Low BRI througput [7:12078]
Dear Sir Cisco recommends for low throughput for the ISDN BRI to verify that fair queuing is not enabled can anyone tell me the relationship between fair queuing and BRI throughput ? Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12078t=12078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RouterSim 3.0 [7:11342]
Have you timed the failover? How long did it take? Thomas Crowe wrote: Yes, I have that configuration at a customer's site that I configured. (Dual MSFC's in a HSRP pair on Cat 6509's) It has been working well. Let me know what your questions are, and maybe I can help. __ Thomas Crowe Senior Systems Engineer / Architect CTS - Atlanta Phone: 770-664-3900 ext 45 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lopez, Robert Sent: Monday, July 09, 2001 12:50 PM To: [EMAIL PROTECTED] Subject: RE: RouterSim 3.0 [7:11342] Has anyone configured dual MSFC's on a 6509 with HA, HSRP capabilities with success. I'm reading through this document... http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd /redund.htm#49378 It seems somewhat straight forward. Any opinions Robert -Original Message- From: Steve Smith [mailto:[EMAIL PROTECTED]] Sent: Monday, July 09, 2001 11:35 AM To: [EMAIL PROTECTED] Subject: RE: RouterSim 3.0 [7:11342] Yeah Jen is staying!!! Now could someone please give me some tips on how to take my two 4006 with RSM and make them as close to redundant as possible. I need to run HSRP on the RSM if possible. Thanks, Steve -Original Message- From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]] Sent: Monday, July 09, 2001 10:13 AM To: [EMAIL PROTECTED] Subject: Re: RouterSim 3.0 [7:11342] I have worked so hard studying and have loved all the wonderful contributions from the people that make this site special. But I am not a thief Phil...I really am not. We bought the disk..We didn't steal it. We all paid money that we had saved so we could study and pass our tests. We had a wonderful instructor that cared about us and helped us. They had special group studies on varied topics that people could participate in if they chose. We had dinners together. We were all involved together on a common mission of getting through our classes and passing our first cert together. I was not trying to implicate anything or anybody. Academically, it was a great environment and too bad more aren't the same and are conductive to learning. Since those times are past, this group, without it being a formal classroom is the closest thing I have to college. And right now, I am just discouraged... It is greatly distracting me from what my goals are. I do not mind a debate but over pertinent issues that matter in the long run from a 'cert viewpoint' but this is not one of those issues, but it is, like I said, very distracting for me from a personal standpoint regarding my studying. I have never even read one of Howards, Priscilla's or Tom's books, but I bet they are good. Of course, I am only assuming that based on the answers I have seen posted by them on this site and the 'free' study material compiled by them posted on certificationzone.com that is available on a monthly basis that I have read. Those people are why I stayed, because you can learn from them. But I have not stolen anything from them Phil as was implied by Wigle. And you are right..this is ridiculousI enjoy this site too much for one Wigle to run me off. I guess I will just wait for the dark blue sedan to pull up with all the haggling lawyers Jenn 7/9/2001 9:30:48 AM, Circusnuts wrote: What !!! Now this is ridiculous Jennifer- unless you're getting hate mail the rest us are not seeing, no one else on this list cares. I enjoy you posts am surprised Kevin has carried things this far... Phil - Original Message - From: Jennifer Cribbs To: Sent: Monday, July 09, 2001 10:18 AM Subject: Re: RouterSim 3.0 [7:11342] Rational or otherwise, an already convicted thief or not, I have withdrawn my subscription from groupstudy.. 7/9/2001 8:42:33 AM, Kevin Wigle wrote: Jennifer, I'm not condemning you. I've read your posts and I thought you a rational person. But just read this We couldn't afford it otherwise. None of us. We all copied it to use from our school burner. It was registered in a co-instructors name. It was all about wanting to pass and learning and him helping us. Not cheating or pirating. Right or wrong, that's what we did. Can't get much closer to a confession than that. We normally includes the person talking but I'll let the lawyers haggle that one. Anyway, think of all the people on this list that make this list such a great place for learning. Howard Berkowitz, Author and Instructor Tom Lisa, Author and Instructor Priscilla Oppenheimer, Author and Instructor Not to mention the many CCIE's on the list. They give their time freely to the list which is as good as it gets. On the other hand, some people still want to steal from them and others.
Can not find Enterprise Edition [7:12081]
Hi All, I am looking for Catalyst 1900 switch Enterprise edition software to upgrade my 5 switches.I tried to find it on Cisco web site it always ask for password.Any one can help me to download it. Regards , sami __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12081t=12081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router Security link - NSA [7:12082]
I saw this on another list, and felt it was worth of passing on in light of the recent questions regarding securing/locking down routers... http://nsa1.www.conxion.com/ -e- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12082t=12082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routing polices [7:11896]
thank you very much. You advices were very helpful Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12083t=11896 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem On PIX Hardware [7:12084]
Hello Cisco Folks, The problem that we face is a lot unusual. We are successfully configured the PIX with Cicso Secure ACS software on the server and have created some user ID on the software for the authentication to access to internet through proxy server. The good thing is it can immediately ask for the authentication when first time to access to internet. But when we successfully login it, the next PC to access to internet, It doesn't ask for any authentication. Just straight away can access to internet. But after the Time-out period on the PIX, it will ask again for the authentication. Looks like once first ID have been logged in, the rest of the user can go in smoothly without any authentication. This is not logic at all. I'm not sure wether the problem is occured due to the Cisco Secure ACS software of the PIX hardware. Any Advice? Rgds, Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12084t=12084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACESS-LIST [7:12085]
I have A problem when i enabled CEF on a 4500 router with ios 12.0(5) T i have a problem that when i apply a new access-list it does not make any matches unless i disable then reenable the ip cef on the router what is that ? Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12085t=12085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco 1600 router [7:12088]
hello everybody, I have a cisco 1601 router in my office and windows Nt server in my home.For administration reasons i want to configure the router to call me back when i call him from home. I also have an isdn bri line and two net modes to make the project the scheme is: CISCO_1600 --NET MODENET MODE NT SERVER I ' ve tried to make a ppp multilink connection and it works fine .Then i configure the router to callback and i install the routing and remote access service in windows nt server with all (i thing) parameters configured well. I configure the nt server to call as a ras client , to receive calls as ras server , and to work for Dial on Demand Routing.Also I a make a user with all pap credentials right and with the permission grand dial in. When i place a call to the router with dialup networking and then in 3 seconds about cancel the try , the router calls me bac after 15-20 seconds, but i cannot ping to the router . As it seems in the debugs output the router sends pap request but the nt server does not answer,show the ppp phase doesn t came up and no ipcp messages are shown. has anyone idea where is the problem? Follw is the router configurations and the debugs output,appreciated any help! KOSTAS AGGELAKIS CISCO_1600#s ru Building configuration... Current configuration: ! version 12.1 service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname CISCO_1600 ! logging buffered 8192 debugging aaa new-model aaa authentication login default local aaa authentication ppp default local aaa authorization network default local enable secret 5 $1$Yx2j$fxjTmOqE0x2/hV4EI/rm.. enable password 7 130B ! username yxydas password 7 110D1608121B0803112327282D20 username KDD\kaggelaki callback-rotary 1 password 7 155341010138242A2920 username kaggelaki password 7 041A410B0A334340080A ! ! ! ! ip subnet-zero ip domain-name teiath.gr ip name-server 195.130.100.19 ip name-server 195.130.100.18 ! isdn switch-type basic-net3 ! ! ! interface Ethernet0 description syndesh me router 7513 ip address 195.130.XXX.XXX 255.255.255.192 no ip mroute-cache ! interface Serial0 physical-layer async no ip address no ip mroute-cache shutdown ! interface BRI0 no ip address encapsulation ppp no ip mroute-cache dialer rotary-group 1 isdn switch-type basic-net3 no fair-queue no cdp enable ! interface Dialer0 no ip address no cdp enable ! interface Dialer1 description connected to callback(isdn) ip address 195.130.XXX.XXX 255.255.255.192 encapsulation ppp no ip split-horizon dialer in-band dialer idle-timeout 300 dialer enable-timeout 20 dialer caller 015319789 callback dialer map ip 195.130.XXX.XXX name kaggelaki class callback 015319789 dialer-group 1 no peer default ip address no fair-queue no cdp enable ppp callback accept ppp authentication pap callin ppp pap sent-username CISCO_1600 password 7 074E6B414B1B160B1601 ppp multilink ! ip default-gateway 195.130.XXX.XXX ip classless ip route 0.0.0.0 0.0.0.0 195.130.XXX.XXX no ip http server ! ! map-class dialer callback dialer callback-server username dialer-list 1 protocol ip permit snmp-server engineID local 000902107B2CDC4C snmp-server community public RO ! line con 0 transport input none line 1 line vty 0 4 exec-timeout 0 0 ! end CISCO_1600#s log Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 2150 messages logged Monitor logging: level debugging, 1072 messages logged Buffer logging: level debugging, 2150 messages logged Trap logging: level informational, 58 message lines logged CISCO_1600# *Mar 1 01:37:55: ISDN BR0: RX SETUP pd = 8 callref = 0x0E *Mar 1 01:38:05: Bearer Capability i = 0x8890 *Mar 1 01:38:05: Channel ID i = 0x83 *Mar 1 01:38:05: Called Party Number i = 0x80, '015319789', Plan:Unknow n, Type:Unknown *Mar 1 01:38:05: ISDN BR0: RX CONNECT_ACK pd = 8 callref = 0x0E *Mar 1 01:38:06: ISDN BR0: received HOST_CONNECT call_id 0x800E *Mar 1 01:38:06: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Mar 1 01:38:06: BR0:1 PPP: Treating connection as a callout *Mar 1 01:38:06: BR0:1 PPP: Phase is ESTABLISHING, Active Open *Mar 1 01:38:06: BR0:1 LCP: O CONFREQ [Closed] id 16 len 31 *Mar 1 01:38:06: BR0:1 LCP:AuthProto PAP (0x0304C023) *Mar 1 01:38:06: BR0:1 LCP:MagicNumber 0x10D5B8B5 (0x050610D5B8B5) *Mar 1 01:38:06: BR0:1 LCP:MRRU 1524 (0x110405F4) *Mar 1 01:38:06: BR0:1 LCP:EndpointDisc 1 Local (0x130D01434953434F5F313630 30) *Mar 1 01:38:06: ISDN BR0: Event: Connected to 015319789 on B1 at 64 Kb/s *Mar 1 01:38:06: ISDN BR0: RX DISCONNECT pd = 8 callref = 0x0E *Mar 1 01:39:57: Cause i = 0x8090 - Normal call clearing *Mar 1 01:39:58: ISDN BR0: RX RELEASE_COMP pd = 8 callref = 0x0E *Mar 1 01:39:58: ISDN BR0: received HOST_DISCONNECT_ACK call_id 0x800E *Mar 1 01:39:58: ISDN BR0: HOST_DISCONNECT_ACK: call type is
upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12089]
Hi can anbody please help me with this i will be upgrading my catalyst 5000 IOS what are the things that needed to be taken care before doing this .i have supervisior card 2 runnnign on it and they are runnign in redudant mode ..i have 2 catalyst 5000what can be like probaable problems .i think i saw somehting like this on cisco but right now i am unable to find this . any help will be appreciated . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12089t=12089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Low BRI througput [7:12078]
It would be interesting to see the document that recommends that action - after all, WFQ is designed to help with low bandwidth links without the need for complicated config. It is more likely that it is recommended to turn off WFQ when using ppp multilink across the ISDN connection. This is probably to avoid any unnecessary fragment delay which could lead to malformed packets and retransmissions. So in answer to your question, there is no real connection between BRI performance and WFQ but cisco probably recommend disabling WFQ to avoid other problems. Cheers Charlie --- Mohammed Saro wrote: Dear Sir Cisco recommends for low throughput for the ISDN BRI to verify that fair queuing is not enabled can anyone tell me the relationship between fair queuing and BRI throughput ? Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12090t=12078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
eigrp and sec address [7:12087]
Hello, i've got two routers sharing one common network...one of this routers got a secondary address defined over the interface... is there any way to make this secondary net be visible on the shared network dynamically using EIGRP Thank you very much in advance, _ Javier A. Herrera Centro de Proceso de Datos Universidad de Oviedo mailto:[EMAIL PROTECTED] _ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12087t=12087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem On PIX Hardware [7:12084]
Steiven, It sounds like those users who have logged in were using PAT(single ip nat'ed). If that's the case, then your ACS/pix can only see one single ip. Only enhance you can change on the pix is to change the time-out to be as low as you can without annoying users logon process. -Frank On Thu, 12 Jul 2001, Steiven Poh-(Jaring MailBox) wrote: Hello Cisco Folks, The problem that we face is a lot unusual. We are successfully configured the PIX with Cicso Secure ACS software on the server and have created some user ID on the software for the authentication to access to internet through proxy server. The good thing is it can immediately ask for the authentication when first time to access to internet. But when we successfully login it, the next PC to access to internet, It doesn't ask for any authentication. Just straight away can access to internet. But after the Time-out period on the PIX, it will ask again for the authentication. Looks like once first ID have been logged in, the rest of the user can go in smoothly without any authentication. This is not logic at all. I'm not sure wether the problem is occured due to the Cisco Secure ACS software of the PIX hardware. Any Advice? Rgds, Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12086t=12084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MCNS 2.0 [7:12091]
Hi group Have anyone studying for MCNS 2.0 or given the exam???/ If so, what books need to be prepared apart from Cisco press book written by Michael Wenstrom. Any comments on how the questions are, and what level of difficulty it is. Do we need to have hands on experience on Pix or rather studying and understanding the concept is enough. Thanks in advance Fahim CCNA, CCDA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12091t=12091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
I have always thought that NetWare only auto-generated its internal network number (based on date and time of installation, which semi-gurantees uniqueness of the address), but the external network numbers had to be entered manually for each frame type. I may be wrong, but I don't think it auto-detects existing network numbers on the line. CM -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: 12 July 2001 03:18 To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Cool. I know about the different frame formats and running multiple ones which means you'll have multiple network numbers. I didn't know NetWare would automatically assign network numbers. What does it do if there are other servers and/or routers sharing the segment and they have already assigned the network number(s)? Is it smart enough to pick up on this? Thanks Priscilla At 08:08 PM 7/11/01, Patricia Leeb-Hart wrote: While it's certainly preferable to assign network numbers manually, NetWare will assign a random unique 8-digit hex IPX network number, depending on the installation process you choose. The express installation is really only useful for one-server environments and is an option I never used. Now, as to why it would assign multiple network numbers: normally only one frame type would be loaded (default is 802.3 with 3.2 and 4.x). However, it gives you the option to load them all, and often inexperienced admins will do so. So, if you loaded all the frame types and allowed NetWare to generate the network numbers, NetWare assumes that you'd do this in order to run multiple IPX networks. It's analogous to creating secondary addresses or sub-interfaces on a router, each with its unique network number and/or encapsulation. (i'd really like to see the AUTOEXEC.NCF for this particular server ) This isn't as much of an issue with 5.x, as the default protocol is IP. However, if you choose to install IPX compatibility, it will still offer you the choice of randomly generating the IPX network number. It's a NetWare thang. Priscilla Oppenheimer 07/11/01 01:28PM Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12092t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN QUERY [7:12068]
Use static route on router D. This will overide the dynamically learnt route to 10.1.1.0 CM -Original Message- From: Grad Alfons Kanon [mailto:[EMAIL PROTECTED]] Sent: 12 July 2001 06:49 To: [EMAIL PROTECTED] Subject: VPN QUERY [7:12068] All, need help, I have such scenarios like this. Router A as the headquesrter connect to router B, C and D, (let says using star connection) Segment A's ethernet: 172.10.0.0 segment B's ethernet: 10.0.0.0 segment C's ethernet: 170.20.0.0 segment D's ethernet: 170.30.0.0 let's assume that all of the WAN interfaces from B C D to A are using /30 mask and using 170.100.0.0 segment. Routing protocol is dynsmic (EIGRP or OSPF) The problem is: there's one small segment in C router (let says in other ethernet) that has 10.1.1.0/24. How can I create a VPN from B to C, so if client from D want to go to 10.1.1.0 segment, they will go to B first , not direcly go to C. regards Grad __ ___ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12093t=12068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Completely off topic here... [7:12060]
I have a vinyl player capable of attaining two speeds (can't remember what they are), with a whopping, monstrous 5watts RPM per speaker...beat that -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: 12 July 2001 06:52 To: [EMAIL PROTECTED] Subject: RE: Completely off topic here... [7:12060] Hi, This ole guy will make you jealous, I have a Telecaster for over 30 Years now, a Precision Bass a couple of years newer, a 12 String Rickenbacker, and one you won't see outside Australia but is about as good an acoustic aas you'll get a Maton CW80 getting well into it 30's. Just some of a good little collection that I still use when I'm short or just for fun. Teunis, Hobart, Tasmania Asutralia On Wednesday, July 11, 2001 at 11:47:47 PM, [EMAIL PROTECTED] wrote: Ole - I play a Strat myself, great guitars (and always a fan of Mr. Ray Vaughn) I just bought a Spyder Line 6 Amp, but my main-stay is an old Fender 75...Great Amps, but they weigh a ton... As for Portland, I just moved up from the Bay Area...This place is rockin' Good job market, very low cost of living. The only thing you have to get over is the weather. Granted, it has been 80 - 90 lately, it is usually overcast and raining. I heard Houston was really turning around, and, funny thing, my wife wants to start looking in Austin.. I heard the market is really looking good out there. Cheers, Duncan -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 8:10 PM To: '[EMAIL PROTECTED]'; Ole Drews Jensen; [EMAIL PROTECTED] Subject: RE: Completely off topic here... It sure is Duncan, It's my Fender Princeton Chorus which I use with my Standard Fender Stratocaster, my SRV Signature Fender Stratocaster, my Jackson and my Epiphone. It's always nice to pick the guitar and play some riffs. I can see you're from Oregon. That's actually a place my wife and I have talked about moving to, the day we get really really tired of the traffic and polution in Houston. How is it workwise - are there some good jobs with decent salaries up there? Thanks, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.oledrews.com/ccnp NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:08 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Completely off topic here... Ole - Just curious about the backround of your lab shot...Is that a guitar amp ??? Looks so much like my lab ??? Thanks, Duncan Duncan Wallace Sr. Network Engineer CCNA CCNP 800.COM Inc. 1516 NW Thurman St Portland, OR 97209-2517 Direct: 503.944.3671 Cell: 503.969.8248 Fax: 503.943.9371 Web: http://800.com Email: [EMAIL PROTECTED] -Original Message- From: Ole Drews Jensen [ mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 7:07 PM To: [EMAIL PROTECTED] Subject: OSPF Neighbor - I'm confused! [7:12048] Okay. Everything works in my new frame relay environment. I have followed the Configuring OSPF for a Single Area in an NBMA Environment section of my CiscoPress BSCN book. Router 1 is setup as a Frame Relay switch. Router 2 and 3 are communicating with eachother on a PVC through Router 1. Router 2's connected interface has an OSPF priority of 0, and Router 3 has therefore been elected as the DR, and I have added Router 2's IP address manually on Router 3 as it's OSPF neighbor. All this works great. If I do a show ip ospf int on Router 3, it shows that it's the DR, and that it has one OSPF neighbor - Router 2. Now, the book tells me that even though it's not necessary, I should add Router 3 as the OSPF neighbor on Router 2. I am a very nice guy, so I did that right away. However, this is where I am confused... After I have added Router 3 as the OSPF neighbor on Router 2 (and of course have saved the configuration), it does not show up in my sh conf like Router 2 does on Router 3. But, it does show up in show ip ospf int on Router 2 as it's neighbor. I don't get it. Can anyone turn on the light here? Thanks, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.oledrews.com/ccnp NEED A JOB ??? http://www.oledrews.com/job -- www.tasmail.com Message Posted
RE: Access-list Question [7:12043]
I don't believe this guy will actually implement this configuration. I think he just wants to know if it is theoretically possible. CM -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: 12 July 2001 06:56 To: [EMAIL PROTECTED] Subject: Re: Access-list Question [7:12043] Hi, You have one in and one out. It would seem a bit strange blocking and/or allowing the same stuff in both directions however. Also if you were to monitor your access-list 100 it would not be able to identify which way the data came from easily. Just a thought Teunis, Hobart, Tasmania Australia On Wednesday, July 11, 2001 at 08:12:38 PM, Washington Rico wrote: Is it true that you can have only one access-list per direction per interface. If so the below configuration be correct or incorrect. Thank you for your input. interface BRI0/0:1 description Connection Segment bandwidth 64 ip address X.X.X.X 255.255.255.240 ip access-group 100 in ip access-group 100 out no ip directed-broadcast encapsulation ppp no keepalive no cdp enable __ ___ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12095t=12043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast Unregistered Multicast from forwarding through the Source port not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic---| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 not updated to the Router Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12096t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MCNS 2.0 [7:12091]
Hi, I prepared using Michael Wenstrom book and Donald C. Lee`s book (Enhanced IP Services for Cisco Networks, Chapter 6-8 ISBN 1-57870-106-6). I think Donald`s book is easy to understand than Michael`s which looks like a manual that anyone can download from CCO. Understanding the concept to pass this exam is not enough, since there are a lot of Qs regarding the CLI (fo PIX or IOS) to configure IPSec and CBAC. Regards, EML CCNP+Voice, CCDP - Original Message - From: fahim To: Sent: Thursday, July 12, 2001 6:12 PM Subject: MCNS 2.0 [7:12091] Hi group Have anyone studying for MCNS 2.0 or given the exam???/ If so, what books need to be prepared apart from Cisco press book written by Michael Wenstrom. Any comments on how the questions are, and what level of difficulty it is. Do we need to have hands on experience on Pix or rather studying and understanding the concept is enough. Thanks in advance Fahim CCNA, CCDA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12097t=12091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS 2.0 [7:12091]
That book is good enough, concentrate on Chapters 1 thru 3 and 13 thru 14 inclusive. When i took the exam there were very few CLI type questions, at least 70% on putting together a security policy and PKI, IKE, ISAKMP etc. As to CLI understand things like how to clear the NAT table, what NAT 0(Zero) does, and the process of AAA, Radius TACACS+ Good Luck fahim wrote: Hi group Have anyone studying for MCNS 2.0 or given the exam???/ If so, what books need to be prepared apart from Cisco press book written by Michael Wenstrom. Any comments on how the questions are, and what level of difficulty it is. Do we need to have hands on experience on Pix or rather studying and understanding the concept is enough. Thanks in advance Fahim CCNA, CCDA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12098t=12091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can not find Enterprise Edition [7:12081]
got your smartnet contract set up? Call 1-800-553-NETS, and the good folks there will be happy to step you through getting your contract activated, and your CCO login in place. Once done, you will be able to download the software you need. HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sami natour Sent: Thursday, July 12, 2001 12:05 AM To: [EMAIL PROTECTED] Subject: Can not find Enterprise Edition [7:12081] Hi All, I am looking for Catalyst 1900 switch Enterprise edition software to upgrade my 5 switches.I tried to find it on Cisco web site it always ask for password.Any one can help me to download it. Regards , sami __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12099t=12081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Duplicate Ip addresses ! [7:12100]
I am monitoring cisco routes via netview. I decommissioned 2 interfaces on the cisco router and put it on an other outer. Now I am getting alerts on netview Duplicate Ip addresses .. it's the same ip addresses/FastEthernet interface which I decommissioned. How can I address this problem ? How to flush out this on a route ? Cheers Shella k _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12100t=12100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
catalyst 5000 rebooted [7:12101]
hi we have catalyst 5000 in our organization and last week oneof our catalyst 5000 rebooted bu its own ...can anyboby tell me what could be the probabale cause or where one shoulb be looking for it ... how do i start looking for it .Please help this reboot has caused the services to be stopped for 15 minutes and it is really big issue for us why it happened ...i think i am totally stuck ..can anybody give a a start . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12101t=12101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Duplicate Ip addresses ! [7:12100]
what are you - the night shift in the NOC? when you say you decommissioned the interfaces, did you issue shutdown commands? physically pull the wires so they aren't connected to anything? in general, issuing a shutdown command on an interface prevents it from telling the network about itself. I'm wondering if your monitoring software has failed to flush the old interfaces, and is complaining when it sees the new interfaces come on line when it already has those addresses in its database. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of shella kevin Sent: Thursday, July 12, 2001 3:42 AM To: [EMAIL PROTECTED] Subject: Duplicate Ip addresses ! [7:12100] I am monitoring cisco routes via netview. I decommissioned 2 interfaces on the cisco router and put it on an other outer. Now I am getting alerts on netview Duplicate Ip addresses .. it's the same ip addresses/FastEthernet interface which I decommissioned. How can I address this problem ? How to flush out this on a route ? Cheers Shella k _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12102t=12100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
redistribute subnet vs. redistribute connected [7:12103]
Hi all One is ospf's subnet command: redistribute subnet The other is eigrp's connected command: redistribute connected Are these two kind of same? I know that without subnet keyword, ospf's routing table shows only major network address that are not directly connected the redistributing router will be redistributed. I was wondering if this is true for eigrp's connected Thanks JP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12103t=12103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Thanks for all the responses. This is the only IPX speaking box on the wire and the first NW5.1 server to be brought up. I understand that it supports and automatically loads all IPX frame types by default if IPX is chosen along with the default and preferred IP protocol. From the replies it seems that each frame type would belong to a DIFFERENT IPX network? Or is it just DIFFERENT WAYS of writing out IPX network addresses depending on the frame type used? Again, thanks for the enlightenment. Elmer -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12112t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: eigrp and sec address [7:12087]
I may be misunderstanding your topology...it would help if you posted config excerpts. As far as my experience has been, secondary addresses are configured in eigrp in the same way as primary addresses. Just make sure you've included the router eigrp [network#] and network xx.xx.xx.xx commands on the relevant router. Both routers need to be using eigrp and having the same autonomous system number in order to see each others updates (unless you are redistributing routes, but I won't get into that). Post your config and the group will be better able to see what's up, ok? -Mark A. Morenz, MS Ed, CCNA, CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12113t=12087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Study Group in Phoenix, Arizona [7:12114]
Is any one aware of any CCNP study groups in my area? I have equipment and want to find some serious people to study with. E-mail or call any time. Thanks, -- Vik Evans - MCSE, CCNA, CCDA [EMAIL PROTECTED] (602) 206-5335 (480) 633-1888 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12114t=12114 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Mawhoob [7:12107]
i have a problem with one DSL customer with a speed of 128 kbps conected to my company through 2 exchanges via copper wires 0.4 mm thick the line is up and the protocols goes up and down i checked the H/W it is ok but the physical line has input errors and crc's whta is the solution Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12107t=12107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Alternatives to 2509/2511 for 8n1 console access? [7:12061]
you could get an older cisco cs-500. they came in both 8 and 16 port models. You can pick one up for a couple of hundred on ebay. Neil Schneider Ryan O'Reilly wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I'm curious if anybody knows of any inexpensive alternatives to the 2509/2511 routers to reverse telnet into console ports? I've seen some products online but they don't specifically state they will work for Cisco console access, and none of the sales reps are able to give me a strait answer. Thanks! - Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12109t=12061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12106]
Hi, You need to make sure you have 32Mb RAM installed for each Supervisor engine, even though the image still fits in 8Mb flash Peter Arun wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi can anbody please help me with this i will be upgrading my catalyst 5000 IOS what are the things that needed to be taken care before doing this .i have supervisior card 2 runnnign on it and they are runnign in redudant mode ..i have 2 catalyst 5000what can be like probaable problems .i think i saw somehting like this on cisco but right now i am unable to find this . any help will be appreciated . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12106t=12106 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: redistribute subnet vs. redistribute connected [7:12103]
OSPF also uses redistribute connected to redistribute all connected interfaces that don't belong to any OSPF area, but have IP enabled on the interfaces. These are redistributed as external to the AS. CM -Original Message- From: Jeongwoo Park [mailto:[EMAIL PROTECTED]] Sent: 12 July 2001 12:12 To: [EMAIL PROTECTED] Subject: redistribute subnet vs. redistribute connected [7:12103] Hi all One is ospf's subnet command: redistribute subnet The other is eigrp's connected command: redistribute connected Are these two kind of same? I know that without subnet keyword, ospf's routing table shows only major network address that are not directly connected the redistributing router will be redistributed. I was wondering if this is true for eigrp's connected Thanks JP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12108t=12103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Low BRI througput [7:12078]
it is recommended in the BCRAN book But i didn't understande what u said what is the fragmentation delay ? Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 - Original Message - From: Charlie Hartwell To: Sent: Thursday, July 12, 2001 11:53 AM Subject: Re: Low BRI througput [7:12078] It would be interesting to see the document that recommends that action - after all, WFQ is designed to help with low bandwidth links without the need for complicated config. It is more likely that it is recommended to turn off WFQ when using ppp multilink across the ISDN connection. This is probably to avoid any unnecessary fragment delay which could lead to malformed packets and retransmissions. So in answer to your question, there is no real connection between BRI performance and WFQ but cisco probably recommend disabling WFQ to avoid other problems. Cheers Charlie --- Mohammed Saro wrote: Dear Sir Cisco recommends for low throughput for the ISDN BRI to verify that fair queuing is not enabled can anyone tell me the relationship between fair queuing and BRI throughput ? Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12105t=12078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what are some of the best materials to prep for the CCIE lab? [7:12115]
I just passed my RS written exam, I want to know what study materials are best for prepping for the lab. I currently have Routing tcp/ip from Doyle and Halabi's BGP book. I am looking for a CCIE lab book and/or CDs. Any input appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12115t=12115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Security Certifications [7:12116]
I want to get a well recognized security certification. I know about Cisco Security Specialist and the CCIE Security, but are there any others that are more widely recognized in the industry or any well know vendor independent security certifications. Bruce Williams [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12116t=12116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Duplicate Ip addresses ! [7:12100]
I have seen this before on HP OpenView. SNMP is and will still see the ip address even if it is shutdown. You must remove the IP address of the other router mmmhh ! yes i shutdown the interface and then bring it up ... looks like the software issue to me too anyother way i can check on the cisco router if they still exists? btw what is NOC ? From: Chuck Larrieu To: shella kevin , Subject: RE: Duplicate Ip addresses ! [7:12100] Date: Thu, 12 Jul 2001 03:47:34 -0700 what are you - the night shift in the NOC? when you say you decommissioned the interfaces, did you issue shutdown commands? physically pull the wires so they aren't connected to anything? in general, issuing a shutdown command on an interface prevents it from telling the network about itself. I'm wondering if your monitoring software has failed to flush the old interfaces, and is complaining when it sees the new interfaces come on line when it already has those addresses in its database. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of shella kevin Sent: Thursday, July 12, 2001 3:42 AM To: [EMAIL PROTECTED] Subject: Duplicate Ip addresses ! [7:12100] I am monitoring cisco routes via netview. I decommissioned 2 interfaces on the cisco router and put it on an other outer. Now I am getting alerts on netview Duplicate Ip addresses .. it's the same ip addresses/FastEthernet interface which I decommissioned. How can I address this problem ? How to flush out this on a route ? Cheers Shella k _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12117t=12100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN QUERY [7:12068]
One additional thought...you'll want to test this, but I believe you will need to put the static route on Router A, not Router D. If you just put one on router D, you will just be defining Router A as the next hop (which it is anyway) and then Router A would just forward it to Router C as per it's own routing tables because it's receiving updates from Router C as well as all of the others... (also, keep in mind that the new Static route on A will send *everything* for that target to Router B, regardless of where it comes from.) This can all be ironed out in the testing of course. Mark A. Morenz, MS ED, CCNA, CCAI Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12118t=12068 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eigrp and sec address [7:12087]
Javier, EIGRP will support secondary addresses. However, neighbor relationships will NOT be formed with the secondary addresses. Refer to: http://www.cisco.com/warp/customer/103/eigrpfaq.html#Q1.3 A good white paper on EIGRP can be found at: http://www.cisco.com/warp/customer/103/eigrp1.html I found on the Cisco site, a way to get around not getting any routing updates from the secondary IPs If an interface is configured with secondary IP addresses, split horizon rules can affect whether or not routing updates are sourced by these secondary addresses. If the primary and secondary IP address network numbers belong to the same network class, routing updates source by the secondary address are suppressed unless split horizon is disabled. If the primary and secondary addresses do not belong to the same network class, routing updates sourced by the secondary address are not suppressed. So it looks like if you disable split horizon you will send and receive the routing updates but not form neighbor relationships. Hope this helps. Debbie --- Javier A. Herrera wrote: Hello, i've got two routers sharing one common network...one of this routers got a secondary address defined over the interface... is there any way to make this secondary net be visible on the shared network dynamically using EIGRP Thank you very much in advance, _ Javier A. Herrera Centro de Proceso de Datos Universidad de Oviedo mailto:[EMAIL PROTECTED] _ [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12120t=12087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eigrp and sec address [7:12087]
Javier, EIGRP will support secondary addresses. However, neighbor relationships will NOT be formed with the secondary addresses. Refer to: http://www.cisco.com/warp/customer/103/eigrpfaq.html#Q1.3 A good white paper on EIGRP can be found at: http://www.cisco.com/warp/customer/103/eigrp1.html I found on the Cisco site, a way to get around not getting any routing updates from the secondary IPs If an interface is configured with secondary IP addresses, split horizon rules can affect whether or not routing updates are sourced by these secondary addresses. If the primary and secondary IP address network numbers belong to the same network class, routing updates source by the secondary address are suppressed unless split horizon is disabled. If the primary and secondary addresses do not belong to the same network class, routing updates sourced by the secondary address are not suppressed. So it looks like if you disable split horizon you will send and receive the routing updates but not form neighbor relationships. Hope this helps. Debbie --- Javier A. Herrera wrote: Hello, i've got two routers sharing one common network...one of this routers got a secondary address defined over the interface... is there any way to make this secondary net be visible on the shared network dynamically using EIGRP Thank you very much in advance, _ Javier A. Herrera Centro de Proceso de Datos Universidad de Oviedo mailto:[EMAIL PROTECTED] _ [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12119t=12087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Some questions for PIX experts [7:12122]
Hello all. I'm looking for some PIX experts to help me with the following strangeness I found while fiddling around with the Pix. For purposes of this discussion, I am using PixOS 5.3, and I got a Pix 530 with 2 interfaces. The inside interface has a network of 192.168.1.0/24, and the outside interface is 50.0.0.0/8. The inside network has a few PC's, the outside network has a server at 50.5.5.5 running WWW, FTP, and telnet. And I always use clear xlate after I change anything on the PIX. 1) Question on Outbound - is the documentation wrong? I have carefully read the documentation on the Outbound keyword. The link is here for convenience: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com mands.htm#xtocid223341 The documentation states the following: The outgoing_src and outgoing_dest outbound lists are filtered independently. If any one of the filters contain deny, the outbound packet is denied. When multiple rules are used to filter the same packet, the best matched rule takes effect. The best match is based on the IP address mask and the port range check. More strict IP address masks and smaller port ranges are considered a better match Now, I am not a genius, but it seems to me that this paragraph states that the PIX will prefer an outbound statement that is a longer match (mask or port number) over a lesser match. Is that correct? But the fact of the matter that this does not work for me. I have discovered that my PIX does not in fact do a longest match at all. For example, I put in the commands: outbound 1 deny 0 0 0 outbound 1 permit 50.5.5.5 255.255.255.255 0 Then I apply it, and I find out that nobody on the inside can access the 50.5.5.5 server, even though it seems like the second outbound statement should override the first statement (because it is a longer match). Now, those who of you who might want to know whether the Pix is working properly or not, or whether I applied the outbound list correctly or not, consider this. I then changed the outbound statements to read this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 And I see that indeed, everybody on the internal network is indeed denied to everything except the 50.5.5.5 server. So I know the Pix is working, and I am correctly applying the outbound list. My only conclusion that I can make is that either the documentation on the outbound keyword is either seriously wrong (and therefore it is false that the Pix does a longest match) or my Pix is seriously warped. 2) Question on direction of Apply keyword - another error in the documentation?: Once again, referring to the documentation, this time on the Apply keyword. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com mands.htm#xtocid223341 I am interested in whether to use 'outgoing_src' or 'outgoing_dest' with the 'Apply' keyword. For example, in my above example, I always used outgoing_src. I would do something like this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 apply (inside) 1 outgoing_src This would serve to block all access from the inside network to the outside, except for the 50.5.5.5 server, which is exactly the behavior I wanted. If I replace the apply statement with apply (inside) 1 outgoing_dest then everybody on the internal network can go everywhere, which is not the desired behavior I want. So I believe I understand how this works. If your Outbound list includes addresses of your internal PC's, then use outbound_dest. If it instead contains outside addresses, use outbound_src. I have tested this theory many times on my PIX, and it always follows this pattern. Then I look at the documentation examples, and they seem to have it backwards. For example, they have the following example: The following example prevents inside host 192.168.1.49 from accessing the World Wide Web (port 80): outbound 11 deny 192.168.1.49 255.255.255.255 80 tcp apply (inside) 11 outgoing_src I went and tried this and I discovered that it doesn't work at all. I fire up a spare PC that I have, give it the address of 192.168.1.49, and attach it to my inside network. I put in the above commands in the Pix, and I discover that the PC can go anywhere it wants, willy nilly. The above outbound list never gets invoked at all. But I found out that when I change the Apply statement to follow my pattern, instead of what the documentation says to do: apply (inside) 11 outgoing_dest Then the PC is indeed blocked. So what's up with that? What's screwed up, the documentation or my PIX? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12122t=12122 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Security Certifications [7:12116]
Hi, Look into checkpoint.com for CCSA and CCSE certs. Thanks, Sal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bruce Williams Sent: Thursday, July 12, 2001 9:16 AM To: [EMAIL PROTECTED] Subject: OT: Security Certifications [7:12116] I want to get a well recognized security certification. I know about Cisco Security Specialist and the CCIE Security, but are there any others that are more widely recognized in the industry or any well know vendor independent security certifications. Bruce Williams [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12121t=12116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12123]
Just go to the LAN Switching IOS site when you Login under Software Upgrades. You should see an opportunity to catch release note, etc. You will see an upgrade chart (if there is one for 4x to 5x). I had one with the Sup 1 All the best !!! Phil - Original Message - From: Arun To: Sent: Thursday, July 12, 2001 4:42 AM Subject: upgrade IOS from 4.4(1) to 5.5(9) for catalyst 5000 [7:12089] Hi can anbody please help me with this i will be upgrading my catalyst 5000 IOS what are the things that needed to be taken care before doing this .i have supervisior card 2 runnnign on it and they are runnign in redudant mode ..i have 2 catalyst 5000what can be like probaable problems .i think i saw somehting like this on cisco but right now i am unable to find this . any help will be appreciated . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12123t=12123 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Security Certifications [7:12116]
CISSP is used by big 5 consulting firms for credibility. See http://www.isc2.org/ for info. -Andrew Whelchel -Original Message- From: Bruce Williams [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:16 AM To: [EMAIL PROTECTED] Subject: OT: Security Certifications [7:12116] I want to get a well recognized security certification. I know about Cisco Security Specialist and the CCIE Security, but are there any others that are more widely recognized in the industry or any well know vendor independent security certifications. Bruce Williams [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12124t=12116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Animated OSPF, EIGRP BGP examples [7:12028]
I've got some CBT's that show it. I think they are from CBT systems or somesuch. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 5:37 PM To: [EMAIL PROTECTED] Subject: Animated OSPF, EIGRP BGP examples [7:12028] I was hoping that some of you might have come across a website with animated examples, showing every little conversation being sent across the network when routers start up, and start telling each other about their routes. If however this does not exist, then I want to make it myself, so if anyone instead has come across so very good descriptions about what exactly is being sent and when it's done, I would appreciate that too. Thanks for any comments on this. I will try to look in Doyle's book when I get home tonight, but please let me know if you know of an excellent site. Thanks, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.OleDrews.com/CCNP ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12125t=12028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mawhoob [7:12107]
You've got a line quality problem. Since you can't drop the speed, I'd suggest ordering a new pair from the ILEC. Additionally, you can try hooking up the router at the NID to eliminate Premise wiring as the possible cause. Does your DSLAM have a built in test head? We use the Lucent Stinger DSLAM's and have the ability to do a TDR and simple electronic tests on the line remotely. Ejay Hire Sr. Provisioning Engineer Broadslate Networks http://www.broadslate.net -Original Message- From: Mohammed Saro [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 7:50 AM To: [EMAIL PROTECTED] Subject: Mawhoob [7:12107] i have a problem with one DSL customer with a speed of 128 kbps conected to my company through 2 exchanges via copper wires 0.4 mm thick the line is up and the protocols goes up and down i checked the H/W it is ok but the physical line has input errors and crc's whta is the solution Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12127t=12107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mawhoob [7:12107]
Did you have the phone company run a line test? What is the loop length between the two? Is it a dry pair? You should be able to check the line quality through the DSL modem. You can also mess with the TX power settings. There other question is if it ever worked. If not there may be a short or crossover on the cable. DSL troubleshooting is fun for everyone! Good luck. -John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mohammed Saro Sent: Thursday, July 12, 2001 7:50 AM To: [EMAIL PROTECTED] Subject: Mawhoob [7:12107] i have a problem with one DSL customer with a speed of 128 kbps conected to my company through 2 exchanges via copper wires 0.4 mm thick the line is up and the protocols goes up and down i checked the H/W it is ok but the physical line has input errors and crc's whta is the solution Best Regards, Mohammed Saro Network Engineer GEGA NET Tel: +202-4149771 Ext:111 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12126t=12107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Security Specialization (PIX) [7:12129]
Anyone have informattion, where i can find simulated exams for Cisco PIX Advanced ? And what best sources, prepare for this exam ? Regards, Edgar Alves Nastri CCNA, CCSA, CCSE, MCSE+I, MCNE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12129t=12129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NDS- IPX problem [7:12020]
Are you using all cisco equipment or are you mixing cisco with other vendors? If you are using multiple vendors, make sure the sap and rip updates are happening at the same time. (either when changes are made, or every so many seconds) a lot of vendors' default configs are to allow updates when changes are made, where cisco is every so many seconds. Either will work, but both have to be configured the same. If they aren't you'll have sporadic problems and neither equipment will hold sap and rip updates properly. -Patrick Keith Townsend 07/11/01 05:59PM Where are you seeing the two different trees. Are you seeing them from Display Servers or from the SAP list on the router or from a Netware Client. If you are seeing this from a Router or Server this is pretty normal. But if you are seeing this from the client then this points to a communications problem between the Servers or a NDS corruption. Try doing a Reset Router on all the NetWare boxes within 15 seconds of each other. Then try running DSRepairs on each individual box that has a copy of the DS. Start with the Master. I hope this helps. Keith Townsend MCSE, CNE, CCNA AISA Technologies 312-629-1100 www.aisatech.com nusrat khwaja wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 1. One of my Netware5 server is showing two NDS trees instead of our single tree. The only difference is that the name of the real one is : a-b and the other one shown is a|b. a|b can not be opened but a-b is working. 2. At the same time, SHO IPX server on a Netware5 server shows only a few IPX servers but if I RESET ROUTER it shows all my IPX servers but only for about 15 minutes and then all except a few ipx servers disappear from sho ipx server. What could be wrong ?? _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12130t=12020 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN on 1750 router [7:12024]
I thought you could, but checked the feature navigator on CCO http://www.cisco.com/go/fn and it looks like a 2600 running IP Plus is the lowest end router that would. Jim -Original Message- From: Ahmed Mamoor Amimi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:14 PM To: [EMAIL PROTECTED] Subject: VLAN on 1750 router [7:12024] Can any one tell me if we can run the command encapsulation ISL on ethernet port of 1750 router . -Mamoor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12128t=12024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Each different frame type acts as a separate broadcast domain, thus they have different network numbers. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Thanks for all the responses. This is the only IPX speaking box on the wire and the first NW5.1 server to be brought up. I understand that it supports and automatically loads all IPX frame types by default if IPX is chosen along with the default and preferred IP protocol. From the replies it seems that each frame type would belong to a DIFFERENT IPX network? Or is it just DIFFERENT WAYS of writing out IPX network addresses depending on the frame type used? Again, thanks for the enlightenment. Elmer -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12132t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN in Germany [7:12050]
Search CCO for time based access lists. They are a new feature in of the 12.x's. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#22601 -Ejay -Original Message- From: Thomas Surber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:18 PM To: [EMAIL PROTECTED] Subject: ISDN in Germany [7:12050] How do you configure an ISDN semipermannet connection with a 10 hour subscription but can stay up passed the subscription if there is traffic on the line? TIA Thomas Surber Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12131t=12050 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 5000 rebooted [7:12101]
Hi How about doing a show version to see the reason of last reboot Arun wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi we have catalyst 5000 in our organization and last week oneof our catalyst 5000 rebooted bu its own ...can anyboby tell me what could be the probabale cause or where one shoulb be looking for it ... how do i start looking for it .Please help this reboot has caused the services to be stopped for 15 minutes and it is really big issue for us why it happened ...i think i am totally stuck ..can anybody give a a start . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12134t=12101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT Translations and Time Left [7:12133]
I'm performing NAT translations on one of our network connections and all is fine except that the server the people are connecting to is having an application issue. This causes them to time out waiting for a logon. They then try to initiate another connection and the same process occurs. If I do a show ip nat translations verbose I can see the individual connections and the NAT having taken place (doing an overload on the address space) and then these connections remain open for 24 hours. As the users keep attempting to open new connections the old connections remain up. tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:23 XXX.XXX.XXX.XXX:23 create 22:12:59, use 22:12:37, left 01:47:22, Is there a NAT command that let's me specify how long a connection can remain open? Say for instance, 2 hours instead of 24? -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12133t=12133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams to break them in. It will be one of those teams dealing with your problem - probably euro-config. I know a lot of those guys and, although they all work hard, they don't have the experience to deal with a case that gets over complicated. If you have had an RMA already and you are still no nearer to solving the problem then the next step is to have the case escalated. I expect this case has been going on for a few days already and has probably passed the P3 SLA so the TAC can escalate to a more technical team to get you a speedy fix. I hope this helps and I would appreciate it if you kept this under your hat. Regards Charlie --- Mears, Rob wrote: Any one ever had a problem loading IOS on a 3660 right out of the box? I have one with 64meg flash and 256 ram and the damn thing will not come out of RMMON. I have set the confreg to boot correctly still RMMON. I have flashed it with two different IOS (12112.2), swapped out Flash, MEM, even sent the chassis back to Cisco and the new one had the same problem. TAC has no clue, they have been sending me part and giving me to different Engineer with no luck. What gives? Rob [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12135t=12135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Some questions for PIX experts [7:12122]
nrf NRF, I think that this may help - you have to remember that packets outgoing_src source addresses are what are recieved on the INSIDE interface ie your local network, outgoing_dst are the destinatio of the packets recieved. t the fact of the matter that this does not work for me. I have discovered that my PIX does not in fact do a longest match at all. For example, I put in the commands: outbound 1 deny 0 0 0 outbound 1 permit 50.5.5.5 255.255.255.255 0 notice the keyword change, if you want to PERMIT a host, you should have it above the deny all (like an access list): outbound 1 permit 50.5.5.5 255.255.255.255 0 outbound 1 deny 0 0 0 but if you want to EXCEPT a host have it below the blanket deny all. outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 I also believe that from your example that 50.5.5.5 is the desitination ie - it's outside the pix, therefor to do what you want there you indeed have to use outgoing_dest because the source address of packets the pix recieve inbound on the inside interface will never have a source address other than 192.168.1.X For example, in my above example, I always used outgoing_src. I would do something like this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 apply (inside) 1 outgoing_src the above should be outgoing_dst as 50.5.5.5 is the destination of the packet. to filter on outgoing_src you would need to filter your internal ip address range as they are the ip's that will the source address on packets recieved on the inside interface: C -Original Message- From: nrf To: [EMAIL PROTECTED] Sent: 12/07/01 14:33 Subject: Some questions for PIX experts [7:12122] Hello all. I'm looking for some PIX experts to help me with the following strangeness I found while fiddling around with the Pix. For purposes of this discussion, I am using PixOS 5.3, and I got a Pix 530 with 2 interfaces. The inside interface has a network of 192.168.1.0/24, and the outside interface is 50.0.0.0/8. The inside network has a few PC's, the outside network has a server at 50.5.5.5 running WWW, FTP, and telnet. And I always use clear xlate after I change anything on the PIX. 1) Question on Outbound - is the documentation wrong? I have carefully read the documentation on the Outbound keyword. The link is here for convenience: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config /com mands.htm#xtocid223341 The documentation states the following: The outgoing_src and outgoing_dest outbound lists are filtered independently. If any one of the filters contain deny, the outbound packet is denied. When multiple rules are used to filter the same packet, the best matched rule takes effect. The best match is based on the IP address mask and the port range check. More strict IP address masks and smaller port ranges are considered a better match Now, I am not a genius, but it seems to me that this paragraph states that the PIX will prefer an outbound statement that is a longer match (mask or port number) over a lesser match. Is that correct? But the fact of the matter that this does not work for me. I have discovered that my PIX does not in fact do a longest match at all. For example, I put in the commands: outbound 1 deny 0 0 0 outbound 1 permit 50.5.5.5 255.255.255.255 0 Then I apply it, and I find out that nobody on the inside can access the 50.5.5.5 server, even though it seems like the second outbound statement should override the first statement (because it is a longer match). Now, those who of you who might want to know whether the Pix is working properly or not, or whether I applied the outbound list correctly or not, consider this. I then changed the outbound statements to read this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 And I see that indeed, everybody on the internal network is indeed denied to everything except the 50.5.5.5 server. So I know the Pix is working, and I am correctly applying the outbound list. My only conclusion that I can make is that either the documentation on the outbound keyword is either seriously wrong (and therefore it is false that the Pix does a longest match) or my Pix is seriously warped. 2) Question on direction of Apply keyword - another error in the documentation?: Once again, referring to the documentation, this time on the Apply keyword. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config /com mands.htm#xtocid223341 I am interested in whether to use 'outgoing_src' or 'outgoing_dest' with the 'Apply' keyword. For example, in my above example, I always used outgoing_src. I would do something like this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 apply (inside) 1 outgoing_src This would serve to block all access from the inside network to the outside, except for the 50.5.5.5 server, which is exactly the behavior I wanted. If I replace the apply statement with apply
Re: Security Certifications [7:12116]
CISSP... www.isc2.org Bruce Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I want to get a well recognized security certification. I know about Cisco Security Specialist and the CCIE Security, but are there any others that are more widely recognized in the industry or any well know vendor independent security certifications. Bruce Williams [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12136t=12116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Some questions for PIX experts [7:12122]
Think of it as more of a more specific match instead. A rule for 50.0.0.0/8 is less specific than a rule for 50.5.5.5/32. I would put the deny at the bottom of the list though - Original Message - From: nrf To: Sent: Thursday, July 12, 2001 8:33 AM Subject: Some questions for PIX experts [7:12122] Hello all. I'm looking for some PIX experts to help me with the following strangeness I found while fiddling around with the Pix. For purposes of this discussion, I am using PixOS 5.3, and I got a Pix 530 with 2 interfaces. The inside interface has a network of 192.168.1.0/24, and the outside interface is 50.0.0.0/8. The inside network has a few PC's, the outside network has a server at 50.5.5.5 running WWW, FTP, and telnet. And I always use clear xlate after I change anything on the PIX. 1) Question on Outbound - is the documentation wrong? I have carefully read the documentation on the Outbound keyword. The link is here for convenience: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com mands.htm#xtocid223341 The documentation states the following: The outgoing_src and outgoing_dest outbound lists are filtered independently. If any one of the filters contain deny, the outbound packet is denied. When multiple rules are used to filter the same packet, the best matched rule takes effect. The best match is based on the IP address mask and the port range check. More strict IP address masks and smaller port ranges are considered a better match Now, I am not a genius, but it seems to me that this paragraph states that the PIX will prefer an outbound statement that is a longer match (mask or port number) over a lesser match. Is that correct? But the fact of the matter that this does not work for me. I have discovered that my PIX does not in fact do a longest match at all. For example, I put in the commands: outbound 1 deny 0 0 0 outbound 1 permit 50.5.5.5 255.255.255.255 0 Then I apply it, and I find out that nobody on the inside can access the 50.5.5.5 server, even though it seems like the second outbound statement should override the first statement (because it is a longer match). Now, those who of you who might want to know whether the Pix is working properly or not, or whether I applied the outbound list correctly or not, consider this. I then changed the outbound statements to read this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 And I see that indeed, everybody on the internal network is indeed denied to everything except the 50.5.5.5 server. So I know the Pix is working, and I am correctly applying the outbound list. My only conclusion that I can make is that either the documentation on the outbound keyword is either seriously wrong (and therefore it is false that the Pix does a longest match) or my Pix is seriously warped. 2) Question on direction of Apply keyword - another error in the documentation?: Once again, referring to the documentation, this time on the Apply keyword. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/com mands.htm#xtocid223341 I am interested in whether to use 'outgoing_src' or 'outgoing_dest' with the 'Apply' keyword. For example, in my above example, I always used outgoing_src. I would do something like this: outbound 1 deny 0 0 0 outbound 1 except 50.5.5.5 255.255.255.255 0 apply (inside) 1 outgoing_src This would serve to block all access from the inside network to the outside, except for the 50.5.5.5 server, which is exactly the behavior I wanted. If I replace the apply statement with apply (inside) 1 outgoing_dest then everybody on the internal network can go everywhere, which is not the desired behavior I want. So I believe I understand how this works. If your Outbound list includes addresses of your internal PC's, then use outbound_dest. If it instead contains outside addresses, use outbound_src. I have tested this theory many times on my PIX, and it always follows this pattern. Then I look at the documentation examples, and they seem to have it backwards. For example, they have the following example: The following example prevents inside host 192.168.1.49 from accessing the World Wide Web (port 80): outbound 11 deny 192.168.1.49 255.255.255.255 80 tcp apply (inside) 11 outgoing_src I went and tried this and I discovered that it doesn't work at all. I fire up a spare PC that I have, give it the address of 192.168.1.49, and attach it to my inside network. I put in the above commands in the Pix, and I discover that the PC can go anywhere it wants, willy nilly. The above outbound list never gets invoked at all. But I found out that when I change the Apply statement to follow my pattern, instead of what the documentation says to do: apply (inside) 11 outgoing_dest Then the PC is indeed blocked. So what's up with that? What's screwed up, the documentation
connecting T1 modules [7:12139]
Anyone know what kind of cable to use to connect two T1 modules? I have a 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the WIC-1DSU-T1 module(RJ45). What kind of cable can I use to connect these momdules? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12139t=12139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Translations and Time Left [7:12133]
Thanks for the suggestions I will try them and let you know how it turns out. -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP James Haynes wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm performing NAT translations on one of our network connections and all is fine except that the server the people are connecting to is having an application issue. This causes them to time out waiting for a logon. They then try to initiate another connection and the same process occurs. If I do a show ip nat translations verbose I can see the individual connections and the NAT having taken place (doing an overload on the address space) and then these connections remain open for 24 hours. As the users keep attempting to open new connections the old connections remain up. tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:23 XXX.XXX.XXX.XXX:23 create 22:12:59, use 22:12:37, left 01:47:22, Is there a NAT command that let's me specify how long a connection can remain open? Say for instance, 2 hours instead of 24? -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12140t=12133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Asynch on 3640 [7:12142]
Im trying to configure a my 3640 to dial a ppp server and then route ip over that link. It will stay up permanently until the frame connection comes back up. Im putting a wic-2a/s into wic1 on the NM in slot 1. First off Im not real sure how the line numbering will go (cisco's site is pretty meager unless its an 8 or 16 port NM). Secondly how do I configure this to just dial out? Im thinking. line # speed 115200 flowcontrol hardware transport input all stopbits 1 modem inout modem autoconfigure type usr_sportster int serial # (this is how I think the a/s will show up) encapsulation ppp async dynamic address ppp authenticaion pap dialer-map ip ?.?.?.? name destination 555-1212 ppp pap sent-username ### password ### then put a static route in and ping the destination. Does this look even remotely correct. Ben __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12142t=12142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
This brings up a point: why is there a telco version in the first place? What are these telco requirements and why are they there? I've been hearing little snippets about this but I don't know the details. From what I've read so far, it sounds like some government agency had too much time on its hands and felt like being even more intrusive than usual. Who cares if there is a plastic cover or not? Who cares if the rack is 19 or 24 wide? Who cares if the equipment is more than 12 deep? Someone please explain this to me, and please tell me there are good reasons for these requirements. Otherwise, it will just annoy me and ruin my day. ;-) Besides, I have a feeling I'll be running into situations where equipment that I provision has to meet these requirements so I might as well know what they are, right? Thanks, John (who is just starting his 2nd cup of coffee...be gentle.) Mears, Rob 7/12/01 8:55:12 AM Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams to break them in. It will be one of those teams dealing with your problem - probably euro-config. I know a lot of those guys and, although they all work hard, they don't have the experience to deal with a case that gets over complicated. If you have had an RMA already and you are still no nearer to solving the problem then the next step is to have the case escalated. I expect this case has been going on for a few days already and has probably passed the P3 SLA so the TAC can escalate to a more technical team to get you a speedy fix. I hope this helps and I would appreciate it if you kept this under your hat. Regards Charlie --- Mears, Rob wrote: Any one ever had a problem loading IOS on a 3660 right out of the box? I have one with 64meg flash and 256 ram and the damn thing will not come out of RMMON. I have set the confreg to boot correctly still RMMON. I have flashed it with two different IOS (12112.2), swapped out Flash, MEM, even sent the chassis back to Cisco and the new one had the same problem. TAC has no clue, they have been sending me part and giving me to different Engineer with no luck. What gives? Rob [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12141t=12135 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sniffer [7:12143]
Does anyone know if there is a CBT on Sniffers or similar analyzers? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12143t=12143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Translations and Time Left [7:12133]
I don't know the answer but you might look up the timeout command on the PIX (if that's what you have) and see if that helps. Allen - Original Message - From: James Haynes To: Sent: Thursday, July 12, 2001 9:48 AM Subject: NAT Translations and Time Left [7:12133] I'm performing NAT translations on one of our network connections and all is fine except that the server the people are connecting to is having an application issue. This causes them to time out waiting for a logon. They then try to initiate another connection and the same process occurs. If I do a show ip nat translations verbose I can see the individual connections and the NAT having taken place (doing an overload on the address space) and then these connections remain open for 24 hours. As the users keep attempting to open new connections the old connections remain up. tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:23 XXX.XXX.XXX.XXX:23 create 22:12:59, use 22:12:37, left 01:47:22, Is there a NAT command that let's me specify how long a connection can remain open? Say for instance, 2 hours instead of 24? -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12144t=12133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie lab setup [7:12145]
Hey, can everyone help me with setting up a good CCIE lab. I need to know what equipment would be the best to purchase for the lab. I will use it to study for both CCNP and CCIE. My budget is between $5000-$7000. Any and all replies would be greatly appreciated. Thanks, Brian Clark - A+, Network+, CCA, MCP 2000, CCNA Network Specialist Valley Services, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12145t=12145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Want to attend Networkers??? (Chicago - 7/16-7/20) [7:12146]
If anyone is interested in going to Cisco Networkers (Chicago 7/16-7/20), please let me know immediately. I have 2 passes that I can sell at substantially less than the early registration (at least half price) . I'll take the first reasonable offer. Please let me know ASAP as the conference is next week. We could jointly conference Networkers registration to transfer the name(s). I can also assist with hotel registration, if you are concerned about lack of hotel availability. TIA, Rob Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12146t=12146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN implementation [7:12063]
I'd recommend a 3620 in the head office, with 2611's @ the remote sites. You need extra RAM, flash, and IP+56 feature set. As to the configs, there are plenty of examples @ Cisco.com. I found a LOT of info on VPN. You just have to be diligent and dig. Michael -Original Message- From: Tony Medeiros [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:06 PM To: [EMAIL PROTECTED] Subject:Re: VPN implementation [7:12063] Lets see, You want a free VPN design complete with bill of materials, Reasons backing up this design so you can present it to you customer. And design of integration of said solution into your customers existing network, again for free. And you want it ASAP GEZE (Sorry everybody, This post got to me, At least he said Kindly) - Original Message - From: Ranjit Sabherwal To: Sent: Wednesday, July 11, 2001 10:28 PM Subject: VPN implementation [7:12063] My customer wants to implement VPN over Internet between 4 offices, namely; Delhi, Chennai, Bangalore and Bombay. He wants a very very secured network. I want to know as to what all things are required for secured implementation of VPN and why. In other words, i want a full VPN solution. The customer wants that there should be proper tunneling between its offices so that the data is secured.What all VPN devices are required and where should they be installed(Consider that Delhi is the head office) Kindly enlighten me on this issue ASAP as i have to give the solution as early as possible. I went through the Cisco site also but failed to arrive at a solution. Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12147t=12063 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN implementation [7:12063]
And this had what to do with Cisco certification or products? It doesn't seem that you are asking a question on advice or for an approach. You want a total VPN plan and design to present to your customer for direct monetary gain not for the pursuit of knowledge. Right Pay a consultant. Ranjit Sabherwal wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My customer wants to implement VPN over Internet between 4 offices, namely; Delhi, Chennai, Bangalore and Bombay. He wants a very very secured network. I want to know as to what all things are required for secured implementation of VPN and why. In other words, i want a full VPN solution. The customer wants that there should be proper tunneling between its offices so that the data is secured.What all VPN devices are required and where should they be installed(Consider that Delhi is the head office) Kindly enlighten me on this issue ASAP as i have to give the solution as early as possible. I went through the Cisco site also but failed to arrive at a solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12148t=12063 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Giles, 2nd Edition Errata [7:11858]
John, Take my advice . STAY OFF GILES ... this is the most confusing book I have read in my entire career as a Network Engineer . Its full of useless ,crappy information and trivia that will just end up confusing you ... Jaspreet John Neiberger wrote: Do any of you know where to find an errata for the 2nd edition of the All-in-One CCIE Study Guide? I've found the first edition errata in several locations but no luck so far with the second book. I've found many errors already, especially in the end-of-chapter practice quizzes. Considering that this is the last book I'll read before the test on Saturday, I'd like to get the correct information. :-) I'd hate to get confused this late in the game! Thanks, John ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12149t=11858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AAA and TACACS+ [7:12150]
Can I use a TACAC+ server to restrict access between two networks? I have a corporate network and a development network separated by a router. Each network is off of an ethernet interface on the router. I want to restrict access between these two networks, not based on IP addresses but based on User accounts. Is this possible using AAA and TACACS+. What are the limitations. Can I use a TACACS+ server to retrict certain ports based on usernames/passwords or can I only use it to restrict IP addresses? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12150t=12150 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Want to attend Networkers??? (Chicago - 7/16-7/20) [7:12152]
i saw u posted this message alot Noone bought any ticket from you :-( Riisen, Robert (1128) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If anyone is interested in going to Cisco Networkers (Chicago 7/16-7/20), please let me know immediately. I have 2 passes that I can sell at substantially less than the early registration (at least half price) . I'll take the first reasonable offer. Please let me know ASAP as the conference is next week. We could jointly conference Networkers registration to transfer the name(s). I can also assist with hotel registration, if you are concerned about lack of hotel availability. TIA, Rob Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12152t=12152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Elmer, Novell just randomly picks numbers, probably a function of the hardware's SN, and maybe Date Time. Point is, I would prefer to use a coherent scheme for net ID's, and would be removing any Frame types I'm not using. If you ever add another Novell server, you MUST make sure that the new server is set with these hardware ID's. The best way to understand this is to read the Cisco material for CCNA on IPX sub interfaces. It explains that each frame type must be a separate network, and if you have older systems running Novell_ether(802.3...No LLC) and newer ones running SAP (802.3+802.2LLC) on the same segment, you can have the router route between sub-interfaces by encapsulating 2 sub-ifs, one with novell_ether, and the other with sap. You do have to specify the network ID's per sub-if. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 5:41 AM To: [EMAIL PROTECTED] Subject:RE: IPX Network addresses [7:11990] Thanks for all the responses. This is the only IPX speaking box on the wire and the first NW5.1 server to be brought up. I understand that it supports and automatically loads all IPX frame types by default if IPX is chosen along with the default and preferred IP protocol. From the replies it seems that each frame type would belong to a DIFFERENT IPX network? Or is it just DIFFERENT WAYS of writing out IPX network addresses depending on the frame type used? Again, thanks for the enlightenment. Elmer -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12153t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
4000 verses 4500M and 4700M [7:12154]
Hi, Can anyone tell me the difference b/w 4000 and 4500M. The price for 4000 used is very low as compared to 4500M or 4700M. I think there is no difference except of memory. Please correct me Thanks, Mamoor CNE CCIP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12154t=12154 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: connecting T1 modules [7:12139]
Look up the pinout of each rj45 I think it's a roll cable, but you need to connect TX to RX and Visa Versa. Make sure you set up clocking one external and one internal -Original Message- From: anthony moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:13 AM To: [EMAIL PROTECTED] Subject:connecting T1 modules [7:12139] Anyone know what kind of cable to use to connect two T1 modules? I have a 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the WIC-1DSU-T1 module(RJ45). What kind of cable can I use to connect these momdules? Thanks Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12155t=12139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 5000 rebooted [7:12101]
I think ur cooling fan is not working properly or there is a problem with the cooling do ur 5000 gives u any messeges on the screen like over temp. most prob it is because of cooling... try putting in a chilled room for test -Mamoor Arun wrote: hi we have catalyst 5000 in our organization and last week oneof our catalyst 5000 rebooted bu its own ...can anyboby tell me what could be the probabale cause or where one shoulb be looking for it ... how do i start looking for it .Please help this reboot has caused the services to be stopped for 15 minutes and it is really big issue for us why it happened ...i think i am totally stuck ..can anybody give a a start . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12156t=12101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Giles, 2nd Edition Errata [7:11858]
So far I've found it to be interesting, but while reading I got the impression that it had WAY too much detail in some areas and not nearly enough detail in others. You're right, it might be tempting to try to remember all the details that he packs in there when a large number of them most likely wouldn't be on the test. It also has a large number of errors, and even though many of them are fairly minor, they can be confusing because they often present contradictory information. The answer keys to the test questions are especially spooky! I've found a few examples where your choices might be A,B,C, or D and the answer in the key is G! heh heh you can't win like that. Thanks for the tips! John Jaspreet Bhatia 7/12/01 10:05:34 AM John, Take my advice . STAY OFF GILES ... this is the most confusing book I have read in my entire career as a Network Engineer . Its full of useless ,crappy information and trivia that will just end up confusing you ... Jaspreet John Neiberger wrote: Do any of you know where to find an errata for the 2nd edition of the All-in-One CCIE Study Guide? I've found the first edition errata in several locations but no luck so far with the second book. I've found many errors already, especially in the end-of-chapter practice quizzes. Considering that this is the last book I'll read before the test on Saturday, I'd like to get the correct information. :-) I'd hate to get confused this late in the game! Thanks, John ___ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12157t=11858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
Telco requirements are quite strict There are Bellcore standards that are used at all central offices. It has nothing to do with the goverment but will Bell ensurring that any third party equipment will: 1) Fit in telco racks 2) No physically interfer with other equipment in telco racks 3) Not add to the fire load 4) Not cause any undue electrical problems (NEBS grounding, etc) It's all really for infrastructure protection Too bad they didn't have a Telco version of the IOS. Bob -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:29 AM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] This brings up a point: why is there a telco version in the first place? What are these telco requirements and why are they there? I've been hearing little snippets about this but I don't know the details. From what I've read so far, it sounds like some government agency had too much time on its hands and felt like being even more intrusive than usual. Who cares if there is a plastic cover or not? Who cares if the rack is 19 or 24 wide? Who cares if the equipment is more than 12 deep? Someone please explain this to me, and please tell me there are good reasons for these requirements. Otherwise, it will just annoy me and ruin my day. ;-) Besides, I have a feeling I'll be running into situations where equipment that I provision has to meet these requirements so I might as well know what they are, right? Thanks, John (who is just starting his 2nd cup of coffee...be gentle.) Mears, Rob 7/12/01 8:55:12 AM Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams to break them in. It will be one of those teams dealing with your problem - probably euro-config. I know a lot of those guys and, although they all work hard, they don't have the experience to deal with a case that gets over complicated. If you have had an RMA already and you are still no nearer to solving the problem then the next step is to have the case escalated. I expect this case has been going on for a few days already and has probably passed the P3 SLA so the TAC can escalate to a more technical team to get you a speedy fix. I hope this helps and I would appreciate it if you kept this under your hat. Regards Charlie --- Mears, Rob wrote: Any one ever had a problem loading IOS on a 3660 right out of the box? I have one with 64meg flash and 256 ram and the damn thing will not come out of RMMON. I have set the confreg to boot correctly still RMMON. I have flashed it with two different IOS (12112.2), swapped out Flash, MEM, even sent the chassis back to Cisco and the new one had the same problem. TAC has no clue, they have been sending me part and giving me to different Engineer with no luck. What gives? Rob [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted
Re: port block unicast and multicast [7:12052]
It is monitoring other ports. I did the three steps: enable the feature, configure the monitor port, and configure the monitored port. It is seeing traffic, but not multicasts. It seems to disable unknown unicast and unregistered multicasts on the monitor port no matter what you do. I have decided that it's to protect the user from trouble. If you turned this feature on while the monitor port was connected to something more than just an analyzer, you could cause problems (even loops?) Priscilla At 10:53 PM 7/11/01, Marty Adkins wrote: Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x/19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12159t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie lab setup [7:12145]
Brian, U can use as under the price are approx 2501$600 x 2 2502$450 or less 2503$800 or less 2521$900 two 1912EN switch $1000both for heavy stuff like 5000 and voIP 5000 loaded sup1$2300 2620$1300 1750$900 voIP modules$700 This is the complete lab except ATM. my advice is to stuck with 2500 series routers they are really good ooohhh!! one router left for reverse telneting 500-C$400 -Mamoor CCIENETWORK+MCTMCSE2000CNE I am from Pakistan (proud to be).. Brian Clark wrote: Hey, can everyone help me with setting up a good CCIE lab. I need to know what equipment would be the best to purchase for the lab. I will use it to study for both CCNP and CCIE. My budget is between $5000-$7000. Any and all replies would be greatly appreciated. Thanks, Brian Clark - A+, Network+, CCA, MCP 2000, CCNA Network Specialist Valley Services, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12160t=12145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
Hi, So far I have not heard any response for this. Anyone care to provide the info? Thanks in advance. With regards Steven Quek -Original Message- From: Quek, Steven Sent: Thursday, July 12, 2001 6:02 PM To: [EMAIL PROTECTED] Subject: RE: port block unicast and multicast [7:12052] Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast Unregistered Multicast from forwarding through the Source port not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic---| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 not updated to the Router Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12161t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT Translations and Time Left [7:12133]
You can change the IP translation timeout by issuing timeout xlate hh:mm:ss I don't know the answer but you might look up the timeout command on the PIX (if that's what you have) and see if that helps. Allen - Original Message - From: James Haynes To: Sent: Thursday, July 12, 2001 9:48 AM Subject: NAT Translations and Time Left [7:12133] I'm performing NAT translations on one of our network connections and all is fine except that the server the people are connecting to is having an application issue. This causes them to time out waiting for a logon. They then try to initiate another connection and the same process occurs. If I do a show ip nat translations verbose I can see the individual connections and the NAT having taken place (doing an overload on the address space) and then these connections remain open for 24 hours. As the users keep attempting to open new connections the old connections remain up. tcp XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:1194 XXX.XXX.XXX.XXX:23 XXX.XXX.XXX.XXX:23 create 22:12:59, use 22:12:37, left 01:47:22, Is there a NAT command that let's me specify how long a connection can remain open? Say for instance, 2 hours instead of 24? -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12162t=12133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 4000 verses 4500M and 4700M [7:12154]
Ahmed, The 4000 can go up to 16megs of ram. With the 'm' added to it, which is 'memory enhanced', it can go up to 32megs of ram. There is also a major difference between the 4000m vs 4500m. The cpu on the 4000m is a weak ass motorola 40mhz cpu. While on the 4500m, you get a 100mhz RISC cpu. With the new 12.2 ios, you can even do MLS and 802.1q vlan routing on the 4500m with just 10mbps ethernet interfaces. Now with the 4700m, you can potentially go up to 64megs of dram. The cpu on that is the same as the 4500m, but it's 133mhz instead of 100mhz. Some cheap companies like mine still use a 4700m for bgp routing. Of course you have to run older codes for it such as 11.3 in order to have enough ram to store full bgp table, assuming you're using 64megs of ram. If you wish to get a 4500m with 2 ethernet ports to do 802.1q vlan routing, you can get it from me also. I purchased about 50 of these 4500m when i found out that it can do vlan routing on just 10mbps ethernet interfaces, on 12.2 code of course. -Frank On Thu, 12 Jul 2001, Ahmed Mamoor Amimi wrote: Hi, Can anyone tell me the difference b/w 4000 and 4500M. The price for 4000 used is very low as compared to 4500M or 4700M. I think there is no difference except of memory. Please correct me Thanks, Mamoor CNE CCIP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12163t=12154 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Yes, each frame type is associated with a different network number. They are not different representations of the same network number. They are different networks. Broadcast domains have nothing to do with it. If all devices in these four networks are connected via hubs or switches, they see each other's broadcasts. They process the broadcasts at the data-link-layer and only process them further if they are running the same Ethernet frame type. If these are really internal network numbers, then the question is moot. Internal network numbers don't need a frame type!? Priscilla At 10:46 AM 7/12/01, Hire, Ejay wrote: Each different frame type acts as a separate broadcast domain, thus they have different network numbers. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Thanks for all the responses. This is the only IPX speaking box on the wire and the first NW5.1 server to be brought up. I understand that it supports and automatically loads all IPX frame types by default if IPX is chosen along with the default and preferred IP protocol. From the replies it seems that each frame type would belong to a DIFFERENT IPX network? Or is it just DIFFERENT WAYS of writing out IPX network addresses depending on the frame type used? Again, thanks for the enlightenment. Elmer -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12165t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: connecting T1 modules [7:12139]
You can use a cat5 cable pin out is 1245 to 4512 Jon -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 9:25 AM To: [EMAIL PROTECTED] Subject: RE: connecting T1 modules [7:12139] Look up the pinout of each rj45 I think it's a roll cable, but you need to connect TX to RX and Visa Versa. Make sure you set up clocking one external and one internal -Original Message- From: anthony moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:13 AM To: [EMAIL PROTECTED] Subject:connecting T1 modules [7:12139] Anyone know what kind of cable to use to connect two T1 modules? I have a 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the WIC-1DSU-T1 module(RJ45). What kind of cable can I use to connect these momdules? Thanks Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12164t=12139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX Network addresses [7:11990]
Thanks all. Does makes sense now. I still like IPX better than IP for small LANs. At least no ICMP attacks / DDOS to worry about. Elmer -Original Message- From: Ayers, Michael [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:21 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Elmer, Novell just randomly picks numbers, probably a function of the hardware's SN, and maybe Date Time. Point is, I would prefer to use a coherent scheme for net ID's, and would be removing any Frame types I'm not using. If you ever add another Novell server, you MUST make sure that the new server is set with these hardware ID's. The best way to understand this is to read the Cisco material for CCNA on IPX sub interfaces. It explains that each frame type must be a separate network, and if you have older systems running Novell_ether(802.3...No LLC) and newer ones running SAP (802.3+802.2LLC) on the same segment, you can have the router route between sub-interfaces by encapsulating 2 sub-ifs, one with novell_ether, and the other with sap. You do have to specify the network ID's per sub-if. Thank You, Michael Ayers Network Engineer OneNeck IT Services (480) 539-2203 (800) 272-3077 -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 5:41 AM To: [EMAIL PROTECTED] Subject:RE: IPX Network addresses [7:11990] Thanks for all the responses. This is the only IPX speaking box on the wire and the first NW5.1 server to be brought up. I understand that it supports and automatically loads all IPX frame types by default if IPX is chosen along with the default and preferred IP protocol. From the replies it seems that each frame type would belong to a DIFFERENT IPX network? Or is it just DIFFERENT WAYS of writing out IPX network addresses depending on the frame type used? Again, thanks for the enlightenment. Elmer -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: RE: IPX Network addresses [7:11990] Interesting. Why would it generate network numbers, though? Shouldn't network numbers be manually configured? Priscilla At 04:11 PM 7/11/01, Patricia Leeb-Hart wrote: I finally feel qualified to comment on a question on this list (having worked with NetWare for the past 6 years) The addresses you're seeing are generated automatically. What's happening here is that the new server has every single Ethernet frame type loaded, and as a result is using different IPX network number for every frame type. New 3.x and 4.x servers will do this if you perform an install using all the defaults. You need to run INSTALL (or NWCONFIG if 5.x), edit the AUTOEXEC.NCF and remove all BIND statements referencing frame types you don't want to use. Ethernet_II is preferred. NetWare 5.x is more restrained and tries to use IP only. Ayers, Michael 07/11/01 12:12PM Those were either auto generated, or picked up from reading frames on the wire. -Original Message- From: Elmer Deloso [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 11:31 AM To: [EMAIL PROTECTED] Subject:IPX Network addresses [7:11990] hi, group. I just noticed that after installing NetWare server, it gave me this info regarding types of IPX frames: Frame type Network address Ethernet_802.2 3D410DCD Ethernet_802.3 1E0F4F9E Ethernet_SNAP FF994BB0 Ethernet_II D393B805 For the IPX gurus in the group, can someone tell me if there is some type of logic as to how the network address is translated from the type of frame used? Just to answer my curiosity. Thank you. Priscilla Oppenheimer http://www.priscilla.com Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12166t=11990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccie lab setup [7:12145]
What about a MC3810? That has a Multi-Function T1 mod that can do native Frame or ATM. That takes care of the ATM (assuming that you had 2 MC3810s). It also has telephone ports for plugging in standard phones, faxes or modems. Using async modems you can do DDR and backup labs with these instead of buying a telephone simulator or having multiple lines in the house. So you can do VoIP, VoFR and VoATM with these 2 routers and you can get well optioned but older ones for about 1500 each. I have 2 of them but I have not gotten to the ATM or Voice parts of my studies yet. -Original Message- From: Ahmed Mamoor Amimi [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:40 PM To: [EMAIL PROTECTED] Subject: Re: ccie lab setup [7:12145] Brian, U can use as under the price are approx 2501$600 x 2 2502$450 or less 2503$800 or less 2521$900 two 1912EN switch $1000both for heavy stuff like 5000 and voIP 5000 loaded sup1$2300 2620$1300 1750$900 voIP modules$700 This is the complete lab except ATM. my advice is to stuck with 2500 series routers they are really good ooohhh!! one router left for reverse telneting 500-C$400 -Mamoor CCIENETWORK+MCTMCSE2000CNE I am from Pakistan (proud to be).. Brian Clark wrote: Hey, can everyone help me with setting up a good CCIE lab. I need to know what equipment would be the best to purchase for the lab. I will use it to study for both CCNP and CCIE. My budget is between $5000-$7000. Any and all replies would be greatly appreciated. Thanks, Brian Clark - A+, Network+, CCA, MCP 2000, CCNA Network Specialist Valley Services, Inc. Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12167t=12145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: connecting T1 modules [7:12139]
T-1s use pins 12 and 45. So make a special crossover cable: 1 to 4, 2 to 5, 4 to 1, 5 to 2. You can use a pair of RJ-45 jacks for the crossover using some spare wire - then use regular patch cables from the jacks to the routers. Side note: 56k uses pins 12 and 78. A console rollover cable works fine for that. -Original Message- From: anthony moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 10:13 AM To: [EMAIL PROTECTED] Subject: connecting T1 modules [7:12139] Anyone know what kind of cable to use to connect two T1 modules? I have a 2525 with the Fractional/full T1 module(RJ45) and a 2621 with the WIC-1DSU-T1 module(RJ45). What kind of cable can I use to connect these momdules? Thanks Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12168t=12139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
Uhh, they do! c3660-telcoent-mz.121-5.T9.bin -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:34 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Telco requirements are quite strict There are Bellcore standards that are used at all central offices. It has nothing to do with the goverment but will Bell ensurring that any third party equipment will: 1) Fit in telco racks 2) No physically interfer with other equipment in telco racks 3) Not add to the fire load 4) Not cause any undue electrical problems (NEBS grounding, etc) It's all really for infrastructure protection Too bad they didn't have a Telco version of the IOS. Bob -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:29 AM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] This brings up a point: why is there a telco version in the first place? What are these telco requirements and why are they there? I've been hearing little snippets about this but I don't know the details. From what I've read so far, it sounds like some government agency had too much time on its hands and felt like being even more intrusive than usual. Who cares if there is a plastic cover or not? Who cares if the rack is 19 or 24 wide? Who cares if the equipment is more than 12 deep? Someone please explain this to me, and please tell me there are good reasons for these requirements. Otherwise, it will just annoy me and ruin my day. ;-) Besides, I have a feeling I'll be running into situations where equipment that I provision has to meet these requirements so I might as well know what they are, right? Thanks, John (who is just starting his 2nd cup of coffee...be gentle.) Mears, Rob 7/12/01 8:55:12 AM Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams to break them in. It will be one of those teams dealing with your problem - probably euro-config. I know a lot of those guys and, although they all work hard, they don't have the experience to deal with a case that gets over complicated. If you have had an RMA already and you are still no nearer to solving the problem then the next step is to have the case escalated. I expect this case has been going on for a few days already and has probably passed the P3 SLA so the TAC can escalate to a more technical team to get you a speedy fix. I hope this helps and I would appreciate it if you kept this under your hat. Regards Charlie --- Mears, Rob wrote: Any one ever had a problem loading IOS on a 3660 right out of the box? I have one with 64meg flash and 256 ram and the damn thing will not come out of RMMON. I have set the confreg to boot correctly still RMMON. I have flashed it with two different IOS (12112.2), swapped out Flash, MEM, even sent the chassis back to Cisco and the new one had the same problem. TAC has no clue, they have been sending me part and giving me to different Engineer with no luck. What gives? Rob [EMAIL
RE: port block unicast and multicast [7:12052]
See some comments below. At 06:01 AM 7/12/01, Quek, Steven wrote: Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast Unregistered Multicast I have only seen this with the Cat 1900. You will need to check Cisco documentation for the other switches. I checked the 6xxx and 5xxx documentation and monitoring multicasts is enabled by default for those switches. Multicasts are not blocked. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/span.htm#xtocid147020 Monitoring multicasts is configurable. See this command: set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx | tx | both] [inpkts {enable | disable}] [learning {enable | disable}] [multicast {enable | disable}] [filter vlans...] [create] from forwarding through the Source port not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic---| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 not updated to the Router I am assuming that EIGRP multicasts arrive from the router at switch port 1 in your diagram, and port 1 is the monitored (mirrored) port and port 2 is the monitor port where the analyzer resides. You will not see the EIGRP multicasts on the destination (monitor) port 2 when using a Cat 1900. The EIGRP multicasts should go out all other ports on the switch (depending on VLAN and other configurations.) So, it won't cause any operational problems on a network. It just makes monitoring difficult. Note that EIGRP uses multicasts for hellos. It sends routing updates directly to neighbors, so you would see those on the monitor port. Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? I also do not see CDP on my monitor port on my Cat 1900. I haven't tried multicast video or other applications. Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Well, it blocks unregistered multicasts. Theoretically you could register the port to receive multicasts. I don't know how, though. IGMP? Sorry, I don't know more about this. I'm just discovering the problems myself. But I think it's just a Cat 1900 problem. Priscilla Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Priscilla Oppenheimer
RE: What is a WIC card? [7:9764]
GYAHH. NO db-60 is NOT high speed serial. everyone stop calling it that there is no high speed serial wic. high-speed serial == HSSI == NM-xH == (about 45 Mbits/s) multi-function/regular serial == wic-xT, nm-xT = 4 Mbits/s and while we're on that, they arn't serial ports. they're seial interfaces =P. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 25, 2001 9:40 AM To: [EMAIL PROTECTED] Subject: Re: What is a WIC card? [7:9764] Wan Interface Card VWIC's are Voice Wan Interface Cards. It's kinda hard to go anymore in-depth than that. This is what Cisco's named their interface cards for the 1700/2600/3600 series routers. A WIC-1T is a single DB60 High Speed Serial, WIC-1 ADSL would be an Asymmetrical DSL interface card an NM-1E would be a single 10BaseT. Phil - Original Message - From: RJ To: Sent: Monday, June 25, 2001 11:28 AM Subject: What is a WIC card? [7:9764] Hello, What exactly is a WIC card and how does it work? Thanks RJ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12171t=9764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what are some of the best materials to prep for the CCIE [7:12172]
You would need the Caslow book as well. Search over the archive and you'll see what other people are using. Also, make sure you check out the archive for the CCIE lab mailing list. I found it very inspiring. Richard Wei Wu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just passed my RS written exam, I want to know what study materials are best for prepping for the lab. I currently have Routing tcp/ip from Doyle and Halabi's BGP book. I am looking for a CCIE lab book and/or CDs. Any input appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12172t=12172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what are some of the best materials to prep for the CCIE [7:12173]
Hello Wei, I would say that you should have the following books and reference material with you fo rthe lab exam : 1) Caslow 2) Doyle 3) Halabi 4) OSPF Design Guide from CCO 5) DLSW+ Design Guide from CCO 6) Token Ring Paper from ccprep.com 7) All in one CCIE lab study guide from Mcgrawhill 8) Try to do the Virtual Lab on mentorlabs .They are really good 9) Last but not the least sign up for Caslow's ECP 1 course two months before the lab That is what I am using . Thanks Jaspreet Bhatia Richard Chang wrote: You would need the Caslow book as well. Search over the archive and you'll see what other people are using. Also, make sure you check out the archive for the CCIE lab mailing list. I found it very inspiring. Richard Wei Wu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just passed my RS written exam, I want to know what study materials are best for prepping for the lab. I currently have Routing tcp/ip from Doyle and Halabi's BGP book. I am looking for a CCIE lab book and/or CDs. Any input appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12173t=12173 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
Sorry... I meant a version of the IOS that was as bullet proof as the physical contruction of the telco version of the router... Just trying for a little humour. -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 10:26 AM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Uhh, they do! c3660-telcoent-mz.121-5.T9.bin -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:34 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Telco requirements are quite strict There are Bellcore standards that are used at all central offices. It has nothing to do with the goverment but will Bell ensurring that any third party equipment will: 1) Fit in telco racks 2) No physically interfer with other equipment in telco racks 3) Not add to the fire load 4) Not cause any undue electrical problems (NEBS grounding, etc) It's all really for infrastructure protection Too bad they didn't have a Telco version of the IOS. Bob -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:29 AM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] This brings up a point: why is there a telco version in the first place? What are these telco requirements and why are they there? I've been hearing little snippets about this but I don't know the details. From what I've read so far, it sounds like some government agency had too much time on its hands and felt like being even more intrusive than usual. Who cares if there is a plastic cover or not? Who cares if the rack is 19 or 24 wide? Who cares if the equipment is more than 12 deep? Someone please explain this to me, and please tell me there are good reasons for these requirements. Otherwise, it will just annoy me and ruin my day. ;-) Besides, I have a feeling I'll be running into situations where equipment that I provision has to meet these requirements so I might as well know what they are, right? Thanks, John (who is just starting his 2nd cup of coffee...be gentle.) Mears, Rob 7/12/01 8:55:12 AM Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams to break them in. It will be one of those teams dealing with your problem - probably euro-config. I know a lot of those guys and, although they all work hard, they don't have the experience to deal with a case that gets over complicated. If you have had an RMA already and you are still no nearer to solving the problem then the next step is to have the case escalated. I expect this case has been going on for a few days already and has probably passed the P3 SLA so the TAC can escalate to a more technical team to get you a speedy fix. I hope this helps and I would appreciate it if you kept this under your hat. Regards Charlie --- Mears, Rob wrote: Any one ever had a problem loading IOS on a 3660 right out of the box? I have one with 64meg flash and 256 ram and the damn thing will not come out
RE: catalyst 5000 rebooted [7:12101]
werd. (right on) -humboldt -Original Message- From: GNOME [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 10:53 AM To: [EMAIL PROTECTED] Subject: Re: catalyst 5000 rebooted [7:12101] Hi How about doing a show version to see the reason of last reboot Arun wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi we have catalyst 5000 in our organization and last week oneof our catalyst 5000 rebooted bu its own ...can anyboby tell me what could be the probabale cause or where one shoulb be looking for it ... how do i start looking for it .Please help this reboot has caused the services to be stopped for 15 minutes and it is really big issue for us why it happened ...i think i am totally stuck ..can anybody give a a start . Regards Arun Sharma Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12175t=12101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Duplicate Ip addresses ! [7:12100]
clear your arp table. -humboldt -Original Message- From: shella kevin [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 7:29 AM To: [EMAIL PROTECTED] Subject: RE: Duplicate Ip addresses ! [7:12100] mmmhh ! yes i shutdown the interface and then bring it up ... looks like the software issue to me too anyother way i can check on the cisco router if they still exists? btw what is NOC ? From: Chuck Larrieu To: shella kevin , Subject: RE: Duplicate Ip addresses ! [7:12100] Date: Thu, 12 Jul 2001 03:47:34 -0700 what are you - the night shift in the NOC? when you say you decommissioned the interfaces, did you issue shutdown commands? physically pull the wires so they aren't connected to anything? in general, issuing a shutdown command on an interface prevents it from telling the network about itself. I'm wondering if your monitoring software has failed to flush the old interfaces, and is complaining when it sees the new interfaces come on line when it already has those addresses in its database. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of shella kevin Sent: Thursday, July 12, 2001 3:42 AM To: [EMAIL PROTECTED] Subject: Duplicate Ip addresses ! [7:12100] I am monitoring cisco routes via netview. I decommissioned 2 interfaces on the cisco router and put it on an other outer. Now I am getting alerts on netview Duplicate Ip addresses .. it's the same ip addresses/FastEthernet interface which I decommissioned. How can I address this problem ? How to flush out this on a route ? Cheers Shella k _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12176t=12100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
that is! that's the one. Damn Telco stuff. You know it was said if they were to burn (Telco Routers), it would not put off toxic fumes (no plastic an telco requirment) . I looked around the CO and wondered about the billions little blue and white analog wires we have form ceiling to floor and wondered what's the point. Smoke from the router won't kill me, but the plastic from the wires will. Man rob -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:26 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Uhh, they do! c3660-telcoent-mz.121-5.T9.bin -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:34 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Telco requirements are quite strict There are Bellcore standards that are used at all central offices. It has nothing to do with the goverment but will Bell ensurring that any third party equipment will: 1) Fit in telco racks 2) No physically interfer with other equipment in telco racks 3) Not add to the fire load 4) Not cause any undue electrical problems (NEBS grounding, etc) It's all really for infrastructure protection Too bad they didn't have a Telco version of the IOS. Bob -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:29 AM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] This brings up a point: why is there a telco version in the first place? What are these telco requirements and why are they there? I've been hearing little snippets about this but I don't know the details. From what I've read so far, it sounds like some government agency had too much time on its hands and felt like being even more intrusive than usual. Who cares if there is a plastic cover or not? Who cares if the rack is 19 or 24 wide? Who cares if the equipment is more than 12 deep? Someone please explain this to me, and please tell me there are good reasons for these requirements. Otherwise, it will just annoy me and ruin my day. ;-) Besides, I have a feeling I'll be running into situations where equipment that I provision has to meet these requirements so I might as well know what they are, right? Thanks, John (who is just starting his 2nd cup of coffee...be gentle.) Mears, Rob 7/12/01 8:55:12 AM Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams to break them in. It will be one of those teams dealing with your problem - probably euro-config. I know a lot of those guys and, although they all work hard, they don't have the experience to deal with a case that gets over complicated. If you have had an RMA already and you are still no nearer to solving the problem then the next step is to have the case escalated. I expect this case has been going on for a few days already and has probably passed the P3 SLA so the TAC can escalate to a more technical team to get you a speedy fix. I hope this helps and I would
2 routers, 1 async line [7:12178]
What is the simplest way to connect two routers over an asnyc line for a permanent connection? I have a 1720 with a serial interface and a 3640 with a wic-2a/s. Ben __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12178t=12178 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what are some of the best materials to prep for the CCIE [7:12179]
I don't think you should skip buying the 19 labs from ccbootcamp. Everything I've heard is that they're the most intense of the available materials. I know the ones I've done so far are very challenging... --- Dennis -Original Message- From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Re: what are some of the best materials to prep for the CCIE [7:12173] Hello Wei, I would say that you should have the following books and reference material with you fo rthe lab exam : 1) Caslow 2) Doyle 3) Halabi 4) OSPF Design Guide from CCO 5) DLSW+ Design Guide from CCO 6) Token Ring Paper from ccprep.com 7) All in one CCIE lab study guide from Mcgrawhill 8) Try to do the Virtual Lab on mentorlabs .They are really good 9) Last but not the least sign up for Caslow's ECP 1 course two months before the lab That is what I am using . Thanks Jaspreet Bhatia Richard Chang wrote: You would need the Caslow book as well. Search over the archive and you'll see what other people are using. Also, make sure you check out the archive for the CCIE lab mailing list. I found it very inspiring. Richard Wei Wu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just passed my RS written exam, I want to know what study materials are best for prepping for the lab. I currently have Routing tcp/ip from Doyle and Halabi's BGP book. I am looking for a CCIE lab book and/or CDs. Any input appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12179t=12179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3660 router-----Finished [7:12135]
Not enough Watts to let the magic smoke out of the cables. The hard gear is MUCH more likely to catch fire from a short. The most likely scenarios where the wire will ignite is an external source like arson, outside fire or burning equipment. If fire gets to the wires and the fire suppression systems have not done their job I hope you have geographic redundancy built into your systems. :) -Original Message- From: Mears, Rob [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 2:08 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] that is! that's the one. Damn Telco stuff. You know it was said if they were to burn (Telco Routers), it would not put off toxic fumes (no plastic an telco requirment) . I looked around the CO and wondered about the billions little blue and white analog wires we have form ceiling to floor and wondered what's the point. Smoke from the router won't kill me, but the plastic from the wires will. Man rob -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:26 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Uhh, they do! c3660-telcoent-mz.121-5.T9.bin -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 12:34 PM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] Telco requirements are quite strict There are Bellcore standards that are used at all central offices. It has nothing to do with the goverment but will Bell ensurring that any third party equipment will: 1) Fit in telco racks 2) No physically interfer with other equipment in telco racks 3) Not add to the fire load 4) Not cause any undue electrical problems (NEBS grounding, etc) It's all really for infrastructure protection Too bad they didn't have a Telco version of the IOS. Bob -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 8:29 AM To: [EMAIL PROTECTED] Subject: RE: 3660 router-Finished [7:12135] This brings up a point: why is there a telco version in the first place? What are these telco requirements and why are they there? I've been hearing little snippets about this but I don't know the details. From what I've read so far, it sounds like some government agency had too much time on its hands and felt like being even more intrusive than usual. Who cares if there is a plastic cover or not? Who cares if the rack is 19 or 24 wide? Who cares if the equipment is more than 12 deep? Someone please explain this to me, and please tell me there are good reasons for these requirements. Otherwise, it will just annoy me and ruin my day. ;-) Besides, I have a feeling I'll be running into situations where equipment that I provision has to meet these requirements so I might as well know what they are, right? Thanks, John (who is just starting his 2nd cup of coffee...be gentle.) Mears, Rob 7/12/01 8:55:12 AM Greeting to all, This problem proved to be a real bitch, and I thank you for all the advice. Here is the fix, and I am almost ashamed to say, but I want to pass this on so none of you all fall into the same trap as I did. As I said, in one post before, I kept getting the same error messages even after TAC sent me new memory and a new router. The 3rd TAC engineer was the charm, because he asked me if this was a TELCO version of the 3660. That was a real good question cuss I had no idea, as I have never worked on one. Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail clue is that their is not a plastic front on the Telco version. I saw this right off the bat, but thought Cisco had just redesigned it. Man what a day. The other way to see if the router is an Enterprise version or Telco is to run the SN numbers. I can think off all the times i do this before I install an IOS. Maybe i should. Good news is I got it fixed and got a new Router out of the deal (thanks you TAC). And as TAC goes, they have pulled my Butt out of the sling more then once, so I have nothing but good to say for them. Yes I have gotten some DORKS before, but I have the option to tell them to get lost and give me a new Engineer. We pay a lot for this service. Hope this has been as educational for you all as it has been for me. Look below at link for the difference in the two. http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm -Original Message- From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:15 AM To: Mears, Rob Subject: Re: 3660 router [7:11917] Hi Rob, I didn't want to send this out to the whole group but I sympathise with your problem - I used to work on TAC and I see this sort of thing happening more and more. Unfortunately TAC have a new policy of employing people without much real technical experience (even pre-CCNA level people) and they put them on the bread and butter TAC teams
PIX/w/WIN2k VPN3000 client problem [7:12181]
I'm having a problem. I'm running a PIX520 (5.3) with multiple VPNGROUPs. I have a client installed on a WIN2k machine. The machine was using a group that didn't split tunnel. I changed the group to a group that does, and now I get a failed to negotiate error AFTER THE LOGON and the Your link is now secure error. I have cleared IPSEC SA and ISAKMP SA. I even went as far as deleting the MAPS. The Client has been removed and re-installed. I'm thinking the problem is either something embedded somewhere in the WIN2k, or an association to the peer IP in the PIX, but I have successfully changed the group on other win 9x machines without a problem after the SA timed out, and the Dynamic Maps cleared. This is a production PIX, but do I get a reboot approved to try to clear old info out of memory, or do I go after the client and see if the problem lies there? Any input appreciated. Thank you, Michael Privileged/Confidential Information may be contained in this message or attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12181t=12181 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what are some of the best materials to prep for the CCIE [7:12182]
Dennis, How much did the labs cost ? Jaspreet Dennis Laganiere wrote: I don't think you should skip buying the 19 labs from ccbootcamp. Everything I've heard is that they're the most intense of the available materials. I know the ones I've done so far are very challenging... --- Dennis -Original Message- From: Jaspreet Bhatia [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Re: what are some of the best materials to prep for the CCIE [7:12173] Hello Wei, I would say that you should have the following books and reference material with you fo rthe lab exam : 1) Caslow 2) Doyle 3) Halabi 4) OSPF Design Guide from CCO 5) DLSW+ Design Guide from CCO 6) Token Ring Paper from ccprep.com 7) All in one CCIE lab study guide from Mcgrawhill 8) Try to do the Virtual Lab on mentorlabs .They are really good 9) Last but not the least sign up for Caslow's ECP 1 course two months before the lab That is what I am using . Thanks Jaspreet Bhatia Richard Chang wrote: You would need the Caslow book as well. Search over the archive and you'll see what other people are using. Also, make sure you check out the archive for the CCIE lab mailing list. I found it very inspiring. Richard Wei Wu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just passed my RS written exam, I want to know what study materials are best for prepping for the lab. I currently have Routing tcp/ip from Doyle and Halabi's BGP book. I am looking for a CCIE lab book and/or CDs. Any input appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12182t=12182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]