Trunking over ATM
1. Is it possible to implement VLAN trunking over ATM using RFC1483 bridging (manual PVCs between switches) rather than using LANE. 2. What is the difference between routed and bridged RFC1483, if any? Any insight on the above would be great! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please help
When I went to Cisco's COO to check on their latest IOS for the 7507. I see the following: The BootFlash IOS image rsp-boot-mz.121-7.bin And the: IP/FW/IDS IPSec 3DES rsp-ik2o3sv-mz Could you please explain the two? Which software is loaded into where? Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2503 Problem
Have you tried control break, control c, control z "Omer Ehsan Dar" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > I have a 2503 router with 12.0 IOS. it does not obey the password > recovery command the break command does not work if you hit it during > bootup. Any suggestions. > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
100base FX connection
I just curious, if I use Cisco Catalyst 2900MF-XL with fibre optic uplink module (100 base FX), can I connect the end of the fibre optic cable to a Cisco Catalyst 3524 XL ? because the Catalyst 3524 XL I think only support for 100 base T based connection. Should I use any converter for this (from 100 base FX to 100 base T ? ) If so what is the converter then, if not, what kind of Catalyst then can I connect with fibre cable ? Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 100base FX connection
no. "Irwan Hadi" <[EMAIL PROTECTED]> ? [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just curious, if I use Cisco Catalyst 2900MF-XL with fibre optic uplink > module (100 base FX), can I connect the end of the fibre optic cable to a Cisco Catalyst > 3524 XL ? because the Catalyst 3524 XL I think only support for 100 base T > based connection. Should I use any converter for this (from 100 base FX to 100 > base T ? ) > If so what is the converter then, if not, what kind of Catalyst then can I > connect with fibre cable ? > > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No Encapsulation command Help?
Encapsulation command doesn't come up when trying to configure ISL or 802.1q Vlan trunking on a Cisco 2600 serious Router Version 12.0. Fast Ethernet interfaces 2 built into the Router and I can apply sub interfaces to them but cannot apply an encapsulation on the sub interfaces. Anybody know why?? If I cannot put an encapsulation on them them the interface will not trunk. Does anyone have an answer?? _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: No Encapsulation command Help?
Please check your IOS version support ISL trunking or not, please go to cisco.com to check it out. ""Washington Rico"" <[EMAIL PROTECTED]> 撰寫於郵件 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >Encapsulation command doesn't come up when trying to configure ISL or > 802.1q Vlan trunking on a Cisco 2600 serious Router Version 12.0. Fast > Ethernet interfaces 2 built into the Router and I can apply sub interfaces > to them but cannot apply an encapsulation on the sub interfaces. Anybody > know why?? If I cannot put an encapsulation on them them the interface > will not trunk. Does anyone have an answer?? > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE:Ethernet to Serial Converters available!
Hi Guys, There is an ethernet to serial converter from "Avaya Communications". Unfortunately these are about to be discontinued. Dzilo Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I want to join the ccie lab in austrailia.... give me some infomation....
_ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Enterprise Management Specialization
CCNP+Management Specialists: I have been trying to determine the scope of the CCNP+Management tests, and have not been having much luck. CEMS is recommended but the MCRI & MCSI were not based on CEMS; and there are not even exam topics for MCSI. I am trying to determine if the MCRI and MCSI test are based the older software? I am currently working with a group at work to implement HP OpenView & CW2000 with all the bells and wistles; so I am more familiar with the newer features. If the current MCRI & MCSI are based on the older software I'll just wait for the revamped Qualified Cert. Thanks DaveC CCDP/CCNP etc, etc, etc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help for BOOTFLASH
Can someone help me on BOOTFLASH? I need detailed infos on how it works and what's its role in the routers. Thanks Davide _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Stupid question
Jason, You have mentioned what my first thought was... The interfaces do not even have to be administratively down (AD). They can be given identical addresses as long as they are down (D). If the duplicate address is the same as an "up" LAN interface, you get a warning, but the address is accepted into the running config, but ONLY if the serial interface is AD. If the serial interface is only D, you get the same warning, but the address is NOT accepted. I have not (yet) tried to see how interaction with the LAN interface proceeds if the LAN interface is AD or D, and I am resisting the temptation to do so because I have a zillion other things to do... Hugo. ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message 9a96jb$s5o$[EMAIL PROTECTED]">news:9a96jb$s5o$[EMAIL PROTECTED]... > Are you sure all interfaces are 'no shutdown' ? You can assign even the > same ip address to multiple interfaces if they're shutdown. > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > Cisco resources: http://r2cisco.artoo.net/ > > > ""Mask Of Zorro"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Just to throw a wrinkle in all of this, a Cisco router WILL allow you to > > place up to 4 SERIAL interfaces in the same subnet. Try it... do like > this: > > > > Router>conf t > > Router(config)int s0 > > Router(config-if)ip add 10.1.1.1 255.255.255.0 > > Router(config-if)int s1 > > Router(config-if)ip add 10.1.1.3 255.255.255.0 > > > > This works... the router will not complain. Why would you need to do this? > I > > dunno, but you can if you want to - only on SERIAL interfaces... > > > > Z > > > > > > > > > > >From: EA LOUIE <[EMAIL PROTECTED]> > > >Reply-To: EA LOUIE <[EMAIL PROTECTED]> > > >To: "John Neiberger" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > >CC: [EMAIL PROTECTED] > > >Subject: Re: Stupid question > > >Date: 30 Mar 2001 10:50:28 PST > > > > > >"John Neiberger" <[EMAIL PROTECTED]> wrote: > > > > The IP address on a switch or hub is for management purposes only and > is > > > > not applied to an actual physical port. The IP address in a switch or > > > > hub is applied to a virtual interface so you can use IP to test > > > > connectivity or telnet to the device for configuration purposes. > > > > > >...and don't forget for SNMP monitoring/management, too, if enabled > > > > > >:-) > > > > > >-e- > > > > > > > > > > > >>> "Wang Chia Ta" <[EMAIL PROTECTED]> 3/30/01 9:40:46 AM >>> > > > > Thank you for your response. Another question is when or why would you > > > > be > > > > required > > > > to use set an ip address on a switch and/or hub interface? > > > > > > > > Thx. > > > > > > > > Wang Chia Ta > > > > Systems Support > > > > Mitsubishi Motors > > > > --- > > > > > > > > ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message > > > > sac446f2.062@fsutil01">news:sac446f2.062@fsutil01... > > > > > This isn't a stupid question, it's a very important point to make. > > > > If > > > > > you are routing, each interface on the router must be in its own > > > > subnet. > > > > > Otherwise routing would not work. If you're bridging, then the > > > > bridged > > > > > interfaces are in the same subnet but you don't specifically assign > > > > an > > > > > IP address to those interfaces. > > > > > > > > > > I'm guessing that you're really asking the former question: in a > > > > > routing situation can two different interfaces be in the same > > > > subnet, > > > > > and the answer is no. > > > > > > > > > > HTH, > > > > > John > > > > > > > > > > >>> After removing all of the HTML, Rick appeared to say... >>> > > > > > Dear all, > > > > > I have a stupid question, want to clarify. > > > > > is it I cannot make two or more interfaces share the same subnet in > > > > > the Router? > > > > > Thanks > > > > > > > > > > Best Regards, > > > > > rick > > > > [EMAIL PROTECTED] > > > > [EMAIL PROTECTED] > > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Interfaces
There's two other things I have heard of for loopbacks. I once talked to someone who worked at a major carrier who always telneted into the routers using the loopback addresses. They also used the loopback address as the name of the router. It makes a lot of sense in a situation where you are making changes all the time on interfaces to be able to keep the interface that you telnet into constant. (Of course you have to have the subnet that the loopback interfaces participate in a routing protocol.) Also, if you are doing any kind of SNMP management of the routers, it helps to have the IP address constant, that way, if an interface goes down, it's possible to reach the router if there's an alternate path. ""Atul Kumar Udupi"" <[EMAIL PROTECTED]> wrote in message 99v4ts$8fv$[EMAIL PROTECTED]">news:99v4ts$8fv$[EMAIL PROTECTED]... > 1. Basically loopback address is used to test whether tcpip protocol stack > is installed properly and working fine on a machine. Assume that just now > you have added tcpip to your machine and there is no ip address assigned at > that time one can use looopback ip address to verify the tcpip installation > by pining to the loopback interface. > 2. And as u said some dynamic routing protocols use loopback as a > ROUTER-ID. This is because loopback address is logical and available most of > the time to the peer. You can use ip address of any hardware interface of a > router, but problem is incase the interface goes bad. To avoid that its > better to use loopback ip address as a router id. > > Hope this helps. > > Atul kumar > > > > "Asad Hasan" <[EMAIL PROTECTED]> wrote in message > 98o5a6$vn1$[EMAIL PROTECTED]">news:98o5a6$vn1$[EMAIL PROTECTED]... > > What is the primary purpose of using the Loopback interface and can you > > telnet into a router using a IP assigned to the Loopback interface. I know > > the Loopback interfaces are used in OSPF and in BGP. But is there any > other > > purpose for them. > > > > Regards > > Asad _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
Synch is an issue that gets way too much attention in my opinion. It's not used at all. It's a legacy feature that is meaningless in todays' networks. What John describes below, the fact that IBGP routers will no post routes unless they have reachability to the Next_Hop is not a synchronization issue, rather it is a fundamental function of BGP. If routers started posting routes that they have no hope of delivering traffic to, things would get pretty messy pretty fast. Thankfully, there are no nobs to turn this _behavior_ off :) *** REPLY SEPARATOR *** On 4/1/2001 at 4:58 PM John Neiberger wrote: >When an eBGP neighbor forwards routing information to another eBGP >neighbor, >it changes the next hop to itself. When an iBGP neighbors exchange >information they do not, by default, change the next hop. This is where >the >synchronization rule comes in. > >An iBGP neighbor will not be able to use a route if it does not have a >valid >route to the next hop in its IGP. Having synchronization turned on is >often >unnecessary, so most people turn it off. You still have a problem, >though: >the receiving iBGP neighbor still might not know how to reach the next hop >for any of the routes in its BGP table. To solve this, on your iBGP peers >use the next-hop-self command. Since the peers already know how to reach >each other, this solves your problem. > >I hope that helps, and I hope I haven't mischaracterized the issue. I >haven't really thought through all of this in a while so I may have some >details wrong. > >If you really want to understand this stuff, pick up a copy of Internet >Routing Architectures (2nd Ed.) by Sam Halabi. > >Another book I really liked is short but sweet. It's BGP4: Interdomain >Routing in the Internet (or something close to that.) It's very short but >it's an excellent resource. Perhaps you should read that first and then >read Halabi. > >Or you could also get a subscription to Certification Zone and read >Howard's >papers on BGP, they're quite excellent. > >HTH, >John > >> I'm really confused about the how Next-hop attribute works for IBGP and >> EBGP. Can somebody please shed some light on this. Any tips or help >> would be greatly appreciated. >> >> Regards, >> Hunt >___ >Send a cool gift with your E-Card >http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Enterprise Management Specialization
MCRI & MCSI tests are based on pre-CW2000 software. Based on numbers of people who chose to certify as CCNP (Net Mgmt) as of the middle of last year (15), you may have a long wait for the update cert, unless you've heard something. Arthur Stewart David Chandler wrote in message <[EMAIL PROTECTED]>... >CCNP+Management Specialists: > >I have been trying to determine the scope of the CCNP+Management tests, >and have not been having much luck. CEMS is recommended but the MCRI & >MCSI were not based on CEMS; and there are not even exam topics for >MCSI. > >I am trying to determine if the MCRI and MCSI test are based the older >software? > >I am currently working with a group at work to implement HP OpenView & >CW2000 with all the bells and wistles; so I am more familiar with the >newer features. If the current MCRI & MCSI are based on the older >software I'll just wait for the revamped Qualified Cert. > >Thanks >DaveC > >CCDP/CCNP etc, etc, etc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help: Redundant Server Connections into 2 6500's
Hi Everyone. I want to connect each of our servers into each of our 6500's to provide NIC/Switch redundancy. This is easy because most server NICs support redundancy teams and failover. The difficultly I have is I also want to get more bandwidth into the server by using Fast Etherchannel AS WELL. Ideally I would like to have 2 x 100Mbps links into each switch. This should result in 200Mbps Fast Etherchannel links into CiscoSwitch1 as active links and 200Mbps Fast Etherchannel links into CiscoSwitch2 as backup links. If both links into CiscoSwitch1 fail, then the backup NIC's become active and assumes the IP address of the failed NICs. I am trying to avoid having 2 IP addresses for the server if I can. I would have liked to have gone Gigabit ethernet but the $$$ were too high for management. Is this possible? Is anyone else doing this? Can anyone recommend a NIC vendor? Many thanks, Dion * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP certification
Hello everyone, Just a stupid question - I did my CCNA certification (ver1.0) about 2 years ago and I'm currently studying for CCNP. Is it true that I must first re-certify my CCNA before I could take my CCNP exams? Or can I just do my CCNP and don't have to worry about my CCNA. Can somebody please shed some light on this? Regards, Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ASN18506 up and running
J, I am just curious, why did you not go with the entire I-net route table? -Scott ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message 9a975p$ua8$[EMAIL PROTECTED]">news:9a975p$ua8$[EMAIL PROTECTED]... > It was indeed as synchronization problem. My understanding is that in order > to bring it from BGP into the routing table, it has to be able to reach the > next-hop address from IGP. What's odd is that both WAN links to the > upstream ISPs were in iBGP, so I need to read up on synchronization some > more. > > For now, 'no synchronization' fixed the problem. > > As I posted OT in another post (but perhaps more relevant here): > I just installed Zebra on my linux server so I can give people IOS-like > access to a BGP router. telnet://r2.artoo.net:2605 with a password of 'bgp' > and you can get a look at the world of BGP from AS18506 via UUNET AS701 and > Sprint AS1239. > > The Zebra interface is very close to IOS and has nearly all the BGP-related > commands. I just wish it had traceroute and show ip route (of course, I > think I could do it with the main Zebra daemon, but I don't feel like > messing with it just now). > > Zebra is a free routing daemon (bgp, ospf, rip, all with ipv6 support as > well): http://www.zebra.org/ > > > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > Cisco resources: http://r2cisco.artoo.net/ > > > ""John Neiberger"" <[EMAIL PROTECTED]> wrote in message > sac48e13.088@fsutil01">news:sac48e13.088@fsutil01... > > [I'm resending this from my work address because the first attempt > > didn't appear to succeed.] > > > > Forgive me if I missed something but this appears to be the famous > > iBGP > > synchronization problem, which I believe can be fixed by turning off > > synchronization and set 'next-hop-self' on advertisements between your > > two internal routers. > > > > When one router takes external routes and passes them to an internal > > neighbor, it doesn't alter the next hop attribute. When the other > > internal neighbor receives the route, the next hop is not the other > > internal peer, > > but the external peer it was received from. If the second iBGP peer > > in this > > example does not have a valid IGP route to that next hop, the route > > can't > > be installed into the routing table. > > > > I only quickly looked through your post so I may be way off base here. > > Take > > it with a grain of salt. > > > > HTH, > > John > > > > > > > Ok, more info (plus I have BGP to UUNET up and have the same > > problem > > the > > > > reverse direction). 206.51.253.1 is part of UUNET AS701. > > 64.6.1.1 is > > > part > > > > of Sprint AS1239: > > > > > > > > ISC-Mod-3640#sh ip bgp 206.51.253.1 > > > > BGP routing table entry for 206.51.253.0/24, version 0 > > > > Paths: (1 available, no best path) > > > >Not advertised to any peer > > > >701 > > > > 157.130.196.245 (metric 1) from 63.107.123.249 > > (63.107.123.253) > > > >Origin IGP, localpref 100, valid, internal, not > > synchronized > > > > ISC-Mod-3640# > > > > > > > > ISC-Tur-2600-2#sh ip bgp 64.6.1.1 > > > > BGP routing table entry for 64.6.0.0/20, version 0 > > > > Paths: (1 available, no best path) > > > >Not advertised to any peer > > > >1239 > > > > 144.232.206.65 (metric 1) from 63.107.123.250 (63.172.195.1) > > > >Origin IGP, metric 60, localpref 100, valid, internal, not > > > > synchronized > > > > > > > > > > > > There-in lies my problem. How do I get each router to > > synchronize so > > it > > > > will allow it into the routing table? > > > > > > > > Two cool public BGP looking glass routers: > > > > route-views.oregon-ix.net > > > > route-server.cerf.net > > > > > > > > -- > > > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > > > > List email: [EMAIL PROTECTED] > > > > Homepage: http://jason.artoo.net/ > > > > Cisco resources: http://r2cisco.artoo.net/ > > > > > > > > > > > > ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message > > > > 9a0gj6$c5a$[EMAIL PROTECTED]">news:9a0gj6$c5a$[EMAIL PROTECTED]... > > > > > It's been delayed time and again, but I've finally found the > > time to > > > push > > > > > through the docs and configuration notes needed to get our ASN > > up > > and > > > > > running with our upstream providers. > > > > > > > > > > So, this morning we began announcing ASN 18506 and our > > netblocks out > > > > > Sprintlink with no problems. I had them turn on full routes > > and > > we're > > > up > > > > > to: '11176 network entries and 11169 paths' and still > > climbing. > > > > > > > > > > Ok, so hears the setup: > > > > > > > > > > UUNET - [T1/FR] - s0/0.1 2621 s0/1 - [T1] - s0/1 3640 s1/2 - > > [T1] - > > > Sprint > > > > > > > > > > I'm still trying to get our Accounts Payable folks to get us > > our > > UUNET > > > > > account number so I ha
CSS 11050 software upgrade
We have two CSS 11050 runing Version: ap0310058s (3.10 Build 58) Flash (Locked):3.10 Build 33 Flash (Operational): 3.10 Build 58 We would like to upgrade the OS to the latest version. Does anyone have any experience to share? Thanks Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The Finale: OSPF and IP Classless (partial retraction)
hehe...28 yrs old and my hair hasn't slowed down yet. The blonde floweth from my head. Speaking of...I need a haircut BAD. Actually the thing that makes blondes better security administrators is that we understand the firewall. All you have to do is have the firewall see anything that it doesn't understand and say 'I don't get it. Go away.'. Thus...blonde ACLs. - Original Message - From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 30, 2001 4:41 PM Subject: Re: The Finale: OSPF and IP Classless (partial retraction) > >I'm blonde. I don't get it. > > > Does that mean that the reason that (male) blonde routing engineers > get better as they age, not from experience but from male pattern > baldness? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPsec port
Just to add to what you've stated: GRE uses control port 1723. -Scott M. Trieste ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message 9a96ge$rt5$[EMAIL PROTECTED]">news:9a96ge$rt5$[EMAIL PROTECTED]... > The names and numbers are correct, but as someone else pointed out a few > posts back, it's not a port number, but a protocol number. > > Protocols: > 6TCP > 17UDP > 47GRE (PPTP requirement) > 50ESP > 51AH > > Just to delve a little further about security protocols, ISAKMP does use > TCP/500, and you'll need it too. > > Bookmark 'em: > ftp://ftp.isc.org/pub/rfc/rfc1700.txt > http://www.isi.edu/in-notes/iana/assignments/port-numbers > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > Cisco resources: http://r2cisco.artoo.net/ > > > ""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Actually, you have it backwards. AH = port 51. ESP = port 50. > > > > Christopher A. Kane, CCNP > > Senior Network Control Tech > > Router Ops Center/Hilliard NOC > > UUNET > > (614)723-7877 > > > > > > > > -Original Message- > > From: Rizzo Damian [mailto:[EMAIL PROTECTED]] > > Sent: Friday, March 30, 2001 12:19 PM > > To: 'Ruihai An'; [EMAIL PROTECTED] > > Subject: RE: IPsec port > > > > > > AH-port 50, ESP-port 51 and ISAKMP-port 500 > > > > > > > > -Original Message- > > From: Ruihai An [mailto:[EMAIL PROTECTED]] > > Sent: Friday, March 30, 2001 12:05 PM > > To: [EMAIL PROTECTED] > > Subject: IPsec port > > > > > > I configured my PIX as the IPsec VPN terminator to support DES VPN client. > > I have an inbound access-list on my perimeter router. Does any one know > > the ports I need to open for IPsec VPN traffic on my perimeter router ? > > > > Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP certification
Lee, I did my CCNA a year ago under 1.0 and am currently taking my CCNP exams under 2.0. I don't believe it matters as long as your CCNA is current, which I believe is 3 years on the CCNA. So you should be okay. Heather Buri CSC Technology Services - Houston Phone: (713)-961-8592 Fax:(713)-961-8249 Mobile: Alpha Page: Mailing:1360 Post Oak Blvd Suite 500 Houston, TX 77056 -Original Message- From: Hunt Lee [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: CCNP certification Hello everyone, Just a stupid question - I did my CCNA certification (ver1.0) about 2 years ago and I'm currently studying for CCNP. Is it true that I must first re-certify my CCNA before I could take my CCNP exams? Or can I just do my CCNP and don't have to worry about my CCNA. Can somebody please shed some light on this? Regards, Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The Finale: OSPF and IP Classless (partial retraction)
I don't get it. - Original Message - From: "Jason Leonard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 30, 2001 11:57 PM Subject: Re: The Finale: OSPF and IP Classless (partial retraction) > > Nope, 'cause blonde (with the 'e') refers for female routing engineers. Or, > rather, females in general. But be wary even using to refer to females.. > > "Usage Note: It is usual in English to treat blond as if it required gender > marking, as in French, spelling it blonde when referring to women and blond > elsewhere. But this practice is in fact a relatively recent innovation, and > some have suggested that it has sexist implications and that the form blond > should be used for both sexes. There is certainly a measure of justice to > the claim that the two forms are not used symmetrically. Since English does > not normally mark adjectives according to the gender of the nouns they > modify, it is natural to interpret the final -e as expressing some > additional meaning, perhaps because it implies that hair color provides a > primary category of classification for women but not men. This association > of hair color and a particular perception of feminine identity is suggested > in phrases such as dumb blonde and Is it true blondes have more fun? or in > Susan Brownmiller's depiction of Hollywood's "pantheon of celebrated blondes > who have fed the fantasies of men and fueled the aspirations of women." The > corresponding masculine form blond, by contrast, is not ordinarily used to > refer to men in contexts in which hair color is not specifically at issue; > there is something arch in a reference to Leslie Howard, Robert Redford, and > other celebrated blonds." > > Howard wrote: > > > Does that mean that the reason that (male) blonde routing engineers > > get better as they age, not from experience but from male pattern > > baldness? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: CCNP certification
You don't need to take the CCNA again. I got my CCNA back in April '99. I took 3 of the old CCNP tests and 1 of the new ones and they still gave me my CCNP (v1.0 of course). -Original Message- From: Hunt Lee [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 9:41 AM To: [EMAIL PROTECTED] Subject: CCNP certification Hello everyone, Just a stupid question - I did my CCNA certification (ver1.0) about 2 years ago and I'm currently studying for CCNP. Is it true that I must first re-certify my CCNA before I could take my CCNP exams? Or can I just do my CCNP and don't have to worry about my CCNA. Can somebody please shed some light on this? Regards, Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2503 Problem
You might want to try a different Hyperterminal Program. -- Kind regards, Alexander N. Khramov, CCNA Student Technical Consultant NSU, Computing and Telecommunications [EMAIL PROTECTED] "Omer Ehsan Dar" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > I have a 2503 router with 12.0 IOS. it does not obey the password > recovery command the break command does not work if you hit it during > bootup. Any suggestions. > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
Ah, after checking up on this I see where I was confused. Synchronization does not specifically refer to the behavior we were talking about. I thought that synchronization meant that the next-hop had to be in the routing table before a prefix could be moved from the BGP table to the routing table. That's not quite correct. I'll quote a portion of Halabi: "The BGP rule states that a BGP router should not advertise to external neighbors destinations learned from iBGP neighbors unless those destinations are also known via an IGP. This is known as synchronization. If a router knows about these destinations via an IGP, it assumes that the route has already been propagated inside the AS, and internal reachability is ensured." Thanks for pointing this out, Peter. Someone on the list recently pointed out that BGP synchronization and ip classless seem to be in the class of misunderstanding. Just when you think you really understand how it operates, you realize you have it wrong. I think I have it now! Maybe... John >>> "Peter Van Oene" <[EMAIL PROTECTED]> 4/2/01 7:03:16 AM >>> Synch is an issue that gets way too much attention in my opinion. It's not used at all. It's a legacy feature that is meaningless in todays' networks. What John describes below, the fact that IBGP routers will no post routes unless they have reachability to the Next_Hop is not a synchronization issue, rather it is a fundamental function of BGP. If routers started posting routes that they have no hope of delivering traffic to, things would get pretty messy pretty fast. Thankfully, there are no nobs to turn this _behavior_ off :) *** REPLY SEPARATOR *** On 4/1/2001 at 4:58 PM John Neiberger wrote: >When an eBGP neighbor forwards routing information to another eBGP >neighbor, >it changes the next hop to itself. When an iBGP neighbors exchange >information they do not, by default, change the next hop. This is where >the >synchronization rule comes in. > >An iBGP neighbor will not be able to use a route if it does not have a >valid >route to the next hop in its IGP. Having synchronization turned on is >often >unnecessary, so most people turn it off. You still have a problem, >though: >the receiving iBGP neighbor still might not know how to reach the next hop >for any of the routes in its BGP table. To solve this, on your iBGP peers >use the next-hop-self command. Since the peers already know how to reach >each other, this solves your problem. > >I hope that helps, and I hope I haven't mischaracterized the issue. I >haven't really thought through all of this in a while so I may have some >details wrong. > >If you really want to understand this stuff, pick up a copy of Internet >Routing Architectures (2nd Ed.) by Sam Halabi. > >Another book I really liked is short but sweet. It's BGP4: Interdomain >Routing in the Internet (or something close to that.) It's very short but >it's an excellent resource. Perhaps you should read that first and then >read Halabi. > >Or you could also get a subscription to Certification Zone and read >Howard's >papers on BGP, they're quite excellent. > >HTH, >John > >> I'm really confused about the how Next-hop attribute works for IBGP and >> EBGP. Can somebody please shed some light on this. Any tips or help >> would be greatly appreciated. >> >> Regards, >> Hunt >___ >Send a cool gift with your E-Card >http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPM and PIX Firewall Ambiguity
Hi All, Cisco Secure Policy Manager CSPM - Enables one to define a GUI based policy/topology. The program then uploads this policies to PIX firewall and there is hindreds of line of configuration in PIX FW. PIX Firewall - can also be configured manually via command line. But theres no way this can be uploaded to CSPM and realize the policy/topology from configuration on PIX. Ambiguity remains, one does not know which commands are generated by CSPM program after defining the topology. One cannot upload the manually configured policy to CSPM. Can any one provide some insight, as to how this ambiguity can be removed and synchrinise both. Ofcourse, someone who have worked with both multiple times will be able to help me. Many Thanks in Aniticpation Regards, KaushikTechnical Consultant Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
utilization rate calculation
Hi Techies, I have recenty been reading Cisco Press' new book called "Peformance and Fault Management" and they stated to measure utilization on a WAN interface (full-duplex); it is recommended to use the following formula: max ( delta(ifInOctets), delta(ifOutOctets) x 8 x 100) -- (number of seconds in delta) x ifSpeed They state because of "MIB II variables are stored as counters, you must take two poll cycles and figure the difference between the two" hence the delta number. I don't understand why two poll cycles are needed and why is using "counters" attributed to this? Thanks, David _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone looked at this RFC yet?
RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of setting up a firewall by tunneling any TCP/IP application over HTTP. Thanks, Robert Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSS 11050 software upgrade
This link tells you how to do the upgrade: http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/upgrad e.htm -Victor -Original Message- From: Ruihai An [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 10:06 AM To: [EMAIL PROTECTED] Subject: CSS 11050 software upgrade We have two CSS 11050 runing Version: ap0310058s (3.10 Build 58) Flash (Locked):3.10 Build 33 Flash (Operational): 3.10 Build 58 We would like to upgrade the OS to the latest version. Does anyone have any experience to share? Thanks Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help for BOOTFLASH
This might help: Inside Cisco IOS Software Architecture - CCIE Professional Development authors: Vijay Bollapragada, Russ White and Curtis Murphy Cisco Press, ISBN 1578701813 CCO should have some information. On the 7500s the boot image is stored there by default. The boot image can also be placed on a PCMCIA card in either slot0: or slot1: However, a statement must be placed in the config to use that alternate location. TGE_7513#sh flash bootflash: -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. unknown 0FD57943 3CE2EC 21 3727980 Nov 01 1997 21:14:50 rsp-boot-mz.111-10.CA 3874068 bytes available (3728108 bytes used) Note that show gives more information than dir TGE_7513#dir bootflash: -#- -length- -date/time-- name 13727980 Nov 01 1997 21:14:50 rsp-boot-mz.111-10.CA 3874068 bytes available (3728108 bytes used) TGE_7513#dir slot0: -#- -length- -date/time-- name 13557456 May 18 1995 23:35:57 rsp-k-mz.103-10 2 12261 Jun 01 2000 18:03:06 conf 3 12597 Feb 02 2001 23:02:57 start-up 44209360 Mar 30 2001 14:55:42 rsp-boot-mz_113-11a.bin 203200 bytes available (7792192 bytes used) sh ru (following snipped from config) boot system flash slot1:rsp-jsv-mz_113-11a.bin boot bootldr slot0:rsp-boot-mz_113-11a.bin enable secret TGE_7513#sh boot BOOT variable = slot1:rsp-jsv-mz_113-11a.bin,1; CONFIG_FILE variable = Current CONFIG_FILE variable = BOOTLDR variable = slot0:rsp-boot-mz_113-11a.bin Configuration register is 0x102 Slave auto-sync config mode is on No slave installed in slot 7. > -Original Message- > From: Davide Bassani [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 6:06 AM > To: '[EMAIL PROTECTED]' > Subject: Help for BOOTFLASH > > > Can someone help me on BOOTFLASH? > I need detailed infos on how it works and what's its role in > the routers. > > Thanks > > Davide > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone looked at this RFC yet?
Ooops here is the link... http://www.isi.edu/in-notes/rfc3093.txt -Original Message- From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 10:50 AM To: [EMAIL PROTECTED] Subject: Anyone looked at this RFC yet? RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of setting up a firewall by tunneling any TCP/IP application over HTTP. Thanks, Robert Fowler We are told that talent creates its own opportunities. But it sometimes seems that intense desire creates not only its own opportunities, but its own talents. - Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP certification
Your CCNA 1.0 is valid towards the CCNP 2.0 track. If your getting close to having to re-certify the CCNA (It's valid for 3 years) & you don't think you'll be done with the CCNP by then, you may have to re-certify CCNA before the CCNP will be valid. Here is a link to the CCNP site. http://cisco.com/warp/public/10/wwtraining/certprog/lan/programs/ccnp.html Best of luck John Hunt Lee <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello everyone, > > Just a stupid question - I did my CCNA certification (ver1.0) about > 2 years ago and I'm currently studying for CCNP. Is it true that I must > first re-certify my CCNA before I could take my CCNP exams? Or can I > just do my CCNP and don't have to worry about my CCNA. Can somebody > please shed some light on this? > > Regards, > Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: utilization rate calculation
I'll try to restate this in a way that makes sense, but the text you quoted says it pretty well. The MIB data you are accessing is stored as a counter that increments for each byte transmitted and received. Let's say you polled the router and got this information: InOctets: 543980 OutOctets: 234095 Does that tell you anything? Not really. However if you wait a minute and poll it again you could see the amount of traffic in and out of that interface over a period of time, which gives you a rate. A single poll will not give you any usefull information. To get a rate, you need to sample the data over time. In this case the data is stored in bytes so you multiply times eight to get the rate in bits per second. Does that help? If not, I'll try again later after some more coffee. John >>> "Luong, David" <[EMAIL PROTECTED]> 4/2/01 8:50:40 AM >>> Hi Techies, I have recenty been reading Cisco Press' new book called "Peformance and Fault Management" and they stated to measure utilization on a WAN interface (full-duplex); it is recommended to use the following formula: max ( delta(ifInOctets), delta(ifOutOctets) x 8 x 100) -- (number of seconds in delta) x ifSpeed They state because of "MIB II variables are stored as counters, you must take two poll cycles and figure the difference between the two" hence the delta number. I don't understand why two poll cycles are needed and why is using "counters" attributed to this? Thanks, David _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed Cvoice 2.0
Thanks Group, I passed the cvoice exam on friday. it was a fine Exam in all ,extremely detailed . This is one of the rare cisco exams that was well worded,nothing ambiguos. Thanks for all who have assisted through their postings to this great group. Regards Adetola Akinmade CCNP+Voice,CCDA,MCSE Network Engineer Chevron Overseas Petroleum Incorporated 234-1-2600600 ext 3394 "Our business in life is not merely to get ahead of others, but to get ahead of ourselves--to break our own records, to outstrip our yesterday by our today." --Stewart B. Johnson > -Original Message- > From: Jon Krabbenschmidt [SMTP:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 3:50 PM > To: [EMAIL PROTECTED] > Subject: RE: Got the job, now what!! [3:2084] > > I would order 6 Dell's, a Linksys router > http://www.linksys.com/products/product.asp?prid=155&grid=5 go with the > wireless router > http://www.linksys.com/products/product.asp?prid=171&grid=5 > and have Dell install the 802.11b cards if you want to avoid the cabling > head aches, a box of Cat5, some wall boxes, jacks, RJ45 ends and go to > town. > The beauty with the Dell's is you have the client buy them with the 3 > years, > next day, on-site warranty, and write that side of ugly support out of > your > contract. > > Jon > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 31, 2001 5:57 PM > To: [EMAIL PROTECTED] > Subject: Got the job, now what!! [3:2084] > > > Friends, > > I got a job putting in a network in an office. Never done that > before. > > I need to buy/connect 6 workstations with ethernet, get internet > access via a cable modem. I know all the theory. Got a CCNA. > I know PCs, ethernet, NIC cards, Win98, TCP/IP theory, cabling, etc. > I do not know what parts to buy. > > Anyone patient, and christian enough [or Jewish, or Moslem or > Buddist enough] to help me offline with a few fine points? > > Please pardon if I'm stretching the scope of the list. I have got > great help from here in the past. > > What I really want to do is work in VoIP. > -edgar > NC > Discovered on an old tombstone - "I told you I was sick" > follow > the directions on http://www.groupstudy.com/list/jobs.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: IPsec port
Actually your both right, PPTP (microsoft VPN) uses IP protocol 47 (GRE) and TCP port 1723. However ISAKMP uses UDP port 500, not TCP. -Rizzo -Original Message- From: cisco.groupstudy.com [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 10:19 AM To: [EMAIL PROTECTED] Subject: Re: IPsec port Just to add to what you've stated: GRE uses control port 1723. -Scott M. Trieste ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message 9a96ge$rt5$[EMAIL PROTECTED]">news:9a96ge$rt5$[EMAIL PROTECTED]... > The names and numbers are correct, but as someone else pointed out a few > posts back, it's not a port number, but a protocol number. > > Protocols: > 6TCP > 17UDP > 47GRE (PPTP requirement) > 50ESP > 51AH > > Just to delve a little further about security protocols, ISAKMP does use > TCP/500, and you'll need it too. > > Bookmark 'em: > ftp://ftp.isc.org/pub/rfc/rfc1700.txt > http://www.isi.edu/in-notes/iana/assignments/port-numbers > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > Cisco resources: http://r2cisco.artoo.net/ > > > ""Kane, Christopher A."" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Actually, you have it backwards. AH = port 51. ESP = port 50. > > > > Christopher A. Kane, CCNP > > Senior Network Control Tech > > Router Ops Center/Hilliard NOC > > UUNET > > (614)723-7877 > > > > > > > > -Original Message- > > From: Rizzo Damian [mailto:[EMAIL PROTECTED]] > > Sent: Friday, March 30, 2001 12:19 PM > > To: 'Ruihai An'; [EMAIL PROTECTED] > > Subject: RE: IPsec port > > > > > > AH-port 50, ESP-port 51 and ISAKMP-port 500 > > > > > > > > -Original Message- > > From: Ruihai An [mailto:[EMAIL PROTECTED]] > > Sent: Friday, March 30, 2001 12:05 PM > > To: [EMAIL PROTECTED] > > Subject: IPsec port > > > > > > I configured my PIX as the IPsec VPN terminator to support DES VPN client. > > I have an inbound access-list on my perimeter router. Does any one know > > the ports I need to open for IPsec VPN traffic on my perimeter router ? > > > > Ruihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No Encapsulation command Help?
On the subinterface the syntax is "encapsulation isl (vlan number)". According to "Cisco LAN Switching" that command must be entered before the ip address is assigned to the subinterface. > -Original Message- > From: Washington Rico [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 4:19 AM > To: [EMAIL PROTECTED] > Subject: No Encapsulation command Help? > > >Encapsulation command doesn't come up when trying to > configure ISL or > 802.1q Vlan trunking on a Cisco 2600 serious Router Version > 12.0. Fast > Ethernet interfaces 2 built into the Router and I can apply > sub interfaces > to them but cannot apply an encapsulation on the sub > interfaces. Anybody > know why?? If I cannot put an encapsulation on them them the > interface > will not trunk. Does anyone have an answer?? > __ > ___ > Get Your Private, Free E-mail from MSN Hotmail at > http://www.hotmail.com. > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2503 Problem
I had problem to Break from my laptop, but fine when I tried to do it from another desktop. You can also lower the baud to 1200 and hold the space key while booting the router. Ruihai "Omer Ehsan Dar" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > I have a 2503 router with 12.0 IOS. it does not obey the password > recovery command the break command does not work if you hit it during > bootup. Any suggestions. > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone looked at this RFC yet?
And the publishing date is??? Author Scott Bradner. > -Original Message- > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 10:13 AM > To: [EMAIL PROTECTED] > Subject: RE: Anyone looked at this RFC yet? > > > Ooops here is the link... > > http://www.isi.edu/in-notes/rfc3093.txt > > > -Original Message- > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 10:50 AM > To: [EMAIL PROTECTED] > Subject: Anyone looked at this RFC yet? > > > RFC 3093, the Firewall Enhancement Protocol promises to > reduce the hassle of > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > Thanks, > Robert Fowler > > We are told that talent creates its own opportunities. But it > sometimes > seems that intense desire creates not only its own > opportunities, but its > own talents. > - Eric Hoffer (1902-1983 American Author & Philosopher) > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
No worries John. It was I who mentioned the devious nature of classless and synch as well :) Keep in mind that synch was designed for transit networks that have transit providing routers which do not run BGP. Back when the internet was smaller I expect some designs had the IGP in an AS carry the full table, or parts of it and hence it was relevant to make sure your BGP and IGP were synchronized to ensure you didn't blackhole routes. Today, BGP is run fully meshed with all transit providing routers in an AS peering with IBGP and hence synch is a complete non issue. *** REPLY SEPARATOR *** On 4/2/2001 at 8:24 AM John Neiberger wrote: >Ah, after checking up on this I see where I was confused. >Synchronization does not specifically refer to the behavior we were >talking about. I thought that synchronization meant that the next-hop >had to be in the routing table before a prefix could be moved from the >BGP table to the routing table. That's not quite correct. I'll quote a >portion of Halabi: > >"The BGP rule states that a BGP router should not advertise to external >neighbors destinations learned from iBGP neighbors unless those >destinations are also known via an IGP. This is known as >synchronization. If a router knows about these destinations via an IGP, >it assumes that the route has already been propagated inside the AS, and >internal reachability is ensured." > >Thanks for pointing this out, Peter. Someone on the list recently >pointed out that BGP synchronization and ip classless seem to be in the >class of misunderstanding. Just when you think you really understand how >it operates, you realize you have it wrong. I think I have it now! >Maybe... > >John > "Peter Van Oene" <[EMAIL PROTECTED]> 4/2/01 7:03:16 AM >>> >Synch is an issue that gets way too much attention in my opinion. It's >not used at all. It's a legacy feature that is meaningless in todays' >networks. > >What John describes below, the fact that IBGP routers will no post >routes unless they have reachability to the Next_Hop is not a >synchronization issue, rather it is a fundamental function of BGP. If >routers started posting routes that they have no hope of delivering >traffic to, things would get pretty messy pretty fast. Thankfully, >there are no nobs to turn this _behavior_ off :) > > > >*** REPLY SEPARATOR *** > >On 4/1/2001 at 4:58 PM John Neiberger wrote: > >>When an eBGP neighbor forwards routing information to another eBGP >>neighbor, >>it changes the next hop to itself. When an iBGP neighbors exchange >>information they do not, by default, change the next hop. This is >where >>the >>synchronization rule comes in. >> >>An iBGP neighbor will not be able to use a route if it does not have >a >>valid >>route to the next hop in its IGP. Having synchronization turned on >is >>often >>unnecessary, so most people turn it off. You still have a problem, >>though: >>the receiving iBGP neighbor still might not know how to reach the next >hop >>for any of the routes in its BGP table. To solve this, on your iBGP >peers >>use the next-hop-self command. Since the peers already know how to >reach >>each other, this solves your problem. >> >>I hope that helps, and I hope I haven't mischaracterized the issue. >I >>haven't really thought through all of this in a while so I may have >some >>details wrong. >> >>If you really want to understand this stuff, pick up a copy of >Internet >>Routing Architectures (2nd Ed.) by Sam Halabi. >> >>Another book I really liked is short but sweet. It's BGP4: >Interdomain >>Routing in the Internet (or something close to that.) It's very short >but >>it's an excellent resource. Perhaps you should read that first and >then >>read Halabi. >> >>Or you could also get a subscription to Certification Zone and read >>Howard's >>papers on BGP, they're quite excellent. >> >>HTH, >>John >> >>> I'm really confused about the how Next-hop attribute works for IBGP >and >>> EBGP. Can somebody please shed some light on this. Any tips or >help >>> would be greatly appreciated. >>> >>> Regards, >>> Hunt >>___ >>Send a cool gift with your E-Card >>http://www.bluemountain.com/giftcenter/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix Performance Issues
I have a pix 515 R, and I have noticed that I have to clear xlate at least once a day in order to keep it from slowing down internet access, also I have users complaining on how slow the vpn is, I am using ms pptp, due to the fact that the windows 2000 client has not come out yet. How can I get this pix maximize performance without upgrading to the UR, which is what cisco recommends which is a 6k investment. Is anypne else running into these issues? Also I have noticed since I am using local authentication, there is no security on my domain, once in all users can map drives , delete and so on. I have about 60 users. Keep in mind that I have global users that use 56k dial up and then pptp to the fw. TIA -Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rack mount hole size
Those sizes you mention are thread sizes of rack-mount screws. Cisco usually at least provides the larger sized thread, although this is not always the case. Sometimes you might get both, sometimes neither. The rack-mount hardware will accept either size, however, so it really doesn't matter as the rack determines the screw to use, not the network gear. If you buy a new rack, it will typically come with screws of the correct size. If not, then your local hardware store will have a good selection. Rik "John Chang" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am planning on buying a rack for my 2500 series routers. What is the > mount hole size? Is it 10-32 or 12-24? Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone looked at this RFC yet?
Hmm...maybe when I finish reading I'll feel better but this seems like something easily exploited. Just consider a virus which launches a makeshift http server and sends data thru port 80. H... - Original Message - From: "Fowler, Robert J." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 10:12 AM Subject: RE: Anyone looked at this RFC yet? > Ooops here is the link... > > http://www.isi.edu/in-notes/rfc3093.txt > > > -Original Message- > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 10:50 AM > To: [EMAIL PROTECTED] > Subject: Anyone looked at this RFC yet? > > > RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > Thanks, > Robert Fowler > > We are told that talent creates its own opportunities. But it sometimes > seems that intense desire creates not only its own opportunities, but its > own talents. > - Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCMSN
I passed the BCMSN this morning. I have to agree that it was a straight-forward exam. I felt good throughout the exam. I used the cisco press books and took the BCMSN class at Mentortech. Two down, two to go for ccnp! -Original Message- From: Chris Haller [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 31, 2001 5:21 PM To: [EMAIL PROTECTED] Subject: Re: BCMSN Took it myself on Thursday. Was in and out in 25 minutes, and that includes the 68 question survey at the end. So far, the easiest Cisco test I have ever seen. I read both Cisco Press and Sybex and Cisco is definately better. The Sybex book goes along with SimSwith, which I must say, though there is not much to it, not a bad tool for $99 bucks !!! --- John Kurkjian <[EMAIL PROTECTED]> wrote: > I took the exam yesterday (got a 901 on it). A tip > for the group, use the > Cisco Press book. It was much more thorough than the > Sybex book (even though > Sybex is easier reading). > > Just my $0.02 > > John [EMAIL PROTECTED] = Chris from Chicago MasterCNE, 5.x CNE, ICNE, 4.x CNE, CCNA, MCP __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Performance Issues
PPTP VPN does put a lot overhead on your PIX, more than IPsec. The good news is that VPN client for 2k already available and we just started to rollout. Ruihai ""Kevin O'Gilvie"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a pix 515 R, and I have noticed that I have to clear xlate at least > once a day in order to keep it from slowing down internet access, also I > have users complaining on how slow the vpn is, I am using ms pptp, due to > the fact that the windows 2000 client has not come out yet. How can I get > this pix maximize performance without upgrading to the UR, which is what > cisco recommends which is a 6k investment. Is anypne else running into these > issues? Also I have noticed since I am using local authentication, there is > no security on my domain, once in all users can map drives , delete and so > on. I have about 60 users. > > Keep in mind that I have global users that use 56k dial up and then pptp to > the fw. > > TIA > -Kevin > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Performance Issues
You've asked several questions here and I will give you my take on them. I have found that the PPTP client is slower than the Cisco Secure client, but you don't have any real choice for the moment. It is also possible that you've overloaded the PIX with concurrent VPN users. The encryption process, which VPN is based on, can easily overwhelm a processor if it is not sized correctly, especially if you are using 3DES (you don't say one way or the other). One way around this is to purchase a separate encryption processor card, which offloads the encryption processing from the main PIX processor. You didn't mention how many concurrent VPN users you have at times of "slowness", but it's worth looking into. You also didn't mention how much bandwidth is on the outside of the PIX. Of course, you may just have to bite the bullet and increase your hardware. Encryption definitely takes a toll on the processor. As for the clear xlate issue, try lowering the translation timeout. This will timeout and remove the translations much more quickly than the default. Try 5 minutes, 3 minutes, or whatever you feel like. As for the security issue, I have a hunch since you mention Windows 2000, that the users are still logging in as if they are in the office (which Win2K supports really well compared to other MS OSes) and so their office credentials (domain) are cached and in effect when they connect to the physical network. This is typically a good thing, as a VPN is supposed to be a relatively seamless connection into the network from remote locations. If you don't want the users to do this, limit it via the Microsoft network perspective and not the Cisco perspective. Hope this helps! Rik ""Kevin O'Gilvie"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a pix 515 R, and I have noticed that I have to clear xlate at least > once a day in order to keep it from slowing down internet access, also I > have users complaining on how slow the vpn is, I am using ms pptp, due to > the fact that the windows 2000 client has not come out yet. How can I get > this pix maximize performance without upgrading to the UR, which is what > cisco recommends which is a 6k investment. Is anypne else running into these > issues? Also I have noticed since I am using local authentication, there is > no security on my domain, once in all users can map drives , delete and so > on. I have about 60 users. > > Keep in mind that I have global users that use 56k dial up and then pptp to > the fw. > > TIA > -Kevin > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone looked at this RFC yet?
ROFLGot me on that one too. - Original Message - From: "Daniel Cotts" <[EMAIL PROTECTED]> To: "'Fowler, Robert J.'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 10:39 AM Subject: RE: Anyone looked at this RFC yet? > And the publishing date is??? Author Scott Bradner. > > > -Original Message- > > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 02, 2001 10:13 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Anyone looked at this RFC yet? > > > > > > Ooops here is the link... > > > > http://www.isi.edu/in-notes/rfc3093.txt > > > > > > -Original Message- > > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 02, 2001 10:50 AM > > To: [EMAIL PROTECTED] > > Subject: Anyone looked at this RFC yet? > > > > > > RFC 3093, the Firewall Enhancement Protocol promises to > > reduce the hassle of > > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > > > > > Thanks, > > Robert Fowler > > > > We are told that talent creates its own opportunities. But it > > sometimes > > seems that intense desire creates not only its own > > opportunities, but its > > own talents. > > - Eric Hoffer (1902-1983 American Author & Philosopher) > > Report misconduct > > and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone looked at this RFC yet?
You know, this was brought to my attention yesterday on Slashdot. Since yeterday was April 1st, I wasn't sure whether or not this was meant to be taken seriously. It seems funny to me... I imagine that rather than implement this, it'd be easier just to remove the firewall. :) A~ - Original Message - From: "Fowler, Robert J." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 11:12 AM Subject: RE: Anyone looked at this RFC yet? > Ooops here is the link... > > http://www.isi.edu/in-notes/rfc3093.txt > > > -Original Message- > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 10:50 AM > To: [EMAIL PROTECTED] > Subject: Anyone looked at this RFC yet? > > > RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > Thanks, > Robert Fowler > > We are told that talent creates its own opportunities. But it sometimes > seems that intense desire creates not only its own opportunities, but its > own talents. > - Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Performance Issues
Yes. It's not a PIX issue causing the slow VPN. It's a Microsoft issue. I validated this by putting a vpn test box outside the firewall. The encryption overhead and known issues with TCP/IP being slower on Windows add up and cause PPTP to crawl. Add on top of that 56K + internet traffic between users & your network and it's even worse. I do believe I saw a post in here saying the Win2K client is available now but I could be mistaken. I'm not sure why you're having to do clear xlate daily. I only have to do that when I change static, conduit, or ACL statements (as required in docs). How much memory do you have in the PIX? Allen - Original Message - From: "Kevin O'Gilvie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 10:51 AM Subject: Pix Performance Issues > I have a pix 515 R, and I have noticed that I have to clear xlate at least > once a day in order to keep it from slowing down internet access, also I > have users complaining on how slow the vpn is, I am using ms pptp, due to > the fact that the windows 2000 client has not come out yet. How can I get > this pix maximize performance without upgrading to the UR, which is what > cisco recommends which is a 6k investment. Is anypne else running into these > issues? Also I have noticed since I am using local authentication, there is > no security on my domain, once in all users can map drives , delete and so > on. I have about 60 users. > > Keep in mind that I have global users that use 56k dial up and then pptp to > the fw. > > TIA > -Kevin > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone looked at this RFC yet?
>RFC 3093, the Firewall Enhancement Protocol promises to reduce the hassle of >setting up a firewall by tunneling any TCP/IP application over HTTP. > > > >Thanks, >Robert Fowler Look very carefully at the date of this RFC. Serious question: is hassle necessarily a bad thing with respect to firewalls? What if the security policy operates on the principle of least privilege -- only granting those privileges and services where there has been a very conscious decision that the user needs the functionality. Quoting from the RFC, "To see how powerful the end-to-end model is consider the following example. If Scott and Mark have a good idea and some implementation talent, they can create an artifact, use it, and send it to their friends. If it turns out to be a good idea these friends can adopt it and maybe make it better. Now enter the Firewall: if Mark happens to work at a company that installs a Firewall, he can't experiment with his friend Scott. Innovation is more difficult, maybe impossible. What business is it of an IT manager if Scott and Mark want to do some experiments to enable them to better serve their users? This is how the web was created: one guy with talent, a few good ideas, and the ability to innovate." Without making reference to the RFC date, is this model necessarily a good thing when intellectual property rights, responsibility for corporate IT resources, and the skill levels of Scott and Mark (i.e., do they know how to control unexpected aspects of their thing?)? Do Scott and Mark properly have the authority to decide what will and will not serve their users? I'm not suggesting that informal collaboration isn't essential in research, including industrial research. But if network services are mission critical, is it desirable that anyone can circumvent controls on them, as long as they are "inside," or at least one of them is? > >We are told that talent creates its own opportunities. But it sometimes >seems that intense desire creates not only its own opportunities, but its >own talents. >- Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone looked at this RFC yet? SHOULD BE: Email Naming Conventions
Having taken a look at this bearing in mind the publication date, for some reason I noticed Scott Bradner's email address. And I question... WHAT WERE HIS PARENTS THINKING? Didn't they realize one day TLA's (three letter acronyms) would rule the world? One day a TLA might represent your child's name? Is that really, truly his initials? Poor fellow - going through life being known as "[EMAIL PROTECTED]"... > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > W. Alan Robertson > Sent: April 2, 2001 10:22 AM > To: [EMAIL PROTECTED] > Subject: Re: Anyone looked at this RFC yet? > > > You know, this was brought to my attention yesterday on Slashdot. Since > yeterday was April 1st, I wasn't sure whether or not this was meant > to be taken > seriously. It seems funny to me... I imagine that rather than > implement this, > it'd be easier just to remove the firewall. :) > > A~ > > - Original Message - > From: "Fowler, Robert J." <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, April 02, 2001 11:12 AM > Subject: RE: Anyone looked at this RFC yet? > > > > Ooops here is the link... > > > > http://www.isi.edu/in-notes/rfc3093.txt > > > > > > -Original Message- > > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 02, 2001 10:50 AM > > To: [EMAIL PROTECTED] > > Subject: Anyone looked at this RFC yet? > > > > > > RFC 3093, the Firewall Enhancement Protocol promises to reduce > the hassle of > > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > > > > > Thanks, > > Robert Fowler > > > > We are told that talent creates its own opportunities. But it sometimes > > seems that intense desire creates not only its own opportunities, but its > > own talents. > > - Eric Hoffer (1902-1983 American Author & Philosopher) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE:sub-interface encapsulation command
John, Here is an example of an ISL encap. interface cofig. for a 7513 cisco router running 12.0. Note: the accompanying config. on the Cat.5500: 7513 Configuration >interface FastEthernet 3/0/0.70 > description XYZ College VLAN 70 10Mb-Full-Duplex Ethernet Connection > bandwidth 10 > ip address X.X.X.X X.X.X.X > no ip redirects > no ip directed-broadcast > encapsulation isl 70 > no ip split-horizon eigrp >exit >ip route X.X.X.X X.X.X.X FastEthernet 3/0/0.70 > >Catalyst 5500 Configuration >set vlan 70 name VLAN XYZ type ethernet mtu 1500 said 100070 state active >#module 4 : 24-port 10/100BaseTX Ethernet >set vlan 704/3 >set port speed 4/3 10 >set port duplex4/3 full >set port name 4/3 XYZ College FastLane G'Day all I would like to know (if possible) the command for setting the encapsulation type on my E0.1 interface to ISL or something like that so I can start messing around with my VLAN config. I am running IOS 12 on a 1603 series router (not sure if the commands are valid on this series of router) Thanks for any input regarding VLAN sub interface commands. JohnnyB Sydney Australia -- Paul Holloway CCNA, CCDA Systems Engineer Arrival Technologies Tel: 228-314-1100 ex.304 -- _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I want to join the ccie lab in austrailia.... give me some infomation....
http://www.cisco.com/warp/public/625/ccie/exam_preparation/lab.html The prerequisite for the lab is the CCIE written exam. It seems that you haven't taken that yet, else you probably would have known where the resources are for scheduling (or joining) the exam in Australia... When you're ready to take the exam, this list can be a good source of information during your studies. good luck! -e- "kissin" <[EMAIL PROTECTED]> wrote: Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions for Next-hop attribute
>No worries John. It was I who mentioned the devious nature of >classless and synch as well :) Always remember that the best ISPs have no class. > >Keep in mind that synch was designed for transit networks that have >transit providing routers which do not run BGP. Back when the >internet was smaller I expect some designs had the IGP in an AS >carry the full table, or parts of it and hence it was relevant to >make sure your BGP and IGP were synchronized to ensure you didn't >blackhole routes. Precisely. I don't have the document number in front of me, but the old RFC on BGP/OSPF interaction, which assumed this model, has been recategorized as Historic (i.e., nobody does this, don't try it, it was a blind alley) >Today, BGP is run fully meshed with all transit providing routers in >an AS peering with IBGP and hence synch is a complete non issue. Full mesh, of course, has its scalability issues, and we deal with iBGP scalability measures such as route reflectors. There is a trend to have the main BGP at the edge, and to have principally an IGP in the provider core. The core is stupid, and is traversed by MPLS tunnels -- the role of the IGP is to establish reachability for these LSPs, which run between BGP speakers on the edges. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to recover MSFC password
Hi, When you get locked out of the MSFC on a 6xxx Cat, how do you go about changing its config register to change password? I cant seem to get into the device at boot time to do this. Break only works for the sup engine, not MSFC. Hardware: 6506 ws-x6k-sup1a-2ge Thanks! BH _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can not telnet to router
Upgrade to Cisco IOS 12.1.5C E8 on 7206 . I get these lines under line vty line aux 0 no exec transport input telnet transport output none line vty 0 4 access-class 10 in exec-timeout 60 0 password 7 xxx login transport input lat pad v120 mop telnet rlogin udptn nasi line vty 5 15 password 7 xxx login transport input lat pad v120 mop telnet rlogin udptn nasi * then I could not login to router by telnet. I did not put in transport input lat pad v120 mop telnet rlogin udptn nasi but then comes by default ??? Any hints will be appreciated. Kim * * Kim Quang Vo - ElTele Xst Fredrik Selmersvei 2, N-0603 Oslo. phone.+47 23 18 12 08 mobile .93081208 fax. 47 23181961 * * _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SSHv1 on Cisco IOS
Hi all, I'm attempting to implement SSH access to a 2600 series router running 12.1(7) (yep, the ipsec image). I've read and followed the directions on this document: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 t/121t1/sshv1.htm However, after I generate the rsa key pair, I do not get the ssh commands (ip ssh etc.). I do have a domain name and host name specified and AAA is turned on and functioning correctly. I noticed upon searching the archives that someone else had this exact problem, but no resolution was posted. Anyone have any ideas? Banging head on wall, -Jason _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT- For Sale 2503
hello all, 2503 great condition 16mb/16fl asking price of:$750.00 includes enterprise ios. __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can not telnet to router
line aux 0 no exec transport input telnet Upgrading to IOS 12.1.5C E8 on 7206 I got these in under line vty transport input lat pad v120 mop telnet rlogin udptn nasi then I could not run telnet to router. transport output none line vty 0 4 access-class 10 in exec-timeout 60 0 password 7 xxx login transport input lat pad v120 mop telnet rlogin udptn nasi line vty 5 15 password 7 xxx login transport input lat pad v120 mop telnet rlogin udptn nasi Any hints will be appreciated Kim * * Kim Quang Vo - ElTele Xst Fredrik Selmersvei 2, N-0603 Oslo. phone.+47 23 18 12 08 mobile .93081208 fax. 47 23181961 * * _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: sub-interface encapsulation command
Hey John ISL requires a FastEthernet interface, so I don't think it is supported on the 1603, but you could find out pretty easy on the cisco website. search on ISL and 1603. -e- "John Brandis" <[EMAIL PROTECTED]> wrote: > G'Day all > > I would like to know (if possible) the command for setting the > encapsulation type on my E0.1 interface to ISL or something like that so > I can start messing around with my VLAN config. I am running IOS 12 on a > 1603 series router (not sure if the commands are valid on this series of > router) > > Thanks for any input regarding VLAN sub interface commands. > > JohnnyB > > Sydney Australia Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone looked at this RFC yet? SHOULD BE: Email Naming Conventions
LOL, you've never heard of Scott Bradner? he's also at [EMAIL PROTECTED] so he enjoys his notoriety And, speaking of "didn't they realize", I don't believe computers were even INVENTED when he was born, nor was the concept of TLA's borne yet...however, they can probably be credited with having either great compassion (sob = crying) or an incredible perverse sense of humor (sob = son of a b*tch). And, of course, it's all in YOUR interpretation...it seems like you've already chosen one ;-) -e- "Bellanca Smythe" <[EMAIL PROTECTED]> wrote: > Having taken a look at this bearing in mind the publication date, for some > reason I noticed Scott Bradner's email address. And I question... > > > WHAT WERE HIS PARENTS THINKING? Didn't they realize one day TLA's (three > letter acronyms) would rule the world? One day a TLA might represent your > child's name? Is that really, truly his initials? > > > Poor fellow - going through life being known as "[EMAIL PROTECTED]"... > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > W. Alan Robertson > > Sent: April 2, 2001 10:22 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Anyone looked at this RFC yet? > > > > > > You know, this was brought to my attention yesterday on Slashdot. Since > > yeterday was April 1st, I wasn't sure whether or not this was meant > > to be taken > > seriously. It seems funny to me... I imagine that rather than > > implement this, > > it'd be easier just to remove the firewall. :) > > > > A~ > > > > - Original Message - > > From: "Fowler, Robert J." <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, April 02, 2001 11:12 AM > > Subject: RE: Anyone looked at this RFC yet? > > > > > > > Ooops here is the link... > > > > > > http://www.isi.edu/in-notes/rfc3093.txt > > > > > > > > > -Original Message- > > > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, April 02, 2001 10:50 AM > > > To: [EMAIL PROTECTED] > > > Subject: Anyone looked at this RFC yet? > > > > > > > > > RFC 3093, the Firewall Enhancement Protocol promises to reduce > > the hassle of > > > setting up a firewall by tunneling any TCP/IP application over HTTP. > > > > > > > > > > > > Thanks, > > > Robert Fowler > > > > > > We are told that talent creates its own opportunities. But it sometimes > > > seems that intense desire creates not only its own opportunities, but its > > > own talents. > > > - Eric Hoffer (1902-1983 American Author & Philosopher) Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCMSN
congratulations! onwards and upwards -e- "Lopez, Robert" <[EMAIL PROTECTED]> wrote: > I passed the BCMSN this morning. I have to agree that it was a > straight-forward exam. I felt good throughout the exam. I used the cisco > press books and took the BCMSN class at Mentortech. Two down, two to go for > ccnp! > > -Original Message- > From: Chris Haller [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 31, 2001 5:21 PM > To: [EMAIL PROTECTED] > Subject: Re: BCMSN > > > Took it myself on Thursday. Was in and out in 25 > minutes, and that includes the 68 question survey at > the end. So far, the easiest Cisco test I have ever > seen. I read both Cisco Press and Sybex and Cisco is > definately better. The Sybex book goes along with > SimSwith, which I must say, though there is not much > to it, not a bad tool for $99 bucks !!! > > > --- John Kurkjian <[EMAIL PROTECTED]> wrote: > > I took the exam yesterday (got a 901 on it). A tip > > for the group, use the > > Cisco Press book. It was much more thorough than the > > Sybex book (even though > > Sybex is easier reading). > > > > Just my $0.02 > > > > John > [EMAIL PROTECTED] > > > = > Chris from Chicago > MasterCNE, 5.x CNE, ICNE, 4.x CNE, CCNA, MCP > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/?.refer=text Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Performance Issues
I only have 32 megs on the 515r, the upgrade adds 32 m and a licence which makes it 515UR for 6k. I was thinking that it was pptp, but since I am using local authentication, users authenticate at the fw with one username and password, authentication is very fast but checking email browsing network and saving files etc., is at a crawl. Just opening outlook can take 20 min. I am hoping that the win2k client will solve some of these problems, can someone send me the link.. TIA Kevin >From: "Allen May" <[EMAIL PROTECTED]> >To: "Kevin O'Gilvie" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: Pix Performance Issues >Date: Mon, 2 Apr 2001 11:32:31 -0500 > >Yes. It's not a PIX issue causing the slow VPN. It's a Microsoft issue. >I >validated this by putting a vpn test box outside the firewall. The >encryption overhead and known issues with TCP/IP being slower on Windows >add >up and cause PPTP to crawl. Add on top of that 56K + internet traffic >between users & your network and it's even worse. I do believe I saw a >post >in here saying the Win2K client is available now but I could be mistaken. > >I'm not sure why you're having to do clear xlate daily. I only have to do >that when I change static, conduit, or ACL statements (as required in >docs). >How much memory do you have in the PIX? > >Allen >- Original Message - >From: "Kevin O'Gilvie" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Monday, April 02, 2001 10:51 AM >Subject: Pix Performance Issues > > > > I have a pix 515 R, and I have noticed that I have to clear xlate at >least > > once a day in order to keep it from slowing down internet access, also I > > have users complaining on how slow the vpn is, I am using ms pptp, due >to > > the fact that the windows 2000 client has not come out yet. How can I >get > > this pix maximize performance without upgrading to the UR, which is what > > cisco recommends which is a 6k investment. Is anypne else running into >these > > issues? Also I have noticed since I am using local authentication, there >is > > no security on my domain, once in all users can map drives , delete and >so > > on. I have about 60 users. > > > > Keep in mind that I have global users that use 56k dial up and then pptp >to > > the fw. > > > > TIA > > -Kevin > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Calls between 2 FXS ports on a router
I have the following lab scenario, and I can get Phone1 to call Phone2 & Phone3 and vice versa fine. However, I can't figure out how to make calls between Phone2 and Phone3. I would appreciate it if anyone could give me some tips. Thank you! Phone1 -- FXS -- R1 R2 -- FXS -- Phone2 | FXS | | Phone3 R1 Config: voice-port 1/1/0 cptone KR timeouts interdigit 3 ! dial-peer voice 1 pots destination-pattern 1800512 port 1/1/0 ! dial-peer voice 2 voip destination-pattern 5..T session target ipv4:10.1.1.2 ! dial-peer voice 3 voip destination-pattern 55..T session target ipv4:10.1.1.2 R2 Config: voice-port 1/1/0 timeouts interdigit 3 ! voice-port 1/1/1 timeouts interdigit 3 ! dial-peer voice 1 pots destination-pattern 5512 port 1/1/0 ! dial-peer voice 2 pots destination-pattern 55123 port 1/1/1 ! dial-peer voice 3 voip destination-pattern ..T session target ipv4:10.1.1.1 ! num-exp ... 1800... Regards, Han-Song Kim CCNP/ MCSE/ MCDBA [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSHv1 on Cisco IOS
> I'm attempting to implement SSH access to a 2600 series router running > 12.1(7) (yep, the ipsec image). I suspect that you don't have an image with SSH included. I think you need a T train image for 12.1.x to get SSH. It's not in mainline releases yet, I don't think. You know, I was looking for an image that supported the WIC-1ENET, Voice, IPSec, and a ton of other things on the 1750 and had a heck of time finding an image with 1. the proper hardware support 2. Proper feature support, and 3. no killer bugs. Someone could make a lot of money if they provided IOS release consulting. "What's on this image? Is Foo supported on Bar releases? The hell is 12.1.5-XC3, anyway?" The IOS release structure is wholly inscrutable. It'd be neat if you could plug in a list of necessary features, supported hardware and such, and get back a list of recommended releases. Ben _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange problem, Pls help
An off the top suggestion would be that the two links are load balancing? When one dies the other tries to carry all the traffic but by itself the bandwidth is saturated? Kevin Wigle - Original Message - From: "Gunjan Mathur" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 1:49 AM Subject: Strange problem, Pls help > Hi, > I hve 2621 router and tow WAN links are terminating on > that, my proble is this is one of my wan link goes > down then second link drop the packets. > What colud be the reason of that. > > ravi > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ad: RE: Can not telnet to router
I hav tried transport input all that gives : transport input lat pad v120 mop telnet rlogin udptn nasi I 've checkd ACL 10 , It's OK I don't have any username. I tried to remove ACL under vtty too I could run telnet to router, but when I type password, It did not work , did not give any thing. I could use console to login. BTW, I have just exactly the same configuration to the other router (IOS 12.1.5 T), the difference are IP addr. and so on.. Regards, >>> Jim Dixon <[EMAIL PROTECTED]> 04/02 8:12 >>> take your transport command (under VTY 0 4) and change it to transport input all does it let you telnet now? Yes? Then that was your problem, re-consider your transport command syntax and verbage till you get what you are after. No? Then it is most likely your access list 10 causing the problem. You do have a username/password configured in the router right? Remove the access list from the VTY lines. Does it let you telnet now? YES? THen the access list IS your problem, now go fix it. NO? Then check out the following URL http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12supdoc/dsq cg3/qcddr.htm watch the word w- -rap Look at login authentication default It may be that your AAA authentication lines need to be configured differently. Remember that the router performs the first auth method that is configured then upon failing the second and so on until all have been exhausted, at which time it drops the connection and give error msg. -Original Message- From: Kim Quang Vo [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 12:46 PM To: [EMAIL PROTECTED] Subject: Can not telnet to router line aux 0 no exec transport input telnet Upgrading to IOS 12.1.5C E8 on 7206 I got these in under line vty transport input lat pad v120 mop telnet rlogin udptn nasi then I could not run telnet to router. transport output none line vty 0 4 access-class 10 in exec-timeout 60 0 password 7 xxx login transport input lat pad v120 mop telnet rlogin udptn nasi line vty 5 15 password 7 xxx login transport input lat pad v120 mop telnet rlogin udptn nasi Any hints will be appreciated Kim * * Kim Quang Vo - ElTele Xst Fredrik Selmersvei 2, N-0603 Oslo. phone.+47 23 18 12 08 mobile .93081208 fax. 47 23181961 * * _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT- Practice Labs
I just bought a lab and was wondering if anyone knew where I can get some practice labs to setup. TIA. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2503 Problem
If you are running winnt, they're is a known bug. Hyperterminal implementation on winnt doesn't perform break sequence properly with cisco. Not sure if its a cisco bug or a hyperterm bug. I just know it doesn't work. Anyhow download another terminal emulator - Tera term is my personal recommendation. Cisco also has a junky term emulator that solves this issue. "Ruihai An" <[EMAIL PROTECTED]> wrote: >I had problem to Break from my laptop, but fine when I tried to do it from >another desktop. >You can also lower the baud to 1200 and hold the space key while booting the >router. > >Ruihai > > >"Omer Ehsan Dar" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Hi all, >> I have a 2503 router with 12.0 IOS. it does not obey the password >> recovery command the break command does not work if you hit it during >> bootup. Any suggestions. >> Thanks [EMAIL PROTECTED] > > -- Get the full scoop on your favorite car, truck or SUV. Check out the nice rides on CollegeClub.com http://www.collegeclub.com/channels/autoguide _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Aironet 340
Rodgers, We use the omni-directional yagi antenna. Perhaps the directional antenna may help. The configuration worked pretty well until around a month ago when the interference began. Prior to that signal strength and quality were high. I don't believe normal cellular transmissions interfere with the bridge however, it appears that interference occurs only during testing periods of the cellular tower. This is largely my guess since I am not up for a spread spectrum analysis of something I couldn't correct. Voicestream itself wasn't responsive to queries regarding their cell tests, but the FCC informed us that indeed the cell carrier is capable of interfering with the bridge since our frequency is unlicensed. Matthew -Original Message- From: Rodgers Moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 29, 2001 5:54 PM To: [EMAIL PROTECTED] Subject: Re: Cisco Aironet 340 Do you have the omni-directional antenna, or directional? The directional is polarized and shouldn't interfere or be interfered with other RF sources. The first time I used directionals, they wouldn't get a strong signal, that is until we had both in the same orientation. I had them 90 degrees out of phase, anyway they work rather well. Rodgers Moore <[EMAIL PROTECTED]> wrote in message 52D26B7F4FB6D411A34800E018025FA303758D@MAIL-SK1">news:52D26B7F4FB6D411A34800E018025FA303758D@MAIL-SK1... > Dennis, > > I've worked with the Aironet 340 wireless bridge, and my experience hasn't > been a joyous one. The wireless bridge is usually used to connect > buildings using an 11mbps spread spectrum radio connection. For around > four months, the airbridge worked nearly flawlessly except for some > excessive broadcast traffic. (my fault - didn't bother to segment into > broadcast domains)Around a month ago, we started to experience > tremendous amounts of interference, which would bring the airbridge down for > hours at a time. For two weeks I moved the antenna, modified the > configuration on the airbridge to a lower speed, and ultimately called Cisco > to try to solve, what appeared to be a complete enigma. Turns out it wasn't > a hardware issue or a configuration issue. A voicestream cellular tower on > one of our buildings was causing the interference. Our airbridge was > apparently interfering with their cell tower, and as a result, their high > power testing of the tower caused interference on our airbridge. > While you're using the roaming aironet 340, I thought you could still use > the info. BTW, we use a 3com wireless inside our buildings for laptops and > it works pretty well. > > Matthew > > -Original Message- > From: Adekola, Dennis D [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 27, 2001 8:55 AM > To: cisco > Subject: Cisco Aironet 340 > > Hi Guys, > > I just heard that we shall be dealing in Cisco Aironet 340 roaming > > Has anyone had experience with this ? > > I have had a look on the cisco website and i can see it has something to do > with wireless laptops/PC's > > just wondered if anyone out there could give me a brief summary of the whole > idea > > Thanks > > Dennis > MCSE,CCNA,CCNP > > > > -- -- > - > 21st century air travel http://www.britishairways.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: utilization rate calculation
You can poll it as often as you feel like. Look at it like this, we'll use a car as an example. Let's say you want to know how fast a car is going and the only tools you have available are a stopwatch and the odometer on the car. The speedometer is broken. If you only look at the odometer once and it says "100", does that tell you anything about the speed of the car? Nope. However, if you look at the odometer again after one minute and it says "102" then you know two things: 1) the car has gone two miles in one minute and hence is going 120 miles per hour, and 2) the driver should lose his license. (No offense Dave, I know you'll read this!) The same principle holds for MIB counters. The counters we're talking about increment once for each byte transmitted or received. Looking at it once doesn't help you much because you can't derive a rate from a single sample. If you have a lot of traffic perhaps one sample a minute isn't good enough for you, especially if the traffic is bursty. In a situation like that you might want to sample every 5 or 10 seconds just for fun to watch the ebb and flow of traffic on a link. >>> "Luong, David" <[EMAIL PROTECTED]> 4/2/01 10:30:05 AM >>> It makes more sense now. So it is like 2 polling cycle is MINIMUM in order to get a rate? I could use more than 2? David. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 8:25 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: utilization rate calculation I'll try to restate this in a way that makes sense, but the text you quoted says it pretty well. The MIB data you are accessing is stored as a counter that increments for each byte transmitted and received. Let's say you polled the router and got this information: InOctets: 543980 OutOctets: 234095 Does that tell you anything? Not really. However if you wait a minute and poll it again you could see the amount of traffic in and out of that interface over a period of time, which gives you a rate. A single poll will not give you any usefull information. To get a rate, you need to sample the data over time. In this case the data is stored in bytes so you multiply times eight to get the rate in bits per second. Does that help? If not, I'll try again later after some more coffee. John >>> "Luong, David" <[EMAIL PROTECTED]> 4/2/01 8:50:40 AM >>> Hi Techies, I have recenty been reading Cisco Press' new book called "Peformance and Fault Management" and they stated to measure utilization on a WAN interface (full-duplex); it is recommended to use the following formula: max ( delta(ifInOctets), delta(ifOutOctets) x 8 x 100) -- (number of seconds in delta) x ifSpeed They state because of "MIB II variables are stored as counters, you must take two poll cycles and figure the difference between the two" hence the delta number. I don't understand why two poll cycles are needed and why is using "counters" attributed to this? Thanks, David _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone looked at this RFC yet? SHOULD BE: Email Naming Conventions
>LOL, you've never heard of Scott Bradner? he's also at [EMAIL PROTECTED] so he >enjoys his notoriety To say nothing of Stan O. Barber at Verio. > >And, speaking of "didn't they realize", I don't believe computers were even >INVENTED when he was born, nor was the concept of TLA's borne yet...however, >they can probably be credited with having either great compassion (sob = >crying) or an incredible perverse sense of humor (sob = son of a b*tch). And, >of course, it's all in YOUR interpretation...it seems like you've already >chosen one > >;-) Scott was my advisor on my last book. He has a wicked sense of humor, but also, I think, a decent and compassionate man. But yes -- TLAs might not have been a consideration. I'm not sure exactly how old Scott is, but he's older than I am at 52. >-e- > > >"Bellanca Smythe" <[EMAIL PROTECTED]> wrote: >> Having taken a look at this bearing in mind the publication date, for some >> reason I noticed Scott Bradner's email address. And I question... >> >> >> WHAT WERE HIS PARENTS THINKING? Didn't they realize one day TLA's >(three >> letter acronyms) would rule the world? One day a TLA might represent your >> child's name? Is that really, truly his initials? >> >> >> Poor fellow - going through life being known as "[EMAIL PROTECTED]"... >> >> > -Original Message- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >> > W. Alan Robertson >> > Sent: April 2, 2001 10:22 AM >> > To: [EMAIL PROTECTED] >> > Subject: Re: Anyone looked at this RFC yet? >> > >> > >> > You know, this was brought to my attention yesterday on Slashdot. Since >> > yeterday was April 1st, I wasn't sure whether or not this was meant >> > to be taken >> > seriously. It seems funny to me... I imagine that rather than >> > implement this, >> > it'd be easier just to remove the firewall. :) >> > >> > A~ >> > >> > - Original Message - >> > From: "Fowler, Robert J." <[EMAIL PROTECTED]> >> > To: <[EMAIL PROTECTED]> >> > Sent: Monday, April 02, 2001 11:12 AM >> > Subject: RE: Anyone looked at this RFC yet? >> > >> > >> > > Ooops here is the link... >> > > >> > > http://www.isi.edu/in-notes/rfc3093.txt >> > > >> > > >> > > -Original Message- >> > > From: Fowler, Robert J. [mailto:[EMAIL PROTECTED]] >> > > Sent: Monday, April 02, 2001 10:50 AM >> > > To: [EMAIL PROTECTED] >> > > Subject: Anyone looked at this RFC yet? >> > > >> > > >> > > RFC 3093, the Firewall Enhancement Protocol promises to reduce >> > the hassle of >> > > setting up a firewall by tunneling any TCP/IP application over HTTP. >> > > >> > > >> > > >> > > Thanks, >> > > Robert Fowler >> > > >> > > We are told that talent creates its own opportunities. But it sometimes >> > > seems that intense desire creates not only its own opportunities, but >its >> > > own talents. >> > > - Eric Hoffer (1902-1983 American Author & Philosopher) > >Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange problem, Pls help
I have the same problem at my site we are using BGP routing and when the link to our ISP thats provides us with the IP blocks goes down traffic goes out the other ling but tries to return on the down link because our bgp routes are be filter by the other provider that has agried to advertise them. What protocols are you using? >>> Gunjan Mathur <[EMAIL PROTECTED]> 04/01/01 10:49PM >>> Hi, I hve 2621 router and tow WAN links are terminating on that, my proble is this is one of my wan link goes down then second link drop the packets. What colud be the reason of that. ravi __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text I have the same problem at my site we are using BGP routing and when the link to our ISP thats provides us with the IP blocks goes down traffic goes out the other ling but tries to return on the down link because our bgp routes are be filter by the other provider that has agried to advertise them. What protocols are you using? >>> Gunjan Mathur <[EMAIL PROTECTED]> 04/01/01 10:49PM >>> Hi, I hve 2621 router and tow WAN links are terminating on that, my proble is this is one of my wan link goes down then second link drop the packets. What colud be the reason of that. ravi __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: utilization rate calculation
Thank-you John for the clear explaination. I think I got confused when the book stated "MIB II variables are stored as counters, you must take two poll cycles...". Two? why two? But now I know that is just a minimum to get a rate calculation..not a value that u MUST use. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 10:17 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: utilization rate calculation You can poll it as often as you feel like. Look at it like this, we'll use a car as an example. Let's say you want to know how fast a car is going and the only tools you have available are a stopwatch and the odometer on the car. The speedometer is broken. If you only look at the odometer once and it says "100", does that tell you anything about the speed of the car? Nope. However, if you look at the odometer again after one minute and it says "102" then you know two things: 1) the car has gone two miles in one minute and hence is going 120 miles per hour, and 2) the driver should lose his license. (No offense Dave, I know you'll read this!) The same principle holds for MIB counters. The counters we're talking about increment once for each byte transmitted or received. Looking at it once doesn't help you much because you can't derive a rate from a single sample. If you have a lot of traffic perhaps one sample a minute isn't good enough for you, especially if the traffic is bursty. In a situation like that you might want to sample every 5 or 10 seconds just for fun to watch the ebb and flow of traffic on a link. >>> "Luong, David" <[EMAIL PROTECTED]> 4/2/01 10:30:05 AM >>> It makes more sense now. So it is like 2 polling cycle is MINIMUM in order to get a rate? I could use more than 2? David. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 8:25 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: utilization rate calculation I'll try to restate this in a way that makes sense, but the text you quoted says it pretty well. The MIB data you are accessing is stored as a counter that increments for each byte transmitted and received. Let's say you polled the router and got this information: InOctets: 543980 OutOctets: 234095 Does that tell you anything? Not really. However if you wait a minute and poll it again you could see the amount of traffic in and out of that interface over a period of time, which gives you a rate. A single poll will not give you any usefull information. To get a rate, you need to sample the data over time. In this case the data is stored in bytes so you multiply times eight to get the rate in bits per second. Does that help? If not, I'll try again later after some more coffee. John >>> "Luong, David" <[EMAIL PROTECTED]> 4/2/01 8:50:40 AM >>> Hi Techies, I have recenty been reading Cisco Press' new book called "Peformance and Fault Management" and they stated to measure utilization on a WAN interface (full-duplex); it is recommended to use the following formula: max ( delta(ifInOctets), delta(ifOutOctets) x 8 x 100) -- (number of seconds in delta) x ifSpeed They state because of "MIB II variables are stored as counters, you must take two poll cycles and figure the difference between the two" hence the delta number. I don't understand why two poll cycles are needed and why is using "counters" attributed to this? Thanks, David _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed BCMSN
Just came back from the test center. I found it harder than BSCN too. I finished with 868, when I got a 908 in BSCN. Some of the Q on trunking were very confusing. BTW, what is "frame leakage" ??? Best of luck for those taking the exam. ""Cisco Kidd"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I passed today with a score of 857...I just wanted to say that I thought > this test was harder than the BSCNmaybe I think backwards or > something (I scored 931 on the BSCN)...thanks to all that have posted and > study hard. > > > > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: napshot
__ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2503 Problem
just download hyperterminal private edition, upgrade to the included hyperterminal www.hilgraeve.com Neil Schneider <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If you are running winnt, they're is a known bug. > Hyperterminal implementation on winnt doesn't perform break > sequence properly with cisco. Not sure if its a cisco bug > or a hyperterm bug. I just know it doesn't work. Anyhow > download another terminal emulator - Tera term is my > personal recommendation. Cisco also has a junky term > emulator that solves this issue. > > > "Ruihai An" <[EMAIL PROTECTED]> wrote: > > >I had problem to Break from my laptop, but fine when I > tried to do it from > >another desktop. > >You can also lower the baud to 1200 and hold the space key > while booting the > >router. > > > >Ruihai > > > > > >"Omer Ehsan Dar" <[EMAIL PROTECTED]> wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> Hi all, > >> I have a 2503 router with 12.0 IOS. it does not obey the > password > >> recovery command the break command does not work if you > hit it during > >> bootup. Any suggestions. > >> Thanks > [EMAIL PROTECTED] > > > > > > > -- > > Get the full scoop on your favorite car, truck or SUV. > Check out the nice rides on CollegeClub.com > http://www.collegeclub.com/channels/autoguide _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Snapshot Routing
Sorry, Snapshot routing is purely for Distant vector routng protocols, so eigrp is out of it. Static routes will solve your problem. Thanks Oletu H. G. >Guys, > >I know that snapshot routing support RIP and IGRP >but .does EIGRP >support >snapshot routing? >I had configure EIGRP and snapshot. But seems >snapshot routing got no >effect on EIGRP. When the snapshot is in quiet >status, eigrp >continuous >keeping the ISDN link up. > >If snapshot does not works on EIGRP then is it only >static route can be >used >to keep ISDN link quiet? > >Regards __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix Performance Issues
FYI - you can use the memory upgrade kit meant for 520's in the PIX 515R's for a fraction of the cost. I upgraded our 515R's that had 32MB by adding another 128MB ram and now has 160MB ram. No problems - though it didn't help our performance problems much and hardly any of that memory is being used. Since the system only uses a 200mhz CPU - if you do much VPN'ing go with a 520 or higher system - or buy the VPN accelarator card. Just my experience, Ian -Original Message- From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 2:05 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Pix Performance Issues I only have 32 megs on the 515r, the upgrade adds 32 m and a licence which makes it 515UR for 6k. I was thinking that it was pptp, but since I am using local authentication, users authenticate at the fw with one username and password, authentication is very fast but checking email browsing network and saving files etc., is at a crawl. Just opening outlook can take 20 min. I am hoping that the win2k client will solve some of these problems, can someone send me the link.. TIA Kevin >From: "Allen May" <[EMAIL PROTECTED]> >To: "Kevin O'Gilvie" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: Pix Performance Issues >Date: Mon, 2 Apr 2001 11:32:31 -0500 > >Yes. It's not a PIX issue causing the slow VPN. It's a Microsoft issue. >I >validated this by putting a vpn test box outside the firewall. The >encryption overhead and known issues with TCP/IP being slower on Windows >add >up and cause PPTP to crawl. Add on top of that 56K + internet traffic >between users & your network and it's even worse. I do believe I saw a >post >in here saying the Win2K client is available now but I could be mistaken. > >I'm not sure why you're having to do clear xlate daily. I only have to do >that when I change static, conduit, or ACL statements (as required in >docs). >How much memory do you have in the PIX? > >Allen >- Original Message - >From: "Kevin O'Gilvie" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Monday, April 02, 2001 10:51 AM >Subject: Pix Performance Issues > > > > I have a pix 515 R, and I have noticed that I have to clear xlate at >least > > once a day in order to keep it from slowing down internet access, also I > > have users complaining on how slow the vpn is, I am using ms pptp, due >to > > the fact that the windows 2000 client has not come out yet. How can I >get > > this pix maximize performance without upgrading to the UR, which is what > > cisco recommends which is a 6k investment. Is anypne else running into >these > > issues? Also I have noticed since I am using local authentication, there >is > > no security on my domain, once in all users can map drives , delete and >so > > on. I have about 60 users. > > > > Keep in mind that I have global users that use 56k dial up and then pptp >to > > the fw. > > > > TIA > > -Kevin > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSHv1 on Cisco IOS
There is such a tool but you need a CCO login. Feature Navigator http://www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl Kevin Wigle - Original Message - From: "Ben Hockenhull" <[EMAIL PROTECTED]> To: "jason lynch" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 2:13 PM Subject: Re: SSHv1 on Cisco IOS > > snip < < > You know, I was looking for an image that supported the WIC-1ENET, Voice, > IPSec, and a ton of other things on the 1750 and had a heck of time > finding an image with 1. the proper hardware support 2. Proper feature > support, and 3. no killer bugs. > > Someone could make a lot of money if they provided IOS release consulting. > "What's on this image? Is Foo supported on Bar releases? The hell is > 12.1.5-XC3, anyway?" > > The IOS release structure is wholly inscrutable. It'd be neat if you > could plug in a list of necessary features, supported hardware and such, > and get back a list of recommended releases. > > Ben _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSHv1 on Cisco IOS
Yeah, I've seen this, and it does help somewhat with the feature problem, but it doesn't do much for hardware support. I'm really looking for a tool that combines the hardware support matrix with the Feature Nav and adds in a bit more. > There is such a tool but you need a CCO login. > > Feature Navigator > > http://www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl > > > Kevin Wigle > > > - Original Message - > From: "Ben Hockenhull" <[EMAIL PROTECTED]> > To: "jason lynch" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, April 02, 2001 2:13 PM > Subject: Re: SSHv1 on Cisco IOS > > > > > snip < < > > > You know, I was looking for an image that supported the WIC-1ENET, Voice, > > IPSec, and a ton of other things on the 1750 and had a heck of time > > finding an image with 1. the proper hardware support 2. Proper feature > > support, and 3. no killer bugs. > > > > Someone could make a lot of money if they provided IOS release consulting. > > "What's on this image? Is Foo supported on Bar releases? The hell is > > 12.1.5-XC3, anyway?" > > > > The IOS release structure is wholly inscrutable. It'd be neat if you > > could plug in a list of necessary features, supported hardware and such, > > and get back a list of recommended releases. > > > > Ben _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Snapshot Routing
Only work at distance vector routing protocol, such as RIP, IGRP, RIP for IPX, etc. For link state routing prootocol like OSPF, IS-IS, constant exchange hello packet, snapshot routing will not work in such environmnet. For EIGRP, this particular routing protocol using hello protocol ecchange with neighbor, the ISDN link will keep up when hello packet are exchange with neighbor router, therefore, snapshot will not work in your scenario. Or you may use passive-interface command with static route will be suitable for your scenario, I guess ""Mr. Oletu Hosea Godswill, CCNA"" <[EMAIL PROTECTED]> ? [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sorry, Snapshot routing is purely for Distant vector > routng protocols, so eigrp is out of it. Static routes > will solve your problem. > > Thanks > Oletu H. G. > > >Guys, > > > >I know that snapshot routing support RIP and IGRP > >but .does EIGRP > >support > >snapshot routing? > > >I had configure EIGRP and snapshot. But seems > >snapshot routing got no > >effect on EIGRP. When the snapshot is in quiet > >status, eigrp > >continuous > >keeping the ISDN link up. > > > >If snapshot does not works on EIGRP then is it only > >static route can be > >used > >to keep ISDN link quiet? > > > >Regards > > > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/?.refer=text _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed BCMSN
VLAN leakage is when traffic destined for a certain VLAN (ie: broadcast traffic) is forwarded to switch ports that aren't assigned to the VLAN. The term "leaking" is used to describe the condition. I really had to search for a definition on this one. Good luck in future exams John "Gopinath Pulyankote" <[EMAIL PROTECTED]> wrote in message 9aalds$noe$[EMAIL PROTECTED]">news:9aalds$noe$[EMAIL PROTECTED]... > Just came back from the test center. I found it harder than BSCN too. I > finished with 868, when I got a 908 in BSCN. Some of the Q on trunking were > very confusing. > BTW, what is "frame leakage" ??? > Best of luck for those taking the exam. > > ""Cisco Kidd"" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I passed today with a score of 857...I just wanted to say that I thought > > this test was harder than the BSCNmaybe I think backwards or > > something (I scored 931 on the BSCN)...thanks to all that have posted and > > study hard. > > > > > > > > Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: I love this caveat!
Open caveat in 12.1(7): CSCds22442 A Cisco 3600 series router will stop sending out Local Management Interface (LMI) packets. Workaround: Replace the Cisco 3600 chassis with a Cisco 7200 series platform. I wish all bug workarounds were this easy! Expensive, but easy _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
router as tftp server
All, Can I use a 3640's flash to hold a 2500's image and then tftp that image to a 2500? The 2500 and the original tftp server are more hops apart than the 3640. Anybody done this before? Thanks. Will _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP certification
<< Is it true that I must first re-certify my CCNA before I could take my CCNP exams? >> As long as your CCNA has not expired- you're fine. I took the CCNA a little over 2 years ago & just finished the CCNP. Good Luck with your studies !!! Phil "Hunt Lee" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello everyone, > > Just a stupid question - I did my CCNA certification (ver1.0) about > 2 years ago and I'm currently studying for CCNP. Is it true that I must > first re-certify my CCNA before I could take my CCNP exams? Or can I > just do my CCNP and don't have to worry about my CCNA. Can somebody > please shed some light on this? > > Regards, > Hunt Lee _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT- Practice Labs
www.fatkid.com has some free practice labs. Also, buy the All-in-One CCIE Lab book (forgot who published it). I they have something like 86 labs in that book. Those labs also don't require many routers. Fred >From: "NetEng" <[EMAIL PROTECTED]> >Reply-To: "NetEng" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: OT- Practice Labs >Date: Mon, 2 Apr 2001 13:22:55 -0500 > >I just bought a lab and was wondering if anyone knew where I can get some >practice labs to setup. TIA. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help for BOOTFLASH
Think of the router having three levels of intelligence. Most basic is the Bootstrap image stored in ROM. Next comes the boot image. Then the IOS image that the router runs in production. Each has its own prompt: rommon> , router(boot)>, router#. A boot image placed in bootflash: on a 7500 will automatically load unless the configuration contains a boot bootldr command pointing to another location. It is good, although not necessary, to have the boot and running IOS image be from the same release. (Comments requested from others on this point). The full IOS image that you run will have various features. You determine what you need - then purchase it from Cisco. If you have a service contract you may update (newer rev number) but not upgrade (add features) your IOS image. This running image is stored on a PCMCIA card (slot0: or slot1:) on the RSP card. Default behaviour is to load the first image in slot0: Use "cd" to set the default location. Use "pwd" to see the current default location. Use boot system flash slot0: or 1:file name for other than default location. If you have enough space on your PCMCIA card(s) you may store multiple images. It then becomes easy to change. This is very useful when updating - just in case the newer image doesn't behave as expected. A long way to say that on a 7500 you need both a boot image and a running image (the beefy one). > -Original Message- > From: Mixa [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 11:27 AM > To: [EMAIL PROTECTED] > Subject: Re: Help for BOOTFLASH > > > Daniel, > > I have a similar question. On the CCO, there is a file called > bootflash > image and it's about 5MB to dowload. Also, there are numerous > images to > download as well as as IP, IP/FW/IPSEC etc,. Which one is the > image that a > Cisco 7507 needs to upgrade. My brother asked me a question > and I have no > idea. He wants to flash the latest IOS 12.1.1 but very > confuse. Where is > that bootflash image go on the router? What about slot 0, > slot 1. What about > all the beefy features IOS? > > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSHv1 on Cisco IOS
That was the problem, thanks Ben! Ben Hockenhull <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm attempting to implement SSH access to a 2600 series router running > > 12.1(7) (yep, the ipsec image). > > I suspect that you don't have an image with SSH included. I think you > need a T train image for 12.1.x to get SSH. It's not in mainline releases > yet, I don't think. > > You know, I was looking for an image that supported the WIC-1ENET, Voice, > IPSec, and a ton of other things on the 1750 and had a heck of time > finding an image with 1. the proper hardware support 2. Proper feature > support, and 3. no killer bugs. > > Someone could make a lot of money if they provided IOS release consulting. > "What's on this image? Is Foo supported on Bar releases? The hell is > 12.1.5-XC3, anyway?" > > The IOS release structure is wholly inscrutable. It'd be neat if you > could plug in a list of necessary features, supported hardware and such, > and get back a list of recommended releases. > > Ben _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IBM 8228 MAU
The 8 ports on the 8228 are electro-mechanical. The Ring-In, Ring-Out ports are not. The thingy with the red light has a 9-volt battery in it. It is used to reset the 8 ports. Insert the thingy into the port until the light turns on then off (takes only a couple of seconds. You need to do this to an 8228 any time you have not used it for awhile. John Chang wrote: > I have a IBM 8228 MAU. What is the easiest/fastest way to test each port > including the RI RO? What is the fastest way to test type 1 cables? I > have this thing that has the type connector on one end. It's about 3 > inches long and has a red LED. What is it called and what is it for? I > looked in the archive and I want to IBM's website but couldn't find > anything helpful. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 100base FX connection
Irwin, you won't be able to make this work as expected. The fiber optic ports on a 2900 series Catalyst is only 100Mb, whereas the fiber optic ports (GBIC) on a 3500 series is 1000Mb. The speeds just don't match up. If you want to connect these together, just get a 100Mb media convertor and convert the fiber to twisted pair. You can connect 2900 to 2900 and 3500 to 3500 via fiber, but you cannot mix them unless you use the RJ-45 ports on one or both. Rik "Irwan Hadi" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just curious, if I use Cisco Catalyst 2900MF-XL with fibre optic uplink > module (100 base FX), can I connect the end of the fibre optic cable to a Cisco Catalyst > 3524 XL ? because the Catalyst 3524 XL I think only support for 100 base T > based connection. Should I use any converter for this (from 100 base FX to 100 > base T ? ) > If so what is the converter then, if not, what kind of Catalyst then can I > connect with fibre cable ? > > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IBM 8228 MAU
Has anyone ever seen a schematic diagram for the "port resetting thingy" ? I have a MAU that does not seem to work... Perhaps all it needs is a "reset" with such a device... Perhaps one could build such a device yourself... Anyone -Original Message- From: Jim Barksdale [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 1:37 PM To: [EMAIL PROTECTED] Subject: Re: IBM 8228 MAU The 8 ports on the 8228 are electro-mechanical. The Ring-In, Ring-Out ports are not. The thingy with the red light has a 9-volt battery in it. It is used to reset the 8 ports. Insert the thingy into the port until the light turns on then off (takes only a couple of seconds. You need to do this to an 8228 any time you have not used it for awhile. John Chang wrote: > I have a IBM 8228 MAU. What is the easiest/fastest way to test each port > including the RI RO? What is the fastest way to test type 1 cables? I > have this thing that has the type connector on one end. It's about 3 > inches long and has a red LED. What is it called and what is it for? I > looked in the archive and I want to IBM's website but couldn't find > anything helpful. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Break Command
Is there an IOS command that will disable the break sequence on a router? I can't seem to find any documentation on this. Thanks in advance Nate _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help for BOOTFLASH
I also found it very confusing at first, but I figured this out after much deliberation with trial and errors. For the more upscale and "bigger" routers such as the 7200/7500 series, you need to have a boot image and an IOS image. The boot images are usually between 3-5MB, around there. You can tell if it's a boot image because it will list it in CCO under the description. When you choose an IOS image, you see a lot of different kinds because each IOS image has certain built-in "goodies". Some have some firewalling capabilities and some support stronger encryption and etc. The IOS images can become pretty beefy taking up around 8-12MB. For some of those images, I would also recommend you check to see that you have enough dram to run the image as well. - Original Message - From: "Daniel Cotts" <[EMAIL PROTECTED]> To: "'Mixa'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, April 02, 2001 1:03 PM Subject: RE: Help for BOOTFLASH > Think of the router having three levels of intelligence. Most basic is the > Bootstrap image stored in ROM. Next comes the boot image. Then the IOS image > that the router runs in production. Each has its own prompt: rommon> , > router(boot)>, router#. A boot image placed in bootflash: on a 7500 will > automatically load unless the configuration contains a boot bootldr command > pointing to another location. It is good, although not necessary, to have > the boot and running IOS image be from the same release. (Comments requested > from others on this point). The full IOS image that you run will have > various features. You determine what you need - then purchase it from Cisco. > If you have a service contract you may update (newer rev number) but not > upgrade (add features) your IOS image. This running image is stored on a > PCMCIA card (slot0: or slot1:) on the RSP card. Default behaviour is to load > the first image in slot0: > Use "cd" to set the default location. Use "pwd" to see the current default > location. Use boot system flash slot0: or 1:file name for other than default > location. If you have enough space on your PCMCIA card(s) you may store > multiple images. It then becomes easy to change. This is very useful when > updating - just in case the newer image doesn't behave as expected. > > A long way to say that on a 7500 you need both a boot image and a running > image (the beefy one). > > > -Original Message- > > From: Mixa [mailto:[EMAIL PROTECTED]] > > Sent: Monday, April 02, 2001 11:27 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Help for BOOTFLASH > > > > > > Daniel, > > > > I have a similar question. On the CCO, there is a file called > > bootflash > > image and it's about 5MB to dowload. Also, there are numerous > > images to > > download as well as as IP, IP/FW/IPSEC etc,. Which one is the > > image that a > > Cisco 7507 needs to upgrade. My brother asked me a question > > and I have no > > idea. He wants to flash the latest IOS 12.1.1 but very > > confuse. Where is > > that bootflash image go on the router? What about slot 0, > > slot 1. What about > > all the beefy features IOS? > > > > Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RIP II Route update ?
Hi groupies !!! I just happened upon this' whilst trying to rest my brain from BGP. A RIP II update sends a network mask out onto the wire for every network the router is advertising. Why didn't the designers just code the network mask as a 6 bit field which could represent any mask and save three bytes per network route ? I've had a quick fiddle trying to create some bizzar masks e.g 1.1.1.0 255.0.255.0 but they all generate errors. 'Bad Mask etc' Any ideas !!! Regards, Phil. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Break Command
It varies per Application you are using.. Check here: http://www.cisco.com/warp/public/701/61.html this has various procedures to break with and has helped alot everytime I destroyed my lab. :) HTH Dave On Monday 02 April 2001 17:06, Nathan Chessin wrote: > Is there an IOS command that will disable the break sequence on a router? > I can't seem to find any documentation on this. Thanks in advance > > Nate > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Break Command
Perhaps I wasn't so clear... Is there a way to "disable" the break command in IOS so that any of the break sequences will not work? perhaps something like (config)#no service break -- or -- (config)#no service enable ?? Thanks, Nate _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IBM 8228 MAU
Here is a link on how to build your own... Information on how to use it... Complete with pictures... http://members.aol.com/mcapage1/8228tool.htm Bob Johnson wrote: > Has anyone ever seen a schematic diagram for the "port resetting thingy" ? > I have a MAU that does not seem to work... > Perhaps all it needs is a "reset" with such a device... > Perhaps one could build such a device yourself... > > Anyone > > -Original Message- > From: Jim Barksdale [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 1:37 PM > To: [EMAIL PROTECTED] > Subject: Re: IBM 8228 MAU > > The 8 ports on the 8228 are electro-mechanical. > The Ring-In, Ring-Out ports are not. > The thingy with the red light has a 9-volt battery in it. > It is used to reset the 8 ports. > Insert the thingy into the port until the light turns on then off (takes > only a couple > of seconds. > You need to do this to an 8228 any time you have not used it for awhile. > > John Chang wrote: > > > I have a IBM 8228 MAU. What is the easiest/fastest way to test each port > > including the RI RO? What is the fastest way to test type 1 cables? I > > have this thing that has the type connector on one end. It's about 3 > > inches long and has a red LED. What is it called and what is it for? I > > looked in the archive and I want to IBM's website but couldn't find > > anything helpful. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IBM 8228 MAU
Bob, The item you refer to is called a Ring Initialization tool. Try calling IBM. I searched Black Box, Google.com and IBM's website and found nothing. Someone at IBM has one though. Call tech services and ask where you can order one. -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 4:06 PM To: 'Jim Barksdale'; [EMAIL PROTECTED] Subject: RE: IBM 8228 MAU Has anyone ever seen a schematic diagram for the "port resetting thingy" ? I have a MAU that does not seem to work... Perhaps all it needs is a "reset" with such a device... Perhaps one could build such a device yourself... Anyone -Original Message- From: Jim Barksdale [mailto:[EMAIL PROTECTED]] Sent: Monday, April 02, 2001 1:37 PM To: [EMAIL PROTECTED] Subject: Re: IBM 8228 MAU The 8 ports on the 8228 are electro-mechanical. The Ring-In, Ring-Out ports are not. The thingy with the red light has a 9-volt battery in it. It is used to reset the 8 ports. Insert the thingy into the port until the light turns on then off (takes only a couple of seconds. You need to do this to an 8228 any time you have not used it for awhile. John Chang wrote: > I have a IBM 8228 MAU. What is the easiest/fastest way to test each port > including the RI RO? What is the fastest way to test type 1 cables? I > have this thing that has the type connector on one end. It's about 3 > inches long and has a red LED. What is it called and what is it for? I > looked in the archive and I want to IBM's website but couldn't find > anything helpful. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IBM 8228 MAU reset tool
Here's another good page http://webpages.charter.net/ohlandl/NIC/8228.html You can buy one here http://www.cdromshop.com/cdshop/desc/p.087944087656.html Jim Dixon wrote: > Bob, > > The item you refer to is called > a Ring Initialization tool. > > Try calling IBM. > I searched Black Box, Google.com > and IBM's website and found nothing. > Someone at IBM has one though. > Call tech services and ask where you can order one. > > -Original Message- > From: Bob Johnson [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 4:06 PM > To: 'Jim Barksdale'; [EMAIL PROTECTED] > Subject: RE: IBM 8228 MAU > > Has anyone ever seen a schematic diagram for the "port resetting thingy" ? > I have a MAU that does not seem to work... > Perhaps all it needs is a "reset" with such a device... > Perhaps one could build such a device yourself... > > Anyone > > -Original Message- > From: Jim Barksdale [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 02, 2001 1:37 PM > To: [EMAIL PROTECTED] > Subject: Re: IBM 8228 MAU > > The 8 ports on the 8228 are electro-mechanical. > The Ring-In, Ring-Out ports are not. > The thingy with the red light has a 9-volt battery in it. > It is used to reset the 8 ports. > Insert the thingy into the port until the light turns on then off (takes > only a couple > of seconds. > You need to do this to an 8228 any time you have not used it for awhile. > > John Chang wrote: > > > I have a IBM 8228 MAU. What is the easiest/fastest way to test each port > > including the RI RO? What is the fastest way to test type 1 cables? I > > have this thing that has the type connector on one end. It's about 3 > > inches long and has a red LED. What is it called and what is it for? I > > looked in the archive and I want to IBM's website but couldn't find > > anything helpful. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
