Re: configuring Hyperterminal Private edition w/Windows ME [7:9479]
Have you checked different key combinations for the particular program?,= =2E.. Baud rate???..=0D =0D ---Original Message---=0D =0D From: [EMAIL PROTECTED]=0D Date: Friday, June 22, 2001 01:16:04 AM=0D To: [EMAIL PROTECTED]=0D Subject: configuring Hyperterminal Private edition w/Windows ME [7:9477]=0D =0D Hello,=0D I can connect to my Cisco devices but not communicate with them.=0D I am using hyperterminal private edition and windows ME.=0D is there anything special i have to do to get into the devices through th= e =0D console port?=0D Cables and Devices are known to be good.=0D =0D thank you for your time and consideration,=0D Joe gearhart=0D =0D =0D =0D =0D com/list/cisco.html=0D Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type Image/jpeg] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9479t=9479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Debug ip igrp events - error or notification msg??? [7:9480]
Hi, I have 6 routers connected back to back running on igrp 100. These routers are also connected to a common switch via Ethernet. The networks are unique for each Eth. and Ser. When I do a debug ip igrp trans or events on R1, I see the following msg. pop up received update from invalid source 30.1.1.1 Same on R2 for 10, 30, 40 etc. etc. BTW: The ethernets are 10.1.1.1, 20.1.1.1, 30.1.1.1 etc. etc. Is this an error msg. or notification? Is this due to the fact that all the routers are connected via serial and also via Ethernet to a common switch, and hence the error? Please advise. Thank you. Kind regards. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9480t=9480 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wan technology [7:9475]
It depends on what you mean by 'valuable'. If you are speaking from the perspective of one who is pursuing certification, then you need to evaluate which path is best for you. Cisco and Nortel have both enjoyed and continue to enjoy commercial success (with some enjoying more than others ;-0). Juniper produce great product and take pride in that just like their competitors do. So, the question becomes what do you have an interest in. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Poon Sent: Friday, June 22, 2001 12:33 AM To: [EMAIL PROTECTED] Subject: Wan technology [7:9475] Dear all, Which vendor's WAN technology is more valuable in the market. Nortel passport , juniper or Cisco. Thanks Ronnie Poon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9481t=9475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-list [7:9292]
Packets originating from the router will not be subjected to access list checking. Therefore you should be able to telnet to Router A from Router B. cheekin - Original Message - From: Ednilson Rosa To: Sent: Thursday, June 21, 2001 10:38 Subject: Access-list [7:9292] Hi Folks, I have a doubt about access-lists. I have the following topology: Router A Ethernet 0 10.0.0.1 | | 10.0.0.2 FastEth0 Router B Serial 0.1 192.168.1.1 | | 192.168.1.2 Serial 0.1 Router C I wanted to block telnet TO and FROM network 10.0.0.0. I created an access-list as follows: ip access-list extended LAN deny tcp any any eq telnet permit ip any any Applied it to Router B on Fast Ethernet 0 interface this way: interface FastEthernet0 ip access-group LAN in ip access-group LAN out Doing this I really blocked telnet from network 10.0.0.0 to routers B and C. I also blocked router C from telneting to router A (or any other host on network 10.0.0.0). But, surprisingly to me, I'm still able to telnet Router A from Router B! My question is: since I blocked telnet traffic on the interface Fast Ethernet 0 on router B for inbound and outbound, shouldn't this block my telnets from B to A?? What is missing here? Thanks in advance! Ednilson Rosa CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9482t=9292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question for NetRanger experts - ever build your own sensor [7:9483]
Hi, I want information on this too. Thanks Michael I am trying to set up a cheap IDS lab, and I don't want to pay through the nose for sensors, I'd rather make my own, if this is possible. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9483t=9483 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written [7:9484]
How good is the Que 350-001 study guide, it goes after the CCIE Blueprint ? Regards, Tarry -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 11:58 PM To: [EMAIL PROTECTED] Subject: CCIE Written [7:9434] passed. whew! relief! CCIE Written candidates... the following are what to watch out for: parameters around EtherChannel/Fast Etherchannel Performance management router commands (queuing and traffic shaping) BGP (as usual) OSPF (especially inter-area stuff) tricky questions around bridging (lots of SRB/RSRB/DLSw) Cisco-specific ATM questions the normal multiservice questions (H.323 and Erlang) obscure facts about IPX-RIP routing behavior and updates config-reg stuff TCP/IP protocol-specific questions I used Caslow, the Que 350-001 study guide, CCPrep.com exam guide, and lots of Cisco webpages. There were a few questions that caught me off-guard, and I'm highly recommending that you use the CCIE Blueprint as your guide and check off the subjects as you develop your expertise. My spreadsheet (based on the blueprint) helped some, as did my immense study of Token Ring bridging, but I can assure you that there will be questions there that will make you ask huh? -e- PS - thanks to Nathan, Bri@sonicboom, and the rest of the list for your encouragement EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm scheduled to retake the CCIE Written (fater a 1-1/2 year break) on Wednesday - I've been watching the discussions on the list and they have been really helpful. I'll be taking a LOT of pre-tests between now and then, and any help that you all would provide would be greatly appreciated. And of course, your encouragement is already strongly felt!! thx -e- -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 11! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9484t=9484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP FINISHED AT LAST!!! [7:9461]
good job, Michael! -e- - Original Message - From: Michael L. Williams To: Sent: Thursday, June 21, 2001 6:30 PM Subject: CCNP FINISHED AT LAST!!! [7:9461] On a wild hair, I changed my CIT from this Sunday to today (called Prometric this morning)... Scored a 908!!! Woohoo So I guess I need to update my signature =) Thanks to all in the group who like to talk and argue about things most people could care less about! Now it's on to CID... I hear that's a bear of an exam. We'll see =) Mike W. CCNP, CCDA, CVOICE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9486t=9461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:9485]
It was good as far as the blueprint goes, but I had so many questions that *weren't* covered in it that I'm not sure how effective it really was. Depth really seems to be the key to the CCIE Written in my opinion. It's not enough to know a little about everything - you really have to know a lot about all of it. -e- - Original Message - From: To: Cc: Sent: Friday, June 22, 2001 12:01 AM Subject: RE: CCIE Written How good is the Que 350-001 study guide, it goes after the CCIE Blueprint ? Regards, Tarry -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 11:58 PM To: [EMAIL PROTECTED] Subject: CCIE Written [7:9434] passed. whew! relief! CCIE Written candidates... the following are what to watch out for: parameters around EtherChannel/Fast Etherchannel Performance management router commands (queuing and traffic shaping) BGP (as usual) OSPF (especially inter-area stuff) tricky questions around bridging (lots of SRB/RSRB/DLSw) Cisco-specific ATM questions the normal multiservice questions (H.323 and Erlang) obscure facts about IPX-RIP routing behavior and updates config-reg stuff TCP/IP protocol-specific questions I used Caslow, the Que 350-001 study guide, CCPrep.com exam guide, and lots of Cisco webpages. There were a few questions that caught me off-guard, and I'm highly recommending that you use the CCIE Blueprint as your guide and check off the subjects as you develop your expertise. My spreadsheet (based on the blueprint) helped some, as did my immense study of Token Ring bridging, but I can assure you that there will be questions there that will make you ask huh? -e- PS - thanks to Nathan, Bri@sonicboom, and the rest of the list for your encouragement EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm scheduled to retake the CCIE Written (fater a 1-1/2 year break) on Wednesday - I've been watching the discussions on the list and they have been really helpful. I'll be taking a LOT of pre-tests between now and then, and any help that you all would provide would be greatly appreciated. And of course, your encouragement is already strongly felt!! thx -e- -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 11! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9485t=9485 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
about callback [7:9487]
i want to implement async-ppp callback between an access server and a pc,also i read the following url: http://www.cisco.com/warp/customer/793/access_dial/async_ppp.html and apple it to my access router and laptop. i doesn't work! the debug output is as follow: .. (omit) .. (o02:01:03: TTY5 Callback process initiated, user: callback dialstring 85313850 02:01:11: TTY5 Callback forced wait = 30 seconds 02:01:41: CHAT5: Asserting DTR 02:01:41: CHAT5: Chat script offhook started 02:01:41: CHAT5: Chat script offhook finished, status = Success 02:01:41: CHAT5: Asserting DTR 02:01:41: CHAT5: Chat script callback started 02:02:29: CHAT5: Chat script callback finished, status = Success 02:02:29: TTY5 Exec Callback Successful - await exec/autoselect pickup 02:02:29: TTY5: DSR came up 02:02:29: TTY5: Callback in effect 02:02:29: tty5: Modem: IDLE-READY 02:02:29: TTY5: EXEC creation *Mar 1 02:02:32: %LINK-3-UPDOWN: Interface Async5, changed state to up 02:02:55: TTY5: Async Int reset: Dropping DTR 02:02:56: Async5: asking modem_process to hangup TTY5 02:02:56: TTY5: dropping DTR, hanging up 02:02:56: tty5: Modem: HANGUP-IDLE *Mar 1 02:02:57: %LINK-3-UPDOWN: Interface Async5, changed state to down 02:03:01: TTY5: restoring DTR 02:03:02: TTY5: autoconfigure probe started mit) does it a problem lie on the side of router or computer? i ues windows NT2000 5.00.2195 service pack 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9487t=9487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCN [7:9488]
Hi Group, Just finished Routing, pass mark 690, got 862. Thanks to lot of inputs given here and the kowledge shared by the experts... Gayathri Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9488t=9488 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCN [7:9489]
Hi Group, Just finished Routing, pass mark 690, got 862. Thanks a lot for the inputs given here and the knowledge shared by the experts... Sorry for the repeat post ...there were a lot of typo errors in the previous one. Gayathri Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9489t=9489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help!!!!!! [7:9490]
Dear All, I am installing a EM voice card for a VoIP case.After I connect it to the PABX,I can not hear the dial tone when i pick up the phone.Anyone know what may cause this problem? Thanks in advance! Aviva Chan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9490t=9490 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NetFlow Error [7:9491]
Hi 2 All We have received a abnormal situation, when we try to use NetFlow feature with external receiver: ip route-cache flow ip flow-export After that, router has been restarted with error message: signal= 0xb, code= 0x1200, context= 0x80931ef8 PC = 0x80150b74, Vector = 0x1200, SP = 0x809bb380 Some of tech-support: show version - System restarted by error - a SegV exception, PC 0x80150B74 at 16:09:27 EET Wed Jun 20 2001 -- show stacks -- Minimum process stacks: Free/Size Name 5644/6000 CDP Protocol 9880/12000 Init 5380/6000 RADIUS INITCONFIG 7872/9000 DHCP Client 9988/12000 Exec 9100/12000 Virtual Exec 10464/12000 TCP Remote Shell Interrupt level stacks: LevelCalled Unused/Size Name 140977623 7632/9000 Network interfaces 2 0 9000/9000 Timebase Reference Interrupt 3 0 9000/9000 PA Management Int Handler 62292 8884/9000 16552 Con/Aux Interrupt 736547843 8916/9000 MPC860 TIMER INTERRUPT System was restarted by error - a SegV exception, PC 0x80150B74 C2600 Software (C2600-I-M), Version 12.0(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) What kind of problem it is? And how we can fixed it? ___ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9491t=9491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fibre config question [7:9492]
We have an HP Procurve 4000M switch that we are trying to connect to a Cisco 3500 switch via a fiber link we are a tad clueless as how to set it all up (Never used fibre before). Just plugging the sucker (default settings on the HP) in does not even bring up a link light on the fiber card. Checked Cable and is is the right way round at both ends. The hp config is ok i'm just not sure about the 3500 config. Does anyone have an example config i can take a look at. Cheers George = George Dodds CCNA, MCP __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9492t=9492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what is loopback interface for ? [7:9493]
Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9493t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: please show me some newsgroup [7:9476]
comp.dcom.sys.cisco alt.certification.cisco HTH Dom. wang zhimin cc: Sent by: Subject: please show me some newsgroup [7:9476] nobody@groups tudy.com 22/06/2001 06:47 Please respond to wang zhimin Hi,would you show me some good newsgroup about Cisco. Thanks all. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9494t=9476 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Hub and Spoke [7:9268]
Guys, lets see how my ospf is going .. in this design goal i would have thought you would have done this hub and spokeat the hub you have say 1 router (3620) with one interface and 20 sub-interfaces... you also have 20 totally stubby area`s which connect into the hub... config each stub as area 1 through 20 setup each sub int as per area`s 1-20 then setup the lan int as area 0 this way you have one router (hub) which is in area 0 and all the other area`s aswell problem solved .. something tells me i`ve just either A got it right and am a genius B completely missed the point and broken every rule of ospf YOU DECIDE steve From: Chuck Larrieu Reply-To: Chuck Larrieu To: [EMAIL PROTECTED] Subject: RE: OSPF Hub and Spoke [7:9268] Date: Fri, 22 Jun 2001 01:15:31 -0400 John, this one's got me to thinking a little bit. Your kinda right but kinda wrong. The areas are an OSPF structure, used for the building of the SPF tables. It's not that inter area traffic has to go through a discreet area 0, but that in OSPF in order for an area to learn about routes to another area there has to be an area 0 router in between them. It does not matter if there are a number of interfaces that are ABR's, or if there is a discrete and pure area 0. With OSPF, all that matters is that the appropriate adjacencies are formed, and that the LSA's are processed and that the OSPF database is created. If all that occurs, OSPF routes will be placed into the routing tables. As far as the router itself is concerned, routing is independent of the routing protocols involved. I've fooled with this in the past. I'll have to do another QD lab to gather some evidence, and post it here over the weekend. In the meantime, for those interested in some in-depth discussion of routing, Howard's white paper on Certification Zone is definitely worth reading. I have not seen the likes of it in any other source, including Doyle ( although it has been too long since I've read Doyle ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Thursday, June 21, 2001 6:55 AM To:[EMAIL PROTECTED] Subject: Re: OSPF Hub and Spoke [7:9268] Yes, I'm replying to myself. While doing some reading it occurred to me why *not* extending area 0 across the WAN links should not work. In OSPF, unlike IS-IS, an area is defined by links, not routers. The rule states that interarea traffic must go through area 0. Well, if areas are defined by links, then this means that interarea traffic must at least go across one link that is defined as an area 0 link. In a hub-and-spoke environment with a single hub router, it seems to me that there just is no good way to use multiarea OSPF if you don't extend area 0 across the WAN links. At least, that's the way it appears at the moment. John | I'm having trouble wrapping my brain around a specific scenario and I | wanted to get your thoughts. Let's say we have a hub and spoke network | with a single router as the hub. There are five areas attached to the | backbone. It seems that we would have to extend area 0 across the WAN | links, but I'm wondering what would happen if we didn't. | | If we didn't, the backbone router would have no interfaces in area 0. | I'm wondering if this would cause some major problems. I bet that it | would but I'm having a hard time thinking through what actual problems | might arise. Would this backbone router just know that it was area 0 | because it has interfaces in multiple non-zero areas and hence behave | correctly? | | One obvious problem is that the backbone router would be a member of | every area and would thus be pretty busy if the network got to be very | big. If we extended area 0 across the WAN link the backbone router | would be protected from running SPF calculations everytime a remote area | had a link change. | | What other problems would arise? Would this even work at all? I don't | really have the tools to try it or I'd just attempt this chaos myself. | As you can guess, we run eigrp everywhere so I'm still clueless to some | of the workings of OSPF in a production environment. | | Regards, | John | | | | ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9495t=9268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Natting !!! [7:9496]
Hi all, A question about natting/patting. Can two duplicate private ip address communicate with each other over the internet. The example below assume there are two sites using the same private address of class b range and they happen to use duplicate ips. Client A Client B 172.16.1.1---PIX---Internet-PIX---Internet--- PIX150.150.1.1 Inthis example clientA is under a private site which is using a public ip address range of 150.150.1.1, which he had configured by himself, the range is not given by an ISP, he is connected to the internet by a firewall and he happens to access a site which has an public registered webserver from the same range 150.150.1.1, Will he able to connect to that webserver, Please explain if yes/no. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9496t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Natting !!! [7:9496]
I don't see why not. The address of Client A will get translated to a real Internet IP (by your NAT at Site A), then the packet will go to Site B, where it will be seen as any other internet addressed packet, and get translated by the NAT at Site B. I don't see why there would be any issue. Having said that, I know there are some applications (like ICQ) that won't let things that require a direct connection to happen (like file transfers) if both parties are behind NATs. (unless there is some fancy port forwarding, etc). My 2 cents. Mike W. Raees Ahmed Shaikh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, A question about natting/patting. Can two duplicate private ip address communicate with each other over the internet. The example below assume there are two sites using the same private address of class b range and they happen to use duplicate ips. Client A Client B 172.16.1.1---PIX---Internet-PIX ---Internet--- PIX150.150.1.1 Inthis example clientA is under a private site which is using a public ip address range of 150.150.1.1, which he had configured by himself, the range is not given by an ISP, he is connected to the internet by a firewall and he happens to access a site which has an public registered webserver from the same range 150.150.1.1, Will he able to connect to that webserver, Please explain if yes/no. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9497t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
A loopback is a logical interface that never goes down. It's used for various reasons (for setting up various kinds of tunnels, for setting who is the DR/BDR in OSPF, etc). It can be set to any valid IP in your network, not just private. Many people use the subnet mask 255.255.255.255 because that's the only way to assign a single IP to the lookback instead of using more than 1 IP address. Mike W. Susan Stone wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9498t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:9434]
Congratulations. -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... passed. whew! relief! CCIE Written candidates... the following are what to watch out for: parameters around EtherChannel/Fast Etherchannel Performance management router commands (queuing and traffic shaping) BGP (as usual) OSPF (especially inter-area stuff) tricky questions around bridging (lots of SRB/RSRB/DLSw) Cisco-specific ATM questions the normal multiservice questions (H.323 and Erlang) obscure facts about IPX-RIP routing behavior and updates config-reg stuff TCP/IP protocol-specific questions I used Caslow, the Que 350-001 study guide, CCPrep.com exam guide, and lots of Cisco webpages. There were a few questions that caught me off-guard, and I'm highly recommending that you use the CCIE Blueprint as your guide and check off the subjects as you develop your expertise. My spreadsheet (based on the blueprint) helped some, as did my immense study of Token Ring bridging, but I can assure you that there will be questions there that will make you ask huh? -e- PS - thanks to Nathan, Bri@sonicboom, and the rest of the list for your encouragement EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm scheduled to retake the CCIE Written (fater a 1-1/2 year break) on Wednesday - I've been watching the discussions on the list and they have been really helpful. I'll be taking a LOT of pre-tests between now and then, and any help that you all would provide would be greatly appreciated. And of course, your encouragement is already strongly felt!! thx -e- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9499t=9434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Natting !!! [7:9500]
Hi again, The first email seemed to lose formatting sorry about that clienta(172.16.1.1)--PIX---internet-PIXclientb(172.16.1.1) the second example client1(150.150.1.1)---PIXinternet--PIX-Webserver(150.150.1.1) Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9500t=9500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Natting !!! [7:9496]
Thanks for the reply Micheal what about the second option Clienta(150.150.1.1)PIXINTERNET(Webserver 150.150.1.1) Sorry the example which I quoted earlier carried a pix on the otherside aswell but I mean a host on the internet. thanks -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Fri, June 22, 2001 2:48 PM To: [EMAIL PROTECTED] Subject: Re: Natting !!! [7:9496] I don't see why not. The address of Client A will get translated to a real Internet IP (by your NAT at Site A), then the packet will go to Site B, where it will be seen as any other internet addressed packet, and get translated by the NAT at Site B. I don't see why there would be any issue. Having said that, I know there are some applications (like ICQ) that won't let things that require a direct connection to happen (like file transfers) if both parties are behind NATs. (unless there is some fancy port forwarding, etc). My 2 cents. Mike W. Raees Ahmed Shaikh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, A question about natting/patting. Can two duplicate private ip address communicate with each other over the internet. The example below assume there are two sites using the same private address of class b range and they happen to use duplicate ips. Client A Client B 172.16.1.1---PIX---Internet-PIX ---Internet--- PIX150.150.1.1 Inthis example clientA is under a private site which is using a public ip address range of 150.150.1.1, which he had configured by himself, the range is not given by an ISP, he is connected to the internet by a firewall and he happens to access a site which has an public registered webserver from the same range 150.150.1.1, Will he able to connect to that webserver, Please explain if yes/no. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9501t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Natting !!! [7:9496]
I think the site with the illegal address scheme will be able to access the internet, but they won't be able to access any of the sites with the same IP addresses. For example if one of your workstations is assigned 150.150.1.1/16 and there is a web site with 150.150.1.1/24 and you send a ping from a workstation with 150.150.1.2/16, you will get the reply from the other workstation and not the web site. The best thing to do is have the customer with the illegal address scheme re-number to a private network number, unless they are never going to access the internet sites in the 150.150.0.0/16 subnet. I don't see why not. The address of Client A will get translated to a real Internet IP (by your NAT at Site A), then the packet will go to Site B, where it will be seen as any other internet addressed packet, and get translated by the NAT at Site B. I don't see why there would be any issue. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9502t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Natting !!! [7:9496]
After looking at your second diagram, I think double natting would work. The only problem is why would the person with the legal IP numbers NAT them? I would put my legal numbers outside of the NAT on the DMZ and use private numbers behind the PIX. _ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think the site with the illegal address scheme will be able to access the internet, but they won't be able to access any of the sites with the same IP addresses. For example if one of your workstations is assigned 150.150.1.1/16 and there is a web site with 150.150.1.1/24 and you send a ping from a workstation with 150.150.1.2/16, you will get the reply from the other workstation and not the web site. The best thing to do is have the customer with the illegal address scheme re-number to a private network number, unless they are never going to access the internet sites in the 150.150.0.0/16 subnet. I don't see why not. The address of Client A will get translated to a real Internet IP (by your NAT at Site A), then the packet will go to Site B, where it will be seen as any other internet addressed packet, and get translated by the NAT at Site B. I don't see why there would be any issue. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9503t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Config Register Weirdness, again... [7:9181]
I have fixed my 2620 by replacing the NVRAM chip 28c256N20, on mine it is U23 located on the mother board next to the BootROM. It is no more difficult to replace than a BootRom it is a 32 pin PLCC device and on a hardware 1.2 rev B0 (pn 73-2843-07) it is in a socket. Check on yours first, on older routers it was soldered to the mother board and replacement is non-trivial. You must follow normal antistatic precautions and take care when removing the chip. BTW the chip costs about #25 inc. vat and carriage from any of the major component suppliers in the UK. But make sure that you get an 'N' or 'J' version. They are 32 pin PLCC others are different form factors. In article , Peter Whittle writes Check if your NVRAM is ok. I have a similar problem on a 2620. But in my case it is more obvious as whenever you attempt to 'wr' to copy the running to start config you get an error diagnostic. Failed to write environment to NVRAM. The copy itself seems to work ok. As far as I can see the 28C256N-20 NVRAM chip is u/s? There are also some known issues with 11.3(2)xa4 and NVRAM handling. BTW I also get the same error if I attempt a 'sync' command from rommon to save the environment to NVRAM. Peter In article , EA Louie writes - Original Message - From: John Neiberger To: Sent: Wednesday, June 20, 2001 7:46 AM Subject: Config Register Weirdness, again... [7:9181] Okay, what's the deal here? Look at this output: Configuration register is 0x2102 (will be 0x4000 at next reload) RARAP#conf t Enter configuration commands, one per line. End with CNTL/Z. RARAP(config)#config-reg 0x2102 RARAP(config)#end RARAP#sho ver Cisco Internetwork Operating System Software [lotsa trimming] Configuration register is 0x2102 (will be 0x3922 at next reload) Why is the config register going to reload at 0x3922?? I just set the darn thing to 0x2102 and you can see that change occurred. I was trying to get rid of the 'will be 0x4000 at next reload'. I have no idea why that was there to begin with but it should not be there. Is this something that I'll have to fix from the console port? I can't reload the router because it was put into production this morning. Why is it set to 0x3922? I'm guessing that the guy who installed this was playing around with the confreg utility in rommon and we'll have to go back to rommon to fix it. Any ideas? GREMLINS, or 2102 instead of 0x2102, or it's broken go in and config it *again* for config-reg 0x2102 and see if sh ver gives you yet another value 'at next reload' - maybe the config-reg statement on *your* router is really a random-number generator... :-) -e- Thanks, John html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- Peter Whittle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9504t=9181 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FlashCard/PIX520 Needed! [7:9505]
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Possible to span trunking port? [7:9506]
Hey all Just wondering if anyone knows if it is possible to span a trunking port on a 2924XL switch?? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9506t=9506 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX versus Trunking [7:9508]
I would like to connect some routers to a PIX Firewall Series (from 1997) running version 4.1 as shown : --- customer-- R1 ---| | customer-- R2 ---| | customer-- R3 ---| | . | | (trunking) . | Catalyst 1900 | -- PIX . |or 2900 | | | . | | customer---Rn--- | | -- I imagined that would be possible to build VLANs, one to each router, and make usage of a trunking port connect to the PIX Firewall. Someone could tell me if it is a good solution for security ? The ethernet ports and this software version of the PIX Firewall support the trunking protocols ISL and 802.1q ? Joco Paulo Simionato - CCNA CSCO10255826 Support Trainee Analyst Worldwide Customer Services - NCR Brazil *+55+11+33471172 *V+ 385 1172 * mailto:[EMAIL PROTECTED] Visit our web-site : www.ncr.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9508t=9508 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VIP4-80 help [7:9397]
I am using 12.1.6 IOS. I actually have 2 VIP4-80s in the box, one is working fine, the other one is causing me the problem. I appreciate all the input I have received, but I am starting to wonder if this is a hardware problem, or if I can just reload the pertinent information. Thanks. Steve -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 3:19 PM To: Donohue, Steve; [EMAIL PROTECTED] Subject: Re: VIP4-80 help [7:9397] What IOS release are you running? We implemented two of these, one each in a 7513 and a 7505 to be able to use OC12 PA. The search for an IOS that would run everything is still not over. It seems that there is a bug with the Vip4-80 and OC12 PA. Tac is working on it. Kevin Wigle - Original Message - From: Donohue, Steve To: Sent: Thursday, June 21, 2001 2:25 PM Subject: VIP4-80 help [7:9397] Hey Gang, I am wondering if anyone out there has had any problem with the VIP4-80s for 7500 router. I currently am unable to get the VIP recognized by the router. When I look at the diagbus for that slot I receive the following information. Slot 5: Physical slot 5, ~physical slot 0xA, logical slot 5, CBus 0 Internal Instruction Error, Microcode Status 0x0 Master Enable, LED, WCS DBUS Cmd Enable, WCS Loading, WCS Loaded Board is disabled Pending I/O Status: None EEPROM format version 1 VIP4-80 RM7000 controller, HW rev 2.01, board revision A0 Serial number: 18547357 Part number: 73-3143-03 Test history: 0x00RMA number: 00-00-00 Flags: cisco 7000 board; 7500 compatible EEPROM contents (hex): 0x20: 01 22 02 01 01 1B 02 9D 49 0C 47 03 00 00 00 00 0x30: 50 05 35 00 00 00 00 00 00 00 00 00 00 00 00 00 Slot database information: Flags: 0x201Insertion time: 0x8AE0 (00:18:14 ago) VIP Controller Memory Size: Unknown How do I get this VIP to be analyized, enabled, memory recognized, and the Microcode status to 0X4? Any help would be greatly appreciated. Thanks. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9507t=9397 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Subnet usage [7:9509]
Got a question re: subnet usage. I'm using /30 to subnet 10.100.1.x so that I only have two addresses per subnet. The question is, there will be approximately subnets and two hosts per subnet if I subnet it this way. Now, does it make sense to scatter these subnets everywhere (Site 1, Site 2, Site 3 ... Site X or should I keep it at one site and use the other subnets on that for other use at that site? _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9509t=9509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Accessories for sale [7:9510]
I have following items for sale. a) 4 Pairs of Rack Mount Kit - 2500 series - USD.7 Each b) Two 4MB Flash Intel - 2500 series - USD.20 Each c) 4 Black Box Media Filters - USD.6 Each d) 1 Type 3 Media Filter - USD.6 e) 4 LAN UPT Cat 5 Patch Cable - USD.2 Each If it interests anybody contact me directly. Pls note shipping will be extra. TX / RamG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9510t=9510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7505 and 6509 port-channel/trunk ? [7:9512]
I have a 7505 connected to a 6509 via a 100mb port-channel. This connection is trunked on the 6509 side with ISL. When I change the trunk to 802.1q, I lose connection to the 7505. What needs to be done on the 7505 to allow the 802.1q trunk to exist? Do I need to tear down the port-channel on the 7505 and re-create? Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9512t=9512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: duplex for WAN connection ? [7:9462]
Yes, WAN connections are almost always full duplex. I say almost because there are probably some that I'm not aware of that are half duplex. John Justin Vo 6/21/01 7:49:29 PM Hi all, I need to verify to see if the WAN connection is somewhat full-duplex ? another word, for a 64kbps WAN connection, do I have 64K incoming and another 64 K outgoing or the total of incoming and outgoing is 64 Kbps ? Much thanks Justin Vo [EMAIL PROTECTED] Network Adminsitrator Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9514t=9462 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX versus Trunking [7:9508]
You can't trunk to a PIX, it doesn't have that capabilities. You need a router between the switch and the pix to handle your routing. HTH, Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simionato, Joao Sent: Friday, June 22, 2001 9:43 AM To: [EMAIL PROTECTED] Subject: PIX versus Trunking [7:9508] I would like to connect some routers to a PIX Firewall Series (from 1997) running version 4.1 as shown : --- customer-- R1 ---| | customer-- R2 ---| | customer-- R3 ---| | . | | (trunking) . | Catalyst 1900 | -- PIX . |or 2900 | | | . | | customer---Rn--- | | -- I imagined that would be possible to build VLANs, one to each router, and make usage of a trunking port connect to the PIX Firewall. Someone could tell me if it is a good solution for security ? The ethernet ports and this software version of the PIX Firewall support the trunking protocols ISL and 802.1q ? Joco Paulo Simionato - CCNA CSCO10255826 Support Trainee Analyst Worldwide Customer Services - NCR Brazil *+55+11+33471172 *V+ 385 1172 * mailto:[EMAIL PROTECTED] Visit our web-site : www.ncr.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9513t=9508 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnet usage [7:9509]
First, some assumptions: 1. You are starting with a single /24 subnet of major network 10.0.0.0 (10.100.1.0/24) and creating 64 2-host subnets. 2. Since you are now variably subnetting, you must be using a classless routing protocol supporting VLSM (OSPF, EIGRP, etc.). 3. This is for INTERNAL deployment (i.e., behind a NAT) or across private circuits not directly accessing the internet. These 2-host subnets are generally created to provision point-to-point circuits like Frame Relay PVCs. The general rule of thumb is to cluster your network numbers as geographically (wierd looking word!) as possible to permit aggregation /summarization. In other words, make the subnets contiguous. If you are creating a hub and spoke cloud, these subnets would appear contiguous at the hub, and spoke to spoke traffic would also see the cloud as a contiguous block. If you are creating a full mesh arrangement the interconnecting circuits are still contiguous within the cloud. In a partial mesh, be careful to cluster the subnets into common regions so summarization can be achieved. The issue is also how the other subnets are disbursed. You want to keep the numbers as contiguous as possible. Your sites may have the /24 subnets spread around as well so check to see that connected sites reachable via a common path share contiguous networks if possible. All this contiguous-ness facilitates reducing the size of routing tables (efficiency) and enhancing stability of the routing process via summarization. I'm sure there are other issues not addressed here, but check around for articles on VLSM and WAN design, maybe Caslow's book, or a BSCN or BCRAN Study guide, etc., and look for other suggestions. Hope this is helpful... Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9515t=9509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Hub and Spoke [7:9268]
Yep, you are correct. I see now that as long as non-zero areas receive LSAs from a router configured as area zero, then the routing tables will be built and all should be well. This makes more sense to me, anyway, but some of what I've read made the waters murkier rather than clearer. How many times have you read All interarea traffic must go through area zero ? I've read that in several places. It's almost true, but not if you want to split hairs, especially since OSPF defines areas as links, not routers. It should read that for loop-free routing to take place, all non-zero areas must connect to area zero only. This is more correct and doesn't imply that interarea traffic must cross an area zero link. Does that sounds about right? :-) Chuck Larrieu 6/21/01 11:15:31 PM John, this one's got me to thinking a little bit. Your kinda right but kinda wrong. The areas are an OSPF structure, used for the building of the SPF tables. It's not that inter area traffic has to go through a discreet area 0, but that in OSPF in order for an area to learn about routes to another area there has to be an area 0 router in between them. It does not matter if there are a number of interfaces that are ABR's, or if there is a discrete and pure area 0. With OSPF, all that matters is that the appropriate adjacencies are formed, and that the LSA's are processed and that the OSPF database is created. If all that occurs, OSPF routes will be placed into the routing tables. As far as the router itself is concerned, routing is independent of the routing protocols involved. I've fooled with this in the past. I'll have to do another QD lab to gather some evidence, and post it here over the weekend. In the meantime, for those interested in some in-depth discussion of routing, Howard's white paper on Certification Zone is definitely worth reading. I have not seen the likes of it in any other source, including Doyle ( although it has been too long since I've read Doyle ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Thursday, June 21, 2001 6:55 AM To: [EMAIL PROTECTED] Subject:Re: OSPF Hub and Spoke [7:9268] Yes, I'm replying to myself. While doing some reading it occurred to me why *not* extending area 0 across the WAN links should not work. In OSPF, unlike IS-IS, an area is defined by links, not routers. The rule states that interarea traffic must go through area 0. Well, if areas are defined by links, then this means that interarea traffic must at least go across one link that is defined as an area 0 link. In a hub-and-spoke environment with a single hub router, it seems to me that there just is no good way to use multiarea OSPF if you don't extend area 0 across the WAN links. At least, that's the way it appears at the moment. John | I'm having trouble wrapping my brain around a specific scenario and I | wanted to get your thoughts. Let's say we have a hub and spoke network | with a single router as the hub. There are five areas attached to the | backbone. It seems that we would have to extend area 0 across the WAN | links, but I'm wondering what would happen if we didn't. | | If we didn't, the backbone router would have no interfaces in area 0. | I'm wondering if this would cause some major problems. I bet that it | would but I'm having a hard time thinking through what actual problems | might arise. Would this backbone router just know that it was area 0 | because it has interfaces in multiple non-zero areas and hence behave | correctly? | | One obvious problem is that the backbone router would be a member of | every area and would thus be pretty busy if the network got to be very | big. If we extended area 0 across the WAN link the backbone router | would be protected from running SPF calculations everytime a remote area | had a link change. | | What other problems would arise? Would this even work at all? I don't | really have the tools to try it or I'd just attempt this chaos myself. | As you can guess, we run eigrp everywhere so I'm still clueless to some | of the workings of OSPF in a production environment. | | Regards, | John | | | | ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9516t=9268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: please show me some newsgroup [7:9476]
This one has it's merits: News.groupstudy.com :- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of wang zhimin Sent: Thursday, June 21, 2001 10:47 PM To: [EMAIL PROTECTED] Subject:please show me some newsgroup [7:9476] Hi,would you show me some good newsgroup about Cisco. Thanks all. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9517t=9476 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Appletalk config. error, why?? [7:9478]
I was just configuring appletalk last night for the first time and I noticed that changes took a while to take effect. In Priscilla's CertificationZone paper she suggests shutting down appletalk on all affected interfaces when you're making changes. When you're completely finished making your changes, wait four or five minutes and then bring the interfaces back up. Then wait a little while longer and hopefully all will be well if you've double-checked your cable ranges and zone names. The error you're seeing appears to say that you have another router connected to the ethernet interface of R3, cable range 300-310, and the zone names don't match exactly. Check that you have zones configured on both routers and that they match *exactly*. One thing that might help troubleshooting is to specify the node address of your router interfaces. I don't know how common that is in the real world but I found it made things easier last night. Priscilla? Any other thoughts here? :-) Regards, John cisco guru 6/22/01 12:32:07 AM Hi, I configured 6 routers with appltalk routing and igrp. R1 has a cable range of 100-110 on E0 and a zone of CCIE1 and a cable-range of 1000-1000 and a zone of WAN for S0. R2 has a cable range of 200-210 on E0 and zone of CCIE2 and a cable-range of 1000-1000 and a zone of WAN for S0. R-3 - 300-310 for E0 etc. etc. till R6 - 600-610 The wan zones are all called WAN and the lan zones are unique.EG. CCIE# On R6 I get the following error msg. %AT-3-ZONEDISAGREE: Ethernet 0: AppleTalk interface disabled;zone list incompatible with 303.6 Also when I do a sh apple route, I don't see any other appl networks. On R1 I can see some apple networks and same on R2. What am I doing wrong? Are the zone names configured right? How about the cable ranges? Are they valid? Sorry, no clue about AT routing :-( Would someone please advise on how to fix this problem? Thank you. Kind regards. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9518t=9478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnet usage [7:9509]
There is a very good chapter on subnetting / addressing in Clare Gough's ACRC Exam Certification Guide ( Cisco Press ) Her approach is hierarchical. Region - campus - building - floor - hosts She then takes a subnet out of the appropriate level, and uses that for the WAN connection numbering. Even though there is no ACRC any longer, the Gough book is still worth wrestling with. And my offer still stands. I'm buying dinner for Clare and a guest of her choice in thanks for all the help I got when I was struggling with the ACRC last year. ;- Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of SH Wesson Sent: Friday, June 22, 2001 6:47 AM To: [EMAIL PROTECTED] Subject:Subnet usage [7:9509] Got a question re: subnet usage. I'm using /30 to subnet 10.100.1.x so that I only have two addresses per subnet. The question is, there will be approximately subnets and two hosts per subnet if I subnet it this way. Now, does it make sense to scatter these subnets everywhere (Site 1, Site 2, Site 3 ... Site X or should I keep it at one site and use the other subnets on that for other use at that site? _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9519t=9509 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Hub and Spoke [7:9268]
I don't know about the genius part. :-) But, you've described the initial scenario I was asking about. In my original post I wasn't suggesting that this would be a good design by any means. I simply was wondering if it was possible and how you'd configure it. In this particular case, the hub router is participating in 20 areas which would cause it to be very busy, especially if the network wasn't very stable. It would be better to extend area zero across the WAN links to insulate the hub router from any instability in the outlying areas. John Stephen Skinner 6/22/01 4:50:10 AM Guys, lets see how my ospf is going .. in this design goal i would have thought you would have done this hub and spokeat the hub you have say 1 router (3620) with one interface and 20 sub-interfaces... you also have 20 totally stubby area`s which connect into the hub... config each stub as area 1 through 20 setup each sub int as per area`s 1-20 then setup the lan int as area 0 this way you have one router (hub) which is in area 0 and all the other area`s aswell problem solved .. something tells me i`ve just either A got it right and am a genius B completely missed the point and broken every rule of ospf YOU DECIDE steve From: Chuck Larrieu Reply-To: Chuck Larrieu To: [EMAIL PROTECTED] Subject: RE: OSPF Hub and Spoke [7:9268] Date: Fri, 22 Jun 2001 01:15:31 -0400 John, this one's got me to thinking a little bit. Your kinda right but kinda wrong. The areas are an OSPF structure, used for the building of the SPF tables. It's not that inter area traffic has to go through a discreet area 0, but that in OSPF in order for an area to learn about routes to another area there has to be an area 0 router in between them. It does not matter if there are a number of interfaces that are ABR's, or if there is a discrete and pure area 0. With OSPF, all that matters is that the appropriate adjacencies are formed, and that the LSA's are processed and that the OSPF database is created. If all that occurs, OSPF routes will be placed into the routing tables. As far as the router itself is concerned, routing is independent of the routing protocols involved. I've fooled with this in the past. I'll have to do another QD lab to gather some evidence, and post it here over the weekend. In the meantime, for those interested in some in-depth discussion of routing, Howard's white paper on Certification Zone is definitely worth reading. I have not seen the likes of it in any other source, including Doyle ( although it has been too long since I've read Doyle ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Thursday, June 21, 2001 6:55 AM To:[EMAIL PROTECTED] Subject: Re: OSPF Hub and Spoke [7:9268] Yes, I'm replying to myself. While doing some reading it occurred to me why *not* extending area 0 across the WAN links should not work. In OSPF, unlike IS-IS, an area is defined by links, not routers. The rule states that interarea traffic must go through area 0. Well, if areas are defined by links, then this means that interarea traffic must at least go across one link that is defined as an area 0 link. In a hub-and-spoke environment with a single hub router, it seems to me that there just is no good way to use multiarea OSPF if you don't extend area 0 across the WAN links. At least, that's the way it appears at the moment. John | I'm having trouble wrapping my brain around a specific scenario and I | wanted to get your thoughts. Let's say we have a hub and spoke network | with a single router as the hub. There are five areas attached to the | backbone. It seems that we would have to extend area 0 across the WAN | links, but I'm wondering what would happen if we didn't. | | If we didn't, the backbone router would have no interfaces in area 0. | I'm wondering if this would cause some major problems. I bet that it | would but I'm having a hard time thinking through what actual problems | might arise. Would this backbone router just know that it was area 0 | because it has interfaces in multiple non-zero areas and hence behave | correctly? | | One obvious problem is that the backbone router would be a member of | every area and would thus be pretty busy if the network got to be very | big. If we extended area 0 across the WAN link the backbone router | would be protected from running SPF calculations everytime a remote area | had a link change. | | What other problems would arise? Would this even work at all? I don't | really have the tools to try it or I'd just attempt this chaos myself. | As you can guess, we run eigrp everywhere so I'm still clueless to some | of the workings of OSPF in a production environment. | | Regards, | John | | | | ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
RE: 7505 and 6509 port-channel/trunk ? [7:9512]
I don't believe you have to tear it down, just change the encapsulation from ISL to 802.1q. HTH, Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lopez, Robert Sent: Friday, June 22, 2001 10:17 AM To: [EMAIL PROTECTED] Subject: 7505 and 6509 port-channel/trunk ? [7:9512] I have a 7505 connected to a 6509 via a 100mb port-channel. This connection is trunked on the 6509 side with ISL. When I change the trunk to 802.1q, I lose connection to the 7505. What needs to be done on the 7505 to allow the 802.1q trunk to exist? Do I need to tear down the port-channel on the 7505 and re-create? Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9523t=9512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list [7:9292]
Last comment, now that I have finished the lawn and re-read the complete question: I sent this to one of the respondents earlier and thought I might complete the circle here. The issue was that telnet worked from Router B into the 10.0.0.0 network. As cheekin states correctly, ACLs will not inspect packets generated ON Router B, only packets travelling through the router, so telnet FROM Router B is possible. To prevent this, you must use the vty filter (and obviously then control administrative access to Router B). Commands are entered on Router B: To prevent telnet FROM Router B into the 10.0.0.0 network: access-list 10 deny 10.0.0.0 0.255.255.255 line vty 0 4 access-class 10 OUT (inspects destination IP address) To prevent telnet INTO Router B: access-list 10 deny 10.0.0.0 0.255.255.255 line vty 0 4 access-class 10 IN (inspects source IP address) Last comment: VTY filter should be applied consistently to ALL vty lines configured (5 is default). If you have 10 lines, then apply to line vty 0 9. Cheers... Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9521t=9292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written [7:9484]
Hi It follows the blue print very well, however it does not have a great deal of depth. It is a good starting point, but you will need to supplement it with other sources. HTH -- John Hardman CCNP MCSE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How good is the Que 350-001 study guide, it goes after the CCIE Blueprint ? Regards, Tarry -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 11:58 PM To: [EMAIL PROTECTED] Subject: CCIE Written [7:9434] passed. whew! relief! CCIE Written candidates... the following are what to watch out for: parameters around EtherChannel/Fast Etherchannel Performance management router commands (queuing and traffic shaping) BGP (as usual) OSPF (especially inter-area stuff) tricky questions around bridging (lots of SRB/RSRB/DLSw) Cisco-specific ATM questions the normal multiservice questions (H.323 and Erlang) obscure facts about IPX-RIP routing behavior and updates config-reg stuff TCP/IP protocol-specific questions I used Caslow, the Que 350-001 study guide, CCPrep.com exam guide, and lots of Cisco webpages. There were a few questions that caught me off-guard, and I'm highly recommending that you use the CCIE Blueprint as your guide and check off the subjects as you develop your expertise. My spreadsheet (based on the blueprint) helped some, as did my immense study of Token Ring bridging, but I can assure you that there will be questions there that will make you ask huh? -e- PS - thanks to Nathan, Bri@sonicboom, and the rest of the list for your encouragement EA Louie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm scheduled to retake the CCIE Written (fater a 1-1/2 year break) on Wednesday - I've been watching the discussions on the list and they have been really helpful. I'll be taking a LOT of pre-tests between now and then, and any help that you all would provide would be greatly appreciated. And of course, your encouragement is already strongly felt!! thx -e- -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- GMX Tipp: Machen Sie Ihr Hobby zu Geld bei unserem Partner 11! http://profiseller.de/info/index.php3?ac=OM.PS.PS003K00596T0409a Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9522t=9484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CIT Coursebook to use with ISBN [7:9524]
Team, Can someone provide me with the ISBN number of the CIT books they used to pass this exam. Just want to make sure I get the correct textbook for this monster. Thanks Regards, Travis Bolton Network Engineer II CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9524t=9524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Hub and Spoke [7:9268]
Agreed that there are few if any written materials that do a decent job of explaining how OSPF works and why. Disclaimer - I have not read Tom Thomas' book. But I have read a number of others, including the RFC. Plus my Lab prep work. One problem is that most of us don't understand the difference between routing and routing protocols. Routing protocols are one means, but only means, of getting routes into the routing table. Routing forwards or drops packets based on the contents of the routing table. Lack of understanding of how and why OSPF operates can lead to question like when there is a virtual link connecting a discontiguous area to the backbone, does traffic travel across the transit area to the backbone, and then back into the transit area? Area_2area_1--area_0 If there is a virtual link from area 2 into the backbone, does traffic bound for area 1 from area two have to go to area 0 first? The answer is two fold. The area 2/area abr is now part of area 0. This allows area 2 to learn about area 1 routes. And secondly, when a router receives a packet, it is the routing process ( not the routing protocols ) that determine the forwarding. Another question - do OSPF area numbers have to be unique? Answer is no they don't. in a multiple area network, as long as there is an area 0, all other areas can have the same number. there is nothing in an LSA that identifies a route with an area. A corollary of this is that in a single area network, there does not have to be an area 0. Why? Got a good one. Do virtual links have to be point to point? Area_3-area_2area_1--area_0 You can create a virtual link from area 3 to area 2 and a second link from area 2 to area 0 - it works. Good example of this in Slattery's book. Over time I have come to appreciate the Cert zone / Berkowitz approach, which is to attain understanding of how things work. one might be surprised at the number of people with very high level certification who can make, but who don't know why it works. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Friday, June 22, 2001 7:32 AM To: [EMAIL PROTECTED] Subject:RE: OSPF Hub and Spoke [7:9268] Yep, you are correct. I see now that as long as non-zero areas receive LSAs from a router configured as area zero, then the routing tables will be built and all should be well. This makes more sense to me, anyway, but some of what I've read made the waters murkier rather than clearer. How many times have you read All interarea traffic must go through area zero ? I've read that in several places. It's almost true, but not if you want to split hairs, especially since OSPF defines areas as links, not routers. It should read that for loop-free routing to take place, all non-zero areas must connect to area zero only. This is more correct and doesn't imply that interarea traffic must cross an area zero link. Does that sounds about right? :-) Chuck Larrieu 6/21/01 11:15:31 PM John, this one's got me to thinking a little bit. Your kinda right but kinda wrong. The areas are an OSPF structure, used for the building of the SPF tables. It's not that inter area traffic has to go through a discreet area 0, but that in OSPF in order for an area to learn about routes to another area there has to be an area 0 router in between them. It does not matter if there are a number of interfaces that are ABR's, or if there is a discrete and pure area 0. With OSPF, all that matters is that the appropriate adjacencies are formed, and that the LSA's are processed and that the OSPF database is created. If all that occurs, OSPF routes will be placed into the routing tables. As far as the router itself is concerned, routing is independent of the routing protocols involved. I've fooled with this in the past. I'll have to do another QD lab to gather some evidence, and post it here over the weekend. In the meantime, for those interested in some in-depth discussion of routing, Howard's white paper on Certification Zone is definitely worth reading. I have not seen the likes of it in any other source, including Doyle ( although it has been too long since I've read Doyle ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Thursday, June 21, 2001 6:55 AM To: [EMAIL PROTECTED] Subject:Re: OSPF Hub and Spoke [7:9268] Yes, I'm replying to myself. While doing some reading it occurred to me why *not* extending area 0 across the WAN links should not work. In OSPF, unlike IS-IS, an area is defined by links, not routers. The rule states that interarea traffic must go through area 0. Well, if areas are defined by links, then this means that interarea traffic must at least go across one link that is defined as an area 0 link. In a hub-and-spoke environment with a single hub router, it seems to me that there just is no good way to use
Default gateway [7:9528]
HI , We have about 10 3500XL switches and a catalyst 6006 switch with MSFC. There is a 4500 router for internet access . I am confused as what should be the default gateway on the 3500XL should be ? Should it be the vlan interfaces of the MSFC ? Or the ethernet interface of the router 4500 ? If not then what is the purpose of having default gateway on the switch ? Please help ? Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9528t=9528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Hub and Spoke [7:9268]
thank you ,my learn-ed friends. it seems asif i am finally getting it From: John Neiberger Reply-To: John Neiberger To: [EMAIL PROTECTED] Subject: RE: OSPF Hub and Spoke [7:9268] Date: Fri, 22 Jun 2001 10:46:15 -0400 I don't know about the genius part. :-) But, you've described the initial scenario I was asking about. In my original post I wasn't suggesting that this would be a good design by any means. I simply was wondering if it was possible and how you'd configure it. In this particular case, the hub router is participating in 20 areas which would cause it to be very busy, especially if the network wasn't very stable. It would be better to extend area zero across the WAN links to insulate the hub router from any instability in the outlying areas. John Stephen Skinner 6/22/01 4:50:10 AM Guys, lets see how my ospf is going .. in this design goal i would have thought you would have done this hub and spokeat the hub you have say 1 router (3620) with one interface and 20 sub-interfaces... you also have 20 totally stubby area`s which connect into the hub... config each stub as area 1 through 20 setup each sub int as per area`s 1-20 then setup the lan int as area 0 this way you have one router (hub) which is in area 0 and all the other area`s aswell problem solved .. something tells me i`ve just either A got it right and am a genius B completely missed the point and broken every rule of ospf YOU DECIDE steve From: Chuck Larrieu Reply-To: Chuck Larrieu To: [EMAIL PROTECTED] Subject: RE: OSPF Hub and Spoke [7:9268] Date: Fri, 22 Jun 2001 01:15:31 -0400 John, this one's got me to thinking a little bit. Your kinda right but kinda wrong. The areas are an OSPF structure, used for the building of the SPF tables. It's not that inter area traffic has to go through a discreet area 0, but that in OSPF in order for an area to learn about routes to another area there has to be an area 0 router in between them. It does not matter if there are a number of interfaces that are ABR's, or if there is a discrete and pure area 0. With OSPF, all that matters is that the appropriate adjacencies are formed, and that the LSA's are processed and that the OSPF database is created. If all that occurs, OSPF routes will be placed into the routing tables. As far as the router itself is concerned, routing is independent of the routing protocols involved. I've fooled with this in the past. I'll have to do another QD lab to gather some evidence, and post it here over the weekend. In the meantime, for those interested in some in-depth discussion of routing, Howard's white paper on Certification Zone is definitely worth reading. I have not seen the likes of it in any other source, including Doyle ( although it has been too long since I've read Doyle ) Chuck -Original Message- From:[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent:Thursday, June 21, 2001 6:55 AM To: [EMAIL PROTECTED] Subject: Re: OSPF Hub and Spoke [7:9268] Yes, I'm replying to myself. While doing some reading it occurred to me why *not* extending area 0 across the WAN links should not work. In OSPF, unlike IS-IS, an area is defined by links, not routers. The rule states that interarea traffic must go through area 0. Well, if areas are defined by links, then this means that interarea traffic must at least go across one link that is defined as an area 0 link. In a hub-and-spoke environment with a single hub router, it seems to me that there just is no good way to use multiarea OSPF if you don't extend area 0 across the WAN links. At least, that's the way it appears at the moment. John | I'm having trouble wrapping my brain around a specific scenario and I | wanted to get your thoughts. Let's say we have a hub and spoke network | with a single router as the hub. There are five areas attached to the | backbone. It seems that we would have to extend area 0 across the WAN | links, but I'm wondering what would happen if we didn't. | | If we didn't, the backbone router would have no interfaces in area 0. | I'm wondering if this would cause some major problems. I bet that it | would but I'm having a hard time thinking through what actual problems | might arise. Would this backbone router just know that it was area 0 | because it has interfaces in multiple non-zero areas and hence behave | correctly? | | One obvious problem is that the backbone router would be a member of | every area and would thus be pretty busy if the network got to be very | big. If we extended area 0 across the WAN link the backbone router | would be protected from running SPF calculations everytime a remote area | had a link change. | | What other problems would arise? Would this even work at all? I don't | really have the tools to try it or I'd just attempt
RE: about callback [7:9487]
From the debug output, it appears that callback was successful. I believe the problem is with Win2k. Check the Event viewer, and modem log. LLC negotiation can also be problematic. CM -Original Message- From: Eric ding To: [EMAIL PROTECTED] Sent: 22/06/01 09:09 Subject: about callback [7:9487] i want to implement async-ppp callback between an access server and a pc,also i read the following url: http://www.cisco.com/warp/customer/793/access_dial/async_ppp.html and apple it to my access router and laptop. i doesn't work! the debug output is as follow: .. (omit) .. (o02:01:03: TTY5 Callback process initiated, user: callback dialstring 85313850 02:01:11: TTY5 Callback forced wait = 30 seconds 02:01:41: CHAT5: Asserting DTR 02:01:41: CHAT5: Chat script offhook started 02:01:41: CHAT5: Chat script offhook finished, status = Success 02:01:41: CHAT5: Asserting DTR 02:01:41: CHAT5: Chat script callback started 02:02:29: CHAT5: Chat script callback finished, status = Success 02:02:29: TTY5 Exec Callback Successful - await exec/autoselect pickup 02:02:29: TTY5: DSR came up 02:02:29: TTY5: Callback in effect 02:02:29: tty5: Modem: IDLE-READY 02:02:29: TTY5: EXEC creation *Mar 1 02:02:32: %LINK-3-UPDOWN: Interface Async5, changed state to up 02:02:55: TTY5: Async Int reset: Dropping DTR 02:02:56: Async5: asking modem_process to hangup TTY5 02:02:56: TTY5: dropping DTR, hanging up 02:02:56: tty5: Modem: HANGUP-IDLE *Mar 1 02:02:57: %LINK-3-UPDOWN: Interface Async5, changed state to down 02:03:01: TTY5: restoring DTR 02:03:02: TTY5: autoconfigure probe started mit) does it a problem lie on the side of router or computer? i ues windows NT2000 5.00.2195 service pack 2 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9530t=9487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
A loopback interface may be used for many purposes. You may use it as the end of a tunnel on a VPN configuration or you may configure it just to have a stable router-id for OSPF, for instance. You don't need to configure it. They are optional and you may use any address you want. If loopback intfs are following a specific address scheme in your network, then they must be planned for some specific function by who designed the network. You should not change it before knowing what function is this (what may be achieved by analyzing your configuration carefully). The subnet mask used on a loopback intf isn't also necessarily /24. This is frequently used though, to economize address space, since you don't need to differentiate network and host on this segment. In this case, host and network are the same and routing is performed with no problem. ER CCNA - Original Message - From: Susan Stone To: Sent: Friday, June 22, 2001 7:22 AM Subject: what is loopback interface for ? [7:9493] Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9531t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Default gateway [7:9528]
So you can have management connectivity outside of the local subnet. It should be set to the VLAN 0 interface of a connected router. -Original Message- From: Jatin [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 11:52 AM To: [EMAIL PROTECTED] Subject: Default gateway [7:9528] HI , We have about 10 3500XL switches and a catalyst 6006 switch with MSFC. There is a 4500 router for internet access . I am confused as what should be the default gateway on the 3500XL should be ? Should it be the vlan interfaces of the MSFC ? Or the ethernet interface of the router 4500 ? If not then what is the purpose of having default gateway on the switch ? Please help ? Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9532t=9528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
Sorry, Just a correction: the mask usually used for a loopback intf is /32 (255.255.255.255) and not /24 (255.255.255.0). Rgards, ER CCNA - Original Message - From: Ednilson Rosa To: Sent: Friday, June 22, 2001 1:20 PM Subject: Re: what is loopback interface for ? [7:9493] A loopback interface may be used for many purposes. You may use it as the end of a tunnel on a VPN configuration or you may configure it just to have a stable router-id for OSPF, for instance. You don't need to configure it. They are optional and you may use any address you want. If loopback intfs are following a specific address scheme in your network, then they must be planned for some specific function by who designed the network. You should not change it before knowing what function is this (what may be achieved by analyzing your configuration carefully). The subnet mask used on a loopback intf isn't also necessarily /24. This is frequently used though, to economize address space, since you don't need to differentiate network and host on this segment. In this case, host and network are the same and routing is performed with no problem. ER CCNA - Original Message - From: Susan Stone To: Sent: Friday, June 22, 2001 7:22 AM Subject: what is loopback interface for ? [7:9493] Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9542t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Hub and Spoke [7:9268]
I don't know about the genius part. :-) But, you've described the initial scenario I was asking about. In my original post I wasn't suggesting that this would be a good design by any means. I simply was wondering if it was possible and how you'd configure it. In this particular case, the hub router is participating in 20 areas which would cause it to be very busy, especially if the network wasn't very stable. It would be better to extend area zero across the WAN links to insulate the hub router from any instability in the outlying areas. John You definitely are describing an it depends situation. Without considering other factors, the number of areas per physical router isn't a major performance consideration. The reason for restricting it is that in general, with increasing numbers of areas, you are more likely to need to do a SPF calculation simultaneously in more than one area. If the areas are highly stable, or have very few links in them, the effect of the SPF may be minimal. Another consideration is the degree to which inter-area routes propagate to other non-backbone areas. Interarea routes do not necessarily trigger the most intensive part of SPF, the Dijkstra. By not necessarily, I don't know how Cisco's implementation actually reacts to receiving an inter-area LSA without any accompanying intra-area changes. You also need to consider the CPU power of the routers involved. The most areas I've configured were on 7000's, not all that fast a CPU box, typically with seven nonzero areas each. The nonzero areas were very stable optically wired campuses. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9541t=9268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default gateway [7:9528]
The purpose of a default gateway on a Switch is the same as it's IP address: management. The default gateway will be used to route the packets when you telnet to the switch from a network other than the one it's IP is configured. If you configure Switch's ip address as 10.0.0.1 and telnet to it from the network 20.0.0.1, the switch must know were to send the packets back. Although all networks may be passing through it, it only logically knows the network you put it's IP address in. The default gateway must be in VLAN 0. ER CCNA - Original Message - From: Jatin To: Sent: Friday, June 22, 2001 12:52 PM Subject: Default gateway [7:9528] HI , We have about 10 3500XL switches and a catalyst 6006 switch with MSFC. There is a 4500 router for internet access . I am confused as what should be the default gateway on the 3500XL should be ? Should it be the vlan interfaces of the MSFC ? Or the ethernet interface of the router 4500 ? If not then what is the purpose of having default gateway on the switch ? Please help ? Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9544t=9528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Appletalk config. error, why?? [7:9478]
Hey cisco guru, I can't figure out what's connected to what from your description. But, keep in mind that every router connected to a network segment must agree exactly on the configuration of that network. Cable ranges, zone names, and timer values should be the same for every router on the segment. (Ensuring that zone names are exactly the same can be challenging because spaces and other non-printable characters are allowed and, if I remember correctly, zone names are case sensitive.) If you have problems bringing up an interface, enable the debug appletalk events command to display information about initialization progress. It should be fine to have multiple networks in the WAN zone. It's normal that you won't see any networks until the router can get the zones figured out. AppleTalk on Cisco routers is finicky. Sometimes it helps to shut and no shut an interface to restart AppleTalk. If you have access to CertificationZone, I wrote a paper on AppleTalk with a troubleshooting section. Here's a sampling of the troubleshooting suggestions: - Be sure to read the Troubleshooting AppleTalk section in Cisco's Internetwork Troubleshooting Guide. - Every network number in an internetwork must be unique. Document the network numbers you use in cable range assignments to avoid problems. - When troubleshooting routing problems, use the debug appletalk routing command. - When troubleshooting problems with zones, use the debug appletalk zip command. This command reports significant events such as the discovery of new zones and the sending of ZIP queries. - When you change a router or interface configuration, enable the debug appletalk events command. This command tracks the status of interfaces and neighbor acquisition. (Very Useful Command!) - When making configuration changes, be patient and methodical. To play it safe, before changing a configuration, use the show appletalk neighbors command to determine a router's neighbors. Disable AppleTalk on routers that are on the same network segment. Make the required change, and then wait several minutes before enabling the other routers. This will give the internetwork a chance to purge old information before it learns new information. Apple and Cisco recommend disabling AppleTalk for 10 minutes before making a change. This amount of time is necessary on large internetworks. A few minutes should be sufficient in a lab environment. If you really get impatient, reboot all the routers! ;-) The process discussed in the last bullet is especially important when changing zone names. AppleTalk makes no provisions for informing neighbors in an internetwork about a changed zone list. Routers make ZIP queries only when a new (or previously aged-out) network appears in the internetwork. For this reason, it is important to disable AppleTalk on the appropriate interfaces before inputting new zone data into the system. Caution: As always, be careful with the debug commands. Way more detail then you needed probably, but hopefully helpful. Priscilla At 02:32 AM 6/22/01, cisco guru wrote: Hi, I configured 6 routers with appltalk routing and igrp. R1 has a cable range of 100-110 on E0 and a zone of CCIE1 and a cable-range of 1000-1000 and a zone of WAN for S0. R2 has a cable range of 200-210 on E0 and zone of CCIE2 and a cable-range of 1000-1000 and a zone of WAN for S0. R-3 - 300-310 for E0 etc. etc. till R6 - 600-610 The wan zones are all called WAN and the lan zones are unique.EG. CCIE# On R6 I get the following error msg. %AT-3-ZONEDISAGREE: Ethernet 0: AppleTalk interface disabled;zone list incompatible with 303.6 Also when I do a sh apple route, I don't see any other appl networks. On R1 I can see some apple networks and same on R2. What am I doing wrong? Are the zone names configured right? How about the cable ranges? Are they valid? Sorry, no clue about AT routing :-( Would someone please advise on how to fix this problem? Thank you. Kind regards. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9543t=9478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPsec passthru with Linksys or D-link ,what's up with that? [7:9545]
Comments inline: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of NRF Sent: Thursday, June 21, 2001 9:06 PM To: [EMAIL PROTECTED] Subject: IPsec passthru with Linksys or D-link ,what's up with that? [7:9473] I have been reading that companies like Linksys and D-link sell those cheap home broadband routers that now support IPsec passthru. I take it that means that one of your PC's can use VPN client software to build a IPSec tunnel to a corporate network. Yes, one PC at a time can get IPSec connections through the PATing device So how does this passthru thing work exactly? It would seem to me to violate the cherished notion that NAPT (which is what is performed by these little routers to allow multiple home PC's to access the same broadband link) should never be used after IPsec. IPSec can be made to work with NAPT (PAT) in limited scenarios, people like to say it cannot because its simpler to explain to people who don't know exactly how IPSec works. More specifically, I take it that most of those VPN client software setups are using ESP transport mode. Not so. In almost all cases, the client to VPN gateway connection uses ESP in tunnel mode, not transport. The reason is simple, ESP in transport mode would only get you access to the VPN gateway itself. Typically clients don't want to talk directly to the VPN gateway, they want to talk to devices on the inside network, hence the need for tunnel mode. OK, so how exactly do these routers perform NAPT on an ESP transport connection? They don't, and they can't. As you note, chaning the IP address on a ESP packet in transport mode would break IPSec. I suppose there really is no port translation anymore, because the TCP/UDP port number are protected by ESP and cannot be changed without compromising the integrity of the IPSEC tunnel. So perhaps SPI's are used by the router to demux, otherwise then that would imply that there could only be 1 IPsec tunnel going through the router at a given instance (because if SPI's are not used, and you had 2 PC's in your house and both were doing VPN's, then how would the router know what VPN return traffic goes to which PC?). Actually, in my experience devices that support IPSec passthrough do not look at the SPI's, so they do only support a single inside IPSec device at a time. Watching SPI's could probably be made to work, I just don't think any of the vendors are doing it right now. Also I see a problem with the TCP/UDP header checksum, because it is calculated based on the entire header (the pseudo-header), which must necessarily change because of the NAT (IP addresses must be changed from private to public addresses). And of course you cannot repair the TCP/UDP checksum because it is protected by ESP. So I take it the corporate VPN terminator must have TCP/UDP checksums turned off, is that true? In ESP tunnel mode, the inside packet is not changed, so there is no problem with the checksums. Only the outside header is manipulated. Am I just way off-base here? Does anybody know what is the real deal with these little routers doing pass-thru? Is it just more marketing bull? They work fine as long as you have 1 inside PC using IPSec at a time with ESP in tunnel mode. Fortunately for the vendors, this seems to be how most people are using IPSec. HTH, Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9545t=9545 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for NetRanger experts - ever build your own sensor [7:9546]
I am in the process of doing this myself. In theory, there is no reason this should not work. Both the sensors and the management station are standard Solaris boxes running Solaris 7. The MS is usually a ultra-sparc and the probes are x86, but this is mostly due to hardware cost issues. The only issue is that the most current version of the IDS probe software can no longer be downloaded from CCO, you must get it on a CD and you can only get the CD if you already have a NR smartnet contract. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of NRF Sent: Thursday, June 21, 2001 8:15 PM To: [EMAIL PROTECTED] Subject: Question for NetRanger experts - ever build your own sensor [7:9471] I am looking for somebody who has used NetRanger before. Is it true that you can, using software from the Director CD, turn any Sun workstation into a Sensor? If so, has anybody ever done this, and were there any problems, or does this new sensor behave exactly like one bought from Cisco? I am trying to set up a cheap IDS lab, and I don't want to pay through the nose for sensors, I'd rather make my own, if this is possible. Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9546t=9546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC Address: [7:9547]
Hi, In a small LAN with two routers I found the following MAC addresses appearing. 00:00:00:00:00:01 ff:ff:ff:ff:ff:ff Most of the time I see it coming from the routers. Is there a special meaning to this? Pardon me for my weak networking knowledge. Cheers, Chee Leong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9547t=9547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 525 Password Recovery? / Need Help!!! [7:9549]
I'm trying to erase the PIX password. I used the instructions on CCO but after I tftp it never asks me if I want to erase the passwords, then it continues and reboots like nothing happened. Is there another way that will just blow out the whole config? Please let me know if you have any ideas. Thanks for all your help! Justin Lofton Account Executive/CCNA Tredent Data Systems [EMAIL PROTECTED] V: (818) 222-3770 F: (818) 222-3778 http://www.tredent.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9549t=9549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Fridays funnies [7:9548]
This website should keep you guys busy until well into next week ;-) http://www.createafart.com/index.asp -- Natasha Flazynski CCNA, MCSE http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9548t=9548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Training Advice wanted [7:9550]
My boss would like to send me to another class and I'm having a hard time deciding which courses I'd like to take. The problem is that I don't want to cover a lot of material that I already know, and the class has to be relevant to our environment to be considered. Because of that I can't take CATM or MCNS. I've already covered the CCNP/DP level material but I'm wondering if some of the classes would still be beneficial, specifically CIT and CID. Since I'm planning on tackling the CCIE lab, I'm wondering if CIT would be a good choice. Those of you who have taken CIT, would you recommend it? How about CID? That's not as relevent to my immediate goal as CIT but I'm still interested in taking it. I've read a lot of materials on these topics but I know that it really helps to have it all packaged together and presented at once. I see that Global Knowledge has an advanced switching class based on the 6000 series switches. That's starting to look pretty good since we're going to be buying some of those later this year or sometime next year. Hmm I've already taken SNAM and I'll probably get a CIP class after I learn some more SNA/VTAM configuration. I'd love to take some CCIE lab prep classes but there's no way my employer would pay for those. Any suggestions from those of you who've taken some of these courses? I'm leaning toward taking CIT but I'd be interested in hearing your thoughts. Okay, enough rambling! Thanks in advice for your advice John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9550t=9550 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Which hand held to choose for our work. [7:9551]
Sorry for off topic, plz advise on this matter. I am about to invest in a PDA or a palmtop. Cant make my mind to chose from. I am fully aware that it is a personal liking matter but for a network engineer who has to carry a spreadsheet or two about IP Address management, licence and password files of routers and switches. If possible a small network diagram, maybe a hyperterm client on it as well, stuff like that, which one should I buy. I personally have narrowed it down to IPAQ for 649 and Jornada 525 for 369. Want to save the extra 300 dollars to buy goodies with the jornada otherwise Ipaq, but plz suggest. I think this is not that off topic cause such a device is a part of our work. :) Thanks in advance. Farooq CCNP CCNA CCIE(w) --- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9551t=9551 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
Sue, In addition to what ER had to say, the main purpose of loopback address is actually contained in your question.loopback interface is always up/up, and this helps you to possibly get into the router when there is problem and all interfaces fail, now you can see what is going on and troubleshoot after you have telneted into the router inno/ccnp --- Ednilson Rosa wrote: Sorry, Just a correction: the mask usually used for a loopback intf is /32 (255.255.255.255) and not /24 (255.255.255.0). Rgards, ER CCNA - Original Message - From: Ednilson Rosa To: Sent: Friday, June 22, 2001 1:20 PM Subject: Re: what is loopback interface for ? [7:9493] A loopback interface may be used for many purposes. You may use it as the end of a tunnel on a VPN configuration or you may configure it just to have a stable router-id for OSPF, for instance. You don't need to configure it. They are optional and you may use any address you want. If loopback intfs are following a specific address scheme in your network, then they must be planned for some specific function by who designed the network. You should not change it before knowing what function is this (what may be achieved by analyzing your configuration carefully). The subnet mask used on a loopback intf isn't also necessarily /24. This is frequently used though, to economize address space, since you don't need to differentiate network and host on this segment. In this case, host and network are the same and routing is performed with no problem. ER CCNA - Original Message - From: Susan Stone To: Sent: Friday, June 22, 2001 7:22 AM Subject: what is loopback interface for ? [7:9493] Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9552t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what is loopback interface for ? [7:9493]
Looback interface is a logical interface on your router such that when your router interface(s) goes down your loopback interface still stays up up. the subnet mask normally assigned is 255.255.255.0 not 255.255.255.255 and this is done so that only one Ip address can be assigned to the loobak interface. It's normally used is ospf networks to configure your router(s) as designated or backup designated router(s). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9553t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Training Advice wanted [7:9550]
My advice would be the advanced switching class since advanced switches are too expensive to buy for a lab and are ridiculously complicated these days. The CIT class is good, but it's pretty basic. From the level of the responses you send to the list, my guess it that you know most of it. Of course, it's great practice because it's mostly hands-on, so it might be a good choice for CCIE prep. The CID class can be great if you have a wise instructor and students who are knowledgeable. Unless this has changed in recent years, the CID class is not hands-on but you get together in groups to work on case studies. Sometimes other students can really help in the group; sometimes they can be annoying. That's my $0.02. Priscilla At 02:32 PM 6/22/01, John Neiberger wrote: My boss would like to send me to another class and I'm having a hard time deciding which courses I'd like to take. The problem is that I don't want to cover a lot of material that I already know, and the class has to be relevant to our environment to be considered. Because of that I can't take CATM or MCNS. I've already covered the CCNP/DP level material but I'm wondering if some of the classes would still be beneficial, specifically CIT and CID. Since I'm planning on tackling the CCIE lab, I'm wondering if CIT would be a good choice. Those of you who have taken CIT, would you recommend it? How about CID? That's not as relevent to my immediate goal as CIT but I'm still interested in taking it. I've read a lot of materials on these topics but I know that it really helps to have it all packaged together and presented at once. I see that Global Knowledge has an advanced switching class based on the 6000 series switches. That's starting to look pretty good since we're going to be buying some of those later this year or sometime next year. Hmm I've already taken SNAM and I'll probably get a CIP class after I learn some more SNA/VTAM configuration. I'd love to take some CCIE lab prep classes but there's no way my employer would pay for those. Any suggestions from those of you who've taken some of these courses? I'm leaning toward taking CIT but I'd be interested in hearing your thoughts. Okay, enough rambling! Thanks in advice for your advice John Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9554t=9550 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
Can you explain to me how you can telnet into the router if all interfaces fail with the exception of the loopback interface? If ALL interfaces fail, the only way you can get to the router is via console or AUX. And you call yourself a CCNP. No wonder the value of Cisco certification value (with the exception of the CCIE) is becoming less desirable these days. Kevin Juniper Network Certified Internet Expert (JNCIE) Qwest Communiations From: Inno. Ama Reply-To: Inno. Ama To: [EMAIL PROTECTED] Subject: Re: what is loopback interface for ? [7:9493] Date: Fri, 22 Jun 2001 14:57:53 -0400 Sue, In addition to what ER had to say, the main purpose of loopback address is actually contained in your question.loopback interface is always up/up, and this helps you to possibly get into the router when there is problem and all interfaces fail, now you can see what is going on and troubleshoot after you have telneted into the router inno/ccnp --- Ednilson Rosa wrote: Sorry, Just a correction: the mask usually used for a loopback intf is /32 (255.255.255.255) and not /24 (255.255.255.0). Rgards, ER CCNA - Original Message - From: Ednilson Rosa To: Sent: Friday, June 22, 2001 1:20 PM Subject: Re: what is loopback interface for ? [7:9493] A loopback interface may be used for many purposes. You may use it as the end of a tunnel on a VPN configuration or you may configure it just to have a stable router-id for OSPF, for instance. You don't need to configure it. They are optional and you may use any address you want. If loopback intfs are following a specific address scheme in your network, then they must be planned for some specific function by who designed the network. You should not change it before knowing what function is this (what may be achieved by analyzing your configuration carefully). The subnet mask used on a loopback intf isn't also necessarily /24. This is frequently used though, to economize address space, since you don't need to differentiate network and host on this segment. In this case, host and network are the same and routing is performed with no problem. ER CCNA - Original Message - From: Susan Stone To: Sent: Friday, June 22, 2001 7:22 AM Subject: what is loopback interface for ? [7:9493] Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9555t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network security issue [7:9556]
Hello, My client is a Cisco shop and they have many offices all over the world. They want to make sure that only authorized person can connect to their network. Their concern is that someone may just walk into one of their offices and plug in a laptop and then is on their network. How can we prevent this? The only thing I can think of is create a MAC database and implement security on the 6509 switches. But to create and manage tens of thousands of MAC addresses is a pain. Is there any other way? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9556t=9556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and Backup Routes [7:9225]
Hi John Can't you keep the peers down to one per site if you use loopback addresses on each router as the encryption peer? Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The '150' number would only be if certain branches had to peer twice: once over the primary route and once over the secondary-but-always-up route. In actuality, there would still be about 90 peers on that single 7513 but the volume of traffic per peer is going to be pretty low. It's only tn3270 and DLSw stuff. The rest of the interbranch traffic will remain in the clear. Is that still going to be too many peers? I know that the 7513 has a card to do hardware encryption. It looks like we may have to check into that again. Thanks, John Dana J. Dawson 6/21/01 4:38:07 PM IPSec and redundancy is hard. The usual recommendation is to use GRE tunnels over IPSec, since the tunnels provide a logical interface over which you can run a routing protocol that will provide the redundancy. With plain old IPSec, you use access-lists to specify which traffic goes to which peer, and you can't overlap any of your crypto access-lists (those referenced in a match address command in a crypto map). This precludes the possiblity of doing redundancy this way. That being said, you don't want to terminate 150 peers in your 7513, especially if you want that router to do anything else. With this scale of VPN network, you should have a dedicated VPN concentrator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9557t=9225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7505 and 6509 port-channel/trunk ? [7:9512]
Did you change the encapsulation on the 7505 to dot1q? did you configure the native vlan properly? - Original Message - From: Lopez, Robert To: Sent: Friday, June 22, 2001 10:16 AM Subject: 7505 and 6509 port-channel/trunk ? [7:9512] I have a 7505 connected to a 6509 via a 100mb port-channel. This connection is trunked on the 6509 side with ISL. When I change the trunk to 802.1q, I lose connection to the 7505. What needs to be done on the 7505 to allow the 802.1q trunk to exist? Do I need to tear down the port-channel on the 7505 and re-create? Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9558t=9512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NetFlow Error [7:9491]
Dude, this is really something for CCO bugfinder or cisco TAC to handle... Anyone else seen it? - Original Message - From: Sergey Konovalov To: Sent: Friday, June 22, 2001 5:56 AM Subject: NetFlow Error [7:9491] Hi 2 All We have received a abnormal situation, when we try to use NetFlow feature with external receiver: ip route-cache flow ip flow-export After that, router has been restarted with error message: signal= 0xb, code= 0x1200, context= 0x80931ef8 PC = 0x80150b74, Vector = 0x1200, SP = 0x809bb380 Some of tech-support: show version - System restarted by error - a SegV exception, PC 0x80150B74 at 16:09:27 EET Wed Jun 20 2001 -- show stacks -- Minimum process stacks: Free/Size Name 5644/6000 CDP Protocol 9880/12000 Init 5380/6000 RADIUS INITCONFIG 7872/9000 DHCP Client 9988/12000 Exec 9100/12000 Virtual Exec 10464/12000 TCP Remote Shell Interrupt level stacks: LevelCalled Unused/Size Name 140977623 7632/9000 Network interfaces 2 0 9000/9000 Timebase Reference Interrupt 3 0 9000/9000 PA Management Int Handler 62292 8884/9000 16552 Con/Aux Interrupt 736547843 8916/9000 MPC860 TIMER INTERRUPT System was restarted by error - a SegV exception, PC 0x80150B74 C2600 Software (C2600-I-M), Version 12.0(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) What kind of problem it is? And how we can fixed it? ___ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9559t=9491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Now a CCNP [7:9560]
It's been a busy week, but I finally broke down and took my routing exam last week passed with a 800 (I really need to work on my BGP Skills (or lack there of). Thanks to everyone who contributes on the list for their support and expert guidance. A colleague asked me today which was the hardest exam. It was actually a difficult question to answer. I took the ccnp exams in this order: Remote Access, Switching, Support, Routing. Each test was equally as difficult based on my networking experience and what I work with on a day to day basis. At work I deal with alot of switching, simple point-to-point leased lines, ISDN and basic OSPF, and alot of troubleshooting. There were areas of each test that were difficult for me since I don't deal with those technologies on a day to day basis. I used a variety of books to prepare for the different exams, some of the sybex ccnp books, cisco press books, and hands on work on the job and in my home lab. thanks, tim medley Tim Medley - CCNP+Voice Network Architect VoIP Group iReadyWorld 704-943-3615 - Phone 704-943-3660 - Fax 877-6-iReady - Helpdesk Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9560t=9560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP/CCDP passed [7:9561]
Hello, Just thought I'd drop a note to those looking at obtaining these certs. Please reply congrats and such directly to me instead of wasting valuable Groupstudy time. To get there, I read the following over a year: - CCNP Remote Access exam 640-505 Osborne Press - Internet Routing Architectures, Second Edition, Volume I Cisco Press Toughest book I ever read as the first 600 pages are theory - CCIE Professional Development: Cisco Lan Switching by Kennedy Clark, Kevin Hamilton; Cisco Press - CCIE Professional Development: Routing TCP/IP Vol I Doyle - Top-down Network Design Oppenheimer - Advanced IP Network Design Cisco Press - OSPF Network Design - Advanced IP routing in Cisco networks McGraw Hill and have taken ICRC, ACRC, CIT and CID courses. And managed to pass the beta CID exam. Alain CCNP/CCDP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9561t=9561 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and Backup Routes [7:9225]
That's the heart of my original question, really. I'm fairly new to IPSec and I wasn't sure how to configure that. I suppose I could set up the same remote peer in two different maps: one for the primary route and one for the secondary route. In that case, would this count as two sessions since there are now two active tunnels? I was assuming it would count as two unless the secondary tunnel doesn't even come active until traffic is present. Hmm...interestingly, while typing I realized that due to a quirk in our network design, encrypting the traffic while they're on the backup link is probably not feasible for the time being so this is almost a moot point. It would be nice to know how to configure it when the time comes, though. Thanks, John Gareth Hinton 6/22/01 1:50:06 PM Hi John Can't you keep the peers down to one per site if you use loopback addresses on each router as the encryption peer? Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The '150' number would only be if certain branches had to peer twice: once over the primary route and once over the secondary-but-always-up route. In actuality, there would still be about 90 peers on that single 7513 but the volume of traffic per peer is going to be pretty low. It's only tn3270 and DLSw stuff. The rest of the interbranch traffic will remain in the clear. Is that still going to be too many peers? I know that the 7513 has a card to do hardware encryption. It looks like we may have to check into that again. Thanks, John Dana J. Dawson 6/21/01 4:38:07 PM IPSec and redundancy is hard. The usual recommendation is to use GRE tunnels over IPSec, since the tunnels provide a logical interface over which you can run a routing protocol that will provide the redundancy. With plain old IPSec, you use access-lists to specify which traffic goes to which peer, and you can't overlap any of your crypto access-lists (those referenced in a match address command in a crypto map). This precludes the possiblity of doing redundancy this way. That being said, you don't want to terminate 150 peers in your 7513, especially if you want that router to do anything else. With this scale of VPN network, you should have a dedicated VPN concentrator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9562t=9225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Yahoooooooo........passed my CCNA today !!!!!! [7:9563]
Hi Gang, You would all be glad to know that i passed my CCNA exam this morning. I joined this list about 2 weeks back and have really liked the discussions going on especially the ones on OSPF and VLANs. Well, I am planning to start preparing for my CCNP switching exam now. I am planning to take CCNP in the order of switching, remote access, routing and troubleshooting. Would you guys like to give me some pointers on how to start my CCNP quest. In particular, the switching exam as I am planning to take it in abt 15 days. If anyone has any material you wanna pass on, then I would be more than glad to accept them (that wasnt tough to decide). Thanks in advance to all those who decide to reply back . Regards, Imran. = Imran Moin Network Engineer CCNA __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9563t=9563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: network security issue [7:9556]
Enable port security on your switches. Also, a port not in use should always be disabled. HTH, Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Friday, June 22, 2001 3:49 PM To: [EMAIL PROTECTED] Subject: network security issue [7:9556] Hello, My client is a Cisco shop and they have many offices all over the world. They want to make sure that only authorized person can connect to their network. Their concern is that someone may just walk into one of their offices and plug in a laptop and then is on their network. How can we prevent this? The only thing I can think of is create a MAC database and implement security on the 6509 switches. But to create and manage tens of thousands of MAC addresses is a pain. Is there any other way? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9564t=9556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
No-Export [7:9565]
Can someone explain what exactly the no-export command is used for in BGP. I am having problems getting this comand to work the way I think it is supposed to work. Maybe I am off base in my definition of it, but I am using Halabi's book as reference. Basically I have a peering session with a bgp peer and I am advertising a single route to them. This route is then taken by my peer and being readvertised to the world and back into my network at another location (asymetrical routing). I have a hard time getting my bgp neighbor administrator to make changes for me, so I want to stop the advertisement of the bgp route outside my neighbor's network (as number) using the no export command. Is this the correct application for no export or are there better ways of skinning this cat? Where is my logic being lead astray? Thanks in advance for any help. Thanks Stan Rossetti NASA - PriSMS Advanced Technology Group Voice: (256) 544-5031 Email: [EMAIL PROTECTED] Beeper: 544-1183 pin 0112 CCDA, CCNA, CCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9565t=9565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: No-Export [7:9565]
Sounds like you've got it. AS 100 sends a route to AS 200 with the no-export tag set. AS 200 takes the route, and uses it, but doesn't send it out to AS 300. AS 300 is either kept in the dark, or learns about the route via a different path. - Original Message - From: Rossetti, Stan To: [EMAIL PROTECTED] Sent: Friday, June 22, 2001 4:39 PM Subject: No-Export [7:9565] Can someone explain what exactly the no-export command is used for in BGP. I am having problems getting this comand to work the way I think it is supposed to work. Maybe I am off base in my definition of it, but I am using Halabi's book as reference. Basically I have a peering session with a bgp peer and I am advertising a single route to them. This route is then taken by my peer and being readvertised to the world and back into my network at another location (asymetrical routing). I have a hard time getting my bgp neighbor administrator to make changes for me, so I want to stop the advertisement of the bgp route outside my neighbor's network (as number) using the no export command. Is this the correct application for no export or are there better ways of skinning this cat? Where is my logic being lead astray? Thanks in advance for any help. Thanks Stan Rossetti NASA - PriSMS Advanced Technology Group Voice: (256) 544-5031 Email: [EMAIL PROTECTED] Beeper: 544-1183 pin 0112 CCDA, CCNA, CCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9566t=9565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help pls!! [7:9567]
Hi, I am setting up Solaris on Intel with 810 chipset, if any one can provide me with drivers for Intel 82810E Display driver for solaris 7 Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9567t=9567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: network security issue [7:9556]
configure access list on your router in addition to setting up port security. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9568t=9556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: network security issue [7:9556]
Give ESSI Enterprise Systems Security Inc. a buzz and ask for Jerry Ketterling for ALL of your security needs. He is the best! CISSP certified! He will tell you everything about this issue in about 5 min 425-825-8353 x405 Ann Marie Kurtz -Original Message- From: Nabil Fares [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 1:37 PM To: [EMAIL PROTECTED] Subject:RE: network security issue [7:9556] Enable port security on your switches. Also, a port not in use should always be disabled. HTH, Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Friday, June 22, 2001 3:49 PM To: [EMAIL PROTECTED] Subject:network security issue [7:9556] Hello, My client is a Cisco shop and they have many offices all over the world. They want to make sure that only authorized person can connect to their network. Their concern is that someone may just walk into one of their offices and plug in a laptop and then is on their network. How can we prevent this? The only thing I can think of is create a MAC database and implement security on the 6509 switches. But to create and manage tens of thousands of MAC addresses is a pain. Is there any other way? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9569t=9556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
The last mail I read before my response was about a sarcastic remark from somebody on this list, somebody actually took this up with his boss because he had a signature just like Kevin. My question is, is this what this board has come to? Ok, lets ignorantly agree that you are right, is this the best way to put it across to me? I believe you are a great engineer for Quest and that you are a juniper expert, could this be the difference between cisco and juniper boxes? I have learnt alot from this group, I will not allow you to change my perception of the well cultured members of this group. --- kevin jones wrote: Can you explain to me how you can telnet into the router if all interfaces fail with the exception of the loopback interface?nbsp; If ALL interfaces fail, the only way you can get to the router is via console or AUX.nbsp; And you call yourself a CCNP.nbsp; No wonder the value of Cisco certification value (with the exception of the CCIE) is becoming less desirable these days. Kevin Juniper Network Certified Internet Expert (JNCIE) Qwest Communiations nbsp; gt;From: Inno. Ama gt;Reply-To: Inno. Ama gt;To: [EMAIL PROTECTED] gt;Subject: Re: what is loopback interface for ? [7:9493] gt;Date: Fri, 22 Jun 2001 14:57:53 -0400 gt; gt;Sue, gt; gt;In addition to what ER had to say, the main purpose of gt;loopback address is actually contained in your gt;question.loopback interface is always up/up, and gt;this helps you to possibly get into the router when gt;there is problem and all interfaces fail, now you can gt;see what is going on and troubleshoot after you have gt;telneted into the router gt; gt;inno/ccnp gt;--- Ednilson Rosa wrote: gt; gt; Sorry, gt; gt; gt; gt; Just a correction: the mask usually used for a gt; gt; loopback intf is /32 gt; gt; (255.255.255.255) and not /24 (255.255.255.0). gt; gt; gt; gt; Rgards, gt; gt; gt; gt; ER gt; gt; CCNA gt; gt; gt; gt; - Original Message - gt; gt; From: Ednilson Rosa gt; gt; To: gt; gt; Sent: Friday, June 22, 2001 1:20 PM gt; gt; Subject: Re: what is loopback interface for ? gt; gt; [7:9493] gt; gt; gt; gt; gt; gt; A loopback interface may be used for many purposes. gt; gt; You may use it as the gt; gt; end of a tunnel on a VPN configuration or you may gt; gt; configure it just to have gt; gt; a stable router-id for OSPF, for instance. gt; gt; gt; gt; You don't need to configure it. They are optional gt; gt; and you may use any gt; gt; address you want. If loopback intfs are following a gt; gt; specific address scheme gt; gt; in your network, then they must be planned for some gt; gt; specific function by who gt; gt; designed the network. You should not change it gt; gt; before knowing what function gt; gt; is this (what may be achieved by analyzing your gt; gt; configuration carefully). gt; gt; gt; gt; The subnet mask used on a loopback intf isn't also gt; gt; necessarily /24. This is gt; gt; frequently used though, to economize address space, gt; gt; since you don't need to gt; gt; differentiate network and host on this segment. In gt; gt; this case, host and gt; gt; network are the same and routing is performed with gt; gt; no problem. gt; gt; gt; gt; ER gt; gt; CCNA gt; gt; gt; gt; - Original Message - gt; gt; From: Susan Stone gt; gt; To: gt; gt; Sent: Friday, June 22, 2001 7:22 AM gt; gt; Subject: what is loopback interface for ? [7:9493] gt; gt; gt; gt; gt; gt; Hi, gt; gt; gt; gt; I always wonder what is loopback interface for? Can gt; gt; anyone explained its gt; gt; function? Can we don't configure the loopback gt; gt; interface. Our WAN Lookback gt; gt; always start with 192.168.X.X why? Must we use gt; gt; private IP? I found I can gt; gt; telnet to a remote router using its loopback IP. gt; gt; But I wonder How I route gt; gt; as it always have the subnet mask of gt; gt; 255.255.255.255. Then which is the gt; gt; network and which the host gt; gt; gt; gt; Susan gt; gt; gt;_ gt; gt; Get Your Private, Free E-mail from MSN Hotmail at gt; gt; http://www.hotmail.com. gt;[EMAIL PROTECTED] gt; gt; gt;__ gt;Do You Yahoo!? gt;Get personalized email addresses from Yahoo! Mail gt;http://personal.mail.yahoo.com/ gt; gt; gt; gt; gt;FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html gt;Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9570t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: No-Export [7:9565]
Ahh, but does the neighbor/peer configuration include the send community statement? -Original Message- From: Bradley J. Wilson [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 2:54 PM To: [EMAIL PROTECTED] Subject: Re: No-Export [7:9565] Sounds like you've got it. AS 100 sends a route to AS 200 with the no-export tag set. AS 200 takes the route, and uses it, but doesn't send it out to AS 300. AS 300 is either kept in the dark, or learns about the route via a different path. - Original Message - From: Rossetti, Stan To: [EMAIL PROTECTED] Sent: Friday, June 22, 2001 4:39 PM Subject: No-Export [7:9565] Can someone explain what exactly the no-export command is used for in BGP. I am having problems getting this comand to work the way I think it is supposed to work. Maybe I am off base in my definition of it, but I am using Halabi's book as reference. Basically I have a peering session with a bgp peer and I am advertising a single route to them. This route is then taken by my peer and being readvertised to the world and back into my network at another location (asymetrical routing). I have a hard time getting my bgp neighbor administrator to make changes for me, so I want to stop the advertisement of the bgp route outside my neighbor's network (as number) using the no export command. Is this the correct application for no export or are there better ways of skinning this cat? Where is my logic being lead astray? Thanks in advance for any help. Thanks Stan Rossetti NASA - PriSMS Advanced Technology Group Voice: (256) 544-5031 Email: [EMAIL PROTECTED] Beeper: 544-1183 pin 0112 CCDA, CCNA, CCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9571t=9565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: No-Export [7:9565]
If you want it to work, it does. ;-) - Original Message - From: Jim Brown To: 'Bradley J. Wilson' ; [EMAIL PROTECTED] Sent: Friday, June 22, 2001 4:54 PM Subject: RE: No-Export [7:9565] Ahh, but does the neighbor/peer configuration include the send community statement? -Original Message- From: Bradley J. Wilson [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 2:54 PM To: [EMAIL PROTECTED] Subject: Re: No-Export [7:9565] Sounds like you've got it. AS 100 sends a route to AS 200 with the no-export tag set. AS 200 takes the route, and uses it, but doesn't send it out to AS 300. AS 300 is either kept in the dark, or learns about the route via a different path. - Original Message - From: Rossetti, Stan To: [EMAIL PROTECTED] Sent: Friday, June 22, 2001 4:39 PM Subject: No-Export [7:9565] Can someone explain what exactly the no-export command is used for in BGP. I am having problems getting this comand to work the way I think it is supposed to work. Maybe I am off base in my definition of it, but I am using Halabi's book as reference. Basically I have a peering session with a bgp peer and I am advertising a single route to them. This route is then taken by my peer and being readvertised to the world and back into my network at another location (asymetrical routing). I have a hard time getting my bgp neighbor administrator to make changes for me, so I want to stop the advertisement of the bgp route outside my neighbor's network (as number) using the no export command. Is this the correct application for no export or are there better ways of skinning this cat? Where is my logic being lead astray? Thanks in advance for any help. Thanks Stan Rossetti NASA - PriSMS Advanced Technology Group Voice: (256) 544-5031 Email: [EMAIL PROTECTED] Beeper: 544-1183 pin 0112 CCDA, CCNA, CCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9572t=9565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and Backup Routes [7:9225]
Yep, I see what you're saying. I set up something similar the other day. I must admit I didn't think too much about it at the time, and I may just go back and give it a good testing. I set up a leased line with an ISDN multilink backup using floating statics. Configured one policy, key, transform-set, and related access-list. Then applied the same crypto map to the serial and BRI, just with different peer IP addresses for Serial and BRI. I thought at the time about configuring both routers to use the peers loopback address, but didn't do it eventually. I think the routers won't care what the path is between them, just that there is a path and they see the same peer whichever way they are routed. If anybody can think of problems/side-effects with this set-up, I'd be grateful to hear. If not, hopefully I'll get chance to set it up some time next week. Regards, Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That's the heart of my original question, really. I'm fairly new to IPSec and I wasn't sure how to configure that. I suppose I could set up the same remote peer in two different maps: one for the primary route and one for the secondary route. In that case, would this count as two sessions since there are now two active tunnels? I was assuming it would count as two unless the secondary tunnel doesn't even come active until traffic is present. Hmm...interestingly, while typing I realized that due to a quirk in our network design, encrypting the traffic while they're on the backup link is probably not feasible for the time being so this is almost a moot point. It would be nice to know how to configure it when the time comes, though. Thanks, John Gareth Hinton 6/22/01 1:50:06 PM Hi John Can't you keep the peers down to one per site if you use loopback addresses on each router as the encryption peer? Gaz John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The '150' number would only be if certain branches had to peer twice: once over the primary route and once over the secondary-but-always-up route. In actuality, there would still be about 90 peers on that single 7513 but the volume of traffic per peer is going to be pretty low. It's only tn3270 and DLSw stuff. The rest of the interbranch traffic will remain in the clear. Is that still going to be too many peers? I know that the 7513 has a card to do hardware encryption. It looks like we may have to check into that again. Thanks, John Dana J. Dawson 6/21/01 4:38:07 PM IPSec and redundancy is hard. The usual recommendation is to use GRE tunnels over IPSec, since the tunnels provide a logical interface over which you can run a routing protocol that will provide the redundancy. With plain old IPSec, you use access-lists to specify which traffic goes to which peer, and you can't overlap any of your crypto access-lists (those referenced in a match address command in a crypto map). This precludes the possiblity of doing redundancy this way. That being said, you don't want to terminate 150 peers in your 7513, especially if you want that router to do anything else. With this scale of VPN network, you should have a dedicated VPN concentrator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9574t=9225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test ignore [7:9575]
test ignore _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9575t=9575 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Training Advice wanted [7:9550]
John, I think that the CIT class would be a good choice for you given your limitations. We used to send all of our engineers to the CIT class and everyone liked the class and thought it was good. I do not know if your boss would allow it or not, but Mentor Technologies BGP/OSPF workshop would also be a good choice. Regards, David Wolsefer, CCIE #5858 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Friday, June 22, 2001 11:33 AM To: [EMAIL PROTECTED] Subject: Training Advice wanted [7:9550] My boss would like to send me to another class and I'm having a hard time deciding which courses I'd like to take. The problem is that I don't want to cover a lot of material that I already know, and the class has to be relevant to our environment to be considered. Because of that I can't take CATM or MCNS. I've already covered the CCNP/DP level material but I'm wondering if some of the classes would still be beneficial, specifically CIT and CID. Since I'm planning on tackling the CCIE lab, I'm wondering if CIT would be a good choice. Those of you who have taken CIT, would you recommend it? How about CID? That's not as relevent to my immediate goal as CIT but I'm still interested in taking it. I've read a lot of materials on these topics but I know that it really helps to have it all packaged together and presented at once. I see that Global Knowledge has an advanced switching class based on the 6000 series switches. That's starting to look pretty good since we're going to be buying some of those later this year or sometime next year. Hmm I've already taken SNAM and I'll probably get a CIP class after I learn some more SNA/VTAM configuration. I'd love to take some CCIE lab prep classes but there's no way my employer would pay for those. Any suggestions from those of you who've taken some of these courses? I'm leaning toward taking CIT but I'd be interested in hearing your thoughts. Okay, enough rambling! Thanks in advice for your advice John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9576t=9550 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
Nope. 255.255.255.0 (/24) is the standard class C mask. It allows 254 host addresses instead of just one. By using this mask you will be wasting your address space. If IP address availability is not an issue to you then go ahead. Otherwise it's better to use a /32 (255.255.255.255) mask which only permits one single address. ER CCNA - Original Message - From: FELIX KISSIEDU To: Sent: Friday, June 22, 2001 4:21 PM Subject: RE: what is loopback interface for ? [7:9493] Looback interface is a logical interface on your router such that when your router interface(s) goes down your loopback interface still stays up up. the subnet mask normally assigned is 255.255.255.0 not 255.255.255.255 and this is done so that only one Ip address can be assigned to the loobak interface. It's normally used is ospf networks to configure your router(s) as designated or backup designated router(s). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9577t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Hub and Spoke [7:9268]
Hi Chuck, I feel like I have grasped some of OSPF, and understood without any doubt in my mind all but two of your comments.(It's possibly down to all but one after writing this post) The first one was: Do OSPF area numbers have to be unique. I've re-written this about 4 times while I tried to think it out and read through my books. What sort of flow of LSA's are there between the two discontiguous area's with identical area numbers. LSA type 1 2 flooded between the two? or are they just treated as separate areas. I'm thinking the latter but changing my mind every second. The second was: Do virtual links have to be point to point? What I probably want here is the argument against my logic, or confirmation of it. Using: Area_3-area_2area_1--area_0 Area 2 has a virtual link to area 0. When I did this I noticed that the ABR between area two and one had all of it's interfaces in area 0, as well as the 'actual' area of each interface. (So a router with 3 interfaces had for instance, 3 interfaces in area 0, 2 interfaces in area 2 and 1 interface in area 1) Area 3 has a virtual link into the router above. As the router above *is now* within area 0, the virtual link ends there, and the router in area 3 now has a virtual link to Area 0 (And therefore now becomes part of the backbone area 0) So my answer would be, yes, virtual links have to be point to point. The first virtual link extends area 0. The second virtual link merely connects to the extended area 0. I need to press send quickly before I change it all again. Thanks for your time, Gaz Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Agreed that there are few if any written materials that do a decent job of explaining how OSPF works and why. Disclaimer - I have not read Tom Thomas' book. But I have read a number of others, including the RFC. Plus my Lab prep work. One problem is that most of us don't understand the difference between routing and routing protocols. Routing protocols are one means, but only means, of getting routes into the routing table. Routing forwards or drops packets based on the contents of the routing table. Lack of understanding of how and why OSPF operates can lead to question like when there is a virtual link connecting a discontiguous area to the backbone, does traffic travel across the transit area to the backbone, and then back into the transit area? Area_2area_1--area_0 If there is a virtual link from area 2 into the backbone, does traffic bound for area 1 from area two have to go to area 0 first? The answer is two fold. The area 2/area abr is now part of area 0. This allows area 2 to learn about area 1 routes. And secondly, when a router receives a packet, it is the routing process ( not the routing protocols ) that determine the forwarding. Another question - do OSPF area numbers have to be unique? Answer is no they don't. in a multiple area network, as long as there is an area 0, all other areas can have the same number. there is nothing in an LSA that identifies a route with an area. A corollary of this is that in a single area network, there does not have to be an area 0. Why? Got a good one. Do virtual links have to be point to point? Area_3-area_2area_1--area_0 You can create a virtual link from area 3 to area 2 and a second link from area 2 to area 0 - it works. Good example of this in Slattery's book. Over time I have come to appreciate the Cert zone / Berkowitz approach, which is to attain understanding of how things work. one might be surprised at the number of people with very high level certification who can make, but who don't know why it works. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Neiberger Sent: Friday, June 22, 2001 7:32 AM To: [EMAIL PROTECTED] Subject: RE: OSPF Hub and Spoke [7:9268] Yep, you are correct. I see now that as long as non-zero areas receive LSAs from a router configured as area zero, then the routing tables will be built and all should be well. This makes more sense to me, anyway, but some of what I've read made the waters murkier rather than clearer. How many times have you read All interarea traffic must go through area zero ? I've read that in several places. It's almost true, but not if you want to split hairs, especially since OSPF defines areas as links, not routers. It should read that for loop-free routing to take place, all non-zero areas must connect to area zero only. This is more correct and doesn't imply that interarea traffic must cross an area zero link. Does that sounds about right? :-) Chuck Larrieu 6/21/01 11:15:31 PM John, this one's got me to thinking a little bit. Your kinda right but kinda wrong. The areas are an OSPF structure, used for the building of the SPF tables. It's not that inter area traffic has to go through a discreet area 0, but that in OSPF
Re: Natting !!! [7:9496]
Assuming the NAT is configured correctly, this shouldn't be a problem either. As a matter of fact, one of the three scenarios the Cisco Press BCRAN book uses to show when to use NAT, is when the two networks have overlapping addresses. like this case. Mike W. Raees Ahmed Shaikh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the reply Micheal what about the second option Clienta(150.150.1.1)PIXINTERNET(Webserver 150.150.1.1) Sorry the example which I quoted earlier carried a pix on the otherside aswell but I mean a host on the internet. thanks -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Fri, June 22, 2001 2:48 PM To: [EMAIL PROTECTED] Subject: Re: Natting !!! [7:9496] I don't see why not. The address of Client A will get translated to a real Internet IP (by your NAT at Site A), then the packet will go to Site B, where it will be seen as any other internet addressed packet, and get translated by the NAT at Site B. I don't see why there would be any issue. Having said that, I know there are some applications (like ICQ) that won't let things that require a direct connection to happen (like file transfers) if both parties are behind NATs. (unless there is some fancy port forwarding, etc). My 2 cents. Mike W. Raees Ahmed Shaikh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, A question about natting/patting. Can two duplicate private ip address communicate with each other over the internet. The example below assume there are two sites using the same private address of class b range and they happen to use duplicate ips. Client A Client B 172.16.1.1---PIX---Internet-PIX ---Internet--- PIX150.150.1.1 Inthis example clientA is under a private site which is using a public ip address range of 150.150.1.1, which he had configured by himself, the range is not given by an ISP, he is connected to the internet by a firewall and he happens to access a site which has an public registered webserver from the same range 150.150.1.1, Will he able to connect to that webserver, Please explain if yes/no. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9579t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Natting !!! [7:9496]
Actually, you're correct... I hadn't thought of that, but yeah, anything trying to get to 150.150.1.1 will get directed to the internet host, not your network. Mike W. _ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think the site with the illegal address scheme will be able to access the internet, but they won't be able to access any of the sites with the same IP addresses. For example if one of your workstations is assigned 150.150.1.1/16 and there is a web site with 150.150.1.1/24 and you send a ping from a workstation with 150.150.1.2/16, you will get the reply from the other workstation and not the web site. The best thing to do is have the customer with the illegal address scheme re-number to a private network number, unless they are never going to access the internet sites in the 150.150.0.0/16 subnet. I don't see why not. The address of Client A will get translated to a real Internet IP (by your NAT at Site A), then the packet will go to Site B, where it will be seen as any other internet addressed packet, and get translated by the NAT at Site B. I don't see why there would be any issue. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9580t=9496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco CPU SNMP [7:9190]
have you found out wat OID and how to parse the return yet? - Original Message - From: Sam Sneed To: Sent: Wednesday, June 20, 2001 11:35 AM Subject: Cisco CPU SNMP [7:9190] I would like to poll Cisco router (4700) and a 2948GL3 switch using SNMP to get the CPU load. I will be using the UNIX snmpget function. Does know which snmp variable which I should poll? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9582t=9190 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
I don't understand your statement the subnet mask normally assigned is 255.255.255.0 not 255.255.255.255 and this is done so that only one Ip address can be assigned to the loobak interface.Using the subnet mask 255.255.255.0 will waste IP addresses. You would use the 255.255.255.255 subnet mask to make it so it only uses 1 IP address. Although the loopback can be used to sway the DR/BDR election, it's also used as endpoints in DLSw, STUN and BSTUN tunnels as well as for administrative purposes as a way to reach a router no matter which particular interface is up or down. Also they are commonly used as a source of an IP address for IP unnumbered interfaces, since they never go down. Mike W. FELIX KISSIEDU wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Looback interface is a logical interface on your router such that when your router interface(s) goes down your loopback interface still stays up up. the subnet mask normally assigned is 255.255.255.0 not 255.255.255.255 and this is done so that only one Ip address can be assigned to the loobak interface. It's normally used is ospf networks to configure your router(s) as designated or backup designated router(s). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9581t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address: [7:9547]
These are broadcast.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tan Chee Leong Sent: Friday, June 22, 2001 1:51 PM To: [EMAIL PROTECTED] Subject: MAC Address: [7:9547] Hi, In a small LAN with two routers I found the following MAC addresses appearing. 00:00:00:00:00:01 ff:ff:ff:ff:ff:ff Most of the time I see it coming from the routers. Is there a special meaning to this? Pardon me for my weak networking knowledge. Cheers, Chee Leong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9583t=9547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is loopback interface for ? [7:9493]
I had this huge post typed out ready to flame you for your response, but I don't want to lower myself to that level. I would hope that you are not an indication of the quality of people that Qwest hires. What an ass! Mike W. kevin jones wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can you explain to me how you can telnet into the router if all interfaces fail with the exception of the loopback interface? If ALL interfaces fail, the only way you can get to the router is via console or AUX. And you call yourself a CCNP. No wonder the value of Cisco certification value (with the exception of the CCIE) is becoming less desirable these days. Kevin Juniper Network Certified Internet Expert (JNCIE) Qwest Communiations From: Inno. Ama Reply-To: Inno. Ama To: [EMAIL PROTECTED] Subject: Re: what is loopback interface for ? [7:9493] Date: Fri, 22 Jun 2001 14:57:53 -0400 Sue, In addition to what ER had to say, the main purpose of loopback address is actually contained in your question.loopback interface is always up/up, and this helps you to possibly get into the router when there is problem and all interfaces fail, now you can see what is going on and troubleshoot after you have telneted into the router inno/ccnp --- Ednilson Rosa wrote: Sorry, Just a correction: the mask usually used for a loopback intf is /32 (255.255.255.255) and not /24 (255.255.255.0). Rgards, ER CCNA - Original Message - From: Ednilson Rosa To: Sent: Friday, June 22, 2001 1:20 PM Subject: Re: what is loopback interface for ? [7:9493] A loopback interface may be used for many purposes. You may use it as the end of a tunnel on a VPN configuration or you may configure it just to have a stable router-id for OSPF, for instance. You don't need to configure it. They are optional and you may use any address you want. If loopback intfs are following a specific address scheme in your network, then they must be planned for some specific function by who designed the network. You should not change it before knowing what function is this (what may be achieved by analyzing your configuration carefully). The subnet mask used on a loopback intf isn't also necessarily /24. This is frequently used though, to economize address space, since you don't need to differentiate network and host on this segment. In this case, host and network are the same and routing is performed with no problem. ER CCNA - Original Message - From: Susan Stone To: Sent: Friday, June 22, 2001 7:22 AM Subject: what is loopback interface for ? [7:9493] Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9584t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wan technology [7:9475]
diversity is key. know them all and don't pigeon hole your self. Rico -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Poon Sent: Friday, June 22, 2001 1:33 AM To: [EMAIL PROTECTED] Subject: Wan technology [7:9475] Dear all, Which vendor's WAN technology is more valuable in the market. Nortel passport , juniper or Cisco. Thanks Ronnie Poon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9585t=9475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Fibre config question [7:9492]
Paste your 3500 config here. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9586t=9492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is Https working? [7:9390]
Look out - stupid question below... What should you get from telnet on 443 to cisco.com. I get a blank screen as you sometimes do on port 80, but with http I know enough of the commands to at least tell if I'm connected. Nothing I've tried seems to bring anything up. What am I missing? Cheers, Gaz Sam wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Telnet is my choice Telnet to cisco.com on port 443 Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cute and subtle. I like it. It's a lot better than testing by logging into some e-commerce site that you know offers SSL. Priscilla At 01:31 PM 6/21/01, Hire, Ejay wrote: Here's a handy feature for anyone who is playing with a firewall. It will let you know if SSL is working. Https://www.cisco.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9587t=9390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How Hard is Hard - Cisco Exams [7:9410]
I think the hardest thing is stating how hard an exam is. I think it depends totally on your experience and ability to grasp very different subjects. I thought I was going to struggle with the switching as my switching experience was fairly limited, but I found that most of it seemed to stick on my first read through the book. A bit of practical on the kit drummed it in and the exam came easy. In contrast to that, I thought the BSCN would be more up my street, but I'm trying to squeeze the info in to my head at the moment. The thing I found with the switching was that there were set topics to learn in big chunks, trunking, channelling, MLS, multicast etc which made it easier for whats left of 'my' brain at least. I'm finding with the routing, even the bits I thought I knew before are becoming blurred with the other chapters - confusing characteristics of EIGRP with OSPF with BGP etc. Exam's on Tuesday so we shall see. Good luck with yours. Gaz Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... CCNA - 5 CCDA - 4 BCMSN - 6 BSCN - 7 BCRAN - 8 CIT - 6 CID - ? That's next (After the BSCI beta ;-) Mike W. hal9001 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can I please canvass some opinion as to the relative difficulty of each of the Routing and Switching CCNA/CCDA/CCNP/CCDP Exams. For example relatively the CCNA Exam may be harder than say the Remote Access because you have to cover a bigger ground or number of subjects albeit in lesser depth. I don't want to draw out a long thread of it but it may be of use (and interest) personally and to other members who are planning their exams. If you could rate on a scale of 1-10 the following I'd be grateful; CCNA - ICND CCDA - DCN CCNP - BSCN - BCMSN - BCRAN - CIT CCDP - CID Thanks - Karl IMPORTANT NOTICE: This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Karl or Pauline HUTCHINSON. Karl Pauline HUTCHINSON accepts no responsibility for loss or damage arising from its use, including damage from virus. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9588t=9410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what is loopback interface for ? [7:9493]
I wouldn't worry too muchHe's got enough trouble trying to find employment with that Juniper Certification! Haha! -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 6:43 PM To: [EMAIL PROTECTED] Subject: Re: what is loopback interface for ? [7:9493] I had this huge post typed out ready to flame you for your response, but I don't want to lower myself to that level. I would hope that you are not an indication of the quality of people that Qwest hires. What an ass! Mike W. kevin jones wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can you explain to me how you can telnet into the router if all interfaces fail with the exception of the loopback interface? If ALL interfaces fail, the only way you can get to the router is via console or AUX. And you call yourself a CCNP. No wonder the value of Cisco certification value (with the exception of the CCIE) is becoming less desirable these days. Kevin Juniper Network Certified Internet Expert (JNCIE) Qwest Communiations From: Inno. Ama Reply-To: Inno. Ama To: [EMAIL PROTECTED] Subject: Re: what is loopback interface for ? [7:9493] Date: Fri, 22 Jun 2001 14:57:53 -0400 Sue, In addition to what ER had to say, the main purpose of loopback address is actually contained in your question.loopback interface is always up/up, and this helps you to possibly get into the router when there is problem and all interfaces fail, now you can see what is going on and troubleshoot after you have telneted into the router inno/ccnp --- Ednilson Rosa wrote: Sorry, Just a correction: the mask usually used for a loopback intf is /32 (255.255.255.255) and not /24 (255.255.255.0). Rgards, ER CCNA - Original Message - From: Ednilson Rosa To: Sent: Friday, June 22, 2001 1:20 PM Subject: Re: what is loopback interface for ? [7:9493] A loopback interface may be used for many purposes. You may use it as the end of a tunnel on a VPN configuration or you may configure it just to have a stable router-id for OSPF, for instance. You don't need to configure it. They are optional and you may use any address you want. If loopback intfs are following a specific address scheme in your network, then they must be planned for some specific function by who designed the network. You should not change it before knowing what function is this (what may be achieved by analyzing your configuration carefully). The subnet mask used on a loopback intf isn't also necessarily /24. This is frequently used though, to economize address space, since you don't need to differentiate network and host on this segment. In this case, host and network are the same and routing is performed with no problem. ER CCNA - Original Message - From: Susan Stone To: Sent: Friday, June 22, 2001 7:22 AM Subject: what is loopback interface for ? [7:9493] Hi, I always wonder what is loopback interface for? Can anyone explained its function? Can we don't configure the loopback interface. Our WAN Lookback always start with 192.168.X.X why? Must we use private IP? I found I can telnet to a remote router using its loopback IP. But I wonder How I route as it always have the subnet mask of 255.255.255.255. Then which is the network and which the host Susan _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9589t=9493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: configuring Hyperterminal Private edition w/Windows ME [7:9590]
I had a real nightmare with Windows ME and HyperTerminal which may or may not have been related to a change of laptop also. Try powering down your laptop, then powering it up while the console cable is connected. (Don't just restart - that doesn't do it). My com port kept locking out on changing device connections, and a full power down was the only answer. I suspect it may have been more hardware than software, but worth a try. Do me a favour and let me know if it has any effect. Cheers, Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I can connect to my Cisco devices but not communicate with them. I am using hyperterminal private edition and windows ME. is there anything special i have to do to get into the devices through the console port? Cables and Devices are known to be good. thank you for your time and consideration, Joe gearhart Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9590t=9590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]