently (such as > the CSS / > > ArrowPoint switches) does support VRRP. > > > > > HSRP offers much more functionality than VRRP, > but of course > > > it is limited to usage with other Cisco devices. > > > > Actually, since HSRP is documented in RFC2281, > other companies > > could have implemented it if they wanted to. I > guess they don't > > feel VRRP lacking in functionality, since they > haven't. > > > > -A > > -- > > Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, > Robert Metcalfe > > Links : http://www.hojmark.org/networking/ __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK)(INSIDE GLOBAL NETWORK) SUBMASK????
Okay, I've searched every nook and cranny I could think of and could find no mention of the existence of the "network" keyword in that command. Weird. You'd think it would be mentioned at least once somewhere! Or maybe *I* should learn to search CCO better. I even looked through the Open Forum Q&A lists and didn't see anything there. That's a tough one. Maybe you should post that question on that forum and see if someone answers. That's assuming they even get to those questions this year. They seem to be pretty slow about answering those. Good luck, John the Still Slightly Embarrassed >>> "John Neiberger" <[EMAIL PROTECTED]> 3/23/01 4:14:32 PM >>> See what happens when my smart a** side gets the best of me?? This always happens! Hmm... I'll send myself into a corner with the Doc CD to research that one. For some reason it's ringing a bell, but that's probably only because the "static" form of the command is familiar. I'll let you know if I discover anything. Thanks, John the Gently Reprimanded >>> "Michael Snyder" <[EMAIL PROTECTED]> 3/23/01 3:57:00 PM >>> Might want to backup there John, Even try it on your router, IP NAT INSIDE SOURCE STATIC "NETWORK" is a real command, but it's not on the master index. IP NAT INSIDE SOURCE STATIC A.B.C.D is. Try again. ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sabb6e34.016@fsutil01">news:sabb6e34.016@fsutil01... > If I were you I'd learn to use the documentation CD better before you > attempt the lab! > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121mindx/ind ex.htm > > > I'm teasing, but I'm serious. I haven't taken it but I've heard that > the ability to quickly find information such as this will save your hide > during the lab exam. When you're pressed for time that irritating > search feature is even more useless than it usually is. > > HTH, > John > > p.s. Sorry if I came across as a smart a**. That's not intentional, > it's just my nature. ;-) > > >>> "Michael Snyder" <[EMAIL PROTECTED]> 3/23/01 2:53:44 PM >>> > Anyone know what 'IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL > NETWORK) > (INSIDE GLOBAL NETWORK) SUBMASk' does? > > There's no documentation on CCO to how to use it. > > I was trying to map a 8.0.0.0/8 network (one to one, both directions) > to a > 9.0.0.0/8 network via Nat. > > > For example, ping 9.0.0.1 and 8.0.0.1 replies. > > Any idea on a easy way to do this? I tried the ip nat pool match host, > but > the mappings seem to only to be active one way. > > Any sample configs will appreciated. > > > > > > -- > Michael Snyder > NOC Engineer > CCNP-Security, MCSE, CCIE-Written > [EMAIL PROTECTED] > ICQ#17424414 > > WAMS > 273 E. Hacienda Ave > Campbell, CA 95008 > (408) 341-3041 > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Performance Comparision between Linux OS Firewall and Cisco PIX 525
It was assumed that the question was a result of an implementation in an enterpise system. Of course in a school or a small comapny where uptime does not = $ there is no issue, use Linux, use MS Proxy for all that matters. But in an enterprise where uptime is Essentail, there is money at stake and information has lots of value, I would sleep easier at night knowing that I have an enterprise level platform with a solid proven track record, backed by a company who is focused on producing and supporting systems to enable me to focus on doing what I'm good at... Moe. --- Priscilla Oppenheimer <[EMAIL PROTECTED]> wrote: > How about if the customer is strapped for money. I > work at a school. > Luckily our students haven't gotten sophisticated > enough to break into the > Linux firewall but I don't the think that day is too > far away. Some of them > are very smart and they are learning Linux and > networking in their classes. > But PIX is too expensive, I think?? > > Priscilla > > At 09:24 AM 3/23/01, Rik wrote: > >I have seen way too many Linux firewalls hacked as > a result of > >mis-administration. Now, I'm not assuming anything > about your abilities as > >the last confirmed hack that I was notified about > was a Linux FW setup by 2 > >guys that I know to be excellent Linux admins. The > problem is the inherent > >nature of the beast. A PIX is totally secure right > out of the box. The > >last Linux hack I speak of was hacked based on an > exploit within BIND and > >had nothing to do with the FW policy. > > > >I also find the PIX to be MUCH easier to configure > and setup. I can do in > >only a few lines of code what could possibly take > pages and pages of code in > >Linux. When talking about firewalls, simplicity is > a critically important > >concern. One compromise could easily remove any > upfront cost advantage > >Linux has over Cisco. Also, you don't have to be > concerned with shutting > >down unused services on a PIX as you would on > Linux. > > > >Go with the PIX. It was designed from the ground > up to do just what it > >does: protect your network. Cisco claims that a > properly configured PIX has > >never been compromised. I believe them. > > > >Rik > > > > > >""Sean Young"" <[EMAIL PROTECTED]> wrote in > message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi Everyone, > > > > > > My company is putting me in charge in > implementing a Firewall for our > > > company. One guy in my networking group is > recommending PIX Firewall. > > > Furthermore, he also recommends a Cisco > Web-caching engine. His reason > > > is that not only Cisco is good Firewall but it > also provides VPN > > > connectivity to our remote sites. Myself, on > the other hand, would > > > like to implement Linux-based OS firewall along > with FreeS/WAN VPN > > > features set. My reason is that a linux > firewall can provide everything > > > a Cisco PIX does and even more. In term of > hardware, the linux Firewall/ > > > VPN/IPSec box will be running a dual-processor > (800MHz) with 1GB of RAM. > > > I just feel that I can get a lot more for the > amount that we are going > > > to spend with linux than with Cisco PIX. I also > feel that I tweak the > > > source code on the LINUX kernel to increase the > performance and security. > > > Also, instead of purchasing the Cisco > web-caching engine, I am thinking > > > of building another linux box that will be > running squid (web-caching) > > > server. Don't get me wrong, I think Cisco has a > lot of good products > > > in the area of routing; however, I just don't > think it is necessary to > > > throw away money at Cisco when I know that Linux > or BSD can do the same > > > job that PIX and Cisco web-caching engine do but > for much less and also > > > I can control the source code. Has anyone has > experiences with both > > > the Linux/BSD, Squid and Cisco PIX, Cisco > web-caching engine so that > > > you can give advice on what I should do. I am > open to your suggestions. > > > > > > Many thanks. > > > Sean > > > > _ > > > Get your FREE download of MSN Explorer at > http://explorer.msn.com > > > > > > _ > > > FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations > to [EMAIL PROTECTED] > > > > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > Priscilla Oppenheimer > http://www.priscilla.com > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = _ Moe Tavakoli ___
Re: Fast-switched policy routing forwarding table entries..
Curtis, For fast switching a hash table is stored in the cache that consists of the hashed network destination and the next hop MAC header. CEF is a great improvement over fast switching but even that caches only the destination, and not the source. For source destination cache your have to go to Netflow which is only available in the high end platforms, 72xx or better. This is why access lists and process switching can tank your router performance. Check out Phill Harris' 'Router Switching Performance Characteristics' session that he gives at Networkers--I pasted the link to the presentation below. It is easily one of the best sessions you can take at Networkers, and the only place I know to get no-nonsense Cisco Architecture info including information that Cisco will _never_ document. http://www.cisco.com/networkers/nw00/pres/2203.pdf If you can't attend Networkers you can buy the tape of the session. --David - Original Message - From: "Curtis Phillips" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 8:48 AM Subject: Fast-switched policy routing forwarding table entries.. > Hello, > > Does anyone know if source-based policy-routing entries are entered > in the cache in the form of or or ? > > What I am trying to establish is whether a seperate route table look up is performed for every unique source-destination pair, or whether since it is source-base policy routed, is simply does a single route table look up > and uses the cached entry for every packet initiated from the same source? > > > Thanks, > > Curtis > > __ > Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
flashing 3620 Please help!
I'm trying to flash a 3620 but when I use the copy tftp flash command it tells me that destination filesystem is read-only. What the hell am I doing wrong? Justin Lofton Account Executive/CCNA Tredent Data Systems [EMAIL PROTECTED] (818) 222-3770 http://www.tredent.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2610 Serial Interface Puzzler
John, Jim, You're absolutely right, sorry, it was an NM2W, the ethernet was in the chassis. Gave me a heart attack and a few manic chuckles for a few minutes, as the kit got shipped a few thousand miles today. Cheers, Gareth ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sabb747a.028@fsutil01">news:sabb747a.028@fsutil01... > Hmmm, you appear to be correct. I'm looking through the quick reference > guide and I don't see the NM-1E2W as an option on the 2600 series. That > might be a problem. I wonder if it's actually working. > > >>> "Jim Brown" <[EMAIL PROTECTED]> 3/23/01 3:53:34 PM >>> > I don't think that module is even supported in the 2600's. Someone > correct > me if I'm wrong, but can't you only use the NM-1E or NM-2W, not a > NM-1E2W in > the 2600's > > -Original Message- > From: John Neiberger [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 23, 2001 3:42 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: 2610 Serial Interface Puzzler > > > Those modules are numbered from right to left, but only includes > installed modules, I believe. If you had two installed, they would > be--from left to right--1/1 and 1/0. > > >>> "Gareth Hinton" <[EMAIL PROTECTED]> 3/23/01 2:50:43 PM > >>> > Hi All, > > Can anybody please explain the following: > > I've been messing with a 2600 with an NM1E2W running 12.1(5)T > I put a WIC1T in to slot W0, so this understandably became Serial 1/0. > Powered down, removed WIC1T and restarted then WR MEM so any config > for > S1/0 > is gone. > Powered down. Inserted WIC1T into slot W1. > This also came up as S1/0 as opposed to what I would have expected > (S1/1). > I had successful connections on S1/0 while WIC1T was in either slot. > > I'd be interested to see what happens with two WIC1T's in but had to > get the > router on line before I could get hold of another WIC1T. > > Anyone know the reason for this? > > Thanks, > > Gareth > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK)(INSIDE GLOBAL NETWORK) SUBMASK????
See what happens when my smart a** side gets the best of me?? This always happens! Hmm... I'll send myself into a corner with the Doc CD to research that one. For some reason it's ringing a bell, but that's probably only because the "static" form of the command is familiar. I'll let you know if I discover anything. Thanks, John the Gently Reprimanded >>> "Michael Snyder" <[EMAIL PROTECTED]> 3/23/01 3:57:00 PM >>> Might want to backup there John, Even try it on your router, IP NAT INSIDE SOURCE STATIC "NETWORK" is a real command, but it's not on the master index. IP NAT INSIDE SOURCE STATIC A.B.C.D is. Try again. ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sabb6e34.016@fsutil01">news:sabb6e34.016@fsutil01... > If I were you I'd learn to use the documentation CD better before you > attempt the lab! > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121mindx/ind ex.htm > > > I'm teasing, but I'm serious. I haven't taken it but I've heard that > the ability to quickly find information such as this will save your hide > during the lab exam. When you're pressed for time that irritating > search feature is even more useless than it usually is. > > HTH, > John > > p.s. Sorry if I came across as a smart a**. That's not intentional, > it's just my nature. ;-) > > >>> "Michael Snyder" <[EMAIL PROTECTED]> 3/23/01 2:53:44 PM >>> > Anyone know what 'IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL > NETWORK) > (INSIDE GLOBAL NETWORK) SUBMASk' does? > > There's no documentation on CCO to how to use it. > > I was trying to map a 8.0.0.0/8 network (one to one, both directions) > to a > 9.0.0.0/8 network via Nat. > > > For example, ping 9.0.0.1 and 8.0.0.1 replies. > > Any idea on a easy way to do this? I tried the ip nat pool match host, > but > the mappings seem to only to be active one way. > > Any sample configs will appreciated. > > > > > > -- > Michael Snyder > NOC Engineer > CCNP-Security, MCSE, CCIE-Written > [EMAIL PROTECTED] > ICQ#17424414 > > WAMS > 273 E. Hacienda Ave > Campbell, CA 95008 > (408) 341-3041 > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bri flapping with demand cirquit/igrp redistribution
I think you normally disable CDP in dialup lines for efficiency. Leah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jay Chandradas Sent: Friday, March 23, 2001 2:57 PM To: Chris Larson; Bob Boone; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: bri flapping with demand cirquit/igrp redistribution I am not sure CDP will keep the line up ? And ur interesting traffic is permit ip any any . I dont think CDP will keep the line up. When u do a debug ip pack.. u can nvr see CDP.. CDP is layer 2. my 0.02 - Original Message - From: "Chris Larson" <[EMAIL PROTECTED]> To: "Bob Boone" <[EMAIL PROTECTED]>; "Jay Chandradas" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 2:40 PM Subject: RE: bri flapping with demand cirquit/igrp redistribution > Will CDP keep the line up? Turn off CDP. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Bob Boone > Sent: Friday, March 16, 2001 5:30 PM > To: Jay Chandradas; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > Yes i do have passive BRI on IGRP, and also, the way it is done now, it > restricts ALL networks, if you look at the access-list 15 it has one > statement and then explisit deny all. > still not working. > > - Original Message - > From: "Jay Chandradas" <[EMAIL PROTECTED]> > To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Friday, March 16, 2001 12:22 PM > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > 1. DO u have a passive interface on bri0 under router IGRP > > > > 2. I wud do this way !! when u r redisributing into OSPG .. allow only the > > IGRP networks ( including the network conneted with is running IGRP ) > > > > Jay > > > > when u r redistributing into > > - Original Message - > > From: "Netguy" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Friday, March 16, 2001 12:01 PM > > Subject: bri flapping with demand cirquit/igrp redistribution > > > > > > > > Hello all you happy people. > > > > Router A has ospf/igrp mutual redistribution and bri > > > > int dialing elsewhere with demand circuit. it keeps > > > > flapping. > > > > i followed someone's advice and created a route/map > > > > filter to filter out bri network from igrp > > > > redistributing back into ospf. > > > > what the hell am i doing wrong? i know its a big > > > > thing > > > > that lots of people had problems with. > > > > here's the key configs: > > > > interface BRI0/0 > > > > ip address 173.5.8.1 255.255.255.252 > > > > encapsulation ppp > > > > ip ospf demand-circuit > > > > dialer idle-timeout 15 > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667007 > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667008 > > > > dialer load-threshold 128 outbound > > > > dialer-group 1 > > > > isdn switch-type basic-dms100 > > > > isdn spid1 9258667005 > > > > isdn spid2 9258667006 > > > > ppp authentication chap > > > > ppp chap hostname CCIE > > > > ppp multilink > > > > > > > > > > > > router ospf 1 > > > > log-adjacency-changes > > > > area 0 authentication message-digest > > > > area 0 range 173.5.1.0 255.255.255.0 > > > > summary-address 173.5.10.0 255.255.255.0 > > > > redistribute igrp 100 metric 100 subnets route-map > > > > stuff > > > > network 1.1.1.0 0.0.0.3 area 0 > > > > network 173.5.1.0 0.0.0.15 area 0 > > > > network 173.5.7.0 0.0.0.7 area 3 > > > > network 173.5.8.0 0.0.0.3 area 3 > > > > network 173.5.10.0 0.0.0.127 area 3 > > > > network 173.5.17.0 0.0.0.255 area 0 > > > > access-list 15 permit 173.5.8.0 0.0.0.3 log > > > > route-map stuff deny 5 > > > > match ip address 15 > > > > ! > > > > route-map stuff permit 10 > > > > set tag 4 > > > > > > > > __ > > > > Do You Yahoo!? > > > > Get email at your own domain with Yahoo! Mail. > > > > http://personal.mail.yahoo.com/ > > > > > > > > > __ > > > Do You Yahoo!? > > > Get email at your own domain with Yahoo! Mail. > > > http://personal.mail.yahoo.com/ > > > > > > ___ > > > To unsubscribe from the CCIELAB list, send a message to > > > [EMAIL PROTECTED] with the body containing: > > > unsubscribe ccielab > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE** All LAB SWAP messages should now be sent to the LAB SWAP Message board on groupstudy.com. ___ To unsubscribe from the CCIELAB list, send a message
RE: print config
You could also use SecureCRT from http://www.vandyke.com/ Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Buri, Heather H Sent: Friday, March 23, 2001 3:36 PM To: 'David Sanderson'; '[EMAIL PROTECTED]' Subject: RE: print config If you are using Windows telnet.exe, you can log it via the terminal menu command and select "Start Logging" Heather Buri CSC Technology Services - Houston Phone: (713)-961-8592 Fax:(713)-961-8249 Mobile: Alpha Page: Mailing:1360 Post Oak Blvd Suite 500 Houston, TX 77056 -Original Message- From: David Sanderson [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 12:34 PM To: '[EMAIL PROTECTED]' Subject: print config How can I capture my router configuration for a printed copy? I know I can highlight and copy as I page down in a telnet session, but, there must be an easier way to get it into a .txt file all at once. Thanks for any help, Dave _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLSM and CIDR
In response to a previous e-mail I was asked to define the difference VLSM and CIDR, which I think is a fairly common question. The quick and dirty answer I gave is that CIDR is for external protocols like BGP, while VLSM is for IGPs. Here are some links to the groupstudy archives with the more detailed answers... http://www.groupstudy.com/archives/cisco/23/msg00796.html http://www.groupstudy.com/archives/cisco/199909/msg00485.html I hope there are some who find this useful... --- Dennis _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2610 Serial Interface Puzzler
Hmmm, you appear to be correct. I'm looking through the quick reference guide and I don't see the NM-1E2W as an option on the 2600 series. That might be a problem. I wonder if it's actually working. >>> "Jim Brown" <[EMAIL PROTECTED]> 3/23/01 3:53:34 PM >>> I don't think that module is even supported in the 2600's. Someone correct me if I'm wrong, but can't you only use the NM-1E or NM-2W, not a NM-1E2W in the 2600's -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 3:42 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: 2610 Serial Interface Puzzler Those modules are numbered from right to left, but only includes installed modules, I believe. If you had two installed, they would be--from left to right--1/1 and 1/0. >>> "Gareth Hinton" <[EMAIL PROTECTED]> 3/23/01 2:50:43 PM >>> Hi All, Can anybody please explain the following: I've been messing with a 2600 with an NM1E2W running 12.1(5)T I put a WIC1T in to slot W0, so this understandably became Serial 1/0. Powered down, removed WIC1T and restarted then WR MEM so any config for S1/0 is gone. Powered down. Inserted WIC1T into slot W1. This also came up as S1/0 as opposed to what I would have expected (S1/1). I had successful connections on S1/0 while WIC1T was in either slot. I'd be interested to see what happens with two WIC1T's in but had to get the router on line before I could get hold of another WIC1T. Anyone know the reason for this? Thanks, Gareth _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2610 Serial Interface Puzzler
I installed one module in the left (labelled W1) and it became S1/0. So if I put a second module in the right (W0), would the original change to S1/1 and the new one be S1/0? Make a right mess of my config. Sort of wish I'd hung on and tried it now. I'll have to try and dig another 2600 out of spares. Gaz ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sabb6eeb.019@fsutil01">news:sabb6eeb.019@fsutil01... > Those modules are numbered from right to left, but only includes > installed modules, I believe. If you had two installed, they would > be--from left to right--1/1 and 1/0. > > >>> "Gareth Hinton" <[EMAIL PROTECTED]> 3/23/01 2:50:43 PM > >>> > Hi All, > > Can anybody please explain the following: > > I've been messing with a 2600 with an NM1E2W running 12.1(5)T > I put a WIC1T in to slot W0, so this understandably became Serial 1/0. > Powered down, removed WIC1T and restarted then WR MEM so any config for > S1/0 > is gone. > Powered down. Inserted WIC1T into slot W1. > This also came up as S1/0 as opposed to what I would have expected > (S1/1). > I had successful connections on S1/0 while WIC1T was in either slot. > > I'd be interested to see what happens with two WIC1T's in but had to > get the > router on line before I could get hold of another WIC1T. > > Anyone know the reason for this? > > Thanks, > > Gareth > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK) (INSIDE GLOBAL NETWORK) SUBMASK????
Might want to backup there John, Even try it on your router, IP NAT INSIDE SOURCE STATIC "NETWORK" is a real command, but it's not on the master index. IP NAT INSIDE SOURCE STATIC A.B.C.D is. Try again. ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message sabb6e34.016@fsutil01">news:sabb6e34.016@fsutil01... > If I were you I'd learn to use the documentation CD better before you > attempt the lab! > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121mindx/ind ex.htm > > > I'm teasing, but I'm serious. I haven't taken it but I've heard that > the ability to quickly find information such as this will save your hide > during the lab exam. When you're pressed for time that irritating > search feature is even more useless than it usually is. > > HTH, > John > > p.s. Sorry if I came across as a smart a**. That's not intentional, > it's just my nature. ;-) > > >>> "Michael Snyder" <[EMAIL PROTECTED]> 3/23/01 2:53:44 PM >>> > Anyone know what 'IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL > NETWORK) > (INSIDE GLOBAL NETWORK) SUBMASk' does? > > There's no documentation on CCO to how to use it. > > I was trying to map a 8.0.0.0/8 network (one to one, both directions) > to a > 9.0.0.0/8 network via Nat. > > > For example, ping 9.0.0.1 and 8.0.0.1 replies. > > Any idea on a easy way to do this? I tried the ip nat pool match host, > but > the mappings seem to only to be active one way. > > Any sample configs will appreciated. > > > > > > -- > Michael Snyder > NOC Engineer > CCNP-Security, MCSE, CCIE-Written > [EMAIL PROTECTED] > ICQ#17424414 > > WAMS > 273 E. Hacienda Ave > Campbell, CA 95008 > (408) 341-3041 > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2610 Serial Interface Puzzler
I don't think that module is even supported in the 2600's. Someone correct me if I'm wrong, but can't you only use the NM-1E or NM-2W, not a NM-1E2W in the 2600's -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 3:42 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: 2610 Serial Interface Puzzler Those modules are numbered from right to left, but only includes installed modules, I believe. If you had two installed, they would be--from left to right--1/1 and 1/0. >>> "Gareth Hinton" <[EMAIL PROTECTED]> 3/23/01 2:50:43 PM >>> Hi All, Can anybody please explain the following: I've been messing with a 2600 with an NM1E2W running 12.1(5)T I put a WIC1T in to slot W0, so this understandably became Serial 1/0. Powered down, removed WIC1T and restarted then WR MEM so any config for S1/0 is gone. Powered down. Inserted WIC1T into slot W1. This also came up as S1/0 as opposed to what I would have expected (S1/1). I had successful connections on S1/0 while WIC1T was in either slot. I'd be interested to see what happens with two WIC1T's in but had to get the router on line before I could get hold of another WIC1T. Anyone know the reason for this? Thanks, Gareth _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bri flapping with demand cirquit/igrp redistribution
I am not sure CDP will keep the line up ? And ur interesting traffic is permit ip any any . I dont think CDP will keep the line up. When u do a debug ip pack.. u can nvr see CDP.. CDP is layer 2. my 0.02 - Original Message - From: "Chris Larson" <[EMAIL PROTECTED]> To: "Bob Boone" <[EMAIL PROTECTED]>; "Jay Chandradas" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 2:40 PM Subject: RE: bri flapping with demand cirquit/igrp redistribution > Will CDP keep the line up? Turn off CDP. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Bob Boone > Sent: Friday, March 16, 2001 5:30 PM > To: Jay Chandradas; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > Yes i do have passive BRI on IGRP, and also, the way it is done now, it > restricts ALL networks, if you look at the access-list 15 it has one > statement and then explisit deny all. > still not working. > > - Original Message - > From: "Jay Chandradas" <[EMAIL PROTECTED]> > To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Friday, March 16, 2001 12:22 PM > Subject: Re: bri flapping with demand cirquit/igrp redistribution > > > > 1. DO u have a passive interface on bri0 under router IGRP > > > > 2. I wud do this way !! when u r redisributing into OSPG .. allow only the > > IGRP networks ( including the network conneted with is running IGRP ) > > > > Jay > > > > when u r redistributing into > > - Original Message - > > From: "Netguy" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Friday, March 16, 2001 12:01 PM > > Subject: bri flapping with demand cirquit/igrp redistribution > > > > > > > > Hello all you happy people. > > > > Router A has ospf/igrp mutual redistribution and bri > > > > int dialing elsewhere with demand circuit. it keeps > > > > flapping. > > > > i followed someone's advice and created a route/map > > > > filter to filter out bri network from igrp > > > > redistributing back into ospf. > > > > what the hell am i doing wrong? i know its a big > > > > thing > > > > that lots of people had problems with. > > > > here's the key configs: > > > > interface BRI0/0 > > > > ip address 173.5.8.1 255.255.255.252 > > > > encapsulation ppp > > > > ip ospf demand-circuit > > > > dialer idle-timeout 15 > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667007 > > > > dialer map ip 173.5.8.2 name R5 broadcast 8667008 > > > > dialer load-threshold 128 outbound > > > > dialer-group 1 > > > > isdn switch-type basic-dms100 > > > > isdn spid1 9258667005 > > > > isdn spid2 9258667006 > > > > ppp authentication chap > > > > ppp chap hostname CCIE > > > > ppp multilink > > > > > > > > > > > > router ospf 1 > > > > log-adjacency-changes > > > > area 0 authentication message-digest > > > > area 0 range 173.5.1.0 255.255.255.0 > > > > summary-address 173.5.10.0 255.255.255.0 > > > > redistribute igrp 100 metric 100 subnets route-map > > > > stuff > > > > network 1.1.1.0 0.0.0.3 area 0 > > > > network 173.5.1.0 0.0.0.15 area 0 > > > > network 173.5.7.0 0.0.0.7 area 3 > > > > network 173.5.8.0 0.0.0.3 area 3 > > > > network 173.5.10.0 0.0.0.127 area 3 > > > > network 173.5.17.0 0.0.0.255 area 0 > > > > access-list 15 permit 173.5.8.0 0.0.0.3 log > > > > route-map stuff deny 5 > > > > match ip address 15 > > > > ! > > > > route-map stuff permit 10 > > > > set tag 4 > > > > > > > > __ > > > > Do You Yahoo!? > > > > Get email at your own domain with Yahoo! Mail. > > > > http://personal.mail.yahoo.com/ > > > > > > > > > __ > > > Do You Yahoo!? > > > Get email at your own domain with Yahoo! Mail. > > > http://personal.mail.yahoo.com/ > > > > > > ___ > > > To unsubscribe from the CCIELAB list, send a message to > > > [EMAIL PROTECTED] with the body containing: > > > unsubscribe ccielab > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FIGURED IT OUT!!!
After many hours of trying to get the ISP to send me the configuration...and they never did...rat bastards won't let anyone else into it... I ended up having to shut off their router, and turn it back on...to see if it was an arp issue on the router...i knew it wasn't an issue on the pix... THAT fixed it... all the commands and everything else i did was a waste of time more or less (cept i learned more about a pix 515...so i guess it wasn't a complete waste)... Thanks for tha help guys!!! Brent CCNP, CCDA, MCSE, MCP+I, ETC. "Moe Tavakoli" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > DO you have statics for these hosts you are pinging > from or a blanket global (outside) ? Your internal > hosts will need to be translated to routable IPs. > That is unless youa re using NAT 0 and have a Internet > routable IP assigned to all your internal hosts. In > which case you'll need a staic (inside, outside) > mapping your IPs to them selves (this can be done with > a mapping of a network range to itself, inplace of /32 > mappings per host.) > > Hope that helps. > > --- Brent Ulfig <[EMAIL PROTECTED]> wrote: > > I've got an unusual problem with my PIX 515. > > > > I've configured the inside interface correctly, and > > can ping hosts on the > > internal network. I've configured the outside > > interface correctly (as far > > as ip addresses go) and can ping anywhere on the > > internet. > > > > I've configured the router (to the internet) as the > > default route of the > > pix...and the pix as the default gateway of the > > hosts on the internal > > network. > > > > I've also used the conduit permit icmp any any > > command so that i can ping in and out of the > > firewall... > > > > When I try to ping anywhere on the internet from the > > firewall it > > works...also when i try to ping the internal network > > it works... > > > > When i try to ping the pix from a host it > > works...when i try to ping the > > router (to the internet) from a host it > > works...(meaning it goes through the > > pix to the router fine) > > > > however, when i try to ping anywhere on the internet > > (including the next hop > > from the router) it doesn't work...i can't get > > passed the router...it just > > dead ends there... > > > > i checked to make sure that the subnet mask on the > > pix is right...and its > > fine... > > > > any ideas? > > > > > > Thanks, > > > > Brent > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > = > _ > Moe Tavakoli > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: back-to-back serial interfaces
Sorry I forgot to say that the link works just fine with the DCE on the IOS 12.0 end. It doesn't work with the DCE on the IOS 11.0 end. The 12.0 end always comes up and the 11.0 end works just fine as a DTE. Richard --- Jason Kolevar <[EMAIL PROTECTED]> wrote: > Are you sure you don't have a marginal cable, or > does it do this with other > cables as well? They're shouldn't be a > compatibility issue between IOS > versions. > > Jason. > > - Original Message - > From: "Richard Wilson" <[EMAIL PROTECTED]> > Newsgroups: groupstudy.cisco > Sent: Thursday, March 22, 2001 7:15 PM > Subject: back-to-back serial interfaces > > > > Hi > > > > I hate to revisit the old back-to-back serial > problem > > but I think I have a new twist. I've researched > the > > archives including Pamela's excellent March 15 > > response and can't seem to find anything that > fits. I > > think my problem is slightly different and I would > > appreciate any insight the group can provide. > > > > I'm running two 2500s with a DCE/DTE cable between > > serial ports. "Show Controller" correctly > identifies > > the DCE and DTE ends. > > > > One end is running IOS 11.0(17) and the other end > IOS > > 12.0(9). I can switch cable ends and in either > case > > the router on the DCE end accepts the "Clock Rate" > > command with no problem. > > > > The twist is that the IOS 12 router accepts the > "No > > Shutdown" command and comes up. The 11.0 router > > accepts the command but the line protocol stays > down. > > The "Show Interface" command identifies identical > > configurations on both ends including HDLC > > encapsulation. > > > > I'm assuming the difference is the IOS version and > I > > can certainly upgrade. Should I encounter this > > problem in the field, however, I would like to > > understand what's going on. Is there an IOS > command > > required in the earlier version that isn't > required in > > 12? > > > > Thanks in advance > > > > Richard > > > > > > __ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2610 Serial Interface Puzzler
Those modules are numbered from right to left, but only includes installed modules, I believe. If you had two installed, they would be--from left to right--1/1 and 1/0. >>> "Gareth Hinton" <[EMAIL PROTECTED]> 3/23/01 2:50:43 PM >>> Hi All, Can anybody please explain the following: I've been messing with a 2600 with an NM1E2W running 12.1(5)T I put a WIC1T in to slot W0, so this understandably became Serial 1/0. Powered down, removed WIC1T and restarted then WR MEM so any config for S1/0 is gone. Powered down. Inserted WIC1T into slot W1. This also came up as S1/0 as opposed to what I would have expected (S1/1). I had successful connections on S1/0 while WIC1T was in either slot. I'd be interested to see what happens with two WIC1T's in but had to get the router on line before I could get hold of another WIC1T. Anyone know the reason for this? Thanks, Gareth _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK)(INSIDE GLOBAL NETWORK) SUBMASK????
If I were you I'd learn to use the documentation CD better before you attempt the lab! http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121mindx/index.htm I'm teasing, but I'm serious. I haven't taken it but I've heard that the ability to quickly find information such as this will save your hide during the lab exam. When you're pressed for time that irritating search feature is even more useless than it usually is. HTH, John p.s. Sorry if I came across as a smart a**. That's not intentional, it's just my nature. ;-) >>> "Michael Snyder" <[EMAIL PROTECTED]> 3/23/01 2:53:44 PM >>> Anyone know what 'IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK) (INSIDE GLOBAL NETWORK) SUBMASk' does? There's no documentation on CCO to how to use it. I was trying to map a 8.0.0.0/8 network (one to one, both directions) to a 9.0.0.0/8 network via Nat. For example, ping 9.0.0.1 and 8.0.0.1 replies. Any idea on a easy way to do this? I tried the ip nat pool match host, but the mappings seem to only to be active one way. Any sample configs will appreciated. -- Michael Snyder NOC Engineer CCNP-Security, MCSE, CCIE-Written [EMAIL PROTECTED] ICQ#17424414 WAMS 273 E. Hacienda Ave Campbell, CA 95008 (408) 341-3041 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bri flapping with demand cirquit/igrp redistribution
Will CDP keep the line up? Turn off CDP. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Boone Sent: Friday, March 16, 2001 5:30 PM To: Jay Chandradas; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: bri flapping with demand cirquit/igrp redistribution Yes i do have passive BRI on IGRP, and also, the way it is done now, it restricts ALL networks, if you look at the access-list 15 it has one statement and then explisit deny all. still not working. - Original Message - From: "Jay Chandradas" <[EMAIL PROTECTED]> To: "Netguy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 16, 2001 12:22 PM Subject: Re: bri flapping with demand cirquit/igrp redistribution > 1. DO u have a passive interface on bri0 under router IGRP > > 2. I wud do this way !! when u r redisributing into OSPG .. allow only the > IGRP networks ( including the network conneted with is running IGRP ) > > Jay > > when u r redistributing into > - Original Message - > From: "Netguy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Friday, March 16, 2001 12:01 PM > Subject: bri flapping with demand cirquit/igrp redistribution > > > > > Hello all you happy people. > > > Router A has ospf/igrp mutual redistribution and bri > > > int dialing elsewhere with demand circuit. it keeps > > > flapping. > > > i followed someone's advice and created a route/map > > > filter to filter out bri network from igrp > > > redistributing back into ospf. > > > what the hell am i doing wrong? i know its a big > > > thing > > > that lots of people had problems with. > > > here's the key configs: > > > interface BRI0/0 > > > ip address 173.5.8.1 255.255.255.252 > > > encapsulation ppp > > > ip ospf demand-circuit > > > dialer idle-timeout 15 > > > dialer map ip 173.5.8.2 name R5 broadcast 8667007 > > > dialer map ip 173.5.8.2 name R5 broadcast 8667008 > > > dialer load-threshold 128 outbound > > > dialer-group 1 > > > isdn switch-type basic-dms100 > > > isdn spid1 9258667005 > > > isdn spid2 9258667006 > > > ppp authentication chap > > > ppp chap hostname CCIE > > > ppp multilink > > > > > > > > > router ospf 1 > > > log-adjacency-changes > > > area 0 authentication message-digest > > > area 0 range 173.5.1.0 255.255.255.0 > > > summary-address 173.5.10.0 255.255.255.0 > > > redistribute igrp 100 metric 100 subnets route-map > > > stuff > > > network 1.1.1.0 0.0.0.3 area 0 > > > network 173.5.1.0 0.0.0.15 area 0 > > > network 173.5.7.0 0.0.0.7 area 3 > > > network 173.5.8.0 0.0.0.3 area 3 > > > network 173.5.10.0 0.0.0.127 area 3 > > > network 173.5.17.0 0.0.0.255 area 0 > > > access-list 15 permit 173.5.8.0 0.0.0.3 log > > > route-map stuff deny 5 > > > match ip address 15 > > > ! > > > route-map stuff permit 10 > > > set tag 4 > > > > > > __ > > > Do You Yahoo!? > > > Get email at your own domain with Yahoo! Mail. > > > http://personal.mail.yahoo.com/ > > > > > > __ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > > > ___ > > To unsubscribe from the CCIELAB list, send a message to > > [EMAIL PROTECTED] with the body containing: > > unsubscribe ccielab _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: VeriSign tricked into giving a certificate for MicroSoft
Check out the following article: http://news.excite.com/news/ap/010322/17/microsoft-impostor Verisign was tricked into giving a digital certificate that will allow an imposter to represent themselves as Microsoft. Do browsers check a Certificate Revocation List? Paul Borghese _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2610 Serial Interface Puzzler
Hi All, Can anybody please explain the following: I've been messing with a 2600 with an NM1E2W running 12.1(5)T I put a WIC1T in to slot W0, so this understandably became Serial 1/0. Powered down, removed WIC1T and restarted then WR MEM so any config for S1/0 is gone. Powered down. Inserted WIC1T into slot W1. This also came up as S1/0 as opposed to what I would have expected (S1/1). I had successful connections on S1/0 while WIC1T was in either slot. I'd be interested to see what happens with two WIC1T's in but had to get the router on line before I could get hold of another WIC1T. Anyone know the reason for this? Thanks, Gareth _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK) (INSIDE GLOBAL NETWORK) SUBMASK????
Anyone know what 'IP NAT INSIDE SOURCE STATIC NETWORK (INSIDE LOCAL NETWORK) (INSIDE GLOBAL NETWORK) SUBMASk' does? There's no documentation on CCO to how to use it. I was trying to map a 8.0.0.0/8 network (one to one, both directions) to a 9.0.0.0/8 network via Nat. For example, ping 9.0.0.1 and 8.0.0.1 replies. Any idea on a easy way to do this? I tried the ip nat pool match host, but the mappings seem to only to be active one way. Any sample configs will appreciated. -- Michael Snyder NOC Engineer CCNP-Security, MCSE, CCIE-Written [EMAIL PROTECTED] ICQ#17424414 WAMS 273 E. Hacienda Ave Campbell, CA 95008 (408) 341-3041 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RJ45 ethernet to cisco Serial conversion?
Think about devices such as HP Jet Directs or Intel Netports (bidirectional serial or parallel to Ethernet) which allow you to connect legacy printers to Ethernet LANs. These devices are not big or expensive so it IS possible - OK firmware reprograming req. === IMPORTANT: This email is intended for the use of the individual addressee(s)named above and may contain information that is confidential privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites and place it in a warm oven for 40 minutes. Whisk briefly and let it stand for 2 hours before icing. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT/Support passing score? Still around 692?
Got my sheet right here- 692 - Original Message - From: "Henry Rollins" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 9:04 AM Subject: CIT/Support passing score? Still around 692? > Anyone taken it recently and care to share? I saw several postings in > the archives that mention 692, but they were from last year. > > Thanks > > -- > FREE ANONYMOUS EMAIL! Sign up now. > http://www.subdimension.com/freemail > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Books for BCMSN
Cisco press & follow up any questions that you might have with the latest Exam Cram. Stay away from the NetCert's book. It is way too light in content. I read the NetCert's & then skimmed the Exam Cram. I thought they were written for 2 different tests. In defense of the NetCert book, it was the first BCMSN book out when the exams changed. Good Luck Phil PS- know your set commands - Original Message - From: "Srihari Babu" <[EMAIL PROTECTED]> To: "John Neiberger" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 5:19 AM Subject: Books for BCMSN > > HAi john and all, > > i have done my BSCN and BCRAN and i am planning to go > through BCMSN next.can you give some good suggesions? > which is the best book and topics covered(more)and all > thanks in advance > and waiting for your fast reply > bye SRIHARI > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: back-to-back serial interfaces
Version 9.x or not, backwards compatibility has never been a given. I suppose my reaction is a little knee-jerk, being that the bulk of my experience is in large enterprise networks. I can't tell you how many times I've found old routers acting funky- hours or days after a peer upgrade. Last week I had a 4500 with 11.2(9) start with a EIGRP memory leak because it was now communicating with a 7513 upgraded to an RSP4/ 12.1 combination (previously an RSP2 with 11.1). OK- back to studying :o) Phil - Original Message - From: "EA Louie" <[EMAIL PROTECTED]> To: "John Neiberger" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 4:16 AM Subject: Re: back-to-back serial interfaces > that is very frightening. Did Cisco release notes show a non-compatability > between the versions? That HDLC 'standard' has been in effect since version > 9.x > > -e- > - Original Message - > From: John Neiberger <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, March 22, 2001 3:35 PM > Subject: Re: back-to-back serial interfaces > > > > I had this exact issue a couple of months ago. The problem was that the > > flavor of HDLC in older IOS versions was not playing well with the newer > > versions. I upgraded the older version to a 12.x version and all was > > well. > > > > Regards, > > John > > > > >>> "Richard Wilson" <[EMAIL PROTECTED]> 3/22/01 4:06:55 PM >>> > > Hi > > > > I hate to revisit the old back-to-back serial problem > > but I think I have a new twist. I've researched the > > archives including Pamela's excellent March 15 > > response and can't seem to find anything that fits. I > > think my problem is slightly different and I would > > appreciate any insight the group can provide. > > > > I'm running two 2500s with a DCE/DTE cable between > > serial ports. "Show Controller" correctly identifies > > the DCE and DTE ends. > > > > One end is running IOS 11.0(17) and the other end IOS > > 12.0(9). I can switch cable ends and in either case > > the router on the DCE end accepts the "Clock Rate" > > command with no problem. > > > > The twist is that the IOS 12 router accepts the "No > > Shutdown" command and comes up. The 11.0 router > > accepts the command but the line protocol stays down. > > The "Show Interface" command identifies identical > > configurations on both ends including HDLC > > encapsulation. > > > > I'm assuming the difference is the IOS version and I > > can certainly upgrade. Should I encounter this > > problem in the field, however, I would like to > > understand what's going on. Is there an IOS command > > required in the earlier version that isn't required in > > 12? > > > > Thanks in advance > > > > Richard > > > > > > __ > > Do You Yahoo!? > > Get email at your own domain with Yahoo! Mail. > > http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: trunking
All my 3548s do. And the 4000s also do wehn you add teh L3 mod to it. It's just that the lower end (no L3) don't... --- "The.Rock" <[EMAIL PROTECTED]> wrote: > the catalyst 3548's don't either. > > ""Rik"" <[EMAIL PROTECTED]> wrote in message > 99ftpt$p2n$[EMAIL PROTECTED]">news:99ftpt$p2n$[EMAIL PROTECTED]... > > ISL is Cisco proprietary whereas 802.1Q is an open > standard. Cisco is > > moving away from ISL, however. In fact, some of > the newer equipment no > > longer supports it, such as the Cat4000 switches. > > > > Dot1Q adds less bits to the frame, but the way in > which it adds them makes > > it somewhat less efficient. ISL adds several more > bits to ends of the > > frame, making it easier to view the trunking info > bits, but the higher > > number of bits makes the MTU that much higher as > well. Dot1Q doesn't have > > such a pronounced effect on MTU as does ISL. > > > > I typically use Dot1Q these days. Knowing that > Cisco is moving away from > > ISL and the fact that other vendor's equipment > supports Dot1Q makes it a > > more sensible choice for future compatibility. > > > > Rik > > > > > > ""Lopez, Robert"" <[EMAIL PROTECTED]> wrote > in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > What are the differences between isl and 802.1q > trunking. If I'm in a > > total > > > cisco switched environment, should I always use > isl? What would be a > > good > > > reason to use 802.1q? Which one is more favored > over the other? > > > > > > Robert > > > > > > > > > > > > Robert M. Lopez > > > Network Planning > > > Ann Arbor Data Center > > > Pfizer Global Research & Development > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations > to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = _ Moe Tavakoli __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Refurbished/used cisco equipment
http://www.optsys.net/ Optimized Systems, Inc. (Taken from their web site) Our top quality kits can be tailored to meet budget and certification needs. We have Cisco 25xx, 26xx, 36xx series routers and Catalyst switches available. Kits can include router to router cables, token ring maus, token ring media filters, ethernet transceivers, console cable kits, DOC CDs, and anything else needed to setup a home/company lab. We also carry a wide variety of routers and modules applicable to production environments. > - Original Message - > From: "bigmo" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, March 22, 2001 6:22 AM > Subject: Refurbished/used cisco equipment > > > > > > I am thinking of buying some used cisco equipment > (cisco 2514, catalyst > > 1924 & 2924XL,...). Anybody knows the address of a > site where they offer > > such hardware? = Paul M. Immo CCDP CCNP MCSE ___ Imagination is more important than knowledge Albert Einstein __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: recommended CCNP lab
I think you could pass the four CCNP tests without any hands on, although it would be difficult. I would try just buying the CCNP library and going from there. You could pass with just those books and no equipment. :) Hows that for bare minimum requirments ;) Take care. >From: Brad Shifflett <[EMAIL PROTECTED]> >Reply-To: Brad Shifflett <[EMAIL PROTECTED]> >To: "Groupstudy (E-mail)" <[EMAIL PROTECTED]> >Subject: recommended CCNP lab >Date: Fri, 23 Mar 2001 10:29:00 -0800 > >If you could, what would you recommend for a lab setup, very basic, just to >learn all you need and see what is happening. What equipment would be bare >minimum requirements? At the most reasonable price. > >Brad Shifflett > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Autonomous Systems
I don't believe you can successfully load balance too two separate AS's (ISP's), from a single AS (say your domain). BGP does not work that'a way. You'd have to have separate gateway AS's coming from the two ISP's & have IBGP make the decisions within the domain (bellow the two gateways). Does this make sense ??? Am I on target :-) Phil - Original Message - From: "Brian" <[EMAIL PROTECTED]> To: "Alassar, Sonia" <[EMAIL PROTECTED]> Cc: "'John Neiberger'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, March 22, 2001 7:28 PM Subject: RE: Autonomous Systems > over time, a planned migration would likely be advantageous, from a > management perspective. > > Bri > > On Thu, 22 Mar 2001, Alassar, Sonia wrote: > > > Yes, I am speaking about routing on the internet with BGP-4. If I am a > > carrier that has 1 AS and I purchase another network (that has multiple > > ASes) from another carrier, should I integrate them into a single AS, or > > keep them as multiple AS? It is not that I want to have multiple AS, > > however, I will have them via the acquisition. The question is should I keep > > them separate, or migrate them into one. What added benefit do I get if I > > have one? A second question is if 1 AS is so great, why do Sprint, WorldCom, > > AT&T, and Genuity all have multiple AS? > > > > Sonia > > > > > > > > _ > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: print config
If you are using Windows telnet.exe, you can log it via the terminal menu command and select "Start Logging" Heather Buri CSC Technology Services - Houston Phone: (713)-961-8592 Fax:(713)-961-8249 Mobile: Alpha Page: Mailing:1360 Post Oak Blvd Suite 500 Houston, TX 77056 -Original Message- From: David Sanderson [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 12:34 PM To: '[EMAIL PROTECTED]' Subject: print config How can I capture my router configuration for a printed copy? I know I can highlight and copy as I page down in a telnet session, but, there must be an easier way to get it into a .txt file all at once. Thanks for any help, Dave _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The New CCIE Tracks
I'm surprised no one has mentioned the major changes to the CCIE program that the new "Communications and Services" and "Security" tracks will make. I suppose that many people are pretty far down the Routing and Switching track. Looking at the new tracks, the most notable changes seem to be: 1. There will be 8 different alternative written tests for the Communications & Services track based on what area of specialization you pursue. The half of the written test called "General Knowledge" is similar to the R&S written test. 2. The Lab test for the "C&S" track will test only the common parts of the track and is primarily a subset of the Routing and Switching Lab Exam. Two items mentioned in the C&S track but not the R&S track are MPLS/VPN and QoS. The lab rack is the same for R&S and C&S. Hopefully, this means the backup for getting a Lab Exam won't be getting even longer. 3. The Security written test is much different than any previous CCIE written, but the lab rack includes the same 6 devices listed in the R&S track as well as a PIX and other security software. I wonder how the new tracks will be viewed by R&S CCIEs already out there? Anybody have any comments, corrections or insights? References: CCIE Communications and Services http://www.cisco.com/warp/public/625/ccie/certifications/services.html CCIE Communications and Services Exam Blueprint http://www.cisco.com/warp/public/625/ccie/certifications/services_blueprint. html CCIE Security http://www.cisco.com/warp/public/625/ccie/certifications/security.html CCIE Security Exam Blueprint http://www.cisco.com/warp/public/625/ccie/certifications/security_qual_bluep rint.html Arthur Stewart, CCNP-Security _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie exam fee
Cisco has not increased these prices for years. I don't blame Cisco at all. They just increase the lab significantly also. It will not lower the demand or backlog for the lab exam. -- Eric Fairfield CCIE #6413 ""Lim Jit Cheng"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > cisco have any reason for the increase? economy slow down?? hey, correct > me if i am wrong . they should make exams more affordable for people to > learn their equipments... common sense... if more people are familiar with > cisco products, it'll be more likely they'll advise their managers to > purchase it if they are worried of excessive CCIEs written... they'll > should raise CCIE written exam's standards inline with the lab ... > > comparing cisco exams with other exams.. it's high. > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Dan > Sent: Thursday, March 22, 2001 1:16 AM > To: [EMAIL PROTECTED] > Subject: Re: ccie exam fee > > > yes I paid 300 > ""brain"" <[EMAIL PROTECTED]> wrote in message > 002201c0b1fe$8b584000$310b80cb@umer">news:002201c0b1fe$8b584000$310b80cb@umer... > hello=20 > > i have heard rumors of increase in the ccie qualification exam fee to = > 300 $. is it true. also would there be any increase in the near future = > in the passing marks of ccie qualification exam (routing and switching) = > has anyone heard anything about it? > > thanx > umer > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router 2513
send the seller an email asking why he won't ship to Canada. The default is US only and many don't change it. In your email explain that you will handle the customs hassles. Most people I have approached with "US only" usually let me bid on their stuff. Kevin Wigle - Original Message - From: "RamG" <[EMAIL PROTECTED]> To: "cisco GroupStudy" <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 2:13 PM Subject: Router 2513 > > Hello Gang, > > I am looking for 2513 with 16R/16F. There are quite a few at ebay. Most of > the sellers are not interested shipping to Canada. Anybody on the list > interested to sell one. > > Thanks > > > RamG > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
Brent & Alex, Just a shot in the dark here but here's what I would check to start tracking it down. When the problem occurs does CLEAR XLATE help? How many IP's in NAT pool? Using nat 0? NAT utilization peaks? How are the public IP's set up? ACL, static/conduit, or public IP physically on the devices with the PIX just firewalling without IP translation? Are there ACLs in the config? Allen - Original Message - From: "Alex Lee" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 11:15 AM Subject: Re: can't ping the internet through pix > Brent, > > I don't know whether your PIX problem is same as ours. But this is what is > happening to us .. > > We have a PIX 515. Our PCs, printers, etc, all uses static public IP > addresses. Once in a while, one of our PC users cannot point his internet > browser to any URL, nor can he ping anything outside our subnet. The PC can > be running Win 98, Win NT or Win 95. We work around this problem so far by > changing the PC's ip address to another ip address. On some PCs we don't > even need a re-boot and the computer can go out to internet with no problem. > After a day or so, we change it back to its original ip address and it works > with no problem. We have opened at least three cases with TAC and have > upgraded our PIX software version two times but still cannot find a > permanent fix. I posted our problem to the group a couple of days ago. > > If you are using static ip address on your PC maybe you can try to change to > another un-used ip address, or release the current ip address to acquired a > new one if you are using DHCP and see if it works. > > Alex Lee > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > 99g29m$jj7$[EMAIL PROTECTED]">news:99g29m$jj7$[EMAIL PROTECTED]... > > nope > > > > > > ""Alex Lee"" <[EMAIL PROTECTED]> wrote in message > > 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]... > > > Are you able to point your web browser to any URL ? > > > > > > Alex Lee > > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]... > > > > As i mentioned below > > > > > > > > > I've also used the conduit permit icmp any any > > > > > command so that i can ping in and out of the firewall... > > > > > > > > The tricky part is...i can ping from the internal network 192.168.1.x > to > > > the > > > > router (which is through the firewall)...i can't ping anything past > the > > > > router... > > > > > > > > > > > > > > > > > > > > ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message > > > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > > > > > Is there firewall software running? > > > > > If so have you rules that are disabling ICMP? > > > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > > > > > I've got an unusual problem with my PIX 515. > > > > > > > > > > > > I've configured the inside interface correctly, and can ping hosts > > on > > > > the > > > > > > internal network. I've configured the outside interface correctly > > (as > > > > far > > > > > > as ip addresses go) and can ping anywhere on the internet. > > > > > > > > > > > > I've configured the router (to the internet) as the default route > of > > > the > > > > > > pix...and the pix as the default gateway of the hosts on the > > internal > > > > > > network. > > > > > > > > > > > > I've also used the conduit permit icmp any any > > > > > > command so that i can ping in and out of the firewall... > > > > > > > > > > > > When I try to ping anywhere on the internet from the firewall it > > > > > > works...also when i try to ping the internal network it works... > > > > > > > > > > > > When i try to ping the pix from a host it works...when i try to > ping > > > the > > > > > > router (to the internet) from a host it works...(meaning it goes > > > through > > > > > the > > > > > > pix to the router fine) > > > > > > > > > > > > however, when i try to ping anywhere on the internet (including > the > > > next > > > > > hop > > > > > > from the router) it doesn't work...i can't get passed the > > router...it > > > > just > > > > > > dead ends there... > > > > > > > > > > > > i checked to make sure that the subnet mask on the pix is > > right...and > > > > its > > > > > > fine... > > > > > > > > > > > > any ideas? > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Brent > > > > > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > > > > > > > > > > > > > _ > > > > > > FAQ, list archives, and subscription info: > > > > > http://www.groupstudy.com/list/cisco.html > > > > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > _ > > > > > FAQ, list archives, and subscripti
RE: Free Training Materials for CCNA, CCDA, CCNP, CCDP and CCIE
www.cramsession.com By the way, I wrote the BCMSN and CCIE Written cramsessions, so if you like them, post a good comment, if you don't contact me directly... :-) --- Dennis -Original Message- From: CiscoDiety [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 6:47 AM To: Groupstudy Subject: Free Training Materials for CCNA, CCDA, CCNP, CCDP and CCIE http://www.gdd.net/cisco Clayton Dukes CCNA, CCDA, CCDP, CCNP _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is it CCNA 2.0?
Yes, ICND goes with CCNA 2.0. The couse for CCNA 1.0 was called ICRC. - Original Message - From: Tuan Heng <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 1:03 AM Subject: Is it CCNA 2.0? > Hi group, > > I have a copy of INterconnecting Cisco Network Devices (ICND), Revision = > 1.0a:Student Guide=20 > Volume 1 and 2 produced by Cisco Systems Inc. > > The date stated on the box(comes with Volume 1 and 2 and a CD) is 12 = > October 2000. > > Does anyone have this material and i would like to know whether they are = > CCNA 2.0 compliant > materials or do i have to search for others? > > Many TIA. > > Tuan > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Stable IOS supporting SSH
Thanks Jeff! -Original Message- From: Jeff Groman [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 1:46 PM Cc: '[EMAIL PROTECTED]' Subject: Re: Stable IOS supporting SSH On a 3662 we use 12.1(3)T with ssh and 3DES. Here's the image: c3660-ik2o3s-mz.121-3.T.bin Jeff Jeff Groman IS Department, Childrens Hospital, Denver [EMAIL PROTECTED] 303 864 5671 On Fri, 23 Mar 2001, David Eitel wrote: > Can anyone tell me a stable IOS version supporting SSH on a 3640? I've > experienced problems with some IOS versions not seeing interfaces after > upgrade, etc. > > David Eitel > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: print config
If your using Unix, you can pipe through the tee command. Jeff Jeff Groman IS Department, Childrens Hospital, Denver [EMAIL PROTECTED] 303 864 5671 On Fri, 23 Mar 2001, David Sanderson wrote: > How can I capture my router configuration for a printed copy? I know I can > highlight and copy as I page down in a telnet session, but, there must be an > easier way to get it into a .txt file all at once. Thanks for any help, > Dave > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
Alex, Your issue seems to be with an ARP entry somewhere... Do you have a loop somewhere? You may want to look into clear XLATE command on the PIX, or clear ARP on a a couple items (routers and PIX) when this accures... If it is an ARP problem, remeber that the ARP time-out on Cisco is 4hrs. by defualt. Atleast look at the ARP tables along the way and see if you have any "incomplete" ARP entries anywhere. As far as Brent's problem goes, it sounds like his is an "all" not "some" hosts issue. Moe. --- Alex Lee <[EMAIL PROTECTED]> wrote: > Brent, > > I don't know whether your PIX problem is same as > ours. But this is what is > happening to us .. > > We have a PIX 515. Our PCs, printers, etc, all uses > static public IP > addresses. Once in a while, one of our PC users > cannot point his internet > browser to any URL, nor can he ping anything outside > our subnet. The PC can > be running Win 98, Win NT or Win 95. We work around > this problem so far by > changing the PC's ip address to another ip address. > On some PCs we don't > even need a re-boot and the computer can go out to > internet with no problem. > After a day or so, we change it back to its original > ip address and it works > with no problem. We have opened at least three cases > with TAC and have > upgraded our PIX software version two times but > still cannot find a > permanent fix. I posted our problem to the group a > couple of days ago. > > If you are using static ip address on your PC maybe > you can try to change to > another un-used ip address, or release the current > ip address to acquired a > new one if you are using DHCP and see if it works. > > Alex Lee > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > 99g29m$jj7$[EMAIL PROTECTED]">news:99g29m$jj7$[EMAIL PROTECTED]... > > nope > > > > > > ""Alex Lee"" <[EMAIL PROTECTED]> wrote in > message > > 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]... > > > Are you able to point your web browser to any > URL ? > > > > > > Alex Lee > > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in > message > > > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]... > > > > As i mentioned below > > > > > > > > > I've also used the conduit permit icmp any > any > > > > > command so that i can ping in and out of the > firewall... > > > > > > > > The tricky part is...i can ping from the > internal network 192.168.1.x > to > > > the > > > > router (which is through the firewall)...i > can't ping anything past > the > > > > router... > > > > > > > > > > > > > > > > > > > > ""Aidan Manning"" <[EMAIL PROTECTED]> > wrote in message > > > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > > > > > Is there firewall software running? > > > > > If so have you rules that are disabling > ICMP? > > > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in > message > > > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > > > > > I've got an unusual problem with my PIX > 515. > > > > > > > > > > > > I've configured the inside interface > correctly, and can ping hosts > > on > > > > the > > > > > > internal network. I've configured the > outside interface correctly > > (as > > > > far > > > > > > as ip addresses go) and can ping anywhere > on the internet. > > > > > > > > > > > > I've configured the router (to the > internet) as the default route > of > > > the > > > > > > pix...and the pix as the default gateway > of the hosts on the > > internal > > > > > > network. > > > > > > > > > > > > I've also used the conduit permit icmp > any any > > > > > > command so that i can ping in and out of > the firewall... > > > > > > > > > > > > When I try to ping anywhere on the > internet from the firewall it > > > > > > works...also when i try to ping the > internal network it works... > > > > > > > > > > > > When i try to ping the pix from a host it > works...when i try to > ping > > > the > > > > > > router (to the internet) from a host it > works...(meaning it goes > > > through > > > > > the > > > > > > pix to the router fine) > > > > > > > > > > > > however, when i try to ping anywhere on > the internet (including > the > > > next > > > > > hop > > > > > > from the router) it doesn't work...i can't > get passed the > > router...it > > > > just > > > > > > dead ends there... > > > > > > > > > > > > i checked to make sure that the subnet > mask on the pix is > > right...and > > > > its > > > > > > fine... > > > > > > > > > > > > any ideas? > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Brent > > > > > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > > > > > > > > > > > > > _ > > > > > > FAQ, list archives, and subscription info: > > > > > http://www.groupstudy.com/list/cisco.html > > > > > > Report misconduct and Nondisclosure > violations to > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > _ > > > > > FAQ, list a
Re: print config
If you are using Microsoft's flavor of Telnet, just select Terminal, then Start Logging and finally select a file name and location. It will capture everything to file until you select Stop Logging. "David Sanderson" <[EMAIL PROTECTED]> wrote in message EF2576A9A885D311A4930090278A3B185C5491@EXCHANGE">news:EF2576A9A885D311A4930090278A3B185C5491@EXCHANGE... > How can I capture my router configuration for a printed copy? I know I can > highlight and copy as I page down in a telnet session, but, there must be an > easier way to get it into a .txt file all at once. Thanks for any help, > Dave > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stable IOS supporting SSH
On a 3662 we use 12.1(3)T with ssh and 3DES. Here's the image: c3660-ik2o3s-mz.121-3.T.bin Jeff Jeff Groman IS Department, Childrens Hospital, Denver [EMAIL PROTECTED] 303 864 5671 On Fri, 23 Mar 2001, David Eitel wrote: > Can anyone tell me a stable IOS version supporting SSH on a 3640? I've > experienced problems with some IOS versions not seeing interfaces after > upgrade, etc. > > David Eitel > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vlan Question
LOL... can you say obsessive compulsive Maybe he was into security but not a DRA plan one without the other doesn't do much good. ""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 03:01 PM 3/22/2001 -0800, you wrote: > >The user is a very high political figure who is real cautious about security > >and paranoid. I like the idea of a seperate nic in the server and two > >subnets. The cost of switches could be a deciding factor. Thanks for the > >input guys! > > > >Brad > > It's scary to find someone that's paranoid and demanding about security, > yet doesn't want to pay for it. I'd like to assume that such a person, of > course, > have done everything they should about making their host secure, including > encrypting the sensitive files, rather than just obsessing about the network. > > Of course, I've also had a customer that insisted on being BGP multihomed > to two providers, connected to one provider at two sites and having > redundant SONET local loops at one of the site, yet only had one physical > server. Yes, they had a tape backup on the server. No, they had no spare > machine to which they could restore the tape. > > > >-Original Message- > >From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] > >Sent: Thursday, March 22, 2001 12:44 PM > >To: [EMAIL PROTECTED] > >Subject: Re: Vlan Question > > > > > >At 02:01 PM 3/22/2001 -0600, you wrote: > > >We'll he could be wanting to isolate consultants to their own VLAN but have > > >a need to update files on the server. In our case we have auditors come in > > >from time to time and so we don't want them in with the rest of the world > >so > > >we isolate them in their own VLAN and then setup an access list. They are > > >only here temporary. So I could see how this is a legit question. > > > >but if the server isn't on the same VLAN, how do they get to it? How does > >it get to them? > > > >Routing between VLANs, and VLAN-aware NICs, are pretty much the > >only alternatives. VLANs were introduced to isolate groups, but there's > >nothing magical about them. > > > >If there is sensitive data around, you also want host-level security. > > > > > > > > > > >""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > At 08:26 AM 3/22/2001 -0800, you wrote: > > > > >Scenario: > > > > > Got a client who has a person on the network that does not > >want > > >to > > > > >be on the network but wants access to the server. > > > > > > > > I'm somewhat confused. First, if he is somehow hidden, how does the > >server > > > > send back to the client? > > > > > > > > Second, if he is on one VLAN/subnet and the server is on another, > > > > sounds like a fairly basic routing application. Another would be to > > > > have a VLAN-aware NIC on the server. > > > > > > > > Without further information, this sounds like a user whim rather than > > > > a real requirement. There's a flavor of the user wanting security > > > > by obscurity. > > > > > > > > >My thought was to install > > > > >a switch, setup to Vlans, one for all the users (10 or so) and the > >second > > > > >Vlan for the 1 user by himself. This way no one can get to his machine, > > >then > > > > >setup an access list to permit his Vlan to access the first Vlan and > >deny > > > > >all the other users to his Vlan. Does this sound right? Anything I am > > > > >missing? Seeing if I understand Vlans correctly or not. > > > > > > > > > >Brad Shifflett > > > > >[EMAIL PROTECTED] > > > > >Micromenders, Inc. > > > > > > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
print config
How can I capture my router configuration for a printed copy? I know I can highlight and copy as I page down in a telnet session, but, there must be an easier way to get it into a .txt file all at once. Thanks for any help, Dave _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: trunking
the catalyst 3548's don't either. ""Rik"" <[EMAIL PROTECTED]> wrote in message 99ftpt$p2n$[EMAIL PROTECTED]">news:99ftpt$p2n$[EMAIL PROTECTED]... > ISL is Cisco proprietary whereas 802.1Q is an open standard. Cisco is > moving away from ISL, however. In fact, some of the newer equipment no > longer supports it, such as the Cat4000 switches. > > Dot1Q adds less bits to the frame, but the way in which it adds them makes > it somewhat less efficient. ISL adds several more bits to ends of the > frame, making it easier to view the trunking info bits, but the higher > number of bits makes the MTU that much higher as well. Dot1Q doesn't have > such a pronounced effect on MTU as does ISL. > > I typically use Dot1Q these days. Knowing that Cisco is moving away from > ISL and the fact that other vendor's equipment supports Dot1Q makes it a > more sensible choice for future compatibility. > > Rik > > > ""Lopez, Robert"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > What are the differences between isl and 802.1q trunking. If I'm in a > total > > cisco switched environment, should I always use isl? What would be a > good > > reason to use 802.1q? Which one is more favored over the other? > > > > Robert > > > > > > > > Robert M. Lopez > > Network Planning > > Ann Arbor Data Center > > Pfizer Global Research & Development > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
recommended CCNP lab
If you could, what would you recommend for a lab setup, very basic, just to learn all you need and see what is happening. What equipment would be bare minimum requirements? At the most reasonable price. Brad Shifflett _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router 2513
Hello Gang, I am looking for 2513 with 16R/16F. There are quite a few at ebay. Most of the sellers are not interested shipping to Canada. Anybody on the list interested to sell one. Thanks RamG _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Performance Comparision between Linux OS Firewall and Cisco PIX 525
On the performance front, a Pix 525 will sustain just under 400MB of throughput, most if any Linux based firewalls will not touch that... On the Price front, correct, the Pix 525 is a fairly expensive unit, but you are able to drop to a 515 which will support 172 MB sustained throughput and 6 interfaces if you purchase the un-restricted version. The 515 restricted version comes in at about $5300 with three interfaces and will still support the same throughput numbers and 65K sessions. Chris Lemagie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Friday, March 23, 2001 9:38 AM To: [EMAIL PROTECTED] Subject: Re: Performance Comparision between Linux OS Firewall and Cisco PIX 525 How about if the customer is strapped for money. I work at a school. Luckily our students haven't gotten sophisticated enough to break into the Linux firewall but I don't the think that day is too far away. Some of them are very smart and they are learning Linux and networking in their classes. But PIX is too expensive, I think?? Priscilla At 09:24 AM 3/23/01, Rik wrote: >I have seen way too many Linux firewalls hacked as a result of >mis-administration. Now, I'm not assuming anything about your abilities as >the last confirmed hack that I was notified about was a Linux FW setup by 2 >guys that I know to be excellent Linux admins. The problem is the inherent >nature of the beast. A PIX is totally secure right out of the box. The >last Linux hack I speak of was hacked based on an exploit within BIND and >had nothing to do with the FW policy. > >I also find the PIX to be MUCH easier to configure and setup. I can do in >only a few lines of code what could possibly take pages and pages of code in >Linux. When talking about firewalls, simplicity is a critically important >concern. One compromise could easily remove any upfront cost advantage >Linux has over Cisco. Also, you don't have to be concerned with shutting >down unused services on a PIX as you would on Linux. > >Go with the PIX. It was designed from the ground up to do just what it >does: protect your network. Cisco claims that a properly configured PIX has >never been compromised. I believe them. > >Rik > > >""Sean Young"" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Everyone, > > > > My company is putting me in charge in implementing a Firewall for our > > company. One guy in my networking group is recommending PIX Firewall. > > Furthermore, he also recommends a Cisco Web-caching engine. His reason > > is that not only Cisco is good Firewall but it also provides VPN > > connectivity to our remote sites. Myself, on the other hand, would > > like to implement Linux-based OS firewall along with FreeS/WAN VPN > > features set. My reason is that a linux firewall can provide everything > > a Cisco PIX does and even more. In term of hardware, the linux Firewall/ > > VPN/IPSec box will be running a dual-processor (800MHz) with 1GB of RAM. > > I just feel that I can get a lot more for the amount that we are going > > to spend with linux than with Cisco PIX. I also feel that I tweak the > > source code on the LINUX kernel to increase the performance and security. > > Also, instead of purchasing the Cisco web-caching engine, I am thinking > > of building another linux box that will be running squid (web-caching) > > server. Don't get me wrong, I think Cisco has a lot of good products > > in the area of routing; however, I just don't think it is necessary to > > throw away money at Cisco when I know that Linux or BSD can do the same > > job that PIX and Cisco web-caching engine do but for much less and also > > I can control the source code. Has anyone has experiences with both > > the Linux/BSD, Squid and Cisco PIX, Cisco web-caching engine so that > > you can give advice on what I should do. I am open to your suggestions. > > > > Many thanks. > > Sean > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
DO you have statics for these hosts you are pinging from or a blanket global (outside) ? Your internal hosts will need to be translated to routable IPs. That is unless youa re using NAT 0 and have a Internet routable IP assigned to all your internal hosts. In which case you'll need a staic (inside, outside) mapping your IPs to them selves (this can be done with a mapping of a network range to itself, inplace of /32 mappings per host.) Hope that helps. --- Brent Ulfig <[EMAIL PROTECTED]> wrote: > I've got an unusual problem with my PIX 515. > > I've configured the inside interface correctly, and > can ping hosts on the > internal network. I've configured the outside > interface correctly (as far > as ip addresses go) and can ping anywhere on the > internet. > > I've configured the router (to the internet) as the > default route of the > pix...and the pix as the default gateway of the > hosts on the internal > network. > > I've also used the conduit permit icmp any any > command so that i can ping in and out of the > firewall... > > When I try to ping anywhere on the internet from the > firewall it > works...also when i try to ping the internal network > it works... > > When i try to ping the pix from a host it > works...when i try to ping the > router (to the internet) from a host it > works...(meaning it goes through the > pix to the router fine) > > however, when i try to ping anywhere on the internet > (including the next hop > from the router) it doesn't work...i can't get > passed the router...it just > dead ends there... > > i checked to make sure that the subnet mask on the > pix is right...and its > fine... > > any ideas? > > > Thanks, > > Brent > CCNP, CCDA, MCSE, MCP+I, etc. > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = _ Moe Tavakoli __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix: intercept and redirect
There is no command in the PIX that would allow you to "redirect" not at Layer two or three. The only thing that I can think of is by the fact that you are not using NAT on this box, so I assme you use NAT0. NAT 0 us still going throug the NAT process, but ends up assigning the same IP to the field and it is trasparant to the user. The command that comes to mind in teh static used in NAT0: static (inside, outside) 192.168.1.1 192.168.1.1 What this is doing is saying for that IP to be available on the outside and to NAT it to the smae IP on the inside. I'm not sure if it will work, but try to change the first 192.168.1.1 to your "B" Ip address lets say 192.168.1.2 From a threory level this makes sense to me but I'm not sure if the PIX will take it and how it would react. Just some thoughts. Moe. --- Doug Roberts <[EMAIL PROTECTED]> wrote: > I've had a request to have our Pix firewall catch > inbound traffic headed > for host A and redirect it to host B. We do not have > NAT enabled on the Pix > (ver 5.1). > > Am I missing something? I don't see a way to do > this. > > > Doug > == > "There are a lot of interesting people here, a > pretty high concentration of > creative, interesting, smart people. You just have > to make an effort to > group them together, because they're interspersed > with a lot of morons." > > Aimee Mann as quoted in The Onion > == > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = _ Moe Tavakoli __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ethernet address question
At 09:53 AM 3/23/01, [EMAIL PROTECTED] wrote: > I found the answer to your question? what is ..0001 ? it a default >IPX address that Netware gives it's servers. That's a network-layer address. I've never seen ..0001 at the MAC layer, which I'm pretty sure he was asking about. Someone else said it was a locally-administered address, but I don't think that's true. With a locally-administered address the second bit transmitted is a 1. The address would be 02:00:00:00:00:01. We have to assume since this is Ethernet that he told us the address in canonical form (ugh). We need more context to help. Where did he see this address? Priscilla >You can change this , if you >want to. > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Performance Comparision between Linux OS Firewall and Cisco PIX 525
How about if the customer is strapped for money. I work at a school. Luckily our students haven't gotten sophisticated enough to break into the Linux firewall but I don't the think that day is too far away. Some of them are very smart and they are learning Linux and networking in their classes. But PIX is too expensive, I think?? Priscilla At 09:24 AM 3/23/01, Rik wrote: >I have seen way too many Linux firewalls hacked as a result of >mis-administration. Now, I'm not assuming anything about your abilities as >the last confirmed hack that I was notified about was a Linux FW setup by 2 >guys that I know to be excellent Linux admins. The problem is the inherent >nature of the beast. A PIX is totally secure right out of the box. The >last Linux hack I speak of was hacked based on an exploit within BIND and >had nothing to do with the FW policy. > >I also find the PIX to be MUCH easier to configure and setup. I can do in >only a few lines of code what could possibly take pages and pages of code in >Linux. When talking about firewalls, simplicity is a critically important >concern. One compromise could easily remove any upfront cost advantage >Linux has over Cisco. Also, you don't have to be concerned with shutting >down unused services on a PIX as you would on Linux. > >Go with the PIX. It was designed from the ground up to do just what it >does: protect your network. Cisco claims that a properly configured PIX has >never been compromised. I believe them. > >Rik > > >""Sean Young"" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Everyone, > > > > My company is putting me in charge in implementing a Firewall for our > > company. One guy in my networking group is recommending PIX Firewall. > > Furthermore, he also recommends a Cisco Web-caching engine. His reason > > is that not only Cisco is good Firewall but it also provides VPN > > connectivity to our remote sites. Myself, on the other hand, would > > like to implement Linux-based OS firewall along with FreeS/WAN VPN > > features set. My reason is that a linux firewall can provide everything > > a Cisco PIX does and even more. In term of hardware, the linux Firewall/ > > VPN/IPSec box will be running a dual-processor (800MHz) with 1GB of RAM. > > I just feel that I can get a lot more for the amount that we are going > > to spend with linux than with Cisco PIX. I also feel that I tweak the > > source code on the LINUX kernel to increase the performance and security. > > Also, instead of purchasing the Cisco web-caching engine, I am thinking > > of building another linux box that will be running squid (web-caching) > > server. Don't get me wrong, I think Cisco has a lot of good products > > in the area of routing; however, I just don't think it is necessary to > > throw away money at Cisco when I know that Linux or BSD can do the same > > job that PIX and Cisco web-caching engine do but for much less and also > > I can control the source code. Has anyone has experiences with both > > the Linux/BSD, Squid and Cisco PIX, Cisco web-caching engine so that > > you can give advice on what I should do. I am open to your suggestions. > > > > Many thanks. > > Sean > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
we are using static internal ips...i'll give changing the ip a try...but i dunno if it'll work...the internal hosts can still ping the router (which must go through the pix) just fine...just can't get passed the router... perhaps its a problem with the version of PIX i'm running...i bought it brand new...but in the box is version 4.4...didn't get a support contract with it your problem sounds almost like an arp timeout problemlike its set too high...but thats not possible if you are using static public ip addresses...i suppose you've tried clearing the arp entries in the router/pix/hosts by now... Brent ""Alex Lee"" <[EMAIL PROTECTED]> wrote in message 99g4bq$voq$[EMAIL PROTECTED]">news:99g4bq$voq$[EMAIL PROTECTED]... > Brent, > > I don't know whether your PIX problem is same as ours. But this is what is > happening to us .. > > We have a PIX 515. Our PCs, printers, etc, all uses static public IP > addresses. Once in a while, one of our PC users cannot point his internet > browser to any URL, nor can he ping anything outside our subnet. The PC can > be running Win 98, Win NT or Win 95. We work around this problem so far by > changing the PC's ip address to another ip address. On some PCs we don't > even need a re-boot and the computer can go out to internet with no problem. > After a day or so, we change it back to its original ip address and it works > with no problem. We have opened at least three cases with TAC and have > upgraded our PIX software version two times but still cannot find a > permanent fix. I posted our problem to the group a couple of days ago. > > If you are using static ip address on your PC maybe you can try to change to > another un-used ip address, or release the current ip address to acquired a > new one if you are using DHCP and see if it works. > > Alex Lee > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > 99g29m$jj7$[EMAIL PROTECTED]">news:99g29m$jj7$[EMAIL PROTECTED]... > > nope > > > > > > ""Alex Lee"" <[EMAIL PROTECTED]> wrote in message > > 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]... > > > Are you able to point your web browser to any URL ? > > > > > > Alex Lee > > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]... > > > > As i mentioned below > > > > > > > > > I've also used the conduit permit icmp any any > > > > > command so that i can ping in and out of the firewall... > > > > > > > > The tricky part is...i can ping from the internal network 192.168.1.x > to > > > the > > > > router (which is through the firewall)...i can't ping anything past > the > > > > router... > > > > > > > > > > > > > > > > > > > > ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message > > > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > > > > > Is there firewall software running? > > > > > If so have you rules that are disabling ICMP? > > > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > > > > > I've got an unusual problem with my PIX 515. > > > > > > > > > > > > I've configured the inside interface correctly, and can ping hosts > > on > > > > the > > > > > > internal network. I've configured the outside interface correctly > > (as > > > > far > > > > > > as ip addresses go) and can ping anywhere on the internet. > > > > > > > > > > > > I've configured the router (to the internet) as the default route > of > > > the > > > > > > pix...and the pix as the default gateway of the hosts on the > > internal > > > > > > network. > > > > > > > > > > > > I've also used the conduit permit icmp any any > > > > > > command so that i can ping in and out of the firewall... > > > > > > > > > > > > When I try to ping anywhere on the internet from the firewall it > > > > > > works...also when i try to ping the internal network it works... > > > > > > > > > > > > When i try to ping the pix from a host it works...when i try to > ping > > > the > > > > > > router (to the internet) from a host it works...(meaning it goes > > > through > > > > > the > > > > > > pix to the router fine) > > > > > > > > > > > > however, when i try to ping anywhere on the internet (including > the > > > next > > > > > hop > > > > > > from the router) it doesn't work...i can't get passed the > > router...it > > > > just > > > > > > dead ends there... > > > > > > > > > > > > i checked to make sure that the subnet mask on the pix is > > right...and > > > > its > > > > > > fine... > > > > > > > > > > > > any ideas? > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Brent > > > > > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > > > > > > > > > > > > > _ > > > > > > FAQ, list archives, and subscription info: > > > > > http://www.groupstudy.com/list/cisco.html > > > > > > Report misconduct and Nondisclosure violations to > > [EMAIL
Re: Route filtering - Update
Well each additional process will add strain to the CPU of the router, in general I would try to avoid it, if there is anyway to limit the number of processes (ie only run one EIGRP process or one OSPF process) then I would do so. However, in this case, this might be your best bet. At 10:08 AM 3/23/01, you wrote: >ok, tried the 2 OSPF and 2 EIGRP idea and it works and provides the required >results. Thanks John and Chris! > >But let me ask this of the group. > >Are there design questions here with using 4 routing processes?? > >I don't think I would have come up with this myself although I did do a >design once that used 2 OSPF processes. > >But 4 could be "over the top"?? what do you think? > >I can remember a time when it was strenuously considered bad design to use >OSPF virtual links. But then came a wave a companies either merging or >eating each other and then virtual links were used to join two area 0s. >OSPF virtual links are still (I think) frowned upon but are now more readily >accepted for certain situations. > >This particular scenario I think is for 2 organizations sharing a network. >They pay for their own upstream circuit but are sharing a router. My first >thoughts were - buy a second router, each has only one network on the inside >and each can control their own upstream routing - but for some reason this >isn't an option. > >Anyway, I'm going to do some load testing to see how hard the cpu is working >with 4 routing processes vs 2. > >But comments on the design "theory" would be welcome. > >Also, I'll try to get route-map re-distribution working, that might get it >down to 2 processes. > >thanks again to the group! > >Kevin Wigle > > >- Original Message - >From: "Curtis Call" <[EMAIL PROTECTED]> >To: "Kevin Wigle" <[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]> >Sent: Friday, March 23, 2001 10:54 AM >Subject: Re: Route filtering - somewhat long > > > > You might want to look into using a route map to specify to only allow >each > > network into one particular area. If you can't get that to work then you > > could try using different ospf processes on the router one for 1015 and >one > > for 1020, and once again use a route-map to specify which networks to > > allow. That way area 1015 will only have an LSA 5 for 142.226.20.0 and > > area 1020 will only have an > > LSA 5 for 142.226.10.0 > > > > > > > > At 08:25 AM 3/23/01, you wrote: > > >Dear Group, > > > > > >I have an interesting scenario I'm trying to mock up in the lab and >getting > > >nowhere fast. > > > > > >I'm not good at ascii art so I'll try to describe the setup. > > > > > >Imagine a core network with 4 routers, put them in a square, from the top > > >left clockwise, routerA, routerB, routerC, routerD. > > > > > >These routers are connected in a full mesh and OSPF is configured. > > > > > >Each router of course is in Area 0 but each router also has another area. > > > > > >routerA - 1005 > > >routerB - 1010 > > >routerC - 1015 > > >routerD - 1020 > > > > > >There is a fifth router at the bottom - routerE, connecting to routerC >and > > >routerD with equal cost circuits using point-to-point addresses. > > > > > >These transit routes are configured into OSPF, each network into the same > > >area as the core router where it terminates. > > > > > >On a third ( Ethernet ) interface on routerE there are two networks, one >as > > >primary and one as secondary. Let's use: primary 142.226.10.0 and >secondary: > > >142.226.20.0 > > > > > >Policy routing has been configured to allow the prime network out the > > >routerE-routerD circuit and the secondary network has been configured to >go > > >out the routerE-routerC circuit. > > > > > >EIGRP has been configured for the networks on the inside of routerE and >is > > >redistributed into OSPF with no auto-summary. > > > > > >Now, when on either routerA or routerB, the inside routes are in the >routing > > >table as available through both routers. > > > > > >Objective. > > > > > >Have 142.226.10.0 only advertised out routerE-routerD > > > > > >and 142.226.20.0 only advertised out routerE-routerC > > > > > >Discussion. > > > > > >I have been reading madly about distribute lists and route-maps. It all > > >reads so simply but I think this particular situation is interesting >because > > >of the two networks on one interface. > > > > > >OSPF cannot use a distribute list and use the interface command (would >have > > >been perfect). > > > > > >OSPF cannot filter incoming updates (which would have been great on >routerC > > >and routerD). > > > > > >On the face of it this "seems" so simple - but - I'm stuck. > > > > > >Any ideas welcome. > > > > > >tia > > > > > >Kevin Wigle > > > > > >Using access-lists on the egress ports don't seem to do it either. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
Brent, I don't know whether your PIX problem is same as ours. But this is what is happening to us .. We have a PIX 515. Our PCs, printers, etc, all uses static public IP addresses. Once in a while, one of our PC users cannot point his internet browser to any URL, nor can he ping anything outside our subnet. The PC can be running Win 98, Win NT or Win 95. We work around this problem so far by changing the PC's ip address to another ip address. On some PCs we don't even need a re-boot and the computer can go out to internet with no problem. After a day or so, we change it back to its original ip address and it works with no problem. We have opened at least three cases with TAC and have upgraded our PIX software version two times but still cannot find a permanent fix. I posted our problem to the group a couple of days ago. If you are using static ip address on your PC maybe you can try to change to another un-used ip address, or release the current ip address to acquired a new one if you are using DHCP and see if it works. Alex Lee ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message 99g29m$jj7$[EMAIL PROTECTED]">news:99g29m$jj7$[EMAIL PROTECTED]... > nope > > > ""Alex Lee"" <[EMAIL PROTECTED]> wrote in message > 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]... > > Are you able to point your web browser to any URL ? > > > > Alex Lee > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]... > > > As i mentioned below > > > > > > > I've also used the conduit permit icmp any any > > > > command so that i can ping in and out of the firewall... > > > > > > The tricky part is...i can ping from the internal network 192.168.1.x to > > the > > > router (which is through the firewall)...i can't ping anything past the > > > router... > > > > > > > > > > > > > > > ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message > > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > > > > Is there firewall software running? > > > > If so have you rules that are disabling ICMP? > > > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > > > > I've got an unusual problem with my PIX 515. > > > > > > > > > > I've configured the inside interface correctly, and can ping hosts > on > > > the > > > > > internal network. I've configured the outside interface correctly > (as > > > far > > > > > as ip addresses go) and can ping anywhere on the internet. > > > > > > > > > > I've configured the router (to the internet) as the default route of > > the > > > > > pix...and the pix as the default gateway of the hosts on the > internal > > > > > network. > > > > > > > > > > I've also used the conduit permit icmp any any > > > > > command so that i can ping in and out of the firewall... > > > > > > > > > > When I try to ping anywhere on the internet from the firewall it > > > > > works...also when i try to ping the internal network it works... > > > > > > > > > > When i try to ping the pix from a host it works...when i try to ping > > the > > > > > router (to the internet) from a host it works...(meaning it goes > > through > > > > the > > > > > pix to the router fine) > > > > > > > > > > however, when i try to ping anywhere on the internet (including the > > next > > > > hop > > > > > from the router) it doesn't work...i can't get passed the > router...it > > > just > > > > > dead ends there... > > > > > > > > > > i checked to make sure that the subnet mask on the pix is > right...and > > > its > > > > > fine... > > > > > > > > > > any ideas? > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > Brent > > > > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > > > > > > > > > > _ > > > > > FAQ, list archives, and subscription info: > > > > http://www.groupstudy.com/list/cisco.html > > > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscriptio
Re: Route filtering - Update
ok, tried the 2 OSPF and 2 EIGRP idea and it works and provides the required results. Thanks John and Chris! But let me ask this of the group. Are there design questions here with using 4 routing processes?? I don't think I would have come up with this myself although I did do a design once that used 2 OSPF processes. But 4 could be "over the top"?? what do you think? I can remember a time when it was strenuously considered bad design to use OSPF virtual links. But then came a wave a companies either merging or eating each other and then virtual links were used to join two area 0s. OSPF virtual links are still (I think) frowned upon but are now more readily accepted for certain situations. This particular scenario I think is for 2 organizations sharing a network. They pay for their own upstream circuit but are sharing a router. My first thoughts were - buy a second router, each has only one network on the inside and each can control their own upstream routing - but for some reason this isn't an option. Anyway, I'm going to do some load testing to see how hard the cpu is working with 4 routing processes vs 2. But comments on the design "theory" would be welcome. Also, I'll try to get route-map re-distribution working, that might get it down to 2 processes. thanks again to the group! Kevin Wigle - Original Message - From: "Curtis Call" <[EMAIL PROTECTED]> To: "Kevin Wigle" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 10:54 AM Subject: Re: Route filtering - somewhat long > You might want to look into using a route map to specify to only allow each > network into one particular area. If you can't get that to work then you > could try using different ospf processes on the router one for 1015 and one > for 1020, and once again use a route-map to specify which networks to > allow. That way area 1015 will only have an LSA 5 for 142.226.20.0 and > area 1020 will only have an > LSA 5 for 142.226.10.0 > > > > At 08:25 AM 3/23/01, you wrote: > >Dear Group, > > > >I have an interesting scenario I'm trying to mock up in the lab and getting > >nowhere fast. > > > >I'm not good at ascii art so I'll try to describe the setup. > > > >Imagine a core network with 4 routers, put them in a square, from the top > >left clockwise, routerA, routerB, routerC, routerD. > > > >These routers are connected in a full mesh and OSPF is configured. > > > >Each router of course is in Area 0 but each router also has another area. > > > >routerA - 1005 > >routerB - 1010 > >routerC - 1015 > >routerD - 1020 > > > >There is a fifth router at the bottom - routerE, connecting to routerC and > >routerD with equal cost circuits using point-to-point addresses. > > > >These transit routes are configured into OSPF, each network into the same > >area as the core router where it terminates. > > > >On a third ( Ethernet ) interface on routerE there are two networks, one as > >primary and one as secondary. Let's use: primary 142.226.10.0 and secondary: > >142.226.20.0 > > > >Policy routing has been configured to allow the prime network out the > >routerE-routerD circuit and the secondary network has been configured to go > >out the routerE-routerC circuit. > > > >EIGRP has been configured for the networks on the inside of routerE and is > >redistributed into OSPF with no auto-summary. > > > >Now, when on either routerA or routerB, the inside routes are in the routing > >table as available through both routers. > > > >Objective. > > > >Have 142.226.10.0 only advertised out routerE-routerD > > > >and 142.226.20.0 only advertised out routerE-routerC > > > >Discussion. > > > >I have been reading madly about distribute lists and route-maps. It all > >reads so simply but I think this particular situation is interesting because > >of the two networks on one interface. > > > >OSPF cannot use a distribute list and use the interface command (would have > >been perfect). > > > >OSPF cannot filter incoming updates (which would have been great on routerC > >and routerD). > > > >On the face of it this "seems" so simple - but - I'm stuck. > > > >Any ideas welcome. > > > >tia > > > >Kevin Wigle > > > >Using access-lists on the egress ports don't seem to do it either. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Stable IOS supporting SSH
Can anyone tell me a stable IOS version supporting SSH on a 3640? I've experienced problems with some IOS versions not seeing interfaces after upgrade, etc. David Eitel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Fridays funnies!
An 80 year old man was having his annual checkup and the doctor asked him how he was feeling. "I've never been better!" he boasted. "I've got an eighteen year old bride who's pregnant and having my child! What do you think about that?" The doctor considered this for a moment, then said, "Let me tell you a story. I knew a guy who was an avid hunter. He never missed a season. But one day went out in a bit of a hurry and he accidentally grabbed his umbrella instead of his gun." The doctor continued, "So he was in the woods and suddenly a grizzly bear appeared in front of him! He raised up his umbrella, pointed it at the bear and squeezed the handle." "And do you know what happened?" the doctor queried. Dumbfounded, the old man replied "No". The doctor continued, "The bear dropped dead in front of him!" "That's impossible!" exclaimed the old man. "Someone else must have shot that bear." "That's kind of what I'm getting at..." replied the doctor. --- A couple had two little boys, ages 8 and 10, who were excessively mischievous. They were always getting into trouble and their parents could be assured that if any mischief occurred in their town, their two boys were in some way involved. They were at their wits end as to what to do about their sons' behavior. They heard that a new clergyman in town had been successful in disciplining children in the past and decided to have him speak to their two Dennis The Menaces. The 8-year-old went to meet with him first. The clergyman sat the boy down and asked him, "Where is God?" When the boy made no response, the clergyman repeated the question in a stern tone, "Where is God?" Again the boy made no attempt to answer, so the clergyman raised his voice even more and shook his finger in the boy's face, "WHERE IS GOD?" At that the boy bolted from the room and ran directly home slamming himself in his closet. His 10 year old brother followed the scared and breathless boy who cried . . . "We are in BIG trouble this time! God is missing and they think we did it!" -- Natasha Flazynski http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development "Out of Clutter, find Simplicity. >From Discord, find harmony. In the middle of difficulty, lies opportunity." - Albert Einstein _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: remove
You can check out any time you like, but you can never lve. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 22, 2001 6:19 PM Subject: remove > Please remove [EMAIL PROTECTED] from your mailing list > Thanks > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
nope ""Alex Lee"" <[EMAIL PROTECTED]> wrote in message 99g1pq$gfe$[EMAIL PROTECTED]">news:99g1pq$gfe$[EMAIL PROTECTED]... > Are you able to point your web browser to any URL ? > > Alex Lee > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]... > > As i mentioned below > > > > > I've also used the conduit permit icmp any any > > > command so that i can ping in and out of the firewall... > > > > The tricky part is...i can ping from the internal network 192.168.1.x to > the > > router (which is through the firewall)...i can't ping anything past the > > router... > > > > > > > > > > ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message > > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > > > Is there firewall software running? > > > If so have you rules that are disabling ICMP? > > > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > > > I've got an unusual problem with my PIX 515. > > > > > > > > I've configured the inside interface correctly, and can ping hosts on > > the > > > > internal network. I've configured the outside interface correctly (as > > far > > > > as ip addresses go) and can ping anywhere on the internet. > > > > > > > > I've configured the router (to the internet) as the default route of > the > > > > pix...and the pix as the default gateway of the hosts on the internal > > > > network. > > > > > > > > I've also used the conduit permit icmp any any > > > > command so that i can ping in and out of the firewall... > > > > > > > > When I try to ping anywhere on the internet from the firewall it > > > > works...also when i try to ping the internal network it works... > > > > > > > > When i try to ping the pix from a host it works...when i try to ping > the > > > > router (to the internet) from a host it works...(meaning it goes > through > > > the > > > > pix to the router fine) > > > > > > > > however, when i try to ping anywhere on the internet (including the > next > > > hop > > > > from the router) it doesn't work...i can't get passed the router...it > > just > > > > dead ends there... > > > > > > > > i checked to make sure that the subnet mask on the pix is right...and > > its > > > > fine... > > > > > > > > any ideas? > > > > > > > > > > > > Thanks, > > > > > > > > Brent > > > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: trunking
ISL has a number of advantages over dot1q, for example it supports per vlan spanning tree (PVST) which allows a separate spantree instance per Vlan which makes networks more scalable and more stable than dot1q based. It is Cisco proprietary but it interoperates with dot1q (common spanning tree) compliant switches (using Cisco protocol PVST+) If you are building a large cisco switched network with alot of Vlans and are worried about issues such as spanning tree convergence/ stability /reliability .. definately go for ISL _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT/Support passing score? Still around 692?
yes - i found the same thing and was surprised to see that I got 0% on HDLC, and that there were only 4 categories in all Tom - Original Message - From: "Taiwo Adeshugba" <[EMAIL PROTECTED]> To: "'Henry Rollins'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 3:18 AM Subject: RE: CIT/Support passing score? Still around 692? > Just did it last week still 692 and the score sheet show HDLC I did not even > come across it. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Henry Rollins > Sent: 23 March 2001 12:04 > To: [EMAIL PROTECTED] > Subject: CIT/Support passing score? Still around 692? > > > Anyone taken it recently and care to share? I saw several postings in > the archives that mention 692, but they were from last year. > > Thanks > > -- > FREE ANONYMOUS EMAIL! Sign up now. > http://www.subdimension.com/freemail > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: intercept and redirect
OK some people are taking this 'PIX doesn't route. period.' thing too far. No it's not a router, yes it has a routing table. What does that have to do with this anyway? You don't need a router to do this. It's not adding a new subnet or anything, just redirecting to an existing host. If it couldn't permit/deny or VIP address to specific hosts or subnets, it wouldn't be anything at all but a boat anchor. However I just realized something, if host B isn't behind the firewall, you can't do it with just a PIX. Best you could do is change the DNS entries in that scenario. Where is this host B? If you're trying to forward a URL, try setting up a forward page on the existing box perhaps? Is it ALL traffic to a specific IP? Allen - Original Message - From: "ItsMe" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Thursday, March 22, 2001 9:06 PM Subject: Re: intercept and redirect > PIX, by itself doesn't route. It won't work. > > "Doug Roberts" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I've had a request to have our Pix firewall catch inbound traffic headed > > for host A and redirect it to host B. We do not have NAT enabled on the > Pix > > (ver 5.1). > > > > Am I missing something? I don't see a way to do this. > > > > > > Doug > > == > > "There are a lot of interesting people here, a pretty high concentration > of > > creative, interesting, smart people. You just have to make an effort to > > group them together, because they're interspersed with a lot of morons." > > > > Aimee Mann as quoted in The Onion > > == > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN: Correlation between SPID and switch type?
Does anyone know if there is a correlation between the trailing ones and zeros on a SPID and the ISDN switch type? Locally we use switch type basic-dms100. SPIDs end with 0101. I set up a site that used basic-ni1. Its SPIDS ended with 0100. It may be that I am asking the wrong question. A more generic question is - what is the meaning of those trailing ones and zeros? If you can cite a reference, I'd appreciate it. TIA I've already looked through two BCRAN books, CCIE Lab Study Guide, Giles, Uyless Black, and others. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
Are you able to point your web browser to any URL ? Alex Lee ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message 99fuhb$tig$[EMAIL PROTECTED]">news:99fuhb$tig$[EMAIL PROTECTED]... > As i mentioned below > > > I've also used the conduit permit icmp any any > > command so that i can ping in and out of the firewall... > > The tricky part is...i can ping from the internal network 192.168.1.x to the > router (which is through the firewall)...i can't ping anything past the > router... > > > > > ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message > 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > > Is there firewall software running? > > If so have you rules that are disabling ICMP? > > > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > > I've got an unusual problem with my PIX 515. > > > > > > I've configured the inside interface correctly, and can ping hosts on > the > > > internal network. I've configured the outside interface correctly (as > far > > > as ip addresses go) and can ping anywhere on the internet. > > > > > > I've configured the router (to the internet) as the default route of the > > > pix...and the pix as the default gateway of the hosts on the internal > > > network. > > > > > > I've also used the conduit permit icmp any any > > > command so that i can ping in and out of the firewall... > > > > > > When I try to ping anywhere on the internet from the firewall it > > > works...also when i try to ping the internal network it works... > > > > > > When i try to ping the pix from a host it works...when i try to ping the > > > router (to the internet) from a host it works...(meaning it goes through > > the > > > pix to the router fine) > > > > > > however, when i try to ping anywhere on the internet (including the next > > hop > > > from the router) it doesn't work...i can't get passed the router...it > just > > > dead ends there... > > > > > > i checked to make sure that the subnet mask on the pix is right...and > its > > > fine... > > > > > > any ideas? > > > > > > > > > Thanks, > > > > > > Brent > > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [ARP over Token Ring]
Thanks, John (and Tim, who sent me the actual PDF file last night) -e- - Original Message - From: John Neiberger <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 6:48 AM Subject: Re: [ARP over Token Ring] > Yep, here ya go! It's pretty good. > > http://www.ccprep.com/resources/news/archives/Token_Ring2.pdf > > >>> "EA LOUIE" <[EMAIL PROTECTED]> 3/22/01 5:24:31 PM >>> > John - is that a publicly accessible paper? > > -e- > > "John Neiberger" <[EMAIL PROTECTED]> wrote: > > I'm reading through Lou Rossi's token ring paper and read something > that > > is ponderous. Over ethernet, an ARP request is broadcast but the > reply > > is unicast. In this paper (p. 4) there is a scenario where two > hosts > > are separated by two bridges and a ring. Host A wants to transmit > to > > Host B so it ARPs for B's MAC address. > > > > Now, the paper mentions that after the ARP reply, A knows the MAC > > address of B but not the location. My question is this: is an ARP > > reply over token ring unicast or broadcast? If it's unicast then > how > > did B send the response to A? Wouldn't it have to send an explorer > > packet first to find the path to A? > > > > It seems to me that this is the process: > > > > A wants to say hi to B > > A sends an ARP request (broadcast) to B > > B receives request and wants to send unicast response to A > > B sends a local explorer for A (no response) > > B sends an all-routes explorer for A (gets a response) > > B sends a unicast ARP reply to A > > > > Is that right? If that's the case, then here's what I gather > happens > > next: > > > > A now has B's MAC address > > A sends a local explorer for B (no response) > > A sends an all-routes explorer for B (gets a response) > > A proceeds to transmit data to B > > > > Here's what doesn't make sense to me. If B had to know the path to > A > > to send an ARP reply, why doesn't A just take the data in the RIF > from > > that reply to figure out the reverse path back to B? Why waste time > > with explorer packets when it was just given the path in the ARP > > reply?? > > > > Or, do ARP requests/replies even have RIFs? If not, are they all > > broadcast in token ring? > > > > Can you tell I'm just starting out studying token ring and SRB? > > > > Thanks as usual! > > > > John > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > Get free email and a permanent address at > http://www.netaddress.com/?N=1 > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: trunking
ISL Trunking is Cisco Proprieitary and is the perfered method if used within a completely Cisco switched fabric. 802.1q is the IEEE standard trunking protocol. The difference between the 2 is this ... ISL actually encapsulates the frames traversing the Trunk, which is to say it packages the VLAN information within another packet extending the frame size to 1522 and in a Cisco Switched Fabric, reacts faster than 802.1q because it does not carry the same load enabling 802.1q to be a standard trunking protocol. 802.1q simply adds information to the existing frame as it travels through the trunk. You would use 802.1q if you had a mixed vendor switched fabric. HTH --- "Lopez, Robert" <[EMAIL PROTECTED]> wrote: > > What are the differences between isl and 802.1q > trunking. If I'm in a total > cisco switched environment, should I always use > isl? What would be a good > reason to use 802.1q? Which one is more favored > over the other? > > Robert > > > > Robert M. Lopez > Network Planning > Ann Arbor Data Center > Pfizer Global Research & Development > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Chris from Chicago MasterCNE, 5.x CNE, ICNE, 4.x CNE, CCNA, MCP __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written pass score
Does anyone know what the current passing score for the CCIE written exam is? Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route filtering - somewhat long
yep, that's a twist on Curtis' post and I will add that to the game! (using two eigrps as well as two ospf) thanks Kevin Wigle - Original Message - From: "John Neiberger" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 11:07 AM Subject: Re: Route filtering - somewhat long > Okay, I'm going to throw out a SWAG here, but it might violate the rules > of the scenario. > > On routerE use two different OSPF processes. In process 1, add the > network statement for the D-E link. In process 2, add the network > statement for the C-E link. Do not add a network statement for the two > networks on the ethernet interface. > > If you have a recent IOS version on E, use two separate eigrp > processes, one for each network on the ethernet interface, which > requires the ability to add a mask in the network statement. > > Assuming 144.226.10.0 is in eigrp 1, redistribute eigrp 1 to the > appropriate ospf process and filter out 144.226.20.0. Redistribute > eigrp 2 to the other ospf process and filter out 144.226.10.0. > > To be honest, I have NO idea if that will even work. It's still pretty > early and I didn't really think about it too much. It's a bummer that I > don't have five routers lying around or I'd set this up too. > > John > > >>> "Kevin Wigle" <[EMAIL PROTECTED]> 3/23/01 8:25:39 AM >>> > Dear Group, > > I have an interesting scenario I'm trying to mock up in the lab and > getting > nowhere fast. > > I'm not good at ascii art so I'll try to describe the setup. > > Imagine a core network with 4 routers, put them in a square, from the > top > left clockwise, routerA, routerB, routerC, routerD. > > These routers are connected in a full mesh and OSPF is configured. > > Each router of course is in Area 0 but each router also has another > area. > > routerA - 1005 > routerB - 1010 > routerC - 1015 > routerD - 1020 > > There is a fifth router at the bottom - routerE, connecting to routerC > and > routerD with equal cost circuits using point-to-point addresses. > > These transit routes are configured into OSPF, each network into the > same > area as the core router where it terminates. > > On a third ( Ethernet ) interface on routerE there are two networks, > one as > primary and one as secondary. Let's use: primary 142.226.10.0 and > secondary: > 142.226.20.0 > > Policy routing has been configured to allow the prime network out the > routerE-routerD circuit and the secondary network has been configured > to go > out the routerE-routerC circuit. > > EIGRP has been configured for the networks on the inside of routerE and > is > redistributed into OSPF with no auto-summary. > > Now, when on either routerA or routerB, the inside routes are in the > routing > table as available through both routers. > > Objective. > > Have 142.226.10.0 only advertised out routerE-routerD > > and 142.226.20.0 only advertised out routerE-routerC > > Discussion. > > I have been reading madly about distribute lists and route-maps. It > all > reads so simply but I think this particular situation is interesting > because > of the two networks on one interface. > > OSPF cannot use a distribute list and use the interface command (would > have > been perfect). > > OSPF cannot filter incoming updates (which would have been great on > routerC > and routerD). > > On the face of it this "seems" so simple - but - I'm stuck. > > Any ideas welcome. > > tia > > Kevin Wigle > > Using access-lists on the egress ports don't seem to do it either. > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route filtering - somewhat long
Yes, I looked into router-maps for the policy routing bit and I'm just reading more about using them for redistribution... Two different OSPF process - sounds interesting.. will take that idea to the lab now. thanks Kevin Wigle - Original Message - From: "Curtis Call" <[EMAIL PROTECTED]> To: "Kevin Wigle" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 23, 2001 10:54 AM Subject: Re: Route filtering - somewhat long > You might want to look into using a route map to specify to only allow each > network into one particular area. If you can't get that to work then you > could try using different ospf processes on the router one for 1015 and one > for 1020, and once again use a route-map to specify which networks to > allow. That way area 1015 will only have an LSA 5 for 142.226.20.0 and > area 1020 will only have an > LSA 5 for 142.226.10.0 > > > > At 08:25 AM 3/23/01, you wrote: > >Dear Group, > > > >I have an interesting scenario I'm trying to mock up in the lab and getting > >nowhere fast. > > > >I'm not good at ascii art so I'll try to describe the setup. > > > >Imagine a core network with 4 routers, put them in a square, from the top > >left clockwise, routerA, routerB, routerC, routerD. > > > >These routers are connected in a full mesh and OSPF is configured. > > > >Each router of course is in Area 0 but each router also has another area. > > > >routerA - 1005 > >routerB - 1010 > >routerC - 1015 > >routerD - 1020 > > > >There is a fifth router at the bottom - routerE, connecting to routerC and > >routerD with equal cost circuits using point-to-point addresses. > > > >These transit routes are configured into OSPF, each network into the same > >area as the core router where it terminates. > > > >On a third ( Ethernet ) interface on routerE there are two networks, one as > >primary and one as secondary. Let's use: primary 142.226.10.0 and secondary: > >142.226.20.0 > > > >Policy routing has been configured to allow the prime network out the > >routerE-routerD circuit and the secondary network has been configured to go > >out the routerE-routerC circuit. > > > >EIGRP has been configured for the networks on the inside of routerE and is > >redistributed into OSPF with no auto-summary. > > > >Now, when on either routerA or routerB, the inside routes are in the routing > >table as available through both routers. > > > >Objective. > > > >Have 142.226.10.0 only advertised out routerE-routerD > > > >and 142.226.20.0 only advertised out routerE-routerC > > > >Discussion. > > > >I have been reading madly about distribute lists and route-maps. It all > >reads so simply but I think this particular situation is interesting because > >of the two networks on one interface. > > > >OSPF cannot use a distribute list and use the interface command (would have > >been perfect). > > > >OSPF cannot filter incoming updates (which would have been great on routerC > >and routerD). > > > >On the face of it this "seems" so simple - but - I'm stuck. > > > >Any ideas welcome. > > > >tia > > > >Kevin Wigle > > > >Using access-lists on the egress ports don't seem to do it either. > > > > > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route filtering - somewhat long
Okay, I'm going to throw out a SWAG here, but it might violate the rules of the scenario. On routerE use two different OSPF processes. In process 1, add the network statement for the D-E link. In process 2, add the network statement for the C-E link. Do not add a network statement for the two networks on the ethernet interface. If you have a recent IOS version on E, use two separate eigrp processes, one for each network on the ethernet interface, which requires the ability to add a mask in the network statement. Assuming 144.226.10.0 is in eigrp 1, redistribute eigrp 1 to the appropriate ospf process and filter out 144.226.20.0. Redistribute eigrp 2 to the other ospf process and filter out 144.226.10.0. To be honest, I have NO idea if that will even work. It's still pretty early and I didn't really think about it too much. It's a bummer that I don't have five routers lying around or I'd set this up too. John >>> "Kevin Wigle" <[EMAIL PROTECTED]> 3/23/01 8:25:39 AM >>> Dear Group, I have an interesting scenario I'm trying to mock up in the lab and getting nowhere fast. I'm not good at ascii art so I'll try to describe the setup. Imagine a core network with 4 routers, put them in a square, from the top left clockwise, routerA, routerB, routerC, routerD. These routers are connected in a full mesh and OSPF is configured. Each router of course is in Area 0 but each router also has another area. routerA - 1005 routerB - 1010 routerC - 1015 routerD - 1020 There is a fifth router at the bottom - routerE, connecting to routerC and routerD with equal cost circuits using point-to-point addresses. These transit routes are configured into OSPF, each network into the same area as the core router where it terminates. On a third ( Ethernet ) interface on routerE there are two networks, one as primary and one as secondary. Let's use: primary 142.226.10.0 and secondary: 142.226.20.0 Policy routing has been configured to allow the prime network out the routerE-routerD circuit and the secondary network has been configured to go out the routerE-routerC circuit. EIGRP has been configured for the networks on the inside of routerE and is redistributed into OSPF with no auto-summary. Now, when on either routerA or routerB, the inside routes are in the routing table as available through both routers. Objective. Have 142.226.10.0 only advertised out routerE-routerD and 142.226.20.0 only advertised out routerE-routerC Discussion. I have been reading madly about distribute lists and route-maps. It all reads so simply but I think this particular situation is interesting because of the two networks on one interface. OSPF cannot use a distribute list and use the interface command (would have been perfect). OSPF cannot filter incoming updates (which would have been great on routerC and routerD). On the face of it this "seems" so simple - but - I'm stuck. Any ideas welcome. tia Kevin Wigle Using access-lists on the egress ports don't seem to do it either. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SecureDelivery PassPhrase Change Confirmation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Isn't this list confirmed double opt-in and posts restricted to members? - - James D. Wilson, CCDA, MCP "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 Comment: I live for the sound ... of nothing but net iQA/AwUBOrtxByavYwibXjmcEQKXdACgvVVXFxz37BB7I0zfXEuhhW64qy0AoLkX ohBbhwyM7gSTkPvXyH+dukYl =GWXp -END PGP SIGNATURE- _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: [Critical] GBIC over MMF...
I find it interesting that you haven't had luck with MMF and LX GBICs. We've had no trouble with them here, and we've deployed them in multiple areas using 6509's. Jeff Jeff Groman IS Department, Childrens Hospital, Denver [EMAIL PROTECTED] 303 864 5671 Well, the 500m limitation is not necessarily true, but there may be other issues involved. Here's what I do in this situation: Typically, you would use SX GBICs with MMF. The transmitter on an SX GBIC is an LED, which can energize all of the modes within the MMF, whereas the transmitter in an LX GBIC is a laser, which is typically only used on SMF. This works as the laser is concentrated as compared to the spread-out nature of the LED. Single-mode pairs with a single (laser) "wave" of light and multi-mode pairs with distributed (LED) light "waves". As a result of this division of technology, the LX (also called a long-haul) GBIC can transmit data over a much greater distance than an SX version. Now to the issue: Despite popular belief, you can use MMF with LX GBICs. The catch is that you must use a special cable to connect the MMF to the LX GBIC. This special patch cable is called a "conditioning cable". This cable basically uses a SMF strand on the transmit side and an MMF strand on the receive side, and will distribute the laser transmit evenly over the mulitiple modes of the MMF. The end result is a much greater transmission distance over MMF. Cisco claims that you can directly plug MMF into an LX GBIC, but I have not had any success doing so without the conditioning cables. Cisco does sell this cable, but only with a single connector configuration. If you need different connectors, nearly all of the fiber optic cable vendors can supply these. Be warned - these cables are expensive, but when compared to replacing all of your fiber with SMF, the cost is negligible. Here's a URL describing the cables and why you need them. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/cnfg_nts/etherne t/5421_01.htm Rik ""?e?OCu"" <[EMAIL PROTECTED]> wrote in message news:99e7k4$hj6$[EMAIL PROTECTED]... > Hi~ Everyone... > > I have some questions for GBIC. I'm gonna install the Cat 4003 connected to > remote distribution switch over MMF. > > But distance is the problem. Distance between Cat 4003 and Cat 2948G-L3 is > about over 600m using MMF. > > I know that distance limitation of MMF is 500m and so I need the solution to > overcome this. > > Do you know about "extender" or "repeater" which I can apply? > > Thanks,. > > Gary KIM in Korea... > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone tried setting up a Linux TFTP Server for Cisco?
We use HP-UX for tftp and it works great. Jeff Jeff Groman IS Department, Childrens Hospital, Denver [EMAIL PROTECTED] 303 864 5671 On Fri, 23 Mar 2001, Brian Kimsey-Hickman wrote: > Re: Anyone tried setting up a Linux TFTP Server for Cisco?Thanks, for > everyone who replied. I didn't mean to start a Linux versus Microsoft > controversy but that is okay. I think they are valuable discussions. I did > read in the Cisco literature that the Windows base tftp servers are limited > to 16 MB and the Linux/Unix versions are not. Since flash images are fast > approaching that size I thought I would start getting prepared. Whether or > not that is actually true, I don't know. Thanks, Alan your suggestions did > the trick. > > Thanks, > > Brian > -Original Message- > >From: Elijah Savage [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 22, 2001 11:17 AM > To: W. Alan Robertson; Brian Kimsey-Hickman; [EMAIL PROTECTED] > Subject: RE: Anyone tried setting up a Linux TFTP Server for Cisco? > > > I know its off topic, but I hate such narrow minded comments... > > If you have ever installed any *ix system, you'd be darn well > > aware that the thing isw i d e open. There is almost > > no security there. It has to be added and maintained. Win32 > > systems are similar. Very trusting and friendly until they are > > properly taken care of. Is *ix inherently more secure? no way. > > > No holy war here either. But I could not resist the reply to this comment. > Of course it depends on the administrator of the box, but it depends also > how you install it. I have never installed a linux box with ftp or telnet by > default(openssh). Because these boxes I setup are usually dns or web servers > you can install them so that they run in a chrooted environments which tends > to be a tad bit more secure. This is one reason I like nix over any win > platform because I can install what I want and how I want it, which usually > makes a nix box more secure than any win platform. So to me how I stated > above nix is more secure, but of course you have to know what you are doing. > You probably will say well this is not a base install. And my reply is well > if you do a custom install which you can do right out of the box without > recompiling the kernel or anything fancy nix will me more secure than win32 > platforms out of the box. I would like to see a custom install on win32 > instead of click here to continue. > > I challenge anyone to make a valid, non-ideological based > > comparison of a base Win32 and a base Liux install. If Linux > > were so damned secure in its current state, I woulnd't see IDS > > logs filling up with folks scanning for obvious Linux vulns, now > > would I? Bottom dollar is, without proper administration, both > > Win32 and *ix suck big time. With proper care and feeding, they > > can both become releatively secure. > > > > You are seeing IDS logs filling up due to the fact that most script > kiddies out there are learning nix and what vulnerabilities are associated > with it. And from my years of experience and dealing with these individuals > it is more of a challenge for them, like a notch in their belt if they > compromise a nix box rather than a win32 platform. They will be readily > accepted by their peers if this is accomplished and shunned away for saying > hey I cracked a nt server. Due to the fact and the latest security survey (I > can't remeber right off hand by whom) that show due to the recent influx of > MCSE certified individuals that lack experience on securing these boxes that > get broken into its not a challenge to them any more. It showed there were a > very high number of individuals out there that did not even have the known > IIS patch applied. I am not knocking MCSE individuals here because I myself > am a MCSE+I we all have to start some where. But there are more individuals > out there in the industry with NT boxes than there are with Unix boxes under > their control. > If you ask me this is some of the reason why you see so many entries in > your log for nix vulnerabilities than you do for the win32 platform. > > > > > -Original Message- > From: W. Alan Robertson > Sent: Thu 3/22/2001 10:23 AM > To: Brian Kimsey-Hickman; [EMAIL PROTECTED] > Cc: > Subject: Re: Anyone tried setting up a Linux TFTP Server for Cisco? > > > Rather than get into a Holy War about why Linux is better than Windows, > I > figured I'd just answer your question. > > in.tftpd doesn't constantly run like other processes, like a http > server, as an > example. > > in.tftpd is typically started as needed, and terminated when finished. > The > controlling process is inetd. The configuration file for inetd can be > found at > '/etc/inetd.conf'. > > Edit that file... > > Scroll down to a line that reads like this (the exact line varies by > Linux > distribution)
Re: trunking (fwd)
I believe the main difference is that ISL supports per-VLAN Spanning Tree, and 802.1q does not. Jeff Jeff Groman IS Department, Childrens Hospital, Denver [EMAIL PROTECTED] 303 864 5671 On Fri, 23 Mar 2001, Lopez, Robert wrote: > > What are the differences between isl and 802.1q trunking. If I'm in a total > cisco switched environment, should I always use isl? What would be a good > reason to use 802.1q? Which one is more favored over the other? > > Robert > > > > Robert M. Lopez > Network Planning > Ann Arbor Data Center > Pfizer Global Research & Development > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Route filtering - somewhat long
You might want to look into using a route map to specify to only allow each network into one particular area. If you can't get that to work then you could try using different ospf processes on the router one for 1015 and one for 1020, and once again use a route-map to specify which networks to allow. That way area 1015 will only have an LSA 5 for 142.226.20.0 and area 1020 will only have an LSA 5 for 142.226.10.0 At 08:25 AM 3/23/01, you wrote: >Dear Group, > >I have an interesting scenario I'm trying to mock up in the lab and getting >nowhere fast. > >I'm not good at ascii art so I'll try to describe the setup. > >Imagine a core network with 4 routers, put them in a square, from the top >left clockwise, routerA, routerB, routerC, routerD. > >These routers are connected in a full mesh and OSPF is configured. > >Each router of course is in Area 0 but each router also has another area. > >routerA - 1005 >routerB - 1010 >routerC - 1015 >routerD - 1020 > >There is a fifth router at the bottom - routerE, connecting to routerC and >routerD with equal cost circuits using point-to-point addresses. > >These transit routes are configured into OSPF, each network into the same >area as the core router where it terminates. > >On a third ( Ethernet ) interface on routerE there are two networks, one as >primary and one as secondary. Let's use: primary 142.226.10.0 and secondary: >142.226.20.0 > >Policy routing has been configured to allow the prime network out the >routerE-routerD circuit and the secondary network has been configured to go >out the routerE-routerC circuit. > >EIGRP has been configured for the networks on the inside of routerE and is >redistributed into OSPF with no auto-summary. > >Now, when on either routerA or routerB, the inside routes are in the routing >table as available through both routers. > >Objective. > >Have 142.226.10.0 only advertised out routerE-routerD > >and 142.226.20.0 only advertised out routerE-routerC > >Discussion. > >I have been reading madly about distribute lists and route-maps. It all >reads so simply but I think this particular situation is interesting because >of the two networks on one interface. > >OSPF cannot use a distribute list and use the interface command (would have >been perfect). > >OSPF cannot filter incoming updates (which would have been great on routerC >and routerD). > >On the face of it this "seems" so simple - but - I'm stuck. > >Any ideas welcome. > >tia > >Kevin Wigle > >Using access-lists on the egress ports don't seem to do it either. > > > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fast-switched policy routing forwarding table entries..
Hello, Does anyone know if source-based policy-routing entries are entered in the cache in the form of or or ? What I am trying to establish is whether a seperate route table look up is performed for every unique source-destination pair, or whether since it is source-base policy routed, is simply does a single route table look up and uses the cached entry for every packet initiated from the same source? Thanks, Curtis __ Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
proxy arp cisco pix 506
Does the Cisco PIX 506 support Proxy ARP? Also, does anyone have any experience with it? Good or bad? Sincerely, Chris Kolp, CCNA Systems Engineer Neuron Broadcasting Technologies _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can't ping the internet through pix
As i mentioned below > I've also used the conduit permit icmp any any > command so that i can ping in and out of the firewall... The tricky part is...i can ping from the internal network 192.168.1.x to the router (which is through the firewall)...i can't ping anything past the router... ""Aidan Manning"" <[EMAIL PROTECTED]> wrote in message 99ftm7$og7$[EMAIL PROTECTED]">news:99ftm7$og7$[EMAIL PROTECTED]... > Is there firewall software running? > If so have you rules that are disabling ICMP? > > ""Brent Ulfig"" <[EMAIL PROTECTED]> wrote in message > 99fq63$5no$[EMAIL PROTECTED]">news:99fq63$5no$[EMAIL PROTECTED]... > > I've got an unusual problem with my PIX 515. > > > > I've configured the inside interface correctly, and can ping hosts on the > > internal network. I've configured the outside interface correctly (as far > > as ip addresses go) and can ping anywhere on the internet. > > > > I've configured the router (to the internet) as the default route of the > > pix...and the pix as the default gateway of the hosts on the internal > > network. > > > > I've also used the conduit permit icmp any any > > command so that i can ping in and out of the firewall... > > > > When I try to ping anywhere on the internet from the firewall it > > works...also when i try to ping the internal network it works... > > > > When i try to ping the pix from a host it works...when i try to ping the > > router (to the internet) from a host it works...(meaning it goes through > the > > pix to the router fine) > > > > however, when i try to ping anywhere on the internet (including the next > hop > > from the router) it doesn't work...i can't get passed the router...it just > > dead ends there... > > > > i checked to make sure that the subnet mask on the pix is right...and its > > fine... > > > > any ideas? > > > > > > Thanks, > > > > Brent > > CCNP, CCDA, MCSE, MCP+I, etc. > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: trunking
John, Thanks for your insight. It looks like I will go ahead and plan a conversion to 802.1q I heard that ip telephony will not support isl as well. thanks again! Robert -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 10:24 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: trunking As you know, 802.1q is a standard while ISL is proprietary. If you need interoperability, go with 802.1q. Even if you're all Cisco, some of Cisco's stuff doesn't support ISL. I say use whatever is available and works for you, keeping in mind that reconfiguration in the future will be necessary if you change trunk types. If that's not a big deal, I wouldn't worry about it. If it will cause a horrendous headache to have those trunks down for a minute or two while you reconfigure, then think toward the future and pick 802.1q. I have noticed a configuration difference between the two. It was supposedly fixed in IOS 12.1(2), I think, but I've noticed this in 12.1(5) still. When using ISL, all of your VLANs are placed on subinterfaces on the router. This is because all frames coming across that trunk have an ISL tag for VLAN determination. In 802.1q, the native VLAN (VLAN 1 by default) is not tagged so you have to place the configuration for that VLAN on the major interface. All other VLANs would be on subinterfaces. Regards, John >>> "Lopez, Robert" <[EMAIL PROTECTED]> 3/23/01 7:57:24 AM >>> What are the differences between isl and 802.1q trunking. If I'm in a total cisco switched environment, should I always use isl? What would be a good reason to use 802.1q? Which one is more favored over the other? Robert Robert M. Lopez Network Planning Ann Arbor Data Center Pfizer Global Research & Development _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route filtering - somewhat long
Dear Group, I have an interesting scenario I'm trying to mock up in the lab and getting nowhere fast. I'm not good at ascii art so I'll try to describe the setup. Imagine a core network with 4 routers, put them in a square, from the top left clockwise, routerA, routerB, routerC, routerD. These routers are connected in a full mesh and OSPF is configured. Each router of course is in Area 0 but each router also has another area. routerA - 1005 routerB - 1010 routerC - 1015 routerD - 1020 There is a fifth router at the bottom - routerE, connecting to routerC and routerD with equal cost circuits using point-to-point addresses. These transit routes are configured into OSPF, each network into the same area as the core router where it terminates. On a third ( Ethernet ) interface on routerE there are two networks, one as primary and one as secondary. Let's use: primary 142.226.10.0 and secondary: 142.226.20.0 Policy routing has been configured to allow the prime network out the routerE-routerD circuit and the secondary network has been configured to go out the routerE-routerC circuit. EIGRP has been configured for the networks on the inside of routerE and is redistributed into OSPF with no auto-summary. Now, when on either routerA or routerB, the inside routes are in the routing table as available through both routers. Objective. Have 142.226.10.0 only advertised out routerE-routerD and 142.226.20.0 only advertised out routerE-routerC Discussion. I have been reading madly about distribute lists and route-maps. It all reads so simply but I think this particular situation is interesting because of the two networks on one interface. OSPF cannot use a distribute list and use the interface command (would have been perfect). OSPF cannot filter incoming updates (which would have been great on routerC and routerD). On the face of it this "seems" so simple - but - I'm stuck. Any ideas welcome. tia Kevin Wigle Using access-lists on the egress ports don't seem to do it either. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
