Re: IOS boot problem [7:6555]
yes! I have 16F/16D installed. Regards, Fanglo Thomas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Version 12.2.x requires at least 16Mb of flash and 16MB of memory. Make sure you meet this requirement... Fanglo MA wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm now cannot access my routers but I remember that it is 11.0(10c)XA and I'm trying to upgrade to IOS 12.2. Does the upgrade version affect the tftp copying process? Circusnuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The boot code in the 2500 does effect the IOS. What is your Sho Version what IOS are you trying ??? Phil - Original Message - From: Fanglo MA To: Sent: Wednesday, May 30, 2001 10:54 PM Subject: IOS boot problem [7:6555] Hi, I have a pair of 2502, r1 and r2, and when I upgrade r1's IOS I get r1 report checksum error. Since the upgrade must erase the old IOS in flash, I'm then forced to boot in RXBOOT. After then I connect r1 back-to-back to r2 and issue copy tftp flash to get the IOS from r2's flash. Both routers working as normal but again I get check sum invalid! The IOS I intented to upgrade is then passed to my friend and validated as good image. Any idea? Does the boot rom version affect tftp copying? Someone suggest it might be flash problem but before the trial of upgrade the router work perfectly. Please help. TIA and regards, Fanglo FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6574t=6555 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: help [7:6571]
On Thu, 31 May 2001, William Harrison wrote: Since I m 200 miles from the router a console connection is not possible. And I knew that I should have put a modem on the aux port but! I was hoping the someone had a brut force password crack that I could run against the enable password? I don't think anyone on the list will tell you that, because of the risk of abuse. Your best bet, if driving and flying aren't options, is to walk someone through password recovery. Or you could have the router shipped to you. -- Someone approached me and asked me to teach a javascript course. I was about to decline, saying that my complete ignorance of the subject made me unsuitable, then I thought again, that maybe it doesn't, as driving people away from it is a desirable outcome. --Me Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6575t=6571 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem with hardware [7:6251]
Voice interface cards can only be used in voice network modules (NM-1V and NM-2V) regards, Orest Sergey Konovalov schrieb: WIC2T + Serial WIC + Voice 2V Problem: Router cannot see its interfaces (hardware) show interfaces- received none show version - received none in hardware section After router booted we received: 00:00:04: %PA-2-UNDEFPA: Undefined Port Adaptor type 0 in bay 0 00:00:04: %PA-2-UNDEFPA: Undefined Port Adaptor type 101 in bay 1 00:00:04: %LINK-4-NOMAC: A random default MAC address of .0c84.1a51 has been chosen. Ensure that this address is unique, or specify MAC addresses for commands (such as 'novell routing') that allow the use of this address as a default. Please, help us with this problem. ___ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6576t=6251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
creating sub-interface on E0 [7:6577]
hi all Trying to configure for my test setup, an E0.1 interface on my 1603 router. I create the int no problem, however when I try to give it an IP address it tells me that on interfaces intended for ISL or 802.10 can be configured on this interface. My question is, can I setup mutliple sub interfaces on my router ? If so, can I route between them by using either static routes or a routing protocol, (or by default coz they are directly connected should I do nothing ?) Thanks all in advance John Sydney Australia Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6577t=6577 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
about the config of adsl in 2621 [7:6578]
the guide of cisco say: intface atm0/0 no ip address can the atm interface have ip address? thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6578t=6578 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
Hello everyone, Just wondering if anyone out there has come across this same issue: I am currently working on a site where each office in the building (29 offices) will be connected to a pair of 2924XL switches, and each office will also be in its own vlan (and therefore have its own network, routed between at the router). The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? Any help much appreciated! Please copy my email address in on the reply as well as to the group. Thanks! Sam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6579t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: creating sub-interface on E0 [7:6577]
you need to have a 100meg port to do proper sub interfaces. You will find that you cannot do encapsulation isl whatever as this command only works on a 100 meg port. -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 08:15 To: [EMAIL PROTECTED] Subject: creating sub-interface on E0 [7:6577] hi all Trying to configure for my test setup, an E0.1 interface on my 1603 router. I create the int no problem, however when I try to give it an IP address it tells me that on interfaces intended for ISL or 802.10 can be configured on this interface. My question is, can I setup mutliple sub interfaces on my router ? If so, can I route between them by using either static routes or a routing protocol, (or by default coz they are directly connected should I do nothing ?) Thanks all in advance John Sydney Australia FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6580t=6577 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
- Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6581t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6582t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Diffie-Hellmen [7:6539]
I believe Diffie-Hellman is used to protect the initial key exchanges (IKE). IKE in turn is not necessary, but enhances the way IPSEC works. For instance, IKE automatically negotiates SAs for IPSec, which eliminates the need to manually configure all the IPSec security parameters. It also facilitates dynamic change of encryption keys during IPSec sessions. There's also scalability issue, etc. Unless you have any compelling reasons for not using IKE, my advice is to configure an ISAKMP Policy, and you are done with it. CM -Original Message- From: Rick Holden [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 01:26 To: [EMAIL PROTECTED] Subject: VPN Diffie-Hellmen [7:6539] I am a little confused why Diffie-Hellmen's key exchange is needed for IKE. When I setup ISAKMP, regardless of the authentication I am using I need to supple a key weather pre-share, public/private, or RSA sig. If this is the case why can't the two VPN peer just use this key for setting up the VPN tunnel or vice versa why can't Diffie-Hellmen's key exchange be used instead of the ISAKMP keys. I hope my question is clear. It just seems Diffie-Hellmen is used to create secret keys and I have to create secret key myself to setup IKE. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6584t=6539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to secure a PIX [7:6583]
Hello, I'am currently working on securing a PIX. Can somebody tell me the different methods that exist to secure a PIX it self. Thanks. Rock BASSOLE Til: +33 (0) 1 45 96 22 03 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6583t=6583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Local director [7:6535]
Use alias ip address to assign the LD an address on the VLAN 2 subnet. CM -Original Message- From: Magnus Thorne [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 00:12 To: [EMAIL PROTECTED] Subject: Local director [7:6535] Firewall | -- VLAN 1 | Local Director | ---VLAN 2 | Server I'm getting ping loss going to my default gateway. Is there any problem with having the local director bridge? Both its interfaces are connected to the same switch. The switches are seeing the firewall's MAC on both VLAN 1 and VLAN 2. I'm guessing that it is because the local director is bridging, instead of using it as a router and point the servers at it. Currently the default route from the servers are the firewall. Servers on VLAN 1 and VLAN 2 are having this ping loss problem. The servers seem to talk fine locally, since they don't have to go their default route. thanx, -Mag FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6585t=6535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VoIP QoS [7:6586]
Hi Everybody, I have configured the following parameters on the serial interface for VoIP.The quality of the calls is not very good during working hours you can feel some delay/small interruptions while using it. interface serial 0 ip tcp header-compression iphc-format no ip mroute-cache no fair-queue ip rtp header-compression iphc-format ip rtp priority 16384 16383 64 Could anybody suggest any other alternative to improve the quality. Will removing the compression help ? Do I need to have something like Link Fragmentation and Interleaving configured. Thanks Amit __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6586t=6586 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question regarding spanning tree [7:6485]
Hi Heather, In fact the STA, regarding which ports are in forwarding or blocking state, works as follow: 1. Lowest Path Cost 2. Lowest Designated Bridge ID (MAC address + Priority) 3. Lowest port ID That is, imagine that bridge A is running STA to decide wich ports should forward and wich ports should block traffic. If bridge A is receiveing BPDUs on two ports, it will choose the port that is receiving BPDUs announcing the lowest Path Cost. In case of a tie, the port that will be in forwarding state will be the one that is reiceiveing BPDUs in which the Bridge ID is the lowest. If there is a tie at this stage (which happens when the designated bridge is the same bridge in both ports) the lowest port ID from the designated bridge acts as the tie breaker. This is what is happening in your lab. Your 4006 is bridge A and the 6509 is the designated bridge which is connected to the 4006 by two links. Because the 6509's port that is connected to the 4006's port 1/2 has a lower port ID (0x8087)than the 6509's port that connects to the 4006's port 1/1, the 4006 switch will put port 1/2 in forwarding state. I hope this helps. I appologize for my (portuguese)english. Regards, Nuno Morais From: Buri, Heather H Reply-To: Buri, Heather H To: [EMAIL PROTECTED] Subject: question regarding spanning tree [7:6485] Date: Wed, 30 May 2001 13:20:07 -0400 Hello. I don't really have a problem so much as I am trying to get a better understanding of how Spanning Tree works. I am currently studying for my switching exam and am reviewing Spanning Tree. I have the following statement from the Cisco course manual and in the case of redundant paths to the root bridge, it states In order to choose which port will be forwarding data and which ports will be blocking data, the switch looks at two components in the BPDU, as follows: 1. Path Cost 2. Port ID The switch looks at the path cost first to determine which port is receiving the lowest cost path. If the path cost is equal, as in the case of parallel links, the bridge goes to the port ID as a tie-breaker. The port with the lowest port ID forwards and all other ports block. I decided to verify this on one of my 4006's which connects to my 6509 (which is the root) and here is what I found: pet4006_8 (enable) sh spantree statistics 1/2 1 Port 1/2 VLAN 1 SpanningTree enabled for vlanNo = 1 BPDU-related parameters port spanning tree enabled stateforwarding port_id 0x8002 port number 0x2 path cost4 message age (port/VLAN) 0(20) designated_root 00-d0-01-98-5c-00 designated_cost 0 designated_bridge00-d0-01-98-5c-00 designated_port 0x8087 top_change_ack FALSE config_pending FALSE port_inconsistency none PORT based information statistics config bpdu's xmitted (port/VLAN)0(8702816) config bpdu's received (port/VLAN) 831061(1662121) tcn bpdu's xmitted (port/VLAN) 1(1) pet4006_8 (enable) sh spantree statistics 1/1 1 Port 1/1 VLAN 1 SpanningTree enabled for vlanNo = 1 BPDU-related parameters port spanning tree enabled stateblocking port_id 0x8001 port number 0x1 path cost4 message age (port/VLAN) 1(20) designated_root 00-d0-01-98-5c-00 designated_cost 0 designated_bridge00-d0-01-98-5c-00 designated_port 0x80c8 top_change_ack FALSE config_pending FALSE port_inconsistency none However, as you can see from the above output, Port 1/2 is the port chosen to forward and it appears to have a higher port ID number. Can someone please explain what I am missing here? Thanks! Heather Buri CSC Technology Services - Houston Phone: (713)-961-8592 Fax: (713)-961-8249 Mobile: Alpha Page: Mailing: 1360 Post Oak Blvd Suite 500 Houston, TX 77056 EOM NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN
RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
Try using DHCPLOC to monitor DHCP requests/replies traffic. This will give you an indication as to why clients can not lease IP addresses. I believe the reason why clients that move from one VLAN to another keep getting the same IP address is because they are trying to renew the existing IP address. Those clients need to release their IP addresses before attempting to obtain a new one: IPCONFIG /RELEASE; IPCONFIG /RENEW CM -Original Message- From: Jeroen Timmer [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 10:03 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6588t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Intrusion Detection [7:6494]
...I thought STFW stands for STir Fried Wice -Original Message- From: Russ Kreigh [mailto:[EMAIL PROTECTED]] Sent: 30 May 2001 22:30 To: [EMAIL PROTECTED] Subject: Re: Intrusion Detection [7:6494] STFW! - Original Message - From: Christopher Kolp To: Sent: Wednesday, May 30, 2001 4:02 PM Subject: RE: Intrusion Detection [7:6494] link please -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Russ Kreigh Sent: Wednesday, May 30, 2001 4:48 PM To: [EMAIL PROTECTED] Subject: Re: Intrusion Detection [7:6494] Snort is also a decent one for the price (free) - Original Message - From: William E. Gragido To: Sent: Wednesday, May 30, 2001 3:11 PM Subject: RE: Intrusion Detection [7:6494] Check out Intrusion.com They make some truly great products -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mel Chandler PMI Sent: Wednesday, May 30, 2001 2:08 PM To: [EMAIL PROTECTED] Subject: Intrusion Detection [7:6494] Has any had the opportunity to evaluate an intrusion detection system? I know Cisco makes one, not sure what it runs for an OS and how well it's put together. Have looked at Cabletron, excuse me, Enterasys, and Webtrends. Anyone offer any insight? Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA [EMAIL PROTECTED] Network Analyst Information Services PMI Delta Dental (562) 467-6627 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6589t=6494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
We did everything you described below .. We sniffered the network, we saw that the client didn't get a reply from the DHCP server. But what the cause is that the client doesn't get a reply .. We couldn't find out. We also tried to release the client's ip address by ipconfig /release etc. etc. This also didn't work, I had to delete the client in the DHCP scope of NetID (where I found that client with his old ip address and sometimes had to remove it several times) to let the client get a new ip address by releasing his old ip address. We used the NetID server for DHCP, even changed to a WinNT server to do DHCP, but the problem still remains. The thing we have configured in the router is only an ip-helper address on each VLAN interface. What about the ip dhcp-server command ... Do you have to configure that one to ? With kind regards, Jeroen Timmer -Original Message- From: Charles Manafa [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 11:47 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] Try using DHCPLOC to monitor DHCP requests/replies traffic. This will give you an indication as to why clients can not lease IP addresses. I believe the reason why clients that move from one VLAN to another keep getting the same IP address is because they are trying to renew the existing IP address. Those clients need to release their IP addresses before attempting to obtain a new one: IPCONFIG /RELEASE; IPCONFIG /RENEW CM -Original Message- From: Jeroen Timmer [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 10:03 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6590t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Catalyst 5000 10/100 12port module for sale in Australia [7:6591]
Hi Group, I've got the above module I want to sell from my lab, preferably to someone in Australia. Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6591t=6591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP Servers and IP assignment [7:6562]
The router using the IP helper address will change the mac address to it own interface. Thus DHCP knows how to return back and in turn router send back to the client at the correct interface Lists Wizard wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello group, I have a nagging question about how the DHCP server assigns an IP address to a DHCP client from the correct pool of addresses. Let me give a scenario so that you understand my concerns. A host called Subnet_A _Client sends a dhcp request. The router's interface on subnet A is Ethernet_A. The router sends the dhcp request to subnet B, where the DHCP server resides. The router's interface on subnet B is Ethernet_B. My question is how will the DHCP server know that the dhcp request is coming from subnet A? Will the DHCP server unicast or broadcast the dhcp reply? To which address will the server unicast its dhcp reply? If someone can help me or refer me to a good online document that will answer my questions, I will appreciate it. Thanks Lw FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6592t=6562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP Servers and IP assignment [7:6562]
Chuck, I'm not sure if you noticed, but the first page on the search engine would actually show the link for RFC 1541. Is that consider a succinct answer ? Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Knowing others will give you a succinct answer, I would also suggest you can take a peek at RFC 1541 ftp://ftp.isi.edu/in-notes/rfc1541.txt for some details, such as the DHCP request packet format. In there you will find a field defined as giaddr ( Relay agent IP address, used in booting via a relay-agent. ) The router forwarding the DHCP request populates this field. The DHCP server reads the value in this field and makes the assignment from the appropriate scope. If you have nothing to do for several days, you can also check out this book: http://www.amazon.com/exec/obidos/ASIN/1578701376/o/qid=991282285/sr=2-1/ref =aps_sr_b_1_1/102-2752665-3470535 watch the wrap on this one hard to imagine one could fill a book with this stuff ;- Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lists Wizard Sent: Wednesday, May 30, 2001 9:02 PM To: [EMAIL PROTECTED] Subject: DHCP Servers and IP assignment [7:6562] Hello group, I have a nagging question about how the DHCP server assigns an IP address to a DHCP client from the correct pool of addresses. Let me give a scenario so that you understand my concerns. A host called Subnet_A _Client sends a dhcp request. The router's interface on subnet A is Ethernet_A. The router sends the dhcp request to subnet B, where the DHCP server resides. The router's interface on subnet B is Ethernet_B. My question is how will the DHCP server know that the dhcp request is coming from subnet A? Will the DHCP server unicast or broadcast the dhcp reply? To which address will the server unicast its dhcp reply? If someone can help me or refer me to a good online document that will answer my questions, I will appreciate it. Thanks Lw FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6593t=6562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Back to back Serial for Cisco 2621 [7:6497]
Yes, $24 each. Although I didn't realize until later that the post was actually for the SmarSerial, not the 60-pin cable used on 2500, 3600 or NP-4T's. My apologies. He still might carry the SmartSerial kind though. Elmer -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 6:14 PM To: Deloso, Elmer G (WPNSTA Yorktown) Subject: Re: Back to back Serial for Cisco 2621 [7:6497] I'm assuming that was $24 each? -e- - Original Message - From: Deloso, Elmer G (WPNSTA Yorktown) To: Sent: Wednesday, May 30, 2001 1:32 PM Subject: RE: Back to back Serial for Cisco 2621 [7:6497] I just got 6 b2b serials from Robert Lowery for $24. I prefer these over the others because they're only 3 ft long and costs less than half the regular b2b cables. Not only that but they're a lot lighter too. Perfect for home lab setup. His e-mail is [EMAIL PROTECTED] Elmer -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 4:09 PM To: [EMAIL PROTECTED] Subject: RE: Back to back Serial for Cisco 2621 [7:6497] That's going to be a SmartSerial back-to-back (DTE-Dce) cable. http://www.pacificcable.com/CiscoCables.htm $49.00 New, NotCisco. -Original Message- From: Joe Cremer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 3:40 PM To: [EMAIL PROTECTED] Subject: Back to back Serial for Cisco 2621 [7:6497] Does any one know a cable supplier for a dce/dte cable to connect two cisco 2621 routers with dual serial modules (wic-2t, with smart jack). I looked through the archives and found alot od 2500 cables but nothing for the new connector. Thanks Joe FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6594t=6497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE refrence books!! [7:6595]
Hi , Can anyone tell me which books to refer to for CCIE written I went through the Cisco recomended reading list, is there any single Cisco Press books for Routing Switching CCIE like they have for CCNA and CCNP... Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6595t=6595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
I ran into a similar problem with a 4006 using the 4232-L3 with 3524XL's in the closet. You could see the DHCP request come accross to the server but the server never would reply. For the 4232-L3, there's a known DHCP bug (even in the latest code) regarding address rewriting when forwarding the DHCP request in the event the DHCP server's primary pool for that subnet is unavailble. This bug concerns the forwarding of packets, not the 4232-L3 acting as a DHCP server itself. Not sure how far this bug might reach. Tighe assignment from the propper pool should the primary pool be unavailble. Jeroen Timmer wrote: We did everything you described below .. We sniffered the network, we saw that the client didn't get a reply from the DHCP server. But what the cause is that the client doesn't get a reply .. We couldn't find out. We also tried to release the client's ip address by ipconfig /release etc. etc. This also didn't work, I had to delete the client in the DHCP scope of NetID (where I found that client with his old ip address and sometimes had to remove it several times) to let the client get a new ip address by releasing his old ip address. We used the NetID server for DHCP, even changed to a WinNT server to do DHCP, but the problem still remains. The thing we have configured in the router is only an ip-helper address on each VLAN interface. What about the ip dhcp-server command ... Do you have to configure that one to ? With kind regards, Jeroen Timmer -Original Message- From: Charles Manafa [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 11:47 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] Try using DHCPLOC to monitor DHCP requests/replies traffic. This will give you an indication as to why clients can not lease IP addresses. I believe the reason why clients that move from one VLAN to another keep getting the same IP address is because they are trying to renew the existing IP address. Those clients need to release their IP addresses before attempting to obtain a new one: IPCONFIG /RELEASE; IPCONFIG /RENEW CM -Original Message- From: Jeroen Timmer [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 10:03 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list
RE: Migration EIGRP-OSPF [7:5724]
You also need to make sure that you have good address summarization if you want it to be successful. I've seen more than my fair share of networks that ran EIGRP, didn't have proper summarization and/or had a lot of redundancy. Because, out of the box EIGRP doesn't require you to build networks with summarization, etc. like OSPF. A few years back (before Cisco started publishing more details about scaling EIGRP) I saw several networks that were experiencing stability problems when running EIGRP and the thought was that OSPF would fix their problems. Most of these companies balked at the thought of re-addressing the network to properly support OSPF and stayed with EIGRP - using a lot of distribute-lists, etc. (although the same reasons that OSPF requires summarization would be of great benefit in an EIGRP network). I've found that binary math is not commonly held skill-set. What is the reason for going to OSPF in this instance, stability problems with EIGRP or multi-vendor support? In my experience people seem to view EIGRP as easier than OSPF - while probably true in really small networks, networks these days just seem to be getting bigger and the same planning required for a successful OSPF implementation is required for EIGRP. I haven't seen too many companies with all-Cisco routers and a healthy EIGRP network looking to change things - thus the question above. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Wolsefer Sent: Tuesday, May 29, 2001 7:00 PM To: [EMAIL PROTECTED] Subject: RE: Migration EIGRP-OSPF [7:5724] Yes, We laid in OSPF over EIGRP since the administrative distance of EIGRP is 90 and OSPF is 110. We were then able to check the OSPF databases on each router to make sure that all routes are advertised correctly. The final step was to remove eigrp. This results in some downtime, but it was easier to schedule a block of downtime and cut over. Regards, David Wolsefer, CCIE #5858 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dyson Kuben Sent: Thursday, May 24, 2001 5:59 AM To: [EMAIL PROTECTED] Subject: Migration EIGRP-OSPF [7:5724] anyone out there ever migrated a large-scale network from EIGRP to OSPF? Would you be able to share your experiences? Thanks, Dyson FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6597t=5724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix with 2 different ISPs [7:5349]
You can have two outside networks...the statics and access-lists will have to be duplicated for each network which can make for a longer config. You will run into problems with the routing...one pipe will have to be a default outbound. And you have to do some nasty when it comes to inbound connections: 202.x.x.x 0.0.0.0 SPRINT --\ /-\ Router Pix ---Inside UUNET---/ \--/ 61.x.x.x 10.0.0.0 We had to keep our networks seperate (206 and 63) for some time because of a previous design flaw. For inbound connections, as the traffic came from the UUNet pipe, the source address was changed to 10.x.x.x at the router and if it came from Sprint the source was left alone. You have to do this or all response traffic will not take same path out as it came in. The was also hell when it came to any traffic studies (web site stats, sniffers, etc) You can tell how much traffic came from the UUNet side, just could not tell a source addess Snippets of config: access-list UUNET_Inbound permit tcp any host 61.1.1.1 eq www access-list UUNET_Inbound permit tcp any host 61.1.1.1eq 443 access-list SPRINT_Inbound permit tcp any host 202.1.1.1 eq www access-list SPRINT_Inbound permit tcp any host 202.1.1.1 eq 443 static (inside,SPRINT) 202.1.1.1 10.1.1.1 netmask 255.255.255.255 static (inside,UUNET) 61.1.1.1 10.1.1.1 netmask 255.255.255.255 route SPRINT 0.0.0.0 0.0.0.0 202.x.x.x 1 route UUNET 10.0.0.0 255.0.0.0 62.x.x.x 1 The router takes it from there Hope this helps, Tony Tai Ngo wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Can somebody tell me if this is possible? If so, please provide configuration details. We have 2 ISPs, one that is 204.23.23.x and the other is 205.23.23.x. We have 2 Pix firewalls, one which is configured for active with both outside interfaces. The other pix is configured as standby. Will the Pix firewall be smart enough to know how to route traffic back out the network it came from? For example, if a user came into our website from 204.23.23.x , will the Pix know how to route the info back out that interface instead of through the 205.23.23.x network? My guess is it's not possible because when you look at the configuration on the Pix, to route info outside, you would use route 0.0.0.0 204.23.23.x 1 . Thanks! FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6598t=5349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wanna Be a CCIE? Try This One [7:6076]
Would Moving one of the AREA 1 Routers into (a new area) Area2 Fix this? -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 6:54 PM To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Good call I was going moreso by the diagram... EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Read carefully - routerA and routerB both have interfaces in Area0 and Area1, which makes them both ABRs -e- - Original Message - From: Michael L. Williams To: Sent: Wednesday, May 30, 2001 9:01 AM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Wait a second.. where are the ABRs?How can a router that communicates routes from one OSPF area to another not be an ABR? Am I missing something? Mike W. Kevin Schwantz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... routerArouterB AREA0AREA0 || routerC routerD AREA1-AREA1 Since we are on the topic of OSPF, could someone help me out on the scenario above? Routers A and B have interfaces in Area 0 and Area1. I want traffic from routerA destined for routerD to go via router B. This is not the case in my network because I realise that routerA prefers Intra-Area routes and thus would route traffic to routerD via routerC. What tweaks must I make in order to force the traffic from routerA to routerD to go via routerB ? Someone suggested building a GRE tunnel between routerA and routerB and then configure the tunnel to be in AREA1. Any suggestions? Kevin W. Alan Robertson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, The actual traffic will not be routed up to area 0... Area 0 has been extended down to R2, so R2 is now a backbone router. R2 has interfaces in 3 areas now: Area1, Area2, and Area0 by means of it's virtual link. Any traffic originating in Area2 destined for Area1 will be routed directly by R2. This satisfies the Interarea traffic must traverse the backbone rule, because R2 *is* a backbone router. This is not theory... It is fact. Alan - Original Message - From: Andrew Larkins To: Sent: Monday, May 28, 2001 10:13 AM Subject: RE: Wanna Be a CCIE? Try This One [7:6076] agreedto area 0 then on to the intended area -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: 28 May 2001 15:50 To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Chuck- my answer is Yes. The traffic from the Virtual Linked psuedo-ABR passes back to Area 0, before it's sent onto the intended Area (even if it's directly connected). Phil - Original Message - From: Chuck Larrieu To: Sent: Sunday, May 27, 2001 8:59 PM Subject: Wanna Be a CCIE? Try This One [7:6076] Ever wonder what the CCIE candidates talk about on the CCIE list? The following message came through today. I thought the bright folks on this list might be curious, and might want to venture an answer. Begin original question: Guys, I wonder if there is anybody who remembers the discussion on Virtual Links in OSPF. It was posted some time ago but I can't seem to find it. The scenario was something like this: ___ ___ |Area 0 | |Area1||Area2| |R0|--| R1 |--| R2 | |__| |_||_| There is a virtual link from area 2 to Area 0 via Area1. Traffic needs to get to R1 in Area 1 from R2 in Area 2. Assume that the virtual link has to use R1 (To create the V.Link). Does the traffic flow passed R1 (in Area 1) to Area 0 and then back to area 1, or does the actual flow just to R1 from R2. I cant remember the conclusion, and I cant seem to find it on the archives. Quite interesting issues. End of original question Chuck One IOS to forward them all. One IOS to find them. One IOS to summarize them all And in the routing table bind them. -JRR Chambers- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info:
RE: Cost of NM-4E in Australia [7:6538]
The Average Ebay Selling Price is $1300 U.s. The List Price is 4000. The Selling price is $2900. If You sell it to them for $1900, you'll both be getting a good deal. I Checked what the currency conversion looks like, and according to msn. 1,900.00 US dollars = 3,598.48 Australian dollars Exchange rate: 1.893939 Rate valid as of: 5/31/2001 -Original Message- From: Adam Burgess [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 8:25 PM To: [EMAIL PROTECTED] Subject: OT: Cost of NM-4E in Australia [7:6538] I have an NM-4E on loan to a client at the moment and they have (finally) decided that they will be purchasing one of these modules to use in their 2600 on a permanent basis. They have asked me if I would be interested in selling mine, which could save them a fair amount as they are an expensive module. This module is from my lab and is surplus to my needs anyway (at the moment). Can anyone suggest a fair price (in Aust. Dollars) for a second-hand NM-4E? I have never seen one for sale locally so am unsure of the going rate. Regards Adam Burgess Brisbane, Australia FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6600t=6538 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Required TR for Lab Practice [7:6601]
Hello - General Q - How many TR int required for CCIE lab practice? I have 2 routers with TR. Thanks / RamG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6601t=6601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN problems [7:6475]
Thanks a lot. It worked. I can now ping and telnet into 5505. Appreciate your help. Alex Mike Bernhardt wrote: Are you trying to manage the 2924 from the new VLAN? If so, you have to shut down VLAN 1. then you can no-shut the new VLAN. .. Mike Bernhardt CCIE #6079 To reply directly, yo know what to do... khramov wrote: Trying to set up a VLAN between 5505 with the RSM module and 2924 Cisco Catalyst Switch over 100baseFX. Everything seems to be working correctly except the VLAN on the 2924 shows shut down and can not be brought up. On 5505 we created VLAN, assign an IP address to the VLAN on 5505 and on the VLAN 2924. We left the VLAN 1 on the 2924 with no IP address. We also enabled EIGRP routing on RSM module on 5505. Any suggestions on what we need to do to make them talk over the VLAN. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6602t=6475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
There's a bug in Cat IOS code 12.1.4 (I think) which can cause the problems you're mentioning. Did you try an upgrade? The bug ID is CSCds89040 and it's related to HSRP configs and IOS 12.1(4)E. The bug prevents the correct MLS flows from being created. An IOS upgrade fixed my similar problem right away. Vijay Ramcharan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeroen Timmer Sent: Thursday, May 31, 2001 6:15 AM To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We did everything you described below .. We sniffered the network, we saw that the client didn't get a reply from the DHCP server. But what the cause is that the client doesn't get a reply .. We couldn't find out. We also tried to release the client's ip address by ipconfig /release etc. etc. This also didn't work, I had to delete the client in the DHCP scope of NetID (where I found that client with his old ip address and sometimes had to remove it several times) to let the client get a new ip address by releasing his old ip address. We used the NetID server for DHCP, even changed to a WinNT server to do DHCP, but the problem still remains. The thing we have configured in the router is only an ip-helper address on each VLAN interface. What about the ip dhcp-server command ... Do you have to configure that one to ? With kind regards, Jeroen Timmer -Original Message- From: Charles Manafa [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 11:47 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] Try using DHCPLOC to monitor DHCP requests/replies traffic. This will give you an indication as to why clients can not lease IP addresses. I believe the reason why clients that move from one VLAN to another keep getting the same IP address is because they are trying to renew the existing IP address. Those clients need to release their IP addresses before attempting to obtain a new one: IPCONFIG /RELEASE; IPCONFIG /RENEW CM -Original Message- From: Jeroen Timmer [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 10:03 To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list
Re: How to monitor the IPSec Traffic rate of VPN500X Series? [7:6608]
Your salutation suggests you are only taking answers from the gay community. You may be better opening this fairly specific question up to everyone :-) MacDonald wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear gays, any one can suggest me what software should I use for monitoring the IPSec traffic rate of the VPN 500X series? I had follow the spec of VPN500X and download the MIB-II form Cisco Website, but the variables inside seems not related to my purpose. (IP-SEC-FLOW.my) Any comment or opinion ? Regards, MacDonald FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6608t=6608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: elementary? [7:6359]
A slightly chauvinistic hen-pecked instructor explained simplex, half-duplex and duplex to me about 16 years ago. It obviously worked as a memory aid as I still remember it now. Simplex: When his wife talks to him - one way only Half Duplex: Him talking to one of his mates - One talks, then the other. Duplex: His wife talking to one of her friends - Both talking at the same time, but hearing every word. Gaz Hire, Ejay wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... With Half Duplex, It's Talk, Listen, Talk, Listen With Full duplex, I think its: Talk, Talk, Talk, Talk, Talk, Talk - simultaneously - Listen, Listen, Listen, Listen, Li Only one frame can be transmitted at a time, with the other packets stacking up in the buffer in a FIFO fashion. The only pause would be the interface gap, and if 2 packets are sent at the same time, one sits in the buffer an incredibly short amount of time (Gig Ethernet has a very short MTU/bps) while the other one is transmitted. -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 3:51 PM To: [EMAIL PROTECTED] Subject: RE: elementary? [7:6359] I concur. I should have been a bit more clear in that I was addressing the issue of a gig link between two switches. For traffic that remains within a single switch, different things can be done with the switch fabric, thus increasing the number of packets handled. But a single gig link between two switches, operating at full duplex, can have only one packet per direct on the wire at one time. Also, I still think that on any link between any end station and the switch port, the transmitting end station still waits until it senses nothing on the wire fore putting the next packet out that interface. The end station, after all, does not know to what it is connected. Rules of the game. Listen. If wire is empty, place packet onto wire, listen, if wire is busy, wait. Perhaps some of the newer layer two drivers do things a bit differently if they detect full duplex? I'm not so sure, but then I'm just an old dog. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gareth Hinton Sent: Wednesday, May 30, 2001 10:14 AM To: [EMAIL PROTECTED] Subject: Re: elementary? [7:6359] I think everybody might be right here but arguing about different parts of the process, or confusing the meaning of the previous post , so just to add more confusion: Peter said that all every station could send as much as they want, which I think he was referring to their own ethernet segment/(switch port). On the Gig link, buffering will obviously have to take place. Statistical multiplexing seems a good summary of what's happening. I'm not sure exactly what you were saying in the last post Alan, about the buffering. Full duplex operation will allow another station to send to you while you are sending to it, so no buffering required in that case. As usual, open (prone) to correction, Gaz W. Alan Robertson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Chuck, It's pretty much an issue of semantics... Another station could send to you, but the frame would be buffered by the switch until the current frame had finished sending. It would be transmitted to you afterward. Also, to confirm Peter's statement that he's never seen a full-duplex hub... Such an animal does not/can not exist. This is one of the key differences between hubs and switches. A hub, by it's very nature, cannot provide full-duplex operation. It has no means of bufferring frames, nor of providing segmentation on a per node basis. A hub is layer 1 device, and the network is provides is a shared medium. Vijay, chances are that if it has a 1Gbps uplink, it is a switch, and depending on the number of connected 100Mbps stations, and your network traffic patterns, you very well might be able to saturate the uplink connection, because a switch allows for multiple simultaneous conversations. Under the right conditions, you could fill up virtually any pipe, but unless your traffic demands are really outlandish, you probably won't. If you do, you should examine the reasons, and revise the design of your network accordingly. Alan - Original Message - From: Chuck Larrieu To: Sent: Wednesday, May 30, 2001 11:14 AM Subject: RE: elementary? [7:6359] Hhh... Not so sure this is exactly right.. With full duplex, you have effectively created two directions --- there and back. I believe it is accurate to say that only one packet can be on the wire per direction at one time. I can send to you at the same time you are sending to me. But Someone else can not send to you at the time my packet is on the wire. Correct me if I'm wrong. Chuck -Original Message- From: [EMAIL
Re: Multiple commands on a menu command [7:6510]
Hi Robert, I've not messed much with copying into Running. Does this automatically append rather than overwrite? I'd have a play myself, but at the moment I'm bored stiff waiting for something to happen on a routerless site. Gaz McCallum, Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Earlier in the month I posted a question on how you could have multiple commands coming from one menu item i.e. user presses key 1 and it shuts down an interface. I have eventually came up with a solution which is posted below. Just in case anyone out there has to do the same. have a menu which calls a file from the flash and copies it into your running config menu EMOS text 1 SHUTDOWN LUCY menu EMOS command 1 copy slot0:shut91 runn menu EMOS text 2 SHUTDOWN ANDERSON menu EMOS command 2 copy slot0:shut92 runn menu EMOS text 3 SHUTDOWN CUMMING menu EMOS command 3 copy slot0:shut93 runn menu EMOS text 4 SHUTDOWN DAVIDSON menu EMOS command 4 copy slot0:shut94 runn blah blah blah the flash looks like 2 -rw-10467208 Jan 05 2001 05:12:37 c7200-js-mz.121-4.bin 15 -rw- 28 May 22 2001 11:01:33 open91 17 -rw- 28 May 22 2001 11:01:42 open92 18 -rw- 28 May 22 2001 11:01:47 open93 19 -rw- 28 May 22 2001 11:01:56 open94 20 -rw- 28 May 22 2001 11:02:01 open95 21 -rw- 28 May 22 2001 11:02:06 open96 22 -rw- 25 May 22 2001 11:02:12 shut91 23 -rw- 25 May 22 2001 11:02:17 shut92 24 -rw- 25 May 22 2001 11:02:21 shut93 25 -rw- 25 May 22 2001 11:02:26 shut94 26 -rw- 25 May 22 2001 11:02:30 shut95 27 -rw- 25 May 22 2001 11:02:34 shut96 the file called shut91 looks like more flash:shut91 int fast0/0.91 shut end note the file has to end with end otherwise you will have unexpected end of file in your logs every time the command is issued. I used this menu as a means for users in a 24 hour by 7 support team who know very little about Cisco equipment to allow them to shut or open interfaces depending on what is needed. I had to do this as we have backup servers in a different location which surprise surprise require the same IP address as its primary server. HTH anyone in the near future. Robert McCallum FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6606t=6510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
A comment or two within: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeroen Timmer Sent: Thursday, May 31, 2001 2:03 AM To: [EMAIL PROTECTED] Subject:RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. CL: unfortunately, windoze does not release ip addresses upon shutdown. Windows machines tend to retain the ip address acquired as long as the lease time has not expired. And sometimes even longer. I've run into problems with mobile users, who upon returning to the office find themselves using and ip address that has been reassigned. This is a windows problem, a feature if you will. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. CL: I ask because I do not know: does the router function of the 65xx actually behave the way it is supposed to? Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6610t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multiple commands on a menu command [7:6510]
It overwrites the commands that are there already and appends the commands if they aren't there! It is as if you have went into conf t then went int fast0/0.91 then type shut then cntrl Z. SO any commands are fair game here. One thing to note that these commands are issued even though the user hasn't typed in the enable password.!! -Original Message- From: Gareth Hinton [mailto:[EMAIL PROTECTED]] Sent: 31 May 2001 14:49 To: [EMAIL PROTECTED] Subject: Re: Multiple commands on a menu command [7:6510] Hi Robert, I've not messed much with copying into Running. Does this automatically append rather than overwrite? I'd have a play myself, but at the moment I'm bored stiff waiting for something to happen on a routerless site. Gaz McCallum, Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Earlier in the month I posted a question on how you could have multiple commands coming from one menu item i.e. user presses key 1 and it shuts down an interface. I have eventually came up with a solution which is posted below. Just in case anyone out there has to do the same. have a menu which calls a file from the flash and copies it into your running config menu EMOS text 1 SHUTDOWN LUCY menu EMOS command 1 copy slot0:shut91 runn menu EMOS text 2 SHUTDOWN ANDERSON menu EMOS command 2 copy slot0:shut92 runn menu EMOS text 3 SHUTDOWN CUMMING menu EMOS command 3 copy slot0:shut93 runn menu EMOS text 4 SHUTDOWN DAVIDSON menu EMOS command 4 copy slot0:shut94 runn blah blah blah the flash looks like 2 -rw-10467208 Jan 05 2001 05:12:37 c7200-js-mz.121-4.bin 15 -rw- 28 May 22 2001 11:01:33 open91 17 -rw- 28 May 22 2001 11:01:42 open92 18 -rw- 28 May 22 2001 11:01:47 open93 19 -rw- 28 May 22 2001 11:01:56 open94 20 -rw- 28 May 22 2001 11:02:01 open95 21 -rw- 28 May 22 2001 11:02:06 open96 22 -rw- 25 May 22 2001 11:02:12 shut91 23 -rw- 25 May 22 2001 11:02:17 shut92 24 -rw- 25 May 22 2001 11:02:21 shut93 25 -rw- 25 May 22 2001 11:02:26 shut94 26 -rw- 25 May 22 2001 11:02:30 shut95 27 -rw- 25 May 22 2001 11:02:34 shut96 the file called shut91 looks like more flash:shut91 int fast0/0.91 shut end note the file has to end with end otherwise you will have unexpected end of file in your logs every time the command is issued. I used this menu as a means for users in a 24 hour by 7 support team who know very little about Cisco equipment to allow them to shut or open interfaces depending on what is needed. I had to do this as we have backup servers in a different location which surprise surprise require the same IP address as its primary server. HTH anyone in the near future. Robert McCallum FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6611t=6510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unix serial programs (was RE: Any good Hyper Terminal program [7:6612]
On a different term, I'm building a cheap terminal server for console access to multiple routers. Basically a old P133 (486 would work, too :), a cheap multiserial card, linux. Telnet to the machine, minicom, bingo! internal console access for those things you won't telnet to (for example a bridge without ip addresses, a test firewall without telnet/ssh/whatever access ecc) or you just lost connection to (damn!) or is reloading and you want to see the boot messages, too. Definitively better than a windows box + hyperterminal + pcAnywhere or Vnc or similar. The next step would be configuring a screen (the program screen I mean) to autostart at boot with minicom (or whatever) set up as the shell ecc, in order to have a persistent scrollback history through sessions. Any comments ? The only weak point for now: I just can't make copy/paste work, neither from telnet or console... lost characters for any paste longer than some chars. It almost seams as if minicom is not buffering the input it gets, so any input faster than the serial line gets lost. Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6612t=6612 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP QoS [7:6586]
We've had a lot of success *not* using ip rtp priority, but using LLQ/CBWFQ instead. This allows you to assign a strict priority queue for voice traffic while giving you flexibility with the other classes of non-voice traffic. Frame relay fragmentation is generally not needed if your link speed is over 768kbps, but it has been recommended to me that we use it even at full T-1 speeds as long as our router can handle it with no problem. However, I think I'm going to remove LFI from our routers as I just can't see it being necessary and it doesn't appear to help very much. HTH, John (who *seriously* needs a caffeine IV drip right about now) Amit Gupta 5/31/01 3:16:24 AM Hi Everybody, I have configured the following parameters on the serial interface for VoIP.The quality of the calls is not very good during working hours you can feel some delay/small interruptions while using it. interface serial 0 ip tcp header-compression iphc-format no ip mroute-cache no fair-queue ip rtp header-compression iphc-format ip rtp priority 16384 16383 64 Could anybody suggest any other alternative to improve the quality. Will removing the compression help ? Do I need to have something like Link Fragmentation and Interleaving configured. Thanks Amit __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6614t=6586 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Migration EIGRP-OSPF [7:5724]
At 08:27 AM 5/31/01 -0400, R. Benjamin Kessler wrote: What is the reason for going to OSPF in this instance, stability problems with EIGRP or multi-vendor support? In my experience people seem to view EIGRP as easier than OSPF - while probably true in really small networks, networks these days just seem to be getting bigger and the same planning required for a successful OSPF implementation is required for EIGRP. I haven't seen too many companies with all-Cisco routers and a healthy EIGRP network looking to change things - thus the question above. Well, a few points I would bring up is. Stuck in Active problem of EIGRP. As the updates are being done, the routers will stay in active mode (cannot receive new updates I believe). If the EIGRP network is big, it must wait for the very last router in the periphery to respond back. This could cause issues with convergence time. You may have to modify the timers to increase the hold time (which might cause bad convergence) since genuine requests might take so long that they will get zonked out and the the router will delete it's entry. This only happens in huge AS (in the EIGRP sense of an area of sorts). So, if the idea of using OSPF and breaking into areas is bad, you technically get the same issue with EIGRP, except in the form of ASes. Also, you are running a proprietary protocol now. Although it seems to work fine now. If say, they feel another vendor's product is superior in a particular aspect of their network, they might be hard pressed or you will need to do some redistribution/distribution lists which is probably going to be difficult as well. I suppose all in all it is still easier to use EIGRP. I agree wholeheartedly with your statements. The cost of going to OSPF might seem higher if they are really not that good with it. In that way it somewhat validates them sticking to EIGRP. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6616t=5724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
Giles, I don't think its a OSPF Cost problem. I tried it without avail. I am not very sure but I believe OSPF will prefer Intra-Area routes despite having an alternate path that seemingly has a lower cost. Please correct me if I am wrong. Could this be an administrative distance thing? As much as I would have liked to come up with an ingenius solution, I was not able to. I have since changed Area 1 into Area 0. It works fine now but I have this nagging feeling that something more constructive could have been done. The solution I adopted seems more like a cheap work around. But I guess it works and that matters more. By the way, the network is much bigger than what I have illustrated. It consist of around 40 routers spanning over 16 countries. Its a private IP network that runs on MPLS to provide VPN's. My next project would be to implement traffic engineering. Kevin Essame, Giles wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The SPF tree involves determining a least-cost path from the router the path will be originating from. Therefore you need to adjust your costs accordingly. As per example, Area0 is a low cost due to I presume Area0 would be over a high speed backbone. routerArouterB AREA0 55 AREA0 10 10 | | 10 10 routerC routerD AREA1 20-20 AREA1 From Router A via router B to reach router D is cost of 15. From Router A via router C to reach router D is cost of 30. Router B is now the preferred route. If it a test network, try playing around with the costs to do asymmetrical routing. -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 2:02 PM To: Subject: RE: Wanna Be a CCIE? Try This One [7:6076] Would Moving one of the AREA 1 Routers into (a new area) Area2 Fix this? -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 6:54 PM To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Good call I was going moreso by the diagram... EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Read carefully - routerA and routerB both have interfaces in Area0 and Area1, which makes them both ABRs -e- - Original Message - From: Michael L. Williams To: Sent: Wednesday, May 30, 2001 9:01 AM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Wait a second.. where are the ABRs?How can a router that communicates routes from one OSPF area to another not be an ABR? Am I missing something? Mike W. Kevin Schwantz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... routerArouterB AREA0AREA0 || routerC routerD AREA1-AREA1 Since we are on the topic of OSPF, could someone help me out on the scenario above? Routers A and B have interfaces in Area 0 and Area1. I want traffic from routerA destined for routerD to go via router B. This is not the case in my network because I realise that routerA prefers Intra-Area routes and thus would route traffic to routerD via routerC. What tweaks must I make in order to force the traffic from routerA to routerD to go via routerB ? Someone suggested building a GRE tunnel between routerA and routerB and then configure the tunnel to be in AREA1. Any suggestions? Kevin W. Alan Robertson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, The actual traffic will not be routed up to area 0... Area 0 has been extended down to R2, so R2 is now a backbone router. R2 has interfaces in 3 areas now: Area1, Area2, and Area0 by means of it's virtual link. Any traffic originating in Area2 destined for Area1 will be routed directly by R2. This satisfies the Interarea traffic must traverse the backbone rule, because R2 *is* a backbone router. This is not theory... It is fact. Alan - Original Message - From: Andrew Larkins To: Sent: Monday, May 28, 2001 10:13 AM Subject: RE: Wanna Be a CCIE? Try This One [7:6076] agreedto area 0 then on to the intended area -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: 28 May 2001 15:50 To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Chuck- my answer is Yes. The traffic from the Virtual
Lotus Notes via VPN [7:6618]
Hi, I'm trying to set up VPN (IPSec) between two offices. IPSec seems to be working fine because clients can ping and telnet between the offices. The problem is Lotus Notes (running on NT) does not work. Clients cannot connect to Lotus Notes. (Notes client shows it is connected and gets some response from the server. But, the connection does not really happen.)They can ping the NT server though. Any idea? TIA, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6618t=6618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
As you are likely aware, running TE over area borders isn't an available option these days due to the loss of traffic engineering info at those borders. Hence, migrating to a single area might enhance your ability to engineer traffic in your network. I would just keep an eye on the utilization of your routers particularity if they are running multiple routing tables as your mpls vpn comment suggests. *** REPLY SEPARATOR *** On 5/31/2001 at 11:02 AM Kevin Schwantz wrote: Giles, I don't think its a OSPF Cost problem. I tried it without avail. I am not very sure but I believe OSPF will prefer Intra-Area routes despite having an alternate path that seemingly has a lower cost. Please correct me if I am wrong. Could this be an administrative distance thing? As much as I would have liked to come up with an ingenius solution, I was not able to. I have since changed Area 1 into Area 0. It works fine now but I have this nagging feeling that something more constructive could have been done. The solution I adopted seems more like a cheap work around. But I guess it works and that matters more. By the way, the network is much bigger than what I have illustrated. It consist of around 40 routers spanning over 16 countries. Its a private IP network that runs on MPLS to provide VPN's. My next project would be to implement traffic engineering. Kevin Essame, Giles wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The SPF tree involves determining a least-cost path from the router the path will be originating from. Therefore you need to adjust your costs accordingly. As per example, Area0 is a low cost due to I presume Area0 would be over a high speed backbone. routerArouterB AREA0 55 AREA0 10 10 | | 10 10 routerC routerD AREA1 20-20 AREA1 From Router A via router B to reach router D is cost of 15. From Router A via router C to reach router D is cost of 30. Router B is now the preferred route. If it a test network, try playing around with the costs to do asymmetrical routing. -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 2:02 PM To: Subject: RE: Wanna Be a CCIE? Try This One [7:6076] Would Moving one of the AREA 1 Routers into (a new area) Area2 Fix this? -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 6:54 PM To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Good call I was going moreso by the diagram... EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Read carefully - routerA and routerB both have interfaces in Area0 and Area1, which makes them both ABRs -e- - Original Message - From: Michael L. Williams To: Sent: Wednesday, May 30, 2001 9:01 AM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Wait a second.. where are the ABRs?How can a router that communicates routes from one OSPF area to another not be an ABR? Am I missing something? Mike W. Kevin Schwantz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... routerArouterB AREA0AREA0 || routerC routerD AREA1-AREA1 Since we are on the topic of OSPF, could someone help me out on the scenario above? Routers A and B have interfaces in Area 0 and Area1. I want traffic from routerA destined for routerD to go via router B. This is not the case in my network because I realise that routerA prefers Intra-Area routes and thus would route traffic to routerD via routerC. What tweaks must I make in order to force the traffic from routerA to routerD to go via routerB ? Someone suggested building a GRE tunnel between routerA and routerB and then configure the tunnel to be in AREA1. Any suggestions? Kevin W. Alan Robertson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, The actual traffic will not be routed up to area 0... Area 0 has been extended down to R2, so R2 is now a backbone router. R2 has interfaces in 3 areas now: Area1, Area2, and Area0 by means of it's virtual link. Any traffic originating in Area2 destined for Area1 will be routed directly by R2. This satisfies the Interarea traffic must traverse the backbone rule, because R2 *is* a backbone router. This is not theory... It is fact. Alan -
RE: 6509 and logging messages [7:6479]
If you're connecting to the switch via telnet - keeping with the below suggestion - assuming you're running CatOS, you might want to also turn off session logging. That combined with creating a big buffer for the logging messages and/or sending them to a syslog host will keep these messages off your screen. If you don't care about these messages, you can also change the logging parameters for the switch. See the following link for info: http://www.cisco.com/warp/customer/473/34.shtml#PAGP_MESSAGES -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter I. Slow Sent: Wednesday, May 30, 2001 12:24 PM To: [EMAIL PROTECTED] Subject: Re: 6509 and logging messages [7:6479] conf t logging buffered 99 debug no logging console - Original Message - From: Nabil Fares To: Sent: Wednesday, May 30, 2001 12:50 PM Subject: 6509 and logging messages [7:6479] Greetings all, How can I disable messages to prompt me when someone connects to the switch? Basically when someone connects, the switch issues port 4/3 left the bridge, port 4/3 joined the bridge. Can this be disabled? Thanks Nabil FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6620t=6479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wanna Be a CCIE? Try This One [7:6076]
I am not very sure but I believe OSPF will prefer Intra-Area routes despite having an alternate path that seemingly has a lower cost. Please correct me if I am wrong. Could this be an administrative distance thing? Kevin, just for clarification, what you are describing has nothing to do with administrative distance. Administrative distance is about comparing the relative trustworthyness of routes learned via different routing protocols. Your dilema relates to the route selection criteria wholly within OSPF, and you're right... OSPF prefers Intra-area routes to Inter-area routes, regardless of cost. Cost is used when all else is equal in the previous steps of the route selection process, and the real bottom line is that cost becomes signifgant only when talking about routes within a single area. As much as I would have liked to come up with an ingenius solution, I was not able to. I have since changed Area 1 into Area 0. It works fine now but I have this nagging feeling that something more constructive could have been done. The solution I adopted seems more like a cheap work around. But I guess it works and that matters more. Don't feel too bad... You have acheived your goal. There's always going to be a sexier solution, and if you haven't noticed, put together in a room (or a mailing list), quality engineers will often disagree on matters of implementation. By the way, the network is much bigger than what I have illustrated. It consist of around 40 routers spanning over 16 countries. Its a private IP network that runs on MPLS to provide VPN's. My next project would be to implement traffic engineering. See, everybody... Bigger network than was initially described... BGP FOREVER!! ;) Alan (Doing the dance... Feeling the flow...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6621t=6076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lotus Notes via VPN [7:6618]
OT but I know the answer (seen it before). You have to do connection documents in Notes OR you can set up the hosts file to point to the Notes server. - Original Message - From: John To: Sent: Thursday, May 31, 2001 10:19 AM Subject: Lotus Notes via VPN [7:6618] Hi, I'm trying to set up VPN (IPSec) between two offices. IPSec seems to be working fine because clients can ping and telnet between the offices. The problem is Lotus Notes (running on NT) does not work. Clients cannot connect to Lotus Notes. (Notes client shows it is connected and gets some response from the server. But, the connection does not really happen.)They can ping the NT server though. Any idea? TIA, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6622t=6618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wanna Be a CCIE? Try This One [7:6076]
Kevin, I didn't read the whole thread!, It would be more of a cost issue if your where inter-area routing (as you know). Glancing at your thread, that's what I mentally thought even though it states several times that the problem was over intra-area routing. - I must read more slowly! From what you say changing the area looks the only solution, though as I hate giving up on a solution how about this. If your destination networks on router D are Type 1 or Type 2 and summarisation is good you could implement static routing (weight 16) on router A in the routing table thus overriding OSPF weights value. If the static routes point to a loopback address on router B, then if router B fails the static routes would disappear from the routing table allowing the OSPF to take over thus providing a resilient route to router D via router C. The reason why I say on using a loopback is due to if router B fails or it's interface for area 0 fails router A will still retain the static routes in it routing table due to it's local interface for Area 0 will be up still up. It's not elegant, but if you desperately need to off load bandwidth / CPU utilisation via route C or you don't want to increase the size of Area 0 then this may be worth considering. Personally I prefer what you have done but I don't know your situation. I hope this helps! Regards Giles -Original Message- From: Peter Van Oene [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 4:36 PM To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] As you are likely aware, running TE over area borders isn't an available option these days due to the loss of traffic engineering info at those borders. Hence, migrating to a single area might enhance your ability to engineer traffic in your network. I would just keep an eye on the utilization of your routers particularity if they are running multiple routing tables as your mpls vpn comment suggests. *** REPLY SEPARATOR *** On 5/31/2001 at 11:02 AM Kevin Schwantz wrote: Giles, I don't think its a OSPF Cost problem. I tried it without avail. I am not very sure but I believe OSPF will prefer Intra-Area routes despite having an alternate path that seemingly has a lower cost. Please correct me if I am wrong. Could this be an administrative distance thing? As much as I would have liked to come up with an ingenius solution, I was not able to. I have since changed Area 1 into Area 0. It works fine now but I have this nagging feeling that something more constructive could have been done. The solution I adopted seems more like a cheap work around. But I guess it works and that matters more. By the way, the network is much bigger than what I have illustrated. It consist of around 40 routers spanning over 16 countries. Its a private IP network that runs on MPLS to provide VPN's. My next project would be to implement traffic engineering. Kevin Essame, Giles wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The SPF tree involves determining a least-cost path from the router the path will be originating from. Therefore you need to adjust your costs accordingly. As per example, Area0 is a low cost due to I presume Area0 would be over a high speed backbone. routerArouterB AREA0 55 AREA0 10 10 | | 10 10 routerC routerD AREA1 20-20 AREA1 From Router A via router B to reach router D is cost of 15. From Router A via router C to reach router D is cost of 30. Router B is now the preferred route. If it a test network, try playing around with the costs to do asymmetrical routing. -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 2:02 PM To: Subject: RE: Wanna Be a CCIE? Try This One [7:6076] Would Moving one of the AREA 1 Routers into (a new area) Area2 Fix this? -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 6:54 PM To: [EMAIL PROTECTED] Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Good call I was going moreso by the diagram... EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Read carefully - routerA and routerB both have interfaces in Area0 and Area1, which makes them both ABRs -e- - Original Message - From: Michael L. Williams To: Sent: Wednesday, May 30, 2001 9:01 AM Subject: Re: Wanna Be a CCIE? Try This One [7:6076] Wait a second.. where are the ABRs?How can a router that communicates routes from one OSPF area to another not be an ABR? Am I missing something? Mike W. Kevin Schwantz wrote in message [EMAIL PROTECTED]">news:[EMAIL
CW2k [7:6624]
Which portion of the CW2k does the below? There is a lot of components to it and I don't think we'll be able to afford the full blown version. Can you use CW2k to do a search on multiple switches for a specific MAC address so that I can find out which switch and port the MAC address is from? Or do you know what will do it? It's a pain to look at multiple switches to find the MAC address. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6624t=6624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Required TR for Lab Practice [7:6601]
1 segment of TR should be enough to play around on. -Russ RamG wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello - General Q - How many TR int required for CCIE lab practice? I have 2 routers with TR. Thanks / RamG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6625t=6601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE refrence books!! [7:6595]
Nope. All the books listed in the CCIE professional development list will be releveant, if not for the Written then definitely for the lab itself. -Russ Ralph Francis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi , Can anyone tell me which books to refer to for CCIE written I went through the Cisco recomended reading list, is there any single Cisco Press books for Routing Switching CCIE like they have for CCNA and CCNP... Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6626t=6595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to secure a PIX [7:6583]
It's sort of an open question there But basically, don't allow sessions to the PIX from outside (default), don't open any inbound ports that you don't use, and use a good password. You have anything more specific you wanna know? I also set up a tftp server so I have a copy of the config I can recover from in the event someone inside gets into the PIX does damage. There's also intrusion detection you can put in place inside outside the pix to detect attempts to connect... - Original Message - From: BASSOLE Rock To: Sent: Thursday, May 31, 2001 4:04 AM Subject: How to secure a PIX [7:6583] Hello, I'am currently working on securing a PIX. Can somebody tell me the different methods that exist to secure a PIX it self. Thanks. Rock BASSOLE Til: +33 (0) 1 45 96 22 03 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6628t=6583 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CW2k [7:6624]
This would be the User Tracking function in Campus Manager. I'm not sure which bundles that comes in, but there may not be a cheap way to get CM. We purchased the Lan Management Solution just to get RME and CM. I'd love to know if there's a cheaper method to get just those items. HTH, John John Chang 5/31/01 10:22:52 AM Which portion of the CW2k does the below? There is a lot of components to it and I don't think we'll be able to afford the full blown version. Can you use CW2k to do a search on multiple switches for a specific MAC address so that I can find out which switch and port the MAC address is from? Or do you know what will do it? It's a pain to look at multiple switches to find the MAC address. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6627t=6624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 506 [7:6540]
Well it's limited to 4 peers..true...but that's only if you're using the PIX as the endpoint to authenticate VPN users via RADIUS or TACACS. You can always authenticate on another VPN device inside the firewall - Original Message - From: Stephen Dunn To: Sent: Thursday, May 31, 2001 1:15 AM Subject: Re: PIX 506 [7:6540] From everything that I've seen, that's just a suggested marketing limit aimed at encouraging customers to upgrade to a higher level 515 or 525. Steve Rick Holden wrote: I was told today that the PIX 506 can only support 4 VPN tunnels. It this true and does it include remote access users. I just sold a customer a 506 and he wants to connect 10 salesman to it that have laptop computers. Thanks. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6629t=6540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: latency in a lab scenario [7:6453]
There was an earlier post that described East Coast Datacom's Router Delay Simulator. We have been using the RDS in our lab to provide latency and bandwidth constraints between endpoints. The box has worked great and the pricing wasn't bad. http://www.ecdata.com/rds/rds.htm Shawn - Original Message - From: To: Sent: Wednesday, May 30, 2001 5:31 AM Subject: latency in a lab scenario [7:6453] Hi, I'm looking for ideas to induce latency in a lab scenario. More specifically to simulate latency between nodes in Seattle, Los Angeles, and Baltimore. Any help would be appreciated. Thanks, Francis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6630t=6453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CW2k [7:6624]
Resource manager essesntials ,will give you a full chassis list...giving port ,status,mac,whatever.. CSWI is good for changes and such like ...but for reporting use RME. steve From: John Chang Reply-To: John Chang To: [EMAIL PROTECTED] Subject: CW2k [7:6624] Date: Thu, 31 May 2001 12:22:52 -0400 Which portion of the CW2k does the below? There is a lot of components to it and I don't think we'll be able to afford the full blown version. Can you use CW2k to do a search on multiple switches for a specific MAC address so that I can find out which switch and port the MAC address is from? Or do you know what will do it? It's a pain to look at multiple switches to find the MAC address. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6631t=6624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CW2k [7:6624]
You can do this using campus manager Thanks Stan Rossetti NASA - PriSMS Advanced Technology Group Voice: (256) 544-5031 Email: [EMAIL PROTECTED] Beeper: 544-1183 pin 0112 CCDA, CCNA, CCSE -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 11:23 AM To: [EMAIL PROTECTED] Subject:CW2k [7:6624] Which portion of the CW2k does the below? There is a lot of components to it and I don't think we'll be able to afford the full blown version. Can you use CW2k to do a search on multiple switches for a specific MAC address so that I can find out which switch and port the MAC address is from? Or do you know what will do it? It's a pain to look at multiple switches to find the MAC address. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6632t=6624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: latency in a lab scenario [7:6453]
Did this connection reqire any special cables or configuration? It appears to use standard V.35 DTE cables. Where does the line clocking come from? TIA -Original Message- From: Shawn Goodson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 11:54 AM To: [EMAIL PROTECTED] Subject: Re: latency in a lab scenario [7:6453] There was an earlier post that described East Coast Datacom's Router Delay Simulator. We have been using the RDS in our lab to provide latency and bandwidth constraints between endpoints. The box has worked great and the pricing wasn't bad. http://www.ecdata.com/rds/rds.htm Shawn Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6633t=6453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf and eigrp [7:6634]
What are the pros and cons of running OSPF over EIGRP in the Core of the network? In relation to troubleshooting as well as convergence? The Network: Core - 4 fully meshed 3660's each connected to a Nokia/Checkpoint Firewall connected to 2600 border routers (connected to UUNet backbone). The border routers run BGP4, and the Core's run OSPF. Each Core router is connected to 8-14 satellite offices, a mix of 2500, 2600, and 1600 series routers. Each of these 4 regions runs EIGRP and has a backup router connected to 2 cores. Thanks, Susan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6634t=6634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579]
Guys, there is something very WRONG here i have a 6509 on site a single DHCP server ..various VLans and never miss an renew are you using the ip helper address properly...( i Mean NO offence)...what i mean is setting a range ip helper address 10.0.*.* to 193.194.199.9 if so check the lease`s on the DHCP server... i need some more info to help i recon your DHCP server is up the swanyare there enough addresses in the scope for all users... (someone i know set up a scope with 1 ip address in to and wondered why only one client got a renew) you only need the ip dhcp command if you want to 65 to BECOME the Dhcp server...(don`t do it it`s a nightmare to adiminster)... please post MSFC configs for inspection HTH steve From: Chuck Larrieu Reply-To: Chuck Larrieu To: [EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] Date: Thu, 31 May 2001 10:06:06 -0400 A comment or two within: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeroen Timmer Sent: Thursday, May 31, 2001 2:03 AM To:[EMAIL PROTECTED] Subject: RE: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] We have a configuration at our company that has the same configuration as you just described. But somewhere along the line .. This doesn't seem to work that well. We got about 4 vlans, all vlan interfaces have an ip helper address to our DHCP server. Problem is that 8 out of 10 times, a DHCP client doesn't get an ip address. We used an Windows NT server as DHCP but also Nortel's NetID. Both systems give the same problems. Some times a user moves from one vlan to the other but gets an ip address from the old vlan he was in before he did a DHCP request for his new VLAN. CL: unfortunately, windoze does not release ip addresses upon shutdown. Windows machines tend to retain the ip address acquired as long as the lease time has not expired. And sometimes even longer. I've run into problems with mobile users, who upon returning to the office find themselves using and ip address that has been reassigned. This is a windows problem, a feature if you will. We have been trying to find the solution but didn't succeed sofar, maybe somebody had this before and is willing to share it with me. We use a Cisco cat 6500 to handle to forwarding to the DHCP server and the VLAN routing, as access switches we have Cisco cat 3500. CL: I ask because I do not know: does the router function of the 65xx actually behave the way it is supposed to? Thnx in advance, JT -Original Message- From: Pawel Sikora [mailto:[EMAIL PROTECTED]] Sent: donderdag 31 mei 2001 10:49 To: [EMAIL PROTECTED] Subject: Re: Weird DHCP/VLAN solution suggestions wanted!! [7:6579] - Original Message - From: Sam Deckert The problem is the client wants to use DHCP, so that people in the offices can simply plug in and away they go. But how would you go about implementing a DHCP server in this situation?? In order to allocate an address from the appropriate range, the DHCP server needs to be aware of the VLAN that the client DHCP request came from. I have not been able to find a DHCP server that has this capability whatsoever. I am sure this has been done before - does anyone know how or have any suggestions?? At the edge of each VLAN, an instance of router subinterface is obviously needed. You can configure at each subinterface ip helper address pointing to a real dhcp server located anywhere. Router then forwards any dhcp requests broadcasted by stations in vlans with apopriate subnet info, that dhcp server can use a defined scope for each vlan. Server than answers with lease data to the requestor via directed broadcast. (im not sure if such way) For example NT dhcp server service works flawlessy with such topology, with many different scopes. Pawel/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6635t=6579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Required TR for Lab Practice [7:6601]
In the lab you'll have a Ring 1 and a Ring 2 via two VLANs in a 3920. I'd practice with two rings if I were you. Darren At 09:14 AM 05/31/2001 -0400, RamG wrote: Hello - General Q - How many TR int required for CCIE lab practice? I have 2 routers with TR. Thanks / RamG x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx Darren S. Crawford Network Systems Consultant Lucent Technologies - Sacramento email: [EMAIL PROTECTED] page via email: [EMAIL PROTECTED] pager: 800-467-1467 x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6637t=6601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IS-IS queries [7:6638]
as we seem to be getting more IS-IS stuff on the list, maybe someone could help me out here. I am having real trouble seeing how IS-IS areas and levels fit together. As far as I can make out the numbering of areas is arbitary, and all L2 routers should be in the same area, with the L1/L2 and their downstream L1 routers in separate ares. Is this a requirement or a recommendation - some of the examples in Doyle's TCP/IP book seem to stray from this practise? Obviously the adjacencies between the L1/L2 and L1 routers should be circuit-type-l1, but should the adjacency between the L1/L2 (pseudo-ABR I suppose) and the L2 (backbone) routers be circuit-type-l1-l2 or l2? Finally, is it recommended to run full CLNS routing throughout, and if so what are the advantages? Sorry if this sounds a bit how does IS-IS work?, but I have been through Jeff Doyle's and Radia Perlman's books (only real reference I can find) and it's just not computing for me. many thanks Andy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6638t=6638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: help [7:6571]
Uhh, the enable or enable secret? the enable pass can be decrypted, but if you have an enable secret, you're screwed, as its a non-reversible hash... Peter Slow, CCNP Voice Specialist Network Engineer Planetary Networks 535 West 34th Street New York, NY 10001 Cell:(516) 782.1535 Desk: (646) 792.2395 Mail: [EMAIL PROTECTED] Fax:(646) 792.2396 - Original Message - From: William Harrison To: Sent: Thursday, May 31, 2001 1:13 AM Subject: help [7:6571] Since I m 200 miles from the router a console connection is not possible. And I knew that I should have put a modem on the aux port but! I was hoping the someone had a brut force password crack that I could run against the enable password? Thanks again William Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6639t=6571 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can anyone shed the light on Cisco AUX port? [7:6640]
I am hoping someone on the group can explain to me the following situation: I've noticed that on the Cisco 2500s platform, the AUX port is listed on line 1 (sine consoleport is on line 0). However, on Cisco 2600s platform, the AUX port is listed on line 65(console port is still at line 0). On the cisco 3640 router, if I put my FE module in slot 0, thenthe AUX port is listed on line 129. If I put my FE module in slot 3, then the AUX port is listed on line 97. I understand why that is the case on Cisco 2500s and 3600s platform, but apparently, the 2600s platform is really out of wack. Why doesn't Cisco make themconsistent on all platforms? I work for an ISP shop and it is hard for me to new network engineering folks about this especially when it involves async-lines, AS5300, Radius andTACACS (you get the point). I guess when Cisco controls about 90% market share of the router market, it really doesn't give a f___ about these things. No wonder why Juniper andAvici are kicking Cisco's ass in the carrier market because it makes the product moreuser-friendly (until it becomes just as big as Cisco then those guys will start acting arrogant). An explaination from anyone in this group is very appreciate. Sean Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6640t=6640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf and eigrp [7:6634]
Do you know if your Nokia Appliances are participating in any of the routing functions?? If they are, that might be the reason for your current config- unless there is something recently new with IPSO 3.3 (the OS for the Nokia Appliance), the IPSO OS can only support OSPF or IGRP, and not EIGRP. EIGRP combines the features of OSPF and IGRP together, and it's a proprietary protocol of Cisco's IOS. IGRP uses metrics or numeric costs for best path routing amont several other factors, whereas OSPF is just a link-state protocol, hence the initials Open Shortest Path First. That's just a rough off-the-collar comparison, and I would go into more detail, but I have to run to a meeting. HTHs! Mark Odette II StellarConnection Services MCSE, CCNA, 1/4 CCNP, A+ - Original Message - From: To: Sent: Thursday, May 31, 2001 12:19 PM Subject: ospf and eigrp [7:6634] What are the pros and cons of running OSPF over EIGRP in the Core of the network? In relation to troubleshooting as well as convergence? The Network: Core - 4 fully meshed 3660's each connected to a Nokia/Checkpoint Firewall connected to 2600 border routers (connected to UUNet backbone). The border routers run BGP4, and the Core's run OSPF. Each Core router is connected to 8-14 satellite offices, a mix of 2500, 2600, and 1600 series routers. Each of these 4 regions runs EIGRP and has a backup router connected to 2 cores. Thanks, Susan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6642t=6634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: another OT: why you UNIX guys look down on we NT guys? [7:6641]
Actually UNIX is a bunch of fanatic sects i.e. the sco guys hate the sun guys hate the hp guys and so on. Linux is a full blown cult. - Original Message - From: Circusnuts To: Sent: Tuesday, May 29, 2001 7:46 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6344] Because Unix is all a cult !!! The only thing worse than Unix guys, are SNA/ Main Frame dudes (with their VTAM's, FEP's, Lu Lu Sessions :o) Pray for me- I start Unix classes Friday :-P Phil - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 10:14 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6335] Oh yeah?! I'm win2000 roll out project manager for a fortune 500 company. I make $150 per hour. Hope you can figure out, SMART Unix guy. And Chuck, no problem. I just don't like some people (like SMART Russ) knows a little than others then show off that much. --- Russ Kreigh wrote: We look down upon you because you have to brag about how much you make. - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 7:40 PM Subject: another OT: why you UNIX guys look down on we NT guys? [7:6323] UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6641t=6641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lotus Notes via VPN [7:6618]
OT Connection document and host file are fine. From the client, I can see port 1352 (used by Lotus Notes) is established with a connection to the server. It just took a long time and connection seems to be timeout. - Original Message - From: Allen May To: Sent: Friday, June 01, 2001 12:06 AM Subject: Re: Lotus Notes via VPN [7:6618] OT but I know the answer (seen it before). You have to do connection documents in Notes OR you can set up the hosts file to point to the Notes server. - Original Message - From: John To: Sent: Thursday, May 31, 2001 10:19 AM Subject: Lotus Notes via VPN [7:6618] Hi, I'm trying to set up VPN (IPSec) between two offices. IPSec seems to be working fine because clients can ping and telnet between the offices. The problem is Lotus Notes (running on NT) does not work. Clients cannot connect to Lotus Notes. (Notes client shows it is connected and gets some response from the server. But, the connection does not really happen.)They can ping the NT server though. Any idea? TIA, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6643t=6618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VERY strange 2621 behavior [7:6636]
Time to change your terminal emulation software to different speeds until you find the correct one. I have heard that with Hyperterminal that you need to completely close down the application for each speed change. Others may comment from experience. BTW Do you have a SmartNet service contract on that box? -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 12:41 PM To: [EMAIL PROTECTED] Subject: VERY strange 2621 behavior [7:6636] This is exceptionally strange We just received a used 2621 running 12.0(7)T. Initially it booted just fine and we got a prompt. While in priveleged mode we did a show run and intertwined with the output was a portion of a message. The readable portion said something about environment write to NVRAM failed. We saw this three or four times. So, after poking around a bit we did a reload. During the reload we saw the error again. Toward the end of the reload we received a warning message that said something like this: This action will disable password recovery. Be sure that you have alternatives to password recovery before continuing. Continue with operation [yes/no]? I have absolutely no idea what that means, I have never seen anything like it before. We answered no, of course. At this point the router locked up and it appears that the console baud rate has changed but so far we're unable to figure out what it changed to. I've rebooted the router several times to no avail. Nothing but gibberish on my terminal screen. Any thoughts? I've searched CCO and have yet to see anything about this behavior yet. Thanks, John Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6644t=6636 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Speed of a serial interface [7:6645]
How do you tell the actual speed of a serial interface. I know it is not the BW command and there is no clock rate set. Is there a command? Thanks, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6645t=6645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Redundancy design question [7:6646]
I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6646t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help on Cisco 4000 Switch [7:6191]
hehe.. Interesting. Why in the past when I used I to make a statement here and you didn't notice it before? =) Just to clarify it, If you want to have that guy my friend's work #, mobile #, email address, work address..etc as well as my work #, mobile #, email address, work address, I will be so glad to send you the info. The reason I asked for him is that I am only studying Routing 2.0, and don't know too much on Switches. But don't get me wrong, I do appreciate all the suggestions. JC. --- Rik Guyler wrote: Friend, eh?!? Oh the humanity... ;-} Well, you could set a static entry but why? The ARP table is designed to be dynamic so that it doesn't grow to a large size and really create additional overhead. Remember, before ARP does its broadcast search, the switch will check the ARP cache. The bad news: the ARP cache is parsed from the top down. So if the table becomes large, static entries may actually slow things down. I wouldn't get into the habit of adding static entries, but if his little heart desires it so badly... BTW - removing the router's entry from the ARP table will not disconnect it from the switch. All that it really does is force the switch to broadcast for the MAC address of the router if it's not in the table and that really doesn't take much time at all. If a disconnect is really happening, then you...I mean he...has other issues to contend with. Rik -Original Message- From: Joseph Cheng [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 29, 2001 3:23 AM To: [EMAIL PROTECTED] Subject: Help on Cisco 4000 Switch [7:6191] Hi, My friend has a question on the Cisco 4000 switch, can anyone please help? Thanks in advance. == When a Cisco 1720 is hookup to the switch, if there is no traffice from the 1720, it will be disconnected from the Cisco catalyte 4000 switch after a preset 300 seconds. The mac-address of 1720 will be disappeared from the Cisco 4000 switch arp table. Is this OK to use set arp static-address to permantly write the 1720 mac-address and IP into the 4000 switch arp table? == Thanks, JC __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6647t=6191 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speed of a serial interface [7:6645]
For frame-relay or point-to-point? Kelly D Griffin, CCNA, CCDA Network Engineer Kg2 Network Design 877.418.4025 http://www.kg2.com - Original Message - From: STRAND Scott To: Sent: Thursday, May 31, 2001 2:06 PM Subject: Speed of a serial interface [7:6645] How do you tell the actual speed of a serial interface. I know it is not the BW command and there is no clock rate set. Is there a command? Thanks, Scott http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6648t=6645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Speed of a serial interface [7:6645]
I assume that this is a serial interface with no integrated CSU/DSU, and in that case the only way that I know of to tell the speed is to look at the external CSU/DSU and find out how many timeslots are configured. Hope this helps. Guy -Original Message- From: STRAND Scott [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 3:07 PM To: [EMAIL PROTECTED] Subject: Speed of a serial interface [7:6645] How do you tell the actual speed of a serial interface. I know it is not the BW command and there is no clock rate set. Is there a command? Thanks, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6650t=6645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- -- With only one WAN circuit coming in, your only choice is dial-backup (either Analog or ISDN) Irwin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6651t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speed of a serial interface [7:6645]
Guy, You're right, it is an external CSU/DSU that is in a remote location. Thanks for the help. Scott Lupi, Guy wrote: I assume that this is a serial interface with no integrated CSU/DSU, and in that case the only way that I know of to tell the speed is to look at the external CSU/DSU and find out how many timeslots are configured. Hope this helps. Guy -Original Message- From: STRAND Scott [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 3:07 PM To: [EMAIL PROTECTED] Subject: Speed of a serial interface [7:6645] How do you tell the actual speed of a serial interface. I know it is not the BW command and there is no clock rate set. Is there a command? Thanks, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6652t=6645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS queries [7:6638]
FWIW, I've put every IS-IS resource I can find on: www.itprc.com/routing.htm Irwin -Original Message- From: Andy Harding [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 1:53 PM To: [EMAIL PROTECTED] Subject: IS-IS queries [7:6638] as we seem to be getting more IS-IS stuff on the list, maybe someone could help me out here. I am having real trouble seeing how IS-IS areas and levels fit together. As far as I can make out the numbering of areas is arbitary, and all L2 routers should be in the same area, with the L1/L2 and their downstream L1 routers in separate ares. Is this a requirement or a recommendation - some of the examples in Doyle's TCP/IP book seem to stray from this practise? Obviously the adjacencies between the L1/L2 and L1 routers should be circuit-type-l1, but should the adjacency between the L1/L2 (pseudo-ABR I suppose) and the L2 (backbone) routers be circuit-type-l1-l2 or l2? Finally, is it recommended to run full CLNS routing throughout, and if so what are the advantages? Sorry if this sounds a bit how does IS-IS work?, but I have been through Jeff Doyle's and Radia Perlman's books (only real reference I can find) and it's just not computing for me. many thanks Andy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6653t=6638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
Asked because I don't know: how do you plan on making the switches redundant? How are your servers, for example homed on the switches? Is it real redundancy if closet switches are dual homed to core switches? Is your internet connection, your firewall, etc dual homed as well? Chuck The world is a single point of failure :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jon Sent: Thursday, May 31, 2001 12:09 PM To: [EMAIL PROTECTED] Subject:Redundancy design question [7:6646] I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6654t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Manchester symbols [7:6655]
What are Manchester symbols? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6655t=6655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redundancy design question [7:6646]
Well, you have pinpointed the problem with many redundant campus network designs. They may not be redundant into the WAN. To meet your goals, you may need a backup WAN connection of some sort. Depending on the level of performance you want for the backup and the amount of traffic that you have, you could use a low-speed and low-cost backup such as ISDN or even an analog modem. You'll need to think about the cost, benefits, risks of not doing anything, etc. How often do failures occur with your current WAN? (Mean Time Between Failure)? When problems occur, how quickly do they get fixed? (Mean Time To Repair) What's the cost of downtime? Any layer 8 (politics) issues you need to deal with? Like will you lose your job and/or credibility if the WAN connection is down for a long time? When provisioning backup WAN links, you should learn as much as possible about the actual physical circuit routing also. Different carriers sometimes use the same facilities, meaning that your backup path is susceptible to the same failures as your primary path. Be sure to analyze your local cabling in addition to your carrier's services. Perhaps you have designed an ISDN link to back up a Frame Relay link. Do both of these links use the same cabling to get to the demarcation point in your building network? What cabling do the links use to get to your carrier? The cabling that goes from your building to the carrier is often the weakest link in a network. It can be affected by construction, flooding, ice storms, trucks hitting telephone poles, Bob the back-hoe operator, etc. Priscilla At 03:09 PM 5/31/01, Jon wrote: I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6656t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: another OT: why you UNIX guys look down on we NT guys? [7:6657]
As of 2nd May I clean boots and panhandle who gives a toss about the operating system as long as it communicates! Karl - Original Message - From: Donald B Johnson jr To: Sent: Thursday, May 31, 2001 7:43 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6641] Actually UNIX is a bunch of fanatic sects i.e. the sco guys hate the sun guys hate the hp guys and so on. Linux is a full blown cult. - Original Message - From: Circusnuts To: Sent: Tuesday, May 29, 2001 7:46 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6344] Because Unix is all a cult !!! The only thing worse than Unix guys, are SNA/ Main Frame dudes (with their VTAM's, FEP's, Lu Lu Sessions :o) Pray for me- I start Unix classes Friday :-P Phil - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 10:14 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6335] Oh yeah?! I'm win2000 roll out project manager for a fortune 500 company. I make $150 per hour. Hope you can figure out, SMART Unix guy. And Chuck, no problem. I just don't like some people (like SMART Russ) knows a little than others then show off that much. --- Russ Kreigh wrote: We look down upon you because you have to brag about how much you make. - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 7:40 PM Subject: another OT: why you UNIX guys look down on we NT guys? [7:6323] UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6657t=6657 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Manchester symbols [7:6655]
Something to do with Ethernet Encoding I fink...anyone else? Karl - Original Message - From: g_study To: Sent: Thursday, May 31, 2001 9:07 PM Subject: Manchester symbols [7:6655] What are Manchester symbols? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6658t=6655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
(no subject) [7:6659]
remove me Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6659t=6659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Juniper Certification list now on GroupStudy.com [7:6662]
Due to popular demand, I have created a Juniper Networks certification list on GroupStudy.com. To subscribe send a message to [EMAIL PROTECTED] with the body containing: subscribe juniper If you would like to subscribe from another account, change the body to: subscribe juniper [EMAIL PROTECTED] Of course replace with your e-mail address :-) All messages will be sent to [EMAIL PROTECTED] so update your e-mail client as desired. Please send me any bug reports. Have fun, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6662t=6662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
An excellent book on this subject is High Availability Networking with Cisco by Vincent Jones ISBN 0201704552. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Thursday, May 31, 2001 3:11 PM To: [EMAIL PROTECTED] Subject: Re: Redundancy design question [7:6646] Well, you have pinpointed the problem with many redundant campus network designs. They may not be redundant into the WAN. To meet your goals, you may need a backup WAN connection of some sort. Depending on the level of performance you want for the backup and the amount of traffic that you have, you could use a low-speed and low-cost backup such as ISDN or even an analog modem. You'll need to think about the cost, benefits, risks of not doing anything, etc. How often do failures occur with your current WAN? (Mean Time Between Failure)? When problems occur, how quickly do they get fixed? (Mean Time To Repair) What's the cost of downtime? Any layer 8 (politics) issues you need to deal with? Like will you lose your job and/or credibility if the WAN connection is down for a long time? When provisioning backup WAN links, you should learn as much as possible about the actual physical circuit routing also. Different carriers sometimes use the same facilities, meaning that your backup path is susceptible to the same failures as your primary path. Be sure to analyze your local cabling in addition to your carrier's services. Perhaps you have designed an ISDN link to back up a Frame Relay link. Do both of these links use the same cabling to get to the demarcation point in your building network? What cabling do the links use to get to your carrier? The cabling that goes from your building to the carrier is often the weakest link in a network. It can be affected by construction, flooding, ice storms, trucks hitting telephone poles, Bob the back-hoe operator, etc. Priscilla At 03:09 PM 5/31/01, Jon wrote: I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6660t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can anyone shed the light on Cisco AUX port? [7:6640]
Cisco 2600 is a modular router like the 3600, and is capable of supporting two modules. Whether or not these slots are populated, it doesn't change the tty numbering, i.e slot 0: 0-31, slot 1: 32-64 etc. As the AUX port is the last tty + 1, the AUX port is 65 on a 2600. CM -Original Message- From: Sean Young To: [EMAIL PROTECTED] Sent: 31/05/01 19:19 Subject: Can anyone shed the light on Cisco AUX port? [7:6640] I am hoping someone on the group can explain to me the following situation: I've noticed that on the Cisco 2500s platform, the AUX port is listed on line 1 (sine consoleport is on line 0). However, on Cisco 2600s platform, the AUX port is listed on line 65(console port is still at line 0). On the cisco 3640 router, if I put my FE module in slot 0, thenthe AUX port is listed on line 129. If I put my FE module in slot 3, then the AUX port is listed on line 97. I understand why that is the case on Cisco 2500s and 3600s platform, but apparently, the 2600s platform is really out of wack. Why doesn't Cisco make themconsistent on all platforms? I work for an ISP shop and it is hard for me to new network engineering folks about this especially when it involves async-lines, AS5300, Radius andTACACS (you get the point). I guess when Cisco controls about 90% market share of the router market, it really doesn't give a f___ about these things. No wonder why Juniper andAvici are kicking Cisco's ass in the carrier market because it makes the product moreuser-friendly (until it becomes just as big as Cisco then those guys will start acting arrogant). An explaination from anyone in this group is very appreciate. Sean Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6661t=6640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS queries [7:6638]
Andy L1 and L2 refer to the Dyxtra(sp.) Routing processes Running on the router. In ospf, its one for each area the router is in. In ISIS, its L2 if the router is connected to a router in another area(an ABR), L1 if it is only connected to routers within its area, and L1/2 if it needs to be aware of both inter and intra area routers. The Key to all of this is to realize that an ISIS router is only in one area. In ISIS, routers are in an area, wile networks connect areas. In OSPF, a router is in many areas while lan's are in only one area. Obviously the adjacencies between the L1/L2 and L1 routers should be circuit-type-l1, but should the adjacency between the L1/L2 (pseudo-ABR I suppose) and the L2 (backbone) routers be circuit-type-l1-l2 or l2? The L1 to L1/L2 in the same area are shared on the L1 process. L1/2 to L2 (or L1/2) in are on the L2 process, whether they are in separate areas or the same area. Finally, is it recommended to run full CLNS routing throughout, and if so what are the advantages? The advantages of integrated ISIS (TCP info) are similar to ospf, with the added benefit that any two connected areas do not have to traverse a backbone area, unless it is the best path. the numbering of areas is arbitrary yes! an area is a logical group of routers that share a SPF view. ISIS is link state within an area, and link state BETWEEN areas. Within an area, the link state is designated L1, Between areas L2. Hopefully, I have answered some of your questions without mudding the water. HTH Doug Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6663t=6638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6664]
Want to make any UNIX-head apoplex? Remind them that DOS is UNIX subset. The multi-tasking multi-threaded functions were dropped because there weren't enough bits in the registers for the Intel 8088. These were added back in when the hardware for PC's was available. However, they did add better mnemonics for the UNIX commands so 'ls' became 'dir'. 'Easy' translates to 'stupid' somehow. But even so it's UNIX! DOS is UNIX! tee-hee. DOS clowns. UNIX dweebs. NT geeks. Cisco nerds. Where's Diane Arbus when we need her? - susan -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 1:43 PM To: [EMAIL PROTECTED] Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6641] Actually UNIX is a bunch of fanatic sects i.e. the sco guys hate the sun guys hate the hp guys and so on. Linux is a full blown cult. - Original Message - From: Circusnuts To: Sent: Tuesday, May 29, 2001 7:46 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6344] Because Unix is all a cult !!! The only thing worse than Unix guys, are SNA/ Main Frame dudes (with their VTAM's, FEP's, Lu Lu Sessions :o) Pray for me- I start Unix classes Friday :-P Phil - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 10:14 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6335] Oh yeah?! I'm win2000 roll out project manager for a fortune 500 company. I make $150 per hour. Hope you can figure out, SMART Unix guy. And Chuck, no problem. I just don't like some people (like SMART Russ) knows a little than others then show off that much. --- Russ Kreigh wrote: We look down upon you because you have to brag about how much you make. - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 7:40 PM Subject: another OT: why you UNIX guys look down on we NT guys? [7:6323] UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6664t=6664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ospf and eigrp [7:6634]
I don't think there's a correct answer to your question, as I could make an argument for either protocol if forced. However... Personally I like OSPF in the core better than EIGRP for multiple reasons: 1) It's not proprietary. I can mix and match manufacturers. 2) There are more technicians familiar with OSPF than with EIGRP (or at least that used to be the case). 3) By designing stubby areas, totally stubby areas, and not-so-stubby areas properly, I can easily control the number of LSAs that flow through any given area of the network. 4) OSPF is a very quiet protocol in a stable network. One of my biggest complaints (and frankly it's not a very big one) is that the convergence time could be quite long (default 46 seconds) compared to a default 16 seconds for EIGRP. as always, your mileage may vary. Craig At 01:19 PM 5/31/2001 -0400, you wrote: What are the pros and cons of running OSPF over EIGRP in the Core of the network? In relation to troubleshooting as well as convergence? The Network: Core - 4 fully meshed 3660's each connected to a Nokia/Checkpoint Firewall connected to 2600 border routers (connected to UUNet backbone). The border routers run BGP4, and the Core's run OSPF. Each Core router is connected to 8-14 satellite offices, a mix of 2500, 2600, and 1600 series routers. Each of these 4 regions runs EIGRP and has a backup router connected to 2 cores. Thanks, Susan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6665t=6634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redundancy design question [7:6646]
Keep in mind, this is not the typical help me design/fix my network for free question. I have been reading various papers, chapters, and case studies, and am trying to get my head wrapped around the details, now. I've built some scenarios in my head, trying to see problems and solutions, rather than ways to buy more gear. I'm also not trying to solve the WAN redundancy problem, just trying to get the WAN to connect into my LAN redundancy solution. The fundamental problem I'm trying to solve is how to protect against any hardware failure of my core devices knocking out normal operations. I am not concerned with protecting against any other faults outside my direct control (e.g. loss of WAN circuit, loss of server, Howard sets off a tactical device in the CO, etc.). For the sake of having a straw man to burn: A remote site is connected to the main office over a SHNS/SONET DS-3 connection, with full SONET protection to the demarc equipment on the wall of the MDF. (To limit the discussion scope, I will only describe the remote site -- we will assume the main facility is impervious to faults). The telco provides a coax connection for connecting the router to their gear. Equipment in the MDF includes: a 7206 with a DS-3 module and a FE module, a Cat4006 with multiple GBIC blade and 10/100 blade. There are three IDF wiring closets, one per floor, each with a Cat4006 fully populated with 10/100 blades. Each IDF switch is connected over a single GBIC/GigE connection to the MDF switch. All users are connected to their IDF over a single Cat5 run. All servers are connected (single-homed) to the MDF switch. To add some protection to this model, I will add a second Cat4006 in the MDF, with the same blades as the first. I will also dual-home all the servers to both MDF switches -- assume that the proper NICs are present to allow this, and that they are properly configured. I am now protected against the loss of one of my blades, or chassis, or running over a single cable with my handy BOFH rolling chair. But, my router might break, so I need to protect against that risk. Add a second 7206, same blades, dual-homed to both switches. Except I only have one coax cable from the demarc to carry the WAN signal. How do I connect the coax to two router blades, so that both routers could use the media? Or, is there a type of service available that allows for physical failover of the connection, provided by the circuit provider -- note that this isn't a second complete circuit, just a split demarc connection. Any ideas? Or is this too theoretical -- not a real enough scenario? Real world solutions might well include a second circuit, of sufficient bandwidth to get by until a repair is effected. Or provisioning two circuits for load balancing, with each capable of get by bandwidth in a fault state. But, I'm seeing a few cases where the answer presented is to double up on equipment -- never stating (perhaps always assumed) that you'll also be doubling up on all your WAN circuits to make it work. -jon- --- Chuck Larrieu wrote: Asked because I don't know: how do you plan on making the switches redundant? How are your servers, for example homed on the switches? Is it real redundancy if closet switches are dual homed to core switches? Is your internet connection, your firewall, etc dual homed as well? Chuck The world is a single point of failure :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jon Sent: Thursday, May 31, 2001 12:09 PM To: [EMAIL PROTECTED] Subject: Redundancy design question [7:6646] I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've
Secure modems for out-of-band [7:6667]
What kind of gear do folks use in their networks for out of band access to production routers? Specifically, I'd like to know about more secure solutions than just a CompUSA 33.6 plugged into the AUX port. I've seen security policies that allow a normal modem to be plugged into the router, but it's required to be powered up (or connected to the phone line) only when needed -- which still requires someone to touch the gear, but may keep from having a network engineer drive all the way to the remote site for a console connection. Better would be some secure modem that uses an RSA token or local account database to allow login, and logs all attempts to some IDS or syslogd somewhere. I've seen a few vendors' websites, and all claim to be the final solution. Some even integrate a terminal server, something like using a 2509 with a secure modem. I'd like to hear some field knowledge with these devices, and whether they were worth the trouble, or if the powered-off modem is still the best solution. And, this isn't a probe to see who doesn't use OOB security, it's a real question -- hopefully it'll save me (maybe others) time testing and evaluating some of this stuff. -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6667t=6667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GIADDR and secondary ip address problem. [7:6568]
I wish the solution is this easy but you can't create 2 subinterfaces and create 2 ip addresses on those because they have to be encapsulated. Since I'm not using any form of trunking, there is no way I can use 2 subinterfaces with 2 ip addresses. Thanks for the try though. Liang Mark J Civ AFRL/PROI wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try to create two subinterfaces the fa0/0 (fa0/0.1 and fa0/0.2)and place the ip helper 192.168.1.11 command on both subinterfaces. Hope that work, good luck. Mark, -Original Message- From: Kenneth [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 9:34 PM To: [EMAIL PROTECTED] Subject: GIADDR and secondary ip address problem. [7:6568] Hi, guys. It's been a while since I've posted something here but I'm pretty stumped with this problem somehow. Anyway, here's my problem: Remote office subnet: 192.168.5.0 255.255.255.0 Plan to change subnet into 192.168.19.0 255.255.255.0 Router relaying dhcp requests to 192.168.1.11 (DHCP Server in Central site) Current fa0/0 interface on LAN: 192.168.5.1 255.255.255.0 I recently configured the interface to have 192.168.19.1 as its primary address 192.168.5.1 as its secondary address On the DHCP Server, I've deleted the 192.168.5.0 scope and activated the 192.168.19.0 scope The reason I have 2 ip addresses on the FastEthernet interface of the router is to allow people who haven't rebooted their computer to still be able to access email and services at the central site and print to their local LAN LPR printers... The problem I'm having is that once the computers have rebooted, and I did a debug ip dhcp server events, packets, linkage, I keep seeing the router still setting the GIADDR of the request as 192.168.5.1 ... since it's forwarding this information, the DHCP server on the central site wasn't responding because of the non-existence of the 192.168.5.0 scope Reading Cisco's documentation, I thought the router uses the primary ip address of the interface as its GIADDR? I have read something about ip dhcp smart-relay but I doubt it applies to this problem... BTW, this is the way that it should be done and I know a lot of people hate the secondary ip address but I'm really trying to make this change as transparent to the users as possible! Thanks guys! Kenneth Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6668t=6568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT - Ever wonder why... [7:6669]
...off-topic discussions tend to generate more conversation than relevant technical discussions? :-) mirthfully submitted, -e- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6669t=6669 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6670]
I'm happy with my cult, it pays the bill's and keeps beer in the fridge!! Unix is still more fun than nt. --- McClendon Susan Contr AEDC/ACS wrote: Want to make any UNIX-head apoplex? Remind them that DOS is UNIX subset. The multi-tasking multi-threaded functions were dropped because there weren't enough bits in the registers for the Intel 8088. These were added back in when the hardware for PC's was available. However, they did add better mnemonics for the UNIX commands so 'ls' became 'dir'. 'Easy' translates to 'stupid' somehow. But even so it's UNIX! DOS is UNIX! tee-hee. DOS clowns. UNIX dweebs. NT geeks. Cisco nerds. Where's Diane Arbus when we need her? - susan -Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 1:43 PM To: [EMAIL PROTECTED] Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6641] Actually UNIX is a bunch of fanatic sects i.e. the sco guys hate the sun guys hate the hp guys and so on. Linux is a full blown cult. - Original Message - From: Circusnuts To: Sent: Tuesday, May 29, 2001 7:46 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6344] Because Unix is all a cult !!! The only thing worse than Unix guys, are SNA/ Main Frame dudes (with their VTAM's, FEP's, Lu Lu Sessions :o) Pray for me- I start Unix classes Friday :-P Phil - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 10:14 PM Subject: Re: another OT: why you UNIX guys look down on we NT guys? [7:6335] Oh yeah?! I'm win2000 roll out project manager for a fortune 500 company. I make $150 per hour. Hope you can figure out, SMART Unix guy. And Chuck, no problem. I just don't like some people (like SMART Russ) knows a little than others then show off that much. --- Russ Kreigh wrote: We look down upon you because you have to brag about how much you make. - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 7:40 PM Subject: another OT: why you UNIX guys look down on we NT guys? [7:6323] UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] [EMAIL PROTECTED] = George Dodds CCNA, MCP __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6670t=6670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE refrence books!! [7:6595]
Here is a book that is excellent. it explains ISDN, Frame, and ATM is a way that I've not seen elsewhere. Has excellent Spot the issues exercises. The very first Spot the issues exercise has 45 (small) paragraphs, each one discussing a separate issue with a single network. Very thorough It's called Cisco Certification: Bridging, Switching, and Routing for CCIE ISBN# 0130903892 http://www.bookpool.com/.x/hop8759eb1/ss/1?qs=0130903892 It goes for $63 at Borders (retail is $70), but you can pick it up for $44.50 at www.bookpool.com (follow the above link). Even with FedEx 2 day shipping it was only $51 for me. Great deal on a great book. Mike W. Ralph Francis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi , Can anyone tell me which books to refer to for CCIE written I went through the Cisco recomended reading list, is there any single Cisco Press books for Routing Switching CCIE like they have for CCNA and CCNP... Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6671t=6595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Juniper Certification list now on GroupStudy.com [7:6662]
Sorry to be the uninformed dumbass.. What is the Juniper Networks certification? Tell me more. Mike W. Paul Borghese wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Due to popular demand, I have created a Juniper Networks certification list on GroupStudy.com. To subscribe send a message to [EMAIL PROTECTED] with the body containing: subscribe juniper If you would like to subscribe from another account, change the body to: subscribe juniper [EMAIL PROTECTED] Of course replace with your e-mail address :-) All messages will be sent to [EMAIL PROTECTED] so update your e-mail client as desired. Please send me any bug reports. Have fun, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6672t=6662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Traffic Analysis [7:6673]
I'm attempting to do a baseline analysis of my entire network from my core switch using Sniffer Pro 3.5 (although I also have Etherpeek and Cisco's Network Analysis Module NAM - Traffic Director software as well)). In short Sniffer's price tag has gotten a little to steep for a non-profit organization budget. The question is this when I do a SHOW SYS at the CLI interface of my catalyst 5500 core switch it says I'm only averaging 10%. Is this 10% of my 3.2Gbp backplane or what? Also is Sniffer or Etherpeek able to give more of an accurate analysis if I SPAN the entire VLAN to a monitor port? Or should I use the Cisco NAM that part of the core to gather the information. I was told by the Cisco TAC that the NAM has a 450MB connection to the backplane and that it will over run very quickly. I'm at my wits end on this one. No amount of documentation gives me a clue on what to do. Please help, Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6673t=6673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Poll for those with Cisco Certs [7:6674]
Hello all. I was just wondering how many, if any, of you that have Cisco certifications also have certifications from other vendors, like Nortel. If you do have others, could you tell a little about if you got them before or after your Cisco and why? In general, does the group see a benefit to getting certs from other vendors or does that detract from the Cisco only mentality that some employers look for? Thanks! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6674t=6674 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6675]
Want to make any UNIX-head apoplex? Remind them that DOS is UNIX subset. The multi-tasking multi-threaded functions were dropped because there weren't enough bits in the registers for the Intel 8088. These were added back in when the hardware for PC's was available. However, they did add better mnemonics for the UNIX commands so 'ls' became 'dir'. 'Easy' translates to 'stupid' somehow. But even so it's UNIX! DOS is UNIX! tee-hee. DOS clowns. UNIX dweebs. NT geeks. Cisco nerds. Where's Diane Arbus when we need her? - susan Get back to the origins of the name UNIX. Pronounced aloud, is there an English word that comes to mind? The ancestor of UNIX is MULTICS. UNIX is castrated MULTICS. Extra credit for the two predecessors of C. (No, the first one isn't A). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6675t=6675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redundancy design question [7:6646]
Well, having more than one router connected to the same WAN connection still leaves a single point of failure. Where I work, we have hundreds of remotes sites, each of which has 2 routers connected together to the remote LAN using HSRP. One router has a frame relay connection, and the other has an ISDN dial-back up interface to the same WAN destination (Central Site). This way if the primary circuit goes down, the HSRP priority gets reduced (even on a subinterface level) until the connection is completely down, thus router 2 then invokes the ISDN dials. ISDN is cheap, so this sounds like a good method to me for providing redundance without having to mess with trying to connect 2 routers to a single WAN connection.. My 2 cents Mike W. Jon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've been reading about designing physical redundancy into networks, by having hot standby devices and using HSRP between them. As an example, if a site has a single router and a single core switch, these are points of risk. By adding a second core switch and a second router, any hardware failure should be overcome by the standby device taking over. If all the servers and wiring closet switches are multi-homed to both core switches, users shouldn't notice that a fault has occured. (I assume that the loss of a wiring closet switch is acceptable -- perhaps local spares are sufficient). However, if I only have one WAN circuit coming into the facility, it can only be connected to one router at a time, right? So, if the active router fails, how does the WAN connectivity fail over, short of an operator moving the cable to the second router? I'm not trying to address WAN circuit redundancy or multi-homing, that's a different worm-can to open. Is there some way to have both routers connected to the same WAN circuit? Something along the lines of a WYE-cable that connects both routers to the demarc connection? Or is this something that the circuit provider would address with their equipement (for a fee, I'm sure)? If this has been hashed over in the past, I couldn't find it in the archives. So, if we've covered this before, could someone share the key search words to locate the discussion? -jon- __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6676t=6646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Newbie Question - Pinging hosts [7:6677]
Here's a newbie question for you all. I have 3 routers that are connected to each other side by side as such and each router is able to ping each other's interfaces okay. A - B - C---2924 Switch I've added a 2924 switch and connected it to an Ethernet interface on Router C. If I plug in a workstation on one of the ports on the switch, what other configuration do I need in order for my Router A to ping the workstation? __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6677t=6677 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6678]
--- McClendon Susan Contr AEDC/ACS wrote: Want to make any UNIX-head apoplex? Remind them that DOS is UNIX subset. OK, I'll take the bait. The development of DOS had nothing to do with UNIX. DOS was originally the Quick and Dirty OS (QDOS) and was developed by Seattle Computer Products to run on microcomputers. A tiny company called Microsoft bought QDOS in 1981 so they could meet their commitment to IBM to develop an operating system for the IBM PC. By this time, UNIX was a full-fledged operating system, developed in the 1960s at Bell Labs to run on minicomputers. DOS was not based on UNIX and didn't resemble UNIX at all. It resembled CP/M if anything. It didn't even have a hierarchical file system. It wasn't multitasking and still isn't, unless you count TSRs. It didn't support networking. Memory management was a joke. Comparing DOS to UNIX is really low. ;-) Priscilla The multi-tasking multi-threaded functions were dropped because there weren't enough bits in the registers for the Intel 8088. These were added back in when the hardware for PC's was available. However, they did add better mnemonics for the UNIX commands so 'ls' became 'dir'. 'Easy' translates to 'stupid' somehow. But even so it's UNIX! DOS is UNIX! tee-hee. DOS clowns. UNIX dweebs. NT geeks. Cisco nerds. Where's Diane Arbus when we need her? - susan Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6678t=6678 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Manchester symbols [7:6655]
Manchester encoding is used on 10 Mbps Ethernet, Differential Manchester encoding is used on token ring. Fred. hal9001 wrote: Something to do with Ethernet Encoding I fink...anyone else? Karl - Original Message - From: g_study To: Sent: Thursday, May 31, 2001 9:07 PM Subject: Manchester symbols [7:6655] What are Manchester symbols? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6679t=6655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: another OT: why you UNIX guys look down on we NT guys? [7:6680]
B and New B. Priscilla At 06:39 PM 5/31/01, Howard C. Berkowitz wrote: Want to make any UNIX-head apoplex? Remind them that DOS is UNIX subset. The multi-tasking multi-threaded functions were dropped because there weren't enough bits in the registers for the Intel 8088. These were added back in when the hardware for PC's was available. However, they did add better mnemonics for the UNIX commands so 'ls' became 'dir'. 'Easy' translates to 'stupid' somehow. But even so it's UNIX! DOS is UNIX! tee-hee. DOS clowns. UNIX dweebs. NT geeks. Cisco nerds. Where's Diane Arbus when we need her? - susan Get back to the origins of the name UNIX. Pronounced aloud, is there an English word that comes to mind? The ancestor of UNIX is MULTICS. UNIX is castrated MULTICS. Extra credit for the two predecessors of C. (No, the first one isn't A). Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6680t=6680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]