RE: Help! Locked out of my 7513 Router! [7:16769]
i Had this happen to me. My symptoms were you could execute the break sequence but the rest of the keyboard is unresponsive. whether trying to break into the router or normal console as i could see the boot up sequence when reset. This happened with 2 of my routers. So i used another computer and was able to console in with no problems. i put it down to my serial ports or UARTS on the serial ports of the PC had gone on the blink. Just something weird to note for further use. -Original Message- From: Richard Chang [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 2:58 pm To: [EMAIL PROTECTED] Subject: Help! Locked out of my 7513 Router! [7:16769] Dear Cisco Groupstudy Person: I locked myself out of my Cisco 7513 router somehow.My Keyboard has no effect. I'm not sure if this is the reason, but my most recent configuration change was to fill the No. 4 slot, previously blank, with a Fast Ethernet Card. Everytime I power cycle the router, it comes up again, goes through the boot sequence, and then freezes with a string of messages concerning the status of FE 3/0 and FE 4/0, first stating that they are up and then stating they are down. Even the password recovery technique where one uses the Break or ^[ Keys and then resets the Config Register can't be used. For some reason, the keyboard won't even work; it has no effect in this situation suddenly!!. I have carefully checked my Hyperterminal settings of 9600 baud ; Data bits=8 Parity=none stop bits=2 Flowcontrol=none Anybody have any idea why my keyboard is dead I am working with Vlan configurations on this Router. Please help! Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16774t=16769 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can ping gateway from Catalyst RSM, but can't ping RSM from [7:16775]
Hello all, I'm having some trouble with a Route Switch Module on a Catalyst 5500. I have set up an IP on the vlan1 interface on the RSM. On the same subnet, I am able ping hosts from the RSM, but I cannot ping the RSM interface from the gateway, or any other hosts for that matter. Can any help? My config: Building configuration... Current configuration: ! version 11.2 no service udp-small-servers no service tcp-small-servers ! hostname Router ! boot config slot0:config ! no ip domain-lookup ! interface Vlan1 ip address 10.10.190.198 255.255.255.0 ! ip default-gateway 10.10.190.1 ip classless ! line con 0 line aux 0 line vty 0 4 logging synchronous login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16775t=16775 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The choice of default-network [7:16777]
Can anyone pls tell me on what basis the entry of one of the default-network given in the configuration , is made in the routing table . For e.g : The router is having 03 upstream providers with OSPF and BGP running Provider 1) Default network: 10.0.0.0 Deault network :192.181.35.0 Default network: 192.140.0.0 Provider 2) Default network 204.45.56.0 Provider 2) Default network 209.10.70.0 All the above entries are made in the routing table using the ip default-network command. Hence the router is having 05 default network in the routing table. Pls help me in letting me know of the above 05 default network given , which one of them will be listed in the routing table as gateway of last resort when one sees using the command show ip route . And pls tell me on what basis the particular network will be choosen as gateway of last resort Hoping that you will help me in solving this mystry for meThanks. Vijendra -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16777t=16777 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
incorrect TCP checksum [7:16776]
Hi According to my knowledge incorrect TCP check sum cause to TCP retransmissions. What could be reason for incorrect TCP checksum? As I understand it could be problem in one of the router/proxy probably switch. And intuitively I think that problem should be wherever in OS. Can you give me any suggestion about detection of the fault machine or source to find more info about this problem. Suggestions I mean something more constructive than putting sniffers on each leg of the device and look for TCP checksum errors. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16776t=16776 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can ping gateway from Catalyst RSM, but can't ping RSM from [7:16778]
Doh! I didn't have routing enabled- packets had no path to travel. =) Enabling a routing protocol fixed everything.. Sean Sean Knox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello all, I'm having some trouble with a Route Switch Module on a Catalyst 5500. I have set up an IP on the vlan1 interface on the RSM. On the same subnet, I am able ping hosts from the RSM, but I cannot ping the RSM interface from the gateway, or any other hosts for that matter. Can any help? My config: Building configuration... Current configuration: ! version 11.2 no service udp-small-servers no service tcp-small-servers ! hostname Router ! boot config slot0:config ! no ip domain-lookup ! interface Vlan1 ip address 10.10.190.198 255.255.255.0 ! ip default-gateway 10.10.190.1 ip classless ! line con 0 line aux 0 line vty 0 4 logging synchronous login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16778t=16778 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help! Locked out of my 7513 Router! [7:16769]
In our lab, we have a few different devices, 1600, 2600, 3500, and you can't talk to any of them from new 866 Compaq EN deskpros, it just doesn't work. Plug the cable into the back of my old trusty Compaq Armada laptop, no problems. I haven't bothered to troubleshoot it. Symon --- i Had this happen to me. My symptoms were you could execute the break sequence but the rest of the keyboard is unresponsive. whether trying to break into the router or normal console as i could see the boot up sequence when reset. This happened with 2 of my routers. So i used another computer and was able to console in with no problems. i put it down to my serial ports or UARTS on the serial ports of the PC had gone on the blink. Just something weird to note for further use. -Original Message- From: Richard Chang [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 2:58 pm To: [EMAIL PROTECTED] Subject:Help! Locked out of my 7513 Router! [7:16769] Dear Cisco Groupstudy Person: I locked myself out of my Cisco 7513 router somehow.My Keyboard has no effect. I'm not sure if this is the reason, but my most recent configuration change was to fill the No. 4 slot, previously blank, with a Fast Ethernet Card. Everytime I power cycle the router, it comes up again, goes through the boot sequence, and then freezes with a string of messages concerning the status of FE 3/0 and FE 4/0, first stating that they are up and then stating they are down. Even the password recovery technique where one uses the Break or ^[ Keys and then resets the Config Register can't be used. For some reason, the keyboard won't even work; it has no effect in this situation suddenly!!. I have carefully checked my Hyperterminal settings of 9600 baud ; Data bits=8 Parity=none stop bits=2 Flowcontrol=none Anybody have any idea why my keyboard is dead I am working with Vlan configurations on this Router. Please help! Thank you. [EMAIL PROTECTED] Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16779t=16769 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Partner Specialization exams - how tough? [7:16773]
This exam is web based. It costs $35 and there is no time limit (other than a session time out if you decide to go to lunch in the middle). I forget how many questions, but its less than 50. You should understand the basics of 802.11 and know some Cisco Aironet specifics (AP and bridge models, antennas, etc.). I would recommend having a web link open to Cisco Aironet 340 product pages so you can reference part numbers. Somewhere in the partner certifications area of CCO there is a link to web based training for this. The video and the powerpoint presentations are sufficient to cover the test. Jay Dunn, MCSE expired in June, CCNA/CCDA to expire in Sept, TIRED of exams IPI GrammTech, Ltd. 210.694.4313 http://www.ipi-gt.com Nunquam Facilis Est -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Torren Craigie-Manson Sent: Wednesday, August 22, 2001 12:43 AM To: [EMAIL PROTECTED] Subject: Partner Specialization exams - how tough? [7:16773] Hi all, Can anyone provide feedback on the partner specialization exams? In particular, I'm interested in the Field Engineer and Systems Engineer exam for wireless LANs. On the scale of regurgitate these marketing factoids to win a free t-shirt to CCNP, how tough is this guy? Any idea of how many questions and how much time is allowed? Cheers, Torren Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16780t=16773 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem Using external routers to route between VLANs [7:16781]
Hi group, I was wondering if it is A MUST for the external routers's interface to be a 100Mb interface, is it possible to do the InterVlan routing on an ethernet port (10Mb) on a 2600 router? I tried to setup a simple scenario with my 2600 router in my home lab, setting the port connected to the 2600 router to TRUNK mode with isl encapsulation , and allowing all vlans. But when I tried to confgure the router's sub-interfaces I the following errors: Router3(config)#int ethernet 0/0.2 Router3(config-subif)#ip address 10.10.2.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. The other problem was that inthe SUBIF configuration mode I didn't have the ENCAPSULATION command available. Bellow is the output of the show version command: Router3#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 17:11 by pwade Image text-base: 0x80008088, data-base: 0x809C818C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router3 uptime is 6 hours, 3 minutes System returned to ROM by reload System image file is flash:c2600-io3-mz.122-3.bin cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory. Processor board ID JAD04390FCB (93659888) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea what the problem is? Thanx in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16781t=16781 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unusual traffic on pvc 266 [7:16782]
I have a problem with a real-life situation it goes this way : The ip address of our client network that is using PVC 266 is 202.161.137.0/25. As I told you earlier when I disable the network from client end,there are still packets in the serial about 75000 both i/p and o/p rate. When no hosts are connected in the network and only 2 Serials are connected the input rate should be 0 right. But it is not so in our case. Moreover we have given rate-limit but are not able to restrict the uplink of our client. Our client link is of 128/384 for PVC 266. Could you help us out and sort out our problem. What might be the cause. The PVC links are PVC 266 is of 128/384 PVC 277 is of 266/1024 I have also attatched router configuraton for your review I am suspecting the prefix list only control out-bound but not in-bound let me know your little input : here is the router configuration version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption service internal ! ! ! ! ! ! ip subnet-zero ip wccp version 1 ip tcp window-size 32000 ip name-server 202.161.131.228 ip name-server 202.161.131.243 ! cns event-service server ! ! ! ! ! ! ! ! interface Loopback0 ip address 202.161.158.137 255.255.255.252 no ip directed-broadcast ! interface Ethernet0/0 ip address 202.161.131.241 255.255.255.240 no ip directed-broadcast no ip mroute-cache ! interface Serial1/0 description Cyberstar no ip address no ip directed-broadcast encapsulation frame-relay IETF fair-queue 64 32 0 frame-relay lmi-type ansi ! interface Serial1/0.266 multipoint ip address 202.161.128.90 255.255.255.252 no ip directed-broadcast frame-relay map ip 202.161.128.89 266 frame-relay interface-dlci 267 ! interface Serial1/0.276 multipoint ip address 202.161.128.34 255.255.255.252 no ip directed-broadcast ip wccp web-cache redirect out frame-relay map ip 202.161.128.33 276 frame-relay interface-dlci 277 ! interface Serial1/2 description Leased line to Client ip address 202.161.158.233 255.255.255.252 no ip directed-broadcast rate-limit input 128000 16000 32000 conform-action transmit exceed-action drop no keepalive ! router bgp 64545 network 202.161.131.224 mask 255.255.255.224 network 202.161.137.0 network 202.161.158.0 network 202.161.159.0 neighbor 202.161.128.33 remote-as 11919 neighbor 202.161.128.33 soft-reconfiguration inbound neighbor 202.161.128.33 prefix-list 1 out neighbor 202.161.128.89 remote-as 11919 neighbor 202.161.128.89 soft-reconfiguration inbound neighbor 202.161.128.89 prefix-list 2 out ! ip classless ip route 0.0.0.0 0.0.0.0 202.161.128.33 ip route 202.161.131.224 255.255.255.224 Ethernet0/0 ip route 202.161.131.224 255.255.255.224 Null0 ip route 202.161.131.224 255.255.255.240 202.161.131.244 ip route 202.161.131.240 255.255.255.240 Ethernet0/0 ip route 202.161.137.0 255.255.255.0 202.161.158.234 (Serial of client) ! ip prefix-list 1 seq 5 permit 202.161.131.224/27 ip prefix-list 1 seq 10 permit 202.161.158.0/23 le 24 ! ip prefix-list 2 seq 5 permit 202.161.137.0/24 ! snmp-server engineID local 000902D058F83860 snmp-server community public RO snmp-server enable traps casa __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16782t=16782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Checking Speed for IPLC on Router [7:16783]
We have a 256Kbps IPLC on CISCO 3620. We feel that ISP is not providing us the speed for which we are paying. Is there any way to know the connection speed. Any CISCO Software or any command on Router or ANY Third Party Software ? Thanks In Advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16783t=16783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Thoughts on CCIE Written [7:14116]
Thanks Oliver, I will get the books you suggested and I have decided that I will take the Foundation and Support exam and then take CCIE written. In addition to knowledge that CCNP preparation provides, it also provides a recognition before getting CCIE status. The latter might take a while. Thanks again SP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16784t=14116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Using external routers to route between VLANs [7:16785]
Hamid, See Inline - Original Message - From: Hamid To: Sent: Wednesday, August 22, 2001 4:28 AM Subject: Problem Using external routers to route between VLANs [7:16781] Hi group, I was wondering if it is A MUST for the external routers's interface to be a 100Mb interface, is it possible to do the InterVlan routing on an ethernet port (10Mb) on a 2600 router? NT: That of course depends on the typical utilization of that external interface based on any statistics you should have gathered to support the need for a 10 or 100 MB connection. I tried to setup a simple scenario with my 2600 router in my home lab, setting the port connected to the 2600 router to TRUNK mode with isl encapsulation , and allowing all vlans. But when I tried to confgure the router's sub-interfaces I the following errors: Router3(config)#int ethernet 0/0.2 Router3(config-subif)#ip address 10.10.2.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. The other problem was that inthe SUBIF configuration mode I didn't have the ENCAPSULATION command available. Bellow is the output of the show version command: Router3#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 17:11 by pwade Image text-base: 0x80008088, data-base: 0x809C818C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router3 uptime is 6 hours, 3 minutes System returned to ROM by reload System image file is flash:c2600-io3-mz.122-3.bin cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory. Processor board ID JAD04390FCB (93659888) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea what the problem is? NT: Well I was able to test this new feature out on my 45xx model the other day and yes it worked just as expected(pretty cool). The only problem I had was that it only supports 802.1q and on the Cat5 the only blades that support 802.1q are the more expensive (WS-X5224R and a few others.) Most of the blades that folks purchase for their home labs come with the WS-X5213/5213A which only support ISL. I also did a check on CCO for your model and it would seem that this feature is only supported on the Enterprise set of the IOS. You're running the IP only IOS version. Here's a link to the features of 12.2 IOS features by model watch the word wrap... http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/xpr n122/122feats.htm#xtocid551238 Of course you'll have to lookat the memory requirements to complete the upgrade.. Hint: The upgrade required 32MB DRAM/16 flash. HTH Nigel . Thanx in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16785t=16785 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Using external routers to route between VLANs [7:16786]
As far as I know, trunking MUST be on at least a fast ethernet interface. Another way out is put an NM-1E ethernet module on your 2610 and put each interface in a different vlan. Or buy a 2620. I hate to say this, but, this has been gone over AT LENGTH over the last few months. Sorry to be the bearer of bad news. Tony - Original Message - From: Hamid To: Sent: Wednesday, August 22, 2001 1:28 AM Subject: Problem Using external routers to route between VLANs [7:16781] Hi group, I was wondering if it is A MUST for the external routers's interface to be a 100Mb interface, is it possible to do the InterVlan routing on an ethernet port (10Mb) on a 2600 router? I tried to setup a simple scenario with my 2600 router in my home lab, setting the port connected to the 2600 router to TRUNK mode with isl encapsulation , and allowing all vlans. But when I tried to confgure the router's sub-interfaces I the following errors: Router3(config)#int ethernet 0/0.2 Router3(config-subif)#ip address 10.10.2.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. The other problem was that inthe SUBIF configuration mode I didn't have the ENCAPSULATION command available. Bellow is the output of the show version command: Router3#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 17:11 by pwade Image text-base: 0x80008088, data-base: 0x809C818C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router3 uptime is 6 hours, 3 minutes System returned to ROM by reload System image file is flash:c2600-io3-mz.122-3.bin cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory. Processor board ID JAD04390FCB (93659888) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea what the problem is? Thanx in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16786t=16786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how to clear a router counter at frequency basis [7:16787]
Hi.. I need to clear counter on a router at frequency basis eg:1 day and save it to file in a PC? Is there any command or script that we can program in the router? CT == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16787t=16787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP!! The Cisco Code Windows XP [7:16604]
I might be repeating someone else here - I haven't followed the thread completely. The vulnerability you are talking about is documented in this field notice... http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml You have to be VERY careful when putting XP on your Cisco switched LAN, make sure you have new code and/or new SUP's. The 802.1x authentication option is also available on Win2k but it is disabled by default, on the XP beta it is enabled by default (not sure if the final release will be the same). It seems to boil down to STP ports in blocking mode forwarding the 802.1x packets. It has the potential to bring down a segment in double-quick time, just ask Xerox, apparently just one curious engineer's PC managed that trick, they now have a strict NO XP! policy on their network (allegedly). Regards Charlie --- Chuck Larrieu wrote: I did a little more checking on this. there is a known issue with XP clients and Catalyst 5000 switches with EARL 1 and certain software revisions. I may be misunderstanding this completely, but it is an issue with the interaction of the Cat 5K and XP when 802.1x port authentication is enabled. that got me to reading on 802.1x authentication. interesting. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: Tuesday, August 21, 2001 6:40 PM To: [EMAIL PROTECTED] Subject: RE: HELP!! The Cisco Code Windows XP [7:16604] perhaps boss heard about the mstcp thread... Brian Sonic Whalen Success = Preparation + Opportunity On Tue, 21 Aug 2001, Chuck Larrieu wrote: I'm sure you've had your fair share of smart remarks by now. So I won't add my own. I will remark that in fairness to your boss, there is probably something he has heard or read which caused him to look for reassurance. for example, is there a concern with VPN compatibility of operation using Win XP VPN client software? is there a security concern based upon published writings about the XP TCP stack? if the question is will Cisco routers pass traffic generated by XP machines? the answer is sure. why not after all, there is nothing in an IP or a TCP header that indicates the type of host OS that originates the packet. as long as the traffic is contained in valid packets, the router will pass process them. knowing that, may I recommend you sit down with the boss and ask what his concerns are. what has he read? what has he heard? why would he think there is reason to be concerned? hell, he could be a victim of MBBW ( Management By Business Week - where the president of the company saw something in Business Week Magazine over the weekend and on Monday morning told your boss to investigate and come back with report. ;- ( and yes, I know some bosses are she ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Smith Sent: Monday, August 20, 2001 5:38 PM To: [EMAIL PROTECTED] Subject: HELP!! The Cisco Code Windows XP [7:16604] Guys, After my boss delegated me to research all I can about what is need to upgrade if necessary our Cisco routers and switches to work with Windows-XP, I was only able to assert from information on the web that there is a bug in the switch software that is incompatible with XP. Does anyone here know of any valuable information that can help me with compiling an educated assessment of this research? Is anyone out there knowledgeable of this issue either from personal experience or from literature? I would really appreciate some feedback. The only problems that I have actually heard of thus far is that which occurred during the beta test that brought down one of Xerox's network. I understand that there is a patch that is available as a fix, in addition to the option of upgrading the Switch code. My question is: - a). Does the incompatibility only exist with the Switch software or with the router IOS as well? b). Is the patch the best way of dealing with the problem? I appreciate any help that I can get. Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [EMAIL PROTECTED] Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16790t=16604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Using external routers to route between VLANs [7:16789]
According to very recent studies (this morning on the train in fact), Trunking is only supported on Fast Ethernet and Gigabit Ethernet interfaces. Symon --- As far as I know, trunking MUST be on at least a fast ethernet interface. Another way out is put an NM-1E ethernet module on your 2610 and put each interface in a different vlan. Or buy a 2620. I hate to say this, but, this has been gone over AT LENGTH over the last few months. Sorry to be the bearer of bad news. Tony - Original Message - From: Hamid To: Sent: Wednesday, August 22, 2001 1:28 AM Subject: Problem Using external routers to route between VLANs [7:16781] Hi group, I was wondering if it is A MUST for the external routers's interface to be a 100Mb interface, is it possible to do the InterVlan routing on an ethernet port (10Mb) on a 2600 router? I tried to setup a simple scenario with my 2600 router in my home lab, setting the port connected to the 2600 router to TRUNK mode with isl encapsulation , and allowing all vlans. But when I tried to confgure the router's sub-interfaces I the following errors: Router3(config)#int ethernet 0/0.2 Router3(config-subif)#ip address 10.10.2.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. The other problem was that inthe SUBIF configuration mode I didn't have the ENCAPSULATION command available. Bellow is the output of the show version command: Router3#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 17:11 by pwade Image text-base: 0x80008088, data-base: 0x809C818C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router3 uptime is 6 hours, 3 minutes System returned to ROM by reload System image file is flash:c2600-io3-mz.122-3.bin cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory. Processor board ID JAD04390FCB (93659888) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea what the problem is? Thanx in advance Hamid [EMAIL PROTECTED] Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16789t=16789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to clear a router counter at frequency basis [7:16787]
Try expect script. HTH - Original Message - From: Sim, CT (Chee Tong) To: Sent: Wednesday, August 22, 2001 7:09 PM Subject: how to clear a router counter at frequency basis [7:16787] Hi.. I need to clear counter on a router at frequency basis eg:1 day and save it to file in a PC? Is there any command or script that we can program in the router? CT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16791t=16787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HELP!! The Cisco Code Windows XP [7:16604]
One XP machine also took out about half of AMD's Huston campus about 5 months ago. It does more that just take out segments, It can take out a whole network !!! The next day AMD circulated a memo that anyone connecting an XP machine to the network would receive disciplinary action Wooops !! Tony (Sill working at 4am PST) - Original Message - From: Charlie Hartwell To: Sent: Wednesday, August 22, 2001 3:34 AM Subject: RE: HELP!! The Cisco Code Windows XP [7:16604] I might be repeating someone else here - I haven't followed the thread completely. The vulnerability you are talking about is documented in this field notice... http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml You have to be VERY careful when putting XP on your Cisco switched LAN, make sure you have new code and/or new SUP's. The 802.1x authentication option is also available on Win2k but it is disabled by default, on the XP beta it is enabled by default (not sure if the final release will be the same). It seems to boil down to STP ports in blocking mode forwarding the 802.1x packets. It has the potential to bring down a segment in double-quick time, just ask Xerox, apparently just one curious engineer's PC managed that trick, they now have a strict NO XP! policy on their network (allegedly). Regards Charlie --- Chuck Larrieu wrote: I did a little more checking on this. there is a known issue with XP clients and Catalyst 5000 switches with EARL 1 and certain software revisions. I may be misunderstanding this completely, but it is an issue with the interaction of the Cat 5K and XP when 802.1x port authentication is enabled. that got me to reading on 802.1x authentication. interesting. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: Tuesday, August 21, 2001 6:40 PM To: [EMAIL PROTECTED] Subject: RE: HELP!! The Cisco Code Windows XP [7:16604] perhaps boss heard about the mstcp thread... Brian Sonic Whalen Success = Preparation + Opportunity On Tue, 21 Aug 2001, Chuck Larrieu wrote: I'm sure you've had your fair share of smart remarks by now. So I won't add my own. I will remark that in fairness to your boss, there is probably something he has heard or read which caused him to look for reassurance. for example, is there a concern with VPN compatibility of operation using Win XP VPN client software? is there a security concern based upon published writings about the XP TCP stack? if the question is will Cisco routers pass traffic generated by XP machines? the answer is sure. why not after all, there is nothing in an IP or a TCP header that indicates the type of host OS that originates the packet. as long as the traffic is contained in valid packets, the router will pass process them. knowing that, may I recommend you sit down with the boss and ask what his concerns are. what has he read? what has he heard? why would he think there is reason to be concerned? hell, he could be a victim of MBBW ( Management By Business Week - where the president of the company saw something in Business Week Magazine over the weekend and on Monday morning told your boss to investigate and come back with report. ;- ( and yes, I know some bosses are she ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Smith Sent: Monday, August 20, 2001 5:38 PM To: [EMAIL PROTECTED] Subject: HELP!! The Cisco Code Windows XP [7:16604] Guys, After my boss delegated me to research all I can about what is need to upgrade if necessary our Cisco routers and switches to work with Windows-XP, I was only able to assert from information on the web that there is a bug in the switch software that is incompatible with XP. Does anyone here know of any valuable information that can help me with compiling an educated assessment of this research? Is anyone out there knowledgeable of this issue either from personal experience or from literature? I would really appreciate some feedback. The only problems that I have actually heard of thus far is that which occurred during the beta test that brought down one of Xerox's network. I understand that there is a patch that is available as a fix, in addition to the option of upgrading the Switch code. My question is: - a). Does the incompatibility only exist with the Switch software or with the router IOS as well? b). Is the patch the best way of dealing with the problem? I appreciate any help that I can get. Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [EMAIL PROTECTED]
RE: Checking Speed for IPLC on Router [7:16783]
Sanjeev, Thanks I was having a similar problema nd was wondering where to look in for. If you get any clues, do let me know. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16794t=16783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Help! Locked out of my 7513 Router! [7:16769]
Try changing the stop bits to 1, which is the default, I believe. The up/down messages are normal during boot operations on an unused interface. Mark -Original Message- From: Richard Chang [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 12:58 AM To: [EMAIL PROTECTED] Subject:Help! Locked out of my 7513 Router! [7:16769] Dear Cisco Groupstudy Person: I locked myself out of my Cisco 7513 router somehow.My Keyboard has no effect. I'm not sure if this is the reason, but my most recent configuration change was to fill the No. 4 slot, previously blank, with a Fast Ethernet Card. Everytime I power cycle the router, it comes up again, goes through the boot sequence, and then freezes with a string of messages concerning the status of FE 3/0 and FE 4/0, first stating that they are up and then stating they are down. Even the password recovery technique where one uses the Break or ^[ Keys and then resets the Config Register can't be used. For some reason, the keyboard won't even work; it has no effect in this situation suddenly!!. I have carefully checked my Hyperterminal settings of 9600 baud ; Data bits=8 Parity=none stop bits=2 Flowcontrol=none Anybody have any idea why my keyboard is dead I am working with Vlan configurations on this Router. Please help! Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16793t=16769 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Netbeyond Etherswitch 1220 [7:16788]
Hi all, Does anyone have feedback regarding the Netbeyond Etherswitch 1220 from a CCNP lab perspective? I have a CAT5K, but need another switch to compliment my lab. I read in an old news report that these switches are IOS based, but searching google and cco it looks like they are only menu based, no K option like on a 1900. Any feedback greatly appreciated. Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16788t=16788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: books on PIX? [7:16720]
Hi group, The best books on PIX I've read so far are the manuals. Also the MCNS book from Cisco Press has some good info on the PIX. Regards === Panayiotis Psihoyios CCNP (Security, ATM), CCDP, MCP Network Engineer Synet S.A. 118 B, Agias Eleousis Street Marousi GR 151 25 Greece Tel: ++ 301 0 61 29 500 Fax: ++ 301 0 61 25 313 http://www.synet.com.gr === -Original Message- From: sam sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 11:10 PM To: [EMAIL PROTECTED] Subject: books on PIX? [7:16720] Anyone know of any good introductory books on PIX firewalls? Something nice and simple that has a beginning, middle, and an ending.(Most authors of tech books miss this concept). I'd rather not have to jump around in CCO land getting snippets of different functionalities that I probably would never have to implement. Just the basics. Thanks. Sam Sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16795t=16720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback0 with Mask of 255.255.255.255 ?? [7:16796]
Is there a preferred addressing scheme for loopback address when implementing OSPF? Recently, I read in Cisco Routers for IP Routing, Little Black Book using 10.0.0.2/32? What is your experience using 32 bit mask? Thank you. Dorothy Dorothy Edmondson, CCNP +Voice Access, CCNA, CCDA, CCSI WCS , FIS Quality Practices *Mail: NCR Corporation 1529 Brown St. EMD-4 Dayton, OH 45479 * E-Mail: [EMAIL PROTECTED] *Office:Voice: 937 445-4133 VP 622-4133 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16796t=16796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quick CCIE Written Question [7:16797]
Does the longest match rule always override administrative distance?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16797t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loopback0 with Mask of 255.255.255.255 ?? [7:16796]
We use valid addresses as loopback in OSPF, so we assigned an entire class C to loopbackaddresses on routers. it works fine. -Original Message- From: Edmondson, Dorothy M [mailto:[EMAIL PROTECTED]] Sent: quarta-feira, 22 de agosto de 2001 10:03 To: [EMAIL PROTECTED] Subject: Loopback0 with Mask of 255.255.255.255 ?? [7:16796] Is there a preferred addressing scheme for loopback address when implementing OSPF? Recently, I read in Cisco Routers for IP Routing, Little Black Book using 10.0.0.2/32? What is your experience using 32 bit mask? Thank you. Dorothy Dorothy Edmondson, CCNP +Voice Access, CCNA, CCDA, CCSI WCS , FIS Quality Practices *Mail: NCR Corporation 1529 Brown St. EMD-4 Dayton, OH 45479 * E-Mail: [EMAIL PROTECTED] *Office:Voice: 937 445-4133 VP 622-4133 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16798t=16796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16800t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
Yes, it does. rgds, -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 6:49 PM To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16799t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX design question [7:16801]
We are in the middle of migrating to a new network, this includes replacing Checkpoint firewalls with PIX. My question concerns the proposed design of the Internet and IntrAnet PIX firewalls and in particular a connection between the two firewalls. It has been suggested that we connect the IntrAnet firewall's outside interface to one of the Internet firewalls DMZs. I can see that this may reduce latency for traffic passing to the internet from our intrAnet but I'd like to hear anyone's thoughts on this one, routing or security issues perhaps. Another design issue which was raised was the placement of some servers in the same outside interface of the intrAnet firewall. These servers would require access to one of the intrAnet firewall's DMZ and be accessible from another DMZ on the internet firewall which are in turn are accessible from the Internet. This seems a bit of a complicated design and could be a security loophole (??). Thoughts and experiences please regards Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16801t=16801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Promiscous interface and remote users [7:16734]
If it is truely in promiscuos mode, there should not be any problem. You can test this by pinging the ip address. (It should not respond) alot of drivers do not allow for full promiscuity however. Remember it's not the app that talks to the nic, it's the driver. Some companies do offer promiscuous drivers however if yours does not. NAI also has their own drivers built for specific nics. (of course you ahve to use they're product to take advantage) These drivers are advanced prmiscuous drivers that allow you to see runts and the like across the wire. But if you are willing to take a server down by putting it's nic in promiscuous mode, why not just unbind IP from that interface? -Patrick Subba Rao 08/21/01 05:39PM Hi, We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet interfaces on both the systems in promiscuous mode. Currently we are not worried about any local users on the system. Are there any threats from remote users on the promiscuous interface, on either system? When I say remote users, I am talking about John Doe on our network who has no business with either of these system. John Doe could be on Internet as well but has no user accounts on these systems. Would he get any vulnerable information from the sniffer interfaces on either system? Thank you in advance for any info. -- Subba Rao [EMAIL PROTECTED] http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16802t=16734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Tacacs+ configuration for Ldap needed [7:16803]
Is Any body knows the right configuration of Tacacs+ with Ldap Server or have any idea about this? Regards Arshad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16803t=16803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback0 with Mask of 255.255.255.255 ?? [7:16796]
Assigning recognizable addresses with /32 masks would be considered best practises in my opinion. Ideally, these are publicly routable in the SP space. *** REPLY SEPARATOR *** On 8/22/2001 at 9:02 AM Edmondson, Dorothy M wrote: Is there a preferred addressing scheme for loopback address when implementing OSPF? Recently, I read in Cisco Routers for IP Routing, Little Black Book using 10.0.0.2/32? What is your experience using 32 bit mask? Thank you. Dorothy Dorothy Edmondson, CCNP +Voice Access, CCNA, CCDA, CCSI WCS , FIS Quality Practices *Mail: NCR Corporation 1529 Brown St. EMD-4 Dayton, OH 45479 * E-Mail:[EMAIL PROTECTED] *Office: Voice: 937 445-4133 VP 622-4133 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16805t=16796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX design question [7:16801]
If you are goign to buy 2 for sure, why not use them in statefull failover? And not double segregate intra/internets? Purchase say 2 525's with 1 fastethernet card per box. (has 4 ports) Your in and out interfaces can be the built in fastE ports and the remainder can be for various DMZ's and private networks. -Patrick Patrick Donlon 08/22/01 09:56AM We are in the middle of migrating to a new network, this includes replacing Checkpoint firewalls with PIX. My question concerns the proposed design of the Internet and IntrAnet PIX firewalls and in particular a connection between the two firewalls. It has been suggested that we connect the IntrAnet firewall's outside interface to one of the Internet firewalls DMZs. I can see that this may reduce latency for traffic passing to the internet from our intrAnet but I'd like to hear anyone's thoughts on this one, routing or security issues perhaps. Another design issue which was raised was the placement of some servers in the same outside interface of the intrAnet firewall. These servers would require access to one of the intrAnet firewall's DMZ and be accessible from another DMZ on the internet firewall which are in turn are accessible from the Internet. This seems a bit of a complicated design and could be a security loophole (??). Thoughts and experiences please regards Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16806t=16801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: how to clear a router counter at frequency basis [7:16787]
What is expect script ? Can u pls elaborate ..Thks Vijendra .. Engelhard M. Labiro wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try expect script. HTH - Original Message - From: Sim, CT (Chee Tong) To: Sent: Wednesday, August 22, 2001 7:09 PM Subject: how to clear a router counter at frequency basis [7:16787] Hi.. I need to clear counter on a router at frequency basis eg:1 day and save it to file in a PC? Is there any command or script that we can program in the router? CT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16804t=16787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject:RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16807t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX design question [7:16801]
Yes we have already planned for that, we've ordered 4 PIX in total with 8 interfaces in each. What do you mean by double segregate intra/internets? cheers Pat - Original Message - From: Patrick Ramsey To: ; Sent: Wednesday, August 22, 2001 4:00 PM Subject: Re: PIX design question [7:16801] If you are goign to buy 2 for sure, why not use them in statefull failover? And not double segregate intra/internets? Purchase say 2 525's with 1 fastethernet card per box. (has 4 ports) Your in and out interfaces can be the built in fastE ports and the remainder can be for various DMZ's and private networks. -Patrick Patrick Donlon 08/22/01 09:56AM We are in the middle of migrating to a new network, this includes replacing Checkpoint firewalls with PIX. My question concerns the proposed design of the Internet and IntrAnet PIX firewalls and in particular a connection between the two firewalls. It has been suggested that we connect the IntrAnet firewall's outside interface to one of the Internet firewalls DMZs. I can see that this may reduce latency for traffic passing to the internet from our intrAnet but I'd like to hear anyone's thoughts on this one, routing or security issues perhaps. Another design issue which was raised was the placement of some servers in the same outside interface of the intrAnet firewall. These servers would require access to one of the intrAnet firewall's DMZ and be accessible from another DMZ on the internet firewall which are in turn are accessible from the Internet. This seems a bit of a complicated design and could be a security loophole (??). Thoughts and experiences please regards Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16808t=16801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
Administrative Distance and the longest-match rule apply to two separate processes. Remember, there is a route installation process and a route lookup process. AD matters only during the installation process. When a router receives an update for the identical route from more than one routing protocol, it uses AD to determine which to actually place into the routing table. After this point, AD is irrelevant. When the router is choosing a route for a specific destination then the longest-match rule comes into play and the router will *always* choose the route associated with the longest matching prefix in the table. I hope that makes sense. I haven't finished my first cup of coffee so I can't be held responsible for my ramblings. If that doesn't make sense, let me know and I'll rephrase it. Regards, John Wright, Jeremy 8/22/01 8:17:08 AM So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject:RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16809t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
access-lists supported on 2948G-L3? [7:16810]
I was trying to set up accesslists on an interface on a 2948G-L3 switch last night for an hour to no avail. The switch showed my access-list when doing a sh ip int fa47 and the list was correct. I even applied a new list stating only deny ip any any. Traffic still came through . It was applied correctly as inbound as well. I did show logging and saw: 45w4d: ACL card not present for interface FastEthernet47 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) 45w4d: ACL card not present for interface FastEthernet47 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) It looks like I need and ACL card. I never heard of this, has anyone else? This is an $8000 switch capable of CEF, MLS and a while bunch of other features. Please don't tell that with all these features it can't do access-lists as is. Its classified as a distrubution layer switch, where ironically Cisco says to put your access-lists in their design model and I can't seem to get it going. any help would be appreciated... sam sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16810t=16810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quick CCIE Written Question [7:16797]
I don't think this is correct: If you have a route learned by EIGRP and a more specific (longer match) route learned by OSPF, both will go to the routing table, by the same reason that you still have a route learned by any routing protocol on the table even if you have a more specific route staticaly defined (which has a lower administrative distance). With both routes int the routing table, then the longest match will count... Ednilson Rosa - Original Message - From: McCallum, Robert To: Sent: Wednesday, August 22, 2001 10:48 AM Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16812t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
On Wed, 22 Aug 2001, Wright, Jeremy wrote: So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. I guess that would depend where you are trying to go! You must provide a destination for someone to answer that question :) Brian -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject:RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Scarlett Parria [EMAIL PROTECTED] [EMAIL PROTECTED] 318-213-4709 318-213-4701 Netjam, LLC http://www.netjam.net 333 Texas St. VISA/MC/AMEX/COD Suite 140130 day warranty Shreveport, LA 71101 Cisco Channel Partner toll free: 866-2NETJAM phone: 318-212-0245 fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16811t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quick CCIE Written Question [7:16797]
In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16814t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN and Digital Certificates [7:16813]
Can someone explain in detail or show me a link that shows/explains in detail what a digital certificate does for a VPN concentrator and a VPN client. In addition I'm trying to find the purpose, how it does it, etc. I'm having a hard time understanding what role, why and how digital plays with VPN concentrator and client. For instance, does a VPN client digital certificate talk to a VPN Concentrator certificate, does a client cert. talk to a CA to determine who it is, what is the purpose of a digital certificate for a vpn conconcentrator, etc. Thanks in advance. T _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16813t=16813 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quick CCIE Written Question [7:16797]
I'm sorry, I've just made a mistake and you were correct: in the example you gave just EIGRP route would get to the routing table. If we had the opposite, with a more specific route learned by EIGRP and another less specific route learned by OSPF, then we would have both on the routing table and the longest match rule would act. So, the rule is: the admin distance is used by the router to choose which route to put on the table. Since routes are already there, then the longest match will count. My apologies, Ednilson Rosa - Original Message - From: Ednilson Rosa To: McCallum, Robert ; Sent: Wednesday, August 22, 2001 11:33 AM Subject: Re: Quick CCIE Written Question [7:16797] I don't think this is correct: If you have a route learned by EIGRP and a more specific (longer match) route learned by OSPF, both will go to the routing table, by the same reason that you still have a route learned by any routing protocol on the table even if you have a more specific route staticaly defined (which has a lower administrative distance). With both routes int the routing table, then the longest match will count... Ednilson Rosa - Original Message - From: McCallum, Robert To: Sent: Wednesday, August 22, 2001 10:48 AM Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16815t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
That makes perfect sense, and is a good explanation imho Symon --- Administrative Distance and the longest-match rule apply to two separate processes. Remember, there is a route installation process and a route lookup process. AD matters only during the installation process. When a router receives an update for the identical route from more than one routing protocol, it uses AD to determine which to actually place into the routing table. After this point, AD is irrelevant. When the router is choosing a route for a specific destination then the longest-match rule comes into play and the router will *always* choose the route associated with the longest matching prefix in the table. I hope that makes sense. I haven't finished my first cup of coffee so I can't be held responsible for my ramblings. If that doesn't make sense, let me know and I'll rephrase it. Regards, John Wright, Jeremy 8/22/01 8:17:08 AM So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject:RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] [EMAIL PROTECTED] Cheers, Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16816t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access-lists supported on 2948G-L3? [7:16810]
Last time I looked it up, Unless software has changed, the 2948G-L3 only supported standard access-lists. I could be wrong, did you try upgrading software ? Tony M. - Original Message - From: sam sneed To: Sent: Wednesday, August 22, 2001 7:42 AM Subject: access-lists supported on 2948G-L3? [7:16810] I was trying to set up accesslists on an interface on a 2948G-L3 switch last night for an hour to no avail. The switch showed my access-list when doing a sh ip int fa47 and the list was correct. I even applied a new list stating only deny ip any any. Traffic still came through . It was applied correctly as inbound as well. I did show logging and saw: 45w4d: ACL card not present for interface FastEthernet47 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) 45w4d: ACL card not present for interface FastEthernet47 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) It looks like I need and ACL card. I never heard of this, has anyone else? This is an $8000 switch capable of CEF, MLS and a while bunch of other features. Please don't tell that with all these features it can't do access-lists as is. Its classified as a distrubution layer switch, where ironically Cisco says to put your access-lists in their design model and I can't seem to get it going. any help would be appreciated... sam sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16817t=16810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16818t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access-lists supported on 2948G-L3? [7:16810]
I haven't upgraded. I have only been working with cisco stuff for 3 months so I'm kind of new to this and passing my CCNA didn't do me much good with this problem. This is the version. I think its current: Cisco-2948GL3#sh ver Cisco Internetwork Operating System Software IOS (tm) L3 Switch/Router Software (CAT2948G-IN-M), Version 12.0(7)WX5(15a) RELEASE SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Thu 06-Jan-00 18:31 by integ Image text-base: 0x60010928, data-base: 0x605A ROM: System Bootstrap, Version 12.0(7)W5(15) RELEASE SOFTWARE Tony Medeiros wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Last time I looked it up, Unless software has changed, the 2948G-L3 only supported standard access-lists. I could be wrong, did you try upgrading software ? Tony M. - Original Message - From: sam sneed To: Sent: Wednesday, August 22, 2001 7:42 AM Subject: access-lists supported on 2948G-L3? [7:16810] I was trying to set up accesslists on an interface on a 2948G-L3 switch last night for an hour to no avail. The switch showed my access-list when doing a sh ip int fa47 and the list was correct. I even applied a new list stating only deny ip any any. Traffic still came through . It was applied correctly as inbound as well. I did show logging and saw: 45w4d: ACL card not present for interface FastEthernet47 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) 45w4d: ACL card not present for interface FastEthernet47 45w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.10.100) It looks like I need and ACL card. I never heard of this, has anyone else? This is an $8000 switch capable of CEF, MLS and a while bunch of other features. Please don't tell that with all these features it can't do access-lists as is. Its classified as a distrubution layer switch, where ironically Cisco says to put your access-lists in their design model and I can't seem to get it going. any help would be appreciated... sam sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16819t=16810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Command to route directly to host [7:16820]
Hi, I need your help !!! I need to set a router to route all the incoming in a determined serial to a specific host and not to a router port, this host is a proxy and all the packets should go there. Maybe there is a simple command but I really dont know. Can you guys helpme ? Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16820t=16820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Command to route directly to host [7:16820]
It's a simple static route just like you would send it to another router the only problem here is that you aren't going to be able to route proxy information like you want to. The client has to be configured to use the proxy. Not the router. Your best bet is to acl the default route out so nobody can use it, then set the clients to use the proxy server as you wish. -Patrick Leonardo Toco 08/22/01 11:23AM Hi, I need your help !!! I need to set a router to route all the incoming in a determined serial to a specific host and not to a router port, this host is a proxy and all the packets should go there. Maybe there is a simple command but I really dont know. Can you guys helpme ? Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16821t=16820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Quick CCIE Written Question [7:16797]
-Original Message- From: Wright, Jeremy Sent: Wednesday, August 22, 2001 10:20 AM To: 'Peter Slow' Subject:RE: Quick CCIE Written Question [7:16797] I may be wrong on this but this is what I am guessing: It will choose the route with the lowest AD and put it into the routing table...if we have 2 routes to a network in the routing table, then the longest match applies. Please let me know what you all think. Thanks again. -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:17 AM To: [EMAIL PROTECTED] Subject:RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16822t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quick CCIE Written Question [7:16797]
I bet 1$ on the static /26 Teresa - Original Message - From: Peter Slow To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 5:16 PM Subject: RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16823t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN speed improving by new Cisco software [7:16825]
Is any body know about new Cisco software and simple configuration on 7200 and 5300 which makes ISDN Dialup customer can connect to ISP at double speed. Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16825t=16825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem Using external routers to route between VLANs [7:16826]
Trunking must use a Fast Ethernet or Gigabit Ethernet port, however you can use simple access links (non-trunking connections) to a single 10 Mbps Ethernet port on a router. The number of VLANs the router can route is dependent upon the number of interfaces the router has. Each VLAN requires its own dedicated 10 Mbps Ethernet port. -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Medeiros Sent: Wednesday, August 22, 2001 4:06 AM To: [EMAIL PROTECTED] Subject: Re: Problem Using external routers to route between VLANs [7:16786] As far as I know, trunking MUST be on at least a fast ethernet interface. Another way out is put an NM-1E ethernet module on your 2610 and put each interface in a different vlan. Or buy a 2620. I hate to say this, but, this has been gone over AT LENGTH over the last few months. Sorry to be the bearer of bad news. Tony - Original Message - From: Hamid To: Sent: Wednesday, August 22, 2001 1:28 AM Subject: Problem Using external routers to route between VLANs [7:16781] Hi group, I was wondering if it is A MUST for the external routers's interface to be a 100Mb interface, is it possible to do the InterVlan routing on an ethernet port (10Mb) on a 2600 router? I tried to setup a simple scenario with my 2600 router in my home lab, setting the port connected to the 2600 router to TRUNK mode with isl encapsulation , and allowing all vlans. But when I tried to confgure the router's sub-interfaces I the following errors: Router3(config)#int ethernet 0/0.2 Router3(config-subif)#ip address 10.10.2.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. The other problem was that inthe SUBIF configuration mode I didn't have the ENCAPSULATION command available. Bellow is the output of the show version command: Router3#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 17:11 by pwade Image text-base: 0x80008088, data-base: 0x809C818C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router3 uptime is 6 hours, 3 minutes System returned to ROM by reload System image file is flash:c2600-io3-mz.122-3.bin cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory. Processor board ID JAD04390FCB (93659888) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea what the problem is? Thanx in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16826t=16826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Quick CCIE Written Question [7:16797]
oops. diddn't click reply all... -Original Message- From: Peter Slow Sent: Wednesday, August 22, 2001 11:43 AM To: 'Wright, Jeremy'; Peter Slow Subject: RE: Quick CCIE Written Question [7:16797] when we speak about a network, we speak about a pair, a net id and a netmask if we learn a route to a NETWORK, from eigrp, ospf, and from a static, we will ONLY see the static in the routing table. when we learn of a more specific network (not necesarily that falls under that network, (again, a pair, a net id and a netmask) it has a longer mask, and although there is alread an entry that matches the network it is specifying, it is inserted into the table. lets say we only have one of these more specific routes, it doesnt matter where it's learned from. it pops up in the routing table. its NOT the same network. then, it matches all addresses matching it's network, even though they fall under the other route with the lower admin distance, because it's LONGER. ip route any.one.who.dis agr.ees.255.0 null 0 -humboldt -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:20 AM To: 'Peter Slow' Subject: RE: Quick CCIE Written Question [7:16797] I may be wrong on this but this is what I am guessing: It will choose the route with the lowest AD and put it into the routing table...if we have 2 routes to a network in the routing table, then the longest match applies. Please let me know what you all think. Thanks again. -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:17 AM To: [EMAIL PROTECTED] Subject:RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16824t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Command to route directly to host [7:16820]
you meant a router INTERFACE. a port is a tcp or udp port. -Original Message- From: Leonardo Toco [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:23 AM To: [EMAIL PROTECTED] Subject: Command to route directly to host [7:16820] Hi, I need your help !!! I need to set a router to route all the incoming in a determined serial to a specific host and not to a router port, this host is a proxy and all the packets should go there. Maybe there is a simple command but I really dont know. Can you guys helpme ? Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16827t=16820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Promiscous interface and remote users [7:16734]
Hi what are you mean exactly by unbind IP from that interface is it ifconfig 0.0.0.0 for UNIX or something else thank you in advance toly -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:04 PM To: [EMAIL PROTECTED] Subject: Re: Promiscous interface and remote users [7:16734] If it is truely in promiscuos mode, there should not be any problem. You can test this by pinging the ip address. (It should not respond) alot of drivers do not allow for full promiscuity however. Remember it's not the app that talks to the nic, it's the driver. Some companies do offer promiscuous drivers however if yours does not. NAI also has their own drivers built for specific nics. (of course you ahve to use they're product to take advantage) These drivers are advanced prmiscuous drivers that allow you to see runts and the like across the wire. But if you are willing to take a server down by putting it's nic in promiscuous mode, why not just unbind IP from that interface? -Patrick Subba Rao 08/21/01 05:39PM Hi, We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet interfaces on both the systems in promiscuous mode. Currently we are not worried about any local users on the system. Are there any threats from remote users on the promiscuous interface, on either system? When I say remote users, I am talking about John Doe on our network who has no business with either of these system. John Doe could be on Internet as well but has no user accounts on these systems. Would he get any vulnerable information from the sniffer interfaces on either system? Thank you in advance for any info. -- Subba Rao [EMAIL PROTECTED] http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16828t=16734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
The most specific route- mask wise. Easy peasy lemon squeezy. Ask me another Bamber. -Original Message- From: Teresa Presutto [SMTP:[EMAIL PROTECTED]] Sent: 22 August 2001 16:50 To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] I bet 1$ on the static /26 Teresa - Original Message - From: Peter Slow To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 5:16 PM Subject: RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16829t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Am i using LDP or TDP right now? [7:16832]
I DONT get this... the commands say LDP but the output says TDP so anyone know which this version is using? I'm looking on CCO now and have yet to find a decisive answer... c3660#sh version Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3660-JS-M), Version 12.2(2)T, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 02-Jun-01 17:02 by ccai Image text-base: 0x600089C0, data-base: 0x616A ROM: System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1) ROM: 3600 Software (C3660-JS-M), Version 12.2(2)T, RELEASE SOFTWARE (fc1) c3660 uptime is 5 weeks, 1 day, 15 hours, 47 minutes System returned to ROM by reload System image file is flash:c3660-js-mz.122-2.T.bin cisco 3660 (R527x) processor (revision C0) with 189440K/7168K bytes of memory. Processor board ID JAB0443C10M R527x CPU at 225Mhz, Implementation 40, Rev 10.0, 2048KB L2 Cache Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 3660 Chassis type: ENTERPRISE 2 FastEthernet/IEEE 802.3 interface(s) 4 Serial network interface(s) 2 Voice FXO interface(s) 2 Voice FXS interface(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 32768K bytes of processor board System flash (Read/Write) Configuration register is 0x101 (will be 0x2102 at next reload) c3660#show mpls ldp neighbor Peer TDP Ident: 10.72.0.6:0; Local TDP Ident 10.0.36.60:0 TCP connection: 10.72.0.6.15826 - 10.0.36.60.711 State: Oper; PIEs sent/rcvd: 34/35; Downstream Up time: 00:27:34 TDP discovery sources: Tunnel0, Src IP addr: 172.0.0.1 Addresses bound to peer TDP Ident: 64.61.26.16164.61.24.10210.72.0.6 172.0.0.1 172.0.0.5 c3660# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16832t=16832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2611 router and ILS-2000 ISDN Simulator [7:16830]
Hi! Sorry for OT. I would like to sell my 2611 (16M Flash, 64M DRAM) and Teltone Simulator of my lab for $2500. Please email me directly. Thanks Michael _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16830t=16830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: Quick CCIE Written Question [7:16797]
Good reading on this: http://www.cisco.com/warp/public/105/21.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16831t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP in IP GRE tunneling [7:16833]
Hi, What's advantage or use of IP in IP GRE tunneling ? Thank you. Regards, YY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16833t=16833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DHCP problems on bridged WAN over Frame Relay [7:16834]
I cannot find help for this in my CIT book nor at Cisco's website, so I would kindly ask for your assistance here. I have three routers and two computers. WinNT---RouterB---RouterA---RouterC---Win98 RouterA is setup to act as a Frame Relay Switch. RouterB and RouterC are each connected to RouterA. The PVC between RouterB and RouterC is working great, and they are setup as a bridged WAN, so the LAN that RouterB is connected to is also the LAN that Router C is serving. I have on the LAN (10.0.0.0/8) connected to RouterB an NT 4.0 Server (10.1.1.1) with DHCP running on it. I can ping this server from RouterB and RouterC. I have on RouterB and RouterC typed in the following ip dhcp server 10.1.1.1 ip dhcp relay information option On RouterC's LAN (10.0.0.0/8) I have connected a Windows 98 workstation and specified it to get it's IP information from a DHCP server - however, it cannot find any. What am I missing here? Thanks in advance, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16834t=16834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Quick CCIE Written Question [7:16797]
Assume the following prefixes available in your routing table (taken from original example): 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static All three would be entered into the table since they have different mask lengths. If a packet destined for 10.1.1.1 were to hit the router, which route would it choose? The /28 would be used because it is the matching prefix with the longest mask length. To the person who contends that the /26 would be chosen, can you explain your reasoning? Regards, John Fomes Iain 8/22/01 10:10:13 AM The most specific route- mask wise. Easy peasy lemon squeezy. Ask me another Bamber. -Original Message- From: Teresa Presutto [SMTP:[EMAIL PROTECTED]] Sent: 22 August 2001 16:50 To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] I bet 1$ on the static /26 Teresa - Original Message - From: Peter Slow To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 5:16 PM Subject: RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16835t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Loopback0 with Mask of 255.255.255.255 ?? [7:16796]
Loopback is always advertised as 32bit host route no matter what mask you assign to it. To advertise it as a subnet route, use ip ospf network point-to-point under int loop0 Cheers, YY -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Edmondson, Dorothy M Sent: Wednesday, August 22, 2001 9:03 PM To: [EMAIL PROTECTED] Subject: Loopback0 with Mask of 255.255.255.255 ?? [7:16796] Is there a preferred addressing scheme for loopback address when implementing OSPF? Recently, I read in Cisco Routers for IP Routing, Little Black Book using 10.0.0.2/32? What is your experience using 32 bit mask? Thank you. Dorothy Dorothy Edmondson, CCNP +Voice Access, CCNA, CCDA, CCSI WCS , FIS Quality Practices *Mail: NCR Corporation 1529 Brown St. EMD-4 Dayton, OH 45479 * E-Mail: [EMAIL PROTECTED] *Office:Voice: 937 445-4133 VP 622-4133 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16837t=16796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Command to route directly to host [7:16820]
Use policy routing: int s0 ip policy route-map TEST route-map TEST permit match ip address 1 set ip next-hop (your host IP) access-list 1 permit any Cheers, YY -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leonardo Toco Sent: Wednesday, August 22, 2001 11:23 PM To: [EMAIL PROTECTED] Subject: Command to route directly to host [7:16820] Hi, I need your help !!! I need to set a router to route all the incoming in a determined serial to a specific host and not to a router port, this host is a proxy and all the packets should go there. Maybe there is a simple command but I really dont know. Can you guys helpme ? Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16836t=16820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Promiscous interface and remote users [7:16734]
It rally depends on your version of ifconfig/what kernel your using/what adapter you have. Tell us those things and we'll try and help. otherwise read RTFM (granted the man page doesnt have the promisc flag, the option for you is promisc.) -humboldt bash-2.03$ man ifconfig IFCONFIG(8) FreeBSD System Manager's Manual IFCONFIG(8) NAME ifconfig - configure network interface parameters SYNOPSIS ifconfig interface address_family [address [dest_address]] [parameters] ifconfig -a [-d] [-u] [address_family] ifconfig -l [-d] [-u] [address_family] DESCRIPTION Ifconfig is used to assign an address to a network interface and/or con- figure network interface parameters. Ifconfig must be used at boot time to define the network address of each interface present on a machine; it may also be used at a later time to redefine an interface's address or other operating parameters. The following options are available: address For the DARPA-Internet family, the address is either a host name present in the host name data base, hosts(5), or a DARPA Inter- net address expressed in the Internet standard ``dot notation''. address_family Specify the address family which affects interpretation of the remaining parameters. Since an interface can receive transmis- sions in differing protocols with different naming schemes, spec- ifying the address family is recommended. The address or proto- col families currently supported are ``inet'', ``atalk'', and ``ipx''. dest_address Specify the address of the correspondent on the other end of a point to point link. interface This parameter is a string of the form ``name unit'', for exam- ple, ``en0''. The following parameters may be set with ifconfig: alias Establish an additional network address for this interface. This is sometimes useful when changing network numbers, and one wishes to accept packets addressed to the old interface. arp Enable the use of the Address Resolution Protocol in mapping be- tween network level addresses and link level addresses (default). This is currently implemented for mapping between DARPA Internet addresses and 10Mb/s Ethernet addresses. -arpDisable the use of the Address Resolution Protocol. broadcast (Inet only) Specify the address to use to represent broadcasts to the network. The default broadcast address is the address with a host part of all 1's. debug Enable driver dependent debugging code; usually, this turns on extra console error logging. -debug Disable driver dependent debugging code. delete Remove the network address specified. This would be used if you incorrectly specified an alias, or it was no longer needed. If you have incorrectly set an NS address having the side effect of specifying the host portion, removing all NS addresses will allow you to respecify the host portion. downMark an interface ``down''. When an interface is marked ``down'', the system will not attempt to transmit messages through that interface. If possible, the interface will be reset to disable reception as well. This action does not automatically disable routes using the interface. media type If the driver supports the media selection system, set the media type of the interface to type. Some interfaces support the mutu- ally exclusive use of one of several different physical media connectors. For example, a 10Mb/s Ethernet interface might sup- port the use of either AUI or twisted pair connectors. Setting the media type to ``10base5/AUI'' would change the currently ac- tive connector to the AUI port. Setting it to ``10baseT/UTP'' would activate twisted pair. Refer to the interfaces' driver specific documentation or man page for a complete list of the available types. mediaopt opts If the driver supports the media selection system, set the speci- fied media options on the interface. Opts is a comma delimited list of options to apply to the interface. Refer to the inter- faces' driver specific man page for a complete list of available options. -mediaopt opts If the driver supports the media selection system, disable the specified media options on the interface. metric n Set the routing metric of the interface to n, default 0. The routing metric
RE: The choice of default-network [7:16777]
All of them, as long as the network is reachable. Packets will be load-balanced for those 5 default routes. Cheers, YY -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vijendra Jaiswal Sent: Wednesday, August 22, 2001 3:32 PM To: [EMAIL PROTECTED] Subject: The choice of default-network [7:16777] Can anyone pls tell me on what basis the entry of one of the default-network given in the configuration , is made in the routing table . For e.g : The router is having 03 upstream providers with OSPF and BGP running Provider 1) Default network: 10.0.0.0 Deault network :192.181.35.0 Default network: 192.140.0.0 Provider 2) Default network 204.45.56.0 Provider 2) Default network 209.10.70.0 All the above entries are made in the routing table using the ip default-network command. Hence the router is having 05 default network in the routing table. Pls help me in letting me know of the above 05 default network given , which one of them will be listed in the routing table as gateway of last resort when one sees using the command show ip route . And pls tell me on what basis the particular network will be choosen as gateway of last resort Hoping that you will help me in solving this mystry for meThanks. Vijendra -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16839t=16777 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP problems on bridged WAN over Frame Relay [7:16834]
btw, i think you should remove any configuratio you have on the routers pertaining to DHCP. you dont need them. we are BRIDGED =) helper addresses and the like are for routed stuff, we dont want that here. have you tried this config without any dhcp stuff on the routers? ...this is what i would recomend. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 12:27 PM To: [EMAIL PROTECTED] Subject: DHCP problems on bridged WAN over Frame Relay [7:16834] I cannot find help for this in my CIT book nor at Cisco's website, so I would kindly ask for your assistance here. I have three routers and two computers. WinNT---RouterB---RouterA---RouterC---Win98 RouterA is setup to act as a Frame Relay Switch. RouterB and RouterC are each connected to RouterA. The PVC between RouterB and RouterC is working great, and they are setup as a bridged WAN, so the LAN that RouterB is connected to is also the LAN that Router C is serving. I have on the LAN (10.0.0.0/8) connected to RouterB an NT 4.0 Server (10.1.1.1) with DHCP running on it. I can ping this server from RouterB and RouterC. I have on RouterB and RouterC typed in the following ip dhcp server 10.1.1.1 ip dhcp relay information option On RouterC's LAN (10.0.0.0/8) I have connected a Windows 98 workstation and specified it to get it's IP information from a DHCP server - however, it cannot find any. What am I missing here? Thanks in advance, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16840t=16834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP in IP GRE tunneling [7:16833]
I think the main advantage is easy to configure and troubleshoot. We have all VPN links using GRE tunneling with and without IPSEC and it works fine. -Original Message- From: YY [mailto:[EMAIL PROTECTED]] Sent: quarta-feira, 22 de agosto de 2001 13:23 To: [EMAIL PROTECTED] Subject: IP in IP GRE tunneling [7:16833] Hi, What's advantage or use of IP in IP GRE tunneling ? Thank you. Regards, YY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16842t=16833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem Using external routers to route between VLANs [7:16841]
I know you meant ethernet trunking. of course you did, you couldnt have forgotten ATM and FDDI. Or token ring for that matter. And you meant fastethernet interface, diddnt you? -humboldt -Original Message- From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:57 AM To: [EMAIL PROTECTED] Subject: RE: Problem Using external routers to route between VLANs [7:16826] Trunking must use a Fast Ethernet or Gigabit Ethernet port, however you can use simple access links (non-trunking connections) to a single 10 Mbps Ethernet port on a router. The number of VLANs the router can route is dependent upon the number of interfaces the router has. Each VLAN requires its own dedicated 10 Mbps Ethernet port. -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Medeiros Sent: Wednesday, August 22, 2001 4:06 AM To: [EMAIL PROTECTED] Subject: Re: Problem Using external routers to route between VLANs [7:16786] As far as I know, trunking MUST be on at least a fast ethernet interface. Another way out is put an NM-1E ethernet module on your 2610 and put each interface in a different vlan. Or buy a 2620. I hate to say this, but, this has been gone over AT LENGTH over the last few months. Sorry to be the bearer of bad news. Tony - Original Message - From: Hamid To: Sent: Wednesday, August 22, 2001 1:28 AM Subject: Problem Using external routers to route between VLANs [7:16781] Hi group, I was wondering if it is A MUST for the external routers's interface to be a 100Mb interface, is it possible to do the InterVlan routing on an ethernet port (10Mb) on a 2600 router? I tried to setup a simple scenario with my 2600 router in my home lab, setting the port connected to the 2600 router to TRUNK mode with isl encapsulation , and allowing all vlans. But when I tried to confgure the router's sub-interfaces I the following errors: Router3(config)#int ethernet 0/0.2 Router3(config-subif)#ip address 10.10.2.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. The other problem was that inthe SUBIF configuration mode I didn't have the ENCAPSULATION command available. Bellow is the output of the show version command: Router3#sh ver Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 17:11 by pwade Image text-base: 0x80008088, data-base: 0x809C818C ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router3 uptime is 6 hours, 3 minutes System returned to ROM by reload System image file is flash:c2600-io3-mz.122-3.bin cisco 2610 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory. Processor board ID JAD04390FCB (93659888) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Any idea what the problem is? Thanx in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16841t=16841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16843t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What type console cable for Cisco 1003? [7:16844]
I have a 1003 router but without the console cable. I tryed to connect it with a rollover cable from a 2501 router but I failed. So what type of console cable I need for connect to the 1003 router. I don't know the IP address and I need to assign one. TIA Romeo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16844t=16844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Able to Traceroute but Unable to ping to IPs [7:16847]
Hai, Can anyone please response, I am facing following problem with the following IPs. I am able to traceroute to that IPs, but unable to ping. At the same time Mail and web servers on that IPs are also not accessible. Can any body suggest solution for this.. IPs : 202.65.134.161, 162,168 I am tryig to analyse a problem that is existing in my network. I have a link with PPP on WAN, Till four days back everything working fine. The problem started four days back, the problem is I am able to traceroute the IPs, but unable to ping to that network. I didn't restricted ICMP on end user. What could be the problem, Does any one had this kind of problem? Thanks in Advance, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16847t=16847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Quick CCIE Written Question [7:16797]
You are right and I was wrong. OSPF /28 would be correct in this case. My apologies, Ednilson Rosa - Original Message - From: John Neiberger To: Sent: Wednesday, August 22, 2001 1:37 PM Subject: RE: Quick CCIE Written Question [7:16797] Assume the following prefixes available in your routing table (taken from original example): 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static All three would be entered into the table since they have different mask lengths. If a packet destined for 10.1.1.1 were to hit the router, which route would it choose? The /28 would be used because it is the matching prefix with the longest mask length. To the person who contends that the /26 would be chosen, can you explain your reasoning? Regards, John Fomes Iain 8/22/01 10:10:13 AM The most specific route- mask wise. Easy peasy lemon squeezy. Ask me another Bamber. -Original Message- From: Teresa Presutto [SMTP:[EMAIL PROTECTED]] Sent: 22 August 2001 16:50 To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] I bet 1$ on the static /26 Teresa - Original Message - From: Peter Slow To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 5:16 PM Subject: RE: Quick CCIE Written Question [7:16797] you're wrong. the /28 will be chosen. -humboldt -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:51 AM To: [EMAIL PROTECTED] Subject: Re: Quick CCIE Written Question [7:16797] In this case, if you want to communicate with the host 10.1.1.1, for instance, the route chosen will be the static... Regards, Ednilson Rosa - Original Message - From: Wright, Jeremy To: Sent: Wednesday, August 22, 2001 11:17 AM Subject: RE: Quick CCIE Written Question [7:16797] So for example, if you have the following 10.1.1.0/28 OSPF 10.1.0.0/24 EIGRP 10.1.1.0/26 Static Which route will be chosen? Thanks for the help. -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 8:32 AM To: 'Wright, Jeremy'; [EMAIL PROTECTED] Subject: RE: Quick CCIE Written Question [7:16797] In a nut shell yes and no. i.e. Admin distance is the winner by means that the lower the admin distance the better, so a route learned from EIGRP will get into the routing table despite having a longer match route which was learned from say OSPF. BUT if you have two routes learned from the same admin distance then the longest match ALWAYS wins. Basically once the route is in the routing table then the longest match is the outmost winner. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 14:19 To: [EMAIL PROTECTED] Subject: Quick CCIE Written Question [7:16797] Does the longest match rule always override administrative distance?? [EMAIL PROTECTED] * DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16845t=16797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP problems on bridged WAN over Frame Relay [7:16834]
I was already in the middle of doing so - sorry for not thinking of that before posting the message. I am able to ping RouterC from my Win98, but I cannot ping any futher than that, so something is not being switched between interfaces I guess. However, as it many times goes when you have to explain the problem and show the config, you happen to see the problem yourself, and that's exactly what I did here. I had on the FE interface of RouterC forgotten to type the bridge-group command, so that interface was not a member of the bridging environment. I have now just removed the static IP and rebooted the PC, and it got a good dynamic IP this time from the DHCP server. Thanks, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Jim Brown [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:33 AM To: 'Ole Drews Jensen' Subject: RE: DHCP problems on bridged WAN over Frame Relay [7:16834] I would suggest adding an address to the workstation in the 10.0.0.0/8 network and see if it can ping the server across the bridges as test to make sure the bridging is actually working end-to-end. I would also check and make sure you have the bridge irb command or ip routing turned off on the routers. Could you post the pertinent router configs? -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:27 AM To: [EMAIL PROTECTED] Subject: DHCP problems on bridged WAN over Frame Relay [7:16834] I cannot find help for this in my CIT book nor at Cisco's website, so I would kindly ask for your assistance here. I have three routers and two computers. WinNT---RouterB---RouterA---RouterC---Win98 RouterA is setup to act as a Frame Relay Switch. RouterB and RouterC are each connected to RouterA. The PVC between RouterB and RouterC is working great, and they are setup as a bridged WAN, so the LAN that RouterB is connected to is also the LAN that Router C is serving. I have on the LAN (10.0.0.0/8) connected to RouterB an NT 4.0 Server (10.1.1.1) with DHCP running on it. I can ping this server from RouterB and RouterC. I have on RouterB and RouterC typed in the following ip dhcp server 10.1.1.1 ip dhcp relay information option On RouterC's LAN (10.0.0.0/8) I have connected a Windows 98 workstation and specified it to get it's IP information from a DHCP server - however, it cannot find any. What am I missing here? Thanks in advance, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16846t=16834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A new networking term - thoughts? [7:16668]
At 11:59 PM 8/21/01, Tony Medeiros wrote: I always thought split horizon was a non intuitive term anyway. iBGP or whatever. Some engineers come up with the strangest names for things. Split horizon implys there is a big tree that is obstructing my view of the sunset. :0 Is it a spanning tree? ;-) I like the term split horizon and agree with the idea of using it generically. I encourage the generic use of most terms so that people think about what they really mean. See a discussion we had earlier about distance vector, for example. For spanning tree, I like the way Radia Perlman puts it: The purpose of the spanning tree algorithm is to have bridges dynamically discover a subset of the topology that is loop-free (a tree) and yet has enough connectivity so that where physically possible, there is a path between every pair of LANs (the tree is spanning). I'm not sure I had ever thought about why the word spanning is in the phrase. And I would add to her description: A tree is a mathematical concept. A tree is a diagram or graph that branches from a single stem without forming loops or polygons. A lot of people learn these terms without understanding them. And, back to the subject, I think split horizon can be used in this situation, even though it's a bit different and the horizons aren't quite the same. Priscilla (wishing she was looking over the Hawaiian horizon about now. ;-) Tony M. (Split personnality) - Original Message - From: Chuck Larrieu To: Sent: Tuesday, August 21, 2001 8:13 PM Subject: RE: A new networking term - thoughts? [7:16668] I thought I was fairly careful in stating that with iBGP split-horizon, an iBGP router will not advertise a route to the same AS from which it receives the route. This covers the interface issue. Chuck whose mama didn't raise no fool, and whose lawyer wife has taught him the hard way about wording things ;- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Tuesday, August 21, 2001 8:52 AM To: [EMAIL PROTECTED] Subject: RE: A new networking term - thoughts? [7:16668] Chuck, I think there's a difference here. Split Horizon as you say, does not advertise a route back out the interface that it received it on, but the iBGP does not only not propagate a route learned from other iBGP out the receiving interface, but it does not propagate it out any interfaces unless it has been setup as a cluster server. If you would name this, it would probably be something like iBGP horizon :-) Just my 0010 cents. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 10:29 AM To: [EMAIL PROTECTED] Subject: A new networking term - thoughts? [7:16668] As a result of an off-list conversation, I came across the following networking term: iBGP split horizon my first reaction was a sarcastic remark about never having come across the term in the RFC's. but then I got to thinking about it, and I now see this as a descriptive and quite useful term. recall that distance vector protocols are subject to the rule of split horizon. they do not advertise a route back out the interface that they received that particular route. one of the gotchas of iBGP is the fact that iBGP routers do not propagate routes learned from one iBGP neighbor to other iBGP neighbors. hence the requirement for iBGP full mesh. so why not call this iBGP split horizon? and define it as follows: an iBGP router will not advertise a route back out the same AS from which it learned the route? does this make sense? worth letting this one join the lexicon of networking terminology? Chuck Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16851t=16668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DHCP problems on bridged WAN over Frame Relay [7:16834]
I will try that right away Peter, hold on. .GREAT! - It worked. I have never before dealt with the DHCP nor bridged WAN on Cisco routers, so that was a pleasant little experience, and I am now a little smarter :-) Thanks again Peter, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:57 AM To: [EMAIL PROTECTED] Subject: RE: DHCP problems on bridged WAN over Frame Relay [7:16834] btw, i think you should remove any configuratio you have on the routers pertaining to DHCP. you dont need them. we are BRIDGED =) helper addresses and the like are for routed stuff, we dont want that here. have you tried this config without any dhcp stuff on the routers? ...this is what i would recomend. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 12:27 PM To: [EMAIL PROTECTED] Subject: DHCP problems on bridged WAN over Frame Relay [7:16834] I cannot find help for this in my CIT book nor at Cisco's website, so I would kindly ask for your assistance here. I have three routers and two computers. WinNT---RouterB---RouterA---RouterC---Win98 RouterA is setup to act as a Frame Relay Switch. RouterB and RouterC are each connected to RouterA. The PVC between RouterB and RouterC is working great, and they are setup as a bridged WAN, so the LAN that RouterB is connected to is also the LAN that Router C is serving. I have on the LAN (10.0.0.0/8) connected to RouterB an NT 4.0 Server (10.1.1.1) with DHCP running on it. I can ping this server from RouterB and RouterC. I have on RouterB and RouterC typed in the following ip dhcp server 10.1.1.1 ip dhcp relay information option On RouterC's LAN (10.0.0.0/8) I have connected a Windows 98 workstation and specified it to get it's IP information from a DHCP server - however, it cannot find any. What am I missing here? Thanks in advance, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16848t=16834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
Uh, I think you meant UDP ports!!! If you are going to get on peoples cases for being wrong, at least try and be correct ;) No offense of course :) -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:08 PM To: [EMAIL PROTECTED] Subject: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843] an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16850t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What type console cable for Cisco 1003? [7:16844]
Please check here http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/1000ig/1003_d oc/78907.htm#xtocid736213 Romeo wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a 1003 router but without the console cable. I tryed to connect it with a rollover cable from a 2501 router but I failed. So what type of console cable I need for connect to the 1003 router. I don't know the IP address and I need to assign one. TIA Romeo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16849t=16844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SE Practice Lab v1.0GG [7:16852]
Does anyone have the solution for this lab? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16852t=16852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Netbeyond Etherswitch 1220 [7:16788]
I have one of those switches and I have upgraded it to the lastest version of enterprise firmware. It is menu based with no option for a CLI. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16854t=16788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: incorrect TCP checksum [7:16776]
Is this an academic question or are you actually seeing TCP checksum errors? I have never seen a TCP checksum error, so I wondered. Well, I have seen them when people change the data in Sniffer traces without recalculating the checksum, but that's not real world. In answer to your question, TCP checksum errors would have to be a software bug, or possibly firmware bug if TCP were implemented in firmware. If the frame gets damaged in transit, it gets trashed by the recipient because the data-link-layer CRC isn't right. If the routing process or IP implementation trashes the frame, then the IP checksum won't be right and TCP trashes the frame. If the frame gets all the way to TCP and ends up with a checksum error, then software at the TCP layer damaged it. I think your real question might be what is causing TCP retransmissions? TCP transmissions can result from errors at any layer that caused a frame or an acknowledgement to not reach the intended recipient. TCP retransmissions are much more likely to result from the following potential errors than from a TCP checksum error: Frames getting damaged in transit and getting trashed Issue a show int and check reliability and CRC error rates If Ethernet, check for excessive collisions, duplex mismatch problems Routers or switches dropping frames due to buffer overflows Issue a show int and check for dropped frames Issue a show buffer and check for problems Frames getting dropped by service provider If frame relay, check that you aren't going above your CIR There's probably a bunch of other reasons. I recommend the various Cisco Internetwork Troubleshooting books. The Cisco Press one is very good. One other thought: a few retransmissions are normal. You might want to check the percentage. I hesitate to give a threshold, but if it's just a few percent of your frames getting retransmitted, don't worry about it. Are users noticing a problem? That's the bottom line. Priscilla At 03:30 AM 8/22/01, Anatoly Shein wrote: Hi According to my knowledge incorrect TCP check sum cause to TCP retransmissions. What could be reason for incorrect TCP checksum? As I understand it could be problem in one of the router/proxy probably switch. And intuitively I think that problem should be wherever in OS. Can you give me any suggestion about detection of the fault machine or source to find more info about this problem. Suggestions I mean something more constructive than putting sniffers on each leg of the device and look for TCP checksum errors. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16853t=16776 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Promiscous interface and remote users [7:16734]
The issue isn't someone coming in the promiscuous interface. The issue is a hacker compromising the machine by getting in another interface and discovering that there is sniffer software on the machine. You have made the hacker's job really easy. Of course, a good hacker would be able to install sniffer software on a compromised machine anyway. Priscilla -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:04 PM To: [EMAIL PROTECTED] Subject: Re: Promiscous interface and remote users [7:16734] If it is truely in promiscuos mode, there should not be any problem. You can test this by pinging the ip address. (It should not respond) alot of drivers do not allow for full promiscuity however. Remember it's not the app that talks to the nic, it's the driver. Some companies do offer promiscuous drivers however if yours does not. NAI also has their own drivers built for specific nics. (of course you ahve to use they're product to take advantage) These drivers are advanced prmiscuous drivers that allow you to see runts and the like across the wire. But if you are willing to take a server down by putting it's nic in promiscuous mode, why not just unbind IP from that interface? -Patrick Subba Rao 08/21/01 05:39PM Hi, We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet interfaces on both the systems in promiscuous mode. Currently we are not worried about any local users on the system. Are there any threats from remote users on the promiscuous interface, on either system? When I say remote users, I am talking about John Doe on our network who has no business with either of these system. John Doe could be on Internet as well but has no user accounts on these systems. Would he get any vulnerable information from the sniffer interfaces on either system? Thank you in advance for any info. -- Subba Rao [EMAIL PROTECTED] http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16855t=16734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The choice of default-network [7:16777]
Hi, If all 5 default networks are reachable from your router, then, all five will be considered as candidate defaults (will be marked with * in RT). However, only one of five will be chosen as a gateway of last resort. The choice is based on a comparison of administrative distances: the route with the lowest AD will be chosen (hence, in some cases you may influence that if necessary). If case of equal ADs, the network listed first in the RT is chosen as a gateway (don't know why, but it is so, I checked this. I'd prefer a choice based on route metrics, but...). There is also a special case when both ip default-network and ip route 0.0.0.0 0.0.0.0 are configured. The choice again depends on AD (e.g., if ip route 0.0.0.0 is configured as a static route it will be preferred). Finally, if multiple ip route 0.0.0.0 0 0.0.0.0 are configured, then (and only then) the traffic will be load-balanced between multiple routes. I remember I read a document at CCO on that, but cannot locate it right now. Cheers, Alex = Vijendra Jaiswal escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone pls tell me on what basis the entry of one of the default-network given in the configuration , is made in the routing table FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
Does the IEEE get it wrong? Check IEEE 802.1D, the bridging standard. It uses ports for the physical interfaces on a bridge (switch). Priscilla At 01:08 PM 8/22/01, Peter Slow wrote: an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16857t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP on Ethernet interface [7:16746]
I feel your pain, but keep this all in perspective. You will ultimately be able to get some form of high speed data over cable access. Where I live here in the PRNV( People's Republik of Northern Virginia), I am within 20 miles of five of the world's largest ISPs. The best access I can get is a 56k dialup line. //RANT OVER// Now, regarding the less than tactful engineer who is trying desperately hard not to help you, it would appear that he is in over his head. It may be useful to do a little troubleshooting on your own. For example, you are given a reasonable indication that this cable operator favors using the low end addresses for a gateway on a particular segment. The issue is what segment are you actually on? Give the scope information you provided, here are some of the possibilities: 24.65.134.1 to 24.65.135.254 (assume 24.65.134.1 is the gateway). From your router, you will need to temporarily go back to hard coded IP addresses. Set your IP address to 24.65.134.40 and a subnet mask of 255.255.254.0 and see if you can reach your gateway(I can from my house - if it's yours). If the answer is yes, you can reach it as well, then this can be communicated to the fine staff at your local cable operator. If OTOH, you cannot reach that gateway, you are probably on another IP subnet. The logical next choice would definitely be to try and reach 24.65.142.1. The problem is that your IP addr is not from that subnet. As much as I hate to suggest this, go ahead and hard code on your router an IP addr from the subnet this gateway is from(choices are 24.65.142.2 through 24.65.143.254) I would probably go with a high value near the end of the range (say 24.65.143.241). See if you are now able to reach the gateway. One of these two methods will work (most likely the first method). Once you are clear exactly what subnet you are on, I suspect you could probably hard code the values in your router until somebody that has a brain can fix the DHCP server. Additionally, you will also need to track down the other DHCP options that are handed out. When I tested this a little while back, I believe that the DHCP client on the router did not necessarily accept all options that were passed from the DHCP server. Probably the most important ones you will need are the DNS servers. Once you have the correct info, you then will have all the necessary parameters to program your DHCP server on your private network for the hosts in your home. There is one other tactic you may want to use as well. If push comes to shove and they absolutely refuse to deal with you and your cisco router, then go to one of your PCs and get the MAC address from the NIC card. Go to the router interface facing the cable modem and enter the following command on that interface: router(config)#int e0 router(config-if)#mac-address (your PC's MAC addr) router(config-if)#shut router(config-if)#no shut router(config-if)#end When they call back and attempt to troubleshoot, play along with them. When they tell you to look at winipcfg, you know where to go on your router to get the info that you need. Sometimes, you need to get into the head of the person you are dealing with and put it in terms they can understand. Hang in there :-) Let us know if you achieve victory. v/r, Paul Werner Well, I've found the IOS that runs DHCP client, and I've found the command. I've just spent the past 4 hours trying to resolve why I'm getting encapsulation failure messages after the DHCP Offer is made from the service provider (Shaw @ Home) and have discovered the following: My IP Address: 24.65.134.40 Subnet Mask: 255.255.254.0 Gateway: 24.65.142.1 Anyone see a problem? If you do, then you're one up on Shaw Cable's technical support. They won't look at the problem because it's a Cisco router at the other end--an unsupported device. But the device isn't the problem--their scope configuration is. No, I can't get any information on who it is that I'm speaking with other than his name is Darren. No, I can't speak to a supervisor. And no, I can't continue talking either because I've just been hung up on. What excellent customer service. Just what exactly is technical support for? So if anyone out there knows anyone at Shaw, they might want to mention their problem to them. And no, I'm not just talking about their interpersonal skills. So thanks to everyone who tried to help me get this going... Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16858t=16746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
Well, I see the terminology police are at it again Peter Slow wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16860t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
Yipes! Yer right! I meant UDP! No offense taken, and in my opinion nothing said on this news grop should be taken personally unless explicity stated that doing so should be done. (huh?) -humboldt -Original Message- From: Marshal Schoener [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:28 PM To: [EMAIL PROTECTED] Subject: RE: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843] Uh, I think you meant UDP ports!!! If you are going to get on peoples cases for being wrong, at least try and be correct ;) No offense of course :) -Original Message- From: Peter Slow [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:08 PM To: [EMAIL PROTECTED] Subject: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843] an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16859t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Promiscous interface and remote users [7:16734]
Discovering a sniffer on the machine? upon root compromise I can assure you tcpdump will be there regardless... :) And on the NT machine, netcat. Hell if it's NT and sitting on the internet, it probably already has netcat on it... :) to original poster: To unbind ip from the nt machine, simply remove the ip address on the adapter through network neighborhood. -Patrick Priscilla Oppenheimer 08/22/01 01:55PM The issue isn't someone coming in the promiscuous interface. The issue is a hacker compromising the machine by getting in another interface and discovering that there is sniffer software on the machine. You have made the hacker's job really easy. Of course, a good hacker would be able to install sniffer software on a compromised machine anyway. Priscilla -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:04 PM To: [EMAIL PROTECTED] Subject: Re: Promiscous interface and remote users [7:16734] If it is truely in promiscuos mode, there should not be any problem. You can test this by pinging the ip address. (It should not respond) alot of drivers do not allow for full promiscuity however. Remember it's not the app that talks to the nic, it's the driver. Some companies do offer promiscuous drivers however if yours does not. NAI also has their own drivers built for specific nics. (of course you ahve to use they're product to take advantage) These drivers are advanced prmiscuous drivers that allow you to see runts and the like across the wire. But if you are willing to take a server down by putting it's nic in promiscuous mode, why not just unbind IP from that interface? -Patrick Subba Rao 08/21/01 05:39PM Hi, We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet interfaces on both the systems in promiscuous mode. Currently we are not worried about any local users on the system. Are there any threats from remote users on the promiscuous interface, on either system? When I say remote users, I am talking about John Doe on our network who has no business with either of these system. John Doe could be on Internet as well but has no user accounts on these systems. Would he get any vulnerable information from the sniffer interfaces on either system? Thank you in advance for any info. -- Subba Rao [EMAIL PROTECTED] http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16861t=16734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Promiscous interface and remote users [7:16734]
if you guys would just stop using hubs and non-unicast mac-addresses, we'd all be fine =) -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:56 PM To: [EMAIL PROTECTED] Subject: RE: Promiscous interface and remote users [7:16734] The issue isn't someone coming in the promiscuous interface. The issue is a hacker compromising the machine by getting in another interface and discovering that there is sniffer software on the machine. You have made the hacker's job really easy. Of course, a good hacker would be able to install sniffer software on a compromised machine anyway. Priscilla -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:04 PM To: [EMAIL PROTECTED] Subject: Re: Promiscous interface and remote users [7:16734] If it is truely in promiscuos mode, there should not be any problem. You can test this by pinging the ip address. (It should not respond) alot of drivers do not allow for full promiscuity however. Remember it's not the app that talks to the nic, it's the driver. Some companies do offer promiscuous drivers however if yours does not. NAI also has their own drivers built for specific nics. (of course you ahve to use they're product to take advantage) These drivers are advanced prmiscuous drivers that allow you to see runts and the like across the wire. But if you are willing to take a server down by putting it's nic in promiscuous mode, why not just unbind IP from that interface? -Patrick Subba Rao 08/21/01 05:39PM Hi, We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet interfaces on both the systems in promiscuous mode. Currently we are not worried about any local users on the system. Are there any threats from remote users on the promiscuous interface, on either system? When I say remote users, I am talking about John Doe on our network who has no business with either of these system. John Doe could be on Internet as well but has no user accounts on these systems. Would he get any vulnerable information from the sniffer interfaces on either system? Thank you in advance for any info. -- Subba Rao [EMAIL PROTECTED] http://members.home.net/subba9/ GPG public key ID CCB7344E Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16863t=16734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What type console cable for Cisco 1003? [7:16844]
A rollover cable should work! Maybe you have a defective router. Ednilson Rosa - Original Message - From: Romeo To: Sent: Wednesday, August 22, 2001 2:09 PM Subject: What type console cable for Cisco 1003? [7:16844] I have a 1003 router but without the console cable. I tryed to connect it with a rollover cable from a 2501 router but I failed. So what type of console cable I need for connect to the 1003 router. I don't know the IP address and I need to assign one. TIA Romeo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16862t=16844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Command to route directly to host [7:16820]
or an interface on a switch a hole in a ship :) - Original Message - From: Peter Slow To: Sent: Wednesday, August 22, 2001 8:57 AM Subject: RE: Command to route directly to host [7:16820] you meant a router INTERFACE. a port is a tcp or udp port. -Original Message- From: Leonardo Toco [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:23 AM To: [EMAIL PROTECTED] Subject: Command to route directly to host [7:16820] Hi, I need your help !!! I need to set a router to route all the incoming in a determined serial to a specific host and not to a router port, this host is a proxy and all the packets should go there. Maybe there is a simple command but I really dont know. Can you guys helpme ? Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16864t=16820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Secure ID for Routers [7:16865]
Greetings all, I want to test secure ID to implement on our routers, any of you guys prefer certain product? I also want to use the hardware version of secure ID (little credit card look alike). Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16865t=16865 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Able to Traceroute but Unable to ping to IPs [7:16847]
Did Anyone faced the following problem anytime? Hai, Can anyone please response, I am facing following problem with the following IPs. I am able to traceroute to that IPs, but unable to ping. At the same time Mail and web servers on that IPs are also not accessible. Can any body suggest solution for this.. IPs : 202.65.134.161, 162,168 I am tryig to analyse a problem that is existing in my network. I have a link with PPP on WAN, Till four days back everything working fine. The problem started four days back, the problem is I am able to traceroute the IPs, but unable to ping to that network. I didn't restricted ICMP on end user. What could be the problem, Does any one had this kind of problem? Thanks in Advance, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16866t=16847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
Then why are they called port adapters you know slot/adapter/port serial 0/1/2 would be in the first slot second adapter third port that is where i would interface my cable coming from the dsu 30 minutes to the big seat - the written 8 months to the big stand - the lab and there i go goofing around on this list - Original Message - From: Peter Slow To: Sent: Wednesday, August 22, 2001 10:08 AM Subject: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843] an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16867t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
YES! Yes they do! So does juniper in all of their manuals. and in their configs as well. they are wrong also! We must keep these evil minions at bay. All! Join me! -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 2:02 PM To: [EMAIL PROTECTED] Subject: Re: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843] Does the IEEE get it wrong? Check IEEE 802.1D, the bridging standard. It uses ports for the physical interfaces on a bridge (switch). Priscilla At 01:08 PM 8/22/01, Peter Slow wrote: an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16869t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Able to Traceroute but Unable to ping to IPs [7:16847]
Sounds like firewall issues... high icmp ports might be open, whereas low are not and smtp and web are not... maybe all low ip service ports are being blocked and all highs are being allowed from some freaky ACL Try removing all acl's and start from ground zero. -Patrick Kiran Kumar M 08/22/01 02:33PM Did Anyone faced the following problem anytime? Hai, Can anyone please response, I am facing following problem with the following IPs. I am able to traceroute to that IPs, but unable to ping. At the same time Mail and web servers on that IPs are also not accessible. Can any body suggest solution for this.. IPs : 202.65.134.161, 162,168 I am tryig to analyse a problem that is existing in my network. I have a link with PPP on WAN, Till four days back everything working fine. The problem started four days back, the problem is I am able to traceroute the IPs, but unable to ping to that network. I didn't restricted ICMP on end user. What could be the problem, Does any one had this kind of problem? Thanks in Advance, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16868t=16847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
What would you consider interface s0.100 to be? Seems pretty logical to me. I think you'll find that both the terms interface and port have context sensitive meanings. If you've ever configured a 3Com netbuilder you'll be even more convinced of this. I missed the rest of the thread, but I don't see how using a term one way or another makes one a dork even though I believe strongly in technical accuracy. Nor do I see how inferring that people are spineless dorks contributes positively to the learning process. Pete *** REPLY SEPARATOR *** On 8/22/2001 at 1:08 PM Peter Slow wrote: an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16870t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A new networking term - thoughts? [7:16668]
Since we are talking about new networking terms you coined one the other day Priscilla. It was in the splitting the group string. You described people coming on this list, asking horribly worded questions, that were probably quickly brain-dumped to a palm pilot then regurgitated here. This is after a booming failure. So that is a new networking/list term. Palm-Pilot English. And the coin is yours. Don P.S. That busted me up!! - Original Message - From: Priscilla Oppenheimer To: Sent: Wednesday, August 22, 2001 10:29 AM Subject: Re: A new networking term - thoughts? [7:16668] At 11:59 PM 8/21/01, Tony Medeiros wrote: I always thought split horizon was a non intuitive term anyway. iBGP or whatever. Some engineers come up with the strangest names for things. Split horizon implys there is a big tree that is obstructing my view of the sunset. :0 Is it a spanning tree? ;-) I like the term split horizon and agree with the idea of using it generically. I encourage the generic use of most terms so that people think about what they really mean. See a discussion we had earlier about distance vector, for example. For spanning tree, I like the way Radia Perlman puts it: The purpose of the spanning tree algorithm is to have bridges dynamically discover a subset of the topology that is loop-free (a tree) and yet has enough connectivity so that where physically possible, there is a path between every pair of LANs (the tree is spanning). I'm not sure I had ever thought about why the word spanning is in the phrase. And I would add to her description: A tree is a mathematical concept. A tree is a diagram or graph that branches from a single stem without forming loops or polygons. A lot of people learn these terms without understanding them. And, back to the subject, I think split horizon can be used in this situation, even though it's a bit different and the horizons aren't quite the same. Priscilla (wishing she was looking over the Hawaiian horizon about now. ;-) Tony M. (Split personnality) - Original Message - From: Chuck Larrieu To: Sent: Tuesday, August 21, 2001 8:13 PM Subject: RE: A new networking term - thoughts? [7:16668] I thought I was fairly careful in stating that with iBGP split-horizon, an iBGP router will not advertise a route to the same AS from which it receives the route. This covers the interface issue. Chuck whose mama didn't raise no fool, and whose lawyer wife has taught him the hard way about wording things ;- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Tuesday, August 21, 2001 8:52 AM To: [EMAIL PROTECTED] Subject: RE: A new networking term - thoughts? [7:16668] Chuck, I think there's a difference here. Split Horizon as you say, does not advertise a route back out the interface that it received it on, but the iBGP does not only not propagate a route learned from other iBGP out the receiving interface, but it does not propagate it out any interfaces unless it has been setup as a cluster server. If you would name this, it would probably be something like iBGP horizon :-) Just my 0010 cents. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 10:29 AM To: [EMAIL PROTECTED] Subject: A new networking term - thoughts? [7:16668] As a result of an off-list conversation, I came across the following networking term: iBGP split horizon my first reaction was a sarcastic remark about never having come across the term in the RFC's. but then I got to thinking about it, and I now see this as a descriptive and quite useful term. recall that distance vector protocols are subject to the rule of split horizon. they do not advertise a route back out the interface that they received that particular route. one of the gotchas of iBGP is the fact that iBGP routers do not propagate routes learned from one iBGP neighbor to other iBGP neighbors. hence the requirement for iBGP full mesh. so why not call this iBGP split horizon? and define it as follows: an iBGP router will not advertise a route back out the same AS from which it learned the route? does this make sense? worth letting this one join the lexicon of networking terminology? Chuck Priscilla Oppenheimer http://www.priscilla.com Message Posted at:
RE: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843]
Here's how I like to deal with questions like this: Will knowing the answer ever help you troubleshoot a problem? Oh, geez, I know what I've been doing wrong - I've been calling it a *port* when it's really an *interface*!! I'll have it up in a few seconds, sorry about that ;-) -Original Message- From: Peter Van Oene [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: Re: THEY ARE NOT PORTS THEY ARE INTERFACES! [7:16843] What would you consider interface s0.100 to be? Seems pretty logical to me. I think you'll find that both the terms interface and port have context sensitive meanings. If you've ever configured a 3Com netbuilder you'll be even more convinced of this. I missed the rest of the thread, but I don't see how using a term one way or another makes one a dork even though I believe strongly in technical accuracy. Nor do I see how inferring that people are spineless dorks contributes positively to the learning process. Pete *** REPLY SEPARATOR *** On 8/22/2001 at 1:08 PM Peter Slow wrote: an INTERFACE a thing, such as an ethernet or loopback interface. a port is a logical device, and NO a loopback does not count. i meant like tcp ports, usp ports, and the like. Stop being d0rks and copying everyone else who does it wrong, and dont be afraid to tell people to speak correctly! c3660#conf t Enter configuration commands, one per line. End with CNTL/Z. c3660(config)#port fastethernet 0/0 ^ % Invalid input detected at '^' marker. c3660(config)#interface fastethernet 0/0 c3660(config-if)#^Z c3660#SEE!? % Unrecognized command c3660#SEE! -humboldt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16872t=16843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Input errors and aborts... [7:16873]
I know some people have been getting upset about putting 'real world' problems on the list, so I apologize in advance to those people :) To make a long story short, I have 2 locations on the same NT domain... Both locations are connected by a T1 and 1600 routers. Everything was fine, until Friday when there was a power outage. Now, people in the remote location have a hard time logging into the domain, retrieving email, and getting resources from the main office with the servers... It isn't a constant problem, but more intermittent. The users can sometimes logon and get their email, but they can not connect to mapped drives in the other location at all. It is a point-to-point link using HDLC encapsulation. Everything seems fine on the router, except that the remote router has a lot of new 'Input errors' and 'aborts'... In fact, the exact same amount of each... If I clear the counters, these errors build up rather quickly. Any opinions on what this can be? Perhaps a local provider issue, or a hardware issue? Thanks a million in advance... PS. This is actually a topic on the support exam for CCNP, so it should be useful for everyone :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16873t=16873 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]