NLSP (Novell Netware) [7:314]

2001-04-12 Thread [EMAIL PROTECTED] (Aaron) 

Hi all, 
I have a question about the NLSP, which is the routing protocol used for 
Novell Netware Protocol stack. How does it calculate the "cost", and does 
it like the OSPF's metric: 10(8)/BW. 

Thank you very much!

Aaron.z




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=314&t=314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: [7:315]

2001-04-12 Thread Ravi Kumar 

hi

it worked for me also

but data transmission speed is very low.

is there any command to be included in increase data throughput?

hi z

i am from India. I added your name in msn list. if u r interested, u can add
me in your list for our future tech discussions.


bye
ravee

"Mask Of Zorro"  wrote:
1. Yes
2. Yes

http://www.cisco.com/warp/public/123/4.html

I know that the link shows backup ddr, but you could modify the config so 
that there is no Serial link between the routers and you wouldnot need the 
floating static route... the async dynamic routing command allows the route 
updates across the async link.

I have had to do this sort of thing for remote offices that needed to open 
before the telco could get their frame circuit installed. It works...

Z


>From: "bigmo" 
>Reply-To: "bigmo" 
>To: [EMAIL PROTECTED]
>Subject: AUX question
>Date: Tue, 27 Mar 2001 18:39:04 +0200
>
>I have an question concerning the auxiliary port on cisco routers:
>
>1- can you connect 2 routers to each other using solely the Auxiliary
>ports?
>
>  What will be the setup:
>
>  a- router1---modem1--modem2router2
>  b- router1---router2
>
>2- can you have routing updates over that link?
>
>Regards.
>MF
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

Get free email and a permanent address at http://www.netaddress.com/?N=1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=315&t=315
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

unsubscribe [7:316]

2001-04-12 Thread Utami Saritidar 

unsubscribe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=316&t=316
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Inter vlan routing [7:308]

2001-04-12 Thread Aidan Manning 

When using PDCs on a different VLAN to the client you sometimes have to add
entries in the client LMHOSTS file (winnt/system32/driver/etc/lmhosts) to
find the PDC (as netbios is not a routable protocol). This file maps the
netbios name to the IP address. To do this copy the LMHOSTS.sam file and add
your entries. Then go to TCP/IP properties in networks and click on import
LMHOSTS. This will create the lmhosts file and allow netbios to travel
accross vlans.

Rgds,
Aidan.


[EMAIL PROTECTED]
> Group Pls help me with this config:-
>
> cat 4k switch--->cat6509 vlan 1 Vlan2
> NT PDC 1 NT PDC 2
>
> USERx USERy
>
>
> I have a small setup of 3 catalyst switches. CAT6509 main switch is
> having 2 SUP module (one for redundancy & 2 MSFC card for routing purpose.
> There are 2 cat4003 switches installed at 2 diff floors & both are part of
> diff vlan's - VLAN1 & VLAN2.
> My users are facing problem when they try to access opposite side vlan
when
> actually sitting in one vlan. they sometimes not able to login. The error
> they get is domain server not available & also does not get IP address
> from DHCP server. But they can login to local domain which is part of
local
> VLAN. This problem is only faced by users having laptop (IBM).
> Does anybody faced this problem ever.
>
> On both of my servers NT 2 way trust relationship is established so that
> users can login to any domain. I have also specified ip helper-address in
> my main 6509 MSFC card. The switches are connected via gigabit uplink
ports.
> It is not login id problem because I am able to login to both the server
> when I physically go to opposite vlan & managed to login to both the
server.
>
>
> help appreciated...
>
> regds
> HP
>
>
>
> 
> Get free email and a permanent address at http://www.netaddress.com/?N=1
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=317&t=308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to determine CIR and increase CIR of FR? [7:259]

2001-04-12 Thread Stephen Skinner 

OK..

it appears i was wrong on this Bandwidth thing.

my appologies and thanks for everyone putting me on the right path

BTW

is there any way of controlling the speed of your inputI.E 
throttleing down .

Best regards

steve

thanks snyway
>From: "EA Louie" 
>Reply-To: "EA Louie" 
>To: [EMAIL PROTECTED]
>Subject: Re: How to determine CIR and increase CIR of FR? [7:259]
>Date: Wed, 11 Apr 2001 16:35:00 -0400
>
>No one indicated that you were wrong.  However, more clarity would be to
>answer all the question(s) completely.
>
>-e-
>
>- Original Message -
>From: "Stephen Skinner"
>To: ;
>Sent: Wednesday, April 11, 2001 1:52 AM
>Subject: Re: How to determine CIR and increase CIR of FR?
>
>
> > i don`t mean to be rude ,but i was essential correct..
> >
> > if you set the bandwidth command to 64k and you have a CIR of 128K yo 
>will
> > only get 64K...But as my good friends have pointed out the default is
> > 1.544kb..but i was just trying to make that point stand out that 
>it`s
> > the serivce provider who makes the call about the info rate...
> >
>Baloney.  You'll still get minimally 128k.  Thus, if you set
>interface serial 0
>  bandwidth 64000
>
>and you have a CIR of 128k, you will still get 128k (plus bursts up to the
>data rate of the frame relay port).  The bandwidth command does *nothing
>physically limiting* to the interface.  It merely acts as the reference
>number for load calculations on show interfaces and for the metric
>calculation for dynamic routing protocols.  The txload and rxload fractions
>will be inaccurate, though, with this configuration.
>
> > I`m sorry if i`m bieng ANAL about this i just wanted myself to be 
>clear..
> >
> > best regards
> >
> > steve
> >
> >
> > >From: "EA Louie"
> > >Reply-To: "EA Louie"
> > >To:
> > >Subject: Re: How to determine CIR and increase CIR of FR?
> > >Date: Mon, 9 Apr 2001 08:16:49 -0700
> > >
> > >ohhh no the bandwidth statement in the interface is *manually*
>entered
> > >(defaulted at 1544 Kbit for a serial interface), and is used to
>calculate:
> > >1.  metrics for routing protocols, and
> > >2.  bandwidth utilization in the "show interfaces" display
> > >so it's important to have it set correctly.
> > >
> > >Some frame relay carriers (Sprint and PacBell come to mind) do not
>transmit
> > >their CIR, so 'show frame-relay map' doesn't display their CIR.
> > >
> > >The frame relay provider does need to be contacted to increase CIR.
>Higher
> > >CIR usually translates into a cost increase for the circuit.
> > >
> > >Here's an explanation of EIR - also see
> > >http://www.nwfusion.com/newsletters/frame/1108fr2.html and
> > >http://www.nwfusion.com/newsletters/frame/1206fr1.html
> > >
> > >EIR is the difference between the port speed of the frame relay service
>and
> > >the CIR.  The port speed is set by the frame relay service provider, 
>and
> > >may
> > >be lower than the maximum interface speed - for example, on a T-1
>circuit,
> > >the provider could provide a 384kbps port and a 128k CIR.  In this 
>case,
> > >the
> > >EIR = 256k, and it would be wise to set the interface bandwidth to 384k
> > >(bandwidth 384 on the serial interface) to match the port speed.  And 
>the
> > >port speed is usually the maximum rate at which one can oversubscribe 
>the
> > >PVC (that is, it is usually the frame relay burst rate)
> > >
> > >The moral of the story - just because there is an *access circuit* at a
> > >particular transmission rate does not assure you that you burst at that
> > >rate.  The interface is rate-limited to the port speed that was ordered
> > >from
> > >the frame relay carrier.
> > >
> > >-e-
> > >- Original Message -
> > >From:
> > >To: Greg Owens
> > >Cc: ;
> > >Sent: Monday, April 09, 2001 6:55 AM
> > >Subject: Re: RE: How to determine CIR and increase CIR of FR?
> > >
> > >
> > > > Are you sure that information isn't just taken from the "bandwidth"
> > >statements on the subinterfaces?
> > > >
> > > >
> > > > Greg Owens  wrote:
> > > > > Sh frame map will show u the CIR
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf 
>Of
> > > > Stephen Skinner
> > > > Sent: Monday, April 09, 2001 7:45 AM
> > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > > > Subject: Re: How to determine CIR and increase CIR of FR?
> > > >
> > > > your CIR (Committed information rate) is supplied by your SP ...you
>and
> > >him
> > > > agree how much you can have( depending on how much you pay)
> > > > usually the person setting up your router sets the "BANDWIDTH"
> > >command
> > > > to the CIR+ BR (burst rate) I.E how high you CAN go up to for a
>limited
> > > > amount of time ..again your service provider has set this for 
>you
> > >.
> > > >
> > > > HTH
> > > >
> > > > steve
> > > >
> > > >
> > > > >From: "David Gollop"
> > > > >Reply-To: "David Gollop"
> > > > >To: [EMAIL PROTECTED]
> > > > >Subject: How to determine CIR and increase CIR of FR?

RE: Design Challenge - a bit off topic [7:195]

2001-04-12 Thread Stephen Skinner 

OK.


i`m still studying so i may well be WAY-OFF  the mark here ...but John says

>|  Solution will entail two internet connections, a T1 and a DSL. Routing
> >will
> >|  be configured such that priority traffic will use the T1 connection, 
>and
> >|  ordinary internet browsing will use the DSL connction.


?

you would need to define "priority traffic" and then assign a high prioirty 
queue then assign that to an interface.assign the rest of the 
traffic to another queue on the other (DSL) interface..

you know i think that`s the solution but i am begginging to doubt myself...i 
swear i am missing something very basic and will be laughed at but hey..


i can always change my e-mail address...


best regards

steve


>From: "Chuck Larrieu" 
>Reply-To: "Chuck Larrieu" 
>To: [EMAIL PROTECTED]
>Subject: RE: Design Challenge - a bit off topic [7:195]
>Date: Wed, 11 Apr 2001 19:06:13 -0400
>
>My DE and I were practically rolling on the floor with this one.
>
>Rule number one: the customer is always right.
>
>Rule number two: when the customer's head is where the sun don't shine,
>refer to rule number one. ;->
>
>I agree with much of your assessment. Problem I have is that I work for a
>telco, and sometimes what we in the data side are given is the result of a
>telco account manager trying to meet T1 and DSL quota by making these kinds
>of suggestions. Gullible customers then latch on to what has been presented
>as a good idea. This RFI had all the markings of a telco-based solution.
>
>I do have a question for you, based on something you stated below:
>
>Recognizing that you have two outbound interfaces - T1 and DSL, how will
>custom queuing deliver the required packets to the appropriate interface?
>
>Chuck
>
>-Original Message-
>From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>Stephen Skinner
>Sent:  Wednesday, April 11, 2001 2:55 AM
>To:[EMAIL PROTECTED]
>Subject:   Re: Design Challenge - a bit off topic [7:195]
>
>Some interesting questions
>
>me personally 
>
>no-one has talked about restrictions of any sort ( a-la firewall)..so lets
>say there isn`t just use 1 of 16 different custom queues ...not really
>an effective tool fir this job but hey.Design solutions it is ...
>
>I also don`t like the idea about this T1/DSL link stuff...i always advise
>customers to have the same."if you want to have a SEEMLESS service 
>don`t
>skimp ..all things should be equal".
>obviously it wont be totally seamless as you will have a lot of info going
>across 1 instead of 2 links...but it`s closer than DSL
>.
>
>Questions for the customer??
>
>would you like ME to design your network or would you like to do it
>yourself..being as i have years of experience and you have none...
>
>JUST SLIGHTLY MORE POLITELY...
>
>then i would convince the customer that my way was best and had loads of
>advantages and his way would lead to lots of scratching chins and "ohhh i
>wouldn't`t have done it that way...Boss" by support engineers from 
>whichever
>company he gets to support him as i won`t be going anywhere near his 
>network
>if he can`t be bothered to listen
>
>AGAIN just more politely
>
>HTH
>
>steve
>
>P.S that is no joke i have had to TELL customers that before ...they
>just won`t listen.and i do still have my job
>
>
>
> >From: "John Neiberger"
> >Reply-To: "John Neiberger"
> >To: [EMAIL PROTECTED]
> >Subject: Re: Design Challoenge - a bit off topic [7:195]
> >Date: Wed, 11 Apr 2001 02:45:45 -0400
> >
> >Thoughts inline below
> >
> >|  Howard's comment brings to mind a problem my Design Engineer raised 
>when
> >|  responding to a customer RFI.
> >|
> >|  Howard's comment: .  (Pause for usual mystification on why someone 
>wants
> >|  routing protocols to pass through
> >|  a firewall, a fairly frequent question).
> >|
> >|  The customer RFI stated requirement ( wording as best as I can 
>remember
> >):
> >|  Solution will entail two internet connections, a T1 and a DSL. Routing
> >will
> >|  be configured such that priority traffic will use the T1 connection, 
>and
> >|  ordinary internet browsing will use the DSL connction.
> >|
> >|  Lindy and I were having a real good laugh about the vagueness of the
> >|  requirement, when we decided to try to come up with a solution. We 
>came
> >up
> >|  with a number of questions for the customer to elaborate upon, and a
> >|  possible solution. Would anyone else care to use this as a test of
> >design
> >|  issues?
> >|
> >|  If memory serves, the customer defined "priority" traffic as e-mail 
>and
> >|  connectivity to a certain external web site.
> >|
> >|  So:
> >|
> >|  1) what are some of the questions the customer still needs to|
> >answer?
> >
> >My first question to them would be "Do you really think that email and 
>that
> >one website alone justify a full T-1, while the rest of the internet
> >traffic
> >for you company goes upstream on a measly DSL circuit?"
> >
> >Questio

unsubscribe [7:320]

2001-04-12 Thread Pedro Antunes 

unsubscribe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=320&t=320
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Passing IPSEC packets on dsl [7:321]

2001-04-12 Thread Elijah Savage 

All,
 
I purchased a 1605 from eBay for my home lab. I decided to play with it
a bit on my DSL circuit. I am using NAT on this router, and everything
works fine except that now I can't vpn from the inside. Example, trying
to establish a vpn connection from a client on my local network in to
our vpn router at my place of employment. Of course with the netgear dsl
router it passes those ipsec packets. I was wondering if anyone has
tried this before and been able to make this happen.
 
Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=321&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Traps [7:322]

2001-04-12 Thread Jeff Duchin 

Has anyone been able to manipulate CW2000 to process traps? I don't
understand the logic at all... it can accept and display Syslog messages
from devices but not Traps.

So if anyone has pulled this off, please let me know as I'm trying to avoid
having another NMS just to send Traps to. You'd think by the price that it
would be able to do this and pour you a pint of Guinness at the same time!

Any help appreciated,
Jeff




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=322&t=322
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CEF [7:304]

2001-04-12 Thread andyh 

no - cef (Cisco Express Forwarding) is a different animal than NetFlow.

cef requires "ip cef" in global config, and "ip route-cache cef" on a
per-interface basis - seems that you have cef enabled, but not implemented
on any interfaces.  CEF is a very clean way to accelerate route-lookup - it
pro-actively builds a forwarding table (FIB - forwarding Information Base)
from the route and arp tables, eliminating recusrive route-lookups.  CEF it
is not really "switching" as such - packets will still be routed by the main
processor during interrupts (except on 75XXs and GSRs where dCEF will
offload routing to the VIPs or line cards).  Be aware that early
implementations were prone to bugs - CEF if sometimes spelt
!.!.!.!.!.!.!.!.!

NetFlow is not a switching method per se.  It is primarily intended for
flow-analysis data-export to an analysis program (cflowd, etc.), although it
does have the side-effect of ACL acceleration under certain circumstances.
You will need "ip route-cache flow" on any interfaces you want NetFlow
enabled on.

I would recommend "Inside Cisco IOS Software Architecture" if you want to
know how the different switching algorithms *really* work.

cheers

Andy

- Original Message -
From: "Gayathri" 
To: 
Sent: Thursday, April 12, 2001 5:03 AM
Subject: CEF [7:304]


> Hi,
>
> If i have a statement 'ip cef' in the router, does this mean I have
enabled
> netflow?
>
> Under the interfaces , the configuration is
> no ip route-cache cef
> no ip route-cache distributed
>
> Thanks for any inputs...
>
>
> Regards
>
> Gayathri
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=323&t=304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

deb int command [7:324]

2001-04-12 Thread Venkataramanaiah.R 

Hi,

Can somebody explain explain the use of  "debug interface serial 3/1/1 "
command.


Regards
-Venkat


"The greatest glory in living lies not in never falling, 
but in rising every time we fall ."
-- Nelson Mandela




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=324&t=324
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on dsl [7:321]

2001-04-12 Thread Charles Manafa 

VPN does not work when IPSEC packets are NAT'd. One of the reasons why this
doesn't work is that packet authentication will fail when the packet is
NAT'd - the calculated hash will not match after NAT has been applied.

Charles

-Original Message-
From: Elijah Savage
To: [EMAIL PROTECTED]
Sent: 12/04/01 12:11
Subject: Passing IPSEC packets on dsl [7:321]

All,
 
I purchased a 1605 from eBay for my home lab. I decided to play with it
a bit on my DSL circuit. I am using NAT on this router, and everything
works fine except that now I can't vpn from the inside. Example, trying
to establish a vpn connection from a client on my local network in to
our vpn router at my place of employment. Of course with the netgear dsl
router it passes those ipsec packets. I was wondering if anyone has
tried this before and been able to make this happen.
 
Thanks in advance.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=325&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Inter vlan routing [7:308]

2001-04-12 Thread Charles Manafa 

You need the "ip forward-protocol udp" command. 

Charles

-Original Message-
From: Infotech
To: [EMAIL PROTECTED]
Sent: 12/04/01 05:36
Subject: Inter vlan routing [7:308]

Group Pls help me with this config:-

cat 4k switch--->cat6509<-- cat 4k switch
vlan 1  Vlan2
NT PDC 1NT PDC 2

USERx   USERy


I have a small setup of 3 catalyst switches. CAT6509 main switch is 
having 2 SUP module (one for redundancy & 2 MSFC card for routing
purpose.
There are 2 cat4003 switches installed at 2 diff floors & both are part
of 
diff vlan's - VLAN1 & VLAN2. 
My users are facing problem when they try to access opposite side vlan
when 
actually sitting in one vlan. they sometimes not able to login. The
error 
they get is domain server not available & also does not get IP address
from DHCP server. But they can login to local domain which is part of
local
VLAN. This problem is only faced by users having laptop (IBM). 
Does anybody faced this problem ever.

On both of my servers NT 2 way trust relationship is established so that
users can login to any domain. I have also specified ip helper-address
in
my main 6509 MSFC card. The switches are connected via gigabit uplink
ports.
It is not login id problem because I am able to login to both the server
when I physically go to opposite vlan & managed to login to both the
server.


help appreciated...

regds
HP




Get free email and a permanent address at http://www.netaddress.com/?N=1
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=326&t=308
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: AppleTalk on Support exam [7:269]

2001-04-12 Thread Phil Barker 

I took the support exam in Feb 2001 UK. There was
appletalk on, in the form of sniffer output, what is
this frame ? etc. I had about 10 of these type of
questions, which is good if you know your sniffer.

Regards,

Phil.

--- Priscilla Oppenheimer  wrote:
> For those of you who have taken the Support exam
> recently, did you get any 
> AppleTalk questions?
> 
> The outline for the 640-506 Support exam still
> includes AppleTalk.
> 
>
http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exams/640-506.html
> 
> The outline for the exam is a mess, though, so I'm
> not sure if I should 
> believe it. The outline for the course does not
> include AppleTalk.
> 
>
http://www.cisco.com/pcgi-bin/front.x/wwtraining/CELC/index.cgi?action=CourseDesc&COURSE_ID=1492
> 
> THANKS
> 
> Priscilla
> 
> 
> 
> Priscilla Oppenheimer
> http://www.priscilla.com
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]



Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=327&t=269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IGX log files [7:330]

2001-04-12 Thread Bulent Sahin 

Hi,
I want to get the log files of IGX switches to process them with a program. I
haven't seen any option in WAN Manager to get the log files and "telnet" is
not a good way. SNMP or TFTP are possible options, but I couldn't find any
documentation. Help!

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=330&t=330
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passing IPSEC packets on dsl [7:321]

2001-04-12 Thread Circusnuts 

Are you sure- my PIX 506 does it with no problem ???

- Original Message -
From: Charles Manafa 
To: 
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]


> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -Original Message-
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example, trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=329&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Security courses... anybody? [7:328]

2001-04-12 Thread RaonĂ­ Castro 

Hello everyone,

Does anybody did any of the following cisco courses ?
What do you think about them ?
Do you have the course material?

CSPFA - (Cisco Secure Pix Firewall Advanced)
CSIDS - (Cisco Secure Intrusion Detection System)
CSVPN - (Cisco Secure Virtual Private Network)


TIA,

Raonm Castro
Systems Engineering
PROLAN Solugues Integradas S.A. - Brazil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=328&t=328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

unsubscribe [7:331]

2001-04-12 Thread [EMAIL PROTECTED] 

unsubscribe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=331&t=331
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Elijah Savage 

Yeah his comment makes me curious as to what these DSL router
manufacturers have done to make it work. Surely if someone like netgear
can make it work Cisco can.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Passing IPSEC packets on dsl [7:321]

Are you sure- my PIX 506 does it with no problem ???

- Original Message -
From: Charles Manafa 
To: 
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]


> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet
is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -Original Message-
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with
it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example,
trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear
dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=332&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Netarx (Cisco Premier Partner Job Openings in NY & MI)... [7:333]

2001-04-12 Thread Craig Perry 

CCIE candidate,

My name is Craig Perry and I am a Corporate Recruiter for Netarx Innovation
Technology. We currently have a need for 2 CCIE's in either our NY and/or
Michigan office.  Please attach a WORD version of your resume which includes
salary, US work authorization status, and if you prefer contract and/or
permanent placement.

WHO IS NETARX?

NETARX is a total solution provider of information technology with
Headquarters in Bingham Farms, Michigan and offices in Great Neck, NY.  We
have made a pledge to be the most competitive and responsive customer
service company in the industry today and into the future.  Our satisfied
clients include financial firms, insurance firms, area manufacturers,
retailers, media holdings and professional service firms as well as
non-profits and government agencies.

Our operations are divided into five strategic areas to service our clients
optimally:

 7 CORPORATE NETWORK INTEGRATION
 7 TECHNICAL STAFFING
 7 CUSTOM SOFTWARE DEVELOPMENT
 7 REMOTE NETWORK MONITORING
 7 CABLE PLANT INFRASTRUCTURE

 Ameritech Authorized Distributor (AD), let Netarx provision your lines
efficiently.

  Our strategic partners include:

  Cisco Systems - Citrix - Compaq - Hewlett Packard - IBM
  Ipswitch - Microsoft - Novell - Intel
  3Com - WYSE - Ameritech

  Our Mission is Clear:

  As a technology partner committed to our clients,
  Netarx combines leading edge technology with solid
  business understanding to enable tangible growth through
  innovation.

 Here are several URLs to illustrate Netarx strategic partners
  & recent honors:

 Long Island Business News (Feature Article)
 


 Cisco:
 

 Microsoft:

 

 Honors:

Future 50 of Greater Detroit



ComputerWorld 2001 - 100 Emerging Companies to watch







Craig J. Perry
11 Grace Avenue, Suite 306
Great Neck, NY 11021
(516) 829-8700
(516) 829-8777 (Fax)
[EMAIL PROTECTED]
www.netarx.com

Michigan Office (Headquarters)
30910 Telegraph Road & 13  Mile Road
Bingham Farms, MI 48025
248-647-9800











Under Bill s.1618 Title III passed by the 105th U.S. Congress this mail
cannot be considered Spam as long as we include contact information and a
remove link for removal from our mailing list. To be removed from our
mailing list, reply with remove in the subject heading and your email
address in the body. Include complete address and domain to be removed.
Pursuant to Federal law, if you do not wish to receive future email messages
from us, please reply with "remove" and your e-mail address will be promptly
removed. To ensure a quick response, please include all pertinent email
addresses. Please notify the sender immediately by e-mail if you have
received this e-mail by mistake and delete this e-mail from your system.


 >

[GroupStudy.com removed an attachment of type application/octet-stream which
had a name of Craig Perry.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=333&t=333
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco TFTP Program??? [7:167]

2001-04-12 Thread Donald B Johnson jr 

Does anybody know where the terminal software is.
It fits on a floppy and can be used to send a break signal on NT
Don


- Original Message -
From: "Tom Lisa" 
To: 
Sent: Wednesday, April 11, 2001 5:33 PM
Subject: Re: Cisco TFTP Program??? [7:167]


> You can get Cisco's TFTP program here:
> http://www.cisco.com/public/sw-center/sw-web.shtml
>
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco Regional Networking Academy
>
> sparkest pig wrote:
>
> > hi,
> >
> > could you please let me know where i can download a tftp program from
cisco
> > website?   i tried to find it but i can't
> >
_
> > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=334&t=167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

unsubscribe [7:335]

2001-04-12 Thread [EMAIL PROTECTED] 

unsubscribe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=335&t=335
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Security courses... anybody? [7:328]

2001-04-12 Thread [EMAIL PROTECTED] 

I took the CSVPN class.  I thought the course was great.  It gives you the
opportunity to configure VPN between routers, concentrators, and the PIX
firewalls. Good class...I would recommend it.
 

-Original Message-
From: Raonm Castro [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 8:07 AM
To: [EMAIL PROTECTED]
Subject: Security courses... anybody? [7:328]


Hello everyone,

Does anybody did any of the following cisco courses ?
What do you think about them ?
Do you have the course material?

CSPFA - (Cisco Secure Pix Firewall Advanced)
CSIDS - (Cisco Secure Intrusion Detection System)
CSVPN - (Cisco Secure Virtual Private Network)


TIA,

Raonm Castro
Systems Engineering
PROLAN Solugues Integradas S.A. - Brazil
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=336&t=328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Hire, Ejay 

Most flavors of IPsec VPN's will work if you establish a static NAT pool
(i.e. one-to-one mapping) for the Internal host in question.  When the
remote end of the tunnel replies to the IP that sources the traffic, (The
external Ip of the one-to-one mapping), it connects properly.

I apologize for not explaining this more clearly, but I've been doing NAT on
a Springtide box, and have forgotten what Cisco calls a Static nat pool.

Ejay Hire
804-220-7724
877-200-7020,x7724
... Answers are free.  Explanations will cost you a Diet Pepsi.  



-Original Message-
From: Elijah Savage [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 7:11 AM
To: [EMAIL PROTECTED]
Subject: Passing IPSEC packets on dsl [7:321]


All,
 
I purchased a 1605 from eBay for my home lab. I decided to play with it
a bit on my DSL circuit. I am using NAT on this router, and everything
works fine except that now I can't vpn from the inside. Example, trying
to establish a vpn connection from a client on my local network in to
our vpn router at my place of employment. Of course with the netgear dsl
router it passes those ipsec packets. I was wondering if anyone has
tried this before and been able to make this happen.
 
Thanks in advance.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=337&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Design Challenge - a bit off topic [7:195]

2001-04-12 Thread John Neiberger 

What's missing is that queueing in this context is only relevant on a
per-interface basis.  For instance, if you turn on custom queueing on an
interface, all the 16 queues belong to that interface.  It would not be
possible--nor would it make sense--to split up those queues between
interfaces.  Queueing only comes into play when a single interface
becomes congested and it allows the prioritization of certain traffic at
the expense of other traffic.  That wouldn't be the case here.

In the original post, "priority traffic" simply referred to the
importance of that traffic relative to other traffic, it was not a
reference to queueing.  They want the higher priority traffic to take
the T-1 and have the rest of the slobs checking stocks or looking up
scores on www.espn.com to go out the DSL line.  

I hope that was fairly clear.  I'm a little foggy this morning.

John

>>> "Stephen Skinner"  4/12/01 4:33:06 AM >>>
OK.


i`m still studying so i may well be WAY-OFF  the mark here ...but John
says

>|  Solution will entail two internet connections, a T1 and a DSL.
Routing
> >will
> >|  be configured such that priority traffic will use the T1
connection, 
>and
> >|  ordinary internet browsing will use the DSL connction.


?

you would need to define "priority traffic" and then assign a high
prioirty 
queue then assign that to an interface.assign the rest of the 
traffic to another queue on the other (DSL) interface..

you know i think that`s the solution but i am begginging to doubt
myself...i 
swear i am missing something very basic and will be laughed at but
hey..


i can always change my e-mail address...


best regards

steve


>From: "Chuck Larrieu" 
>Reply-To: "Chuck Larrieu" 
>To: [EMAIL PROTECTED] 
>Subject: RE: Design Challenge - a bit off topic [7:195]
>Date: Wed, 11 Apr 2001 19:06:13 -0400
>
>My DE and I were practically rolling on the floor with this one.
>
>Rule number one: the customer is always right.
>
>Rule number two: when the customer's head is where the sun don't
shine,
>refer to rule number one. ;->
>
>I agree with much of your assessment. Problem I have is that I work
for a
>telco, and sometimes what we in the data side are given is the result
of a
>telco account manager trying to meet T1 and DSL quota by making these
kinds
>of suggestions. Gullible customers then latch on to what has been
presented
>as a good idea. This RFI had all the markings of a telco-based
solution.
>
>I do have a question for you, based on something you stated below:
>
>Recognizing that you have two outbound interfaces - T1 and DSL, how
will
>custom queuing deliver the required packets to the appropriate
interface?
>
>Chuck
>
>-Original Message-
>From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
>Stephen Skinner
>Sent:  Wednesday, April 11, 2001 2:55 AM
>To:[EMAIL PROTECTED] 
>Subject:   Re: Design Challenge - a bit off topic [7:195]
>
>Some interesting questions
>
>me personally 
>
>no-one has talked about restrictions of any sort ( a-la firewall)..so
lets
>say there isn`t just use 1 of 16 different custom queues ...not
really
>an effective tool fir this job but hey.Design solutions it is ...
>
>I also don`t like the idea about this T1/DSL link stuff...i always
advise
>customers to have the same."if you want to have a SEEMLESS service

>don`t
>skimp ..all things should be equal".
>obviously it wont be totally seamless as you will have a lot of info
going
>across 1 instead of 2 links...but it`s closer than DSL
>.
>
>Questions for the customer??
>
>would you like ME to design your network or would you like to do it
>yourself..being as i have years of experience and you have
none...
>
>JUST SLIGHTLY MORE POLITELY...
>
>then i would convince the customer that my way was best and had loads
of
>advantages and his way would lead to lots of scratching chins and
"ohhh i
>wouldn't`t have done it that way...Boss" by support engineers from 
>whichever
>company he gets to support him as i won`t be going anywhere near his 
>network
>if he can`t be bothered to listen
>
>AGAIN just more politely
>
>HTH
>
>steve
>
>P.S that is no joke i have had to TELL customers that before
...they
>just won`t listen.and i do still have my job
>
>
>
> >From: "John Neiberger"
> >Reply-To: "John Neiberger"
> >To: [EMAIL PROTECTED] 
> >Subject: Re: Design Challoenge - a bit off topic [7:195]
> >Date: Wed, 11 Apr 2001 02:45:45 -0400
> >
> >Thoughts inline below
> >
> >|  Howard's comment brings to mind a problem my Design Engineer
raised 
>when
> >|  responding to a customer RFI.
> >|
> >|  Howard's comment: .  (Pause for usual mystification on why
someone 
>wants
> >|  routing protocols to pass through
> >|  a firewall, a fairly frequent question).
> >|
> >|  The customer RFI stated requirement ( wording as best as I can 
>remember
> >):
> >|  Solution will entail two internet connections, a T1 and a DSL.
Routing
> >will
> >|  be configured such that prio

2900xl Switch [7:338]

2001-04-12 Thread Sammi 

Hello all,
I am looking for any online resources to study/practice VLAN and
cascading on 2900xl switches.
Any leads greatly appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=338&t=338
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Modem Configuration for Dial out ********* [7:340]

2001-04-12 Thread Hamid 

Hi

I am trying to make one of my modems on a NM-16AM module over an async line
to
Dial-out. The problem is thst I can't get the modem Dial at all. I tried
dialing manually by entering the AT mode ( modem at-mode 6/15) and here are
the results:

AT
OK
ATZ
OK
ATD 20365
ERROR
ATDP 20345
ERROR
ATDT 203456
ERROR

line 208
 modem InOut
 modem autoconfigure discovery
 transport input all
 flowcontrol hardware

Router#show modem configuration 6/15
IDLE   000:00:00LAST DIALMODEM HW: PC 2W United States4 RTS 5 CTS 6
DSR - CD 20 DTR - RIMODULATION   IDLEMODEM BPS33600  AT%G0MODEM
FLOW   OFFAT\G0MODEM MODE   AUTAT\N3BASE MODEV34
AT%M2V.23 OPR.OFFAT%F0AUTO ANS.ON ATS0=1SERIAL BPS
38400  ATBPS ADJUST   OFFAT\J0SPT BPS ADJ. 0  AT\W0ANSWER
MESSGSOFFATQ2SERIAL FLOW  OFFAT\Q0PASS XON/XOFFOFF
AT\X0PARITY   8N ATBREAK5  AT\K5EXIT CHAR
043ATS2=43ANS DUMB MODEOFFAT#E0CMD ECHO ON ATE1
--More--

ANS DUMB MODEOFFAT#E0CMD ECHO ON ATE1RESULTS  ON
ATQ0RESULT TYPE  MNPX   ATV1\V2CONNECT MSG  MDMATW2CONN MNP-
0  AT-M0SPEED MATCH  1  AT%L1EQUALIZER1 
AT:E1FALLBACK
2  AT-Q2DATA ECHOOFFAT\E0INACT TIMER  00 AT\T0AUTO
RETRAIN ON AT%E1COMPRESSION  ALLAT%C3MAX BLK SIZE 256
AT\A3AUTO BUFF0  AT\C0AUTO CHAR000AT%A0PAUSE TIME
002ATS8=2DTR  2  AT&D2CARR DET 1  AT&C1DSR
0  AT\D0RING IND 1  AT\R1LEASE LINE   0  AT&L0LNG SPC
DISC OFFATY0BUSIED OUT   IDLE   AT*Y0 --More--

LNG SPC DISC OFFATY0BUSIED OUT   IDLE   AT*Y0DISC DELAY   000
AT%D0RDLB ENABLE  OFFAT&T5DIAL MODE4  ATX4PULSE DIAL
60%AT&P0PULSE MODE   N  AT%W0V23 HD EQU   ON AT%O1GUARD
TONE   0  AT&G0DATA CALL TONE   OFFAT-C02ND FC   OFF
AT-F0NM BIT VALUE 0  AT-E0PAR CHK  0  AT-P0MANUAL DIAL
0  AT:D0UPSHIFT BPS  OFFAT*H0CELLULAR OFF   
AT)M0LINETYPE
000AT@M0DETECT PHASE ON AT-J1MNP EXT SVC  2  AT-K2UNIV
V.231  AT-V1CONNECT MSG  1STAT@C0DUMB MODEOFF
AT-H0BELL ON ATB1CALL ABT DISAB   OFFAT-Y0 --More--

REVERSE ANS  OFFAT-W0MIN CONN SPD 300AT@UMU-LAW/A_LAW
MU-L
AT"A0REM CHAR 042AT*S42
Ok
-
---
Well, I guess the problem is with the AT commnads because the modem doesn't
dial at all. (the line dosn't get occupied). If it helps I am using it on a
3661 router with IOS 12.0

Can anyone help me with this problem.

Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=340&t=340
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traps [7:322]

2001-04-12 Thread John Neiberger 

Yes, you'd think it should, but I don't think it can.  I'm certain it
can't deliver Guiness-on-Demand, unfortunately!

CW2000 seems to be more geared toward device management, software
management, and configuration management but not fault management like
HP Network Node Manager, for instance.  That's probably why it doesn't
process traps.  It doesn't really have an application that would use
them well.  Besides, since it's all in java, unless you have a 1.5 GHz
machine with 8192GB RAM it would be too slow as a fault management
platform.  :-)   

CW2000 is slw  it's cool, but they need
to do something about the speed.  Especially if using Netscape, good
grief.  I could launch Ciscoview, walk downstairs and configure the
switch from the console port, walk back upstairs and the thing would
still be loading!  That's not very productive.  But if it could pour
Guiness, I suppose I wouldn't mind as much.

>>> "Jeff Duchin"  4/12/01 5:59:52 AM >>>
Has anyone been able to manipulate CW2000 to process traps? I don't
understand the logic at all... it can accept and display Syslog
messages
from devices but not Traps.

So if anyone has pulled this off, please let me know as I'm trying to
avoid
having another NMS just to send Traps to. You'd think by the price that
it
would be able to do this and pour you a pint of Guinness at the same
time!

Any help appreciated,
Jeff
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=341&t=322
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on dsl [7:321]

2001-04-12 Thread Charles Manafa 

I believe the issue here is a VPN client initiating an IPSEC tunnel behind a
NAT device. This configuration does not work. 

A Cisco router or PIX can do a NAT then establish IPSEC tunnel with a remote
end point. Once the tunnel is created, the non-IPSEC client, behind the
router/PIX, can then use the tunnel to connect to the private network. This
configuration works.

Charles

-Original Message-
From: Circusnuts
To: [EMAIL PROTECTED]
Sent: 12/04/01 14:07
Subject: Re: Passing IPSEC packets on dsl [7:321]

Are you sure- my PIX 506 does it with no problem ???

- Original Message -
From: Charles Manafa 
To: 
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]


> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet
is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -Original Message-
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with
it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example,
trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear
dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=342&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Curtis Call 

If the DSL router was maintaining the IPSec tunnel then it would work fine, 
however, if you have a host computer that has an IPSec connection to a 
remote computer and your router is NATing, then that will break it.

At 07:47 AM 4/12/01, you wrote:
>Yeah his comment makes me curious as to what these DSL router
>manufacturers have done to make it work. Surely if someone like netgear
>can make it work Cisco can.
>
>-Original Message-
>From: Circusnuts [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, April 12, 2001 9:08 AM
>To: [EMAIL PROTECTED]
>Subject: Re: Passing IPSEC packets on dsl [7:321]
>
>Are you sure- my PIX 506 does it with no problem ???
>
>- Original Message -
>From: Charles Manafa
>To:
>Sent: Thursday, April 12, 2001 8:37 AM
>Subject: RE: Passing IPSEC packets on dsl [7:321]
>
>
> > VPN does not work when IPSEC packets are NAT'd. One of the reasons why
>this
> > doesn't work is that packet authentication will fail when the packet
>is
> > NAT'd - the calculated hash will not match after NAT has been applied.
> >
> > Charles
> >
> > -Original Message-
> > From: Elijah Savage
> > To: [EMAIL PROTECTED]
> > Sent: 12/04/01 12:11
> > Subject: Passing IPSEC packets on dsl [7:321]
> >
> > All,
> >
> > I purchased a 1605 from eBay for my home lab. I decided to play with
>it
> > a bit on my DSL circuit. I am using NAT on this router, and everything
> > works fine except that now I can't vpn from the inside. Example,
>trying
> > to establish a vpn connection from a client on my local network in to
> > our vpn router at my place of employment. Of course with the netgear
>dsl
> > router it passes those ipsec packets. I was wondering if anyone has
> > tried this before and been able to make this happen.
> >
> > Thanks in advance.
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=343&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passing IPSEC packets on dsl [7:321]

2001-04-12 Thread Allen May 

Can you send the config?  It should work...it even works with Winroute on
cable modem.

Just for kicks check out this link.  It's more about setting up for inbound
VPN but has some related reading in it.

http://www.cisco.com/warp/customer/cc/so/neso/sqso/eqso/dplip_in.htm


- Original Message -
From: "Circusnuts" 
To: 
Sent: Thursday, April 12, 2001 8:07 AM
Subject: Re: Passing IPSEC packets on dsl [7:321]


> Are you sure- my PIX 506 does it with no problem ???
>
> - Original Message -
> From: Charles Manafa
> To:
> Sent: Thursday, April 12, 2001 8:37 AM
> Subject: RE: Passing IPSEC packets on dsl [7:321]
>
>
> > VPN does not work when IPSEC packets are NAT'd. One of the reasons why
> this
> > doesn't work is that packet authentication will fail when the packet is
> > NAT'd - the calculated hash will not match after NAT has been applied.
> >
> > Charles
> >
> > -Original Message-
> > From: Elijah Savage
> > To: [EMAIL PROTECTED]
> > Sent: 12/04/01 12:11
> > Subject: Passing IPSEC packets on dsl [7:321]
> >
> > All,
> >
> > I purchased a 1605 from eBay for my home lab. I decided to play with it
> > a bit on my DSL circuit. I am using NAT on this router, and everything
> > works fine except that now I can't vpn from the inside. Example, trying
> > to establish a vpn connection from a client on my local network in to
> > our vpn router at my place of employment. Of course with the netgear dsl
> > router it passes those ipsec packets. I was wondering if anyone has
> > tried this before and been able to make this happen.
> >
> > Thanks in advance.
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=344&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: unsubscribe [7:335]

2001-04-12 Thread Buri, Heather H 

How come we are getting all these unsubscribe requests sent directly to the
list?  I thought to unsubscribe you had to go to www.groupstudy.com ?  Did I
miss something?

Heather Buri   
CSC Technology Services - Houston

Phone:  (713)-961-8592
Fax:(713)-961-8249
Mobile: 
Alpha Page: 

Mailing:1360 Post Oak Blvd
  Suite 500
  Houston, TX 77056



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 9:11 AM
To: [EMAIL PROTECTED]
Subject: unsubscribe [7:335]


unsubscribe
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=345&t=335
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Allen May 

I'm definitely going to have to try this out as soon as I get a chance.
Here's an idea that I'm going to try first.  Set up a packet sniffer on a
configuration that actually works and set up inbound port forwarding for the
correct ports to the specific workstation only.  Also make sure all outbound
ports are opened up correctly on the router.

Not the prettiest solution but it just might work ;)

Allen
- Original Message -
From: "Curtis Call" 
To: 
Sent: Thursday, April 12, 2001 10:46 AM
Subject: RE: Passing IPSEC packets on DSL [7:321]


> If the DSL router was maintaining the IPSec tunnel then it would work
fine,
> however, if you have a host computer that has an IPSec connection to a
> remote computer and your router is NATing, then that will break it.
>
> At 07:47 AM 4/12/01, you wrote:
> >Yeah his comment makes me curious as to what these DSL router
> >manufacturers have done to make it work. Surely if someone like netgear
> >can make it work Cisco can.
> >
> >-Original Message-
> >From: Circusnuts [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, April 12, 2001 9:08 AM
> >To: [EMAIL PROTECTED]
> >Subject: Re: Passing IPSEC packets on dsl [7:321]
> >
> >Are you sure- my PIX 506 does it with no problem ???
> >
> >- Original Message -
> >From: Charles Manafa
> >To:
> >Sent: Thursday, April 12, 2001 8:37 AM
> >Subject: RE: Passing IPSEC packets on dsl [7:321]
> >
> >
> > > VPN does not work when IPSEC packets are NAT'd. One of the reasons why
> >this
> > > doesn't work is that packet authentication will fail when the packet
> >is
> > > NAT'd - the calculated hash will not match after NAT has been applied.
> > >
> > > Charles
> > >
> > > -Original Message-
> > > From: Elijah Savage
> > > To: [EMAIL PROTECTED]
> > > Sent: 12/04/01 12:11
> > > Subject: Passing IPSEC packets on dsl [7:321]
> > >
> > > All,
> > >
> > > I purchased a 1605 from eBay for my home lab. I decided to play with
> >it
> > > a bit on my DSL circuit. I am using NAT on this router, and everything
> > > works fine except that now I can't vpn from the inside. Example,
> >trying
> > > to establish a vpn connection from a client on my local network in to
> > > our vpn router at my place of employment. Of course with the netgear
> >dsl
> > > router it passes those ipsec packets. I was wondering if anyone has
> > > tried this before and been able to make this happen.
> > >
> > > Thanks in advance.
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=346&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Design Challoenge - a bit off topic [7:195]

2001-04-12 Thread Chuck Larrieu 

Ok - only solution we could come up with pending better customer information
or a better design idea:

Internet-edgerouter---firewallinside

Recall that there are two internet connections terminating on the edge
router.

Policy routing on  the edge router interface connecting to the firewall.
 inbound to the edge router )

Extended access-lists to identify an categorize the customer internet-bound
traffic

Policy routing implemented using a route-map which refers to the
access-lists

Howard's point was interesting - issue of redundancy being, perhaps,
misunderstood. The RFI specifically mentioned failover if one or the other
interfaces was down..

Here's where I am not sure even policy routing will assure failover. Packet
matches a policy, if forwarded to the designated interface. That path is
down - packet dropped? I'm pretty sure that's how it works. So no automatic
failover in the design above.

So - now what?

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Chuck Larrieu
Sent:   Tuesday, April 10, 2001 11:07 PM
To: [EMAIL PROTECTED]
Subject:Design Challoenge - a bit off topic [7:195]

Howard's comment brings to mind a problem my Design Engineer raised when
responding to a customer RFI.

Howard's comment: .  (Pause for usual mystification on why someone wants
routing protocols to pass through
a firewall, a fairly frequent question).

The customer RFI stated requirement ( wording as best as I can remember ):
Solution will entail two internet connections, a T1 and a DSL. Routing will
be configured such that priority traffic will use the T1 connection, and
ordinary internet browsing will use the DSL connction.

Lindy and I were having a real good laugh about the vagueness of the
requirement, when we decided to try to come up with a solution. We came up
with a number of questions for the customer to elaborate upon, and a
possible solution. Would anyone else care to use this as a test of design
issues?

If memory serves, the customer defined "priority" traffic as e-mail and
connectivity to a certain external web site.

So:

1) what are some of the questions the customer still needs to answer?

2) What are some possible solutions to this requirement?
( assume the T1 and the DSL terminate on the same router )

Chuck
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=348&t=195
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on dsl [7:321]

2001-04-12 Thread Carroll Kong 

At 11:45 AM 4/12/01 -0400, Charles Manafa wrote:
>I believe the issue here is a VPN client initiating an IPSEC tunnel behind a
>NAT device. This configuration does not work.
>
>A Cisco router or PIX can do a NAT then establish IPSEC tunnel with a remote
>end point. Once the tunnel is created, the non-IPSEC client, behind the
>router/PIX, can then use the tunnel to connect to the private network. This
>configuration works.
>
>Charles

Are you guys sure on this?  I do not see why IPSec would break.  Only if 
you are using AH would I see it breaking since it cannot authenticate a 
modified IP Header.  You could probably get it to work behind a NAT if you 
setup your IPSec to be ESP only, as opposed to ESP+AH.  Of course, this 
leaves you vulnerable to spoofing since IP Header integrity is no longer 
checked.

I am behind a BSD NAT box, and I have used Netscreen's VPN Client, and the 
Cisco VPN Client for the Altiga, and have connected successfully for months 
without any problems.  The BSD NAT box is using "NPAT" or, "PAT" as Cisco 
would call it.  I am using IPFilter which had a built in NAT software.  I 
have had problems with the Nortel Extranet (boo hiss!).  And, the BSD NAT 
box is not creating a LAN-to-LAN tunnel either.  (which would work)

I can do some double checking to see if I am doing any special magic that I 
have overlooked.

-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=347&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Off Topic: guides [7:349]

2001-04-12 Thread Sam Hebert 

Don,

I lost your email address and can't remember what the name of the thread was
in the archive therfore i'm sending this to the list.  I just wanted to say
thanks for the guides.  Very nice work!

S.H




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=349&t=349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM in home lab [7:287]

2001-04-12 Thread Circusnuts 

That's what I'm talk'n bout Louie :o)  Actually- have a friend who
accidently bought 2 of them on Ebay.  Jason- let me know if your interested
& I can give you his address.  I believe he paid around $1200, which is very
respectable (usually see them @ $1500)

Phil


- Original Message -
From: Belt, Louie 
To: 
Sent: Wednesday, April 11, 2001 8:57 PM
Subject: RE: ATM in home lab [7:287]


> No, the Lightstream 100 doesn't use the same command set as the LS1010 -
> but it doesn't need to.  You will not be required to configure the ATM
> switch in the lab, just the ATM router interfaces that connect to the
> switch.  As a result the Lightstream 100 will do everything you need to
> practice for the lab. (CLIP, PVC's,...)
>
> As for the cheapest route for ATM, I used a Lightstream 100, a 7000 with
an
> ATM interface (OC-3 Multimode) and a 4700 with a Single Mode ATM interface
> (OC-3), I bought both used on ebay.  They will hold their value quite
well,
> so you can get your money back from them be selling them after you pass
the
> lab.
>
> Louie
> CCIE #7054
>
>
>
>
> -Original Message-
> From: Jason Harris
> To: [EMAIL PROTECTED]
> Sent: 4/11/01 6:28 PM
> Subject: ATM in home lab [7:287]
>
> I am just wondering what the most cost effective way would be to
> implement ATM in my home lab from somebody else who has done it before,
> and I am also wondering if anyone has any thoughts on the LightStream
> 100 ATM switch, it seems to be a lot cheaper than the 1010 and I was
> wondering if the command set, etc. was the same. I am just starting to
> set up my lab and would like to buy routers that are the cheapest for
> doing ATM on.
>
> Thanks,
> Jason
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=350&t=287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP helper address with multiple vlans and 1 DHCP [7:351]

2001-04-12 Thread Ruddy Cordero 

I know you guys talked about this earlier but how can I configured the router
to limit exclusively an ip scope for a vlan when I only have one DHCP with
multiple scopes and a switch with multiple vlans


Ruddy
CCNP, CCDA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=351&t=351
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Design Challoenge - a bit off topic [7:195]

2001-04-12 Thread John Neiberger 

How about this...  Since the exit point is based on destination address,
could you use floating static routes?  For example...

ip route  255.255.255.255   50
ip route  255.255.255.255   100
ip route  255.255.25.255  50
ip route  255.255.25.255  100

ip route 0.0.0.0 0.0.0.0  50
ip route 0.0.0.0 0.0.0.0   100

This would provide failover while also accomplishing the stated goal.  
The downside is that as the number of priority sites increased you'd
have to add a new static route.

If I misunderstood the original goal and we're are basing the exit
point on internal source IP address then policy routing would definitely
be the way to go.

If you wanted to go completely overboard, you could run BGP on both
links and set the WEIGHT attribute higher on the T-1 for the prefixes
leading to the priority servers.That would also provide dynamic
failover but I wouldn't consider it to be the best solution.  Besides,
it's probably difficult to get a provider to run BGP over DSL.

John

>>> "Chuck Larrieu"  4/12/01 10:28:52 AM >>>
Ok - only solution we could come up with pending better customer
information
or a better design idea:

Internet-edgerouter---firewallinside

Recall that there are two internet connections terminating on the edge
router.

Policy routing on  the edge router interface connecting to the
firewall.
 inbound to the edge router )

Extended access-lists to identify an categorize the customer
internet-bound
traffic

Policy routing implemented using a route-map which refers to the
access-lists

Howard's point was interesting - issue of redundancy being, perhaps,
misunderstood. The RFI specifically mentioned failover if one or the
other
interfaces was down..

Here's where I am not sure even policy routing will assure failover.
Packet
matches a policy, if forwarded to the designated interface. That path
is
down - packet dropped? I'm pretty sure that's how it works. So no
automatic
failover in the design above.

So - now what?

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
Chuck Larrieu
Sent:   Tuesday, April 10, 2001 11:07 PM
To: [EMAIL PROTECTED] 
Subject:Design Challoenge - a bit off topic [7:195]

Howard's comment brings to mind a problem my Design Engineer raised
when
responding to a customer RFI.

Howard's comment: .  (Pause for usual mystification on why someone
wants
routing protocols to pass through
a firewall, a fairly frequent question).

The customer RFI stated requirement ( wording as best as I can remember
):
Solution will entail two internet connections, a T1 and a DSL. Routing
will
be configured such that priority traffic will use the T1 connection,
and
ordinary internet browsing will use the DSL connction.

Lindy and I were having a real good laugh about the vagueness of the
requirement, when we decided to try to come up with a solution. We came
up
with a number of questions for the customer to elaborate upon, and a
possible solution. Would anyone else care to use this as a test of
design
issues?

If memory serves, the customer defined "priority" traffic as e-mail
and
connectivity to a certain external web site.

So:

1) what are some of the questions the customer still needs to answer?

2) What are some possible solutions to this requirement?
( assume the T1 and the DSL terminate on the same router )

Chuck
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=352&t=195
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Hire, Ejay 

Is there any way to do NAT on a PIX or a Cisco router if you only have one
usable IP address?  I perused CCO, and the most minimalistic NAT/PAT config
I can find still requires 2 (1 interface, one global) addresses.  The
Linksys/Netgear jobbies do it with one IP.

i.e.

ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
255.255.255.252) Router - Internal network.


-Original Message-
From: Elijah Savage [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 9:47 AM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]


Yeah his comment makes me curious as to what these DSL router
manufacturers have done to make it work. Surely if someone like netgear
can make it work Cisco can.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Passing IPSEC packets on dsl [7:321]

Are you sure- my PIX 506 does it with no problem ???

- Original Message -
From: Charles Manafa 
To: 
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]


> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet
is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -Original Message-
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with
it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example,
trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear
dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=354&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Unusual Aspect of a duplicate IP Address [7:353]

2001-04-12 Thread McCallum, Robert 

Here is a scenario which caught me out BIG time in a real life situation
using ISIS.

To make it easier

Router A has a serial connection to Router B


Everything is up layer 1 & 2i.e CDP can indeed see Router B if you are on
Router A and vice versa.  Router B can't see any routes from Router A or
beyond.

NOW  Routers A serial 0's ip address is 172.16.130.5, Routers B serial 0's
ip address is 172.16.130.5.

Spot the deliberate mistake.

Although you say AHA he has the same ip address on the serial connections.
SO, quite rightly ISIS says, go away I will never make an adjacency with
myself    :-(

However, it took me quite a while to discover that these IP addresses were
indeed duplicated.  

REASON or should I make it a question?  I think question would be better.  

Q: What do you think would happen if I was on Router A and telnetted to
172.16.130.5, would I telnet to Router A or B. :->

A: This is why it took me a while to realise this.  I started debugging
adjacencies, blaming a new controller card which was the first time I had
used this in ISIS, everything bar the easy problem.  Mental Note for me here
is don't dive in head first, always fault find the layers and remember this
fault because it is nasty :-<

What made it worse was the customer sitting over my shoulder saying WHY
isn't this working, I knew we shouldn't have bought those new fangled router
things!

Oh the joys of life




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=353&t=353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: unsubscribe [7:335]

2001-04-12 Thread EA Louie 

send mail to [EMAIL PROTECTED] with the message body of unsubscribe
cisco







- Original Message -
From: Buri, Heather H 
To: 
Sent: Thursday, April 12, 2001 9:08 AM
Subject: RE: unsubscribe [7:335]


> How come we are getting all these unsubscribe requests sent directly to
the
> list?  I thought to unsubscribe you had to go to www.groupstudy.com ?  Did
I
> miss something?
>
> Heather Buri
> CSC Technology Services - Houston
>
> Phone: (713)-961-8592
> Fax: (713)-961-8249
> Mobile:
> Alpha Page:
>
> Mailing: 1360 Post Oak Blvd
>   Suite 500
>   Houston, TX 77056
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 9:11 AM
> To: [EMAIL PROTECTED]
> Subject: unsubscribe [7:335]
>
>
> unsubscribe
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=355&t=335
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: unsubscribe [7:320]

2001-04-12 Thread EA Louie 

send the request to [EMAIL PROTECTED] with the message body
unsubscribe cisco








this is a recording

beep

;-)

- Original Message -
From: Pedro Antunes 
To: 
Sent: Thursday, April 12, 2001 3:38 AM
Subject: unsubscribe [7:320]


> unsubscribe
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=356&t=320
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Elijah Savage 

Yes you should look up NAT overload on CCO. That is what I am using
right now on the 1605 works great. I have 5 clients using 1 real ip from
behind the 1605.

-Original Message-
From: Hire, Ejay [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]

Is there any way to do NAT on a PIX or a Cisco router if you only have
one
usable IP address?  I perused CCO, and the most minimalistic NAT/PAT
config
I can find still requires 2 (1 interface, one global) addresses.  The
Linksys/Netgear jobbies do it with one IP.

i.e.

ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
255.255.255.252) Router - Internal network.


-Original Message-
From: Elijah Savage [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 9:47 AM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]


Yeah his comment makes me curious as to what these DSL router
manufacturers have done to make it work. Surely if someone like netgear
can make it work Cisco can.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Passing IPSEC packets on dsl [7:321]

Are you sure- my PIX 506 does it with no problem ???

- Original Message -
From: Charles Manafa 
To: 
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]


> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet
is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -Original Message-
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with
it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example,
trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear
dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=357&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM in home lab [7:287]

2001-04-12 Thread Deloso, Elmer G (WPNSTA Yorktown) 

Hi.
I've done some research into this setup and the dollar figures. First of
all, the books indicate you can do direct ATM router-to-ATM router without
any switch in between. But even a 4500-M ATM module costs around $4275.
I'm referring to the NM-1A-T3 which is a DS-3. If you know of a cheaper
price and the part number of the OC-3
module, please let me know.
The other concern I have is, if you really want to master this ATM subject,
wouldn't you need something like the 3600 series to cover majority of the
ATM implementation scenarios? Unfortunately, its ATM module like the
NM-1A-OC3 is about $4500. I apologise if these numbers are not what's on
Ebay. 
I also noticed that a 2600 has a 25Mb ATM module, the NM-1ATM-25, but I
don't know if this will cover most of the ATM technologies.
Some of these hardware configurations limit you to how many high-speed
modules you can have at the same time.
It's clear this ATM stuff is still unclear to me.
Any feedbacks?

Elmer Deloso

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 12:53 PM
To: [EMAIL PROTECTED]
Subject: Re: ATM in home lab [7:287]


That's what I'm talk'n bout Louie :o)  Actually- have a friend who
accidently bought 2 of them on Ebay.  Jason- let me know if your interested
& I can give you his address.  I believe he paid around $1200, which is very
respectable (usually see them @ $1500)

Phil


- Original Message -
From: Belt, Louie 
To: 
Sent: Wednesday, April 11, 2001 8:57 PM
Subject: RE: ATM in home lab [7:287]


> No, the Lightstream 100 doesn't use the same command set as the LS1010 -
> but it doesn't need to.  You will not be required to configure the ATM
> switch in the lab, just the ATM router interfaces that connect to the
> switch.  As a result the Lightstream 100 will do everything you need to
> practice for the lab. (CLIP, PVC's,...)
>
> As for the cheapest route for ATM, I used a Lightstream 100, a 7000 with
an
> ATM interface (OC-3 Multimode) and a 4700 with a Single Mode ATM interface
> (OC-3), I bought both used on ebay.  They will hold their value quite
well,
> so you can get your money back from them be selling them after you pass
the
> lab.
>
> Louie
> CCIE #7054
>
>
>
>
> -Original Message-
> From: Jason Harris
> To: [EMAIL PROTECTED]
> Sent: 4/11/01 6:28 PM
> Subject: ATM in home lab [7:287]
>
> I am just wondering what the most cost effective way would be to
> implement ATM in my home lab from somebody else who has done it before,
> and I am also wondering if anyone has any thoughts on the LightStream
> 100 ATM switch, it seems to be a lot cheaper than the 1010 and I was
> wondering if the command set, etc. was the same. I am just starting to
> set up my lab and would like to buy routers that are the cheapest for
> doing ATM on.
>
> Thanks,
> Jason
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=358&t=287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Design Challoenge - a bit off topic [7:195]

2001-04-12 Thread Howard C. Berkowitz 

>Ok - only solution we could come up with pending better customer information
>or a better design idea:
>
>Internet-edgerouter---firewallinside
>
>Recall that there are two internet connections terminating on the edge
>router.
>
>Policy routing on  the edge router interface connecting to the firewall.
>  inbound to the edge router )
>
>Extended access-lists to identify an categorize the customer internet-bound
>traffic
>
>Policy routing implemented using a route-map which refers to the
>access-lists
>
>Howard's point was interesting - issue of redundancy being, perhaps,
>misunderstood. The RFI specifically mentioned failover if one or the other
>interfaces was down..

I'm not clear about what you think I meant. Pause to resynchronize. 
I find it hard to imagine any useful and safe scenario where routing 
updates pass transparently THROUGH a firewall.  That doesn't 
preclude, however, having dynamic routing on both sides of a firewall 
or set of firewalls.

For example, if the servers on the inside of the firewalls were UNIX 
boxen that can understand RIP, the inside of the firewall could 
announce the default route in RIP, which would let the servers find 
the correct outgoing firewall.  This doesn't mean that RIP would be 
your primary IGP, just that RIP is present on the perimeter network 
between the inside interface of the firewalls and the inside router. 
Another alternative would be VRRP on the firewalls.  IRDP is probably 
too slow.

You certainly could have BGP on the outside of the firewall, speaking 
to the Internet.

Before there is too much hand-waving about asymmetrical routing, tell 
me again why that creates a major problem and how much effort it 
would take to reduce it (you can't get rid of it).

Outgoing, from the inside to the outside, a client/server sends to a 
default gateway which is on one or the other firewall.  The firewalls 
only need to know how to get to the DMZ, to which the external 
router(s) are connected.

Incoming, a packet passes the firewall, and has the destination 
address of the client/server. Your IGP should take care of that.

>
>Here's where I am not sure even policy routing will assure failover. Packet
>matches a policy, if forwarded to the designated interface. That path is
>down - packet dropped? I'm pretty sure that's how it works. So no automatic
>failover in the design above.

Well, there are things you could do that start involving layer 4 load 
balancers.  But the question always has to be asked -- how important 
is "optimal utilization of lines" in contrast with the amount of 
complexity you need for it?  Again and again, I see people spending 
more money on policy control, accounting, etc., than it would cost 
them (in resources and actual money) just to throw in more bandwidth 
and keep things simple.

>
>So - now what?
>
>Chuck
>
>-Original Message-
>From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>Chuck Larrieu
>Sent:  Tuesday, April 10, 2001 11:07 PM
>To:[EMAIL PROTECTED]
>Subject:   Design Challoenge - a bit off topic [7:195]
>
>Howard's comment brings to mind a problem my Design Engineer raised when
>responding to a customer RFI.
>
>Howard's comment: .  (Pause for usual mystification on why someone wants
>routing protocols to pass through
>a firewall, a fairly frequent question).
>
>The customer RFI stated requirement ( wording as best as I can remember ):
>Solution will entail two internet connections, a T1 and a DSL. Routing will
>be configured such that priority traffic will use the T1 connection, and
>ordinary internet browsing will use the DSL connction.
>
>Lindy and I were having a real good laugh about the vagueness of the
>requirement, when we decided to try to come up with a solution. We came up
>with a number of questions for the customer to elaborate upon, and a
>possible solution. Would anyone else care to use this as a test of design
>issues?
>
>If memory serves, the customer defined "priority" traffic as e-mail and
>connectivity to a certain external web site.
>
>So:
>
>1) what are some of the questions the customer still needs to answer?
>
>2) What are some possible solutions to this requirement?
>( assume the T1 and the DSL terminate on the same router )
>
>Chuck
>FAQ, list archives, and subscription info:




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=359&t=195
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

off topic, becoming a public dns [7:360]

2001-04-12 Thread Heidi white 

Hey I figured you all would know this right off, what
are the appropriate channels for becoming a public
dns? Also is there anything special that I need to be
aware of as far as equipment goes(how high end should
I go with my equipment etc.)?
Heidi

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=360&t=360
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How to determine CIR and increase CIR of FR? [7:259]

2001-04-12 Thread EA Louie 

Stephen - I can think of a few ways to throttle down, but they're all
access-list related, and not actual interface speed related.  For example, I
can't actually turn down the speed of an Ethernet interface, because it is
fixed at 10Mbps.  Can I funnel the traffic that comes into/goes out of that
interface?  Yes, but not deterministically, only as a function of traffic
shaping/limiting.

On a serial interface, they are clocked to synchronize point-to-point, so
there is not physical throttling option there, either.

The question that would need to be answered is, "Why would one want to limit
the data rate on a given interface?"  When a good answer to that question
comes up, then we'll investigate how to do it.

-e-

- Original Message -
From: "Stephen Skinner" 
To: 
Sent: Thursday, April 12, 2001 3:17 AM
Subject: Re: How to determine CIR and increase CIR of FR? [7:259]


> OK..
>
> it appears i was wrong on this Bandwidth thing.
>
> my appologies and thanks for everyone putting me on the right path
>
> BTW
>
> is there any way of controlling the speed of your inputI.E
> throttleing down .
>
> Best regards
>
> steve
>
> thanks snyway
> >From: "EA Louie"
> >Reply-To: "EA Louie"
> >To: [EMAIL PROTECTED]
> >Subject: Re: How to determine CIR and increase CIR of FR? [7:259]
> >Date: Wed, 11 Apr 2001 16:35:00 -0400
> >
> >No one indicated that you were wrong.  However, more clarity would be to
> >answer all the question(s) completely.
> >
> >-e-
> >
> >- Original Message -
> >From: "Stephen Skinner"
> >To: ;
> >Sent: Wednesday, April 11, 2001 1:52 AM
> >Subject: Re: How to determine CIR and increase CIR of FR?
> >
> >
> > > i don`t mean to be rude ,but i was essential correct..
> > >
> > > if you set the bandwidth command to 64k and you have a CIR of 128K yo
> >will
> > > only get 64K...But as my good friends have pointed out the default is
> > > 1.544kb..but i was just trying to make that point stand out that
> >it`s
> > > the serivce provider who makes the call about the info rate...
> > >
> >Baloney.  You'll still get minimally 128k.  Thus, if you set
> >interface serial 0
> >  bandwidth 64000
> >
> >and you have a CIR of 128k, you will still get 128k (plus bursts up to
the
> >data rate of the frame relay port).  The bandwidth command does *nothing
> >physically limiting* to the interface.  It merely acts as the reference
> >number for load calculations on show interfaces and for the metric
> >calculation for dynamic routing protocols.  The txload and rxload
fractions
> >will be inaccurate, though, with this configuration.
> >
> > > I`m sorry if i`m bieng ANAL about this i just wanted myself to be
> >clear..
> > >
> > > best regards
> > >
> > > steve
> > >
> > >
> > > >From: "EA Louie"
> > > >Reply-To: "EA Louie"
> > > >To:
> > > >Subject: Re: How to determine CIR and increase CIR of FR?
> > > >Date: Mon, 9 Apr 2001 08:16:49 -0700
> > > >
> > > >ohhh no the bandwidth statement in the interface is *manually*
> >entered
> > > >(defaulted at 1544 Kbit for a serial interface), and is used to
> >calculate:
> > > >1.  metrics for routing protocols, and
> > > >2.  bandwidth utilization in the "show interfaces" display
> > > >so it's important to have it set correctly.
> > > >
> > > >Some frame relay carriers (Sprint and PacBell come to mind) do not
> >transmit
> > > >their CIR, so 'show frame-relay map' doesn't display their CIR.
> > > >
> > > >The frame relay provider does need to be contacted to increase CIR.
> >Higher
> > > >CIR usually translates into a cost increase for the circuit.
> > > >
> > > >Here's an explanation of EIR - also see
> > > >http://www.nwfusion.com/newsletters/frame/1108fr2.html and
> > > >http://www.nwfusion.com/newsletters/frame/1206fr1.html
> > > >
> > > >EIR is the difference between the port speed of the frame relay
service
> >and
> > > >the CIR.  The port speed is set by the frame relay service provider,
> >and
> > > >may
> > > >be lower than the maximum interface speed - for example, on a T-1
> >circuit,
> > > >the provider could provide a 384kbps port and a 128k CIR.  In this
> >case,
> > > >the
> > > >EIR = 256k, and it would be wise to set the interface bandwidth to
384k
> > > >(bandwidth 384 on the serial interface) to match the port speed.  And
> >the
> > > >port speed is usually the maximum rate at which one can oversubscribe
> >the
> > > >PVC (that is, it is usually the frame relay burst rate)
> > > >
> > > >The moral of the story - just because there is an *access circuit* at
a
> > > >particular transmission rate does not assure you that you burst at
that
> > > >rate.  The interface is rate-limited to the port speed that was
ordered
> > > >from
> > > >the frame relay carrier.
> > > >
> > > >-e-
> > > >- Original Message -
> > > >From:
> > > >To: Greg Owens
> > > >Cc: ;
> > > >Sent: Monday, April 09, 2001 6:55 AM
> > > >Subject: Re: RE: How to determine CIR and increase CIR of FR?
> > > >
> > > >
> > > > > Are you sure that

Re: Passed CID Beta Exam!!!!!!!! [7:301]

2001-04-12 Thread Yuri Polyansky 

Do you mean the result in the Tracking System???
I don't see it..


""GNOME""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The result is out and i passed!
>
> finally after waiting for 4 months :(
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=362&t=301
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT with one address WAS RE: Passing IPSEC packets on DSL [7:361]

2001-04-12 Thread Daniel Cotts 

Yes. Quoting from:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm

As a convenience for users wishing to translate all inside addresses to the
address assigned to an interface on the router, the
NAT code allows one to simply name the interface when configuring the
dynamic translation rule: 

ip nat inside source list  interface  overload 

If there is no address on the interface, or it the interface is not up, no
translation will occur. 

Example: 

ip nat inside source list 1 interface Serial0 overload

There are other examples on CCO. They have recently rearranged the pages and
I can't find them.

> -Original Message-
> From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 12:13 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Passing IPSEC packets on DSL [7:321]
> 
> 
> Is there any way to do NAT on a PIX or a Cisco router if you 
> only have one
> usable IP address?  I perused CCO, and the most minimalistic 
> NAT/PAT config
> I can find still requires 2 (1 interface, one global) addresses.  The
> Linksys/Netgear jobbies do it with one IP.
> 
> i.e.
> 
> ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
> 255.255.255.252) Router - Internal network.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=361&t=361
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Fw: Cisco Security Advisory: Cisco VPN3000 Concentrator IP [7:364]

2001-04-12 Thread EA Louie 

FYI if you're using the former Altiga VPN concentrator...

- Original Message -
From: "Cisco Systems Product Security Incident Response Team"

To: 
Sent: Thursday, April 12, 2001 9:45 AM
Subject: Cisco Security Advisory: Cisco VPN3000 Concentrator IP Options
Vulnerability


>
> -BEGIN PGP SIGNED MESSAGE-
>
> Cisco Security Advisory: VPN 3000 Concentrator IP Options Vulnerability
>

=
> Revision 1.0
>
> For Public Release 2001 April 12 at 1500 UTC
>
>   
>
> Summary
> ===
> If a crafted IP packet, with an invalid IP Option setting is transmitted
to
> a VPN 3000 series concentrator on the same network segment (no routers in
> between), it can cause the VPN 3000 series concentrator to hang with a
100%
> CPU Utilization. The concentrator would then have to be reset. After
> rebooting, the equipment would function normally until the crafted IP
> packet is received again. The defect can be exploited to produce a denial
> of service (DoS) attack.
>
> The vulnerability is described in Cisco bug id CSCds92460.
>
> This notice will be posted at
> http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml
>
> Affected Products
> =
> Cisco VPN 3000 series concentrators running software releases up to but
not
> including revision 2.5.2 (F) are affected by this vulnerability. This
> series includes models 3005, 3015, 3030, 3060, and 3080.
>
> Any VPN 3000 series concentrators running revision 2.5.2 (F) or later are
> unaffected by this vulnerability.
>
> This vulnerability does not affect the VPN 5000 series concentrators. No
> other Cisco product is known to be affected by this vulnerability.
>
> To determine if a Cisco VPN 3000 series concentrator is running affected
> software, check the revision via the web interface or the console menu.
>
> Details
> ===
> If a crafted IP packet, with an invalid IP Option setting, is transmitted
> to a VPN 3000 series concentrator on the same network segment (no routers
> in between), on either the Inside or the Outside interface, it can cause
> the VPN 3000 series concentrator to hang with a 100 % CPU Utilization. The
> concentrator would then have to be reset via the console port as no SNMP
or
> HTTP remote management control would be possible. After rebooting, the
> equipment would function normally until the crafted IP packet is received
> again.
>
> In order to exploit this vulnerability the attacker must be on the same
> network segment as the concentrator without any routers in between. A
> crafted IP packet traversing a router would typically get its invalid IP
> Options dropped and would not be able to affect the VPN 3000 series
> concentrator.
>
> The vulnerability is documented as Cisco bug id CSCds92460.
>
> Impact
> ==
> When this crafted IP packet is received by the VPN 3000 series
> concentrator, the concentrator will stop passing traffic and will not
> respond to any management inquiries via SNMP, Telnet or HTTP. However
> management via the console port is possible.
>
> For VPN 3000 series concentrator models 3015, 3030, 3060, and 3080 the CPU
> Utilization bar graph indicator on the front panel will go to 100%.
>
> Software Versions and Fixes
> ===
> The vulnerability has been fixed in revision 2.5.2 (E) code. The fix will
> be carried forward into all future releases.
>
> However due to the advisory at
> http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml the
> recommended revision to upgrade to is 2.5.2 (F)
>
> Upgrade can be done via the remote software upgrade feature using the VPN
> 3000 series concentrator's web based management interface.
>
> Obtaining Fixed Software
> 
> Cisco is offering free software upgrades to remedy this vulnerability for
> all affected customers. Customers with service contracts may upgrade to
any
> software release. Customers may install only the feature sets they have
> purchased.
>
> Fixed software is currently available.
>
> Customers with contracts should obtain upgraded software through their
> regular update channels. For most customers, this means that upgrades
> should be obtained via Cisco's Software Center at http://www.cisco.com/.
>
> Customers without contracts or warranty should get their upgrades by
> contacting the Cisco Technical Assistance Center (TAC) as shown below:
>
>* (800) 553-2447 (toll-free in North America)
>* +1 408 526 7209 (toll call from anywhere in the world)
>* e-mail: [EMAIL PROTECTED]
>
> See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
> additional TAC contact information, including instructions and e-mail
> addresses for use in various languages.
>
> Give the URL of this notice as evidence of your entitlement to a free
> upgrade. Free upgrades for non-contract customers must be requested
through
> the TAC. Pl

Re: Traps [7:322]

2001-04-12 Thread dre 

I find it strange that NATkit is like 400 times faster than CW2K.
Can anyone explain this?  If you are going to get CiscoWorks
and count on it to actually work half the time, just go with
Cisco's Network Supported Accounts (NSA) if you can afford it.
Then you can get all your spiffy inventory lists, CiscoView dials,
and configuration management all packaged up with nothing to
worry about.

CW2k is not expensive though.  You get what you pay for.  This
is a basic, non-scalable element management system geared
towards Enterprise customers -- not Service Providers.  It is
a EMS, not meant to be a NMS.  The hardware requirements
are lax, and the fact that it runs under a Windows NT/2000
environment means that anyone who takes the CW2k courses
can use it very effectively.  Cost efficient, with some tradeoffs.

If you want a good NMS (with fault management in mind), you
can look at a few of them.  In a Cisco network, it's nice to have
your management data encrypted over the wire, so think in terms
of either SNMPv3 with authPriv using 56-bit DES (only in Cisco
IOS 12.1T) or IPSEC.  Think about the SNMP trap server's
security and high-availability first.  Using SNMPv2 INFORM's
is a good alternative to using SNMPv1 TRAP's.  Using SNMP
over TCP instead of UDP may also help.  Configuring your
network elements, and adding bandwidth couldn't hurt either.

If you add up the cost of a NMS, it is significantly higher than
that of an EMS.  Assuming you went with a solution that could
provide higher availability than your network (6 nines?), so that
you could always monitor your network in case of failure, the
costs would be very significant.  You are talking about two
physically separated networks connected via BGP coming
from two different network types, as well as the server layers
which would include at least 6 Sun E4500's (or equivalent)
under Veritas control and Clustering control (VCS or Integratus
UHA or similar) with redundant SAN architecture.  Add Cisco
InfoCenter or Veritas NerveCenter or RiverSoft OpenRiver
(best-of-class NMS tools) or possibly even HPOV/Spectrum/CA
and your costs are going to add up.  Then you will need to scale
the servers, SAN, and networks N+1 or "n to many".  Put that
all together and that's about $20 million dollars (assuming you
do it all yourself, and not including the implementation time).

For a quick decision chart on what to choose for actual
NMS software:

NetCool OMNIbus 4.0 * (great for Manager-of-Manager - MoM) ~$200k
(varies)
(not out yet; also OEM'd by Cisco as CIC/InfoCenter)
http://www.micromuse.com/
OpenRiver 3.0   *** (great for Autodiscovery) $per
port/interface monitored (varies)
(not out yet)
http://www.riversoft.com/
NerveCenter 3.7** (great for Thresholding) $18k flat rate
http://www.veritas.com/
(available now)
NNM 6.2  * (great for knowledgebase) ~$300k (varies,
need VP or ITO, too)
(available now) (plus SNMP Research's Security Option for SNMPv3)
http://www.openview.hp.com/
Spectrum 6.0 * (kind of combines NNM and NerveCenter
capabilities) $100k flat rate
http://www.aprisma.com/
(available now)

Now I am talking strictly NMS here.  Other management systems (point
solutions, element
managment systems, server management systems, ticket systems, CRM, OSS, etc)
aren't
to be compared to the above products.

-dre

""John Neiberger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yes, you'd think it should, but I don't think it can.  I'm certain it
> can't deliver Guiness-on-Demand, unfortunately!
>
> CW2000 seems to be more geared toward device management, software
> management, and configuration management but not fault management like
> HP Network Node Manager, for instance.  That's probably why it doesn't
> process traps.  It doesn't really have an application that would use
> them well.  Besides, since it's all in java, unless you have a 1.5 GHz
> machine with 8192GB RAM it would be too slow as a fault management
> platform.  :-)
>
> CW2000 is slw  it's cool, but they need
> to do something about the speed.  Especially if using Netscape, good
> grief.  I could launch Ciscoview, walk downstairs and configure the
> switch from the console port, walk back upstairs and the thing would
> still be loading!  That's not very productive.  But if it could pour
> Guiness, I suppose I wouldn't mind as much.
>
> >>> "Jeff Duchin"  4/12/01 5:59:52 AM >>>
> Has anyone been able to manipulate CW2000 to process traps? I don't
> understand the logic at all... it can accept and display Syslog
> messages
> from devices but not Traps.
>
> So if anyone has pulled this off, please let me know as I'm trying to
> avoid
> having another NMS just to send Traps to. You'd think by the price that
> it
> would be able to do this and pour you a pint of Guinness at the same
> time!
>
> Any help appreciated,
> Jeff
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/

RE: off topic, becoming a public dns [7:360]

2001-04-12 Thread Elijah Savage 

This is a wide open question. We would probably provide a better answer
if we knew what you were trying to host DNS for (a company or just home
use). For a starting point I would like to point you to the oreilly
Bind&Dns book 3rd edition, this is the most complete reference to DNS I
have seen. But essentially to answer your question without being to
vague or pointing you in the wrong direction, all you need to do is go
to the internic and register your TWO dns servers and then register your
domain name after your servers has been recognized by the root dns
servers usually about 24 hours. As for equipment I know individuals and
I do it myself, that is hosting a dns box on a dsl link with very small
machines mine in particular is a p133 with 64 meg of memory running BSD
been up for 64 days and has never swapped to disk. Now a company does
not need all that big of box either if it will just be resolving dns
queries I know of a company right now that has about 35,000 employees
and the primary dns server is a Pentium pro 200 with 512 meg of memory
on a BSD flavor also.
I hope this helps.
 
-Original Message-
From: Heidi white [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 2:14 PM
To: [EMAIL PROTECTED]
Subject: off topic, becoming a public dns [7:360]
 
Hey I figured you all would know this right off, what
are the appropriate channels for becoming a public
dns? Also is there anything special that I need to be
aware of as far as equipment goes(how high end should
I go with my equipment etc.)?
Heidi
 
__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=367&t=360
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to determine CIR and increase CIR of FR? [7:259]

2001-04-12 Thread Rauch, Mike 

A situation that I have run across is where you have a port speed that is 4
times your CIR and your carrier cuts you off at the egress port for all
packets over twice your CIR.

-Original Message-
From: EA Louie [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 2:22 PM
To: [EMAIL PROTECTED]
Subject: Re: How to determine CIR and increase CIR of FR? [7:259]


Stephen - I can think of a few ways to throttle down, but they're all
access-list related, and not actual interface speed related.  For example, I
can't actually turn down the speed of an Ethernet interface, because it is
fixed at 10Mbps.  Can I funnel the traffic that comes into/goes out of that
interface?  Yes, but not deterministically, only as a function of traffic
shaping/limiting.

On a serial interface, they are clocked to synchronize point-to-point, so
there is not physical throttling option there, either.

The question that would need to be answered is, "Why would one want to limit
the data rate on a given interface?"  When a good answer to that question
comes up, then we'll investigate how to do it.

-e-

- Original Message -
From: "Stephen Skinner" 
To: 
Sent: Thursday, April 12, 2001 3:17 AM
Subject: Re: How to determine CIR and increase CIR of FR? [7:259]


> OK..
>
> it appears i was wrong on this Bandwidth thing.
>
> my appologies and thanks for everyone putting me on the right path
>
> BTW
>
> is there any way of controlling the speed of your inputI.E
> throttleing down .
>
> Best regards
>
> steve
>
> thanks snyway
> >From: "EA Louie"
> >Reply-To: "EA Louie"
> >To: [EMAIL PROTECTED]
> >Subject: Re: How to determine CIR and increase CIR of FR? [7:259]
> >Date: Wed, 11 Apr 2001 16:35:00 -0400
> >
> >No one indicated that you were wrong.  However, more clarity would be to
> >answer all the question(s) completely.
> >
> >-e-
> >
> >- Original Message -
> >From: "Stephen Skinner"
> >To: ;
> >Sent: Wednesday, April 11, 2001 1:52 AM
> >Subject: Re: How to determine CIR and increase CIR of FR?
> >
> >
> > > i don`t mean to be rude ,but i was essential correct..
> > >
> > > if you set the bandwidth command to 64k and you have a CIR of 128K yo
> >will
> > > only get 64K...But as my good friends have pointed out the default is
> > > 1.544kb..but i was just trying to make that point stand out that
> >it`s
> > > the serivce provider who makes the call about the info rate...
> > >
> >Baloney.  You'll still get minimally 128k.  Thus, if you set
> >interface serial 0
> >  bandwidth 64000
> >
> >and you have a CIR of 128k, you will still get 128k (plus bursts up to
the
> >data rate of the frame relay port).  The bandwidth command does *nothing
> >physically limiting* to the interface.  It merely acts as the reference
> >number for load calculations on show interfaces and for the metric
> >calculation for dynamic routing protocols.  The txload and rxload
fractions
> >will be inaccurate, though, with this configuration.
> >
> > > I`m sorry if i`m bieng ANAL about this i just wanted myself to be
> >clear..
> > >
> > > best regards
> > >
> > > steve
> > >
> > >
> > > >From: "EA Louie"
> > > >Reply-To: "EA Louie"
> > > >To:
> > > >Subject: Re: How to determine CIR and increase CIR of FR?
> > > >Date: Mon, 9 Apr 2001 08:16:49 -0700
> > > >
> > > >ohhh no the bandwidth statement in the interface is *manually*
> >entered
> > > >(defaulted at 1544 Kbit for a serial interface), and is used to
> >calculate:
> > > >1.  metrics for routing protocols, and
> > > >2.  bandwidth utilization in the "show interfaces" display
> > > >so it's important to have it set correctly.
> > > >
> > > >Some frame relay carriers (Sprint and PacBell come to mind) do not
> >transmit
> > > >their CIR, so 'show frame-relay map' doesn't display their CIR.
> > > >
> > > >The frame relay provider does need to be contacted to increase CIR.
> >Higher
> > > >CIR usually translates into a cost increase for the circuit.
> > > >
> > > >Here's an explanation of EIR - also see
> > > >http://www.nwfusion.com/newsletters/frame/1108fr2.html and
> > > >http://www.nwfusion.com/newsletters/frame/1206fr1.html
> > > >
> > > >EIR is the difference between the port speed of the frame relay
service
> >and
> > > >the CIR.  The port speed is set by the frame relay service provider,
> >and
> > > >may
> > > >be lower than the maximum interface speed - for example, on a T-1
> >circuit,
> > > >the provider could provide a 384kbps port and a 128k CIR.  In this
> >case,
> > > >the
> > > >EIR = 256k, and it would be wise to set the interface bandwidth to
384k
> > > >(bandwidth 384 on the serial interface) to match the port speed.  And
> >the
> > > >port speed is usually the maximum rate at which one can oversubscribe
> >the
> > > >PVC (that is, it is usually the frame relay burst rate)
> > > >
> > > >The moral of the story - just because there is an *access circuit* at
a
> > > >particular transmission rate does not assure you that you burst at
that
> > > >

Fasteathernet interface flapping on 2948G - L3 [7:368]

2001-04-12 Thread Bhupinder Shergill 

I am trying to configure 2948G L3 switch and fastethernet is flapping after 
I assign IP and no shutdown on the interface.

Any ideas ?

Bhupinder


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=368&t=368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT with one address WAS RE: Passing IPSEC packets on DSL [7:369]

2001-04-12 Thread Elijah Savage 

Here is a working configuration right here to host a webserver on dsl
link and how to do static nat overload. Allow multiple private ip
addresses on the inside to net to one ip address on the outside.
 
Using 2949 out of 7506 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CiscoFW
!
logging buffered 4096 debugging
enable secret password 
!
username XX
ip subnet-zero
no ip source-route
no ip finger
ip name-server 
!
!
!
interface Ethernet0
 description Local Lan
 bandwidth 1
 ip address XXX 
 no ip directed-broadcast
 ip nat inside
 media-type 10BaseT
 fair-queue 64 256 0
 no cdp enable
!
interface Ethernet1
 description Speakeasy Dsl 1.5/384
 bandwidth 1
 ip address XX 
 ip access-group 101 in
 no ip directed-broadcast
 ip nat outside
 fair-queue 64 256 0
 no cdp enable
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
 no fair-queue
 no cdp enable
! 
ip nat pool speakeasy your assigned ip here space assigned ip here again
netmask 255.255.255.0
ip nat inside source list 1 pool speakeasy overload
ip nat inside source static tcp LAN IP ADDRESS 80 WAN IP ADDRESS 80
extendable(this is how you host a web server on dsl a static nat entry)
ip classless
ip route 0.0.0.0 0.0.0.0 your assigned default gateway goes here
! 
logging trap debugging
logging XX
access-list 1 permit Local lan subnet here
access-list 10 permit Local lan subnet here log
! 
line con 0
 transport input none
line vty 0 4
 access-class 10 in
 password XXX
 login
! 
sntp server XX
scheduler interval 500
end   
  
CiscoFW#
 
-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 2:19 PM
To: [EMAIL PROTECTED]
Subject: NAT with one address WAS RE: Passing IPSEC packets on DSL
[7:361]
 
Yes. Quoting from:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.
htm
 
As a convenience for users wishing to translate all inside addresses to
the
address assigned to an interface on the router, the
NAT code allows one to simply name the interface when configuring the
dynamic translation rule: 
 
ip nat inside source list  interface  overload 
 
If there is no address on the interface, or it the interface is not up,
no
translation will occur. 
 
Example: 
 
ip nat inside source list 1 interface Serial0 overload
 
There are other examples on CCO. They have recently rearranged the pages
and
I can't find them.
 
> -Original Message-
> From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 12:13 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Passing IPSEC packets on DSL [7:321]
> 
> 
> Is there any way to do NAT on a PIX or a Cisco router if you 
> only have one
> usable IP address?  I perused CCO, and the most minimalistic 
> NAT/PAT config
> I can find still requires 2 (1 interface, one global) addresses.  The
> Linksys/Netgear jobbies do it with one IP.
> 
> i.e.
> 
> ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
> 255.255.255.252) Router - Internal network.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=369&t=369
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cat6000 Supervisor Memeory needs [7:370]

2001-04-12 Thread Anidil Rajendran (RAJ) 

Hi 

The default memory for WS-X6K-S2-MSFC2 is 128MB.
When should I go for 256MB or 512MB.

Also when should I purchase 24MB flash instead of 16MB

Can someone guide me with this

TIA


ANIDIL

Netliant,
Redwood shores,CA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=370&t=370
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Token ring to Cat 5 conversion [7:371]

2001-04-12 Thread Plantier, William (Spencer) 

Has anyone done a Token Ring to Cat 5 conversion?

Wm. Spencer Plantier
LAN Engineer
(919) 474-1300 ext 0873 Office
(919) 474-1056 Fax
(919)696-8848 Cell
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=371&t=371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: CONNECTING TWO SITES [7:372]

2001-04-12 Thread Moahzam Durrani 

Mo Durrani
IS&T 
WYSE\EDS
phone:408-473 1246
[EMAIL PROTECTED]
[EMAIL PROTECTED]

> -Original Message-
> From: Moahzam Durrani 
> Sent: Thursday, April 12, 2001 12:13 PM
> To:   '[EMAIL PROTECTED]'
> Subject:  
> 
> 
> Bayrouter E0-xover
> cable--E0framerelayrouterTexasS0framerelayrout
> ertexas---S0FRAMERRELAYROUTER SJE0LAN
>  145.237.5.8 145.237.5.5
> 92.134.23.59/24 192.134.23.56/24   132.234.5.6 
>  
> 
> (132.234.0.0 is the san jose Network , the frame relay is provide through
> sprint )
> 
> Our comapny has jsut aquired another company that has a really old
> infrastructure. At presesent to(for a short time onlytill we improve the
> infra to cisco) we are coneecting an E0 port on an old ASN Bay router to
> the E0 int on the cisco framerelay router.  I need to provide a connection
> so the Users in texas will be able to got through the frame and connect to
> San Jose. 
> would i use the following as a rout statement ip route statement on the
> bay router (at least from a cisco point of view)
> 
> ip route 132.234.0.0 255.255.0.0 145.237.5.5 ?
> 
> Mo Durrani
> IS&T 
> WYSE\EDS
> phone:408-473 1246
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=372&t=372
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Just Passed Routing BSCN 2.0 [7:268]

2001-04-12 Thread Bolton, Travis 

Congratulations on passing your test.  I hope to take mine in a week or two.
Need to freshen up on BGP then I should be ready.  Good luck on your BCRAN.

-Original Message-
From: Roger Sohn [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 11, 2001 4:34 PM
To: [EMAIL PROTECTED]
Subject: Just Passed Routing BSCN 2.0 [7:268]


The test was very straight forward and you either know the stuff or you
don't.

I only used the Cisco Press book to study for this exam and read the book
cover to cover twice.  61 questions and I felt like about 50% was involved
with OSPF and 35% BGP and the remaining questions were involved with IGRP,
EIGRP, and other basics like VLSM.  Everything mentioned on Cisco's website
basically.  You just have to occasionally watch out for specific wording.
For example, there are a few questions that may give you multiple answers
that are correct...but you have to understand that the test is asking you
for the *Best* answer.

But I definitely think that my previous experience with working on routers
at work helped me out tremendously.

Thanks to everyone on this list (there are so many smart people on this list
that always kept me motivated to continue to study hard) and for those
studying for this, keep studying.  You can do it!

-Roger
CCNA
1 down, 3 to go for CCNP.  (BCRAN is next on my hit list)
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=373&t=268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NAT with one address WAS RE: Passing IPSEC packets on DSL [7:375]

2001-04-12 Thread Hire, Ejay 

Thanks all, I never ever even considered that.  (If you listen closely, you
can hear the sound of me smacking my forehead repeatedly>

Ejay Hire
804-220-7724
877-200-7020,x7724
... Answers are free.  Explanations will cost you a Diet Pepsi.  



-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 2:19 PM
To: [EMAIL PROTECTED]
Subject: NAT with one address WAS RE: Passing IPSEC packets on DSL
[7:361]


Yes. Quoting from:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm

As a convenience for users wishing to translate all inside addresses to the
address assigned to an interface on the router, the
NAT code allows one to simply name the interface when configuring the
dynamic translation rule: 

ip nat inside source list  interface  overload 

If there is no address on the interface, or it the interface is not up, no
translation will occur. 

Example: 

ip nat inside source list 1 interface Serial0 overload

There are other examples on CCO. They have recently rearranged the pages and
I can't find them.

> -Original Message-
> From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 12:13 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Passing IPSEC packets on DSL [7:321]
> 
> 
> Is there any way to do NAT on a PIX or a Cisco router if you 
> only have one
> usable IP address?  I perused CCO, and the most minimalistic 
> NAT/PAT config
> I can find still requires 2 (1 interface, one global) addresses.  The
> Linksys/Netgear jobbies do it with one IP.
> 
> i.e.
> 
> ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
> 255.255.255.252) Router - Internal network.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=375&t=375
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Token-Ring DB9 to RJ-45 adapter [7:374]

2001-04-12 Thread Brian Lodwick 

Does anyone know where I can purchase the little adapter that connects to a 
DB9 Token-Ring interface on say a 2502 and switches it to RJ-45. I don't 
know what the name of it would be. I have one, and I broke it open thinking 
I could just reproduce the cable structure, but it has a small circuit board 
inside. I am trying to find a place to purchase them, but nobody sells 
Token-Ring stuff any more it seems.

Thanks in advance guys.
>>>Brian
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=374&t=374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Unusual Aspect of a duplicate IP Address [7:376]

2001-04-12 Thread tom cheung 

ISIS uses CLNS to form adjancies.  IP has nothing to do with it.  It'll form 
adjancies, if I'm not mistaken, even when router A and B are on different 
subnets.


>From: "McCallum, Robert" 
>Reply-To: "McCallum, Robert" 
>To: "'Ccielab' (E-mail)" ,
>"Cisco@Groupstudy.  Com (E-mail)" 
>Subject: Unusual Aspect of a duplicate IP Address
>Date: Thu, 12 Apr 2001 16:59:32 +0100
>
>Here is a scenario which caught me out BIG time in a real life situation
>using ISIS.
>
>To make it easier
>
>Router A has a serial connection to Router B
>
>
>Everything is up layer 1 & 2i.e CDP can indeed see Router B if you are on
>Router A and vice versa.  Router B can't see any routes from Router A or
>beyond.
>
>NOW  Routers A serial 0's ip address is 172.16.130.5, Routers B serial 0's
>ip address is 172.16.130.5.
>
>Spot the deliberate mistake.
>
>Although you say AHA he has the same ip address on the serial connections.
>SO, quite rightly ISIS says, go away I will never make an adjacency with
>myself    :-(
>
>However, it took me quite a while to discover that these IP addresses were
>indeed duplicated.
>
>REASON or should I make it a question?  I think question would be better.
>
>Q: What do you think would happen if I was on Router A and telnetted to
>172.16.130.5, would I telnet to Router A or B. :->
>
>A: This is why it took me a while to realise this.  I started debugging
>adjacencies, blaming a new controller card which was the first time I had
>used this in ISIS, everything bar the easy problem.  Mental Note for me 
>here
>is don't dive in head first, always fault find the layers and remember this
>fault because it is nasty :-
>What made it worse was the customer sitting over my shoulder saying WHY
>isn't this working, I knew we shouldn't have bought those new fangled 
>router
>things!
>
>Oh the joys of life
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=376&t=376
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fasteathernet interface flapping on 2948G - L3 [7:368]

2001-04-12 Thread Brian Lodwick 

What is connected to that port. Some lan cards have issues with auto 
negotiation. Maybe your switch is set to auto-negotiate the port speed? If 
it is try hard setting it to 100.

>>>Brian


>From: "Bhupinder Shergill" 
>Reply-To: "Bhupinder Shergill" 
>To: [EMAIL PROTECTED]
>Subject: Fasteathernet interface flapping on 2948G - L3 [7:368]
>Date: Thu, 12 Apr 2001 14:54:44 -0400
>
>I am trying to configure 2948G L3 switch and fastethernet is flapping after
>I assign IP and no shutdown on the interface.
>
>Any ideas ?
>
>Bhupinder
>
>
>_
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=378&t=368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Static route [7:377]

2001-04-12 Thread West, Karl 

Refresh me...

What happens to a static route that has a cost of 255 at the end. It gets
discarded right ?

ip route 198.207.193.11 255.255.255.255 205.253.192.246 255




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=377&t=377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: off topic, becoming a public dns [7:360]

2001-04-12 Thread Sam 

You are required to have two different DNS servers when registering a
domain.  If this is for personal use you can get away with only one if your
on a budget.  Simply bind multiple IP address to your DNS server.  It can be
behind some firewall if you like for security.  I've done this at home using
a DSL connection.  My ISP provided me with 5 public IP addresses.  Once this
is set up and running simply go register your DNS and provide your two
addresses to the registrar.

""Heidi white""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hey I figured you all would know this right off, what
> are the appropriate channels for becoming a public
> dns? Also is there anything special that I need to be
> aware of as far as equipment goes(how high end should
> I go with my equipment etc.)?
> Heidi
>
> __
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=382&t=360
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: $$$ for labtime [7:179]

2001-04-12 Thread Waters, Kris - TS/Corporate 

I found that the $30 simulation from Boson was plenty good enough for the
CCNA.

Kris
CCNA, MCP

-Original Message-
From: Joe Dewberry [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 11, 2001 12:04 AM
To: [EMAIL PROTECTED]
Subject: $$$ for labtime [7:179]


I am looking to take the CCNA exam soon, but would like some solid lab time.
What is a benchmark for say five four hour sessions with a set/rack of
routers?

Thanks,

Joe Dewberry
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=381&t=179
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Allen May 

Or NAT overload...brain fart..heh.

- Original Message -
From: "Hire, Ejay" 
To: 
Sent: Thursday, April 12, 2001 12:12 PM
Subject: RE: Passing IPSEC packets on DSL [7:321]


> Is there any way to do NAT on a PIX or a Cisco router if you only have one
> usable IP address?  I perused CCO, and the most minimalistic NAT/PAT
config
> I can find still requires 2 (1 interface, one global) addresses.  The
> Linksys/Netgear jobbies do it with one IP.
>
> i.e.
>
> ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
> 255.255.255.252) Router - Internal network.
>
>
> -Original Message-
> From: Elijah Savage [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 9:47 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Passing IPSEC packets on DSL [7:321]
>
>
> Yeah his comment makes me curious as to what these DSL router
> manufacturers have done to make it work. Surely if someone like netgear
> can make it work Cisco can.
>
> -Original Message-
> From: Circusnuts [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 9:08 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Passing IPSEC packets on dsl [7:321]
>
> Are you sure- my PIX 506 does it with no problem ???
>
> - Original Message -
> From: Charles Manafa
> To:
> Sent: Thursday, April 12, 2001 8:37 AM
> Subject: RE: Passing IPSEC packets on dsl [7:321]
>
>
> > VPN does not work when IPSEC packets are NAT'd. One of the reasons why
> this
> > doesn't work is that packet authentication will fail when the packet
> is
> > NAT'd - the calculated hash will not match after NAT has been applied.
> >
> > Charles
> >
> > -Original Message-
> > From: Elijah Savage
> > To: [EMAIL PROTECTED]
> > Sent: 12/04/01 12:11
> > Subject: Passing IPSEC packets on dsl [7:321]
> >
> > All,
> >
> > I purchased a 1605 from eBay for my home lab. I decided to play with
> it
> > a bit on my DSL circuit. I am using NAT on this router, and everything
> > works fine except that now I can't vpn from the inside. Example,
> trying
> > to establish a vpn connection from a client on my local network in to
> > our vpn router at my place of employment. Of course with the netgear
> dsl
> > router it passes those ipsec packets. I was wondering if anyone has
> > tried this before and been able to make this happen.
> >
> > Thanks in advance.
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=380&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passing IPSEC packets on DSL [7:321]

2001-04-12 Thread Allen May 

Check in your manual in the section on the 'global' command and read about
NAT vs PAT.  I think you'll find your answer there.

- Original Message -
From: "Hire, Ejay" 
To: 
Sent: Thursday, April 12, 2001 12:12 PM
Subject: RE: Passing IPSEC packets on DSL [7:321]


> Is there any way to do NAT on a PIX or a Cisco router if you only have one
> usable IP address?  I perused CCO, and the most minimalistic NAT/PAT
config
> I can find still requires 2 (1 interface, one global) addresses.  The
> Linksys/Netgear jobbies do it with one IP.
>
> i.e.
>
> ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
> 255.255.255.252) Router - Internal network.
>
>
> -Original Message-
> From: Elijah Savage [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 9:47 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Passing IPSEC packets on DSL [7:321]
>
>
> Yeah his comment makes me curious as to what these DSL router
> manufacturers have done to make it work. Surely if someone like netgear
> can make it work Cisco can.
>
> -Original Message-
> From: Circusnuts [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 12, 2001 9:08 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Passing IPSEC packets on dsl [7:321]
>
> Are you sure- my PIX 506 does it with no problem ???
>
> - Original Message -
> From: Charles Manafa
> To:
> Sent: Thursday, April 12, 2001 8:37 AM
> Subject: RE: Passing IPSEC packets on dsl [7:321]
>
>
> > VPN does not work when IPSEC packets are NAT'd. One of the reasons why
> this
> > doesn't work is that packet authentication will fail when the packet
> is
> > NAT'd - the calculated hash will not match after NAT has been applied.
> >
> > Charles
> >
> > -Original Message-
> > From: Elijah Savage
> > To: [EMAIL PROTECTED]
> > Sent: 12/04/01 12:11
> > Subject: Passing IPSEC packets on dsl [7:321]
> >
> > All,
> >
> > I purchased a 1605 from eBay for my home lab. I decided to play with
> it
> > a bit on my DSL circuit. I am using NAT on this router, and everything
> > works fine except that now I can't vpn from the inside. Example,
> trying
> > to establish a vpn connection from a client on my local network in to
> > our vpn router at my place of employment. Of course with the netgear
> dsl
> > router it passes those ipsec packets. I was wondering if anyone has
> > tried this before and been able to make this happen.
> >
> > Thanks in advance.
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=379&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 8540 [7:383]

2001-04-12 Thread Winchester, Derek 

of ATM interfaces. But the Cisco 8540 is killing me. I am trying to set up
an interface on the 8540  to troubleshoot another device, and I cannot even
ping the interface from the ATM switch itself. Would anyone mind taking a
look at the configuration, if you have experience with the 8540? Please CC
me w/ the group thanks. I will send the config ( just a test config) on
reply.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=383&t=383
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Static route [7:377]

2001-04-12 Thread Rauch, Mike 

I believe when you add the 255 you are changing the administrative distance
to create a floating static route.  If you had a route learned by EIGRP for
instance with an administrative distance of 90 and the floating static route
with a distance of 255, the route learned by EIGRP would be used until the
link goes down.  When the EIGRP route is down, the floating static route
will take over.
Please correct me if I'm wrong.
-Original Message-
From: West, Karl [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 3:19 PM
To: [EMAIL PROTECTED]
Subject: Static route [7:377]


Refresh me...

What happens to a static route that has a cost of 255 at the end. It gets
discarded right ?

ip route 198.207.193.11 255.255.255.255 205.253.192.246 255
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=384&t=377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Static route [7:377]

2001-04-12 Thread West, Karl 

never mind...I remember  !!! sorry!!

-Original Message-
From: West, Karl 
Sent: Thursday, April 12, 2001 3:19 PM
To: [EMAIL PROTECTED]
Subject: Static route [7:377]


Refresh me...

What happens to a static route that has a cost of 255 at the end. It gets
discarded right ?

ip route 198.207.193.11 255.255.255.255 205.253.192.246 255
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=385&t=377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token ring to Cat 5 conversion [7:371]

2001-04-12 Thread Chipps,Ken 

Do you mean an IBM Type 1 cable to UTP Category 5 cable conversion or Token
Ring to Ethernet as both Token Ring and Ethernet can run over the same UTP
cables? I have done many of both.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Plantier, William (Spencer)
Sent: Thursday, April 12, 2001 1:59 PM
To: [EMAIL PROTECTED]
Subject: Token ring to Cat 5 conversion [7:371]


Has anyone done a Token Ring to Cat 5 conversion?

Wm. Spencer Plantier
LAN Engineer
(919) 474-1300 ext 0873 Office
(919) 474-1056 Fax
(919)696-8848 Cell
[EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=386&t=371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token-Ring DB9 to RJ-45 adapter [7:374]

2001-04-12 Thread Chipps,Ken 

They are called Media Filters. A search using media filter on google.com
turned up several companies. But yes they are getting hard to find and the
price is going up all the time.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Brian Lodwick
Sent: Thursday, April 12, 2001 2:14 PM
To: [EMAIL PROTECTED]
Subject: Token-Ring DB9 to RJ-45 adapter [7:374]


Does anyone know where I can purchase the little adapter that connects to a 
DB9 Token-Ring interface on say a 2502 and switches it to RJ-45. I don't 
know what the name of it would be. I have one, and I broke it open thinking 
I could just reproduce the cable structure, but it has a small circuit board

inside. I am trying to find a place to purchase them, but nobody sells 
Token-Ring stuff any more it seems.

Thanks in advance guys.
>>>Brian
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=387&t=374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Just Passed Routing BSCN 2.0 [7:268]

2001-04-12 Thread Bartels, Brandon 

Travis please stop posting here!!!





Brandon L. Bartels

Sprint PCS
Information Technology
Service Delivery
Network Engineering
Phone:  913-307-3688 
Email:  bbarte   [EMAIL PROTECTED]   


 


 


-Original Message-
From: Bolton, Travis [ mailto:[EMAIL PROTECTED]
 ]
Sent: Thursday, April 12, 2001 2:14 PM
To: [EMAIL PROTECTED]
Subject: RE: Just Passed Routing BSCN 2.0 [7:268]


Congratulations on passing your test.  I hope to take mine in a week or two.
Need to freshen up on BGP then I should be ready.  Good luck on your BCRAN.

-Original Message-
From: Roger Sohn [ mailto:[EMAIL PROTECTED] 
]
Sent: Wednesday, April 11, 2001 4:34 PM
To: [EMAIL PROTECTED]
Subject: Just Passed Routing BSCN 2.0 [7:268]


The test was very straight forward and you either know the stuff or you
don't.

I only used the Cisco Press book to study for this exam and read the book
cover to cover twice.  61 questions and I felt like about 50% was involved
with OSPF and 35% BGP and the remaining questions were involved with IGRP,
EIGRP, and other basics like VLSM.  Everything mentioned on Cisco's website
basically.  You just have to occasionally watch out for specific wording.
For example, there are a few questions that may give you multiple answers
that are correct...but you have to understand that the test is asking you
for the *Best* answer.

But I definitely think that my previous experience with working on routers
at work helped me out tremendously.

Thanks to everyone on this list (there are so many smart people on this list
that always kept me motivated to continue to study hard) and for those
studying for this, keep studying.  You can do it!

-Roger
CCNA
1 down, 3 to go for CCNP.  (BCRAN is next on my hit list)
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=389&t=268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Token-Ring DB9 to RJ-45 adapter [7:374]

2001-04-12 Thread EA Louie 

It's called a Media Filter.

Mine says Ortronics on it.
http://www.ortronics.com/products/search/default.asp?product=media+filter&sh
ow=5 
To: 
Sent: Thursday, April 12, 2001 12:14 PM
Subject: Token-Ring DB9 to RJ-45 adapter [7:374]


> Does anyone know where I can purchase the little adapter that connects to
a
> DB9 Token-Ring interface on say a 2502 and switches it to RJ-45. I don't
> know what the name of it would be. I have one, and I broke it open
thinking
> I could just reproduce the cable structure, but it has a small circuit
board
> inside. I am trying to find a place to purchase them, but nobody sells
> Token-Ring stuff any more it seems.
>
> Thanks in advance guys.
> >>>Brian
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=388&t=374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Static route [7:377]

2001-04-12 Thread Jim Dixon 

An Interesting description can be found at:

http://www.routergod.com/charlesmanson/


-Original Message-
From: Rauch, Mike [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 2:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Static route [7:377]


I believe when you add the 255 you are changing the administrative distance
to create a floating static route.  If you had a route learned by EIGRP for
instance with an administrative distance of 90 and the floating static route
with a distance of 255, the route learned by EIGRP would be used until the
link goes down.  When the EIGRP route is down, the floating static route
will take over.
Please correct me if I'm wrong.

CISCO says: http://www.cisco.com/warp/public/123/backup-main.html

Floating Static Routes
Floating static routes are static routes that have an administrative
distance greater than the administrative distance of dynamic routes.
Administrative distances can be configured on a static route so that the
static route is less desirable than a dynamic route. In this manner, the
static route is not used when the dynamic route is available. However, if
the dynamic route is lost, the static route can take over, and traffic can
be sent through this alternate route. If this alternate route is provided
using a DDR interface, then that interface can be used as a backup
mechanism. 

Sequence 

The primary interface learns a primary route to a remote network (using a
static route or a dynamic routing protocol). The administrative distance of
this learned route is less than the floating static, thus the learned route
is used. 
The primary interface becomes inoperable, although line protocol may remain
up. Loss of routing updates eventually removes the learned primary route
from the routing table.
The floating static route is used since it is now the route with the lowest
administrative distance.

Pros
This is independent of line protocol status. 
It is encapsulation independent.
It can backup multliple interfaces/networks on a router. 

Cons
This requires a routing protocol.
It is dependent upon the routing protocol convergence times.
It is more difficult to configure.
It can typically only provide backup for a single router.
It is dependent upon interesting traffic to trigger the DDR backup call




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=390&t=377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Static route [7:377]

2001-04-12 Thread West, Karl 

your partly right but it is only for AD up to 254...

(Cisco Press-Website)
An administrative distance is a rating of the trustworthiness of a routing
information source, such as an individual router or a group of routers.
Numerically, an administrative distance is an integer between 0 and 255. In
general, the higher the value, the lower the trust rating. An administrative
distance of 255 means the routing information source cannot be trusted at
all and should be ignored. 

-Original Message-
From: Rauch, Mike [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 3:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Static route [7:377]


I believe when you add the 255 you are changing the administrative distance
to create a floating static route.  If you had a route learned by EIGRP for
instance with an administrative distance of 90 and the floating static route
with a distance of 255, the route learned by EIGRP would be used until the
link goes down.  When the EIGRP route is down, the floating static route
will take over.
Please correct me if I'm wrong.
-Original Message-
From: West, Karl [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 3:19 PM
To: [EMAIL PROTECTED]
Subject: Static route [7:377]


Refresh me...

What happens to a static route that has a cost of 255 at the end. It gets
discarded right ?

ip route 198.207.193.11 255.255.255.255 205.253.192.246 255
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=391&t=377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP study track [7:394]

2001-04-12 Thread cisco 

dear group,

I have baught all the Cisco press course books for CCNP.
BSCN,BCMSN,BCRAN,CIT

I need help !! I need to know the methods of preparation that some of you
did.

Is Cisco press enough? + thier study guides?

Is Boson CCNP exams good for CCNP?

Please guide me as to what to do now.

Thanks a lot,

Jeremy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=394&t=394
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet and mail problems [7:392]

2001-04-12 Thread Moe Tavakoli 

I would have to conclude (with the little info provided) that you are
experiencing a reverse lookup problem.  Check your DNS (internal and
external) and make sure that the right address/resolution/name is in order.

Moe.

-Original Message-
From: Luis Oliveira [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 1:27 PM
To: [EMAIL PROTECTED]
Subject: Telnet and mail problems [7:392]


Fellow Cisco users

This is my first post to the list. I've been watching the list for messages
regarding a problem that we have at my company (newspaper business) that's
probably related to our new network.


We have recently changed for a new building and since we are now placed in
several floors (as opposed to the situation we had before) we have taken
this opportunity to build a new network infrastructure.

We have a central Cisco Catalyst 6006 with 48 10/100 mbit ports, 2*8 fiber
optic modules that connect to 5 floors (Cisco 3548 XL and Cisco 3524
switches) by fiber cable.

We have a relatively large network of 400 machines (80% Macs, 20% PC's)
divided by VLAN's. We also have 30 or so servers (ranging from Sun Solaris
running Sybase, to Windows NT 4 and 2000 file servers, Microsoft SQL
servers, Appleshare File servers, AIX machines running Oracle, etc.

Our machines have fixed IP addresses. We are experimenting a problem when we
try to telnet a Unix machine. It takes forever (almost half a minute). The
same problem with e-mail checking ( 30 seconds to logon on the server).
Before we had just two subnets. Now we have more (private networks), and the
mail server is on a public network (DMZ) separated from us by a firewall. We
think that the problem is related with the Ciscos or the implementation of
the VLAN's. The company that implemented our network (which is a sister
company of my company) until now as not found a solution to our problem and
the mail users, which is everyone is becoming very upset with all this.
Everything else works fine on the network works fine (copying files, browse
the internet, that kind of stuff).

Anyone have seen this kind of trouble before ? Can give some advice or steps
to follow to eliminate this ?


Sorry for the long post.


Thanks



// luis oliveira
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=395&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Telnet and mail problems [7:392]

2001-04-12 Thread John Hardman 

Hi

The first thing I would look at is name resolution. UNIX/Linux systems
(telnet and email especially) both use reverse lookup. If the UNIX/Linux box
can not find a name to go with the IP it will produce the situation you
describe.

As a quick experiment, add a host to the hosts file on the UNIX box you are
telneting to. Then telnet to it from that host, I'll bet the connect is very
fast. You can do the same for POP3/SMTP.

HTH
--
John Hardman CCNP MCSE


""Luis Oliveira""  wrote in message
news:[EMAIL PROTECTED]...
> Fellow Cisco users
>
> This is my first post to the list. I've been watching the list for
messages
> regarding a problem that we have at my company (newspaper business) that's
> probably related to our new network.
>
>
> We have recently changed for a new building and since we are now placed in
> several floors (as opposed to the situation we had before) we have taken
> this opportunity to build a new network infrastructure.
>
> We have a central Cisco Catalyst 6006 with 48 10/100 mbit ports, 2*8 fiber
> optic modules that connect to 5 floors (Cisco 3548 XL and Cisco 3524
> switches) by fiber cable.
>
> We have a relatively large network of 400 machines (80% Macs, 20% PC's)
> divided by VLAN's. We also have 30 or so servers (ranging from Sun Solaris
> running Sybase, to Windows NT 4 and 2000 file servers, Microsoft SQL
> servers, Appleshare File servers, AIX machines running Oracle, etc.
>
> Our machines have fixed IP addresses. We are experimenting a problem when
we
> try to telnet a Unix machine. It takes forever (almost half a minute). The
> same problem with e-mail checking ( 30 seconds to logon on the server).
> Before we had just two subnets. Now we have more (private networks), and
the
> mail server is on a public network (DMZ) separated from us by a firewall.
We
> think that the problem is related with the Ciscos or the implementation of
> the VLAN's. The company that implemented our network (which is a sister
> company of my company) until now as not found a solution to our problem
and
> the mail users, which is everyone is becoming very upset with all this.
> Everything else works fine on the network works fine (copying files,
browse
> the internet, that kind of stuff).
>
> Anyone have seen this kind of trouble before ? Can give some advice or
steps
> to follow to eliminate this ?
>
>
> Sorry for the long post.
>
>
> Thanks
>
>
>
> // luis oliveira
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=396&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet and mail problems [7:392]

2001-04-12 Thread Evans, TJ 

We have seen this when servers' DNS server entries are incorrect /
unreachable.



Thanks!
TJ

 -Original Message-
From:   Luis Oliveira [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, April 12, 2001 16:27
To: [EMAIL PROTECTED]
Subject:Telnet and mail problems [7:392]

Fellow Cisco users

This is my first post to the list. I've been watching the list for messages
regarding a problem that we have at my company (newspaper business) that's
probably related to our new network.


We have recently changed for a new building and since we are now placed in
several floors (as opposed to the situation we had before) we have taken
this opportunity to build a new network infrastructure.

We have a central Cisco Catalyst 6006 with 48 10/100 mbit ports, 2*8 fiber
optic modules that connect to 5 floors (Cisco 3548 XL and Cisco 3524
switches) by fiber cable.

We have a relatively large network of 400 machines (80% Macs, 20% PC's)
divided by VLAN's. We also have 30 or so servers (ranging from Sun Solaris
running Sybase, to Windows NT 4 and 2000 file servers, Microsoft SQL
servers, Appleshare File servers, AIX machines running Oracle, etc.

Our machines have fixed IP addresses. We are experimenting a problem when we
try to telnet a Unix machine. It takes forever (almost half a minute). The
same problem with e-mail checking ( 30 seconds to logon on the server).
Before we had just two subnets. Now we have more (private networks), and the
mail server is on a public network (DMZ) separated from us by a firewall. We
think that the problem is related with the Ciscos or the implementation of
the VLAN's. The company that implemented our network (which is a sister
company of my company) until now as not found a solution to our problem and
the mail users, which is everyone is becoming very upset with all this.
Everything else works fine on the network works fine (copying files, browse
the internet, that kind of stuff).

Anyone have seen this kind of trouble before ? Can give some advice or steps
to follow to eliminate this ?


Sorry for the long post.


Thanks



// luis oliveira
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=397&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Telnet and mail problems [7:392]

2001-04-12 Thread Carroll Kong 

At 04:27 PM 4/12/01 -0400, Luis Oliveira wrote:

>Our machines have fixed IP addresses. We are experimenting a problem when we
>try to telnet a Unix machine. It takes forever (almost half a minute). The
>same problem with e-mail checking ( 30 seconds to logon on the server).
>Before we had just two subnets. Now we have more (private networks), and the
>mail server is on a public network (DMZ) separated from us by a firewall. We
>think that the problem is related with the Ciscos or the implementation of
>the VLAN's. The company that implemented our network (which is a sister
>company of my company) until now as not found a solution to our problem and
>the mail users, which is everyone is becoming very upset with all this.
>Everything else works fine on the network works fine (copying files, browse
>the internet, that kind of stuff).
>
>Anyone have seen this kind of trouble before ? Can give some advice or steps
>to follow to eliminate this ?
>
>Sorry for the long post.
>
>Thanks
>
>// luis oliveira

Hm.  It sounds a lot like DNS issues.  Do you have guys pointing to an 
internal DNS server?  Does your mail server resolve to an internal IP?  If 
you do internal DNS, I can see where you might have "inside has problems", 
"outside is dandy" problems.  Can you time the telnetting to the Unix 
box?  Are you sure it is not 75 seconds?  (If it is, it is almost 
definitely DNS issues).  Have you tried doing "ping" floods to those hosts 
just to see what % of packet loss occurs, if any?  It could very well be 
other issues, but check your DNS setups to see if anything seems fishy with 
your internal DNS.

-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=399&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CAT6509 and IPX (Help Question) [7:398]

2001-04-12 Thread Nabil Fares 

Greetings all,

Have a question been driving my crazy, hope you guys can help me.

We're replacing a 55XX with a 6509 switch.  Plugged the 6509 in the 55XX
switch so my customer can play around before we replace them (not the best
thing to do).

Network--55XX--6509---Novell client

Here's the issue:

When the user moves his machine to the 6509, he doesn't get Novell logon
promote.  All IP connectivity is working.  If he moves the client back to
the 55XX, it works fine.  I've enabled portfast on the 6509, no joy.  Can
someone help me with some pointers?

I hope my question is clear.

Thanks,

Nabil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=398&t=398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CEF [7:304]

2001-04-12 Thread Rahul Kachalia 

Gayathri,

Giving "ip cef" in global mode turns only CEF processing & start
building fib table, to enable netflow type "ip route-cache flow" command
under interface. Based on router you are using it if you type no ip
route-cache cef & no ip route-cache distributed then the fallback is either
fast or optimum switching.

thanks
rahul.
- Original Message -
From: "Gayathri" 
To: 
Sent: Wednesday, April 11, 2001 9:03 PM
Subject: CEF [7:304]


> Hi,
>
> If i have a statement 'ip cef' in the router, does this mean I have
enabled
> netflow?
>
> Under the interfaces , the configuration is
> no ip route-cache cef
> no ip route-cache distributed
>
> Thanks for any inputs...
>
>
> Regards
>
> Gayathri
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=400&t=304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token-Ring DB9 to RJ-45 adapter [7:374]

2001-04-12 Thread Leigh Anne Chisholm 

A couple of weeks ago, I wandered through the inventory area of a local wire
and cable supply outlet.  I noticed they had several Token Ring media
filters.
Since there's no demand for them from corporate customers (and hasn't been
for
quite some time), they offered to give them away for free because all these
devices are currently doing is taking up space in their office.

Check with your local wire and cable company - see if they've got any they'd
like to part with.  The price just might be right.  (There's that old
saying... one man's trash is another man's treasure...).


  -- Leigh Anne

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Daniel Cotts
> Sent: April 12, 2001 2:28 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Token-Ring DB9 to RJ-45 adapter [7:374]
>
>
> If you are patient some should show up on eBay.
>
> > -Original Message-
> > From: Chipps,Ken [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, April 12, 2001 2:56 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Token-Ring DB9 to RJ-45 adapter [7:374]
> >
> >
> > They are called Media Filters. A search using media filter on
> > google.com
> > turned up several companies. But yes they are getting hard to
> > find and the
> > price is going up all the time.
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Brian Lodwick
> > Sent: Thursday, April 12, 2001 2:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: Token-Ring DB9 to RJ-45 adapter [7:374]
> >
> >
> > Does anyone know where I can purchase the little adapter that
> > connects to a
> > DB9 Token-Ring interface on say a 2502 and switches it to
> > RJ-45. I don't
> > know what the name of it would be. I have one, and I broke it
> > open thinking
> > I could just reproduce the cable structure, but it has a
> > small circuit board
> >
> > inside. I am trying to find a place to purchase them, but
> > nobody sells
> > Token-Ring stuff any more it seems.
> >
> > Thanks in advance guys.
> > >>>Brian
> > _
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct
> > and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=401&t=374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Telnet and mail problems [7:392]

2001-04-12 Thread Luis Oliveira 

Should the logon time be so long even if I telnet by numeric address, say
telnet xx.yy.zz.ww ?



Regards


// luis oliveira



> At 04:27 PM 4/12/01 -0400, Luis Oliveira wrote:
> 
>> Our machines have fixed IP addresses. We are experimenting a problem when
we
>> try to telnet a Unix machine. It takes forever (almost half a minute). The
>> same problem with e-mail checking ( 30 seconds to logon on the server).
>> Before we had just two subnets. Now we have more (private networks), and
the
>> mail server is on a public network (DMZ) separated from us by a firewall.
We
>> think that the problem is related with the Ciscos or the implementation of
>> the VLAN's. The company that implemented our network (which is a sister
>> company of my company) until now as not found a solution to our problem
and
>> the mail users, which is everyone is becoming very upset with all this.
>> Everything else works fine on the network works fine (copying files,
browse
>> the internet, that kind of stuff).
>> 
>> Anyone have seen this kind of trouble before ? Can give some advice or
steps
>> to follow to eliminate this ?
>> 
>> Sorry for the long post.
>> 
>> Thanks
>> 
>> // luis oliveira
> 
> Hm.  It sounds a lot like DNS issues.  Do you have guys pointing to an
> internal DNS server?  Does your mail server resolve to an internal IP?  If
> you do internal DNS, I can see where you might have "inside has problems",
> "outside is dandy" problems.  Can you time the telnetting to the Unix
> box?  Are you sure it is not 75 seconds?  (If it is, it is almost
> definitely DNS issues).  Have you tried doing "ping" floods to those hosts
> just to see what % of packet loss occurs, if any?  It could very well be
> other issues, but check your DNS setups to see if anything seems fishy with
> your internal DNS.
> 
> -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=402&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Option to get Cisco Cims at cheapest price [7:403]

2001-04-12 Thread Saif 

Hello any one interested in Cisco CIMS ideal for CCNP and CCIE including

- Basic Router Functions  plus RIP configuration on Cisco4500 simulator
-Frame Relay
-OSPF configuration on 7000 series Simulator
-OSPF summarization on 7000 series Simulator
-EIGRP Configuration on 7000 series Simulator
-BGP configuration on 7000 series Simulator
- Complete Lan switching on 5000 router simulation including.  Vlan
configuration,Token ring switching,configuring FDDI modules,Configuring
ATM LANE
-ACCESS ISDN including Cisco   700 series router configuration complete
All the above stuff  u can configure on a CIM like real router and
Switch prompts with voice instructions
it costs thousands dollars and i am selling it very cheap if any one
interested plz contact me at [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=403&t=403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNA,CCNP 2 tracks Cbts for sale [7:404]

2001-04-12 Thread Meow 

Any one interested in Smartcertify.com  CBTS for Complete CCNA and CCNP
2 tracks
mail me [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=404&t=404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNA,CCNP 2 tracks Cbts for sale [7:405]

2001-04-12 Thread Meow 

Any one interested in Smartcertify.com  CBTS for Complete CCNA and CCNP
2 tracks
mail me [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=405&t=405
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NLSP (Novell Netware) [7:314]

2001-04-12 Thread EA Louie 

read (watch the wrap)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cipx.ht
m

I don't think they've changed the cost 'calculation' since IOS 11.0.  It's
not so much a calculation as it is an assigned value that you can change
arbitrarily, so it doesn't do the 100,000,000/(interface bandwidth)
calculation that OSPF performs.

-e-
- Original Message -
From: "[EMAIL PROTECTED] (Aaron)" 
To: 
Sent: Thursday, April 12, 2001 1:47 AM
Subject: NLSP (Novell Netware) [7:314]


> Hi all,
> I have a question about the NLSP, which is the routing protocol used for
> Novell Netware Protocol stack. How does it calculate the "cost", and does
> it like the OSPF's metric: 10(8)/BW.
>
> Thank you very much!
>
> Aaron.z
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=406&t=314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Telnet and mail problems [7:392]

2001-04-12 Thread Carroll Kong 

At 05:31 PM 4/12/01 -0400, Luis Oliveira wrote:
>Should the logon time be so long even if I telnet by numeric address, say
>telnet xx.yy.zz.ww ?
>
>
>
>Regards
>
>
>// luis oliveira

Absolutely.  Sorry I was not as clear as the others, it is because the unix 
boxes will try to do a reverse DNS lookup on the incoming 
connection.  Usually this is because they use tcp_wrappers and / or they 
log the connections?  In general, you want to always have a fully 
resolvable network, both forwards and backwards.  So whoever the host that 
is trying to connect to the Unix box, if the host's IP does not reverse 
properly, you can expect such issues.

The issue is not so much that your forward dns is not working, since if you 
do it by IP, there is no forward dns resolution being done at all.  But the 
unix box will try to reverse the incoming IP.

-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=407&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Catalyst 6509 and DHCP [7:408]

2001-04-12 Thread Vijay Ramcharan 

Hello Group,
I'm looking at a particularly irritating problem and I can't quite figure
out what's wrong.  We have 2 Cat6509s which are suppposed to be configured
for IP telephony.  I've added a number of VLANs, implemented HSRP on the
MSFCs etc.  My problem is, I have a DHCP server on VLAN 4 which cannot be
seen by a host which is on another VLAN.  I tried using the ip
helper-address command but was unsuccessful.

Any ideas?
Thanks.

Configs below:

Core_Even_MSFC#sh run
Building configuration...

Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Core_Even_MSFC
!
boot system flash bootflash:c6msfc-jsv-mz.121-2.E.bin
boot bootldr bootflash:c6msfc-boot-mz.121-2.E.bin
!
ip subnet-zero
!
mls rp ip
cns event-service server
!
!
!
interface Serial9/0/0
 no ip address
 shutdown
 no fair-queue
!
interface Serial9/0/1
 no ip address
 shutdown
 no fair-queue
!
interface Serial9/0/2
 no ip address
 shutdown
 no fair-queue
!
interface Serial9/0/3
 no ip address
 shutdown
 no fair-queue
!
interface Vlan1
 ip address 10.4.10.2 255.255.254.0
 mls rp vtp-domain tdnyc
 mls rp management-interface
!
interface Vlan2
 ip address 10.4.8.2 255.255.254.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 2 timers 5 15
 standby 2 priority 110 preempt
 standby 2 ip 10.4.8.5
!
interface Vlan3
 ip address 10.4.2.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 3 timers 5 15
 standby 3 priority 100 preempt
 standby 3 ip 10.4.2.5
!
interface Vlan4
 ip address 10.4.12.2 255.255.254.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 4 timers 5 15
 standby 4 priority 110 preempt
 standby 4 ip 10.4.12.4
!
interface Vlan5
 ip address 10.4.3.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 5 timers 5 15
 standby 5 priority 100 preempt
 standby 5 ip 10.4.3.5
!
interface Vlan6
 ip address 10.4.14.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 6 timers 5 15
 standby 6 priority 110 preempt
 standby 6 ip 10.4.14.5
!
interface Vlan7
 ip address 10.4.4.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 7 timers 5 15
 standby 7 priority 100 preempt
 standby 7 ip 10.4.4.5
!
interface Vlan8
 ip address 10.4.15.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 8 timers 5 15
 standby 8 priority 110 preempt
 standby 8 ip 10.4.15.5
!
interface Vlan9
 ip address 10.4.5.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 9 timers 5 15
 standby 9 priority 100 preempt
 standby 9 ip 10.4.5.5
!
interface Vlan11
 ip address 10.4.6.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 11 timers 5 15
 standby 11 priority 100 preempt
 standby 11 ip 10.4.6.5
!
interface Vlan15
 ip address 10.4.7.2 255.255.255.0
 no ip redirects
 mls rp vtp-domain tdnyc
 standby 15 timers 5 15
 standby 15 priority 100 preempt
 standby 15 ip 10.4.7.5
!
router eigrp 10
 network 10.0.0.0
 no auto-summary
!
ip classless
no ip http server
!
!
!
line con 0
 transport input none
line vty 0 4
 login
 transport input lat pad mop telnet rlogin udptn nasi
!
end

Core_Even_MSFC#

Core_Even (enable) sh conf
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
..
..






...



..

begin
!
# * NON-DEFAULT CONFIGURATION *
!
!
#time: Thu Apr 12 2001, 15:44:31
!
#version 6.1(2)
!
set prompt Core_Even
!
#errordetection
set errordetection portcounter enable
!
#!
#vtp
set vtp domain tdnyc
set vlan 1 name default type ethernet mtu 1500 said 11 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state
activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state
active st
p ibm
set vlan 2-9,11,15
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state
acti
ve mode srb aremaxhop 7 stemaxhop 7 backupcrf off
!
#ip
set interface sc0 1 10.4.10.4/255.255.254.0 10.4.11.255

set ip route 10.4.2.0/255.255.255.0   10.4.10.2
set ip route 10.4.3.0/255.255.255.0   10.4.10.2
set ip route 10.4.4.0/255.255.255.0   10.4.10.2
set ip route 10.4.5.0/255.255.255.0   10.4.10.2
set ip route 10.4.6.0/255.255.255.0   10.4.10.2
set ip route 10.4.7.0/255.255.255.0   10.4.10.2
set ip route 10.4.8.0/255.255.254.0   10.4.10.2
set ip route 10.4.12.0/255.255.254.0   10.4.10.2
set ip route 10.4.14.0/255.255.255.0   10.4.10.2
set ip route 10.4.15.0/255.255.255.0   10.4.10.2
set ip route 0.0.0.0/0.0.0.0 10.4.10.2
!
#spantree
#vlan 1
set spantree priority 16384  1
#vlan 2
set spantree priority 8192   2
#vlan 3
set spantree priority 16384  3
#vlan 4
set spantree priority 8192   4
#vlan 5
set spantree priority 16384  5
#vlan 6
set spantree priority 8192   6
#vlan 7
set spantree priority 16384  7
#vlan 8
set spantre

RE: Telnet and mail problems [7:392]

2001-04-12 Thread Evans, TJ 

~30 seconds or so is within reason ... 


Thanks!
TJ

 -Original Message-
From:   Luis Oliveira [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, April 12, 2001 17:31
To: [EMAIL PROTECTED]
Subject:Re: Telnet and mail problems [7:392]

Should the logon time be so long even if I telnet by numeric address, say
telnet xx.yy.zz.ww ?



Regards


// luis oliveira



> At 04:27 PM 4/12/01 -0400, Luis Oliveira wrote:
> 
>> Our machines have fixed IP addresses. We are experimenting a problem when
we
>> try to telnet a Unix machine. It takes forever (almost half a minute).
The
>> same problem with e-mail checking ( 30 seconds to logon on the server).
>> Before we had just two subnets. Now we have more (private networks), and
the
>> mail server is on a public network (DMZ) separated from us by a firewall.
We
>> think that the problem is related with the Ciscos or the implementation
of
>> the VLAN's. The company that implemented our network (which is a sister
>> company of my company) until now as not found a solution to our problem
and
>> the mail users, which is everyone is becoming very upset with all this.
>> Everything else works fine on the network works fine (copying files,
browse
>> the internet, that kind of stuff).
>> 
>> Anyone have seen this kind of trouble before ? Can give some advice or
steps
>> to follow to eliminate this ?
>> 
>> Sorry for the long post.
>> 
>> Thanks
>> 
>> // luis oliveira
> 
> Hm.  It sounds a lot like DNS issues.  Do you have guys pointing to an
> internal DNS server?  Does your mail server resolve to an internal IP?  If
> you do internal DNS, I can see where you might have "inside has problems",
> "outside is dandy" problems.  Can you time the telnetting to the Unix
> box?  Are you sure it is not 75 seconds?  (If it is, it is almost
> definitely DNS issues).  Have you tried doing "ping" floods to those hosts
> just to see what % of packet loss occurs, if any?  It could very well be
> other issues, but check your DNS setups to see if anything seems fishy
with
> your internal DNS.
> 
> -Carroll Kong
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=409&t=392
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

sanity check - NAT [7:410]

2001-04-12 Thread Irwin Lazar 

I need to turn on NAT in a 2500 running Firewall IOS 11.3.  It's been a year
since I touched a router, so I wanted to run the config by the group for a
sanity check. (addresses have been changed to protect the innocent)

Here's what I'm trying to do:
NAT pool (legal addresses) 203.181.70.65 to 203.181.70.94 (slash /27)

Hosts will get addresses via DHCP in the 192.168.1.0 /24 range

The Inside address 192.168.1.11 should statically translate to 203.181.70.91
(that is, hosts on the Internet that try to connect to 203.181.70.65 should
hit the NAT box, where they are redirected to 192.168.1.11)

Here's my config:
interface e0
ip address 192.168.1.1 255.255.255.0
ip nat inside
! defines e0 with IP address and inside NAT interface

interface s0
ip nat outside

ip nat pool overld 203.181.70.65 206.181.70.90 prefix 27
ip nat inside source list 7 pool overld overload
access-list 7 permit 192.168.1.0 0.0.0.255

ip nat outside source static 192.16.1.11 203.181.70.91
ip nat inside source static 203.181.70.91 192.16.1.11 

Before I slap this on my router, will it work as intended?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=410&t=410
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token-Ring DB9 to RJ-45 adapter [7:374]

2001-04-12 Thread Mark Rose 

A while back a dmichaels [[EMAIL PROTECTED]] was selling cables with
IBM Type 1 to DB-9 Token at the other end for $5 each plus shipping. The
only catch was that you had to buy 4 or 5. He was easy to work with and very
helpful.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Leigh Anne Chisholm
Sent: Thursday, April 12, 2001 4:28 PM
To: [EMAIL PROTECTED]
Subject: RE: Token-Ring DB9 to RJ-45 adapter [7:374]


A couple of weeks ago, I wandered through the inventory area of a local wire
and cable supply outlet.  I noticed they had several Token Ring media
filters.
Since there's no demand for them from corporate customers (and hasn't been
for
quite some time), they offered to give them away for free because all these
devices are currently doing is taking up space in their office.

Check with your local wire and cable company - see if they've got any they'd
like to part with.  The price just might be right.  (There's that old
saying... one man's trash is another man's treasure...).


  -- Leigh Anne

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Daniel Cotts
> Sent: April 12, 2001 2:28 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Token-Ring DB9 to RJ-45 adapter [7:374]
>
>
> If you are patient some should show up on eBay.
>
> > -Original Message-
> > From: Chipps,Ken [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, April 12, 2001 2:56 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Token-Ring DB9 to RJ-45 adapter [7:374]
> >
> >
> > They are called Media Filters. A search using media filter on
> > google.com
> > turned up several companies. But yes they are getting hard to
> > find and the
> > price is going up all the time.
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Brian Lodwick
> > Sent: Thursday, April 12, 2001 2:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: Token-Ring DB9 to RJ-45 adapter [7:374]
> >
> >
> > Does anyone know where I can purchase the little adapter that
> > connects to a
> > DB9 Token-Ring interface on say a 2502 and switches it to
> > RJ-45. I don't
> > know what the name of it would be. I have one, and I broke it
> > open thinking
> > I could just reproduce the cable structure, but it has a
> > small circuit board
> >
> > inside. I am trying to find a place to purchase them, but
> > nobody sells
> > Token-Ring stuff any more it seems.
> >
> > Thanks in advance guys.
> > >>>Brian
> > _
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct
> > and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=411&t=374
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP helper address with multiple vlans and 1 DHCP [7:351]

2001-04-12 Thread Luke 

Ruddy,

   If I understand the question (not necessarily a true statement):
When the DHCP client (PC host) comes up it will send a broadcast for
DHCP service, the vlan router will see the request packet and forward the
request to the DHCP server using the IP helper address setup in the
interface config.  When the request is sent it indicates to the DHCP server
which network this request is coming from and the DHCP will search the
available scopes and select the scope that is for the requesting network.
The server offer will be returned to the router which in turn sends it to
the original requestor at which time the conversation becomes a unicast
between the DHCP client and server.

On the other hand if you are trying to reserver a specific IP within a
scope for a specific PC host it must be setup on the DHCP server with the
clients macaddr as a M-DHCP (manual dhcp).  The conversation occurs as
before except on a specific IP will be returned that satifies the
macaddr -to- IP reservation setup on the DHCP server.

Repost with clarifications if this has not help resolve the issue.

""Ruddy Cordero""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I know you guys talked about this earlier but how can I configured the
router
> to limit exclusively an ip scope for a vlan when I only have one DHCP with
> multiple scopes and a switch with multiple vlans
>
>
> Ruddy
> CCNP, CCDA
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=412&t=351
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT6509 and IPX (Help Question) [7:398]

2001-04-12 Thread John Neiberger 

How sure are you that IP connectivity is working?  Pings from the
network to the machine succeed?  Do pings from the machine to the
network succeed?

If we assume that even IP connectivity is broken, I would have one
suggestion to check into.  we've discussed this on the list before and
didn't come to an agreement about this behavior, but here goes...

If you move the machine from the 5500 to the 6509, the MAC address of
the machine will still be in the CAM table on the 5500 and will not
timeout for five minutes by default.  Try clearing the CAM table on the
5500 and see if that resolves the issue.  Some will tell you that this
is unnecessary because as soon as the 5500 sees the MAC address coming
in on a different port it will update its CAM table immediately. 
Regardless, it's worth a shot.

But, you said IP is working so this is probably not the issue.

John

>>> "Nabil Fares"  4/12/01 3:03:30 PM >>>
Greetings all,

Have a question been driving my crazy, hope you guys can help me.

We're replacing a 55XX with a 6509 switch.  Plugged the 6509 in the
55XX
switch so my customer can play around before we replace them (not the
best
thing to do).

Network--55XX--6509---Novell client

Here's the issue:

When the user moves his machine to the 6509, he doesn't get Novell
logon
promote.  All IP connectivity is working.  If he moves the client back
to
the 55XX, it works fine.  I've enabled portfast on the 6509, no joy. 
Can
someone help me with some pointers?

I hope my question is clear.

Thanks,

Nabil
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=413&t=398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 6509 and DHCP [7:408]

2001-04-12 Thread Laszlo Csosza 

Hi!

I haven't seen ip helper-address commands in your config... maybe I'm getting
blind near to midnight...

--

cU,

Laszlo Csosza


""Vijay Ramcharan""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello Group,
> I'm looking at a particularly irritating problem and I can't quite figure
> out what's wrong.  We have 2 Cat6509s which are suppposed to be configured
> for IP telephony.  I've added a number of VLANs, implemented HSRP on the
> MSFCs etc.  My problem is, I have a DHCP server on VLAN 4 which cannot be
> seen by a host which is on another VLAN.  I tried using the ip
> helper-address command but was unsuccessful.
>
> Any ideas?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=414&t=408
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Password recovery [7:415]

2001-04-12 Thread [EMAIL PROTECTED] 

I was trying to do a password recovery on a 2503 router, after pressing
Breakhere is what I got on the attachment.

Looks like its crashed, cann't type and its not going.

Please assist!!!

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory
F3: 4442848+146464+241348 at 0x1000

  Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

   cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, California 95134-1706



Cisco Internetwork Operating System Software 
IOS (tm) 3000 Software (IGS-IR-L), Experimental Version 11.0(9682) [athippes
109]
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Fri 15-Nov-96 16:28 by athippes
Image text-base: 0x1448, data-base: 0x00417FE4

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 03863193, with hardware revision 
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
1 ISDN Basic Rate interface.
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)



Press RETURN to get started!


%LINK-3-UPDOWN: Interface BRI0, changed state to up
%LINK-3-UPDOWN: Interface Ethernet0, changed state to up
%LINK-3-UPDOWN: Interface Serial0, changed state to down
%LINK-3-UPDOWN: Interface Serial1, changed state to down
*Mar  1 00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,
changed state to up
*Mar  1 00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to down
*Mar  1 00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,
changed state to down
*Mar  1 00:00:10: 
Note: A random Spanning Tree Bridge Identifier address of .0c00.0539
  has been chosen for Bridge group 1 since there is no mac address
  associated with the selected interface.
*Mar  1 00:00:10: 
  Ensure that this address is unique.

*Mar  1 00:00:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,
changed state to down
*Mar  1 00:00:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
*Mar  1 00:00:13: %LINK-5-CHANGED: Interface Ethernet0, changed state to
administratively down
*Mar  1 00:00:13: %LINK-5-CHANGED: Interface Serial0, changed state to
administratively down
*Mar  1 00:00:13: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 26 state
changed to DELETED
*Mar  1 00:00:14: %LINK-5-CHANGED: Interface BRI0, changed state to
administratively down
*Mar  1 00:00:14: %LINK-3-UPDOWN: Interface BRI0: B-Channel 1, changed state
to down
*Mar  1 00:00:14: %LINK-3-UPDOWN: Interface BRI0: B-Channel 2, changed state
to down
*Mar  1 00:00:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0,
changed state to down
*Mar  1 00:00:15: %LINK-5-CHANGED: Interface Serial1, changed state to
administratively down
*Mar  1 00:00:18: %SYS-5-CONFIG_I: Configured from memory by console
*Mar  1 00:00:18: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (tm) 3000 Software (IGS-IR-L), Experimental Version 11.0(9682) [athippes
109]
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Fri 15-Nov-96 16:28 by athippes




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=415&t=415
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

  1   2   >