date:20010325

buy a SmartNet, hold the router for a few weeks to a month  send it back
under warranty.  There is nothing you can do.  These interfaces are built
into the motherboard.

Phil

- Original Message -
From: "perryb" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, March 25, 2001 8:42 AM
Subject: Router Repair - Best Option

 Hello all,

 I started building my lab for my upcoming CCIE test and bought several
 routers off of e-bay.  The D-60 serial interface on one of the 2500
routers
 has mangled pins and makes the interface unusable...I need both
interfaces.

 Where can I get the D-60 connector replaced quickly and cheaply ?

 Thanks in advance.

 --perry

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID BETA

2001-03-25 Thread GNOME


14 weeks and still waiting


"Tim Noonan" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi. Has anyone got the results from the CID beta test yet?
 I have taken several beta test and this is the longest I have had to wait
 for the results.
 Thanks,
 Tim
 Ps. Please cc me with any reply becuase I don't have access to the mailing
 list right now.
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP 1.0 and 2.0

2001-03-25 Thread thinkworker


I am going to takes BCMSN tomorrow.

I just coming to find the CLSL is quite different from BCMSN.

Can anyone tell me if it is true that BCMSN cares less on the the line
cards or some other switch engines. I thought they should be some what
similar.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bri flapping with demand cirquit/igrp redistribution

2001-03-25 Thread Jerry Hutcheson


James,

On your access list 15 try changing the mask to .255 instead of .3, even though you 
are using a 30 bit mask at the interface. This has worked for me before.

jer

At 09:59 AM 3/24/2001 -0800, James wrote:
it shouldn't. its layer two, and if you put dialer in debug you see that it
is shown as uninteresting traffic.
- Original Message -
From: "perez claude-vincent" [EMAIL PROTECTED]
To: "Ya Wen" [EMAIL PROTECTED]; "Patrick Murphy"
[EMAIL PROTECTED]; "Leah Lynch" [EMAIL PROTECTED]; "'Jay
Chandradas'" [EMAIL PROTECTED]; "'Chris Larson'" [EMAIL PROTECTED];
"'Bob Boone'" [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Saturday, March 24, 2001 6:22 AM
Subject: RE: bri flapping with demand cirquit/igrp redistribution


 Can somebody tell me how come CDP may bring the line
 up? As you know, it works only in layer 2 as said
 before. Your dialer-list works at layer 3  4 only.

 Did I miss something? :-(



 --- Ya Wen [EMAIL PROTECTED] wrote:
  Try remove the "log" from the access-list 15
  associated with the route-map
  stuff. Also, you do not need the summary-address
  under OSPF.
 
  -Ya
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of
  Patrick Murphy
  Sent: Friday, March 23, 2001 5:04 PM
  To: Leah Lynch; 'Jay Chandradas'; 'Chris Larson';
  'Bob Boone';
  [EMAIL PROTECTED]; [EMAIL PROTECTED]
  Subject: Re: bri flapping with demand cirquit/igrp
  redistribution
 
 
  Also check the BRI interface and see if you see
  IPCDP, it should disapper
  when you no cdp en!
 
  Patrick
 
  - Original Message -
  From: "Leah Lynch" [EMAIL PROTECTED]
  To: "'Jay Chandradas'" [EMAIL PROTECTED]; "'Chris
  Larson'"
  [EMAIL PROTECTED]; "'Bob Boone'"
  [EMAIL PROTECTED];
  [EMAIL PROTECTED]; [EMAIL PROTECTED]
  Sent: Friday, March 23, 2001 7:45 PM
  Subject: RE: bri flapping with demand cirquit/igrp
  redistribution
 
 
   I think you normally disable CDP in dialup lines
  for efficiency.
  
   Leah
  
   -Original Message-
   From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of
   Jay Chandradas
   Sent: Friday, March 23, 2001 2:57 PM
   To: Chris Larson; Bob Boone; [EMAIL PROTECTED];
   [EMAIL PROTECTED]
   Subject: Re: bri flapping with demand cirquit/igrp
  redistribution
  
  
  
  
   I am not sure CDP will keep the line up ? And ur
  interesting traffic is
   permit ip any any . I dont think CDP will keep the
  line up. When u do a
   debug ip pack.. u can nvr see CDP.. CDP is layer
  2.
  
   my 0.02
  
   - Original Message -
   From: "Chris Larson" [EMAIL PROTECTED]
   To: "Bob Boone" [EMAIL PROTECTED]; "Jay
  Chandradas"
  [EMAIL PROTECTED];
   [EMAIL PROTECTED]; [EMAIL PROTECTED]
   Sent: Friday, March 23, 2001 2:40 PM
   Subject: RE: bri flapping with demand cirquit/igrp
  redistribution
  
  
Will CDP keep the line up? Turn off CDP.
   
-Original Message-
From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of
Bob Boone
Sent: Friday, March 16, 2001 5:30 PM
To: Jay Chandradas; [EMAIL PROTECTED];
  [EMAIL PROTECTED]
Subject: Re: bri flapping with demand
  cirquit/igrp redistribution
   
   
Yes i do have passive BRI on IGRP, and also, the
  way it is done now, it
restricts ALL networks, if you look at the
  access-list 15 it has one
statement and then explisit deny all.
still not working.
   
- Original Message -
From: "Jay Chandradas" [EMAIL PROTECTED]
To: "Netguy" [EMAIL PROTECTED];
  [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, March 16, 2001 12:22 PM
Subject: Re: bri flapping with demand
  cirquit/igrp redistribution
   
   
 1. DO u have a passive interface on bri0 under
  router IGRP

 2. I wud do this way !! when u r redisributing
  into OSPG .. allow only
   the
 IGRP networks ( including the network conneted
  with is running IGRP )

 Jay

 when u r redistributing into
 - Original Message -
 From: "Netguy" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED];
  [EMAIL PROTECTED]
 Sent: Friday, March 16, 2001 12:01 PM
 Subject: bri flapping with demand cirquit/igrp
  redistribution


   Hello all you happy people.
   Router A has ospf/igrp mutual
  redistribution and bri
   int dialing elsewhere with demand circuit.
  it keeps
   flapping.
   i followed someone's advice and created a
  route/map
   filter to filter out bri network from igrp
   redistributing back into ospf.
   what the hell am i doing wrong? i know its
  a big
   thing
   that lots of people had problems with.
   here's the key configs:
   interface BRI0/0
ip address 173.5.8.1 255.255.255.252
encapsulation ppp
ip ospf demand-circuit
dialer idle-timeout 15
dialer map ip 173.5.8.2 name R5 broadcast
  8667007
dialer map ip 173.5.8.2 name R5 broadcast
  8667008
dialer

Cisco Book, High Availability Networking with Cisco

2001-03-25 Thread AABAN34



   I just bought the High Availability Networking with Cisco router and I 
must say it's OUTSTANDING. The author goes into many great topic's, that 
other books don't. I would encourage everyone to at least look at it.

You can get online or your local book store


 Autor Vincent C. Jones
 ISBN # 0201704552


Brian

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Book, High Availability Networking with Cisco

2001-03-25 Thread Howard C. Berkowitz


I just bought the High Availability Networking with Cisco router and I
must say it's OUTSTANDING. The author goes into many great topic's, that
other books don't. I would encourage everyone to at least look at it.

You can get online or your local book store


  Autor Vincent C. Jones
  ISBN # 0201704552

Brian

I'm reading it now, and my first reactions also are favorable.  It's 
not precisely aimed at an exam, but that's not necessarily bad.  For 
those of you that read CertificationZone, we've been finding it 
useful to publish what we call "metapapers" internally -- papers that 
talk about real areas of application and help integrate different 
parts of the technologies discussed in the roadmaps.  Bruce Caslow 
has taken a different but complementary approach to presenting 
information not just at the configuration level, with his problem 
recognition methodology.

This book does such integration at book length, and does consider 
selected non-Cisco devices.  In my newest book, WAN Survival Guide, I 
go into more fault tolerance mechanisms, but deliberately do not 
provide configurations since my emphasis is on design.

A more detailed review will follow.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OFF TOPIC - Juniper's concept of multiple routing tables.

2001-03-25 Thread Urooj's Hi-speed Internet


Hi Folks,
Can anyone ( specially the likes of Berkowitzs, Forsyths, Oppenheimers,
etc ) comment on the advantages of having multiple "IP routing tables" in a
router such as featured by Juniper in its M-Series machines. Would it not
consume comparatively more hardware resources on a router in terms of RAM,
CPU cycles, etc ? Thanks in advance.

Aziz S. Islam

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Classless Revisited (this is just odd...)


Sure, I'll try that but I don't see why it should matter.  As I understand
it, ip classless affects routing table lookups only and it doesn't care how
those routes were installed into the table.

Although, given this behavior, my assumption might be wrong.

Thanks,
John

  John,
  Interesting.  I think this is due to OSPF, not redistribution problem. 
Can you try running RIP instead of OSPF ?  
  
  Cheers,
  YY
  
  
  
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  John Neiberger
  Sent: Sunday, March 25, 2001 5:28 AM
  To: [EMAIL PROTECTED]
  Subject: IP Classless Revisited (this is just odd...)
  
  
  Ok, just when you thought it was safe to go back in the water Or
should
  I say, just when I thought I understood the behavior of 'ip classess' and
  'no ip classless'  Let me summarize my lab setup.
  
  RouterA-RouterB--RouterC
  
  Pretty simple.  AtoB is 10.1.1.0/24, BtoA is 10.1.2.0/24.  OSPF is
running
  on both links.  'ip classless' is on A and C, but not B initially.  On B
I
  see these routes:
  
   10.0.0.0/24 is subnetted, 2 subnets
  C   10.1.2.0 is directly connected, Serial1
  C   10.1.1.0 is directly connected, Serial0
  
  That's what I expect to see.  Then I add a default route on B, 'ip route
  0.0.0.0 0.0.0.0 10.1.1.2'.  With no ip classless configured, any packets
to
  unknown subnets of 10.0.0.0/8 should be dropped.  I tested it and that is
  the case.  With 'ip classless' configured, and unknown packets regardless
of
  major network get routed to 10.1.1.2.
  
  Now here is what I don't understand.  Let's turn off ip classless on B
  again, then go to Router C and add a default route to null0 and
  default-information originate to the ospf process.  I now see this in
router
  B:
  
   10.0.0.0/24 is subnetted, 2 subnets
  C   10.1.2.0 is directly connected, Serial1
  C   10.1.1.0 is directly connected, Serial0
  O*E2 0.0.0.0/0 [110/1] via 10.1.2.2, 00:06:38, Serial1
  
  There is indeed a default route.  With no ip classless configured, I
would
  expect the same behavior as before.  If I were to ping 10.5.5.5 the
packets
  should be unroutable, but they're not!  They get routed to the default
route
  whether or not ip classless is configured.
  
  Why is a default route learned through a routing protocol treated
  differently than a manually configured default route?  I went through
this
  entire process twice and I just don't understand the behavior.
  
  What am I missing?  I know it's going to be something obvious, but I
don't
  see it yet.  
  
  Ok, I just now tried this:  with the ospf external default route still in
  the routing table, I pinged 10.5.5.5 and it took the default route.  Then
I
  manually added a default static route and the destination became
unroutable
  due to 'no ip classless' being configured.  Removing the static default
it
  becomes routable again.
  
  Weird.  What's going on?
  
  Thanks,
  John
  
  
  
  
  
  ___
  Send a cool gift with your E-Card
  http://www.bluemountain.com/giftcenter/
  
  
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIP does not advertise in IGRP - what's wrong?


If I understand your topology, the problem is that you are running RIP and
IGRP with a discontiguous classfull network.  Let me rephrase that.  g

It appears that your network looks like this:

A 10.1.0.0 - 192.168.10.0 -- B 10.2.0.0

RIP and IGRP cannot pass subnet mask information in their routing updates. 
This means that router A above thinks that the entire 10.0.0.0 network --not
just 10.1.0.0/16-- resides to its left. Router B think the entire
10.0.0.0/16 network resides to its right.  These routers will get very
confused and will behave in the manner that you're seeing.

To correct this behavior you must run a classless routing protocol that
includes subnet mask information in its updates, so your options are eigrp,
ospf, and is-is.  This will solve your problem.

I hope that makes sense.  I just woke up and I'm still pretty groggy!

Regards,
John

  Hi All - In my network enviroment, I have LANs with 10.x.0.0/16 networks
and
  WAN with 192.168.10.0/24.  I use RIP for LAN and IGRP for WAN.  On RIP, I
  redistribute IGRP, and vice versa, on IGRP I redistribute RIP.  However,
I
  cannot ping from one LAN to the other LAN.  If I put a static route to
  specify the next hop, then I can ping the other LAN.  Is there a way to
have
  the network learn all the LAN dynamically, instead of static route?  I am
  running IOS ver 11.3 on both routers.  Here is my configuration:
  
  ---
  Router1#
  !
  interface Ethernet0/0
ip address 10.1.100.100 255.255.0.0
  !
  !
  interface Serial0/0
ip address 192.168.10.1 255.255.255.0
encapsulation frame-relay
keepalive 5
  !
  !
  router rip
redistribute igrp 200
passive-interface Serial0/0
passive-interface Serial0/1
network 10.0.0.0
  !
  router igrp 200
redistribute rip
passive-interface Ethernet0/0
network 192.168.10.0
no default-information in
no default-information out
  !
  ..
  !
  Router1#
  
 

  --
  
  Router2#
  !
  interface Ethernet0/0
ip address 10.2.100.100 255.255.0.0
  !
  !
  interface Serial0/0
ip address 192.168.10.2 255.255.255.0
encapsulation frame-relay
keepalive 5
  !
  !
  router rip
redistribute igrp 200
passive-interface Serial0/0
passive-interface Serial0/1
network 10.0.0.0
  !
  router igrp 200
redistribute rip
passive-interface Ethernet0/0
network 192.168.10.0
no default-information in
no default-information out
  !
  ..
  !
  Router2#
 

  --
  
  Thanks All in advance!
  
  
  
  
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Classless Revisited (More info)


Okay, I just tried this with RIP advertising the default route and I'm even
more confused!  Now, it behaves as I would expect.  With no ip classless,
pings to unknown 10.x.x.x subnets are unroutable even though there is a
default route in the routing table.

With no ip classless, why does my router take the default route when it was
installed by OSPF but not when it was installed by RIP?  I would expect it
to never take the default route for 10.x.x.x addresses with no ip classless.

This really concerns me because I was taking a practice CCIE written exam a
few days ago and ran across a question like this and I answered the question
assuming normal behavior of no ip classless and got it right.  Now I'm
thinking there are some more twists to its behavior that i'm not aware of.

John

  Sure, I'll try that but I don't see why it should matter.  As I
understand
  it, ip classless affects routing table lookups only and it doesn't care
how
  those routes were installed into the table.
  
  Although, given this behavior, my assumption might be wrong.
  
  Thanks,
  John
  
John,
Interesting.  I think this is due to OSPF, not redistribution problem.

  Can you try running RIP instead of OSPF ?  

Cheers,
YY



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Sunday, March 25, 2001 5:28 AM
To: [EMAIL PROTECTED]
Subject: IP Classless Revisited (this is just odd...)


Ok, just when you thought it was safe to go back in the water Or
  should
I say, just when I thought I understood the behavior of 'ip classess'
and
'no ip classless'  Let me summarize my lab setup.

RouterA-RouterB--RouterC

Pretty simple.  AtoB is 10.1.1.0/24, BtoA is 10.1.2.0/24.  OSPF is
  running
on both links.  'ip classless' is on A and C, but not B initially.  On
B
  I
see these routes:

 10.0.0.0/24 is subnetted, 2 subnets
C   10.1.2.0 is directly connected, Serial1
C   10.1.1.0 is directly connected, Serial0

That's what I expect to see.  Then I add a default route on B, 'ip
route
0.0.0.0 0.0.0.0 10.1.1.2'.  With no ip classless configured, any
packets
  to
unknown subnets of 10.0.0.0/8 should be dropped.  I tested it and that
is
the case.  With 'ip classless' configured, and unknown packets
regardless
  of
major network get routed to 10.1.1.2.

Now here is what I don't understand.  Let's turn off ip classless on B
again, then go to Router C and add a default route to null0 and
default-information originate to the ospf process.  I now see this in
  router
B:

 10.0.0.0/24 is subnetted, 2 subnets
C   10.1.2.0 is directly connected, Serial1
C   10.1.1.0 is directly connected, Serial0
O*E2 0.0.0.0/0 [110/1] via 10.1.2.2, 00:06:38, Serial1

There is indeed a default route.  With no ip classless configured, I
  would
expect the same behavior as before.  If I were to ping 10.5.5.5 the
  packets
should be unroutable, but they're not!  They get routed to the default
  route
whether or not ip classless is configured.

Why is a default route learned through a routing protocol treated
differently than a manually configured default route?  I went through
  this
entire process twice and I just don't understand the behavior.

What am I missing?  I know it's going to be something obvious, but I
  don't
see it yet.  

Ok, I just now tried this:  with the ospf external default route still
in
the routing table, I pinged 10.5.5.5 and it took the default route. 
Then
  I
manually added a default static route and the destination became
  unroutable
due to 'no ip classless' being configured.  Removing the static
default
  it
becomes routable again.

Weird.  What's going on?

Thanks,
John





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  
  
  
  
  
  ___
  Send a cool gift with your E-Card
  http://www.bluemountain.com/giftcenter/
  
  
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure

Re: RIP does not advertise in IGRP - what's wrong?


Thanks John!  It starts to make sense to me know!  Is it possible to take
out RIP and just run EIGRP without "passive-interface" and "redistribute"?
If so what's the trade off?  Again Thanks for the help!



"John Neiberger" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 If I understand your topology, the problem is that you are running RIP and
 IGRP with a discontiguous classfull network.  Let me rephrase that.  g

 It appears that your network looks like this:

 A 10.1.0.0 - 192.168.10.0 -- B 10.2.0.0

 RIP and IGRP cannot pass subnet mask information in their routing updates.
 This means that router A above thinks that the entire 10.0.0.0
network --not
 just 10.1.0.0/16-- resides to its left. Router B think the entire
 10.0.0.0/16 network resides to its right.  These routers will get very
 confused and will behave in the manner that you're seeing.

 To correct this behavior you must run a classless routing protocol that
 includes subnet mask information in its updates, so your options are
eigrp,
 ospf, and is-is.  This will solve your problem.

 I hope that makes sense.  I just woke up and I'm still pretty groggy!

 Regards,
 John

   Hi All - In my network enviroment, I have LANs with 10.x.0.0/16
networks
 and
   WAN with 192.168.10.0/24.  I use RIP for LAN and IGRP for WAN.  On RIP,
I
   redistribute IGRP, and vice versa, on IGRP I redistribute RIP.
However,
 I
   cannot ping from one LAN to the other LAN.  If I put a static route to
   specify the next hop, then I can ping the other LAN.  Is there a way to
 have
   the network learn all the LAN dynamically, instead of static route?  I
am
   running IOS ver 11.3 on both routers.  Here is my configuration:
 
   ---
   Router1#
   !
   interface Ethernet0/0
 ip address 10.1.100.100 255.255.0.0
   !
   !
   interface Serial0/0
 ip address 192.168.10.1 255.255.255.0
 encapsulation frame-relay
 keepalive 5
   !
   !
   router rip
 redistribute igrp 200
 passive-interface Serial0/0
 passive-interface Serial0/1
 network 10.0.0.0
   !
   router igrp 200
 redistribute rip
 passive-interface Ethernet0/0
 network 192.168.10.0
 no default-information in
 no default-information out
   !
   ..
   !
   Router1#
 
 
 --
--
   --
 
   Router2#
   !
   interface Ethernet0/0
 ip address 10.2.100.100 255.255.0.0
   !
   !
   interface Serial0/0
 ip address 192.168.10.2 255.255.255.0
 encapsulation frame-relay
 keepalive 5
   !
   !
   router rip
 redistribute igrp 200
 passive-interface Serial0/0
 passive-interface Serial0/1
 network 10.0.0.0
   !
   router igrp 200
 redistribute rip
 passive-interface Ethernet0/0
 network 192.168.10.0
 no default-information in
 no default-information out
   !
   ..
   !
   Router2#
 
 --
--
   --
 
   Thanks All in advance!
 
 
 
 
   _
   FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





 ___
 Send a cool gift with your E-Card
 http://www.bluemountain.com/giftcenter/


 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OFF TOPIC - Juniper's concept of multiple routing tables.

2001-03-25 Thread Howard C. Berkowitz


Hi Folks,
Can anyone ( specially the likes of Berkowitzs, Forsyths, Oppenheimers,
etc ) comment on the advantages of having multiple "IP routing tables" in a
router such as featured by Juniper in its M-Series machines. Would it not
consume comparatively more hardware resources on a router in terms of RAM,
CPU cycles, etc ? Thanks in advance.

Aziz S. Islam


I'm not an expert on Juniper's implementation, but I am going to 
assume, by routing table, you refer to multiple routing information 
bases (RIB), not multiple forwarding information bases (FIB). 
Multiple FIBs are necessary in any high-performance implementation 
that uses distributed forwarding, such as dCEF.

Frankly, there's a religious war among protocol architects about 
whether to have one main routing table and process into which you 
load more and more state, or multiple routing tables/instances for 
different communities of interest. These issues are especially heated 
when dealing with VPNs.  If you look through IETF drafts, you will 
find lots of different opinions.

RFC2547 style VPNs, for example, load lots and lots of VPN state into 
a provider's BGP. Admittedly, not all this state information is 
propagated to other providers.  Even if you are doing a multiprovider 
VPN, only subsets will be advertised outside the provider.  But there 
are certainly concerns about the amount of state and complexity this 
adds to BGP.

There are some proposals to do a 2547-variant using IGPs to 
disseminate information within providers. I like this somewhat 
better, although I haven't done detailed analysis.

A comment from the audience at the last NANOG, with respect to 2547: 
"if this is the answer, it must have been a pretty stupid question."

The multiple virtual router approach reduces the amount of state that 
any single process has to maintain, but may have operational 
limitations (or operational benefits, depending on your point of 
view) in that it doesn't show a consistent, provider-wide view of 
routing.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP 1.0 and 2.0


BCMSN does care less about the line cards and processors, but you had better
understand multilayer switching.

Best Regards,

Chad A. Simmons, MCSE, CCNP, CCDP
Network Consultant
Network Services Group
Court Square Data Group, Inc.
1391 Main St.
Springfield, Ma. 01103
(413) 746-0054 (Phone)
(413) 746-0058 (Fax)
[EMAIL PROTECTED]
http://www.csdg.com
Information solutions that work in the real world.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 25, 2001 9:03 AM
To: Cisco
Subject: CCNP 1.0 and 2.0


I am going to takes BCMSN tomorrow.

I just coming to find the CLSL is quite different from BCMSN.

Can anyone tell me if it is true that BCMSN cares less on the the line
cards or some other switch engines. I thought they should be some what
similar.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routing on a stick with 3Com Switch?

2001-03-25 Thread Vincent


should work on 802.1q

""Thomas"" [EMAIL PROTECTED] ¼¶¼g©ó¶l¥ó
99h0pd$471$[EMAIL PROTECTED]">news:99h0pd$471$[EMAIL PROTECTED]...
 Hi All - I wonder if it is possible to implement the "Routing on a stick"
 method using Cisco 3620 router (with 1 fast ethernet port) and the 3Com
 CoreBuilder 5000 switch?  Thanks in advance!!!


 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Classless Revisited (More info)

2001-03-25 Thread Vincent


I guess in faovour of metric.

"John Neiberger" [EMAIL PROTECTED] ¼¶¼g©ó¶l¥ó
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Okay, I just tried this with RIP advertising the default route and I'm
even
 more confused!  Now, it behaves as I would expect.  With no ip classless,
 pings to unknown 10.x.x.x subnets are unroutable even though there is a
 default route in the routing table.

 With no ip classless, why does my router take the default route when it
was
 installed by OSPF but not when it was installed by RIP?  I would expect it
 to never take the default route for 10.x.x.x addresses with no ip
classless.

 This really concerns me because I was taking a practice CCIE written exam
a
 few days ago and ran across a question like this and I answered the
question
 assuming normal behavior of no ip classless and got it right.  Now I'm
 thinking there are some more twists to its behavior that i'm not aware of.

 John

   Sure, I'll try that but I don't see why it should matter.  As I
 understand
   it, ip classless affects routing table lookups only and it doesn't care
 how
   those routes were installed into the table.
 
   Although, given this behavior, my assumption might be wrong.
 
   Thanks,
   John
 
 John,
 Interesting.  I think this is due to OSPF, not redistribution
problem.

   Can you try running RIP instead of OSPF ?
   
 Cheers,
 YY
   
   
   
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
 John Neiberger
 Sent: Sunday, March 25, 2001 5:28 AM
 To: [EMAIL PROTECTED]
 Subject: IP Classless Revisited (this is just odd...)
   
   
 Ok, just when you thought it was safe to go back in the water Or
   should
 I say, just when I thought I understood the behavior of 'ip
classess'
 and
 'no ip classless'  Let me summarize my lab setup.
   
 RouterA-RouterB--RouterC
   
 Pretty simple.  AtoB is 10.1.1.0/24, BtoA is 10.1.2.0/24.  OSPF is
   running
 on both links.  'ip classless' is on A and C, but not B initially.
On
 B
   I
 see these routes:
   
  10.0.0.0/24 is subnetted, 2 subnets
 C   10.1.2.0 is directly connected, Serial1
 C   10.1.1.0 is directly connected, Serial0
   
 That's what I expect to see.  Then I add a default route on B, 'ip
 route
 0.0.0.0 0.0.0.0 10.1.1.2'.  With no ip classless configured, any
 packets
   to
 unknown subnets of 10.0.0.0/8 should be dropped.  I tested it and
that
 is
 the case.  With 'ip classless' configured, and unknown packets
 regardless
   of
 major network get routed to 10.1.1.2.
   
 Now here is what I don't understand.  Let's turn off ip classless on
B
 again, then go to Router C and add a default route to null0 and
 default-information originate to the ospf process.  I now see this
in
   router
 B:
   
  10.0.0.0/24 is subnetted, 2 subnets
 C   10.1.2.0 is directly connected, Serial1
 C   10.1.1.0 is directly connected, Serial0
 O*E2 0.0.0.0/0 [110/1] via 10.1.2.2, 00:06:38, Serial1
   
 There is indeed a default route.  With no ip classless configured, I
   would
 expect the same behavior as before.  If I were to ping 10.5.5.5 the
   packets
 should be unroutable, but they're not!  They get routed to the
default
   route
 whether or not ip classless is configured.
   
 Why is a default route learned through a routing protocol treated
 differently than a manually configured default route?  I went
through
   this
 entire process twice and I just don't understand the behavior.
   
 What am I missing?  I know it's going to be something obvious, but I
   don't
 see it yet.
   
 Ok, I just now tried this:  with the ospf external default route
still
 in
 the routing table, I pinged 10.5.5.5 and it took the default route.
 Then
   I
 manually added a default static route and the destination became
   unroutable
 due to 'no ip classless' being configured.  Removing the static
 default
   it
 becomes routable again.
   
 Weird.  What's going on?
   
 Thanks,
 John
   
   
   
   
   
 ___
 Send a cool gift with your E-Card
 http://www.bluemountain.com/giftcenter/
   
   
 _
 FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
 
 
 
 
 
   ___
   Send a cool gift with your E-Card
   http://www.bluemountain.com/giftcenter/
 
 
   _
   FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





 ___
 Send a cool gift with your E-Card

Cisco IDS + Cisco Secure Policy Manager

2001-03-25 Thread Laszlo Csosza


Hi!

I'm trying to setup a configuration mentioned in the subject...

Everything works nice with sensing, shunning, alarming, etc... but I have one
question.
Should I direct the syslog data stream to the sensor or to the policy manager
when monitoring ACL violations?

--

cU,

Laszlo Csosza




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

redundant serial links in same subnet??

2001-03-25 Thread Dimitrije


I colleague of mine has a network connecting two routers with redundant serial
links. These serial links happen to reside in the same subnet as follows:

   Router
ARouter
B
S0 - 192.1.67.1/24 - 192.1.67.201/24  - S0
S1 - 192.1.67.2/24 - 192.1.67.202/14  - S1

Both Routers are running RIP.

When both links are up, network is very sluggish and ping works intermittently
(anywhere from 40%-70% of the time) between Routers A  B.  When either link is
shut down (only one link is up at a time), pings work 100% of the time.

I'm suspecting that having both serial links in the same subnet is creating
problems.  First of all, can you even do this?  Secondly, if you can put both
serial 0  1 in the same subnet, is this creating a layer-2 bridge-loop
environment?

I think that putting each serial link in a separate sub-net should solve the
problem, but I don't have access to any equipment to test this.

Am I correct or off-base??  Any definitive feedback would be great.  Any links
to spell out the issues with this scenario would also be helpful.

thanks,
dj


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIP does not advertise in IGRP - what's wrong?


Without knowing why you originally chose to run both RIP and IGRP, I can't
tell you exactly what the trade-offs might be.  Unless you have some other
non-Cisco devices (like Unix boxes) that need to listen to RIP updates, why
not turn off both RIP and IGRP and then only run EIGRP?  You wouldn't have
to worry about those redistribution issues if you were running a single
routing protocol.

HTH,
John

  Thanks John!  It starts to make sense to me know!  Is it possible to take
  out RIP and just run EIGRP without "passive-interface" and
"redistribute"?
  If so what's the trade off?  Again Thanks for the help!
  
  
  
  "John Neiberger" [EMAIL PROTECTED] wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   If I understand your topology, the problem is that you are running RIP
and
   IGRP with a discontiguous classfull network.  Let me rephrase that. 
g
  
   It appears that your network looks like this:
  
   A 10.1.0.0 - 192.168.10.0 -- B 10.2.0.0
  
   RIP and IGRP cannot pass subnet mask information in their routing
updates.
   This means that router A above thinks that the entire 10.0.0.0
  network --not
   just 10.1.0.0/16-- resides to its left. Router B think the entire
   10.0.0.0/16 network resides to its right.  These routers will get very
   confused and will behave in the manner that you're seeing.
  
   To correct this behavior you must run a classless routing protocol that
   includes subnet mask information in its updates, so your options are
  eigrp,
   ospf, and is-is.  This will solve your problem.
  
   I hope that makes sense.  I just woke up and I'm still pretty groggy!
  
   Regards,
   John
  
 Hi All - In my network enviroment, I have LANs with 10.x.0.0/16
  networks
   and
 WAN with 192.168.10.0/24.  I use RIP for LAN and IGRP for WAN.  On
RIP,
  I
 redistribute IGRP, and vice versa, on IGRP I redistribute RIP.
  However,
   I
 cannot ping from one LAN to the other LAN.  If I put a static route
to
 specify the next hop, then I can ping the other LAN.  Is there a way
to
   have
 the network learn all the LAN dynamically, instead of static route? 
I
  am
 running IOS ver 11.3 on both routers.  Here is my configuration:
   

---
 Router1#
 !
 interface Ethernet0/0
   ip address 10.1.100.100 255.255.0.0
 !
 !
 interface Serial0/0
   ip address 192.168.10.1 255.255.255.0
   encapsulation frame-relay
   keepalive 5
 !
 !
 router rip
   redistribute igrp 200
   passive-interface Serial0/0
   passive-interface Serial0/1
   network 10.0.0.0
 !
 router igrp 200
   redistribute rip
   passive-interface Ethernet0/0
   network 192.168.10.0
   no default-information in
   no default-information out
 !
 ..
 !
 Router1#
   
   
  
--
  --
 --
   
 Router2#
 !
 interface Ethernet0/0
   ip address 10.2.100.100 255.255.0.0
 !
 !
 interface Serial0/0
   ip address 192.168.10.2 255.255.255.0
   encapsulation frame-relay
   keepalive 5
 !
 !
 router rip
   redistribute igrp 200
   passive-interface Serial0/0
   passive-interface Serial0/1
   network 10.0.0.0
 !
 router igrp 200
   redistribute rip
   passive-interface Ethernet0/0
   network 192.168.10.0
   no default-information in
   no default-information out
 !
 ..
 !
 Router2#
   
  
--
  --
 --
   
 Thanks All in advance!
   
   
   
   
 _
 FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
  
  
  
  
  
   ___
   Send a cool gift with your E-Card
   http://www.bluemountain.com/giftcenter/
  
  
   _
   FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  
  
  
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Classless Revisited (More info)


Metric shouldn't have anything to do with it.  Whether I'm using RIP or OSPF
the default route is being added to the routing table of the hub router. 
The issue is that with no ip classless configured, the hub router should NOT
ever pick the default route when trying to reach unknown subnets of the
10.x.x.x network.

In my case, when RIP installed the default route it behaves correctly.  When
OSPF installed the route it behaved as if 'ip classless' were configured.

Very odd.

John

  I guess in faovour of metric.
  
  "John Neiberger" [EMAIL PROTECTED] ¼¶¼g©ó¶l¥ó
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Okay, I just tried this with RIP advertising the default route and I'm
  even
   more confused!  Now, it behaves as I would expect.  With no ip
classless,
   pings to unknown 10.x.x.x subnets are unroutable even though there is a
   default route in the routing table.
  
   With no ip classless, why does my router take the default route when it
  was
   installed by OSPF but not when it was installed by RIP?  I would expect
it
   to never take the default route for 10.x.x.x addresses with no ip
  classless.
  
   This really concerns me because I was taking a practice CCIE written
exam
  a
   few days ago and ran across a question like this and I answered the
  question
   assuming normal behavior of no ip classless and got it right.  Now I'm
   thinking there are some more twists to its behavior that i'm not aware
of.
  
   John
  
 Sure, I'll try that but I don't see why it should matter.  As I
   understand
 it, ip classless affects routing table lookups only and it doesn't
care
   how
 those routes were installed into the table.
   
 Although, given this behavior, my assumption might be wrong.
   
 Thanks,
 John
   
   John,
   Interesting.  I think this is due to OSPF, not redistribution
  problem.
  
 Can you try running RIP instead of OSPF ?
 
   Cheers,
   YY
 
 
 
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf
  Of
   John Neiberger
   Sent: Sunday, March 25, 2001 5:28 AM
   To: [EMAIL PROTECTED]
   Subject: IP Classless Revisited (this is just odd...)
 
 
   Ok, just when you thought it was safe to go back in the water
Or
 should
   I say, just when I thought I understood the behavior of 'ip
  classess'
   and
   'no ip classless'  Let me summarize my lab setup.
 
   RouterA-RouterB--RouterC
 
   Pretty simple.  AtoB is 10.1.1.0/24, BtoA is 10.1.2.0/24.  OSPF
is
 running
   on both links.  'ip classless' is on A and C, but not B
initially.
  On
   B
 I
   see these routes:
 
10.0.0.0/24 is subnetted, 2 subnets
   C   10.1.2.0 is directly connected, Serial1
   C   10.1.1.0 is directly connected, Serial0
 
   That's what I expect to see.  Then I add a default route on B,
'ip
   route
   0.0.0.0 0.0.0.0 10.1.1.2'.  With no ip classless configured, any
   packets
 to
   unknown subnets of 10.0.0.0/8 should be dropped.  I tested it and
  that
   is
   the case.  With 'ip classless' configured, and unknown packets
   regardless
 of
   major network get routed to 10.1.1.2.
 
   Now here is what I don't understand.  Let's turn off ip classless
on
  B
   again, then go to Router C and add a default route to null0 and
   default-information originate to the ospf process.  I now see
this
  in
 router
   B:
 
10.0.0.0/24 is subnetted, 2 subnets
   C   10.1.2.0 is directly connected, Serial1
   C   10.1.1.0 is directly connected, Serial0
   O*E2 0.0.0.0/0 [110/1] via 10.1.2.2, 00:06:38, Serial1
 
   There is indeed a default route.  With no ip classless
configured, I
 would
   expect the same behavior as before.  If I were to ping 10.5.5.5
the
 packets
   should be unroutable, but they're not!  They get routed to the
  default
 route
   whether or not ip classless is configured.
 
   Why is a default route learned through a routing protocol treated
   differently than a manually configured default route?  I went
  through
 this
   entire process twice and I just don't understand the behavior.
 
   What am I missing?  I know it's going to be something obvious,
but I
 don't
   see it yet.
 
   Ok, I just now tried this:  with the ospf external default route
  still
   in
   the routing table, I pinged 10.5.5.5 and it took the default
route.
   Then
 I
   manually added a default static route and the destination became
 unroutable
   due to 'no ip classless' being configured.  Removing the static
   default
 it
   becomes routable again.
 
   Weird.  What's going on?
 
   Thanks,
   John

RE: IP Classless Revisited (this is just odd...)


I'm not sure how that helps in this case.  In both scenarios, whether using
RIP or OSPF, the default route is being learned dynamically by the hub
router and it is installed into the routing table.  The problem is that with
no ip classless configured, that router should never use the default route
when trying to reach unknown subnets of 10.x.x.x.  When running RIP, it
behaves as expected.  When running OSPF, it behaves as if ip classless were
configured.

Any other thoughts?

Thanks
John

On Sun, 25 Mar 2001 10:11:40 -0800 (PST), Mike McCline wrote:

John
Take a look at the Cisco link below, for a sanity
check.http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/np1_c/1cindep.htm#37279

-Mike





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet address question ...


I don't recognize the packets. Maybe someone else will. You could look up 
the TCP port numbers for a clue. Port 1389, for example, claims to be for 
Document Management. TCP port numbers are in the Assigned Numbers RFC 1700.

Also, check the IP source. Determine if it's a server, end station, or 
whatever. This is probably some proprietary application.

Priscilla

At 01:29 PM 3/25/01, you wrote:

Here is some packets from tcpdump capture and printed out with tethereal.

Public IP-addresses and host names edited for security reasons ...

I really don't expect you to use too much time to this problen, but here
is capture when you asked.

Thank you very much for interest.



Frame 1 (298 on wire, 158 captured)
 Arrival Time: Mar 23, 2001 11:40:21.9112
 Time delta from previous packet: 0.00 seconds
 Time relative to first packet: 0.00 seconds
 Frame Number: 1
 Packet Length: 298 bytes
 Capture Length: 158 bytes
Ethernet II
 Destination: 00:00:00:00:00:01 (XEROX_00:00:01)
 Source: 00:50:50:c4:ec:38 (Cisco_c4:ec:38)
 Type: IP (0x0800)
Internet Protocol
 Version: 4
 Header length: 20 bytes
 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  00.. = Differentiated Services Codepoint: Default (0x00)
  ..0. = ECN-Capable Transport (ECT): 0
  ...0 = ECN-CE: 0
 Total Length: 284
 Identification: 0xa452
 Flags: 0x00
 .0.. = Don't fragment: Not set
 ..0. = More fragments: Not set
 Fragment offset: 0
 Time to live: 59
 Protocol: TCP (0x06)
 Header checksum: 0x7ad2 (correct)
 Source: somehost.huch.fi (195.215.135.75)
 Destination: 10.65.11.84 (10.65.11.84)
Transmission Control Protocol, Src Port: 9005 (9005), Dst Port: 1389 
(1389), Seq: 2585933962, Ack: 99353967
 Source port: 9005 (9005)
 Destination port: 1389 (1389)
 Sequence number: 2585933962
 Next sequence number: 2585934206
 Acknowledgement number: 99353967
 Header length: 20 bytes
 Flags: 0x0018 (PSH, ACK)
 0...  = Congestion Window Reduced (CWR): Not set
 .0..  = ECN-Echo: Not set
 ..0.  = Urgent: Not set
 ...1  = Acknowledgment: Set
  1... = Push: Set
  .0.. = Reset: Not set
  ..0. = Syn: Not set
  ...0 = Fin: Not set
 Window size: 16384
 Checksum: 0x0175
Data (104 bytes)

DATA SNIPPED OUT


Frame 2 (150 on wire, 150 captured)
 Arrival Time: Mar 23, 2001 11:40:22.1129
 Time delta from previous packet: 0.201696 seconds
 Time relative to first packet: 0.201696 seconds
 Frame Number: 2
 Packet Length: 150 bytes
 Capture Length: 150 bytes
Ethernet II
 Destination: 00:00:00:00:00:01 (XEROX_00:00:01)
 Source: 00:50:50:c4:ec:38 (Cisco_c4:ec:38)
 Type: IP (0x0800)
Internet Protocol
 Version: 4
 Header length: 20 bytes
 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  00.. = Differentiated Services Codepoint: Default (0x00)
  ..0. = ECN-Capable Transport (ECT): 0
  ...0 = ECN-CE: 0
 Total Length: 136
 Identification: 0x2e0c
 Flags: 0x04
 .1.. = Don't fragment: Set
 ..0. = More fragments: Not set
 Fragment offset: 0
 Time to live: 127
 Protocol: TCP (0x06)
 Header checksum: 0x69f8 (correct)
 Source: otherhost.huch.fi (195.215.135.60)
 Destination: 10.65.15.23 (10.65.15.23)
Transmission Control Protocol, Src Port: 2632 (2632), Dst Port: 1152 
(1152), Seq: 499318847, Ack: 7520061
 Source port: 2632 (2632)
 Destination port: 1152 (1152)
 Sequence number: 499318847
 Next sequence number: 499318943
 Acknowledgement number: 7520061
 Header length: 20 bytes
 Flags: 0x0018 (PSH, ACK)
 0...  = Congestion Window Reduced (CWR): Not set
 .0..  = ECN-Echo: Not set
 ..0.  = Urgent: Not set
 ...1  = Acknowledgment: Set
  1... = Push: Set
  .0.. = Reset: Not set
  ..0. = Syn: Not set
  ...0 = Fin: Not set
 Window size: 8304
 Checksum: 0xfa51 (correct)
Data (96 bytes)

DATA SNIPPED OUT

Frame 3 (150 on wire, 150 captured)
 Arrival Time: Mar 23, 2001 11:40:22.5730
 Time delta from previous packet: 0.460179 seconds
 Time relative to first packet: 0.661875 seconds
 Frame Number: 3
 Packet Length: 150 bytes
 Capture Length: 150 bytes
Ethernet II
 Destination: 00:00:00:00:00:01 (XEROX_00:00:01)
 Source: 00:50:50:c4:ec:38 (Cisco_c4:ec:38)
 Type: IP (0x0800)
Internet Protocol
 Version: 4
 Header length: 20 bytes
 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  00.. = Differentiated Services Codepoint: Default (0x00)
  ..0. = ECN-Capable Transport (ECT): 0
  ...0 = ECN-CE: 0
 Total Length: 136
 Identification:

Re: CID BETA

2001-03-25 Thread F.G.J. Ruiz-Alaniz


Anyone know who we can call at Cisco?  Speaking to Prometric is a
waste of time because they blame Cisco (this from past experience with
them).

Not to spread rumors, but I think this is related to them not having
published the updated CID 4.0 class yet.  I can't find any mention of
it anywhere.  Beta exams from other companies are not this bad, I've
never even had one from Novell, Microsoft, or CompTIA take more than 8
weeks for me to get my report in the mail.

Well, I'll continue waiting...

On 25 Mar 2001 09:56:29 -0500, [EMAIL PROTECTED] ("GNOME") wrote:

14 weeks and still waiting


"Tim Noonan" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi. Has anyone got the results from the CID beta test yet?
 I have taken several beta test and this is the longest I have had to wait
 for the results.
 Thanks,
 Tim
 Ps. Please cc me with any reply becuase I don't have access to the mailing
 list right now.
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet address question (long)


The router should get the MAC address by ARPing. Try to capture the ARPs.

If the router is fast-switching, then you wouldn't catch the ARPs unless 
you clear the ARP table on the router first, (which it sounds like you 
can't do since you don't have access to the router.) But this may not be a 
problem since fast switching is not the default when the ingress and egress 
ports are the same as you describe.

Priscilla


At 12:38 PM 3/25/01, Janne Kettunen wrote:

First. Thank you very much answering my question.

Let me clarify some background about this MAC-address case.

We have many different IP-subnets at same side of router.

Please don't ask me why, it's too long story to tell here :-)

Some of traffic which goes to router and back is targeted at
layer-2 to this 00:00:00:00:00:01 ethernet address. Still Layer-3
destination address vary depending targeted IP-host. Problem is that our
Layer-2 switches pass through these 00:00:00:00:00:01 frames even Layer-3
(IP) hosts are in other parts of our Layer-2 switched network.

Example:

Source: IP-HostA 10.65.10.1/16 - Destination: IP-HostB 10.100.100.10/16

Packet goes to Default router as it should (10.65.0.1) and leaves from
same router interface to other network.

BUT when it leaves router, MAC-Destination address is sometimes this
strange 00:00:00:00:01. And this is Unicast packet from/to Telnet or POP3
services (for example).

Source and Destination IP-hosts are not same pair ie. they may be
whatever IP-hosts in whatever different subnets.

This problem appears in traffic to any direction in any subnets in any
OS-system type. I think our router is doing something strange, but
because I can't get it's configuration I can't tell you more details from
there at the moment (It's Cisco router).

That's why I'm interested to know something about this MAC-address.

PS. We have also DECnet,IPX and LAT traffic in our network, but these
problem packets are definitely IP traffic.

--
Regards Janne Kettunen
CCNA, CFFE

_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID BETA


Maybe they laid off the people working on it. Just kidding. Seriously, the 
Cisco training department has always worked at about 1/100,000,000 the 
speed of Internet time.

Analyzing the results of a beta test is time-consuming, though, and 
sometimes there are arguments on the meaning of the results. The test 
writers must go through and weed out questions that everyone got right, 
even the obvious newbies. (Newbies and experts are defined by the test 
results, so it's an iterative process.) They must eliminate questions that 
nobody got right. They must eliminate questions that the newbies got right 
but the experts got wrong. Then they have to rescore the beta results.

If they eliminated too many questions, they have to add new ones. This must 
be done with care since the new questions won't go through the same beta 
test. Then, they must make sure the course matches the test.

Still, I agree that it's egregious that it has taken 14 weeks.

Priscilla

At 02:22 PM 3/25/01, F.G.J. Ruiz-Alaniz wrote:
Anyone know who we can call at Cisco?  Speaking to Prometric is a
waste of time because they blame Cisco (this from past experience with
them).

Not to spread rumors, but I think this is related to them not having
published the updated CID 4.0 class yet.  I can't find any mention of
it anywhere.  Beta exams from other companies are not this bad, I've
never even had one from Novell, Microsoft, or CompTIA take more than 8
weeks for me to get my report in the mail.

Well, I'll continue waiting...

On 25 Mar 2001 09:56:29 -0500, [EMAIL PROTECTED] ("GNOME") wrote:

 14 weeks and still waiting
 
 
 "Tim Noonan" [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi. Has anyone got the results from the CID beta test yet?
  I have taken several beta test and this is the longest I have had to wait
  for the results.
  Thanks,
  Tim
  Ps. Please cc me with any reply becuase I don't have access to the mailing
  list right now.
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
 
 
 _
 FAQ, list archives, and subscription info: 
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redundant serial links in same subnet??

2001-03-25 Thread Michael Snyder

/24? Subnet them. I like /30 for p to p links. run rip version 2.

"Dimitrije" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I colleague of mine has a network connecting two routers with redundant
serial
links. These serial links happen to reside in the same subnet as follows:

Router
A
Router
B
S0 - 192.1.67.1/24 - 192.1.67.201/24 - S0
S1 - 192.1.67.2/24 - 192.1.67.202/14 - S1

Both Routers are running RIP.

When both links are up, network is very sluggish and ping works
intermittently
(anywhere from 40%-70% of the time) between Routers A B. When either
link is
shut down (only one link is up at a time), pings work 100% of the time.

I'm suspecting that having both serial links in the same subnet is
creating
problems. First of all, can you even do this? Secondly, if you can put
both
serial 0 1 in the same subnet, is this creating a layer-2 bridge-loop
environment?

I think that putting each serial link in a separate sub-net should solve
the
problem, but I don't have access to any equipment to test this.

Am I correct or off-base?? Any definitive feedback would be great. Any
links
to spell out the issues with this scenario would also be helpful.

thanks,
dj

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Token Ring Setup

2001-03-25 Thread Kraig Neidigh


Howdy all!

I have a request for those token ring experts.  I am seting up a token =
ring network as part of my home lab.  I am going to hang the network off =
a 2502 router.  I am using an IBM 8228 MAU with IBM 16/4 ISA TR Adapters =
running over Windows NT 4 Workstation OS.  NET properties says adapter =
is working properly.  I am running both NetBIOS and TCP/IP protocols.  I =
have static addresses assigned to each adapter.  I can "see" the =
workgroup, TOKENRING, under NET Neighborhood, but no machines.  Event =
Viewer say Nbf could not find or bind to adapter.  I have tried to ping, =
nothing.  Checked the ipconfig, no ip address.  I have changed the =
network address on the adapter from "blank" to 01-02-03-04-05-06, =
nothing.  What am I doing wrong or have I missed something completely?  =
Thanks in advance for any suggestions.
=20
Kraig=20

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID BETA

2001-03-25 Thread Howard C. Berkowitz


Anyone know who we can call at Cisco?  Speaking to Prometric is a
waste of time because they blame Cisco (this from past experience with
them).

Not to spread rumors, but I think this is related to them not having
published the updated CID 4.0 class yet.  I can't find any mention of
it anywhere.  Beta exams from other companies are not this bad, I've
never even had one from Novell, Microsoft, or CompTIA take more than 8
weeks for me to get my report in the mail.

Well, I'll continue waiting...


This is obviously an educational experience, since a valuable network 
design skill is often "don't just do something, sit there! (until 
understanding is present.)"

Significant smileys apply.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Classless Revisited (this is just odd...)


Could this have been an issue with route summarization, where the
pass-through router (C) had summaries from both sides (couldn't make a
decision).  If you disable classless on one router, the route  summary will
be assigned in one direction  the true path to the second router will be
defined.

Phil

- Original Message -
From: "John Neiberger" [EMAIL PROTECTED]
To: "YY" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, March 25, 2001 3:01 PM
Subject: RE: IP Classless Revisited (this is just odd...)


 Sure, I'll try that but I don't see why it should matter.  As I understand
 it, ip classless affects routing table lookups only and it doesn't care
how
 those routes were installed into the table.

 Although, given this behavior, my assumption might be wrong.

 Thanks,
 John

   John,
   Interesting.  I think this is due to OSPF, not redistribution problem.
 Can you try running RIP instead of OSPF ?
 
   Cheers,
   YY
 
 
 
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
   John Neiberger
   Sent: Sunday, March 25, 2001 5:28 AM
   To: [EMAIL PROTECTED]
   Subject: IP Classless Revisited (this is just odd...)
 
 
   Ok, just when you thought it was safe to go back in the water Or
 should
   I say, just when I thought I understood the behavior of 'ip classess'
and
   'no ip classless'  Let me summarize my lab setup.
 
   RouterA-RouterB--RouterC
 
   Pretty simple.  AtoB is 10.1.1.0/24, BtoA is 10.1.2.0/24.  OSPF is
 running
   on both links.  'ip classless' is on A and C, but not B initially.  On
B
 I
   see these routes:
 
10.0.0.0/24 is subnetted, 2 subnets
   C   10.1.2.0 is directly connected, Serial1
   C   10.1.1.0 is directly connected, Serial0
 
   That's what I expect to see.  Then I add a default route on B, 'ip
route
   0.0.0.0 0.0.0.0 10.1.1.2'.  With no ip classless configured, any
packets
 to
   unknown subnets of 10.0.0.0/8 should be dropped.  I tested it and that
is
   the case.  With 'ip classless' configured, and unknown packets
regardless
 of
   major network get routed to 10.1.1.2.
 
   Now here is what I don't understand.  Let's turn off ip classless on B
   again, then go to Router C and add a default route to null0 and
   default-information originate to the ospf process.  I now see this in
 router
   B:
 
10.0.0.0/24 is subnetted, 2 subnets
   C   10.1.2.0 is directly connected, Serial1
   C   10.1.1.0 is directly connected, Serial0
   O*E2 0.0.0.0/0 [110/1] via 10.1.2.2, 00:06:38, Serial1
 
   There is indeed a default route.  With no ip classless configured, I
 would
   expect the same behavior as before.  If I were to ping 10.5.5.5 the
 packets
   should be unroutable, but they're not!  They get routed to the default
 route
   whether or not ip classless is configured.
 
   Why is a default route learned through a routing protocol treated
   differently than a manually configured default route?  I went through
 this
   entire process twice and I just don't understand the behavior.
 
   What am I missing?  I know it's going to be something obvious, but I
 don't
   see it yet.
 
   Ok, I just now tried this:  with the ospf external default route still
in
   the routing table, I pinged 10.5.5.5 and it took the default route.
Then
 I
   manually added a default static route and the destination became
 unroutable
   due to 'no ip classless' being configured.  Removing the static default
 it
   becomes routable again.
 
   Weird.  What's going on?
 
   Thanks,
   John
 
 
 
 
 
   ___
   Send a cool gift with your E-Card
   http://www.bluemountain.com/giftcenter/
 
 
   _
   FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





 ___
 Send a cool gift with your E-Card
 http://www.bluemountain.com/giftcenter/


 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re:


Looks like a Serial connection through a Frame-Relay network, with Traffic
Shaping applied in low/ medium/ high intervals.  Whatever you do not
understand in this config can be easily plugged into the CCO search engine.

www.Cisco.com

Phil

- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Saturday, March 24, 2001 5:40 PM


 Can anyone explain to me this confi":

 int se0
 ip add 10.0.0.2 255.0.0.0
 load interval 3
 traffic-shape group 101 32000 8000 8000
 traffic-shape group 102  32000 8000 8000

 access-list 101 permit ip host 172.17.246.169 host 10.0.0.2
 access-list 102 permit ip host 172.17.246.169 host 10.0.0.2
 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID BETA

2001-03-25 Thread Robert Padjen


I thank Priscilla for her candor on this topic. I for
one was pretty livid with the exam, and I wrote over
seven pages of comments to the Cisco team both through
the exam comments feature and off-line. Specifically I
was disappointed that the questions were poorly
crafted, afforded few solid answers, and many were
flat-out wrong.

It is further disappointing that Cisco has failed to
take advantage of this forum and others like it to
improve the quality of their product from a technical
perspective, much like one would expect a better level
set with enterprise and service provider customers to
develop the program further.


--- Priscilla Oppenheimer [EMAIL PROTECTED] wrote:
 Maybe they laid off the people working on it. Just
 kidding. Seriously, the 
 Cisco training department has always worked at about
 1/100,000,000 the 
 speed of Internet time.
 
 Analyzing the results of a beta test is
 time-consuming, though, and 
 sometimes there are arguments on the meaning of the
 results. The test 
 writers must go through and weed out questions that
 everyone got right, 
 even the obvious newbies. (Newbies and experts are
 defined by the test 
 results, so it's an iterative process.) They must
 eliminate questions that 
 nobody got right. They must eliminate questions that
 the newbies got right 
 but the experts got wrong. Then they have to rescore
 the beta results.
 
 If they eliminated too many questions, they have to
 add new ones. This must 
 be done with care since the new questions won't go
 through the same beta 
 test. Then, they must make sure the course matches
 the test.
 
 Still, I agree that it's egregious that it has taken
 14 weeks.
 
 Priscilla
 
 At 02:22 PM 3/25/01, F.G.J. Ruiz-Alaniz wrote:
 Anyone know who we can call at Cisco?  Speaking to
 Prometric is a
 waste of time because they blame Cisco (this from
 past experience with
 them).
 
 Not to spread rumors, but I think this is related
 to them not having
 published the updated CID 4.0 class yet.  I can't
 find any mention of
 it anywhere.  Beta exams from other companies are
 not this bad, I've
 never even had one from Novell, Microsoft, or
 CompTIA take more than 8
 weeks for me to get my report in the mail.
 
 Well, I'll continue waiting...
 
 On 25 Mar 2001 09:56:29 -0500,
 [EMAIL PROTECTED] ("GNOME") wrote:
 
  14 weeks and still waiting
  
  
  "Tim Noonan" [EMAIL PROTECTED] wrote in
 message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi. Has anyone got the results from the CID
 beta test yet?
   I have taken several beta test and this is the
 longest I have had to wait
   for the results.
   Thanks,
   Tim
   Ps. Please cc me with any reply becuase I don't
 have access to the mailing
   list right now.
  

_
   Get your FREE download of MSN Explorer at
 http://explorer.msn.com
  
   _
   FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations
 to [EMAIL PROTECTED]
  
  
  
  _
  FAQ, list archives, and subscription info: 
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]
 
 _
 FAQ, list archives, and subscription info: 
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]
 
 
 
 
 Priscilla Oppenheimer
 http://www.priscilla.com
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Robert Padjen

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hi folks, I've been thinking about Cisco as an investment.

2001-03-25 Thread Robert Padjen


All -

Cisco is a great company. It has one of the best
developed business models in the world. Their products
afford a well-rounded feature set that is first rate.

ARE YOU INSANE!!! ;)

Let's see. CSCO is trading at a P/E of just over 45.
Companies normally trade in the area of 30, and
WorldCom, etc., are at 10-15. Thus, Cisco is
overvalued by 50%, and historically would price at
$12/share if they were a normal company. OK, they're
not, so a slight premium would be warranted (where
that is between $12-18/share is unknown, but we'd
likely be near the top of the range). Further, Cisco
is recording P/E (price/earnings) on last quarters
numbers, which could be 30% BETTER than this quarters.
A lowering of up to 30% could warrant a price range of
$10-14/share to hold the same P/E ratio. Since the
next two quarters appear down, and lowering is more
likely, you would view this as a bargin why? ;)

In addition, Cisco is the largest holding of most
money market funds. As the price increases it would be
likely that they will sell to diversify.

Look, I like the company. I think very long term they
will be an IBM or a Microsoft. But short term, with
any stock, don't allow a lower price than yesterday to
be a measure of a bargin. If I believed that any/all
of us would save Cisco with our thousand share buys
I'd likely be a bit more positive, but since the loss
will hurt us MUCH more than the aggrigate company or
economy, please save your capital and do the analysis
before investing!

Kidding about the insane thing BTW. Now, for a really
good investment, the Bank of Rob is taking deposits,
cash only please!


--- ItsMe [EMAIL PROTECTED] wrote:
 Myself and a few others are buying. Same story as
 yourself couldn't afford
 it before. As for going to hell in a hand basket; if
 Cisco went down the
 tubes, there would be many other things you would be
 worried about then the
 money you would be investing with now. (i.e.
 radiation poising from the
 Nuclear War :-)
 
 just my opinion
 
 "Natasha" [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi gang, this is a little off topic but...
  I've been watching the stock price of Cisco drop
 from where it was to
  where it is now, and have been agonizing over the
 fact that I can
  actually afford some.
 
  Reading the Analyst Consensus on various sites and
 Cnbc it seems like
  we're going to hell in a hand basket.
 
  The insight that I need is,
  Is it slowing down as bad as they tell us?
  What is the life span of the average router,
 warranty?
  How often are routers, switches, etc. replaced?
  Is Cisco a bad investment right now?
  You folks are out in the trenches so any help or
 insight that you can
  offer is a help.
  Thanks
  --
  Natasha Flazynski
  http://www.ciscobot.com
  My Cisco information site.
  http://www.botbuilders.com
  Artificial Intelligence and Linux development
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]
 
 
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Robert Padjen

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Performance Comparision between Linux OS Firewall and Cisco PIX 525

2001-03-25 Thread Sean Young


Ken,
Thank you very much for the advice.  This past Friday, my company has
decided to use Linux as our company Firewall.  Furthermore, we've decided
that this Firewall will be running kernel 2.4.2 with only two services
running on it, SSH and netfilter (aka iptables).  I've tested kernel
2.4.2 in the lab and notice it performs better than kernel 2.2.x.  I've also 
performed various intrusion detection tests on the box using
Cisco NetSonar, Cybercop, ISS, Axent Netrecon but is unable to break
it.  The linux box is rock-solid.  I am also running portsentry (IDS)
on the Firewall itself.

Also, we decide to running our squid proxy server on another linux box
to provide transparent caching for our internal users.  As far as VPN is
concerns, we are going to implement FreeS/WAN on another box.  I think
in the long run, it is going to save the company a lot of money.  We
end up not buying the PIX and web-caching engine from Cisco.  Oh, the
networking guy in our group who recommends Cisco PIX and Cisco web-
caching engine as a solution, he has been fired.  Go figure.

Regards,
Sean
P.S.  Priscilla, why not implementing TRANSPARENT caching by using squid
to speed up internet connection for your users?  Squid is free and very
secure and easy to use.

From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], "Stuart Brockwell" [EMAIL PROTECTED]
Subject: Re: Performance Comparision between Linux OS Firewall and Cisco 
PIX 525
Date: Sat, 24 Mar 2001 20:02:26 -0800

Sean,

Comments imbedded:

On 23 Mar 2001, at 16:12, Stuart Brockwell wrote:

  Hi Sean,
I am a Linux head my self, and one of our firewalls is in fact
running
  on a Linux box.  The only problem with this type of firewall is that
  you inherit all of the known bugs that the software has.  Given that
  the source code to Linux is widely available, you have a lot of very
  talented people out there who know these holes and are able to exploit
  them very easily.

It also means that there are a lot of talented people who are looking
at the code to make sure that any holes are patched.  In fact, when
new exploits are found, Linux is usually the fastest platform to have
a patch available.  Compare this to having to wait weeks for vendor
patches or having to prove to a vendor that a problem exists.

Also, a service can only be exploited if it is running.  A properly
configured firewall doesn't run unecessary services, this makes it
very difficult to exploit.  Essentially, it would come down to trying to
DoS it or running a password guessing program against it to get
remote access.


If you
  maintain your own Linux firewall, you will need to continuously look
  for the latest bug fixes to install on your Linux box to address the
  latest round of holes that have been released.

If the Linux firewall is properly setup, the only services running on it
are ipchains and SSH.  This means that you have to be aware of 2
services.  While there could always be a local exploit, if only
trusted admins have access, the trouble with keeping up patches
is minimal.  It is certainly no more trouble than keeping up with
bugs on a vendor platform.

 
  Cisco and companies such as Watch Guard closely guard their source
  code, often you can elect to take on a maintenance contract with the
  firewall where you recieve all the latest fixes for a 12 month period
  (this is what we did).  As this is their bread and butter, they spend
  a lot of time looking for holes and fixes to known bugs.
 

While true, this doesn't mean that their code will have fewer bugs
or that the bugs will be patched quicker.  There is a very large
support community for Linux that is very technical.  Most bugs are
patched in a matter of days, sometimes hours.


  the main plus for each of
  the commercial packages is that there is large support base, where as
  skilled Linux admin staff who can lock down a firewall are very few
  and far between.

This is simply not true.  There is a very large community of Linux
developers and admins, and most of them are very knowledgable.
There are good mailing lists and _plenty_ of good Linux
security/firewall books, articles, web sites, etc. available.

Locking down a Linux box is not rocket science.  That is FUD that
is propagated by vendors who want to sell product.  It's not hard to
configure a Linux box to be secure, the difficulty comes in running
lots of services and providing access to users.  If you have a box
that runs web, ftp, smtp, nfs, etc., then it becomes much harder to
secure, but none of these services should be running on a firewall.

The bottom line is that there are several good commercial firewalls,
but that doesn't mean that a Linux box cannot serve as a good, low-
end alternative.  Especially if cost is one of the main decision
factors.

-Kent




_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations

RE: IP Classless Revisited (this is just odd...)

2001-03-25 Thread Peter Van Oene


Not that its at all helpful in this situation, but ip classless, much like bgp 
synchronization, fall into the category of commands that simply defy understanding 
when presented with test criteria.  One must keep in mind that these are 
implementations of code that sometimes are not 100% reflective of what the designer 
intended.  On the other hand, just when you think the code is flawed, you find out 
that you truly misunderstood the feature in the first place :)

The end result is generally frustration or increased understanding, or sometimes both 
in that order.

Pete


*** REPLY SEPARATOR  ***

On 3/25/2001 at 10:38 AM John Neiberger wrote:

I'm not sure how that helps in this case.  In both scenarios, whether
using
RIP or OSPF, the default route is being learned dynamically by the hub
router and it is installed into the routing table.  The problem is that
with
no ip classless configured, that router should never use the default route
when trying to reach unknown subnets of 10.x.x.x.  When running RIP, it
behaves as expected.  When running OSPF, it behaves as if ip classless were
configured.

Any other thoughts?

Thanks
John

On Sun, 25 Mar 2001 10:11:40 -0800 (PST), Mike McCline wrote:

John
Take a look at the Cisco link below, for a sanity
check.http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/np1_c/1cindep.htm#37279

-Mike





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Advise for BCMSN

2001-03-25 Thread sathesh


I have heard varying opinions on the difficulty of BCMSN.

Could somebody let me know one/both of the foll. things :

1. As related to questions on commands, will I have to select it from a list of type 
it in ?

2. How many questions (approximately) are covered on Multicasting ? (I find all other 
topics easy !!)

Cheers,

-
Get free personalized email at http://email.lycos.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redundant serial links in same subnet??

2001-03-25 Thread Erick B.


If you have routing enabled, Cisco IOS will not let
you put multiple interfaces in the same subnet. What
version of code are you using and are you sure this is
the way he has it configured? You're using RIP so have
routing enabled so something is fishy here. Equal-cost
multipath should work fine unless CEF or
fast-switching is giving you trouble. Try putting 'no
ip route-cache' under the serial interfaces. 

If your using 12.1(3)T and above on both routers you
can bond both serial interfaces into a multilink group
and use 1 subnet. 

Erick

--- Dimitrije [EMAIL PROTECTED] wrote:
 I colleague of mine has a network connecting two
 routers with redundant serial
 links. These serial links happen to reside in the
 same subnet as follows:
 
Router
 A   
 Router
 B
 S0 - 192.1.67.1/24 -
 192.1.67.201/24  - S0
 S1 - 192.1.67.2/24 -
 192.1.67.202/14  - S1
 
 Both Routers are running RIP.
 
 When both links are up, network is very sluggish and
 ping works intermittently
 (anywhere from 40%-70% of the time) between Routers
 A  B.  When either link is
 shut down (only one link is up at a time), pings
 work 100% of the time.
 
 I'm suspecting that having both serial links in the
 same subnet is creating
 problems.  First of all, can you even do this? 
 Secondly, if you can put both
 serial 0  1 in the same subnet, is this creating a
 layer-2 bridge-loop
 environment?
 
 I think that putting each serial link in a separate
 sub-net should solve the
 problem, but I don't have access to any equipment to
 test this.
 
 Am I correct or off-base??  Any definitive feedback
 would be great.  Any links
 to spell out the issues with this scenario would
 also be helpful.
 
 thanks,
 dj
 
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redundant serial links in same subnet??

2001-03-25 Thread Kevin Wigle


Right off the top I wanted to say "NO! - you can't do this..." but then I
saw that we were talking about serials here so I did a test.  Sure enough I
was able to put two serial interfaces on the same router into the same
subnet.  Didn't think that was possible.  However, as I suspected - as soon
as I tried to put an Ethernet interface into any subnet in use by any other
interface - I got the error that it "overlaps" with interface x.

So now we know that Yes you can do it - but will it work.

first - we'll assume that the 192.1.67.202/14 is a typo and it should be
192.1.67.202/24

second - let's get rid of the /24 on the transit links

RouterA S0 - 192.1.67.1/30  RouterB S0 - 192.1.67.2/30
RouterA S1 - 192.1.67.5/30  RouterB S1 - 192.1.67.6/30

third - RIP won't like that so change it to version 2

router RIP
  version 2

(on both routers of course)

or better yet - use EIGRP.

But - you didn't give us any info about where you pinged from, the router?
a client on the ethernet segment?  - what ip address is/are the ethernet
segments?  and what was the destination of the ping???  How is RIP
configured?

The more I look at it, it seems like a strange network - is he maybe
bridging and not routing?

That the network is slow isn't too hard to figure.  With two interfaces in
the same subnet the router has to try and figure out - here's a packet - I
can ship it to:

1. S0
2. S1
3. Nowhere - I don't have to!! we're all on the same network!!
4. All of the above
5. None of the above
6. 1 and 2

With only one serial up, the choices become easier.

And are we talking about redundant, x amount of bandwidth required but a
backup connection?
Or two circuits load balancing, or a combination?

Too many variables not presented, need more info - perhaps configs??? (and
design objectives?)

Kevin Wigle


- Original Message -
From: "Dimitrije" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, 25 March, 2001 13:13
Subject: redundant serial links in same subnet??


 I colleague of mine has a network connecting two routers with redundant
serial
 links. These serial links happen to reside in the same subnet as follows:

Router
 A
Router
 B
 S0 - 192.1.67.1/24 - 192.1.67.201/24  - S0
 S1 - 192.1.67.2/24 - 192.1.67.202/14  - S1

 Both Routers are running RIP.

 When both links are up, network is very sluggish and ping works
intermittently
 (anywhere from 40%-70% of the time) between Routers A  B.  When either
link is
 shut down (only one link is up at a time), pings work 100% of the time.

 I'm suspecting that having both serial links in the same subnet is
creating
 problems.  First of all, can you even do this?  Secondly, if you can put
both
 serial 0  1 in the same subnet, is this creating a layer-2 bridge-loop
 environment?

 I think that putting each serial link in a separate sub-net should solve
the
 problem, but I don't have access to any equipment to test this.

 Am I correct or off-base??  Any definitive feedback would be great.  Any
links
 to spell out the issues with this scenario would also be helpful.

 thanks,
 dj


 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hi folks, I've been thinking about Cisco as an investment.

Got a bunch of Covad stock options I'll sell ya !!!

:o)

Phil

- Original Message -
From: "Robert Padjen" [EMAIL PROTECTED]
To: "ItsMe" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, March 25, 2001 8:02 PM
Subject: Re: Hi folks, I've been thinking about Cisco as an investment.

 All -

 Cisco is a great company. It has one of the best
 developed business models in the world. Their products
 afford a well-rounded feature set that is first rate.

 ARE YOU INSANE!!! ;)

 Let's see. CSCO is trading at a P/E of just over 45.
 Companies normally trade in the area of 30, and
 WorldCom, etc., are at 10-15. Thus, Cisco is
 overvalued by 50%, and historically would price at
 $12/share if they were a normal company. OK, they're
 not, so a slight premium would be warranted (where
 that is between $12-18/share is unknown, but we'd
 likely be near the top of the range). Further, Cisco
 is recording P/E (price/earnings) on last quarters
 numbers, which could be 30% BETTER than this quarters.
 A lowering of up to 30% could warrant a price range of
 $10-14/share to hold the same P/E ratio. Since the
 next two quarters appear down, and lowering is more
 likely, you would view this as a bargin why? ;)

 In addition, Cisco is the largest holding of most
 money market funds. As the price increases it would be
 likely that they will sell to diversify.

 Look, I like the company. I think very long term they
 will be an IBM or a Microsoft. But short term, with
 any stock, don't allow a lower price than yesterday to
 be a measure of a bargin. If I believed that any/all
 of us would save Cisco with our thousand share buys
 I'd likely be a bit more positive, but since the loss
 will hurt us MUCH more than the aggrigate company or
 economy, please save your capital and do the analysis
 before investing!

 Kidding about the insane thing BTW. Now, for a really
 good investment, the Bank of Rob is taking deposits,
 cash only please!

 --- ItsMe [EMAIL PROTECTED] wrote:
  Myself and a few others are buying. Same story as
  yourself couldn't afford
  it before. As for going to hell in a hand basket; if
  Cisco went down the
  tubes, there would be many other things you would be
  worried about then the
  money you would be investing with now. (i.e.
  radiation poising from the
  Nuclear War :-)

  just my opinion

  "Natasha" [EMAIL PROTECTED] wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi gang, this is a little off topic but...
   I've been watching the stock price of Cisco drop
  from where it was to
   where it is now, and have been agonizing over the
  fact that I can
   actually afford some.

   Reading the Analyst Consensus on various sites and
  Cnbc it seems like
   we're going to hell in a hand basket.

   The insight that I need is,
   Is it slowing down as bad as they tell us?
   What is the life span of the average router,
  warranty?
   How often are routers, switches, etc. replaced?
   Is Cisco a bad investment right now?
   You folks are out in the trenches so any help or
  insight that you can
   offer is a help.
   Thanks
   --
   Natasha Flazynski
   http://www.ciscobot.com
   My Cisco information site.
   http://www.botbuilders.com
   Artificial Intelligence and Linux development

   _
   FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]

  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]

 =
 Robert Padjen

 __
 Do You Yahoo!?
 Get email at your own domain with Yahoo! Mail.
 http://personal.mail.yahoo.com/

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Missing dynamic dialer maps using dialer profiles

2001-03-25 Thread Kurt Sherman


Greetings,

I'm using dialer profiles for DDR configuration.  I can successfully setup
the ISDN call and interfaces are up/up on both ends.

However, I'm getting an "encapsulation failed" message when trying to ping
the remote interface IP address. This is obviously the failure of the router
to get a MAC address for the dialer interface.

Using dialer profiles, I do not need dialer map statements.  However, when I
issue "sh dialer map", there are no entries indicating that dynamic map
statements are not being generated.

Any ideas?

The caller is a 1604 running 11.2(8)P and the called is a 3640 running
12.0(8).

Kurt

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID BETA

2001-03-25 Thread hal9001


The last thing this business needs in the possibility of a recession is a
company like Cisco a Market Leader vacillating on which way any single thing
goes.  Changes in CID like CCNP/CCDP and CCs can only confuse situations.
How do you induce stability in a market that needs certain stability at this
time.  I don't think it's this way!  Besides will companies pay in a period
of recession for another round of qualifications, I think not!  Cisco pull
this one around and look at the markets!

Karl
- Original Message -
From: "Robert Padjen" [EMAIL PROTECTED]
To: "Priscilla Oppenheimer" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, March 25, 2001 9:52 PM
Subject: Re: CID BETA


 I thank Priscilla for her candor on this topic. I for
 one was pretty livid with the exam, and I wrote over
 seven pages of comments to the Cisco team both through
 the exam comments feature and off-line. Specifically I
 was disappointed that the questions were poorly
 crafted, afforded few solid answers, and many were
 flat-out wrong.

 It is further disappointing that Cisco has failed to
 take advantage of this forum and others like it to
 improve the quality of their product from a technical
 perspective, much like one would expect a better level
 set with enterprise and service provider customers to
 develop the program further.


 --- Priscilla Oppenheimer [EMAIL PROTECTED] wrote:
  Maybe they laid off the people working on it. Just
  kidding. Seriously, the
  Cisco training department has always worked at about
  1/100,000,000 the
  speed of Internet time.
 
  Analyzing the results of a beta test is
  time-consuming, though, and
  sometimes there are arguments on the meaning of the
  results. The test
  writers must go through and weed out questions that
  everyone got right,
  even the obvious newbies. (Newbies and experts are
  defined by the test
  results, so it's an iterative process.) They must
  eliminate questions that
  nobody got right. They must eliminate questions that
  the newbies got right
  but the experts got wrong. Then they have to rescore
  the beta results.
 
  If they eliminated too many questions, they have to
  add new ones. This must
  be done with care since the new questions won't go
  through the same beta
  test. Then, they must make sure the course matches
  the test.
 
  Still, I agree that it's egregious that it has taken
  14 weeks.
 
  Priscilla
 
  At 02:22 PM 3/25/01, F.G.J. Ruiz-Alaniz wrote:
  Anyone know who we can call at Cisco?  Speaking to
  Prometric is a
  waste of time because they blame Cisco (this from
  past experience with
  them).
  
  Not to spread rumors, but I think this is related
  to them not having
  published the updated CID 4.0 class yet.  I can't
  find any mention of
  it anywhere.  Beta exams from other companies are
  not this bad, I've
  never even had one from Novell, Microsoft, or
  CompTIA take more than 8
  weeks for me to get my report in the mail.
  
  Well, I'll continue waiting...
  
  On 25 Mar 2001 09:56:29 -0500,
  [EMAIL PROTECTED] ("GNOME") wrote:
  
   14 weeks and still waiting
   
   
   "Tim Noonan" [EMAIL PROTECTED] wrote in
  message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi. Has anyone got the results from the CID
  beta test yet?
I have taken several beta test and this is the
  longest I have had to wait
for the results.
Thanks,
Tim
Ps. Please cc me with any reply becuase I don't
  have access to the mailing
list right now.
   
 
 _
Get your FREE download of MSN Explorer at
  http://explorer.msn.com
   
_
FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations
  to [EMAIL PROTECTED]
   
   
   
   _
   FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]
  
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]
 
 
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com
 
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]


 =
 Robert Padjen

 __
 Do You Yahoo!?
 Get email at your own domain with Yahoo! Mail.
 http://personal.mail.yahoo.com/

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription

Re: Performance Comparision between Linux OS Firewall and Cisco PIX 525

2001-03-25 Thread KY


Sean,

Have you guys compared FreeBSD with Linux for the firewall?

Thanks

KY
""Sean Young"" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Ken,
 Thank you very much for the advice.  This past Friday, my company has
 decided to use Linux as our company Firewall.  Furthermore, we've decided
 that this Firewall will be running kernel 2.4.2 with only two services
 running on it, SSH and netfilter (aka iptables).  I've tested kernel
 2.4.2 in the lab and notice it performs better than kernel 2.2.x.  I've
also
 performed various intrusion detection tests on the box using
 Cisco NetSonar, Cybercop, ISS, Axent Netrecon but is unable to break
 it.  The linux box is rock-solid.  I am also running portsentry (IDS)
 on the Firewall itself.

 Also, we decide to running our squid proxy server on another linux box
 to provide transparent caching for our internal users.  As far as VPN is
 concerns, we are going to implement FreeS/WAN on another box.  I think
 in the long run, it is going to save the company a lot of money.  We
 end up not buying the PIX and web-caching engine from Cisco.  Oh, the
 networking guy in our group who recommends Cisco PIX and Cisco web-
 caching engine as a solution, he has been fired.  Go figure.

 Regards,
 Sean
 P.S.  Priscilla, why not implementing TRANSPARENT caching by using squid
 to speed up internet connection for your users?  Squid is free and very
 secure and easy to use.

 From: [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED], "Stuart Brockwell" [EMAIL PROTECTED]
 Subject: Re: Performance Comparision between Linux OS Firewall and Cisco
 PIX 525
 Date: Sat, 24 Mar 2001 20:02:26 -0800
 
 Sean,
 
 Comments imbedded:
 
 On 23 Mar 2001, at 16:12, Stuart Brockwell wrote:
 
   Hi Sean,
 I am a Linux head my self, and one of our firewalls is in fact
 running
   on a Linux box.  The only problem with this type of firewall is that
   you inherit all of the known bugs that the software has.  Given that
   the source code to Linux is widely available, you have a lot of very
   talented people out there who know these holes and are able to exploit
   them very easily.
 
 It also means that there are a lot of talented people who are looking
 at the code to make sure that any holes are patched.  In fact, when
 new exploits are found, Linux is usually the fastest platform to have
 a patch available.  Compare this to having to wait weeks for vendor
 patches or having to prove to a vendor that a problem exists.
 
 Also, a service can only be exploited if it is running.  A properly
 configured firewall doesn't run unecessary services, this makes it
 very difficult to exploit.  Essentially, it would come down to trying to
 DoS it or running a password guessing program against it to get
 remote access.
 
 
 If you
   maintain your own Linux firewall, you will need to continuously look
   for the latest bug fixes to install on your Linux box to address the
   latest round of holes that have been released.
 
 If the Linux firewall is properly setup, the only services running on it
 are ipchains and SSH.  This means that you have to be aware of 2
 services.  While there could always be a local exploit, if only
 trusted admins have access, the trouble with keeping up patches
 is minimal.  It is certainly no more trouble than keeping up with
 bugs on a vendor platform.
 
  
   Cisco and companies such as Watch Guard closely guard their source
   code, often you can elect to take on a maintenance contract with the
   firewall where you recieve all the latest fixes for a 12 month period
   (this is what we did).  As this is their bread and butter, they spend
   a lot of time looking for holes and fixes to known bugs.
  
 
 While true, this doesn't mean that their code will have fewer bugs
 or that the bugs will be patched quicker.  There is a very large
 support community for Linux that is very technical.  Most bugs are
 patched in a matter of days, sometimes hours.
 
 
   the main plus for each of
   the commercial packages is that there is large support base, where as
   skilled Linux admin staff who can lock down a firewall are very few
   and far between.
 
 This is simply not true.  There is a very large community of Linux
 developers and admins, and most of them are very knowledgable.
 There are good mailing lists and _plenty_ of good Linux
 security/firewall books, articles, web sites, etc. available.
 
 Locking down a Linux box is not rocket science.  That is FUD that
 is propagated by vendors who want to sell product.  It's not hard to
 configure a Linux box to be secure, the difficulty comes in running
 lots of services and providing access to users.  If you have a box
 that runs web, ftp, smtp, nfs, etc., then it becomes much harder to
 secure, but none of these services should be running on a firewall.
 
 The bottom line is that there are several good commercial firewalls,
 but that doesn't mean that a Linux box cannot

Re: CID BETA


I got off the list temporarily because I am on vacation, but I must comment 
once more. Vacillating on test results is normal and healthy and has been 
going on forever. It has nothing to do with the economy.

I would suspect that one thing that's holding up the test is the seven 
pages of comments from Robert and probably other people. This is a good 
thing. Declaring the test final and past the beta stage when it's not 
really ready would be a bad thing.

Priscilla


At 11:27 PM 3/25/01, hal9001 wrote:
The last thing this business needs in the possibility of a recession is a
company like Cisco a Market Leader vacillating on which way any single thing
goes.  Changes in CID like CCNP/CCDP and CCs can only confuse situations.
How do you induce stability in a market that needs certain stability at this
time.  I don't think it's this way!  Besides will companies pay in a period
of recession for another round of qualifications, I think not!  Cisco pull
this one around and look at the markets!

Karl
- Original Message -
From: "Robert Padjen" [EMAIL PROTECTED]
To: "Priscilla Oppenheimer" [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, March 25, 2001 9:52 PM
Subject: Re: CID BETA


  I thank Priscilla for her candor on this topic. I for
  one was pretty livid with the exam, and I wrote over
  seven pages of comments to the Cisco team both through
  the exam comments feature and off-line. Specifically I
  was disappointed that the questions were poorly
  crafted, afforded few solid answers, and many were
  flat-out wrong.
 
  It is further disappointing that Cisco has failed to
  take advantage of this forum and others like it to
  improve the quality of their product from a technical
  perspective, much like one would expect a better level
  set with enterprise and service provider customers to
  develop the program further.
 
 
  --- Priscilla Oppenheimer [EMAIL PROTECTED] wrote:
   Maybe they laid off the people working on it. Just
   kidding. Seriously, the
   Cisco training department has always worked at about
   1/100,000,000 the
   speed of Internet time.
  
   Analyzing the results of a beta test is
   time-consuming, though, and
   sometimes there are arguments on the meaning of the
   results. The test
   writers must go through and weed out questions that
   everyone got right,
   even the obvious newbies. (Newbies and experts are
   defined by the test
   results, so it's an iterative process.) They must
   eliminate questions that
   nobody got right. They must eliminate questions that
   the newbies got right
   but the experts got wrong. Then they have to rescore
   the beta results.
  
   If they eliminated too many questions, they have to
   add new ones. This must
   be done with care since the new questions won't go
   through the same beta
   test. Then, they must make sure the course matches
   the test.
  
   Still, I agree that it's egregious that it has taken
   14 weeks.
  
   Priscilla
  
   At 02:22 PM 3/25/01, F.G.J. Ruiz-Alaniz wrote:
   Anyone know who we can call at Cisco?  Speaking to
   Prometric is a
   waste of time because they blame Cisco (this from
   past experience with
   them).
   
   Not to spread rumors, but I think this is related
   to them not having
   published the updated CID 4.0 class yet.  I can't
   find any mention of
   it anywhere.  Beta exams from other companies are
   not this bad, I've
   never even had one from Novell, Microsoft, or
   CompTIA take more than 8
   weeks for me to get my report in the mail.
   
   Well, I'll continue waiting...
   
   On 25 Mar 2001 09:56:29 -0500,
   [EMAIL PROTECTED] ("GNOME") wrote:
   
14 weeks and still waiting


"Tim Noonan" [EMAIL PROTECTED] wrote in
   message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi. Has anyone got the results from the CID
   beta test yet?
 I have taken several beta test and this is the
   longest I have had to wait
 for the results.
 Thanks,
 Tim
 Ps. Please cc me with any reply becuase I don't
   have access to the mailing
 list right now.

  
  _
 Get your FREE download of MSN Explorer at
   http://explorer.msn.com

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations
   to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
   [EMAIL PROTECTED]
   
   _
   FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to
   [EMAIL PROTECTED]
  
  
   
  
   Priscilla Oppenheimer
   http://www.priscilla.com

looking for 2500 rack mount

2001-03-25 Thread John Chang


Can anyone spare or sell me a rack mount kit for a 2500 series 
router?  Don't want to spend $100 ea. I need 5.  Thanks.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE:

2001-03-25 Thread SAM Meng Wai


Look like this is one of the CCIE questions

 -Original Message-
 From: Circusnuts [SMTP:[EMAIL PROTECTED]]
 Sent: Monday, March 26, 2001 12:55 AM
 To:   [EMAIL PROTECTED]
 Cc:   [EMAIL PROTECTED]
 Subject:  Re: 
 
 Looks like a Serial connection through a Frame-Relay network, with Traffic
 Shaping applied in low/ medium/ high intervals.  Whatever you do not
 understand in this config can be easily plugged into the CCO search
 engine.
 
 www.Cisco.com
 
 Phil
 
 - Original Message -
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
 [EMAIL PROTECTED];
 [EMAIL PROTECTED]
 Sent: Saturday, March 24, 2001 5:40 PM
 
 
  Can anyone explain to me this confi":
 
  int se0
  ip add 10.0.0.2 255.0.0.0
  load interval 3
  traffic-shape group 101 32000 8000 8000
  traffic-shape group 102  32000 8000 8000
 
  access-list 101 permit ip host 172.17.246.169 host 10.0.0.2
  access-list 102 permit ip host 172.17.246.169 host 10.0.0.2
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: looking for 2500 rack mount

2001-03-25 Thread Dennis Laganiere


The best deal I've found is at http://www.optsys.net



-Original Message-
From: John Chang
To: [EMAIL PROTECTED]
Sent: 03/25/2001 3:35 PM
Subject: looking for 2500 rack mount

Can anyone spare or sell me a rack mount kit for a 2500 series 
router?  Don't want to spend $100 ea. I need 5.  Thanks.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: looking for 2500 rack mount

2001-03-25 Thread Fred Danson


htmlDIV
Pyou can get them off ebay for around $20-30 a set. BR/P/DIV
DIV/DIV
DIV/DIVgt;From: John Chang [EMAIL PROTECTED]
DIV/DIVgt;Reply-To: John Chang [EMAIL PROTECTED]
DIV/DIVgt;To: [EMAIL PROTECTED] 
DIV/DIVgt;Subject: looking for 2500 rack mount 
DIV/DIVgt;Date: Sun, 25 Mar 2001 18:35:19 -0500 
DIV/DIVgt; 
DIV/DIVgt;Can anyone spare or sell me a rack mount kit for a 2500 series 
DIV/DIVgt;router? Don't want to spend $100 ea. I need 5. Thanks. 
DIV/DIVgt; 
DIV/DIVgt;_ 
DIV/DIVgt;FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html 
DIV/DIVgt;Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] 
DIV/DIVbr clear=allhrGet your FREE download of MSN Explorer at a 
href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP Classless Revisited (this is just odd...)

Heh heh...yes, ip classless and bgp synchronization do fit into that
category quite well!

I am starting to think this is an IOS feature on this router. I tried this
with RIP, EIGRP, and OSPF. 'no ip classless' behaved exactly as expected
when running RIP and EIGRP. It was only when I used OSPF that it started to
behave classlessly without my prior authorization. g

I've got a 2501 running a different IOS image. I think I'll try this
experiment on that to see what happens.

Thanks,
John

Not that its at all helpful in this situation, but ip classless, much
like bgp synchronization, fall into the category of commands that simply
defy understanding when presented with test criteria. One must keep in mind
that these are implementations of code that sometimes are not 100%
reflective of what the designer intended. On the other hand, just when you
think the code is flawed, you find out that you truly misunderstood the
feature in the first place :)

The end result is generally frustration or increased understanding, or
sometimes both in that order.

Pete

*** REPLY SEPARATOR ***

On 3/25/2001 at 10:38 AM John Neiberger wrote:

I'm not sure how that helps in this case. In both scenarios, whether
using
RIP or OSPF, the default route is being learned dynamically by the hub
router and it is installed into the routing table. The problem is that
with
no ip classless configured, that router should never use the default
route
when trying to reach unknown subnets of 10.x.x.x. When running RIP, it
behaves as expected. When running OSPF, it behaves as if ip classless
were
configured.

Any other thoughts?

Thanks
John

On Sun, 25 Mar 2001 10:11:40 -0800 (PST), Mike McCline wrote:

John
Take a look at the Cisco link below, for a sanity

check.http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/np1_c/1cindep.htm#37279

-Mike

___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CID BETA


My point of view might be wrong for every case, but most the of the world
"really" only readily recognizes the CCNA, CCNP,  CCIE certifications.  We
have DP's in the office  more often than not (some where down the road)-
they end up having to explain their certification to new contract customers
(pointing out they are really CCNP's).  You may say shame on them, but
they're the public (customer).  I think the new certs show diversity, but
the Liberal Arts of you network degree is really recognized within the main
certifications (for now).

Avoiding my reading
Phil

- Original Message -
From: "hal9001" [EMAIL PROTECTED]
To: "Robert Padjen" [EMAIL PROTECTED]; "Priscilla Oppenheimer"
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, March 25, 2001 9:27 PM
Subject: Re: CID BETA


 The last thing this business needs in the possibility of a recession is a
 company like Cisco a Market Leader vacillating on which way any single
thing
 goes.  Changes in CID like CCNP/CCDP and CCs can only confuse situations.
 How do you induce stability in a market that needs certain stability at
this
 time.  I don't think it's this way!  Besides will companies pay in a
period
 of recession for another round of qualifications, I think not!  Cisco pull
 this one around and look at the markets!

 Karl
 - Original Message -
 From: "Robert Padjen" [EMAIL PROTECTED]
 To: "Priscilla Oppenheimer" [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Sent: Sunday, March 25, 2001 9:52 PM
 Subject: Re: CID BETA


  I thank Priscilla for her candor on this topic. I for
  one was pretty livid with the exam, and I wrote over
  seven pages of comments to the Cisco team both through
  the exam comments feature and off-line. Specifically I
  was disappointed that the questions were poorly
  crafted, afforded few solid answers, and many were
  flat-out wrong.
 
  It is further disappointing that Cisco has failed to
  take advantage of this forum and others like it to
  improve the quality of their product from a technical
  perspective, much like one would expect a better level
  set with enterprise and service provider customers to
  develop the program further.
 
 
  --- Priscilla Oppenheimer [EMAIL PROTECTED] wrote:
   Maybe they laid off the people working on it. Just
   kidding. Seriously, the
   Cisco training department has always worked at about
   1/100,000,000 the
   speed of Internet time.
  
   Analyzing the results of a beta test is
   time-consuming, though, and
   sometimes there are arguments on the meaning of the
   results. The test
   writers must go through and weed out questions that
   everyone got right,
   even the obvious newbies. (Newbies and experts are
   defined by the test
   results, so it's an iterative process.) They must
   eliminate questions that
   nobody got right. They must eliminate questions that
   the newbies got right
   but the experts got wrong. Then they have to rescore
   the beta results.
  
   If they eliminated too many questions, they have to
   add new ones. This must
   be done with care since the new questions won't go
   through the same beta
   test. Then, they must make sure the course matches
   the test.
  
   Still, I agree that it's egregious that it has taken
   14 weeks.
  
   Priscilla
  
   At 02:22 PM 3/25/01, F.G.J. Ruiz-Alaniz wrote:
   Anyone know who we can call at Cisco?  Speaking to
   Prometric is a
   waste of time because they blame Cisco (this from
   past experience with
   them).
   
   Not to spread rumors, but I think this is related
   to them not having
   published the updated CID 4.0 class yet.  I can't
   find any mention of
   it anywhere.  Beta exams from other companies are
   not this bad, I've
   never even had one from Novell, Microsoft, or
   CompTIA take more than 8
   weeks for me to get my report in the mail.
   
   Well, I'll continue waiting...
   
   On 25 Mar 2001 09:56:29 -0500,
   [EMAIL PROTECTED] ("GNOME") wrote:
   
14 weeks and still waiting


"Tim Noonan" [EMAIL PROTECTED] wrote in
   message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi. Has anyone got the results from the CID
   beta test yet?
 I have taken several beta test and this is the
   longest I have had to wait
 for the results.
 Thanks,
 Tim
 Ps. Please cc me with any reply becuase I don't
   have access to the mailing
 list right now.

  
  _
 Get your FREE download of MSN Explorer at
   http://explorer.msn.com

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations
   to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
   [EMAIL PROTECTED]

Re: 2500 series e0 fullduplex?

2001-03-25 Thread Buster


SAIF,

Glad you looked it up. Now, how about in the future you check _before_ you
start spreading incorrect info?

TIA

B

"SAIF" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Yeah u r right ,i checked it I was confused thanx for correction budy :)

 Eric Fairfield wrote:

  100 Mb FE still falls under CSMA/CD rules especially when using a Fast
  Ethernet Hub that doesn't support Full duplex.  There can and will be
  collisions at 100Mb Fast Ethernet in a shared environment.
 
  --
  Eric Fairfield
  CCIE #6413
 
  "SAIF" [EMAIL PROTECTED] wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   well its not a terminology thing u see its understood when u use
100mbps
  its then not
   csma/cd ethernet thing ,they made it like thre will be no collisions
and
  speed will be
   10 times than 10 mbps
   yes u r right on 36xx router there is full/half/auto duplex but u
didnt
  get the idea
   ,its basically technology which is sensing which media is supported to
  that interface
   ,if it is 10mbps then interface will make it half duplex ethernet and
  i it is 100mbs
   it will make it fast ethernet full duplex and u have choice to make it
  half/full duplex
   by ur choice according to ur existing medium and toplogy
   THAT PORT MUST BE NOT A FASTETHERNET PORT  BUT IT CAN BE IF U USE IT
IN
  100MBPS WAY
   THERE IS ANOTHER THING YES IT IS POSSIBL I AGREE U CAN WORK 10BASE
T
  (ONLY NOT
   COAXIAL) WITH FULL DUPLEX BUT THE THING IS THAT WHAT I WAS POINTING
THAT
  CISCO PRODUCTS
   USUALLY DONT SUPPORTFULL DUPLEX WITH 10MBPS
   AM I WRONG ?
  
   Neil Schneider wrote:
  
Sorry but you are incorrect.  (unless we just have a terminology
  difference
here) Just becuase you are running 100mbps. it is not automatically
full
duplex.  the Fastethernet ports on routers (3640 seriesfor example)
can
  be
set to full/half/auto duplex.  why bother with a half duplex setting
if
  all
fastethernet is full duplex?
   
--
Neil Schneider
MCT  MCSE  CCSI  CCNP
   
"SAIF" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 100mbps is not ethernet be sure its fast ethernet ,also their is
no
collisions in fast
 ethernet ,its colliision free and this is only possible if u have
one
  way
to send and
 one way to recieve data simultaneously :) i am sure u got the idea
 secondly in ethernet there are collisions and if there are
colliisions
Can u use one to
 send and one way to recieve simultaneously with collisions so if u
  cant
the result is
 ethernet works in half duplex mode and fast ethernnet works in
full
  duplex
 if u have any thing different than me plz share with us
 waiting ur reply
 Saif

 Neil Schneider wrote:

  It is NOT true that ethernet is half and fastethernet is full
  duplex.
  Either 10Mbps or 100Mbps ehternet can be run in half or full
duplex
mode.
  And offhand I don't know if the 2500 AUI port will do full
ethernet.
 
  --
  Neil Schneider
  MCT  MCSE  CCSI  CCNP
 
  "SAIF" [EMAIL PROTECTED] wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   NO ITS ETHERNET PORT AND WORKING HALF DUPLEX ONLY ,U SEE CISCO
  GIVES
  FASTETHERNET PORTS
   SPECIALLY IN THEIR ROUTERS SPECIALLY IN 4XXX SERIES AND U KNOW
ETHERNET
  WORKS IN HALF
   DUPLEX AND FASTETHERNET WORKS IN FULL DUPLEX  SO THE RESULT IS
AUI
PORT IS
  HALF DUPLEX
   ETHERNET NOT AUTO SENSE AND IF U WANT AUTOSENSE 10/100 BASE T
GO
  TO
ANY
  OTHER ROUTER
   ,CHECK THE ROUTER;S MANUAL :)
   HOPT IT WILL HELP
   IS IT ?
  
   Turfis wrote:
  
Is the Ethernet AUI port on the 2500 series Cisco routers
Full
Duplex
compatible?  Does it autonegoiate?  Can you hard code the
  interface
for
half/full/auto?  Thanks!
   
_
FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
  
   _
   FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]
  
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]

   
_
FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html

Running from ROM?

2001-03-25 Thread Russ Kreigh


The line "System returned to ROM by power-on" bothers me, do I have a
problem with my router? I think it appears to be running from ROM, is this
true?

ROUTERsh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(2), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 09-May-00 19:57 by linda
Image text-base: 0x0303E424, data-base: 0x1000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFT
WARE (fc1)

ROUTER uptime is 6 days, 8 hours, 24 minutes
System returned to ROM by power-on
System restarted at 11:37:17 UTC Mon Mar 19 2001
System image file is "flash:/c2500-i-l.121-2.bin"

cisco 2500 (68030) processor (revision N) with 14336K/2048K bytes of memory.
Processor board ID 10415097, with hardware revision 
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Equipment Seller - Where are you ?

2001-03-25 Thread perryb


WOuld the person who post (a few days ago) to this list, a long list of lab
vintage equipment - please contact me at [EMAIL PROTECTED]

The person referred to is the one that stated the whole bundle for $15,000.
I lost the original message, but would like to to see the list again.

thanks

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet address question

2001-03-25 Thread Marty Adkins


Priscilla Oppenheimer wrote:
 
 At 10:09 PM 3/23/01, you wrote:
 
 Are you sure that the LAA bit applies to Ethernet?  I've never seen
 that defined as such in any doc.  Only for Token Ring.
 - Marty
 
 It's in IEEE 802.3. I just checked. And I bet you have seen it used! How
 about in DECnet networks? The MAC address gets changed to be based on the
 network-layer address and to start with AA.
 
 So, unless I'm twiddling the bits wrong, which is possible, since it is
 early Saturday morning, and I didn't get enough sleep, I think that's an
 example of an Ethernet locally-administered address.
 
You were twiddling correctly.  I looked up the Ethernet V2 spec vs. 802.3
and found what you stated -- bit 1 (the 2nd from the LSB) is the LAA bit
for 802.3, but _not_ for Ethernet V2.  Since DEC was using AA-00-04-00-xx-xx
prior to 802.3 being created, is it just coincidence that AA happens to
set the LAA bit?

And here's yet another fairly well-written reference on Ethernet/802.3 operation:
http://ethernet.industrial-networking.com/articles/gthomas.asp

- Marty

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load balancing switch

2001-03-25 Thread John Brandis


Hi All,
I have been asked to design an internal lan structure at an ISP which
has load balancing for our server farm of 5 servers at the switching
level. Can some one tell me how good cisco switch's are in this area
compared to Foundry. 
 
Also, what protocols are used at the switch layer to create load
balancing  (if any )
 
Thanks in advance
 
 
John Brandis
 
Network Infrastructure Engineer
GoWireless Communications
Level 7, 155 George Street
Sydney, NSW Australia 2000
02-9251-5000
0418-613-976
 
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 
 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redundant serial links in same subnet??

2001-03-25 Thread Dimitrije


Responding to your good questions:

- Yes, the /14 was a typo. Should be /24.
- Router A is running IOS 11.1
- Router B is running IOS 11.0
- I believe RIP version 1 is used.
- No, he is routing and not bridging.  (At least he is attempting to route)
- All other interfaces on either router are on different networks
- With both serial interfaces up/up, router A can ping router B's serial interface IP
addresses only intermittently and visa-versa.  With either serial interface shut down,
all pings work in all directions.
- I also think this network used to have only one serial link (I believe a T1), and the
second T1 serial interface was added  to increase performance with the intention of 
load

balancing.  I have no idea why both links were put on the same subnet.  Maybe the
original person didn't know what he was doing, or he did it this way to overcome 
another

problem that I am not aware of.

Everything else in both routers' configurations looks pretty innocent except for the
following:
ip irdp
on Router B's serial 2 interface (This is a completely diifferent serial link from the
redundant links we've been addressing.  I think it has no bearing, but maybe it does.  
I

don't know.

If the intent of the redundant serial links is to provide equal-cost load-balancing,
does putting them on the same subnet open you to unnecessary problems??? What are your
thoughts??

Thanks,
dj



Kevin Wigle wrote:

 Right off the top I wanted to say "NO! - you can't do this..." but then I
 saw that we were talking about serials here so I did a test.  Sure enough I
 was able to put two serial interfaces on the same router into the same
 subnet.  Didn't think that was possible.  However, as I suspected - as soon
 as I tried to put an Ethernet interface into any subnet in use by any other
 interface - I got the error that it "overlaps" with interface x.

 So now we know that Yes you can do it - but will it work.

 first - we'll assume that the 192.1.67.202/14 is a typo and it should be
 192.1.67.202/24

 second - let's get rid of the /24 on the transit links

 RouterA S0 - 192.1.67.1/30  RouterB S0 - 192.1.67.2/30
 RouterA S1 - 192.1.67.5/30  RouterB S1 - 192.1.67.6/30

 third - RIP won't like that so change it to version 2

 router RIP
   version 2

 (on both routers of course)

 or better yet - use EIGRP.

 But - you didn't give us any info about where you pinged from, the router?
 a client on the ethernet segment?  - what ip address is/are the ethernet
 segments?  and what was the destination of the ping???  How is RIP
 configured?

 The more I look at it, it seems like a strange network - is he maybe
 bridging and not routing?

 That the network is slow isn't too hard to figure.  With two interfaces in
 the same subnet the router has to try and figure out - here's a packet - I
 can ship it to:

 1. S0
 2. S1
 3. Nowhere - I don't have to!! we're all on the same network!!
 4. All of the above
 5. None of the above
 6. 1 and 2

 With only one serial up, the choices become easier.

 And are we talking about redundant, x amount of bandwidth required but a
 backup connection?
 Or two circuits load balancing, or a combination?

 Too many variables not presented, need more info - perhaps configs??? (and
 design objectives?)

 Kevin Wigle

 - Original Message -
 From: "Dimitrije" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Sunday, 25 March, 2001 13:13
 Subject: redundant serial links in same subnet??

  I colleague of mine has a network connecting two routers with redundant
 serial
  links. These serial links happen to reside in the same subnet as follows:
 
 Router
  A
 Router
  B
  S0 - 192.1.67.1/24 - 192.1.67.201/24  - S0
  S1 - 192.1.67.2/24 - 192.1.67.202/14  - S1
 
  Both Routers are running RIP.
 
  When both links are up, network is very sluggish and ping works
 intermittently
  (anywhere from 40%-70% of the time) between Routers A  B.  When either
 link is
  shut down (only one link is up at a time), pings work 100% of the time.
 
  I'm suspecting that having both serial links in the same subnet is
 creating
  problems.  First of all, can you even do this?  Secondly, if you can put
 both
  serial 0  1 in the same subnet, is this creating a layer-2 bridge-loop
  environment?
 
  I think that putting each serial link in a separate sub-net should solve
 the
  problem, but I don't have access to any equipment to test this.
 
  Am I correct or off-base??  Any definitive feedback would be great.  Any
 links
  to spell out the issues with this scenario would also be helpful.
 
  thanks,
  dj
 
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations

RE: looking for 2500 rack mount

2001-03-25 Thread Daniel Cotts

I bought three sets from [EMAIL PROTECTED] for $15 per set including shipping.
Original Cisco with screws.

 -Original Message-
 From: John Chang [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, March 25, 2001 5:35 PM
 To: [EMAIL PROTECTED]
 Subject: looking for 2500 rack mount

 Can anyone spare or sell me a rack mount kit for a 2500 series 
 router?  Don't want to spend $100 ea. I need 5.  Thanks.

 _
 FAQ, list archives, and subscription info: 
 http://www.groupstudy.com/list/cisco.html
 Report misconduct 
 and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redundant serial links in same subnet??

2001-03-25 Thread Dimitrije


Responding to your good questions:

- Yes, the /14 was a typo. Should be /24.
- Router A is running IOS 11.1
- Router B is running IOS 11.0
- I believe RIP version 1 is used.
- No, he is routing and not bridging.  (At least he is attempting to route)
- All other interfaces on either router are on different networks
- With both serial interfaces up/up, router A can ping router B's serial
interface IP
addresses only intermittently and visa-versa.  With either serial interface shut
down,
all pings work in all directions.
- I also think this network used to have only one serial link (I believe a T1),
and the
second T1 serial interface was added  to increase performance with the intention
of load balancing.  I have no idea why both links were put on the same subnet. 
Maybe the original person didn't know what he was doing, or he did it this way
to overcome another problem that I am not aware of.

Everything else in both routers' configurations looks pretty innocent except for
the
following:
ip irdp
on Router B's serial 2 interface (This is a completely diifferent serial link
from the
redundant links we've been addressing.  I think it has no bearing, but maybe it
does.  I

don't know.

If the intent of the redundant serial links is to provide equal-cost
load-balancing,
does putting them on the same subnet open you to unnecessary problems??? What
are your
thoughts??

Thanks,
dj



Kevin Wigle wrote:

 Right off the top I wanted to say "NO! - you can't do this..." but then I
 saw that we were talking about serials here so I did a test.  Sure enough I
 was able to put two serial interfaces on the same router into the same
 subnet.  Didn't think that was possible.  However, as I suspected - as soon
 as I tried to put an Ethernet interface into any subnet in use by any other
 interface - I got the error that it "overlaps" with interface x.

 So now we know that Yes you can do it - but will it work.

 first - we'll assume that the 192.1.67.202/14 is a typo and it should be
 192.1.67.202/24

 second - let's get rid of the /24 on the transit links

 RouterA S0 - 192.1.67.1/30  RouterB S0 - 192.1.67.2/30
 RouterA S1 - 192.1.67.5/30  RouterB S1 - 192.1.67.6/30

 third - RIP won't like that so change it to version 2

 router RIP
   version 2

 (on both routers of course)

 or better yet - use EIGRP.

 But - you didn't give us any info about where you pinged from, the router?
 a client on the ethernet segment?  - what ip address is/are the ethernet
 segments?  and what was the destination of the ping???  How is RIP
 configured?

 The more I look at it, it seems like a strange network - is he maybe
 bridging and not routing?

 That the network is slow isn't too hard to figure.  With two interfaces in
 the same subnet the router has to try and figure out - here's a packet - I
 can ship it to:

 1. S0
 2. S1
 3. Nowhere - I don't have to!! we're all on the same network!!
 4. All of the above
 5. None of the above
 6. 1 and 2

 With only one serial up, the choices become easier.

 And are we talking about redundant, x amount of bandwidth required but a
 backup connection?
 Or two circuits load balancing, or a combination?

 Too many variables not presented, need more info - perhaps configs??? (and
 design objectives?)

 Kevin Wigle

 - Original Message -
 From: "Dimitrije" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Sunday, 25 March, 2001 13:13
 Subject: redundant serial links in same subnet??

  I colleague of mine has a network connecting two routers with redundant
 serial
  links. These serial links happen to reside in the same subnet as follows:
 
 Router
  A
 Router
  B
  S0 - 192.1.67.1/24 - 192.1.67.201/24  - S0
  S1 - 192.1.67.2/24 - 192.1.67.202/14  - S1
 
  Both Routers are running RIP.
 
  When both links are up, network is very sluggish and ping works
 intermittently
  (anywhere from 40%-70% of the time) between Routers A  B.  When either
 link is
  shut down (only one link is up at a time), pings work 100% of the time.
 
  I'm suspecting that having both serial links in the same subnet is
 creating
  problems.  First of all, can you even do this?  Secondly, if you can put
 both
  serial 0  1 in the same subnet, is this creating a layer-2 bridge-loop
  environment?
 
  I think that putting each serial link in a separate sub-net should solve
 the
  problem, but I don't have access to any equipment to test this.
 
  Am I correct or off-base??  Any definitive feedback would be great.  Any
 links
  to spell out the issues with this scenario would also be helpful.
 
  thanks,
  dj
 
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to

Routing on a stick with Ethernet, not FastEthernet???


Hi All - Is it possible to run "routing on a stick" on an regular ethernet
interface, not fastethernet???  I loaded IOS version 12.1.7 onto the 2611
and I could create subinterface on its ethernet ports.  I could also
encapsulate these subinterfaces to 802.1q and assign IP addresses for them.
It seems I am able to do the routing on a stick here.  However, when I tried
it on a 2500 router with the same IOS version, I could only create the
subinterface, but the encapsulation.  There's no encapsulation command on
the subinterface mode this time.  Does this new IOS version not support this
feature on 2500 series? or it allows me to successfully create and
encapsuate subinterface on 2611, but the routing will never work if I plug
in a CAT3500 switch?  I am just experiencing if this method is working with
Ethernet interface, because they said version 12.0T supports 802.1q
encapsulation on Ethernet media  Thanks All in advance!


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RIPv2 starts available on which IOS version???


Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure which
IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash, and I
don't want to spend another couple hundreds for flash upgrade...  Thanks
All!


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hi folks, I've been thinking about Cisco as an investment.

2001-03-25 Thread ItsMe


So by your statement you analyze/buy stocks on P/E?
You must own not own a single tech stock then. World Com is 15
and Lucent and some others because they have already lost their butts.

If you want to make money you have to accept risk. Of course you could be
old, in which case capital preserversation it your main philosophy.

"Robert Padjen" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 All -

 Cisco is a great company. It has one of the best
 developed business models in the world. Their products
 afford a well-rounded feature set that is first rate.

 ARE YOU INSANE!!! ;)

 Let's see. CSCO is trading at a P/E of just over 45.
 Companies normally trade in the area of 30, and
 WorldCom, etc., are at 10-15. Thus, Cisco is
 overvalued by 50%, and historically would price at
 $12/share if they were a normal company. OK, they're
 not, so a slight premium would be warranted (where
 that is between $12-18/share is unknown, but we'd
 likely be near the top of the range). Further, Cisco
 is recording P/E (price/earnings) on last quarters
 numbers, which could be 30% BETTER than this quarters.
 A lowering of up to 30% could warrant a price range of
 $10-14/share to hold the same P/E ratio. Since the
 next two quarters appear down, and lowering is more
 likely, you would view this as a bargin why? ;)

 In addition, Cisco is the largest holding of most
 money market funds. As the price increases it would be
 likely that they will sell to diversify.

 Look, I like the company. I think very long term they
 will be an IBM or a Microsoft. But short term, with
 any stock, don't allow a lower price than yesterday to
 be a measure of a bargin. If I believed that any/all
 of us would save Cisco with our thousand share buys
 I'd likely be a bit more positive, but since the loss
 will hurt us MUCH more than the aggrigate company or
 economy, please save your capital and do the analysis
 before investing!

 Kidding about the insane thing BTW. Now, for a really
 good investment, the Bank of Rob is taking deposits,
 cash only please!


 --- ItsMe [EMAIL PROTECTED] wrote:
  Myself and a few others are buying. Same story as
  yourself couldn't afford
  it before. As for going to hell in a hand basket; if
  Cisco went down the
  tubes, there would be many other things you would be
  worried about then the
  money you would be investing with now. (i.e.
  radiation poising from the
  Nuclear War :-)
 
  just my opinion
 
  "Natasha" [EMAIL PROTECTED] wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi gang, this is a little off topic but...
   I've been watching the stock price of Cisco drop
  from where it was to
   where it is now, and have been agonizing over the
  fact that I can
   actually afford some.
  
   Reading the Analyst Consensus on various sites and
  Cnbc it seems like
   we're going to hell in a hand basket.
  
   The insight that I need is,
   Is it slowing down as bad as they tell us?
   What is the life span of the average router,
  warranty?
   How often are routers, switches, etc. replaced?
   Is Cisco a bad investment right now?
   You folks are out in the trenches so any help or
  insight that you can
   offer is a help.
   Thanks
   --
   Natasha Flazynski
   http://www.ciscobot.com
   My Cisco information site.
   http://www.botbuilders.com
   Artificial Intelligence and Linux development
  
   _
   FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to
  [EMAIL PROTECTED]
  
 
 
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to
 [EMAIL PROTECTED]


 =
 Robert Padjen

 __
 Do You Yahoo!?
 Get email at your own domain with Yahoo! Mail.
 http://personal.mail.yahoo.com/

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIPv2 starts available on which IOS version???

2001-03-25 Thread Brian


You neglected to say what verion of ios you had, I see it is supported in
11.2, and I know they supported it in versions available in 1998/1999.

Brian

On Sun, 25 Mar 2001, Thomas wrote:

 Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure which
 IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash, and I
 don't want to spend another couple hundreds for flash upgrade...  Thanks
 All!


 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIPv2 starts available on which IOS version???


How can I find out if what version of RIP I am using and how to enable it?
Thanks!




"Brian" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]
...
 You neglected to say what verion of ios you had, I see it is supported in
 11.2, and I know they supported it in versions available in 1998/1999.

 Brian

 On Sun, 25 Mar 2001, Thomas wrote:

  Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure
which
  IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash, and
I
  don't want to spend another couple hundreds for flash upgrade...  Thanks
  All!
 
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RIPv2 starts available on which IOS version???


sh ip int x
Will show you what version you are using on an interface.

Set up rip for version 2 only
router rip
version 2

or on an interface level
ip rip send/recieve version 1 or 2 or 1 2

Chad A. Simmons, MCSE, CCNP, CCDP
Network Consultant
Network Services Group
Court Square Data Group, Inc.
1391 Main St.
Springfield, Ma. 01103
(413) 746-0054 (Phone)
(413) 746-0058 (Fax)
[EMAIL PROTECTED]
http://www.csdg.com
Information solutions that work in the real world.


-Original Message-
From: Thomas [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 25, 2001 10:15 PM
To: [EMAIL PROTECTED]
Subject: Re: RIPv2 starts available on which IOS version???


How can I find out if what version of RIP I am using and how to enable it?
Thanks!




"Brian" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]
...
 You neglected to say what verion of ios you had, I see it is supported in
 11.2, and I know they supported it in versions available in 1998/1999.

 Brian

 On Sun, 25 Mar 2001, Thomas wrote:

  Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure
which
  IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash, and
I
  don't want to spend another couple hundreds for flash upgrade...  Thanks
  All!
 
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing on a stick with Ethernet, not FastEthernet???


No the Catalysts, and routers only support "802.1q" on fastethernet ports. 

Chad A. Simmons, MCSE, CCNP, CCDP
Network Consultant
Network Services Group
Court Square Data Group, Inc.
1391 Main St.
Springfield, Ma. 01103
(413) 746-0054 (Phone)
(413) 746-0058 (Fax)
[EMAIL PROTECTED]
http://www.csdg.com
Information solutions that work in the real world.


-Original Message-
From: Thomas [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 25, 2001 9:30 PM
To: [EMAIL PROTECTED]
Subject: "Routing on a stick" with Ethernet, not FastEthernet???


Hi All - Is it possible to run "routing on a stick" on an regular ethernet
interface, not fastethernet???  I loaded IOS version 12.1.7 onto the 2611
and I could create subinterface on its ethernet ports.  I could also
encapsulate these subinterfaces to 802.1q and assign IP addresses for them.
It seems I am able to do the routing on a stick here.  However, when I tried
it on a 2500 router with the same IOS version, I could only create the
subinterface, but the encapsulation.  There's no encapsulation command on
the subinterface mode this time.  Does this new IOS version not support this
feature on 2500 series? or it allows me to successfully create and
encapsuate subinterface on 2611, but the routing will never work if I plug
in a CAT3500 switch?  I am just experiencing if this method is working with
Ethernet interface, because they said version 12.0T supports 802.1q
encapsulation on Ethernet media  Thanks All in advance!


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Implementing SSH on Cisco IOS

2001-03-25 Thread Sean Young


Doesn't Cisco realize that telnet is a security risk on Cisco devices
especially for us who often has to telnet to the router remotely to
fix/troubleshoot problems?  Because username and password are traveling
across the Internet in CLEAR TEXT, the risk is too great.  I work for
a company that would not allow us to telnet to the router from the
Internet to our company routers and switches.  I know that SSH (version
1) is available on IOS 12.1.x (only on 7000 and GSR platforms).  Why
don't they just implement SSH on all platforms?  It is not that difficult
to do this (in my opinion). Because of SSH lacking in Cisco IOS, I have
to drive all the way to work to troubleshoot when there is problem.
This is suck.  You could implement all access-list all you like; however,
the problem is that telnet will no encrypt information especially username
and password across the Internet.  SSH is widely implemented on
almost all of Unix flavor and Juniper as well.  How difficult is it to
implement it on Cisco IOS?

Anyone disagree?

Sean

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: redundant serial links in same subnet??

2001-03-25 Thread Mask Of Zorro


Cisco allows up to 4 serial links in the same subnet. There are situations 
where you would want to do that, but I cannot for the life of me recall what 
they are... I did read about it once, and actually had to research it with 
the TAC. Search the TAC archives and you will find the message from them 
that indicates you cannot do the 5th link...

Z


From: "Michael Snyder" [EMAIL PROTECTED]
Reply-To: "Michael Snyder" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: redundant serial links in same subnet??
Date: Sun, 25 Mar 2001 11:50:19 -0800

/24?  Subnet them.  I like /30 for p to p links.  run rip version 2.


"Dimitrije" [EMAIL PROTECTED] wrote in message 
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I colleague of mine has a network connecting two routers with redundant
serial
  links. These serial links happen to reside in the same subnet as 
follows:
 
 Router
  A
Router
  B
  S0 - 192.1.67.1/24 - 192.1.67.201/24  - S0
  S1 - 192.1.67.2/24 - 192.1.67.202/14  - S1
 
  Both Routers are running RIP.
 
  When both links are up, network is very sluggish and ping works
intermittently
  (anywhere from 40%-70% of the time) between Routers A  B.  When either
link is
  shut down (only one link is up at a time), pings work 100% of the time.
 
  I'm suspecting that having both serial links in the same subnet is
creating
  problems.  First of all, can you even do this?  Secondly, if you can put
both
  serial 0  1 in the same subnet, is this creating a layer-2 bridge-loop
  environment?
 
  I think that putting each serial link in a separate sub-net should solve
the
  problem, but I don't have access to any equipment to test this.
 
  Am I correct or off-base??  Any definitive feedback would be great.  Any
links
  to spell out the issues with this scenario would also be helpful.
 
  thanks,
  dj
 
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RIPv2 starts available on which IOS version???

2001-03-25 Thread Daniel Cotts


If your configuration just says "router rip" then it is version 1. If the
next line says version 2 - bingo! To see if your version of IOS supports
version 2 try the old "?". 
2523(config)#router rip
2523(config-router)#?
Router configuration commands:
  auto-summaryEnable automatic network number summarization
.
.
  version Set routing protocol version
2523(config-router)#version ?
  1-2  version

You can also use the following. This is version 1
2523#sh ip protocols
Routing Protocol is "rip"
  Sending updates every 30 seconds, next due in 26 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Outgoing update filter list for all interfaces is 
  Incoming update filter list for all interfaces is 
  Redistributing: rip
  Default version control: send version 1, receive any version
InterfaceSend  Recv   Key-chain
TokenRing0   1 1 2
  Routing for Networks:
192.168.2.0
192.168.3.0
  Routing Information Sources:
Gateway Distance  Last Update
  Distance: (default is 120)

This is version 2

2523#sh ip protocols
Routing Protocol is "rip"
  Sending updates every 30 seconds, next due in 18 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Outgoing update filter list for all interfaces is 
  Incoming update filter list for all interfaces is 
  Redistributing: rip
  Default version control: send version 2, receive version 2
InterfaceSend  Recv   Key-chain
TokenRing0   2 2  
  Routing for Networks:
192.168.2.0
192.168.3.0
  Routing Information Sources:
Gateway Distance  Last Update

 -Original Message-
 From: Thomas [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, March 25, 2001 9:15 PM
 To: [EMAIL PROTECTED]
 Subject: Re: RIPv2 starts available on which IOS version???
 
 
 How can I find out if what version of RIP I am using and how 
 to enable it?
 Thanks!
 
 
 
 
 "Brian" [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]
.sdca.home.com
...
 You neglected to say what verion of ios you had, I see it is supported in
 11.2, and I know they supported it in versions available in 1998/1999.

 Brian

 On Sun, 25 Mar 2001, Thomas wrote:

  Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure
which
  IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash, and
I
  don't want to spend another couple hundreds for flash upgrade...  Thanks
  All!
 
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIPv2 starts available on which IOS version???


Thanks Chad!  Is RIPv2 compatiable with RIP?  In order words, If I have one
router running RIP and the other running RIPv2, can they still work
together? My concern is convering RIP to RIPv2 so that I can turn off the
"auto-summary" feature.


""Simmons, Chad"" [EMAIL PROTECTED] wrote in message
E3160AD94522D311BA0A00508B2CAA0F6C76E5@ANAKIN">news:E3160AD94522D311BA0A00508B2CAA0F6C76E5@ANAKIN...
 sh ip int x
 Will show you what version you are using on an interface.

 Set up rip for version 2 only
 router rip
 version 2

 or on an interface level
 ip rip send/recieve version 1 or 2 or 1 2

 Chad A. Simmons, MCSE, CCNP, CCDP
 Network Consultant
 Network Services Group
 Court Square Data Group, Inc.
 1391 Main St.
 Springfield, Ma. 01103
 (413) 746-0054 (Phone)
 (413) 746-0058 (Fax)
 [EMAIL PROTECTED]
 http://www.csdg.com
 Information solutions that work in the real world.


 -Original Message-
 From: Thomas [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, March 25, 2001 10:15 PM
 To: [EMAIL PROTECTED]
 Subject: Re: RIPv2 starts available on which IOS version???


 How can I find out if what version of RIP I am using and how to enable it?
 Thanks!




 "Brian" [EMAIL PROTECTED] wrote in message

[EMAIL PROTECTED]">news:[EMAIL PROTECTED]
 ...
  You neglected to say what verion of ios you had, I see it is supported
in
  11.2, and I know they supported it in versions available in 1998/1999.
 
  Brian
 
  On Sun, 25 Mar 2001, Thomas wrote:
 
   Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure
 which
   IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash,
and
 I
   don't want to spend another couple hundreds for flash upgrade...
Thanks
   All!
  
  
   _
   FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing switch


I can only speak for the Cisco 11000 series (formerly Arrowpoint) switches. 
They're really designed for more than load sharing, but they are seriously
cool devices.  It's better that you read about their capabilities first
hand, though.  Just go to CCO and read up on the 11050 and 11150, one of
which is probably what you'd want to use.

They're very easy to configure, at least at the basic level.  When you start
to do some of the more advanced stuff you'll probably end up needing some
support, but I wouldn't say that is a negative.  These switches have a lot
of features and you can use them in a number of ways.  As a front end for a
server farm, they excel.  I would swiftly kick in the head anyone trying to
take mine away from me.  :-)

HTH,
John

  Hi All,
  I have been asked to design an internal lan structure at an ISP which
  has load balancing for our server farm of 5 servers at the switching
  level. Can some one tell me how good cisco switch's are in this area
  compared to Foundry. 
   
  Also, what protocols are used at the switch layer to create load
  balancing  (if any )
   
  Thanks in advance
   
   
  John Brandis
   
  Network Infrastructure Engineer
  GoWireless Communications
  Level 7, 155 George Street
  Sydney, NSW Australia 2000
  02-9251-5000
  0418-613-976
   
  [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 
   
  
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing switch


I can only speak for the Cisco 11000 series (formerly Arrowpoint) switches. 
They're really designed for more than load sharing, but they are seriously
cool devices.  It's better that you read about their capabilities first
hand, though.  Just go to CCO and read up on the 11050 and 11150, one of
which is probably what you'd want to use.

They're very easy to configure, at least at the basic level.  When you start
to do some of the more advanced stuff you'll probably end up needing some
support, but I wouldn't say that is a negative.  These switches have a lot
of features and you can use them in a number of ways.  As a front end for a
server farm, they excel.  I would swiftly kick in the head anyone trying to
take mine away from me.  :-)

HTH,
John

  Hi All,
  I have been asked to design an internal lan structure at an ISP which
  has load balancing for our server farm of 5 servers at the switching
  level. Can some one tell me how good cisco switch's are in this area
  compared to Foundry. 
   
  Also, what protocols are used at the switch layer to create load
  balancing  (if any )
   
  Thanks in advance
   
   
  John Brandis
   
  Network Infrastructure Engineer
  GoWireless Communications
  Level 7, 155 George Street
  Sydney, NSW Australia 2000
  02-9251-5000
  0418-613-976
   
  [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 
   
  
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RIPv2 starts available on which IOS version???


That works!  Thanks Daniel!


"Daniel Cotts" [EMAIL PROTECTED] wrote in message
303479FA060CD211B893F805A88AA110EB@EXCHANGE1">news:303479FA060CD211B893F805A88AA110EB@EXCHANGE1...
 If your configuration just says "router rip" then it is version 1. If the
 next line says version 2 - bingo! To see if your version of IOS supports
 version 2 try the old "?".
 2523(config)#router rip
 2523(config-router)#?
 Router configuration commands:
   auto-summaryEnable automatic network number summarization
 .
 .
   version Set routing protocol version
 2523(config-router)#version ?
   1-2  version

 You can also use the following. This is version 1
 2523#sh ip protocols
 Routing Protocol is "rip"
   Sending updates every 30 seconds, next due in 26 seconds
   Invalid after 180 seconds, hold down 180, flushed after 240
   Outgoing update filter list for all interfaces is
   Incoming update filter list for all interfaces is
   Redistributing: rip
   Default version control: send version 1, receive any version
 InterfaceSend  Recv   Key-chain
 TokenRing0   1 1 2
   Routing for Networks:
 192.168.2.0
 192.168.3.0
   Routing Information Sources:
 Gateway Distance  Last Update
   Distance: (default is 120)

 This is version 2

 2523#sh ip protocols
 Routing Protocol is "rip"
   Sending updates every 30 seconds, next due in 18 seconds
   Invalid after 180 seconds, hold down 180, flushed after 240
   Outgoing update filter list for all interfaces is
   Incoming update filter list for all interfaces is
   Redistributing: rip
   Default version control: send version 2, receive version 2
 InterfaceSend  Recv   Key-chain
 TokenRing0   2 2
   Routing for Networks:
 192.168.2.0
 192.168.3.0
   Routing Information Sources:
 Gateway Distance  Last Update

  -Original Message-
  From: Thomas [mailto:[EMAIL PROTECTED]]
  Sent: Sunday, March 25, 2001 9:15 PM
  To: [EMAIL PROTECTED]
  Subject: Re: RIPv2 starts available on which IOS version???
 
 
  How can I find out if what version of RIP I am using and how
  to enable it?
  Thanks!
 
 
 
 
  "Brian" [EMAIL PROTECTED] wrote in message
  news:[EMAIL PROTECTED]
 .sdca.home.com
 ...
  You neglected to say what verion of ios you had, I see it is supported
in
  11.2, and I know they supported it in versions available in 1998/1999.
 
  Brian
 
  On Sun, 25 Mar 2001, Thomas wrote:
 
   Hi All, I am thinking about running RIPv2 on my 2500.  I am not sure
 which
   IOS version starts supporting RIPv2.  My 2500 only has 8MB of flash,
and
 I
   don't want to spend another couple hundreds for flash upgrade...
Thanks
   All!
  
  
   _
   FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Implementing SSH on Cisco IOS


http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t1/sshv1.htm

Supported Platforms
Cisco 1700 series
Cisco 2600 series
Cisco 3600 series
Cisco 7200 series 
Cisco 7500 series 
Cisco ubr920 series

But it does require a DES or 3Des software image. You may want to check CCO
before posting erronious info.

Best Regards,

Chad A. Simmons, MCSE, CCNP, CCDP
Network Consultant
Network Services Group
Court Square Data Group, Inc.
1391 Main St.
Springfield, Ma. 01103
(413) 746-0054 (Phone)
(413) 746-0058 (Fax)
[EMAIL PROTECTED]
http://www.csdg.com
Information solutions that work in the real world.


-Original Message-
From: Sean Young [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 25, 2001 10:50 PM
To: [EMAIL PROTECTED]
Subject: Implementing SSH on Cisco IOS


Doesn't Cisco realize that telnet is a security risk on Cisco devices
especially for us who often has to telnet to the router remotely to
fix/troubleshoot problems?  Because username and password are traveling
across the Internet in CLEAR TEXT, the risk is too great.  I work for
a company that would not allow us to telnet to the router from the
Internet to our company routers and switches.  I know that SSH (version
1) is available on IOS 12.1.x (only on 7000 and GSR platforms).  Why
don't they just implement SSH on all platforms?  It is not that difficult
to do this (in my opinion). Because of SSH lacking in Cisco IOS, I have
to drive all the way to work to troubleshoot when there is problem.
This is suck.  You could implement all access-list all you like; however,
the problem is that telnet will no encrypt information especially username
and password across the Internet.  SSH is widely implemented on
almost all of Unix flavor and Juniper as well.  How difficult is it to
implement it on Cisco IOS?

Anyone disagree?

Sean

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RIPv2 starts available on which IOS version???