PIX autentication ISSUE!!!! [7:705]

[Magdy H. Ibrahim]

Dear All,
I hope to find an expert in PIX firewall to help me to solve this problem:
About PIX authentication With ACS2.3.
I am trying to configure my PIX506 with IOS5.1 to use cisco secure ACS2.3 to
authenticate my internal users when they try to access the internet..
The ACS located on the inside network with vertual IP 192.168.111.2 while
the PIX inside IP is 192.168.111.2.
When I try to access the internet after applying the authentication commands
the authentication window comes up with username and
password...
when I typed a username and password from the ACS users database it failed
to authenticate that user with this massege: Error: Authen Rejected
even that user can telnet the access server or my router.
and the outlook express did not work when I put that conf. with Error
massege.
this is the configuration which I put in my PIX to run the
aaa-authentication:

aaa-server PIXGroup protocol tacacs+
aaa-server PIXGroup (inside) host 213.131.67.10 cisco timeout 5
aaa authentication include any outbound 192.168.111.0 255.255.255.0 0.0.0.0
0.0.0.0 PIXGroup
aaa authorization include any outbound 192.168.111.0 255.255.255.0 0.0.0.0
0.0.0.0 PIXGroup

Please any idea

Please help me sooon

Regards,,,

Magdy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=705&t=705
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NLSP (Novell Netware) [7:314]

[[EMAIL PROTECTED] (Aaron)]

[EMAIL PROTECTED] ("EA Louie") wrote in
: 

>read (watch the wrap)
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cipx
>.ht m
>
>I don't think they've changed the cost 'calculation' since IOS 11.0. 
>It's not so much a calculation as it is an assigned value that you can
>change arbitrarily, so it doesn't do the 100,000,000/(interface
>bandwidth) calculation that OSPF performs.
>
>-e-
>- Original Message -
>From: "[EMAIL PROTECTED] (Aaron)" 
>To: 
>Sent: Thursday, April 12, 2001 1:47 AM
>Subject: NLSP (Novell Netware) [7:314]
>
>
>> Hi all,
>> I have a question about the NLSP, which is the routing protocol used
>> for Novell Netware Protocol stack. How does it calculate the "cost",
>> and does it like the OSPF's metric: 10(8)/BW.
>>
>> Thank you very much!
>>
>> Aaron.z
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html Report misconduct and
>Nondisclosure violations to [EMAIL PROTECTED] 
>

Thank you but it realy can be setted automatically on the interface. How
does the router do it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=706&t=314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Unusual Aspect of a duplicate IP Address [7:707]

[McCallum, Robert]

in this case definitely.  No adjacency formed because the ip address was
duplicate.  Once I sorted this problem then the adjacency came in so in this
scenario I would definitely say that Jeff Doyle is wrong.

-Original Message-
From: tom cheung [mailto:[EMAIL PROTECTED]]
Sent: 14 April 2001 15:02
To: [EMAIL PROTECTED]
Subject: RE: Unusual Aspect of a duplicate IP Address



According to Doyle's book Pp 648:

"An interesting side effect of the fact that ISIS is a CLNS protocol is that

the IP addresses of neighboring routers have NO INFLUNECE ON THE FORMATION 
OF ADJANCIES. another result is that two interfaces with IP 
addresses from completely different subnets can become adjacnet."

Is Jeff Doyle wrong?

>From: "McCallum, Robert" 
>To: 'tom cheung' 
>Subject: RE: Unusual Aspect of a duplicate IP Address
>Date: Sat, 14 Apr 2001 10:38:15 +0100
>
>EEH !  WRONG
>
>-Original Message-
>From: tom cheung [mailto:[EMAIL PROTECTED]]
>Sent: 12 April 2001 19:09
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
>[EMAIL PROTECTED]
>Subject: Re: Unusual Aspect of a duplicate IP Address
>
>
>ISIS uses CLNS to form adjancies.  IP has nothing to do with it.  It'll 
>form
>
>adjancies, if I'm not mistaken, even when router A and B are on different
>subnets.
>
>
> >From: "McCallum, Robert" 
> >Reply-To: "McCallum, Robert" 
> >To: "'Ccielab' (E-mail)" ,
> >"Cisco@Groupstudy.  Com (E-mail)" 
> >Subject: Unusual Aspect of a duplicate IP Address
> >Date: Thu, 12 Apr 2001 16:59:32 +0100
> >
> >Here is a scenario which caught me out BIG time in a real life situation
> >using ISIS.
> >
> >To make it easier
> >
> >Router A has a serial connection to Router B
> >
> >
> >Everything is up layer 1 & 2i.e CDP can indeed see Router B if you are on
> >Router A and vice versa.  Router B can't see any routes from Router A or
> >beyond.
> >
> >NOW  Routers A serial 0's ip address is 172.16.130.5, Routers B serial 
>0's
> >ip address is 172.16.130.5.
> >
> >Spot the deliberate mistake.
> >
> >Although you say AHA he has the same ip address on the serial 
>connections.
> >SO, quite rightly ISIS says, go away I will never make an adjacency with
> >myself    :-(
> >
> >However, it took me quite a while to discover that these IP addresses 
>were
> >indeed duplicated.
> >
> >REASON or should I make it a question?  I think question would be better.
> >
> >Q: What do you think would happen if I was on Router A and telnetted to
> >172.16.130.5, would I telnet to Router A or B. :->
> >
> >A: This is why it took me a while to realise this.  I started debugging
> >adjacencies, blaming a new controller card which was the first time I had
> >used this in ISIS, everything bar the easy problem.  Mental Note for me
> >here
> >is don't dive in head first, always fault find the layers and remember 
>this
> >fault because it is nasty :- >
> >What made it worse was the customer sitting over my shoulder saying WHY
> >isn't this working, I knew we shouldn't have bought those new fangled
> >router
> >things!
> >
> >Oh the joys of life
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>

_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=707&t=707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP Commands [7:708]

[Hunt Lee]

Can anyone please explain to me what is the difference between the
command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"?
I have read the BSCN book between page 348 and 352 many times, but I'm
still very confused.  The book said "show ip bgp" displays BGP routing
table?? But I thought that should be "show ip route bgp".  Please help.

Regards,
Hunt Lee
IP Solution Analyst
Cable and Wireless




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=708&t=708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Commands [7:708]

[Tolanid]

Here is my understanding of the difference.  Hope it helps.

Show ip bgp shows you the "potential routes".  This is showing you the
routes that are in the BGP "forwarding table".  This is what BGP knows about
(sometime referred to as RIB).  These are the potential routes to be
injected into your routing table (show ip route bgp).

Your routing decision will be made from what you know in your "routing
table" - the one you can view by "Show ip route bgp"   command.

Hope this helps (and not confuse you more).  :)

Raj


"Hunt Lee"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can anyone please explain to me what is the difference between the
> command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"?
> I have read the BSCN book between page 348 and 352 many times, but I'm
> still very confused.  The book said "show ip bgp" displays BGP routing
> table?? But I thought that should be "show ip route bgp".  Please help.
>
> Regards,
> Hunt Lee
> IP Solution Analyst
> Cable and Wireless
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=709&t=708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Commands [7:708]

[Urooj's Hi-speed Internet]

Here is a little explanation.


"show ip bgp" shows the bgp routing table. This may or may not be different
from the IP routing table for a particular router.

"show ip bgp summ" shows the EBGP & IBGP neighbor/peer relationships that a
router has been able to establish.

"show ip route bgp" shows all the BGP routes (both IBGP & EBGP) that have
qualified to enter the IP routing table of a router. Again this may be a
subset of what is being seen with the first command "show ip bgp"

I have a feeling that you may still need to do a lot of reading as all this
is very basic to BGP. I would also say the same thing that has been
repeatedly said on this list many times that Bassam Halabi's "INTERNET
ROUTING ARCHITECTURES" is one of the best books to learn about BGP.

Aziz S. Islam

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hunt Lee
Sent: Sunday, April 15, 2001 9:21 AM
To: [EMAIL PROTECTED]
Subject: BGP Commands [7:708]


Can anyone please explain to me what is the difference between the
command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"?
I have read the BSCN book between page 348 and 352 many times, but I'm
still very confused.  The book said "show ip bgp" displays BGP routing
table?? But I thought that should be "show ip route bgp".  Please help.

Regards,
Hunt Lee
IP Solution Analyst
Cable and Wireless
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=710&t=708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Commands [7:708]

[Howard C. Berkowitz]

>Can anyone please explain to me what is the difference between the
>command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"?
>I have read the BSCN book between page 348 and 352 many times, but I'm
>still very confused.  The book said "show ip bgp" displays BGP routing
>table?? But I thought that should be "show ip route bgp".  Please help.
>
>Regards,
>Hunt Lee
>IP Solution Analyst
>Cable and Wireless


You are dealing with two tables, at the very least.  Some are 
conceptual or stored as part of other tables.  Let me work through 
the flow.

Incoming BGP updates, before filtering, go into the Adj-RIB-In

After filtering, which is primarily on a per-peer basis, the 
remaining updates go into a BGP-only table called the Loc-RIB.  This 
table contains all the BGP potential routes that passed acceptance 
filtering, and is router-wide.  It also indicates which are the 
"best" BGP routes to a given destingation.

"show ip bgp" displays the Loc-RIB.

Next, all "best" routes from the Loc-RIB are sent to the main IP 
routing table, where they compete with potential routes from all 
other sources. "show ip route" shows the active routes to all 
destinations.  "show ip route bgp" shows the subset of those routes 
that was learned from BGP.

An example:

  BGP has two routes to 172.16.1.0/24 and to 172.16.2.0/24.
  It picks a best route to each. Let's say that has a next hop of 
192.168.1.1
  Show ip bgp would show all four, with an asterisk on the two best.

The two 172.16.1.0/24 and 172.16.2.0/24 routes, with a next hop of
192.168.1.1,
are sent to the main routing table installation process.

Assume that the router also has a static route with administrative 
distance 1 to 172.16.2.0/24. That has equal specificity to the second 
BGP route, but the administrative distance is more preferred.

When you do a "show ip route", you will see routes to both 
destination, but with a static source to 172.16.2.0 and a BGP source 
for 172.16.1.0.

If you do a "show ip route bgp", you will only see the route to 
172.16.1.0, because that is the only active route with a BGP source.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=711&t=708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: back to back cables [7:527]

[Ray Mosely]

OK, for those of you who continue to be
incredulous, let me spell this out.
We have a budget with budget lines.  Commodities
fall under $100, and equipment is over $100.
Third party cables would be commodities, and
there isn't enough money in that budget line
to buy cables, because somebody else didn't
put enough money in that budget line.

On the other hand, there's too much money in
the equipment budget line, so if we buy Cisco
cables bundled with a Cisco router, then we
can actually get cables that will work.  Even
if our supplier had third party cables (which
it doesn't), we can't legitimately make the
bookkeepers think that this is a manufacturer's
bundle.  So I have to buy Cisco cables at $150
a set, instead of third party cables at $50 a
piece.

Now, I'm not sure that any of this has anything
to do with Cisco routers/routing, which is why
I did NOT say any of this to begin with.  I said
simply that I could not buy third party cables,
which is true and the only fact that is truly
relevant.  So hopefully, we can lay this to rest.


Unless someone has the part number for an actual
Cisco back to back cable, which is all that I asked
for in the first place, I would like to see
this thread buried.

Thanks to everyone for their advice,
Ray Mosely
CCNA, MCSE

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Sunday, April 15, 2001 2:06 AM
To: [EMAIL PROTECTED]
Subject: RE: back to back cables [7:527]


Wow, why not?  Does your employer make a habit of spending three times as
much as necessary?  :-)  Just kidding...

If that's the case, then go with the part numbers I gave you.  For the sake
of performance you'll want to go with the v.35 cables.

John

|  It's simple.  Cisco doesn't, to my knowledge,
|  make a back to back cable.  I'm not allowed to
|  order a third party cable.
|  Ray M.
|
|  -Original Message-
|  From: John Neiberger [mailto:[EMAIL PROTECTED]]
|  Sent: Friday, April 13, 2001 4:42 PM
|  To: [EMAIL PROTECTED]
|  Cc: [EMAIL PROTECTED]
|  Subject: Re: back to back cables [7:527]
|
|
|  Do I even dare ask why you are allowed to use two regular cables but not
|  a back to back cable?
|
|  Hmm... while writing that I just thought of one good reason.  Whenever
|  I order a back-to-back cable I usually get an RS-232 cable.  This would
|  tend to limit the clock rate between the two routers.  If I needed a
|  higher speed I'd have to find a V.35 back to back cable which seem to be
|  harder to find.
|
|  If you want V.35:
|
|  CAB-V35MT=
|  CAB-V35FC=
|
|  If you want RS-232:
|
|  CAB-232MT=
|  CAB-232FC=
|
|  HTH,
|  John
|
|  >>> "Ray Mosely"  4/13/01 4:29:14 PM >>>
|  I'm sorry to bring up this old old old
|  thread, but I'm in a situation where I
|  need a back to back cable for some 2501's,
|  but I'm not allowed to use a back to back
|  cable.
|
|  There are two bona fide Cisco cables which
|  can be hooked together to make one back
|  to back cable (at three times the price
|  of a back to back).  Anybody know the
|  part numbers of the Cisco cables?  It's
|  for back to back on the WAN ports.
|
|  Thanks,
|  Ray Mosely
|  CCNA, MCSE
|  FAQ, list archives, and subscription info:
|  http://www.groupstudy.com/list/cisco.html
|  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
|
|
|
|
|  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
|  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=712&t=527
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF ? [7:624]

[Dale Frohman]

I have an as5300 that i am advertising the pool addresses via ospf.  I am
redistributing static and conected subnets.  However when i do a sh ip
route xxx.xxx.xxx.0 i am seeing two or three entries like:

U   xxx.xxx.xxx.0/24 [1/0] via xxx.xxx.xxx.99 <-- 1 of the pool ips


This is causing the LSA to age out prematurely (every 14 seconds or so)  
and our routers are dropping the routes to this class c of pool ips.  
Right now as a temp fix i have a static route in our router.

Any thoughts on how to get that per-user static route to not show up?

Thanks

Dale

p.s. I am new to OSPF so go easy on me :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=624&t=624
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF ? [7:685]

[Dale Frohman]

I have an as5300 that i am advertising the pool addresses via ospf.  I am
redistributing static and conected subnets.  However when i do a sh ip
route xxx.xxx.xxx.0 i am seeing two or three entries like:

U   xxx.xxx.xxx.0/24 [1/0] via xxx.xxx.xxx.99 <-- 1 of the pool ips


This is causing the LSA to age out prematurely (every 14 seconds or so)  
and our routers are dropping the routes to this class c of pool ips.  
Right now as a temp fix i have a static route in our router.

Any thoughts on how to get that per-user static route to not show up?

Thanks

Dale

p.s. I am new to OSPF so go easy on me :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=685&t=685
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ethernet vs. Fast Ethernet [7:515]

[Marty Adkins]

Priscilla Oppenheimer wrote:
> 
> At 06:12 PM 4/13/01, Irwin Lazar wrote:
> 
> >I know a few years ago several interface cards, especially those from
Intel,
> >had a heck of a time auto negotiating with Cisco Catalyst 5xxx's, but I'd
> >imagine these problems are resolved by now.  (It shows you how long it has
> >been since I've actually touched a real network. :-)   )
> 
> Not much has changed! Auto-negotation seems to still be a disaster. We hear
> complaints about it not working all the time. Does anyone have a technical
> answer (or URL) that explains why it behaves so badly? Just trying to
> learn. Thanks..
> 
I wouldn't go so far as to characterize it as a disaster, as it does
usually work.  More specifically, speed almost always negotiates or
auto-senses correctly.  And if it didn't, someone would investigate
immediately and correct it.  Duplex negotiation is done after the speed
is set, and that sometimes incorrectly auto-negotiates.  When that happens,
everything does work, but there will be a performance impact that is
totally dependent on the probability of simultaneous traffic in both
directions.  Hence, a workstation with a single-tasking user may not
exhibit a symptom, while a server could be severely impacted.  As others
have mentioned here in previous posts, look for "late collisions" on the
half-duplex side.

Some specific reasons I know of or have experienced that cause
autonegotiation to fail:
a) Older drivers for 10/100 NICs that just didn't do it right -- I ran
   into this with the Compaq Netflex III.  Updated driver solved it.

b) Early 10/100 NICs based on the National Semiconductor DP83840 chip
   failed to negotiate duplex correctly, if the cable length was between
   35-41 meters (a typical office length!).  NatSemi corrected this flaw in
   the DP83840A version, but all the existing products were stuck with this
   limitation.  Not only did this include some desktop NICs, but also
   some early Cat5000 blades.  See CCO bug IDs CSCdj53500 and CSCdj53272.

c) Say one side, the switch, is set for auto-negotiate, and the other
   side, a desktop, is set to 10/half.  Everything negotiates fine.
   Now what if the desktop changes its setting on the fly to 100Mbps.
   The 100Mbps fast link pulses produce enough signal in the frequency
   band of the 10Mbps link pulses, such that the 10Mb side never sees a
   loss of signal, so it doesn't realize there is a need to re-negotiate!
   One way this happens is when the desktop O/S changes it while booting.
   Even more subtle and less noticed is if the speed doesn't change but
   the O/S changes the duplex.
   The fix is to have the O/S driver momentarily drop signal whenever speed
   or duplex are modified.  I recall 3Com 3C905 PCI cards and their driver
   producing this symptom.  Workaround: pull the cable out/in or cycle the
   port.  See CCO bug ID CSCdk28412.

If anyone would like to read more than you want to know about
auto-negotation,
read http://www.scyld.com/expert/NWay.html, written by Bill Bunch of
National Semiconductor.  NatSemi contributed the technique to 802.3u.

If you want to read about conformance testing, including auto-negotiation,
peruse:
http://www.iol.unh.edu/testsuites/fe/index.html at
http://www.iol.unh.edu/consortiums/fe/index.html

If you're into hardware chipsets, then follow the links at:
http://www.scyld.com/expert/100mbps.html

And as a great place to start on anything about Ethernet, Charles Spurgeon's
site at U. Texas is still great: http://wwwhost.ots.utexas.edu/ethernet/

  Marty Adkins Email: [EMAIL PROTECTED]
  Mentor Technologies  Phone: 240-568-6526
  133 National Business Pkwy   WWW: http://www.mentortech.com
  Annapolis Junction, MD  20701Cisco CCIE #1289




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=659&t=515
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: subnets [7:638]

[David Chandler]

No problem:

#1. The addresses listed do not overlap (all different class Bs), and EIGRP
handles
VLSM.  **see #2**

#2. EIGRP by default auto-summarizes at classful boundries, so either use NO
IP
AUTO-SUMMARY, or make sure you don't create multiple clouds of
172.20.xxx.xxx/24
networks.

DaveC



SH Wesson wrote:

> Our existing network consists of a flat network at 172.16.0.0 with a mask
of
> 255.255.0.0 and 172.31.0.0 with a mask of 255.255.0.0.  Since it is flat,
> the networks are 172.16.2.0 - 172.16.12.0 mask 255.255.0.0.  EIGRP is
> running.  Now, the question I have is, if I create new subnets to segment
> the place with networks like 172.20.10.0, 172.20.11.0, 172.12.0, etc all
> with masks of 255.255.255.0 and if I run EIGRP also.  If I were to run both
> the above networks at once and within the same EIGRP process, would it
cause
> any problems.  Thanks.
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=654&t=638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF ? [7:651]

[Dale Frohman]

I have an as5300 that i am advertising the pool addresses via ospf.  I am
redistributing static and conected subnets.  However when i do a sh ip
route xxx.xxx.xxx.0 i am seeing two or three entries like:

U   xxx.xxx.xxx.0/24 [1/0] via xxx.xxx.xxx.99 <-- 1 of the pool ips


This is causing the LSA to age out prematurely (every 14 seconds or so)  
and our routers are dropping the routes to this class c of pool ips.  
Right now as a temp fix i have a static route in our router.

Any thoughts on how to get that per-user static route to not show up?

Thanks

Dale

p.s. I am new to OSPF so go easy on me :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=651&t=651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: subnets [7:638]

[David Chandler]

No problem:

#1. The addresses listed do not overlap (all different class Bs), and EIGRP
handles
VLSM.  **see #2**

#2. EIGRP by default auto-summarizes at classful boundries, so either use:

(config-router)#NO AUTO-SUMMARY  {on all eigrp routers.}

Or make just make sure you don't create multiple clouds of 172.20.xxx.xxx/24
networks.



DaveC





SH Wesson wrote:

> Our existing network consists of a flat network at 172.16.0.0 with a mask
of
> 255.255.0.0 and 172.31.0.0 with a mask of 255.255.0.0.  Since it is flat,
> the networks are 172.16.2.0 - 172.16.12.0 mask 255.255.0.0.  EIGRP is
> running.  Now, the question I have is, if I create new subnets to segment
> the place with networks like 172.20.10.0, 172.20.11.0, 172.12.0, etc all
> with masks of 255.255.255.0 and if I run EIGRP also.  If I were to run both
> the above networks at once and within the same EIGRP process, would it
cause
> any problems.  Thanks.
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=689&t=638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Flash [7:713]

[RamG]

Hello Gang -  I am looking for 8 MB flash for 2501 & 2502.  Can someone help
with the link.  I tried browsing the net and found couple of sites where
they sell 8MB flash for USD.199.  I am looking for something less.  I tried
ebay.  Either the shipping is way too high or the seller is not interested
to ship to Canada.  Any help would be appreciated.

Thanks  /  RamG




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=713&t=713
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Optical Qualification Beta (Exam 351-020) [7:714]

[Scott Jensen]

Hello Everybody!

I was just curious if anyone has scheduled to sit in on the CCIE Optical
Beta?

http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html

I see the beta is only US$50.  After reviewing the CCIE Blueprint, does
anyone have any thoughts on how difficult the exam may be?

I see the Blueprint lists the Cisco ONS 15900, but I believe I saw a press
release that this product has been discontinued?  Can anyone verify this?

Thanks In Advance!

Happy Easter!


Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=714&t=714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on dsl [7:321]

[Chris Larson]

Actually you can get IPSEC to work with nat. The problem lies within the
procedure on the router. Packets are nat'ed before the IPSEC process takes
place.

Here is a link dealing with IPSEC and nat. I am sure if you search around
there will be more. This link deals with one side doind NAT and IPSEC and
the other being all public.

http://www.cisco.com/warp/public/707/overload_public.html

Here is another dealing with IPSEC NAT and the PIX


http://www.cisco.com/warp/public/707/ipsecnat.html





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Charles Manafa
Sent: Thursday, April 12, 2001 8:37 AM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on dsl [7:321]


VPN does not work when IPSEC packets are NAT'd. One of the reasons why this
doesn't work is that packet authentication will fail when the packet is
NAT'd - the calculated hash will not match after NAT has been applied.

Charles

-Original Message-
From: Elijah Savage
To: [EMAIL PROTECTED]
Sent: 12/04/01 12:11
Subject: Passing IPSEC packets on dsl [7:321]

All,

I purchased a 1605 from eBay for my home lab. I decided to play with it
a bit on my DSL circuit. I am using NAT on this router, and everything
works fine except that now I can't vpn from the inside. Example, trying
to establish a vpn connection from a client on my local network in to
our vpn router at my place of employment. Of course with the netgear dsl
router it passes those ipsec packets. I was wondering if anyone has
tried this before and been able to make this happen.

Thanks in advance.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=715&t=321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab Prep Courses [7:716]

[Bruce Williams]

I am trying to get various opinions of several CCIE Lab Prep courses. I
already know about MentorTech's ECP1. I am already registered for that class
in August. I want to know if anyone has opinions on these courses.

BNetsys CCIE Courses
Global Knowledge ANEW

Bruce Williams
[mailto:[EMAIL PROTECTED]]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=716&t=716
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Can you change Telnet's well known port? [7:717]

[Fred Danson]

>I don't know that they do, but the Linksys does support port >redirection. 
>Just point the standard telnet port (23) at your inside >router.  Once on 
>one inside router you can telnet around to others >inside, or you can also 
>point other ports from the outside to inside >port 23.  The biggest 
>limitation that the Linksys has is that it can >only handle one public 
>address (I don't know if the NetGear or anything >else can handle more).  
>Not really a big deal unless you've got a bunch >of gamers that want to be 
>able to play against each other and the >outside world, and they need to 
>have the same outside public port >mapped to play.
>
>Anyway, here is what you could do
> PublicPrivate
>63.1.1.1 :23192.168.1.23 :23
>63.1.1.1 :24192.168.1.24 :23
>63.1.1.1 :25192.168.1.25 :23
>63.1.1.1 :26192.168.1.26 :23

I wasn't aware that it is possible to manipulate the port used to telnet. So 
using your example above, I would telnet to device 1 using the outside 
destination port of 23, telnet to device 2 using the outside destination 
port of 24, telnet to device 3 using the outside destination port of 25? Is 
it possible to do this? Would telnet work with ports other than 23? Could 
anyone clarify this please?

Thanks for the help,
Fred

>Of course, you might want to pick better ports, but if you don't care about
>housing services public services on the inside, it should work.
>
>My personal suggestion would be to set up an old 486 and run Linux and 
>SSHv2
>so that you can SSH in on port 22, and once on the Linux box on the inside,
>telnet to your routers.  That way it's all encrypted and no chance of
>someone hijacking your lab.  Plus, you can log all the connections to the
>Linux box and have a user list to control access.  Of course, there is a
>little bit of a learning curve to get that configured, but it's not that 
>bad
>with RH7 and a standard NIC.
>
>--
>Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
>List email: [EMAIL PROTECTED]
>Homepage: http://jason.artoo.net/
>
>
>
>""Fred Danson""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hey Group,
> >
> > This is a continuation of the NAT capabilities of small Netgear/Linksys
> > router Post. I am curious, would it be possible for me to do a telnet 
>from
> > my remote site to the small router, and then do another telnet from the
> > small router to the inside devices? This would pretty much be a double
> > telnet (if there is such a thing). Does anyone know if most of these 
>small
> > routers support outgoing telnet sessions?
> >
> > Thanks again for the help,
> > Fred
> > _
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>

_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=717&t=717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Alcatel 1641 SM [7:718]

[sipitung]

Hi group

Is there anyone have experience with Alcatel 1641 SM (ADM for STM-1) ?
I just wanted to know standard configuration for Alcatel 1641 SM. Can this
box supported software loopback ?
I rather difficult to find out any information that i want in alcatel
website, have you any idea to help me out of this problem ?
Any document or url which described configuration this box will be
appreciated.
Thanks in advance.

Regards
sipitung




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=718&t=718
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: sdh/sonet framing [7:700]

[Scott Jensen]

Sipitung,

Try this link for find info on SONET/SDH:

http://www.aloni.com/CND/CNDest.asp?TOCId=Telecom&TopicID=SONET


Simple Diagram:
(Drop) Term Multiplexer (Line) Add Drop MultiplexerIR(Line) Term
Multiplexer (Drop)

Terminal - Terminates OC-n (Drop side and Line side)
Add/Drop - Allows one to Add/Drop channels mid-span
Intermediate Regenerator - (2R/3R) boosts and cleans signal for extra
length.


May want to familiar yourself with basic terms:  attenuation, dispersion,
non-linear effects, etc.

If you have any others questions, please email me at [EMAIL PROTECTED]

This link should be a good starting point...

Hope this helps!


Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=719&t=700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Helper-address questions [7:247]

[Michael Snyder]

I happen to be a ccnp and mcse.  I get how ip helper-address works.  Also
work with microsoft dhcp servers.

How do you setup a scope for a remote subnet, and how does the dhcp server
know how to hand out the correct ip leases for a non-connected subnet?

Does the dhcp server look at the source address of the interface of the
forwarded helper-address packets?  Then match up the correct scope with the
router interface ip address?




""Jason J. Roysdon""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Here's a fun link explaining ip helper:
> http://routergod.com/trinity/
>
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
>
>
>
> ""Muhammed Khalilullah""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Actually, the IP helper command is placed on the
> > interface that is recieving the broadcasts. Now you
> > have to decide which router is supposed to recieve the
> > broadcasts. But in usual case, Clients usually try to
> > communcate with the PDC for authentication and other
> > stuffs. So, i think it would work to configure ip
> > helper-address w.x.y.z on the ethernet interface of
> > router 1 only (where w.x.y.z is the ip address of your
> > PDC, but if you have multiple PDCs then you have to
> > give the directed-broadcast address and also have to
> > use ip directed-broadcast command).
> >
> > I hope this will work
> >
> > Muhammad Khalilullah
> > CCNP, MCSE
> >
> > --- David Eitel  wrote:
> > > I have two routers connected via  serial point to
> > > point link. Router 1 has
> > > an ethernet segment with PDC info I want forwarded
> > > to Router 2 ethernet
> > > segment. No ip directed broadcast is configured on
> > > all interfaces. I want
> > > netbios traffic passed from one segment to the
> > > other. I have placed an IP
> > > helper-address statement on the ethernet interface
> > > needing the help. Do I
> > > need to use the ip helper-address on all interfaces
> > > to the source ip
> > > helper-address? Is the ip forward-protocol also
> > > necessary? Any advice would
> > > be greatly appreciated
> > >
> > > David Eitel
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
> >
> > __
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=720&t=247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

To - Kivas Waters [7:721]

[Dennis Laganiere]

Thanks for the list of errors from the cramsession.  I'll put then together
with some observations from a few others, including Pricilla, and try and
get them to publish an update.  

Thanks again...

--- Dennis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=721&t=721
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you change Telnet's well known port? [7:717]

[Carroll Kong]

At 01:32 PM 4/15/01 -0400, Fred Danson wrote:
> >Anyway, here is what you could do
> > PublicPrivate
> >63.1.1.1 :23192.168.1.23 :23
> >63.1.1.1 :24192.168.1.24 :23
> >63.1.1.1 :25192.168.1.25 :23
> >63.1.1.1 :26192.168.1.26 :23
>
>I wasn't aware that it is possible to manipulate the port used to telnet. So
>using your example above, I would telnet to device 1 using the outside
>destination port of 23, telnet to device 2 using the outside destination
>port of 24, telnet to device 3 using the outside destination port of 25? Is
>it possible to do this? Would telnet work with ports other than 23? Could
>anyone clarify this please?
>
>Thanks for the help,
>Fred

Absolutely.  They are just daemons using a socket library.  They can bind 
to any port they want and you can get the same result.  As long as the 
client connects to the write server listening port, they do not care.  The 
main reason why they initially set it up so that certain ports belong to 
certain services is to avoid confusion on the clients.  So client software 
can be written to always connect to the 'well-known' port as opposed to 
some random port.  Any well written client can choose which port to connect 
to, and if not specified, they default to the well known port.

telnet 63.1.1.1 26
that would work for most telnet clients.

However, this is not the case up here.  In this case, even more the reason 
why it would work.

Specifically here though, we are just redirecting from the external ip:port 
to some internal ip:port.  We are still communicating with an inside host 
at port 23 (well known telnet port).  All they are doing up there is 
remapping from external ip:port to internal ip:port.  However, always 
remember, a daemon can bind to any port they want.  You can tell your unix 
telnetd to bind to port 3922 or some other port.

I suppose it is some feeble form of security, but since a good portscanner 
will find your "hidden" daemon anyway, I would not try to use this as a 
form of security.  (i.e., putting listening ports on say 6073).

-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=722&t=717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you change Telnet's well known port? [7:717]

[Fred Danson]

Thanks for the info,

Does the telnet client that is built into Windows2000 Professional allow 
changing of the destination port? Could I just click start --> Run and type 
in telnet 63.1.1.1 :24 ??

Thanks in Advance,
Fred


>From: Carroll Kong 
>To: "Fred Danson" 
>CC: [EMAIL PROTECTED]
>Subject: Re: Can you change Telnet's well known port? [7:717]
>Date: Sun, 15 Apr 2001 13:26:34 -0500
>
>At 01:32 PM 4/15/01 -0400, Fred Danson wrote:
>> >Anyway, here is what you could do
>> > PublicPrivate
>> >63.1.1.1 :23192.168.1.23 :23
>> >63.1.1.1 :24192.168.1.24 :23
>> >63.1.1.1 :25192.168.1.25 :23
>> >63.1.1.1 :26192.168.1.26 :23
>>
>>I wasn't aware that it is possible to manipulate the port used to telnet. 
>>So
>>using your example above, I would telnet to device 1 using the outside
>>destination port of 23, telnet to device 2 using the outside destination
>>port of 24, telnet to device 3 using the outside destination port of 25? 
>>Is
>>it possible to do this? Would telnet work with ports other than 23? Could
>>anyone clarify this please?
>>
>>Thanks for the help,
>>Fred
>
>Absolutely.  They are just daemons using a socket library.  They can bind
>to any port they want and you can get the same result.  As long as the
>client connects to the write server listening port, they do not care.  The
>main reason why they initially set it up so that certain ports belong to
>certain services is to avoid confusion on the clients.  So client software
>can be written to always connect to the 'well-known' port as opposed to
>some random port.  Any well written client can choose which port to connect
>to, and if not specified, they default to the well known port.
>
>telnet 63.1.1.1 26
>that would work for most telnet clients.
>
>However, this is not the case up here.  In this case, even more the reason
>why it would work.
>
>Specifically here though, we are just redirecting from the external ip:port
>to some internal ip:port.  We are still communicating with an inside host
>at port 23 (well known telnet port).  All they are doing up there is
>remapping from external ip:port to internal ip:port.  However, always
>remember, a daemon can bind to any port they want.  You can tell your unix
>telnetd to bind to port 3922 or some other port.
>
>I suppose it is some feeble form of security, but since a good portscanner
>will find your "hidden" daemon anyway, I would not try to use this as a
>form of security.  (i.e., putting listening ports on say 6073).
>
>-Carroll Kong
>

_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=723&t=717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: designing subnets with all ones/zeros.. [7:695]

[David Chandler]

Chuck

Thanks for the proof read  :>

Bellow is the cisco page & part of the doc relating to zero subnets.
To me it reads "don't; because we say so"

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdipadr.htm#xtocid105602

---
Enabling Use of Subnet Zero

Subnetting with a subnet address of zero is illegal and strongly discouraged
(as
stated in RFC 791) because of the confusion that can arise between a network
and
a
subnet that have the same addresses. For example, if network 131.108.0.0 is
subnetted as 255.255.255.0, subnet zero would be written as
131.108.0.0which is

identical to the network address.

You can use the all zeros and all ones subnet (131.108.255.0), even though
it is
discouraged. Configuring interfaces for the all ones subnet is explicitly
allowed.
However, if you need the entire subnet space for your IP address, use the
following command in global configuration mode to enable subnet zero:
---

You mentioned that Windows is not rfc1812 compiant and that it allows wacky
subnets and disallows some valid subnets.  Was that trial & error or has
microsoft documented this? I hate spending an hour looking for a document
that
is not there...

Thanks

DaveC


Chuck Larrieu wrote:

> Comments within:
>
> -Original Message-
> From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> David Chandler
> Sent:   Saturday, April 14, 2001 11:25 PM
> To: [EMAIL PROTECTED]
> Subject:designing subnets with all ones/zeros.. [7:695]
>
> I have two questions regarding using the all ones and/or the all zeros
> subnet.
>
> Recently one of my co-workers started studying for CCNA and while
> reviewing subnets he kept telling me that you could not use the all zero
> or all ones subnet.
>
> CL:  classically speaking this is true. Early implementations, etc. these
> days this is no longer the case
>
> The Win95, NT, and LINUX hosts didn't have a
> problem with it nor did the routers.
>
> CL: a long time ago on this list we had a discussion of wacky subnet masks.
> In the course of researching this, I found that the windows IP stack was
not
> rfc 1812 compliant in that it allowed discontiguous / wacky / non
contiguous
> ones subnet masks, and that windows also categorically denied use of
certain
> legitimate ip addresses. Such as 172.16.1.255/16  I believe that this is
> corrected in Win2K
>
>  I tested it with RIP & EIGRP.
> (skipped OSPF since it is classful).
>
> CL: I believe you meant to say "classless" ;->
>
> I found that Cisco and others vendors agree that it will work, but they
> "Strongly discourage using the all ones or all zeros subnets"
>
> CL: where did you find language about "strongly discourage"?
>
> PS: if some of you try testing this; note that prior to 12.1 you'll need
> to enter
> (config)# ip zero-subnet
> before the router will accept a zero subnet on a interface. Starting in
> 12.1 the zero subnet is enabled by default.
>
> CL: ip subnet-zero
>
> Question #1: What type problems could you run into by using a all
> ones/zero subnet.
>
> CL: issues with older equipment / obsolete equipment / old OS versions
>
> Question #2: For you folks that are in design; Do you follow or
> ignore the "DO NOT USE ALL ONES/ZEROS" rule?
>
> CL: use both all the time. Of course I sell new Cisco equipment, so there
is
> no issue with most customers. Or I sell EIGRP or OSPF designs. Same thing.
> ;->
>
> I'm trying to get a real world idea of what the standard practice is.
> I work at a large corp, so I haven't a clue what sane people do.
>
> CL: so do I and neither do I.
>
> DaveC
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=724&t=695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you change Telnet's well known port? [7:717]

[Jason J. Roysdon]

ipaddress port' from the command line/run (telnet ipaddress:port from the
command line fails to work properly and just reports that it cannot
connect).  I suggest getting TeraTerm for a much better telnet/serial
program.  You can change the telnet:// URL to launch it instead of the
Windows telnet.exe.

If you want a quick test, I've got a bgp daemon running on my Linux box
(looks very much like Cisco IOS):
telnet://artoo.net:2605 and the vty password is 'bgp' (sorry, no enable
access for the masses).


At first I thought you were asking about the telnet service that Win2k has,
so I'd written up this reply before I re-read what you asked:

Yes, but remember that just changing the port is very weak security that any
portscanner will be able to find:
Start - Settings - Control Panel - Administrative Tools - Telnet Server
Administrator:

Microsoft (R) Windows 2000 (TM) (Build 2195)
Telnet Server Admin (Build 5.00.99201.1)

Select one of the following options:


0) Quit this application
1) List the current users
2) Terminate a user session ...
3) Display / change registry settings ...
4) Start the service
5) Stop the service

Type an option number [0 - 5] to select that option: 3


Select one of the following options:

0) Exit this menu
1) AllowTrustedDomain
2) AltKeyMapping
3) DefaultDomain
4) DefaultShell
5) LoginScript
6) MaxFailedLogins
7) NTLM
8) TelnetPort
Type an option number [0 - 8] to select that option: 8
Current value of TelnetPort = 23
Do you want to change this value ? [y/n]

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Fred Danson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks for the info,
>
> Does the telnet client that is built into Windows2000 Professional allow
> changing of the destination port? Could I just click start --> Run and
type
> in telnet 63.1.1.1 :24 ??
>
> Thanks in Advance,
> Fred
>
>
> >From: Carroll Kong
> >To: "Fred Danson"
> >CC: [EMAIL PROTECTED]
> >Subject: Re: Can you change Telnet's well known port? [7:717]
> >Date: Sun, 15 Apr 2001 13:26:34 -0500
> >
> >At 01:32 PM 4/15/01 -0400, Fred Danson wrote:
> >> >Anyway, here is what you could do
> >> > PublicPrivate
> >> >63.1.1.1 :23192.168.1.23 :23
> >> >63.1.1.1 :24192.168.1.24 :23
> >> >63.1.1.1 :25192.168.1.25 :23
> >> >63.1.1.1 :26192.168.1.26 :23
> >>
> >>I wasn't aware that it is possible to manipulate the port used to
telnet.
> >>So
> >>using your example above, I would telnet to device 1 using the outside
> >>destination port of 23, telnet to device 2 using the outside destination
> >>port of 24, telnet to device 3 using the outside destination port of 25?
> >>Is
> >>it possible to do this? Would telnet work with ports other than 23?
Could
> >>anyone clarify this please?
> >>
> >>Thanks for the help,
> >>Fred
> >
> >Absolutely.  They are just daemons using a socket library.  They can bind
> >to any port they want and you can get the same result.  As long as the
> >client connects to the write server listening port, they do not care.
The
> >main reason why they initially set it up so that certain ports belong to
> >certain services is to avoid confusion on the clients.  So client
software
> >can be written to always connect to the 'well-known' port as opposed to
> >some random port.  Any well written client can choose which port to
connect
> >to, and if not specified, they default to the well known port.
> >
> >telnet 63.1.1.1 26
> >that would work for most telnet clients.
> >
> >However, this is not the case up here.  In this case, even more the
reason
> >why it would work.
> >
> >Specifically here though, we are just redirecting from the external
ip:port
> >to some internal ip:port.  We are still communicating with an inside host
> >at port 23 (well known telnet port).  All they are doing up there is
> >remapping from external ip:port to internal ip:port.  However, always
> >remember, a daemon can bind to any port they want.  You can tell your
unix
> >telnetd to bind to port 3922 or some other port.
> >
> >I suppose it is some feeble form of security, but since a good
portscanner
> >will find your "hidden" daemon anyway, I would not try to use this as a
> >form of security.  (i.e., putting listening ports on say 6073).
> >
> >-Carroll Kong
> >
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=726&t=717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can you change Telnet's well known port? [7:717]

[Jason J. Roysdon]

Yes, but remember that just changing the port is very weak security that any
portscanner will be able to find:
Start - Settings - Control Panel - Administrative Tools - Telnet Server
Administrator:

Microsoft (R) Windows 2000 (TM) (Build 2195)
Telnet Server Admin (Build 5.00.99201.1)

Select one of the following options:


0) Quit this application
1) List the current users
2) Terminate a user session ...
3) Display / change registry settings ...
4) Start the service
5) Stop the service

Type an option number [0 - 5] to select that option: 3


Select one of the following options:

0) Exit this menu
1) AllowTrustedDomain
2) AltKeyMapping
3) DefaultDomain
4) DefaultShell
5) LoginScript
6) MaxFailedLogins
7) NTLM
8) TelnetPort
Type an option number [0 - 8] to select that option: 8
Current value of TelnetPort = 23
Do you want to change this value ? [y/n]

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Fred Danson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks for the info,
>
> Does the telnet client that is built into Windows2000 Professional allow
> changing of the destination port? Could I just click start --> Run and
type
> in telnet 63.1.1.1 :24 ??
>
> Thanks in Advance,
> Fred
>
>
> >From: Carroll Kong
> >To: "Fred Danson"
> >CC: [EMAIL PROTECTED]
> >Subject: Re: Can you change Telnet's well known port? [7:717]
> >Date: Sun, 15 Apr 2001 13:26:34 -0500
> >
> >At 01:32 PM 4/15/01 -0400, Fred Danson wrote:
> >> >Anyway, here is what you could do
> >> > PublicPrivate
> >> >63.1.1.1 :23192.168.1.23 :23
> >> >63.1.1.1 :24192.168.1.24 :23
> >> >63.1.1.1 :25192.168.1.25 :23
> >> >63.1.1.1 :26192.168.1.26 :23
> >>
> >>I wasn't aware that it is possible to manipulate the port used to
telnet.
> >>So
> >>using your example above, I would telnet to device 1 using the outside
> >>destination port of 23, telnet to device 2 using the outside destination
> >>port of 24, telnet to device 3 using the outside destination port of 25?
> >>Is
> >>it possible to do this? Would telnet work with ports other than 23?
Could
> >>anyone clarify this please?
> >>
> >>Thanks for the help,
> >>Fred
> >
> >Absolutely.  They are just daemons using a socket library.  They can bind
> >to any port they want and you can get the same result.  As long as the
> >client connects to the write server listening port, they do not care.
The
> >main reason why they initially set it up so that certain ports belong to
> >certain services is to avoid confusion on the clients.  So client
software
> >can be written to always connect to the 'well-known' port as opposed to
> >some random port.  Any well written client can choose which port to
connect
> >to, and if not specified, they default to the well known port.
> >
> >telnet 63.1.1.1 26
> >that would work for most telnet clients.
> >
> >However, this is not the case up here.  In this case, even more the
reason
> >why it would work.
> >
> >Specifically here though, we are just redirecting from the external
ip:port
> >to some internal ip:port.  We are still communicating with an inside host
> >at port 23 (well known telnet port).  All they are doing up there is
> >remapping from external ip:port to internal ip:port.  However, always
> >remember, a daemon can bind to any port they want.  You can tell your
unix
> >telnetd to bind to port 3922 or some other port.
> >
> >I suppose it is some feeble form of security, but since a good
portscanner
> >will find your "hidden" daemon anyway, I would not try to use this as a
> >form of security.  (i.e., putting listening ports on say 6073).
> >
> >-Carroll Kong
> >
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=725&t=717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Helper-address questions [7:247]

[Jason J. Roysdon]

Yup, you got it.  Just set up the extra scope(s) for the subnet(s) you have
the ip helper-address enabled port(s) on.  The DHCP server sees the source
address (or perhaps network address/mask, I'm not sure the down and dirty
details), and sends an appropriate DHCP address from the scope that fits
that subnet.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Michael Snyder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I happen to be a ccnp and mcse.  I get how ip helper-address works.  Also
> work with microsoft dhcp servers.
>
> How do you setup a scope for a remote subnet, and how does the dhcp server
> know how to hand out the correct ip leases for a non-connected subnet?
>
> Does the dhcp server look at the source address of the interface of the
> forwarded helper-address packets?  Then match up the correct scope with
the
> router interface ip address?
>
>
>
>
> ""Jason J. Roysdon""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Here's a fun link explaining ip helper:
> > http://routergod.com/trinity/
> >
> > --
> > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> > List email: [EMAIL PROTECTED]
> > Homepage: http://jason.artoo.net/
> >
> >
> >
> > ""Muhammed Khalilullah""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Actually, the IP helper command is placed on the
> > > interface that is recieving the broadcasts. Now you
> > > have to decide which router is supposed to recieve the
> > > broadcasts. But in usual case, Clients usually try to
> > > communcate with the PDC for authentication and other
> > > stuffs. So, i think it would work to configure ip
> > > helper-address w.x.y.z on the ethernet interface of
> > > router 1 only (where w.x.y.z is the ip address of your
> > > PDC, but if you have multiple PDCs then you have to
> > > give the directed-broadcast address and also have to
> > > use ip directed-broadcast command).
> > >
> > > I hope this will work
> > >
> > > Muhammad Khalilullah
> > > CCNP, MCSE
> > >
> > > --- David Eitel  wrote:
> > > > I have two routers connected via  serial point to
> > > > point link. Router 1 has
> > > > an ethernet segment with PDC info I want forwarded
> > > > to Router 2 ethernet
> > > > segment. No ip directed broadcast is configured on
> > > > all interfaces. I want
> > > > netbios traffic passed from one segment to the
> > > > other. I have placed an IP
> > > > helper-address statement on the ethernet interface
> > > > needing the help. Do I
> > > > need to use the ip helper-address on all interfaces
> > > > to the source ip
> > > > helper-address? Is the ip forward-protocol also
> > > > necessary? Any advice would
> > > > be greatly appreciated
> > > >
> > > > David Eitel
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
> > > [EMAIL PROTECTED]
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Get email at your own domain with Yahoo! Mail.
> > > http://personal.mail.yahoo.com/
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=728&t=247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: back to back cables [7:527]

[Jason J. Roysdon]

That's got to be one of the lamest things I've ever heard.  I'd tell
accounting to stick it, and that unless they want to learn how to make
routers work and figure out the correct parts, that perfectly legitimate
third-party serial cables are no different than the Cisco blue & logo'd
cables other than that they cost a third of the cost.

That's like saying you won't by Kingston/etc DRAM or Flash at 1/2th to 1/4th
the cost of Cisco products.  Do you have the same limitations on this?  They
have the same "Cisco part no." but they're definitely not from Cisco's
vendors.

I would make a huge fuss over this and take it up as far as I had to, with
the message that accounting was making the company throw away money so items
would fit into the categories they wanted.  I don't know how many routers
you're having to buy for, but this sort of corporate waste just makes me go
ballistic.  It's the sort of thing the US Government is great at.

Worst case, here is how I'd get around it: When you order the cables, just
order 3-4 at a time so they come in at over $100 and tell the vendor you
want them to show as a line-item of quantity 1.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Ray Mosely""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> OK, for those of you who continue to be
> incredulous, let me spell this out.
> We have a budget with budget lines.  Commodities
> fall under $100, and equipment is over $100.
> Third party cables would be commodities, and
> there isn't enough money in that budget line
> to buy cables, because somebody else didn't
> put enough money in that budget line.
>
> On the other hand, there's too much money in
> the equipment budget line, so if we buy Cisco
> cables bundled with a Cisco router, then we
> can actually get cables that will work.  Even
> if our supplier had third party cables (which
> it doesn't), we can't legitimately make the
> bookkeepers think that this is a manufacturer's
> bundle.  So I have to buy Cisco cables at $150
> a set, instead of third party cables at $50 a
> piece.
>
> Now, I'm not sure that any of this has anything
> to do with Cisco routers/routing, which is why
> I did NOT say any of this to begin with.  I said
> simply that I could not buy third party cables,
> which is true and the only fact that is truly
> relevant.  So hopefully, we can lay this to rest.
>
>
> Unless someone has the part number for an actual
> Cisco back to back cable, which is all that I asked
> for in the first place, I would like to see
> this thread buried.
>
> Thanks to everyone for their advice,
> Ray Mosely
> CCNA, MCSE
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> John Neiberger
> Sent: Sunday, April 15, 2001 2:06 AM
> To: [EMAIL PROTECTED]
> Subject: RE: back to back cables [7:527]
>
>
> Wow, why not?  Does your employer make a habit of spending three times as
> much as necessary?  :-)  Just kidding...
>
> If that's the case, then go with the part numbers I gave you.  For the
sake
> of performance you'll want to go with the v.35 cables.
>
> John
>
> |  It's simple.  Cisco doesn't, to my knowledge,
> |  make a back to back cable.  I'm not allowed to
> |  order a third party cable.
> |  Ray M.
> |
> |  -Original Message-
> |  From: John Neiberger [mailto:[EMAIL PROTECTED]]
> |  Sent: Friday, April 13, 2001 4:42 PM
> |  To: [EMAIL PROTECTED]
> |  Cc: [EMAIL PROTECTED]
> |  Subject: Re: back to back cables [7:527]
> |
> |
> |  Do I even dare ask why you are allowed to use two regular cables but
not
> |  a back to back cable?
> |
> |  Hmm... while writing that I just thought of one good reason.  Whenever
> |  I order a back-to-back cable I usually get an RS-232 cable.  This would
> |  tend to limit the clock rate between the two routers.  If I needed a
> |  higher speed I'd have to find a V.35 back to back cable which seem to
be
> |  harder to find.
> |
> |  If you want V.35:
> |
> |  CAB-V35MT=
> |  CAB-V35FC=
> |
> |  If you want RS-232:
> |
> |  CAB-232MT=
> |  CAB-232FC=
> |
> |  HTH,
> |  John
> |
> |  >>> "Ray Mosely"  4/13/01 4:29:14 PM >>>
> |  I'm sorry to bring up this old old old
> |  thread, but I'm in a situation where I
> |  need a back to back cable for some 2501's,
> |  but I'm not allowed to use a back to back
> |  cable.
> |
> |  There are two bona fide Cisco cables which
> |  can be hooked together to make one back
> |  to back cable (at three times the price
> |  of a back to back).  Anybody know the
> |  part numbers of the Cisco cables?  It's
> |  for back to back on the WAN ports.
> |
> |  Thanks,
> |  Ray Mosely
> |  CCNA, MCSE
> |  FAQ, list archives, and subscription info:
> |  http://www.groupstudy.com/list/cisco.html
> |  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> |
> |
> |
> |
> |  FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> 

Re: Can you change Telnet's well known port? [7:717]

[Drew Simonis]

Fred Danson wrote:
> 
> Thanks for the info,
> 
> Does the telnet client that is built into Windows2000 Professional allow
> changing of the destination port? Could I just click start --> Run and type
> in telnet 63.1.1.1 :24 ??
> 


more like:

telnet 63.1.1.1 24

I use this all the time to read my mail on the server.  Its also
handy for such things as manually sending a mail message via SMTP 
and manually creating HTTP requests.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=729&t=717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: AppleTalk on Support exam [7:269]

[Timothy Metz]

Took CIT on Apr 3 2001 and only had one... thank goodness!

Tim

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> For those of you who have taken the Support exam recently, did you get any
> AppleTalk questions?
>
> The outline for the 640-506 Support exam still includes AppleTalk.
>
>
http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam
s/640-506.html
>
> The outline for the exam is a mess, though, so I'm not sure if I should
> believe it. The outline for the course does not include AppleTalk.
>
>
http://www.cisco.com/pcgi-bin/front.x/wwtraining/CELC/index.cgi?action=Cours
eDesc&COURSE_ID=1492
>
> THANKS
>
> Priscilla
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=730&t=269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: designing subnets with all ones/zeros.. [7:695]

[Brant I. Stevens]

EIGRP has no class either...  :)

David Chandler wrote:

> Chuck
>
> Thanks for the proof read  :>
>
> Bellow is the cisco page & part of the doc relating to zero subnets.
> To me it reads "don't; because we say so"
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdipadr.htm#xtocid105602
>
> ---
> Enabling Use of Subnet Zero
>
> Subnetting with a subnet address of zero is illegal and strongly
discouraged
> (as
> stated in RFC 791) because of the confusion that can arise between a
network
> and
> a
> subnet that have the same addresses. For example, if network 131.108.0.0 is
> subnetted as 255.255.255.0, subnet zero would be written as
> 131.108.0.0which is
>
> identical to the network address.
>
> You can use the all zeros and all ones subnet (131.108.255.0), even though
> it is
> discouraged. Configuring interfaces for the all ones subnet is explicitly
> allowed.
> However, if you need the entire subnet space for your IP address, use the
> following command in global configuration mode to enable subnet zero:
> ---
>
> You mentioned that Windows is not rfc1812 compiant and that it allows wacky
> subnets and disallows some valid subnets.  Was that trial & error or has
> microsoft documented this? I hate spending an hour looking for a document
> that
> is not there...
>
> Thanks
>
> DaveC
>
> Chuck Larrieu wrote:
>
> > Comments within:
> >
> > -Original Message-
> > From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > David Chandler
> > Sent:   Saturday, April 14, 2001 11:25 PM
> > To: [EMAIL PROTECTED]
> > Subject:designing subnets with all ones/zeros.. [7:695]
> >
> > I have two questions regarding using the all ones and/or the all zeros
> > subnet.
> >
> > Recently one of my co-workers started studying for CCNA and while
> > reviewing subnets he kept telling me that you could not use the all zero
> > or all ones subnet.
> >
> > CL:  classically speaking this is true. Early implementations, etc. these
> > days this is no longer the case
> >
> > The Win95, NT, and LINUX hosts didn't have a
> > problem with it nor did the routers.
> >
> > CL: a long time ago on this list we had a discussion of wacky subnet
masks.
> > In the course of researching this, I found that the windows IP stack was
> not
> > rfc 1812 compliant in that it allowed discontiguous / wacky / non
> contiguous
> > ones subnet masks, and that windows also categorically denied use of
> certain
> > legitimate ip addresses. Such as 172.16.1.255/16  I believe that this is
> > corrected in Win2K
> >
> >  I tested it with RIP & EIGRP.
> > (skipped OSPF since it is classful).
> >
> > CL: I believe you meant to say "classless" ;->
> >
> > I found that Cisco and others vendors agree that it will work, but they
> > "Strongly discourage using the all ones or all zeros subnets"
> >
> > CL: where did you find language about "strongly discourage"?
> >
> > PS: if some of you try testing this; note that prior to 12.1 you'll need
> > to enter
> > (config)# ip zero-subnet
> > before the router will accept a zero subnet on a interface. Starting in
> > 12.1 the zero subnet is enabled by default.
> >
> > CL: ip subnet-zero
> >
> > Question #1: What type problems could you run into by using a all
> > ones/zero subnet.
> >
> > CL: issues with older equipment / obsolete equipment / old OS versions
> >
> > Question #2: For you folks that are in design; Do you follow or
> > ignore the "DO NOT USE ALL ONES/ZEROS" rule?
> >
> > CL: use both all the time. Of course I sell new Cisco equipment, so there
> is
> > no issue with most customers. Or I sell EIGRP or OSPF designs. Same
thing.
> > ;->
> >
> > I'm trying to get a real world idea of what the standard practice is.
> > I work at a large corp, so I haven't a clue what sane people do.
> >
> > CL: so do I and neither do I.
> >
> > DaveC
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of bistevens.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=731&t=695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Apology [7:732]

[Dale Frohman]

I apoogize for the multiple posts on my ospf question.

dale




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=732&t=732
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Commands [7:734]

[Hunt Lee]

Thanks for the explanation guys  :)  Just one more quick question, on the
"show ip bgp",
are the best routes indicated by an > or an *?

Regards,
Hunt Lee
 

Howard C. Berkowitz wrote:

> >Can anyone please explain to me what is the difference between the
> >command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"?
> >I have read the BSCN book between page 348 and 352 many times, but I'm
> >still very confused.  The book said "show ip bgp" displays BGP routing
> >table?? But I thought that should be "show ip route bgp".  Please help.
> >
> >Regards,
> >Hunt Lee
> >IP Solution Analyst
> >Cable and Wireless
>
> You are dealing with two tables, at the very least.  Some are
> conceptual or stored as part of other tables.  Let me work through
> the flow.
>
> Incoming BGP updates, before filtering, go into the Adj-RIB-In
>
> After filtering, which is primarily on a per-peer basis, the
> remaining updates go into a BGP-only table called the Loc-RIB.  This
> table contains all the BGP potential routes that passed acceptance
> filtering, and is router-wide.  It also indicates which are the
> "best" BGP routes to a given destingation.
>
> "show ip bgp" displays the Loc-RIB.
>
> Next, all "best" routes from the Loc-RIB are sent to the main IP
> routing table, where they compete with potential routes from all
> other sources. "show ip route" shows the active routes to all
> destinations.  "show ip route bgp" shows the subset of those routes
> that was learned from BGP.
>
> An example:
>
>   BGP has two routes to 172.16.1.0/24 and to 172.16.2.0/24.
>   It picks a best route to each. Let's say that has a next hop of
> 192.168.1.1
>   Show ip bgp would show all four, with an asterisk on the two best.
>
> The two 172.16.1.0/24 and 172.16.2.0/24 routes, with a next hop of
> 192.168.1.1,
> are sent to the main routing table installation process.
>
> Assume that the router also has a static route with administrative
> distance 1 to 172.16.2.0/24. That has equal specificity to the second
> BGP route, but the administrative distance is more preferred.
>
> When you do a "show ip route", you will see routes to both
> destination, but with a static source to 172.16.2.0 and a BGP source
> for 172.16.1.0.
>
> If you do a "show ip route bgp", you will only see the route to
> 172.16.1.0, because that is the only active route with a BGP source.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=734&t=734
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Packet retransmission [7:662]

[Priscilla Oppenheimer]

At 04:04 PM 4/15/01, you wrote:
>Priscilla,
>
>With reference to the comment below:
>
>The cram
> > session has the usual misconceptions, such as claiming that SRB and SRT
are
> > in 802.5, which they aren't, and that HSRP is a routing protocol that is
> > standing by, (it's a router standing by), and AppleTalk is "chatty."
> >
>I have two questions:
>
>1) Has the SRB definition only recently moved to IEEE 802.1d?

SRB is documented in IBM's Token Ring Architecture Reference Manual. It's 
not in an IEEE document. When IBM brought the SRB specs to the IEEE, the 
IEEE said that SRB must fit with existing bridging standards, and IBM and 
IEEE jointly developed SRT and added it to 802.1D in the early 1990s.

One area of confusion is that SRT was designed mostly by people on the 
802.5 committee, including IBM engineers. Some preliminary documents said 
802.5 on them. But the intent was that it be part of 802.1D right from the 
beginning. (I was on the 802.5 committee for a short time in the early 
1990s and that's the impression I got anyway.) It's a picky thing, but I 
like to point it out in case someone actually wants to ready the 
specifications.

>  I do not
>have the very latest versions of both IEEE 802.5 and 802.1d but keep
>thinking (probably wrongly) that SRB is included in the former one. At
>least in previous published version I have got. I know the SRT is 802.1d
>but cannot find any indication in the standards and status reports on
>IEEE concerning SRB.
>
>2) I also though the AppleTalk is quite chatty. Chooser is given as a
>usual example for that. Or is it only when the Chooser window is left
>open unnecessarily?

Apple fixed the excessive traffic caused by leaving the Chooser open in 
1989. (System 7). It was only a lot of traffic if the user had also 
highlighted an object type (printer, server) and zone name. It was never 
really a serious problem. Usually the user didn't have those highlighted.

There are a couple legitimate reasons to call AppleTalk "chatty." The 
10-second timer for RTMP is awfully small. But the advantage to a small 
timer is quick convergence. Also, end stations learn very quickly who their 
new router is. There's no need for HSRP. The other case where AppleTalk is 
chatty is the AppleTalk Transaction Protocol (ATP) sends keepalives to the 
other side every 10 seconds.

But, AppleTalk does not advertise zones. (If you see that common 
misconception in a book, throw it out. ;-) The request to learn the zones 
associated with a network is a unicast frame. AppleTalk does not broadcast. 
It multicasts. A well-behaved NIC in a PC should not bother the PC CPU with 
AppleTalk multicasts.

I bristle when I see documents that are clearly oversimplified making the 
statement that AppleTalk is chatty. If you're just going to say a few 
things about AppleTalk, you could mention the good things: easy 
configuration, dynamic addressing, easy resource location, etc.

Priscilla


>Rita




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=735&t=662
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP Helper-address questions [7:247]

[Priscilla Oppenheimer]

At 01:52 PM 4/15/01, Michael Snyder wrote:
>I happen to be a ccnp and mcse.  I get how ip helper-address works.  Also
>work with microsoft dhcp servers.
>
>How do you setup a scope for a remote subnet, and how does the dhcp server
>know how to hand out the correct ip leases for a non-connected subnet?
>
>Does the dhcp server look at the source address of the interface of the
>forwarded helper-address packets?  Then match up the correct scope with the
>router interface ip address?

The source MAC address is the router's address (assuming the packet only 
went one hop), but the source IP address is 0.0.0.0, so that doesn't help.

What does help is that the DHCP packet has a GIAddr (Gateway IP Address) 
field. The router that forwards the packet puts its own address in that 
field. The router puts the address for the interface that the DHCP Discover 
packet came in on. The remote DHCP server can figure out which scope it's 
dealing with from that info. The GIAddr should be from the same subnet as 
the requesting host.

Priscilla





>""Jason J. Roysdon""  wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Here's a fun link explaining ip helper:
> > http://routergod.com/trinity/
> >
> > --
> > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> > List email: [EMAIL PROTECTED]
> > Homepage: http://jason.artoo.net/
> >
> >
> >
> > ""Muhammed Khalilullah""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Actually, the IP helper command is placed on the
> > > interface that is recieving the broadcasts. Now you
> > > have to decide which router is supposed to recieve the
> > > broadcasts. But in usual case, Clients usually try to
> > > communcate with the PDC for authentication and other
> > > stuffs. So, i think it would work to configure ip
> > > helper-address w.x.y.z on the ethernet interface of
> > > router 1 only (where w.x.y.z is the ip address of your
> > > PDC, but if you have multiple PDCs then you have to
> > > give the directed-broadcast address and also have to
> > > use ip directed-broadcast command).
> > >
> > > I hope this will work
> > >
> > > Muhammad Khalilullah
> > > CCNP, MCSE
> > >
> > > --- David Eitel  wrote:
> > > > I have two routers connected via  serial point to
> > > > point link. Router 1 has
> > > > an ethernet segment with PDC info I want forwarded
> > > > to Router 2 ethernet
> > > > segment. No ip directed broadcast is configured on
> > > > all interfaces. I want
> > > > netbios traffic passed from one segment to the
> > > > other. I have placed an IP
> > > > helper-address statement on the ethernet interface
> > > > needing the help. Do I
> > > > need to use the ip helper-address on all interfaces
> > > > to the source ip
> > > > helper-address? Is the ip forward-protocol also
> > > > necessary? Any advice would
> > > > be greatly appreciated
> > > >
> > > > David Eitel
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
> > > [EMAIL PROTECTED]
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Get email at your own domain with Yahoo! Mail.
> > > http://personal.mail.yahoo.com/
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=736&t=247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Packet retransmission [7:662]

[Chuck Larrieu]

I've heard the same said of IPX. Which leads to the obvious question - is IP
any less chatty than any other protocol? At least with IPX there is no need
for ARP because the station address and the MAC address are one in the same.

I believe that the designers of Microsoft networking were cognizant of the
broadcast issue, which is why there are such long periods in that protocol's
update cycle.

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Priscilla Oppenheimer
Sent:   Sunday, April 15, 2001 6:47 PM
To: [EMAIL PROTECTED]
Subject:Re: Packet retransmission [7:662]

At 04:04 PM 4/15/01, you wrote:
>Priscilla,
>
>With reference to the comment below:
>
>The cram
> > session has the usual misconceptions, such as claiming that SRB and SRT
are
> > in 802.5, which they aren't, and that HSRP is a routing protocol that is
> > standing by, (it's a router standing by), and AppleTalk is "chatty."
> >
>I have two questions:
>
>1) Has the SRB definition only recently moved to IEEE 802.1d?

SRB is documented in IBM's Token Ring Architecture Reference Manual. It's
not in an IEEE document. When IBM brought the SRB specs to the IEEE, the
IEEE said that SRB must fit with existing bridging standards, and IBM and
IEEE jointly developed SRT and added it to 802.1D in the early 1990s.

One area of confusion is that SRT was designed mostly by people on the
802.5 committee, including IBM engineers. Some preliminary documents said
802.5 on them. But the intent was that it be part of 802.1D right from the
beginning. (I was on the 802.5 committee for a short time in the early
1990s and that's the impression I got anyway.) It's a picky thing, but I
like to point it out in case someone actually wants to ready the
specifications.

>  I do not
>have the very latest versions of both IEEE 802.5 and 802.1d but keep
>thinking (probably wrongly) that SRB is included in the former one. At
>least in previous published version I have got. I know the SRT is 802.1d
>but cannot find any indication in the standards and status reports on
>IEEE concerning SRB.
>
>2) I also though the AppleTalk is quite chatty. Chooser is given as a
>usual example for that. Or is it only when the Chooser window is left
>open unnecessarily?

Apple fixed the excessive traffic caused by leaving the Chooser open in
1989. (System 7). It was only a lot of traffic if the user had also
highlighted an object type (printer, server) and zone name. It was never
really a serious problem. Usually the user didn't have those highlighted.

There are a couple legitimate reasons to call AppleTalk "chatty." The
10-second timer for RTMP is awfully small. But the advantage to a small
timer is quick convergence. Also, end stations learn very quickly who their
new router is. There's no need for HSRP. The other case where AppleTalk is
chatty is the AppleTalk Transaction Protocol (ATP) sends keepalives to the
other side every 10 seconds.

But, AppleTalk does not advertise zones. (If you see that common
misconception in a book, throw it out. ;-) The request to learn the zones
associated with a network is a unicast frame. AppleTalk does not broadcast.
It multicasts. A well-behaved NIC in a PC should not bother the PC CPU with
AppleTalk multicasts.

I bristle when I see documents that are clearly oversimplified making the
statement that AppleTalk is chatty. If you're just going to say a few
things about AppleTalk, you could mention the good things: easy
configuration, dynamic addressing, easy resource location, etc.

Priscilla


>Rita




Priscilla Oppenheimer
http://www.priscilla.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=737&t=662
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: designing subnets with all ones/zeros.. [7:695]

[Chuck Larrieu]

Wonder if that's part of the reason I didn't make it to day 2 ;->

I see the point of the article, but I still believe it is more of a
compatibility issue than anything else. Can't get into  the RFC server I
normally use to see if RFC 1812 ventures an opinion. CIDR probably figures
in here somewhere.

I know that throughout my practice for the lab that I have had situations
exactly as described in the link you provide. I don't recall problems, but
then the lab is not reality ;->

Chuck

-Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
David Chandler
Sent:   Sunday, April 15, 2001 12:42 PM
To: [EMAIL PROTECTED]
Subject:Re: designing subnets with all ones/zeros.. [7:695]

Chuck

Thanks for the proof read  :>

Bellow is the cisco page & part of the doc relating to zero subnets.
To me it reads "don't; because we say so"

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
/ipcprt1/1cdipadr.htm#xtocid105602

---
Enabling Use of Subnet Zero

Subnetting with a subnet address of zero is illegal and strongly discouraged
(as
stated in RFC 791) because of the confusion that can arise between a network
and
a
subnet that have the same addresses. For example, if network 131.108.0.0 is
subnetted as 255.255.255.0, subnet zero would be written as
131.108.0.0which is

identical to the network address.

You can use the all zeros and all ones subnet (131.108.255.0), even though
it is
discouraged. Configuring interfaces for the all ones subnet is explicitly
allowed.
However, if you need the entire subnet space for your IP address, use the
following command in global configuration mode to enable subnet zero:
---

You mentioned that Windows is not rfc1812 compiant and that it allows wacky
subnets and disallows some valid subnets.  Was that trial & error or has
microsoft documented this? I hate spending an hour looking for a document
that
is not there...

Thanks

DaveC


Chuck Larrieu wrote:

> Comments within:
>
> -Original Message-
> From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> David Chandler
> Sent:   Saturday, April 14, 2001 11:25 PM
> To: [EMAIL PROTECTED]
> Subject:designing subnets with all ones/zeros.. [7:695]
>
> I have two questions regarding using the all ones and/or the all zeros
> subnet.
>
> Recently one of my co-workers started studying for CCNA and while
> reviewing subnets he kept telling me that you could not use the all zero
> or all ones subnet.
>
> CL:  classically speaking this is true. Early implementations, etc. these
> days this is no longer the case
>
> The Win95, NT, and LINUX hosts didn't have a
> problem with it nor did the routers.
>
> CL: a long time ago on this list we had a discussion of wacky subnet
masks.
> In the course of researching this, I found that the windows IP stack was
not
> rfc 1812 compliant in that it allowed discontiguous / wacky / non
contiguous
> ones subnet masks, and that windows also categorically denied use of
certain
> legitimate ip addresses. Such as 172.16.1.255/16  I believe that this is
> corrected in Win2K
>
>  I tested it with RIP & EIGRP.
> (skipped OSPF since it is classful).
>
> CL: I believe you meant to say "classless" ;->
>
> I found that Cisco and others vendors agree that it will work, but they
> "Strongly discourage using the all ones or all zeros subnets"
>
> CL: where did you find language about "strongly discourage"?
>
> PS: if some of you try testing this; note that prior to 12.1 you'll need
> to enter
> (config)# ip zero-subnet
> before the router will accept a zero subnet on a interface. Starting in
> 12.1 the zero subnet is enabled by default.
>
> CL: ip subnet-zero
>
> Question #1: What type problems could you run into by using a all
> ones/zero subnet.
>
> CL: issues with older equipment / obsolete equipment / old OS versions
>
> Question #2: For you folks that are in design; Do you follow or
> ignore the "DO NOT USE ALL ONES/ZEROS" rule?
>
> CL: use both all the time. Of course I sell new Cisco equipment, so there
is
> no issue with most customers. Or I sell EIGRP or OSPF designs. Same thing.
> ;->
>
> I'm trying to get a real world idea of what the standard practice is.
> I work at a large corp, so I haven't a clue what sane people do.
>
> CL: so do I and neither do I.
>
> DaveC
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=738&t=695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Apology [7:732]

[Paul Borghese]

Dale,

No appology necessary.  Your mail bounced in the moderators queue because it
contained xxx.   My guess is I approved it twice by mistake.

Hey I am trying to get rid of the spam and I assumed XXX would be a good
keyword.

Take care,

Paul
- Original Message -
From: "Dale Frohman" 
To: 
Sent: Sunday, April 15, 2001 7:05 PM
Subject: Apology [7:732]


> I apoogize for the multiple posts on my ospf question.
>
> dale
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=733&t=732
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Choosing the right IOS Image [7:739]

[Roger Sohn]

Hi All,

Just wanted to hear what other people are using (or would recommend) for the
IOS images on their 2500 series routers with a typical 16MB DRAM/ 8MB Flash
setup.  

I remember hearing from Louie that he ran 12.09 Enterprise Plus IOS on all
of his 2500's with that 16/8 configuration.  There's a 12.7 version but it
won't fit on only 8MB of flash space.  Does this mean that I should I
consider upgrading to 16MB flash instead?

On another note, can anyone recommend a good reference for knowing which
type of IOS images to use?  Like how I can assess whether I would want to
use a Service Provider image rather than an Enterprise image, or an IP
Image, or maybe even an Enterprise/FW/IDS IPSEC image.  I'm trying to find
out more information on what requirements would prompt me to choose one over
the other.  

I've only been able to find a few docs on CCO and they haven't helped me
much.  

Any info is always appreciated!

Thanks,
Roger




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=739&t=739
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passing IPSEC packets on DSL [7:321]

[Ken Claussen]

version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Cisco1605
!
logging buffered 4096 debugging
logging rate-limit console 10 except errors
enable secret 5 **
!
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
!
!
!
interface Ethernet0
 description connected to EthernetLAN
 ip address 192.168.100.1 255.255.255.0 secondary
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 no cdp enable
!
interface Ethernet1
 description connected to Internet
 ip address dhcp
 ip nat outside
 no cdp enable
!
ip nat inside source list 101 interface Ethernet1 overload
ip nat inside source static tcp 192.168.100.11 53  53
ip nat inside source static udp 192.168.100.11 53  53

ip classless
no ip http server
!
logging trap debugging
logging facility local7
logging source-interface Ethernet0
logging 192.168.100.10
access-list 11 permit 192.168.100.0 0.0.0.255 log
access-list 11 permit 192.168.10.0 0.0.0.255 log
access-list 11 deny   any log
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
no cdp run
banner motd ^CCAuthorized Use Only!^C
!
line con 0
 exec-timeout 0 0
 password 7 ***
 login
 transport input none
line vty 0 4
 access-class 11 in
 exec-timeout 5 0
 password 7 **
 login
!
end

Cisco1605#

This is a basic config with two subnets behind it, primarily for managemnet
and education (Mine). I wanted to learn about VLANs and such on a manged
switch I had. It work equally well with only a single subnet. The Telnet
access lists are also very broad, this was for a lab so I gave any machine
on the private network access to the telnet line. It also has Port
redirection for DNS, thanks to Jason Roydson for that tidbit of info, a
useful and very poorly documented feature in the new IOSes.

Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible thing to Waste!"


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hire, Ejay
Sent: Thursday, April 12, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]


Is there any way to do NAT on a PIX or a Cisco router if you only have one
usable IP address?  I perused CCO, and the most minimalistic NAT/PAT config
I can find still requires 2 (1 interface, one global) addresses.  The
Linksys/Netgear jobbies do it with one IP.

i.e.

ISP - ISP router Ethernet (216.142.0.1 255.255.255.252) - (216.142.0.2
255.255.255.252) Router - Internal network.


-Original Message-
From: Elijah Savage [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 12, 2001 9:47 AM
To: [EMAIL PROTECTED]
Subject: RE: Passing IPSEC packets on DSL [7:321]


Yeah his comment makes me curious as to what these DSL router
manufacturers have done to make it work. Surely if someone like netgear
can make it work Cisco can.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 12, 2001 9:08 AM
To: [EMAIL PROTECTED]
Subject: Re: Passing IPSEC packets on dsl [7:321]

Are you sure- my PIX 506 does it with no problem ???

- Original Message -
From: Charles Manafa 
To: 
Sent: Thursday, April 12, 2001 8:37 AM
Subject: RE: Passing IPSEC packets on dsl [7:321]


> VPN does not work when IPSEC packets are NAT'd. One of the reasons why
this
> doesn't work is that packet authentication will fail when the packet
is
> NAT'd - the calculated hash will not match after NAT has been applied.
>
> Charles
>
> -Original Message-
> From: Elijah Savage
> To: [EMAIL PROTECTED]
> Sent: 12/04/01 12:11
> Subject: Passing IPSEC packets on dsl [7:321]
>
> All,
>
> I purchased a 1605 from eBay for my home lab. I decided to play with
it
> a bit on my DSL circuit. I am using NAT on this router, and everything
> works fine except that now I can't vpn from the inside. Example,
trying
> to establish a vpn connection from a client on my local network in to
> our vpn router at my place of employment. Of course with the netgear
dsl
> router it passes those ipsec packets. I was wondering if anyone has
> tried this before and been able to make this happen.
>
> Thanks in advance.
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROT

RE: Choosing the right IOS Image [7:739]

[Raul F. Fernandez]

Roger,

I ran into the same problem you had. You want to run enterprise images with
all the bells and whistles and be 12.0 ver.

The only wy was for me to up grade all of my routers to 16 meg flash. Yes a
bit costly but in the end to be able

to get things done well in a home lab is to have an IOS that have the
multifuntionality that will be found on those routers

which you will be tested on. The 11.1 enterprise image will run on 8 megs of
flash. also the enterprise plus in 11.2 will

also run on 8 megs of flash.

Raul

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Roger Sohn
Sent: Sunday, April 15, 2001 11:31 PM
To: [EMAIL PROTECTED]
Subject: Choosing the right IOS Image [7:739]


Hi All,

Just wanted to hear what other people are using (or would recommend) for the
IOS images on their 2500 series routers with a typical 16MB DRAM/ 8MB Flash
setup.

I remember hearing from Louie that he ran 12.09 Enterprise Plus IOS on all
of his 2500's with that 16/8 configuration.  There's a 12.7 version but it
won't fit on only 8MB of flash space.  Does this mean that I should I
consider upgrading to 16MB flash instead?

On another note, can anyone recommend a good reference for knowing which
type of IOS images to use?  Like how I can assess whether I would want to
use a Service Provider image rather than an Enterprise image, or an IP
Image, or maybe even an Enterprise/FW/IDS IPSEC image.  I'm trying to find
out more information on what requirements would prompt me to choose one over
the other.

I've only been able to find a few docs on CCO and they haven't helped me
much.

Any info is always appreciated!

Thanks,
Roger
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=741&t=739
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: designing subnets with all ones/zeros.. [7:695]

[Howard C. Berkowitz]

That Cisco page is extremely dated information, and actually not 
quite right -- RFC 791 is, indeed, the primary IPv4 specification, 
although the IP address format was originally defined in RFC 760. 
Neither one of these, however, discusses subnetting, which was 
introduced later in RFC 950.  RFC 760 simply assumed a fixed 8-bit 
network and 24-bit host field, while RFC 791 introduced classes A/B/C.


>Wonder if that's part of the reason I didn't make it to day 2 ;->
>
>I see the point of the article, but I still believe it is more of a
>compatibility issue than anything else. Can't get into  the RFC server I
>normally use to see if RFC 1812 ventures an opinion. CIDR probably figures
>in here somewhere.

CIDR actually is in a set of RFCs, about 1518-1520.

Without having it in front of me, 1812 specifically says the all 
zeroes and all ones subnets are legal, but they can be ambiguous in a 
classful environment.  Their use is quite routine in a classless 
environment, such as an ISP--I frequently use them in addressing 
plans and have no problems with modern routing.  It's been quite a 
while since I worked in anything with classful addressing.

>
>I know that throughout my practice for the lab that I have had situations
>exactly as described in the link you provide. I don't recall problems, but
>then the lab is not reality ;->
>
>Chuck
>
>-Original Message-
>From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>David Chandler
>Sent:  Sunday, April 15, 2001 12:42 PM
>To:[EMAIL PROTECTED]
>Subject:   Re: designing subnets with all ones/zeros.. [7:695]
>
>Chuck
>
>Thanks for the proof read  :>
>
>Bellow is the cisco page & part of the doc relating to zero subnets.
>To me it reads "don't; because we say so"
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
>/ipcprt1/1cdipadr.htm#xtocid105602
>
>---
>Enabling Use of Subnet Zero
>
>Subnetting with a subnet address of zero is illegal and strongly discouraged
>(as
>stated in RFC 791) because of the confusion that can arise between a network
>and
>a
>subnet that have the same addresses. For example, if network 131.108.0.0 is
>subnetted as 255.255.255.0, subnet zero would be written as
>131.108.0.0which is
>
>identical to the network address.
>
>You can use the all zeros and all ones subnet (131.108.255.0), even though
>it is
>discouraged. Configuring interfaces for the all ones subnet is explicitly
>allowed.
>However, if you need the entire subnet space for your IP address, use the
>following command in global configuration mode to enable subnet zero:
>---
>
>You mentioned that Windows is not rfc1812 compiant and that it allows wacky
>subnets and disallows some valid subnets.  Was that trial & error or has
>microsoft documented this? I hate spending an hour looking for a document
>that
>is not there...
>
>Thanks
>
>DaveC
>
>
>Chuck Larrieu wrote:
>
>>  Comments within:
>>
>>  -Original Message-
>>  From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>>  David Chandler
>>  Sent:   Saturday, April 14, 2001 11:25 PM
>>  To: [EMAIL PROTECTED]
>>  Subject:designing subnets with all ones/zeros.. [7:695]
>>
>>  I have two questions regarding using the all ones and/or the all zeros
>>  subnet.
>>
>>  Recently one of my co-workers started studying for CCNA and while
>>  reviewing subnets he kept telling me that you could not use the all zero
>>  or all ones subnet.
>>
>>  CL:  classically speaking this is true. Early implementations, etc. these
>>  days this is no longer the case
>>
>>  The Win95, NT, and LINUX hosts didn't have a
>>  problem with it nor did the routers.
>>
>>  CL: a long time ago on this list we had a discussion of wacky subnet
>masks.
>>  In the course of researching this, I found that the windows IP stack was
>not
>>  rfc 1812 compliant in that it allowed discontiguous / wacky / non
>contiguous
>>  ones subnet masks, and that windows also categorically denied use of
>certain
>>  legitimate ip addresses. Such as 172.16.1.255/16  I believe that this is
>  > corrected in Win2K
>>
>>   I tested it with RIP & EIGRP.
>>  (skipped OSPF since it is classful).
>>
>>  CL: I believe you meant to say "classless" ;->
>>
>>  I found that Cisco and others vendors agree that it will work, but they
>>  "Strongly discourage using the all ones or all zeros subnets"
>>
>>  CL: where did you find language about "strongly discourage"?
>>
>>  PS: if some of you try testing this; note that prior to 12.1 you'll need
>>  to enter
>>  (config)# ip zero-subnet
>>  before the router will accept a zero subnet on a interface. Starting in
>>  12.1 the zero subnet is enabled by default.
>>
>>  CL: ip subnet-zero
>>
>>  Question #1: What type problems could you run into by using a all
>>  ones/zero subnet.
>>
>>  CL: issues with older equipment / obsolete equipment / old OS versions
>>
>>  Question #2: For you folks that are in design; Do you

Re: BGP Commands [7:734]

[Tolanid]

Hunt,

When you do the show ip bgp command - it  shows you a lot of information on
the top (status codes, origin code etc etc...).  The status code "*"
indicates that it is one of the valid paths and ">" indicates that it is the
best path.  Hope this helps.

Also,  I found a lot of excellent information on BGP that I recommend to
everyone I know (besides Halabi's book).Here is the link for that
information
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm.  Check it
out,  it starts with basics and gives you good information on BGP along with
the configuration.

Take care

Raj  :)

"Hunt Lee"  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks for the explanation guys  :)  Just one more quick question, on the
> "show ip bgp",
> are the best routes indicated by an > or an *?
>
> Regards,
> Hunt Lee
>
>
> Howard C. Berkowitz wrote:
>
> > >Can anyone please explain to me what is the difference between the
> > >command "show ip bgp" (or show ip bgp summary) and "show ip route bgp"?
> > >I have read the BSCN book between page 348 and 352 many times, but I'm
> > >still very confused.  The book said "show ip bgp" displays BGP routing
> > >table?? But I thought that should be "show ip route bgp".  Please help.
> > >
> > >Regards,
> > >Hunt Lee
> > >IP Solution Analyst
> > >Cable and Wireless
> >
> > You are dealing with two tables, at the very least.  Some are
> > conceptual or stored as part of other tables.  Let me work through
> > the flow.
> >
> > Incoming BGP updates, before filtering, go into the Adj-RIB-In
> >
> > After filtering, which is primarily on a per-peer basis, the
> > remaining updates go into a BGP-only table called the Loc-RIB.  This
> > table contains all the BGP potential routes that passed acceptance
> > filtering, and is router-wide.  It also indicates which are the
> > "best" BGP routes to a given destingation.
> >
> > "show ip bgp" displays the Loc-RIB.
> >
> > Next, all "best" routes from the Loc-RIB are sent to the main IP
> > routing table, where they compete with potential routes from all
> > other sources. "show ip route" shows the active routes to all
> > destinations.  "show ip route bgp" shows the subset of those routes
> > that was learned from BGP.
> >
> > An example:
> >
> >   BGP has two routes to 172.16.1.0/24 and to 172.16.2.0/24.
> >   It picks a best route to each. Let's say that has a next hop of
> > 192.168.1.1
> >   Show ip bgp would show all four, with an asterisk on the two best.
> >
> > The two 172.16.1.0/24 and 172.16.2.0/24 routes, with a next hop of
> > 192.168.1.1,
> > are sent to the main routing table installation process.
> >
> > Assume that the router also has a static route with administrative
> > distance 1 to 172.16.2.0/24. That has equal specificity to the second
> > BGP route, but the administrative distance is more preferred.
> >
> > When you do a "show ip route", you will see routes to both
> > destination, but with a static source to 172.16.2.0 and a BGP source
> > for 172.16.1.0.
> >
> > If you do a "show ip route bgp", you will only see the route to
> > 172.16.1.0, because that is the only active route with a BGP source.
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=743&t=734
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Written [7:639]

[Ping]

the best track to follow is pick a subject and read

http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html

...you might think you know some topics but you will be surprised ...i
speak for myself..example the datalink layer...oh my

this is  what i used to study and pass the written  ..there is not a
single book for this i read many
acrc
routers briges for ccie ( very good book
all in one ccie  study guide (too deep but there were some stuff in here
that helped me)
cybex ccie  (i thought this was a good book)
ccie fundamentals network desing case studies  (picked some sections in
this book did not read it all )
cybex CCNP (sucks)
internet architedture ..halabi  (this is a wonderful book i enjoyed
reading this one read many times and )
 
 

SH Wesson wrote:

  Can anyone give some advice as to what is the best book to use for
  the CCIE
  written.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=744&t=639
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passing IPSEC packets on DSL [7:321]

[Jason J. Roysdon]

While we're posting configs, I figure I might as well share my latest for an
827 that's temporarily taking the place of my 1605R (the 827 is awaiting
install, but works great and seems to have much less latency than going
through the usual Alcatel ADSL modem and then to 1605R ethernet).  Plus, the
827 just has more flash and dram out of the box plus a faster processor
(24mb DRAM/8mb Flash/MPC855T CPU) than the 1605R (8mb DRAM/4mb Flash/68360
CPU).  Downside is the 827 is ADSL only, so if I ever wanted to switch to
cablemodem when AT&T rolls out fiber I'll be able to just switch over as
it's just ethernet on the other side of the cable modem (they bought our
local cable office this month).  Plus the 1605R has a WIC slot that I use
for T1 labs.

Ok, on with the configs.  Most of the public/private numbers have been
changed to protect me and/or the networks I have access to, but you should
be able to read through and get a good handle on a lot of what I've got it
doing.  I'm currently running c820-k2nosv6y6-mz.121-5.YB.bin, which I
believe is an IP Plus FW IPSEC 3DES version.  Speaking of which, a lot of
the IPSEC stuff is far from the best config.  I've been learning a lot more
on the subject and need to go through and get things up to speed (and using
3DES).

falcon-827-4v#show config
Using 7284 out of 131072 bytes, uncompressed size = 16771 bytes
Uncompressed configuration from 7284 bytes to 16771 bytes
!
! Last configuration change at 10:32:02 PDT Sat Apr 14 2001 by jroysdon
! NVRAM config last updated at 11:37:46 PDT Sat Apr 14 2001 by jroysdon
!
version 12.1
no service single-slot-reload-enable
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
no service dhcp
!
hostname falcon-827-4v
!
boot system flash
logging buffered 4096 informational
logging rate-limit console 10 except errors
logging console informational
aaa new-model
enable secret []
!
username [] password []
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip finger
ip domain-name artoo.net
ip name-server 192.168.255.14
ip dhcp excluded-address 192.168.255.254
ip dhcp excluded-address 192.168.255.1 192.168.255.20
ip dhcp ping timeout 2000
!
ip dhcp pool default
   network 192.168.255.0 255.255.255.0
   default-router 192.168.255.254
   dns-server 192.168.255.14 206.13.28.12 206.13.31.12 63.172.195.4
206.13.30.12 206.13.29.12
   domain-name internal.artoo.net
   netbios-node-type h-node
   netbios-name-server 63.172.195.4 63.172.195.4
   lease 7
!
ip dhcp pool han-kingston
   host 192.168.255.10 255.255.255.0
   client-identifier 0100.c0f0.3e23.91
   client-name han
!
ip dhcp pool han-cisco-pcm340
   host 192.168.255.11 255.255.255.0
   client-identifier 0100.4096.324a.ac
   client-name han
!
ip dhcp pool leia
   host 192.168.255.12 255.255.255.0
   client-identifier 0100.50da.c4a6.03
   client-name leia
!
ip dhcp pool c3p0-linux
   host 192.168.255.14 255.255.255.0
   client-identifier 0100.c0f0.597c.77
   client-name c3p0
!
ip dhcp pool cisco-ap340
   host 192.168.255.17 255.255.255.0
   client-identifier 0100.4096.3508.f0
   client-name slave1
!
ip dhcp pool goldenrod-linux
   host 192.168.255.18 255.255.255.0
   client-identifier 0100.20af.0be4.8e
   client-name goldenrod
!
ip dhcp pool jason-avvid
   host 192.168.255.20 255.255.255.0
   client-identifier 0100.03e3.a520.9b
   client-name jason
   dns-server 192.168.255.14 63.172.195.4
   domain-name avvid.internal.artoo.net
!
ip dhcp pool noah-avvid
   host 192.168.255.22 255.255.255.0
   client-identifier 0100.03e3.a521.df
   client-name noah
   dns-server 192.168.255.14 63.172.195.4
   domain-name avvid.internal.artoo.net
!
ip dhcp pool emily-avvid
   host 192.168.255.21 255.255.255.0
   client-identifier 0100.03e3.a51d.79
   client-name emily
   dns-server 192.168.255.14 63.172.195.4
   domain-name avvid.internal.artoo.net
!
ip dhcp pool anakin
   host 192.168.255.13 255.255.255.0
   client-identifier 0100.c0f0.3d0d.0a
   client-name anakin
!
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name FireWallInt tcp
ip inspect name FireWallInt udp
ip inspect name FireWallInt cuseeme
ip inspect name FireWallInt ftp
ip inspect name FireWallInt h323
ip inspect name FireWallInt rcmd
ip inspect name FireWallInt realaudio
ip inspect name FireWallInt streamworks
ip inspect name FireWallInt vdolive
ip inspect name FireWallInt sqlnet
ip inspect name FireWallInt tftp
no ip dhcp-client network-discovery
call rsvp-sync
!
!
!
!
!
!
!
crypto isakmp policy 5
 authentication pre-share
!
crypto isakmp policy 6
 hash md5
 authentication pre-share
crypto isakmp key [] address 63.1.1.1
crypto isakmp key [] address 63.2.2.2
crypto isakmp key [] address 63.3.3.3
crypto isakmp key [] address 63.4.4.4
crypto isakmp key [] address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-po

aux port call backup [7:746]

[Ravi Kumar]

hi techs

i got a small problem at my client place

i have isdn connection between my client's head office and factory through
2610 routers (through isdn bri card). configuration is through. every thing
working fine. i draw a separate cable from NT1 second port and connected to
head office router aux port through TA (terminal adapater). aux port
configuration is through.

I am able to dial from my office win-NT RAS srever (through PSTN line) to
client head office 2610 router through aux port. connection is through
working
fine. then, i configured my client head office 2610 router aux port for call
back to my NT server. but it is not working. when i dial from my nt server to
aux port of 2610 router, connection is through, router is responding and
terminating the call to call back. then it is giving error message like no
interface available to call back. timed out.

any suggestions pls.

bye
ravee



Get free email and a permanent address at http://www.netaddress.com/?N=1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=746&t=746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NLSP (Novell Netware) [7:314]

[EA Louie]

well Aaron, it has something to do with something Cisco calls 'throughput'.
I don't know how they determint throughput - perhaps by the 5 minute average
load on the interface.

-e-

- Original Message -
From: "[EMAIL PROTECTED] (Aaron)" 
To: 
Sent: Sunday, April 15, 2001 4:33 AM
Subject: Re: NLSP (Novell Netware) [7:314]


> [EMAIL PROTECTED] ("EA Louie") wrote in
> :
>
> >read (watch the wrap)
> >http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cipx
> >.ht m
> >
> >I don't think they've changed the cost 'calculation' since IOS 11.0.
> >It's not so much a calculation as it is an assigned value that you can
> >change arbitrarily, so it doesn't do the 100,000,000/(interface
> >bandwidth) calculation that OSPF performs.
> >
> >-e-
> >- Original Message -
> >From: "[EMAIL PROTECTED] (Aaron)"
> >To:
> >Sent: Thursday, April 12, 2001 1:47 AM
> >Subject: NLSP (Novell Netware) [7:314]
> >
> >
> >> Hi all,
> >> I have a question about the NLSP, which is the routing protocol used
> >> for Novell Netware Protocol stack. How does it calculate the "cost",
> >> and does it like the OSPF's metric: 10(8)/BW.
> >>
> >> Thank you very much!
> >>
> >> Aaron.z
> >> FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html Report misconduct and
> >Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> Thank you but it realy can be setted automatically on the interface. How
> does the router do it.
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=747&t=314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how to check statistics on a single nat entry [7:748]

[Baety Wayne A1C 18 CS/SCBX]

Well,

   Since ip nat is accomplished through the use of access lists,
you can log the rule hits/misses or view the statics on the number of
matches with the _show access-lists_.  Logging can be used to analyze
traffic going through your access lists (and thus, nat'ed) so that you can
obtain more specific information.  I wouldn't recommend logging all your
filters, but picking one that you are curious about and logging that. I
don't believe there is an IOS command to show the statistics of a particular
rule beyond the amount of times it was matched.

Since 11.3 logging can be used with standard access lists as well
as extended access lists.

Example:

(1)
addresses you: _access-list 1 permit 192.168.100.0 0.0.0.255 log_
want nat'ed

(2)
addresses to : _ip nat pool nsub100 1.1.1.2 1.1.1.254 prefix 24_
which you nat

(3)
linking the  : _ip nat inside source list 1 pool nsub100_
two together

(3) Translates packets from interfaces marked as inside (inside initiates
the NAT translation) that match rule (1), their respective ip source
address, to a random address (one that is available) in the range specified
in (2)

(3) Also works in the opposite direction. It translates packets from
interfaces marked as outside, their respective ip destination address that
fits in the range specified in (2), and that was setup as a translation as
outlined above, until the NAT translation timeout timer expires.  This part
is first routed and then NATed. Which means, if the destination address
isn't configured on an interface on the router, it will be looked up in the
routing table and will bypass NAT entirely.  If the destination address is
configured on an interface it will then be passed to the NAT engine for
processing. This "feature" could be exploited (i mean used) to offload NAT
processing to multiple routers (by dividing (2) into subnets and using a
routing process).

In either case, coming in or going out, permitted or denied the results are
logged (and sent to the console)

>From EXEC mode:

_show access-lists 1_

OUTPUT:
access-list 1 permit 192.168.100.0 0.0.0.255 log (3 matches)
 
This will show you the configured access rules for 1 and the number
of times each rule was matched (rudimentary statistics) with
logging information going to the console (more elaborate statistics).

I hope I've answered your question, and perhaps enlightened you on the
innerworkings of NAT a little bit more ;-)

(Of course you will need the requisite IOS feature pack loaded for any of
this to work)

ciao

Wayne A. Baety, A1C, USAF, MCSE
Network Operations Support, Kadena AB
[EMAIL PROTECTED]



-Original Message-
From: Adam Wang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 21, 2001 7:20 AM
To: [EMAIL PROTECTED]
Subject: how to check statistics on a single nat entry


Hi group

How would I check statistics on a single nat entry
show ip nat statistics will give me the whole picture,
not individual entries.

Thanks

Adam




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=748&t=748
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: back to back cables [7:527]

[John Neiberger]

Sorry to give you so much flack.As I mentioned in my first reply, the
part numbers you need are:

CAB-V35MT=
CAB-V35FC=

If you'd like, I could buy them for you and jack up the price.  Then you
could pay me $75 per cable and I'd make $30 or $40 on the deal.  :-)

Sorry, I couldn't resist.

Regards,
John


|  >
|  > Unless someone has the part number for an actual
|  > Cisco back to back cable, which is all that I asked
|  > for in the first place, I would like to see
|  > this thread buried.
|  >
|  > Thanks to everyone for their advice,
|  > Ray Mosely
|  > CCNA, MCSE
|  >
|  > -Original Message-
|  > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
|  > John Neiberger
|  > Sent: Sunday, April 15, 2001 2:06 AM
|  > To: [EMAIL PROTECTED]
|  > Subject: RE: back to back cables [7:527]
|  >
|  >
|  > Wow, why not?  Does your employer make a habit of spending three times
as
|  > much as necessary?  :-)  Just kidding...
|  >
|  > If that's the case, then go with the part numbers I gave you.  For the
|  sake
|  > of performance you'll want to go with the v.35 cables.
|  >
|  > John
|  >
|  > |  It's simple.  Cisco doesn't, to my knowledge,
|  > |  make a back to back cable.  I'm not allowed to
|  > |  order a third party cable.
|  > |  Ray M.
|  > |
|  > |  -Original Message-
|  > |  From: John Neiberger [mailto:[EMAIL PROTECTED]]
|  > |  Sent: Friday, April 13, 2001 4:42 PM
|  > |  To: [EMAIL PROTECTED]
|  > |  Cc: [EMAIL PROTECTED]
|  > |  Subject: Re: back to back cables [7:527]
|  > |
|  > |
|  > |  Do I even dare ask why you are allowed to use two regular cables but
|  not
|  > |  a back to back cable?
|  > |
|  > |  Hmm... while writing that I just thought of one good reason. 
Whenever
|  > |  I order a back-to-back cable I usually get an RS-232 cable.  This
would
|  > |  tend to limit the clock rate between the two routers.  If I needed a
|  > |  higher speed I'd have to find a V.35 back to back cable which seem
to
|  be
|  > |  harder to find.
|  > |
|  > |  If you want V.35:
|  > |
|  > |  CAB-V35MT=
|  > |  CAB-V35FC=
|  > |
|  > |  If you want RS-232:
|  > |
|  > |  CAB-232MT=
|  > |  CAB-232FC=
|  > |
|  > |  HTH,
|  > |  John
|  > |
|  > |  >>> "Ray Mosely"  4/13/01 4:29:14 PM >>>
|  > |  I'm sorry to bring up this old old old
|  > |  thread, but I'm in a situation where I
|  > |  need a back to back cable for some 2501's,
|  > |  but I'm not allowed to use a back to back
|  > |  cable.
|  > |
|  > |  There are two bona fide Cisco cables which
|  > |  can be hooked together to make one back
|  > |  to back cable (at three times the price
|  > |  of a back to back).  Anybody know the
|  > |  part numbers of the Cisco cables?  It's
|  > |  for back to back on the WAN ports.
|  > |
|  > |  Thanks,
|  > |  Ray Mosely
|  > |  CCNA, MCSE
|  > |  FAQ, list archives, and subscription info:
|  > |  http://www.groupstudy.com/list/cisco.html
|  > |  Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
|  > |
|  > |
|  > |
|  > |
|  > |  FAQ, list archives, and subscription info:
|  > http://www.groupstudy.com/list/cisco.html
|  > |  Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
|  >
|  >
|  >
|  >
|  >
|  > ___
|  > Send a cool gift with your E-Card
|  > http://www.bluemountain.com/giftcenter/
|  > FAQ, list archives, and subscription info:
|  > http://www.groupstudy.com/list/cisco.html
|  > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
|  > FAQ, list archives, and subscription info:
|  http://www.groupstudy.com/list/cisco.html
|  > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
|  
|  
|  
|  
|  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
|  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]





___
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=749&t=527
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help! Cisco Internetworking Design test?? [7:682]

[Robert Padjen]

HEY!!!

Todd may have his name on the cover and the series,
but I did have a little something to do with the Sybex
CID book!!! Like writing 13 chapters! Thanks for the
complements, although I strongly recommend that
readers review the Cisco Web site for the StrataCom
material.

If the beta is an indication, the new test will be as
bad as the one it replaces. While I passed (I don't
know the numbers), I also wrote seven pages worth of
comments on the test and likely screamed twice. It is
unfortunate that Cisco cannot improve upon this test.

We are currently discussing a second edition for CID,
although it seems that either frustration with the
exam or lack of interest is impacting the number of
canidates. We've enjoyed solid sales thus far, but the
number of CCDPs is still VERY low relative to the
other certs. Surprises me a great deal - but I've
always enjoyed design.


--- "Sean C."  wrote:
> Hi Andy,
> 
> Took the CID last week and passed - 2nd attempt. 
> The horror stories you
> have read about this test are true.
> 
> The questions have misspellings (VALN instead of
> VLAN), some answers are
> written twice, one question address had a third
> octet of .286., etc. Couple
> this with the limited study material available and I
> think it would be wise
> to wait for the CID 4.0, when, hopefully, there will
> be more study material
> available.
> 
> I used the CiscoPress book and the Boson #1 test. 
> The Lammle book you own
> has the best section on StrataCom - the questions I
> had were could all be
> answered from Lammle's book.
> 
> I agree with the general concensus:  CiscoPress
> covers 50%, Lammle covers
> 50% between them you will know about 75% of the
> test.
> 
> Good luck,
> Sean
> 
> CCNP, CCDP, MCSE
> 
> 
> ""AndyD""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Can anyone give me any advice in how to prepare
> for the CID test?  I've
> > heard nothing but horror stories on the poor
> quality of the test, vague
> > questions,  poorly worded questions, etc.  I've
> got Todd Laemmle's book,
> but
> > it seems pretty superficial.  I've got a Boson
> practice test, but it's all
> > over the map.  Could someone who has taken the
> test give me some
> > recommendations please?
> >
> >  Thanks,
> >
> > AD
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Robert Padjen

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=750&t=682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Optical Qualification Beta (Exam 351-020) [7:714]

[Lance Hubbard]

I have heard from an inside source that much of the further development
on the optical product lines will cease as part of the bleeding out due
to Cisco's budget cuts.

Lance

>From: "Scott Jensen" >Reply-To: "Scott Jensen" >To: [EMAIL PROTECTED]
>Subject: CCIE Optical Qualification Beta (Exam 351-020) [7:714] >Date:
Sun, 15 Apr 2001 12:13:36 -0400 > >Hello Everybody! > >I was just curious
if anyone has scheduled to sit in on the CCIE Optical >Beta? >
>http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew.html >
>I see the beta is only US$50. After reviewing the CCIE Blueprint, does
>anyone have any thoughts on how difficult the exam may be? > >I see the
Blueprint lists the Cisco ONS 15900, but I believe I saw a press >release
that this product has been discontinued? Can anyone verify this? >
>Thanks In Advance! > >Happy Easter! > > >Scott > > > > >Message Posted
at: >http://www.groupstudy.com/form/read.php?f=7&i=714&t=714
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=751&t=714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Autonomous System number [7:752]

[Thomas]

Hi All - In the real world, how should I obtain an "autonomous system"
number?  Will I be assigned from some organization or I just make it up?
Sorry for the so simple question!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=752&t=752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Choosing the right IOS Image [7:739]

[Thomas]

With 8MB of Flash, I would recommend you to ran IOS version 12.0(15),
IP/IPX/AT/DEC.  This is the latest version of v12.0.  It's only require 8MB
of flash and is a clean version (have the TCP security flaw bug fixed).









""Roger Sohn""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All,
>
> Just wanted to hear what other people are using (or would recommend) for
the
> IOS images on their 2500 series routers with a typical 16MB DRAM/ 8MB
Flash
> setup.
>
> I remember hearing from Louie that he ran 12.09 Enterprise Plus IOS on all
> of his 2500's with that 16/8 configuration.  There's a 12.7 version but it
> won't fit on only 8MB of flash space.  Does this mean that I should I
> consider upgrading to 16MB flash instead?
>
> On another note, can anyone recommend a good reference for knowing which
> type of IOS images to use?  Like how I can assess whether I would want to
> use a Service Provider image rather than an Enterprise image, or an IP
> Image, or maybe even an Enterprise/FW/IDS IPSEC image.  I'm trying to find
> out more information on what requirements would prompt me to choose one
over
> the other.
>
> I've only been able to find a few docs on CCO and they haven't helped me
> much.
>
> Any info is always appreciated!
>
> Thanks,
> Roger
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=753&t=739
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: designing subnets with all ones/zeros.. [7:695]

[David Chandler]

So are we all agreed that there is not a problem with using the all 1s/0s
subnet?
The real problem seem to be that they continue to teach it.

I think I can plow through RFCs 791, 950 & 1812 within the next couple days.
May be there is a more compelling reason than it could cause problems with
hosts built in the mid eighties.

Chuck stated:
"Wonder if that's part of the reason I didn't make it to day 2 ;->"

That brings up the real question.  What does cisco believe is the correct
way?
It appears that passing the CCIE lab is as much about guessing the "correct"
way to implement something; as it is raw technical knowledge?

Thanks for your input:
DaveC


"Howard C. Berkowitz" wrote:

> That Cisco page is extremely dated information, and actually not
> quite right -- RFC 791 is, indeed, the primary IPv4 specification,
> although the IP address format was originally defined in RFC 760.
> Neither one of these, however, discusses subnetting, which was
> introduced later in RFC 950.  RFC 760 simply assumed a fixed 8-bit
> network and 24-bit host field, while RFC 791 introduced classes A/B/C.
>
> >Wonder if that's part of the reason I didn't make it to day 2 ;->
> >
> >I see the point of the article, but I still believe it is more of a
> >compatibility issue than anything else. Can't get into  the RFC server I
> >normally use to see if RFC 1812 ventures an opinion. CIDR probably figures
> >in here somewhere.
>
> CIDR actually is in a set of RFCs, about 1518-1520.
>
> Without having it in front of me, 1812 specifically says the all
> zeroes and all ones subnets are legal, but they can be ambiguous in a
> classful environment.  Their use is quite routine in a classless
> environment, such as an ISP--I frequently use them in addressing
> plans and have no problems with modern routing.  It's been quite a
> while since I worked in anything with classful addressing.
>
> >
> >I know that throughout my practice for the lab that I have had situations
> >exactly as described in the link you provide. I don't recall problems, but
> >then the lab is not reality ;->
> >
> >Chuck
> >
> >-Original Message-
> >From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> >David Chandler
> >Sent:  Sunday, April 15, 2001 12:42 PM
> >To:[EMAIL PROTECTED]
> >Subject:   Re: designing subnets with all ones/zeros.. [7:695]
> >
> >Chuck
> >
> >Thanks for the proof read  :>
> >
> >Bellow is the cisco page & part of the doc relating to zero subnets.
> >To me it reads "don't; because we say so"
> >
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c
> >/ipcprt1/1cdipadr.htm#xtocid105602
> >
> >---
> >Enabling Use of Subnet Zero
> >
> >Subnetting with a subnet address of zero is illegal and strongly
discouraged
> >(as
> >stated in RFC 791) because of the confusion that can arise between a
network
> >and
> >a
> >subnet that have the same addresses. For example, if network 131.108.0.0
is
> >subnetted as 255.255.255.0, subnet zero would be written as
> >131.108.0.0which is
> >
> >identical to the network address.
> >
> >You can use the all zeros and all ones subnet (131.108.255.0), even though
> >it is
> >discouraged. Configuring interfaces for the all ones subnet is explicitly
> >allowed.
> >However, if you need the entire subnet space for your IP address, use the
> >following command in global configuration mode to enable subnet zero:
> >---
> >
> >You mentioned that Windows is not rfc1812 compiant and that it allows
wacky
> >subnets and disallows some valid subnets.  Was that trial & error or has
> >microsoft documented this? I hate spending an hour looking for a document
> >that
> >is not there...
> >
> >Thanks
> >
> >DaveC
> >
> >
> >Chuck Larrieu wrote:
> >
> >>  Comments within:
> >>
> >>  -Original Message-
> >>  From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
> >>  David Chandler
> >>  Sent:   Saturday, April 14, 2001 11:25 PM
> >>  To: [EMAIL PROTECTED]
> >>  Subject:designing subnets with all ones/zeros.. [7:695]
> >>
> >>  I have two questions regarding using the all ones and/or the all zeros
> >>  subnet.
> >>
> >>  Recently one of my co-workers started studying for CCNA and while
> >>  reviewing subnets he kept telling me that you could not use the all
zero
> >>  or all ones subnet.
> >>
> >>  CL:  classically speaking this is true. Early implementations, etc.
these
> >>  days this is no longer the case
> >>
> >>  The Win95, NT, and LINUX hosts didn't have a
> >>  problem with it nor did the routers.
> >>
> >>  CL: a long time ago on this list we had a discussion of wacky subnet
> >masks.
> >>  In the course of researching this, I found that the windows IP stack
was
> >not
> >>  rfc 1812 compliant in that it allowed discontiguous / wacky / non
> >contiguous
> >>  ones subnet masks, and that windows also categorically denied use of
> >certain
> >>  legitimate ip addresses. Such as 172.16.1.255/16  I b

Re: Help! Cisco Internetworking Design test?? [7:682]

[Bob Wilson]

Was the CID test more technical like the other CCDx tests or more like case
study questions like the CCDA with a ton of reading???


""Sean C.""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Andy,
>
> Took the CID last week and passed - 2nd attempt.  The horror stories you
> have read about this test are true.
>
> The questions have misspellings (VALN instead of VLAN), some answers are
> written twice, one question address had a third octet of .286., etc.
Couple
> this with the limited study material available and I think it would be
wise
> to wait for the CID 4.0, when, hopefully, there will be more study
material
> available.
>
> I used the CiscoPress book and the Boson #1 test.  The Lammle book you own
> has the best section on StrataCom - the questions I had were could all be
> answered from Lammle's book.
>
> I agree with the general concensus:  CiscoPress covers 50%, Lammle covers
> 50% between them you will know about 75% of the test.
>
> Good luck,
> Sean
>
> CCNP, CCDP, MCSE
>
>
> ""AndyD""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Can anyone give me any advice in how to prepare for the CID test?  I've
> > heard nothing but horror stories on the poor quality of the test, vague
> > questions,  poorly worded questions, etc.  I've got Todd Laemmle's book,
> but
> > it seems pretty superficial.  I've got a Boson practice test, but it's
all
> > over the map.  Could someone who has taken the test give me some
> > recommendations please?
> >
> >  Thanks,
> >
> > AD
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=755&t=682
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: sdh/sonet framing [7:700]

[Bob Wilson]

Here is a good link:

http://www.cisco.com/warp/public/cc/pd/rt/12000/prodlit/gspos_an.htm


""sipitung""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group,
>
> Have you any idea for url which described about sonet/sdh framing in more
> detaili still a bit confuse about what is distinction  between sonet
and
> sdh framing.
>
> Once more, have anyone have idea about the distinction between Add Drop
> Multiplexer, Terminal Multiplexer, Intermediate Regenerator (IR),  Digital
> Cross-connect (DXC).  I found this term in Ericsson AXD 155-3.
> anyway, sorry for the stupid question.
>
>
> Just for trying learn about this in more detail. Any help will be
> appreciated.
> Thanks for your attention.
>
>
> Regards
> sipitung
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=756&t=700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco TFTP Program??? [7:167] RESOLVED...Thnks! [7:757]

[EROD EROD]

Allen- This last one did the trick...Thanks to you and all on the list
that responded

to my help...I was just about starting to give up on this thing.. again
thanks a mill !!!




On Wed, 11 Apr 2001 12:53:32 -0400 "Allen May"  writes:
> - Original Message -
> From: "EROD EROD" 
> To: 
> Sent: Wednesday, April 11, 2001 12:59 AM
> Subject: Re: Cisco TFTP Program??? [7:167]
> 
> 
> > Kevin-
> >
> > I've got both the xcvr & the Nic links active(green) & E0 is still 
> in an
> > up/up state...
> > This is directly connected no Hub involved just a x-over cable...
> >
> > I'm using win NT Sp 4. which doesn't have a device manager..
> Right click network neighborhood, propterties, bindings tab, show 
> bindings
> for 'all adapters', highlight token ring card & click disable.  
> Reapply
> service pack if you haven't since you added the new NIC and reboot.
> 
> >
> > I did the ipconfig & it came up with 2 eth adapters one  says
> > ethernet adapter e13c5745 with the ip info i placed in there.
> >  120.1.1.1 ip/mask & gateway..
> > and the other says: ethernet adapter NdisWan4
> > with no ip/mask or default info under it...
> >
> > Any idea why it's coming back with that 2nd eth adapter w/ no 
> ip..
> >
> You have RAS or RRAS installed?  If so that's a virtual adapter.  
> Make sure
> binding order has that at the bottom if you want to keep it.  Move 
> the real
> ethernet card to the top in binding order.
> 
> >
> > I allready tried deinstalling tftp & reinstalling it & that didn't 
> help
> > either,
> >
> > I'm running out of options here...
> Reinstalling SP is always an option...hahaseriously tho ;)
> 
> >
> >
> >
> > On Wed, 11 Apr 2001 00:13:16 -0400 "Kevin Wigle"
> >  writes:
> > > >I guess my problem is trying to figure out how to get tftp to
> > > recognize
> > > > the 120 ip address..
> > >
> > > No, your problem is that you don't have connectivity on that
> > > ethernet card.
> > >
> > > If you can't ping on a directly connected network - then you 
> won't
> > > be able
> > > to do much else.
> > >
> > > You say that you have up/up on the router.  This will happen 
> always
> > > initially and then the port will go down after a few seconds if 
> the
> > > port
> > > isn't working. Do you observe up/up after about 30 seconds?
> > >
> > > If so that suggests to me that you're plugging it into a hub 
> and
> > > then from
> > > the hub to the PC?
> > >
> > > On the PC, there must be an indicator light that shows link
> > > status is it
> > > on?
> > >
> > > If using a hub, the router port must have a link light, does 
> the
> > > port for
> > > the pc have a link light?
> > >
> > > Ensure that the PC is not plugged into an uplink port or a 
> Xover
> > > switch is
> > > enabled.
> > >
> > > On the PC, go into the ethernet card properties and see if 
> TCP/IP
> > > shows up
> > > under bindings.
> > >
> > > Run ipconfig and see if more than one card is viewable - the TR 
> and
> > > the
> > > Ethernet.  This is your first easy way of seeing if the 
> ethernet
> > > card has
> > > been accepted by the system.
> > >
> > > Under control panel/system/device manager - check to see if 
> there is
> > > any red
> > > X's or yellow !s beside Network adaptors.  Is the ethernet card 
> even
> > > there?
> > > If it is check properties and see if it says "device is working
> > > properly".
> > >
> > > If you're using a Xover cable - it may be faulty.  I have seen 
> up/up
> > > without
> > > a link light but nothing worked.
> > >
> > > You may not have to delete the TR card.  Perhaps you can disable 
> it.
> > >  I
> > > don't know which version of windows you're using.
> > >
> > > First and foremost - you have a connectivity problem.  Either 
> the
> > > hub, cable
> > > or interface card.  You have to work that out first.
> > >
> > > Kevin Wigle
> > >
> > > - Original Message -
> > > From: "EROD EROD"
> > > To:
> > > Sent: Wednesday, 11 April, 2001 00:36
> > > Subject: Re: Cisco TFTP Program??? [7:167]
> > >
> > >
> > > > O.k.
> > > >
> > > > Basically this is what i've done,  I've removed a token ring 
> card
> > > > (pcmcia)
> > > > & installed an ethernet card in it's place, I configured the
> > > ethernet
> > > > card
> > > > with a 120.1.1.1/8  default gateway pointing to 120.1.1.2 
> which is
> > > the ip
> > > > add on the
> > > > ethernet port...I did this of course by going to the tcp/ip
> > > properties &
> > > > selecting the
> > > > ethernet network adapter & configurein the ip address on that
> > > adapter...
> > > >
> > > > Configure e0 on the router with ip 120.1.1.2/8 & it shows 
> up/up
> > > but when
> > > > i launch
> > > > the telnet program it automatically pops up with the original
> > > token
> > > > ring's ip address
> > > > that was originally in the machine...I don't want to have to
> > > delete the
> > > > TR adapter because
> > > > i'll need it when i return to the office...
> > > >
> > > > I can't ping from either side..
> > > >
> > > > I guess my problem is tr