Re: rommon [7:17244]
Cheers! Hear Ye! Howard C. Berkowitz wrote: >This was the noblest rommon of them all, >All the configurators, save only it, >Did that they did in envy of great Cisco >He only, in a general-honest thought >And common good to all, made erase of them. >His life had parity, and the elements >So mix'd in him that IOS might stand up >And say to all the world, "This was a boot!" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17303&t=17244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Significance of new boot roms? [7:17237]
Thanks for the replies, what is the preferrred minimum version for 2500's? Symon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Sent: 25 August 2001 17:57 To: [EMAIL PROTECTED] Subject: Re: Significance of new boot roms? [7:17237] Also, newer boot roms, in many Cisco routers, including MC3810's, 2500's, etc allow you to utilize a more broader range of memory vendors, at least for flash. The older 2500 boot roms would handle only a limited scope of flash vendors. Brian On Sat, 25 Aug 2001, Tony Medeiros wrote: > They give better rmon software and a newer version of the boot IOS (boot > helper or "skinny IOS"). This allows you to load newer versions of regular > IOS. Certian newer versions of IOS won't load on older boot roms. > > Take care, > Tony M. > #6172 > > - Original Message - > From: "Symon Thurlow" > To: > Sent: Saturday, August 25, 2001 8:22 AM > Subject: Significance of new boot roms? [7:17237] > > > > HI all, > > > > Please excuse my ignorance, but what is the significance of new boot roms > in > > 2500 series routers? Is it to give you more functionality at rommon level? > > > > Cheers, > > > > Symon I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Netjam, LLC [EMAIL PROTECTED] http://www.netjam.net VISA/MC/AMEX/COD phone: 318-212-0245 30 day warranty fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17304&t=17237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list [7:17291] [7:17291]
If you match 202.157.78.0 with wildcard 0.0.0.127 the 7 last bits must be match , so they are all 0 bits. So the wildcard must me 0.0.0.128. rite ? --- phyrz wrote: > Try this: > > access-list 55 permit 202.157.78.0 0.0.0.127 > access-list 55 permit host 202.157.78.128 > line vty 0 4 > access-class 55 in > > -Original Message- > From: kaushalenders > [mailto:[EMAIL PROTECTED]] > Sent: Sunday, August 26, 2001 2:14 PM > To: [EMAIL PROTECTED] > Subject: access-list [7:17291] > > > hi , > hi i have made a access list to restrict telnet on > my router from other > network but when i implemented on vty it was no > working .Pls help > the acesslist wass > access-list 55 permit 202.157.78.0 0.0.0.128 > line vty 0 4 > access-class 55 in > > i just want that my 202.157.78.0 to 128 should be > able to telnet my router > none other than it will be allowed telnet my router > > thanx > kaushalender [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17305&t=17291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Transcender [7:17308]
Hi All, any body Have CCNP Transcender or at least the routing exam ? i can trade in i have trancender MCSE2000 ,and routerSim CCNA,routing,switching, ...etc regards Diana Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17308&t=17308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trade Lab Scenarios [7:17309]
Anyone wants to trade their lab scenarios with me? I have CCIE books spare to swap, Doyle, Caslow, Clark, Comer, Design etc. etc. I also have some spare Cisco equipment/cables, I may consider swapping for lab scenarios. I am based in London Thanks Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17309&t=17309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab exam - booked twice [7:17310]
Guys, Does anyone know whether one person can book the lab twice? ie. 1 for April, 1 for June, thus allowing him to cancel and get a refund on the second one if the first is failed. In this way, the year long wait would not need to be endured if I was to fail the first time around. -- Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 www.pioneer-computers.com London UK www.rashidl.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17310&t=17310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to detect source for attack [7:17095]
thank you You have been very helpful regards, suaveguru --- Tony Medeiros wrote: > With all due respect Farhan, If he uses "debug ip > packet detail" on a > production router, he WON'T be haveing a very nice > day. Good way to crash > the router. > > A better way is setup flow cache. > > (config-if) ip route-cache flow > # show ip cache flow > > This will show you source and dest. pair, and the > ports you looking for. > Tony M. > (Can't sleep) > > - Original Message - > From: "Farhan Ahmed" > To: > Sent: Friday, August 24, 2001 11:12 PM > Subject: RE: Unable to detect source for attack > [7:17095] > > > > command > > > > debug ip packet detail > > > > Best Regards > > > > Have A Good Day!! > > > > *** > > Farhan Ahmed* > > MCSE+I, MCP Win2k, CCDA, CCNA, CSE > > Network Engineer > > Mideast Data Systems Abudhabi Uae. > > > > *** > > > > > > > > Privileged/Confidential Information may be > contained in this message or > > Attachments hereto. Please advise immediately if > you or your employer do > > not consent to Internet email for messages of this > kind. Opinions, > > Conclusions and other information in this message > that do not relate to > the > > Official business of this company shall be > understood as neither given nor > > Endorsed by it. > > > > > > > -Original Message- > > > From: suaveguru [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, August 24, 2001 9:54 AM > > > To: [EMAIL PROTECTED] > > > Subject: Unable to detect source for attack > [7:17095] > > > > > > > > > hi all, > > > > > > I am not able to detect the type of an ip attack > on an > > > interface . All I can detect is the source and > > > destination ip addresees using ip accounting but > I > > > could not block the ip addresses because they > are all > > > in use . All I can do is to find out what kind > of > > > traffic is causing the attack for e.g. tcp, udp > , sync > > > etc. but what tools could I use? > > > > > > > > > regards, > > > suaveguru > > > > > > > __ > > > Do You Yahoo!? > > > Make international calls for as low as > $.04/minute with > > > Yahoo! Messenger > > > http://phonecard.yahoo.com/ > > > > [GroupStudy.com removed an attachment of type > application/octet-stream > which > > had a name of Farhan Ahmed.vcf] [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17311&t=17095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
problem with ftp server [7:17312]
Hola Michael! % 07:51:52 S PORT 200,42,140,240,12,24 % 07:51:53 R 200 Port command successful. % 07:51:53 S RETR drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 . % 07:51:53 R 150 Opening data connection for drw-rw-rw- 1 ftp ftp 0 Jul 22 01:23 .. % 07:51:54 R 501 Cannot RETR. Cannot open file /a2k/drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 . ? 07:51:54 Problem receiving drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 .. % 07:51:54 S SIZE drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 .. % 07:51:54 R 550 Command failed: File not found. % 07:51:54 S PORT 200,42,140,240,12,25 % 07:51:55 R 200 Port command successful. % 07:51:55 S RETR drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 .. % 07:51:55 R 150 Opening data connection for drw-rw-rw- 1 ftp ftp 0 Jul 22 01:23 ... % 07:51:56 R 501 Cannot RETR. Cannot open file /a2k/drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 .. ? 07:51:56 Problem receiving drw-rw-rw- 1 ftp ftp0 Jul 22 01:23 ... % 07:51:56 S SIZE -rw-rw-rw- 1 ftp ftp24875 Aug 20 08:03 EB6D000A.MO0 % 07:51:56 R 550 Command failed: File not found. % 07:51:56 S PORT 200,42,140,240,12,26 % 07:51:56 R 200 Port command successful. % 07:51:56 S RETR -rw-rw-rw- 1 ftp ftp24875 Aug 20 08:03 EB6D000A.MO0 % 07:51:57 R 150 Opening data connection for -rw-rw-rw- 1 ftp ftp 24875 Aug 20 08:03 EB6D000A.MO0. % 07:51:57 R 501 Cannot RETR. Cannot open file /a2k/-rw-rw-rw- 1 ftp ftp 24875 Aug 20 08:03 EB6D000A.MO0 ? 07:51:57 Problem receiving -rw-rw-rw- 1 ftp ftp24875 Aug 20 08:03 EB6D000A.MO0. % 07:51:57 S SIZE -rw-rw-rw- 1 ftp ftp83621 Aug 21 00:03 EB6D000A.MO1 % 07:51:58 R 550 Command failed: File not found. % 07:51:58 S PORT 200,42,140,240,12,27 % 07:51:58 R 200 Port command successful. % 07:51:58 S RETR -rw-rw-rw- 1 ftp ftp83621 Aug 21 00:03 EB6D000A.MO1 % 07:51:58 R 150 Opening data connection for -rw-rw-rw- 1 ftp ftp 83621 Aug 21 00:03 EB6D000A.MO1. % 07:51:59 R 501 Cannot RETR. Cannot open file /a2k/-rw-rw-rw- 1 ftp ftp 83621 Aug 21 00:03 EB6D000A.MO1 ? 07:51:59 Problem receiving -rw-rw-rw- 1 ftp ftp83621 Aug 21 00:03 EB6D000A.MO1. % 07:51:59 S SIZE -rw-rw-rw- 1 ftp ftp48028 Aug 22 00:03 EB6D000A.TU0 % 07:51:59 R 550 Command failed: File not found. % 07:51:59 S PORT 200,42,140,240,12,28 % 07:52:00 R 200 Port command successful. % 07:52:00 S RETR -rw-rw-rw- 1 ftp ftp48028 Aug 22 00:03 EB6D000A.TU0 % 07:52:00 R 150 Opening data connection for -rw-rw-rw- 1 ftp ftp 48028 Aug 22 00:03 EB6D000A.TU0. % 07:52:01 R 501 Cannot RETR. Cannot open file /a2k/-rw-rw-rw- 1 ftp ftp 48028 Aug 22 00:03 EB6D000A.TU0 ? 07:52:01 Problem receiving -rw-rw-rw- 1 ftp ftp48028 Aug 22 00:03 EB6D000A.TU0. % 07:52:01 S SIZE -rw-rw-rw- 1 ftp ftp50980 Aug 23 00:04 EB6D000A.WE0 % 07:52:01 R 550 Command failed: File not found. % 07:52:01 S PORT 200,42,140,240,12,29 % 07:52:01 R 200 Port command successful. % 07:52:01 S RETR -rw-rw-rw- 1 ftp ftp50980 Aug 23 00:04 EB6D000A.WE0 % 07:52:02 R 150 Opening data connection for -rw-rw-rw- 1 ftp ftp 50980 Aug 23 00:04 EB6D000A.WE0. % 07:52:02 R 501 Cannot RETR. Cannot open file /a2k/-rw-rw-rw- 1 ftp ftp 50980 Aug 23 00:04 EB6D000A.WE0 ? 07:52:02 Problem receiving -rw-rw-rw- 1 ftp ftp50980 Aug 23 00:04 EB6D000A.WE0. % 07:52:03 S SIZE -rw-rw-rw- 1 ftp ftp 2450 Aug 23 12:04 EB6D000A.TH0 % 07:52:03 R 550 Command failed: File not found. % 07:52:03 S PORT 200,42,140,240,12,30 % 07:52:03 R 200 Port command successful. % 07:52:03 S RETR -rw-rw-rw- 1 ftp ftp 2450 Aug 23 12:04 EB6D000A.TH0 % 07:52:04 R 150 Opening data connection for -rw-rw-rw- 1 ftp ftp 2450 Aug 23 12:04 EB6D000A.TH0. % 07:52:04 R 501 Cannot RETR. Cannot open file /a2k/-rw-rw-rw- 1 ftp ftp 2450 Aug 23 12:04 EB6D000A.TH0 ? 07:52:04 Problem receiving -rw-rw-rw- 1 ftp ftp 2450 Aug 23 12:04 EB6D000A.TH0. % 07:52:04 S SIZE -rw-rw-rw- 1 ftp ftp 218514 Aug 24 01:03 WORLDNET.ZIP % 07:52:05 R 550 Command failed: File not found. % 07:52:05 S PORT 200,42,140,240,12,31 % 07:52:05 R 200 Port command successful. % 07:52:05 S RETR -rw-rw-rw- 1 ftp ftp 218514 Aug 24 01:03 WORLDNET.ZIP % 07:52:05 R 150 Opening data connection for -rw-rw-rw- 1 ftp ftp 218514 Aug 24 01:03 WORLDNET.ZIP. % 07:52:06 R 501 Cannot RETR. Cannot open file /a2k/-rw-rw-rw- 1 ftp ftp 218514 Aug 24 01:03 WORLDNET.ZIP ? 07:52:06 Problem receiving -rw-rw-rw- 1 ftp ftp 218514 Aug 24 01:03 WORLDNET.ZIP. % 07:52:06 S SIZE -rw-rw-rw- 1 ftp ftp 638 Aug 24 01:03 TK627013.TIC % 07:52:06 R 550 Command failed: File not found. % 07:52:06 S PORT 200,42,140,240,12,32 % 07:52:07 R 200 Port command successful. % 07:52:07 S RETR -rw-rw-rw- 1 ftp
RE: IP in IP GRE tunneling [7:16833]
Hi, Thanks for your response. I've read most of the suggested document and have the following question. It seems that the advantage of GRE over IPsec tunnel is multicast support. This means we can use routing protocol e.g. ospf to connect 2 sites over the Internet. Then let these protocol to do the work of load balancing, redundancy, etc. Am I right ? But if the media is Frame Relay, then we already have some routing protocol running on it. Then I can't see what's the use of GRE ip in ip tunneling, except for config convenience or troubleshooting. Agree ? This topic is quite new to me. Hope you experienced guys can help. Thank you. Regards, YY -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Thursday, August 23, 2001 7:12 AM To: [EMAIL PROTECTED] Subject: Re: IP in IP GRE tunneling [7:16833] >From Cisco's TAC Support pages at http://www.cisco.com/public/support/tac/home.shtml click Technologies scroll down to Security click General Route Encapsulation click Implementation & Configuration scroll down until you find IPSec with Routing Protocols Using GRE Tunneling http://www.cisco.com/warp/public/707/ipsec_gre.html and Configuring Logical Interfaces (watch URL wrap) http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/f un_c/fcprt3/fclogint.htm CAUTION: watch out for MTU issues that arise from encapsulating IP into a GRE tunnel (Using the CCO TAC pages are an indispensible tool in configuring and troubleshooting routers) - Original Message - From: "Sam Deckert" To: Sent: Wednesday, August 22, 2001 2:19 PM Subject: Re: IP in IP GRE tunneling [7:16833] > Would you be able to post a sample config of GRE IP/IP tunnelling over the > Internet (with and without IPSec?)?? > > That would be great. Having a bit of trouble with it > > Thanks! > > Sam. > > - Original Message - > From: "Juliano Moises da Luz" > To: > Sent: Thursday, August 23, 2001 3:05 AM > Subject: RE: IP in IP GRE tunneling [7:16833] > > > > I think the main advantage is easy to configure and troubleshoot. We have > > all VPN links using GRE tunneling with and without IPSEC and it works > fine. > > > > -Original Message- > > From: YY [mailto:[EMAIL PROTECTED]] > > Sent: quarta-feira, 22 de agosto de 2001 13:23 > > To: [EMAIL PROTECTED] > > Subject: IP in IP GRE tunneling [7:16833] > > > > > > Hi, > > What's advantage or use of IP in IP GRE tunneling ? Thank you. > > > > Regards, > > YY _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17313&t=16833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT & CBAC COnfiguration ""HELP"" [7:17314]
Please help me to figure out this link contain :). I really like to know if somebody could tell me that some part written was wrong. Told me if I was wrong. http://www.cisco.com/warp/public/793/ios_fw/cbac4.html Thanks Hato _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17314&t=17314 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: console access to 2500 [7:17302]
Yes, you can do all of these: 1) To restrict access to the console you may set up a password. This password will appear encrypted on the configuration if you use the command "service password-encryption" on global config mode. But note that it is not a strong password (it may be broken by some utilities easily found on the Internet) and it's encrypted only on the config: on the console port it passes in clear text when you type it. 2) To prevent some people from using some commands, you may setup different usernames and passwords for them, instead of using only one password for all. Then you may setup access levels and personalize them as you want. An example follows: service password-encryption enable secret 5 $1$b1c/$92VTP65ehu8CHkcitiW4NBW. no enable password username abc privilege 5 password xyz username omer privilege 10 password 123 privilege exec level 10 enable privilege exec level 5 show configuration privilege exec level 5 show line con 0 login local line aux 0 login local line vty 0 4 login local In this example, only the user "omer" will be able to enter privileged exec mode, which is required to issue any copy command. User "abc" will be able to issue all non-privileged commands, plus the command "show configuration" which is the same as "show startup-config". Note that you must change the "password xvz" on the CON, AUX and VTY lines for "login local" to ensure that users will be authenticated by the rules you create. You must also use an "enable secret" and never an "enable password". The "enable password" doesn't use strong encryption and the user would be able to discover it even if it was encrypted by the "service password-encryption". I applied a configuration like this on a network where user "abc" should be able to audit router's configuration but with no right to change it. There's one last thing that you must keep in mind: anyone with physical access to the box and a medium knowledge about Cisco routers will be able to do a "password recover" and change everything you do! Hope this helps! Regards Ednilson Rosa - Original Message - From: "Omer Ehsan Dar" To: Sent: Sunday, August 26, 2001 4:18 AM Subject: console access to 2500 [7:17302] Hi all, Can you restrict console access to the router? Does it accept an encrypted password. Also can you prevent in some way people from using the copy run start command so that they cannot update the router config. Thanks Omer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17315&t=17302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID exam --How tough [7:17316]
Hi group, Am finally going for my CID examination on Saturday. Has any one written the exam lately? I heard that cisco is planning to change the course content. What is its diffulty level? I already have CCNA, CCDA and CCNP. I understand alot of people do fail this exam. AM using the Cisco Internetwork Design book by Matthew H. Birkner CCIE #3719, how good is this text? Do I need the appendix section of the book for the exam or it is just met for general knowledge? Sorry for being this inquisitive, feed me as mush as possible about this exam. regards. Oletu __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17316&t=17316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Could not ping 127.0.0.1 [7:17317]
Hi Group Have any one tried to ping the well known loopback address 127.0.0.1? I tried but I could not. I could ping the other ip interfaces on the router though. Any explanation is welcomed. Thanks Lw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17317&t=17317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Could not ping 127.0.0.1 [7:17317]
On Cisco routers you must explicitly assign a loopback interface. If you want it to be 127.0.0.1 you must do like this: conf t int loopback1 ip address 127.0.0.1 255.255.0.0 Then you will be able to ping yourself at this address. The automatic "well known" loopback is valid only for nic cards and other devices where you wouldn't be able to setup a loopback by other means. Regards, Ednilson Rosa - Original Message - From: "Lists Wizard" To: Sent: Sunday, August 26, 2001 11:19 AM Subject: Could not ping 127.0.0.1 [7:17317] Hi Group Have any one tried to ping the well known loopback address 127.0.0.1? I tried but I could not. I could ping the other ip interfaces on the router though. Any explanation is welcomed. Thanks Lw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17318&t=17317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
carrying 802.1q between switches over an IP tunnel [7:17319]
I have a need to connect two switches together with an IP tunnel that must be able to carry 802.1q frames. 24 E/FE ports on each switch is sufficient. What's the lowest device on the cisco device list that will support VLAN to end-devices and trunk 802.1q over an IP tunnel? Has anyone else done this, and if so, any issues? Thanks Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17319&t=17319 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: rommon [7:17244]
what with all the hurrahs and kudos, dare I ask: Rommon-o, oh Rommon-o, wherefore art thou Rommon-o? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Saturday, August 25, 2001 9:36 AM To: [EMAIL PROTECTED] Subject: rommon [7:17244] This was the noblest rommon of them all, All the configurators, save only it, Did that they did in envy of great Cisco He only, in a general-honest thought And common good to all, made erase of them. His life had parity, and the elements So mix'd in him that IOS might stand up And say to all the world, "This was a boot!" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17320&t=17244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab exam - booked twice [7:17310]
so far as I know, the system does not allow this to happen. there can be only one! with the current backlog, this remains a very god thing. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rashid Lohiya Sent: Sunday, August 26, 2001 2:50 AM To: [EMAIL PROTECTED] Subject: CCIE Lab exam - booked twice [7:17310] Guys, Does anyone know whether one person can book the lab twice? ie. 1 for April, 1 for June, thus allowing him to cancel and get a refund on the second one if the first is failed. In this way, the year long wait would not need to be endured if I was to fail the first time around. -- Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 www.pioneer-computers.com London UK www.rashidl.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17321&t=17310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Could not ping 127.0.0.1 [7:17317]
you cannot configure a Cisco interface with the reserved address 127.x.x.x MANAGER#conf t Enter configuration commands, one per line. End with CNTL/Z. MANAGER(config)#int loop 0 MANAGER(config-if)#ip addr 127.0.0.1 255.0.0.0 Not a valid host address - 127.0.0.1 MANAGER(config-if)# you can ping the 127.x.x.x from a PC host easily. I don't know the reason, and do not have time to research at the moment. I suspect that this is deliberate on Cisco's part. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ednilson Rosa Sent: Sunday, August 26, 2001 8:04 AM To: [EMAIL PROTECTED] Subject: Re: Could not ping 127.0.0.1 [7:17317] On Cisco routers you must explicitly assign a loopback interface. If you want it to be 127.0.0.1 you must do like this: conf t int loopback1 ip address 127.0.0.1 255.255.0.0 Then you will be able to ping yourself at this address. The automatic "well known" loopback is valid only for nic cards and other devices where you wouldn't be able to setup a loopback by other means. Regards, Ednilson Rosa - Original Message - From: "Lists Wizard" To: Sent: Sunday, August 26, 2001 11:19 AM Subject: Could not ping 127.0.0.1 [7:17317] Hi Group Have any one tried to ping the well known loopback address 127.0.0.1? I tried but I could not. I could ping the other ip interfaces on the router though. Any explanation is welcomed. Thanks Lw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17322&t=17317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with SRB/TB configuration [7:17323]
I'm working on a scenario ( end to end bridging ) and due to my equipment limitations, I am forced to do SRB/TB on one of my routers in order to test what I want to test. the token ring side does not want to communicate with the ethernet side. I have read through Cisco documentation on setting this up. ( not that the config guides are very detailed. ironically, the best advice I found in the config guide is "don't do this" :-> ) can't get from TR host to ethernet host. following are the relevant configurations and show outputs. can someone provide additional information? a working config? thanks Chuck -- no ip routing source-bridge enable-80d5 source-bridge ring-group 10 source-bridge transparent 10 2 1 1 no source-bridge transparent 10 fastswitch ! interface Serial0 no ip address encapsulation frame-relay no ip route-cache no fair-queue frame-relay map bridge 521 broadcast IETF frame-relay lmi-type cisco bridge-group 1 interface TokenRing0 no ip address no ip route-cache ring-speed 4 source-bridge 1 1 10 ! bridge 1 protocol ieee Bridge Group 1 is executing the IEEE compatible Spanning Tree protocol Bridge Identifier has priority 32768, address .30e2.22e4 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Times: hold 1, topology change 30, notification 30 hello 2, max age 20, forward delay 15, aging 300 Timers: hello 2, topology change 0, notification 0 Port 3 (Serial0 Frame Relay) of bridge group 1 is forwarding Port path cost 647, Port priority 128 Designated root has priority 32768, address .30e2.22e4 Designated bridge has priority 32768, address .30e2.22e4 Designated port is 3, path cost 0 Timers: message age 0, forward delay 0, hold 0 Port 8 (RingGroup10) of bridge group 1 is forwarding Port path cost 10, Port priority 0 Designated root has priority 32768, address .30e2.22e4 Designated bridge has priority 32768, address .30e2.22e4 Designated port is 8, path cost 0 Timers: message age 0, forward delay 0, hold 0 R5#sh source Local Interfaces: receive transmit srn bn trn r p s n max hops cnt cntdrops To01 1 10 * * b7 7 70 0 0 Global RSRB Parameters: TCP Queue Length maximum: 100 Ring Group 10: No TCP peername set, TCP transport disabled <<
RE: FR +OSPF Scenerio...CCBOOTCAMP LAB:3 [7:17117]
Chuck,Winston and All ... Thanks a lot for your replies.. Winston: Thanks a lot..Again ..Putting Multipoint at R1 for R4 solved my problem..:) Now I ab able to build OSPF+FR network without IP OSPF NETWORK Command.. Cheers.. Cisco Lover c >From: "Shaw, Winston Mr 5 SIG CMD" >Reply-To: "Shaw, Winston Mr 5 SIG CMD" >To: [EMAIL PROTECTED] >Subject: RE: FR +OSPF Scenerio...CCBOOTCAMP LAB:3 [7:17117] >Date: Sun, 26 Aug 2001 00:24:35 -0400 > >This is an interesting situation. You are not allowed to use the ip ospf >network command to change the network type ? Ok. Are you allowed to change >the ptp on R1 to multipoint ? No ? >The network type is a critical factor on whether full adjacency is >achieved. > >Frame map statements and ip ospf priority 0 statements on R2 and R3 in >conjunction with dcli and neigbor statements on R1 should take care of the >links between R1, R2 and R3. No ip ospf network command needed here. >The link between R1 and R4 will probably become two-way without achieving >full adjacency because the network types will always be different unless >you >are allowed to change it in some way. Is there a specific requirement to >keep R1's link to R4 as point-to-point ? If not this subinterface could be >changed to multipoint and OSPF should not have any problem with it. >Let us know if you find another solution. > >Winston(CCIE#7991). > >-Original Message- >From: Cisco Lover [mailto:[EMAIL PROTECTED]] >Sent: Saturday, August 25, 2001 2:13 AM >To: [EMAIL PROTECTED] >Subject: FR +OSPF Scenerio...CCBOOTCAMP LAB:3 [7:17117] > > >Hi Guys.. > >Facing some strange problem in OSPF.. >DO u know any condition if two routers become adjacent but still cant >exchange routes???What could be the reasons for it? > >In this Lab, We have 2 subinterfaces on R1.One multipoint subinterface is >connected to two routers R2 & R3 physical interfaces. >The other PtP subinterface on R1 is connected to R4 physical interface. >Now problem is that we are not allowed to use IP OSPF NETWORK COMMADN >on these interfaces in order to make the same network type. > >The problem I m facing is on R1 & R4 link.When I applied debug ip ospf,I >see Hello mismatch SO I match the Hello values on both sides .AFter that I >am able to see that R4 is now adjacent with R1 Point to point interface but >Still I cant see any route from R1 coming on R4 or vice versa.. > >Any Suggestion GUY; > >Thanks a lot > >_ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17307&t=17117 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Don't buy from IQSale Was Re: don't buy from C [7:17083]
I'm sure there is some small number of people that has no problem with the eqpt but this appear to be the exception rather than the case. ""Kelly D Griffin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > We purchased two routers from them and had no problems other than initial > communication. > > Kelly D Griffin, CCDA, CCNA > Network Engineer > Kg2 Network Design > http://kg2.com > 877.418.4025 Toll-Free > 501.418.4026 Fax > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Brad Ellis > Sent: Friday, August 24, 2001 7:12 PM > To: [EMAIL PROTECTED] > Subject: Re: Don't buy from IQSale Was Re: don't buy from C [7:17083] > > > IQSale is now known as Onesource. FYI > > It seems like there are quite a few unhappy customers out there. We were > (stopped using them about 6 mos ago) using them as one of our sources on > occasion and I can't say we ever had any problems with them. > > -Brad Ellis > CCIE#5796 > [EMAIL PROTECTED] > used Cisco: www.optsys.net > > ""Fanglo MA"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Agree! I also had such experience with IQSale. > > > > Fanglo > > ""Jason"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > And they probably thought that you didn't know what you are asking for > and > > > that they are doing you a favour by giving you a switch :-P > > > > > > What I would really tell everybody is not to buy from IQSale and > > Grandstore, > > > these guys are FRAUD !!! CHEATERS. So guys, remember, don't buy from > > IQSale > > > aka Grandstore aka HiTEK they also use different seller names in > eBay > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > http://kg2.com > 8Mb Flash for Cisco 2500 series routers for $47 > 16Mb DRAM for Cisco 2500 series routers for $24 > Back-to-Back cables starting at $24 > Octal cables for Cisco 2509 and 2511 for $28 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17306&t=17083 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to swap Lab dates [7:17324]
How can I swap my Lab date with a friend? Any problems with this? -- Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 www.pioneer-computers.com London UK www.rashidl.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17324&t=17324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with SRB/TB configuration [7:17323]
Chuck, It looks pretty good, I am assuming the other side is configured similar. I'd put "source-bridge spanning" under the to0, unless you have some reason for not doing so. Brian On Sun, 26 Aug 2001, Chuck Larrieu wrote: > I'm working on a scenario ( end to end bridging ) and due to my equipment > limitations, I am forced to do SRB/TB on one of my routers in order to test > what I want to test. > > the token ring side does not want to communicate with the ethernet side. > > I have read through Cisco documentation on setting this up. ( not that the > config guides are very detailed. ironically, the best advice I found in the > config guide is "don't do this" :-> ) > > can't get from TR host to ethernet host. > > following are the relevant configurations and show outputs. > > can someone provide additional information? a working config? > > thanks > > Chuck > > -- > > no ip routing > source-bridge enable-80d5 > source-bridge ring-group 10 > source-bridge transparent 10 2 1 1 > no source-bridge transparent 10 fastswitch > ! > interface Serial0 > no ip address > encapsulation frame-relay > no ip route-cache > no fair-queue > frame-relay map bridge 521 broadcast IETF > frame-relay lmi-type cisco > bridge-group 1 > > interface TokenRing0 > no ip address > no ip route-cache > ring-speed 4 > source-bridge 1 1 10 > ! > bridge 1 protocol ieee > > > Bridge Group 1 is executing the IEEE compatible Spanning Tree protocol > Bridge Identifier has priority 32768, address .30e2.22e4 > Configured hello time 2, max age 20, forward delay 15 > We are the root of the spanning tree > Topology change flag not set, detected flag not set > Times: hold 1, topology change 30, notification 30 > hello 2, max age 20, forward delay 15, aging 300 > Timers: hello 2, topology change 0, notification 0 > > Port 3 (Serial0 Frame Relay) of bridge group 1 is forwarding >Port path cost 647, Port priority 128 >Designated root has priority 32768, address .30e2.22e4 >Designated bridge has priority 32768, address .30e2.22e4 >Designated port is 3, path cost 0 >Timers: message age 0, forward delay 0, hold 0 > > Port 8 (RingGroup10) of bridge group 1 is forwarding >Port path cost 10, Port priority 0 >Designated root has priority 32768, address .30e2.22e4 >Designated bridge has priority 32768, address .30e2.22e4 >Designated port is 8, path cost 0 >Timers: message age 0, forward delay 0, hold 0 > > R5#sh source > > Local Interfaces: receive transmit > srn bn trn r p s n max hops cnt cntdrops > To01 1 10 * * b7 7 70 0 0 > > Global RSRB Parameters: > TCP Queue Length maximum: 100 > > Ring Group 10: > No TCP peername set, TCP transport disabled Maximum output TCP queue length, per peer: 100 > Rings: >bn: 1 rn: 1local ma: 4000.30e2.22e4 TokenRing0fwd: > 0bn: 1 rn: 2locvrt ma: 4000.0c47.4427 Bridge-group 1fwd: > 0<<==??? I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Netjam, LLC [EMAIL PROTECTED] http://www.netjam.net VISA/MC/AMEX/COD phone: 318-212-0245 30 day warranty fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17325&t=17323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vty [7:17327]
hi i have problem in my 3660 router .which is that my vty get full automatically by unkown ip and these ip differs every time .result is i am no able to telnet my router pls help me thanx kaushalenders Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17327&t=17327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay DLCIs [7:14717]
Range of numbers 0 - 1023. Reserved numbers: 0, 1005 - 1023. I have also heard that 992 to 1004 is reserved. So that would make valid range either 1 - 1004 or 1 - 991. "Through Complexity there is Simplicity, Through Simplicity there is Complexity" David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard ""Chuck Larrieu"" wrote in message news:[EMAIL PROTECTED]... > the DLCI field is a 10 bit field. so you should be able to figure out the > theoretical possibilities. > > the first and the last DLCI are reserved for LMI management > > the first usable end link DLCI is 16, and the last usable end link DLCI is > 1005 ( if memory serves ) > > all others are reserved for various tasks on the carrier side. > > just to throw a monkey wrench in here, there is an LMI extension that adds > several more bits to the DLCI field, making globally significant DLCI > assignments possible. anyone ever done this using the stratecom equipment or > any other vendor switching equip? > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Provost, Robert > Sent: Thursday, August 02, 2001 2:02 PM > To: [EMAIL PROTECTED] > Subject: Frame Relay DLCIs [7:14717] > > > What numbers can you use for DLCIs? I have always seen three digit DLCI > numbers. Can they be one digit? two? four? five? > > Thanks, > Rob Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17326&t=14717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab exam - booked twice [7:17310]
no double-booking allowed. That's from the CCIE web link. (Don't ask me for the URL.its easy to find!) Rob H NP,DP,...blah,blah,blah Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17328&t=17310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to swap Lab dates [7:17324]
In a message dated 8/26/01 11:30:38 AM Central Daylight Time, [EMAIL PROTECTED] writes: << Subj: How to swap Lab dates [7:17324] Date: 8/26/01 11:30:38 AM Central Daylight Time From: [EMAIL PROTECTED] (Rashid Lohiya) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (Rashid Lohiya) To:[EMAIL PROTECTED] How can I swap my Lab date with a friend? Any problems with this? -- Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 www.pioneer-computers.com London UK www.rashidl.co.uk You can use this forum to announce a request to trade with someone. 've seen it posted many times...also, you can work with the lab staff for the location of your choosing and see if they might be able to locate someone willing to trade. HTH, Rob H. NP,DP, blah,blah,blah! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17329&t=17324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Thanks! [7:15769]
CIT was easier for me than BSCN. "Through Complexity there is Simplicity, Through Simplicity there is Complexity" David L. Blair - CCNP, CCNA, MCSE, CBE, A+, 3Wizard ""Ole Drews Jensen"" wrote in message news:[EMAIL PROTECTED]... > Once again thanks to the members of this list who have directly and > indirectly helped me. > > I just passed the BSCN this morning with an okay score, and I will now open > my CIT book and see what kind of horrors pops out of the first chapter. > > Have a great weekend, > > Ole > > > Ole Drews Jensen > Systems Network Manager > CCNA, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > http://www.RouterChief.com > > NEED A JOB ??? > http://www.oledrews.com/job > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17330&t=15769 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Significance of new boot roms? [7:17237]
In a message dated 8/26/01 3:03:48 AM Central Daylight Time, [EMAIL PROTECTED] writes: They give better rmon software and a newer version of the boot IOS (boot > helper or "skinny IOS"). This allows you to load newer versions of regular > IOS. Certian newer versions of IOS won't load on older boot roms. > > Take care, > Tony M. > #6172 > > - Original Message - > From: "Symon Thurlow" > To: > Sent: Saturday, August 25, 2001 8:22 AM > Subject: Significance of new boot roms? [7:17237] > > > > HI all, > > > > Please excuse my ignorance, but what is the significance of new boot roms > in > > 2500 series routers? Is it to give you more functionality at rommon level? > > > > Cheers, > > > > Symon I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Netjam, LLC [EMAIL PROTECTED] http://www.netjam.net VISA/MC/AMEX/COD phone: 318-212-0245 30 day warranty fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17331&t=17237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to swap Lab dates [7:17324]
Thanks I got all my answers. Rashid "Rashid Lohiya" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > How can I swap my Lab date with a friend? > > Any problems with this? > > -- > Rashid Lohiya > [EMAIL PROTECTED] > 020 8509 2990 > 07785 362626 > www.pioneer-computers.com > London UK > > www.rashidl.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17332&t=17324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vty [7:17327]
Could you cut and paste the errors seen? More details? Until you figure what the problem is, a possible workaround would be to add an access list to your tty connection, limiting access to your own subnet or even only one IP address: router(config)#access-list 20 permit 192.168.1.0 0.0.0.255 router(config)#access-list 30 deny any router(config)#line vty 0 4 router(config-line)#access-class 20 in router(config-line)#access-class 30 out router(config-line)#password groupstudy router(config-line)#login Access list 20 allows only users on subnet 192.168.1.0 to telnet into the router and access list 30 keeps those who have sucessfully telnetted into your router from using the router to telnet out. kaushalenders wrote: > hi > i have problem in my 3660 router .which is that my vty get full > automatically by unkown ip and these ip differs every time .result is i am > no able to telnet my router > > pls help me > thanx > kaushalenders Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17333&t=17327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Exam Cram [7:17334]
Cisco added CCIE Exam Cram to the recommended reading list! http://www.cisco.com/warp/public/625/ccie/certifications/routing.html Rayappa. This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify us immediately. You should not copy it or use it for any purpose, nor disclose it's contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco International. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17334&t=17334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does access list work for router originated packets [7:17335]
Hi All , When I made standard access list I discoverd that it prevented packets originated form PC's and host but not packets originated from other routers.Any idea why this will happen. Best Regards , sami , __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17335&t=17335 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Could not ping 127.0.0.1 [7:17317]
Almost sure that one cannot assign an address on the 127 network to a cisco router. This address is reserved for special reasons. One of the reasons that come to mind is to test the TCP/IP stack on a workstation or Server. If pinging the 127.0.0.1 address is successful, you can be almost sure that the TCP/IP stack loaded properly. Now you could proceed to ping default gateway etc etc. Cisco routers provide this functionality by using a "loopback" command on interfaces. If packets sent by an interface come back to the router, then TCP/IP is probably OK. Allowing the 127 net on routers would probably cause havoc especially on broadcast networks. Winston(#7991) -Original Message- From: Ednilson Rosa [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 26, 2001 5:04 PM To: [EMAIL PROTECTED] Subject: Re: Could not ping 127.0.0.1 [7:17317] On Cisco routers you must explicitly assign a loopback interface. If you want it to be 127.0.0.1 you must do like this: conf t int loopback1 ip address 127.0.0.1 255.255.0.0 Then you will be able to ping yourself at this address. The automatic "well known" loopback is valid only for nic cards and other devices where you wouldn't be able to setup a loopback by other means. Regards, Ednilson Rosa - Original Message - From: "Lists Wizard" To: Sent: Sunday, August 26, 2001 11:19 AM Subject: Could not ping 127.0.0.1 [7:17317] Hi Group Have any one tried to ping the well known loopback address 127.0.0.1? I tried but I could not. I could ping the other ip interfaces on the router though. Any explanation is welcomed. Thanks Lw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17336&t=17317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS & 4000 Routers [7:17202]
Here goes. I can un-partition FLASH for a total of 16 Megs & 16 Megs RAM, but the router does not seem to want to use the 16/16 combination to run anything beyond 11.3 (even though 12.x will fit). 4000>show version Cisco Internetwork Operating System Software IOS (tm) 4000 Software (C4000-JS-M), Version 11.3(11a), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 20-Sep-99 14:43 by jjgreen Image text-base: 0x00012000, data-base: 0x00855A88 ROM: System Bootstrap, Version 5.2(13a), RELEASE SOFTWARE ROM: 4000 Bootstrap Software (XX-RXBOOT), Version 10.2(13a), RELEASE SOFTWARE (fc1) 4000 uptime is 33 minutes System restarted by power-on System image file is "flash:c4000-js-mz.113-11a.bin", booted via flash cisco 4000 (68030) processor (revision 0xA0) with 16384K/1024K bytes of memory. Processor board ID 5017715 G.703/E1 software, Version 1.0. Bridging software. X.25 software, Version 3.0.0. SuperLAT software copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 2 Ethernet/IEEE 802.3 interface(s) 2 Token Ring/IEEE 802.5 interface(s) 4 Serial network interface(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) Configuration register is 0x2102 Phil - Original Message - From: "Erick B." To: Sent: Saturday, August 25, 2001 2:32 PM Subject: Re: IOS & 4000 Routers [7:17202] > Can you post a copy of 'show version' here? > > I have 12.1(9) mainline running on a 4000-M. Thats the > highest release available. They don't have 12.1T or > higher available for 4000/4000-M. > > --- Circusnuts wrote: > > I just bought my first "regular" 4000 router & have > > an IOS question. I've > > upgraded the boot ROM's to the latest (2001) 10.0 > > version & the FLASH board > > (to the one that allows (2) 8 Meg FLASH sticks, as > > apposed to the older > > imbedded type), but I can't seem to get any IOS > > above 11.3 to work. Even > > though I have enough memory to run newer 4000 > > images, I get an insufficient > > memory error. > > > > Any ideas ??? > > > > Thanks in advance > > Phil > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17337&t=17202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: CCIE Exam Cram [7:17334]
[demime could not interpret encoding binary - treating as plain text] This speaks volumes about the fading value of the now "cram-based" CCIE certification process (at least one aspect of it). Soon I expect to see Cliffs Notes for Halabi, Doyle, Caslow, etc. Cisco added CCIE Exam Cram to the recommended reading list! http://www.cisco.com/warp/public/625/ccie/certifications/routing.html Rayappa. This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify us immediately. You should not copy it or use it for any purpose, nor disclose it's contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco International. This email was sent through the free email service at http://www.anonymous.to/ To report abuse, please visit our website and click "Contact Us." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17338&t=17334 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17339]
Sami, You'll need to give more info than that. The router does not care if the packets are originated from a host or another router. It will filter packets based on packet information, ie, source address, destination address, port #... Are you saying the router wont filter packets originated from the router itself? How are your access-lists applied? Inbound or Outbound? What are you trying to filter? Explain your situation a little better, and include your access-list if you so desire. -Brad Ellis CCIE#5796 [EMAIL PROTECTED] used Cisco: www.optsys.net ""sami natour"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All , > When I made standard access list I discoverd that it > prevented packets originated form PC's and host but > not packets originated from other routers.Any idea why > this will happen. > > Best Regards , > sami , > > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17339&t=17339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Novell Encapsulations and Cat 5000 [7:17233]
I think it's wise to tell people to search, but of course, on the Internet, it's also risky because there's so much bad stuff out there. Cisco's documentation is usually quite good, so recommending searching their site works. They have a good article on Ethernet frame types. I don't remember the URL though. Talk to you later, Priscilla At 05:51 PM 8/25/01, you wrote: >Hmmph... Then I stand corrected on a couple of points here, the obvious >reference to incorrect info and more importantly for being critical of Hunt >for asking. > >I must admit that I don't know all that much about Netware protocols as much >of my time has been in Banyan (sigh), MS and big iron shops. > >- Original Message - >From: "Priscilla Oppenheimer" >To: >Sent: Saturday, August 25, 2001 5:20 PM >Subject: Re: Novell Encapsulations and Cat 5000 [7:17233] > > > > Don't use that reference. It's full of mistakes. It claims that an LLC SAP > > is Service Advertising Protocol. It puts the first two bytes of a Novell > > IPX network-layer header with 802.3. And so on. > > > > I wrote extensively about Ethernet frame types in my Troubleshooting > > Ethernet Networks study guide at www.certificationzone.com. > > > > Cisco has some good references on the subject also. > > > > The CIT class and Cisco Press CIT book do a good job with it. They also > > have a bunch of info about your other question, troubleshooting Cat 5000. > > > > Priscilla > > > > At 11:57 AM 8/25/01, Mike Mandulak wrote: > > >Hunt if you did a yahoo search on +snap +ethernet +sap you would find the > > >following link. > > > > > >http://osr5doc.sco.com:457/NetConfigG/configparamsC.framing_type.html > > > > > >Not trying to be harsh here but being able to quickly look up readily > > >available information is a key part of becoming a good engineer. > > > > > >- Original Message - > > >From: "Hunt Lee" > > >To: > > >Sent: Saturday, August 25, 2001 6:11 AM > > >Subject: Novell Encapsulations and Cat 5000 [7:17233] > > > > > > > > > > It would be very great if someone can shed some light on this. It's a > > > > little bit off topic but thanks :) Firstly, what is the difference > > > > between the following Novell encapsulation types - Arpa, Sap, > > > > Novell-Ether and Snap? Do they have different fields in them (for > > > > instance, if analyzed with a Protocol Analyzer), and are they all for > > > > Ethernet? > > > > > > > > Secondly, whereabout can I find out more troubleshooting info. on a >Cat > > > > 5000 - in particular, the LEDs (the green, orange and red lights). > > > > > > > > Thanks again. > > > > > > > > Regards, > > > > Hunt Lee > > > > IP Solution Analyst > > > > Cable and Wireless > > > > > > Priscilla Oppenheimer > > http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17340&t=17233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17341]
At 06:26 PM 8/26/01, Brad Ellis wrote: >Sami, > >You'll need to give more info than that. The router does not care if the >packets are originated from a host or another router. It will filter >packets based on packet information, ie, source address, destination >address, port #... This filtering happens as part of the packet-forwarding process. Packets sent by the router (such as pings) may not go through this process. Sorry that I don't have the details, but I have run into surprising results in a lab environment when testing access lists from a router. You need to test them from end hosts. I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody else would, and I think the question bears more research. Priscilla >Are you saying the router wont filter packets originated from the router >itself? How are your access-lists applied? Inbound or Outbound? What are >you trying to filter? Explain your situation a little better, and include >your access-list if you so desire. > >-Brad Ellis >CCIE#5796 >[EMAIL PROTECTED] >used Cisco: www.optsys.net > >""sami natour"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi All , > > When I made standard access list I discoverd that it > > prevented packets originated form PC's and host but > > not packets originated from other routers.Any idea why > > this will happen. > > > > Best Regards , > > sami , > > > > > > __ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute with Yahoo! Messenger > > http://phonecard.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17341&t=17341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: debug span on router acting as bridge [7:17165]
Thanks to all who replied. The interesting thing is that the BPDUs you finally saw are just the ordinary configuration BPDUs. It seems like a really bad idea to use debug span tree since those BPDUs happen every 2 seconds. But, like I said before, that's OK. I see these things as an opportunity! ;-) Thank-you very much for looking into this. Priscilla At 12:40 AM 8/25/01, Paul Werner wrote: >Comments within and below. > > > Does anyone have a router acting as a bridge in their lab >network? > >Yes, a bunch of 2500s running everything from 12.09 to 12.2(3) >and experimental smokin IPv6 code. I also have a BFR (Cisco >7000) running 11.2(16) > > > Cisco documentation claims that there is a "debug span" >command that > > shows > > BPDU frames in hex as they come in. Now, I think this is an >awful idea, > > since they come in every 2 seconds, but for a project I'm >working on I > > need > > to find out if the command really exists. > >For starters, this appears to be one of those commands that has >been propagated over the years as a recurring mistake in the >command summaries. Just to let you know, this command first >appeared in IOS 8.3 (yes, you are reading that correctly :-) > >http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/r >pc_r/53998.htm#xtocid1116650 > >Although the command was released in 8.3 code, very little was >mentioned about it in terms of what you should see and how to >interpret it. That appears to have been documented in IOS >9.21, which is shown here: > >http://www.cisco.com/univercd/cc/td/doc/product/software/ssr921/ >dcr/80432.htm#xtocid755369 > >It indicates the same sort of information that you read in the >12.2 command reference. My guess is that right about at that >time the Kalpana switches were becoming the rage, bridging was >taking a back seat to routing and the focus was on routing and >routing protocols. Although the functionality and debugs for >bridging did improve over the years, the documentation does not >appear to have kept up. For example, here is what my 12.2(3) >cisco 2511 has to say about the debugs available: > >2511#debug spa? >spanning-tree > >2511#debug spa >2511#debug spanning-tree ? > all All Spanning Tree debugging messages > bpdu Spanning tree bridge protocol data units > bpdu-opt Optimized BPDU handling > configSpanning tree config changes > etherchannel EtherChannel support > eventsSpanning tree topology events > exceptionsSpanning tree exceptions > general Spanning tree general > pvst+ PVST+ events > root Spanning tree root events > snmp Spanning Tree SNMP handling > >Just for grins, I turned them all on and configured an IEEE >bridge with routing disabled. Here is what I get: > >2511#sh span > > Bridge group 1 is executing the ieee compatible Spanning Tree >protocol > Bridge Identifier has priority 32768, address .0c92.7624 > Configured hello time 2, max age 20, forward delay 15 > Current root has priority 32768, address .0c83.e2d0 > Root port is 3 (Serial0), cost of root path is 647 > Topology change flag not set, detected flag not set > Number of topology changes 3 last change occurred 00:38:31 ago > from Serial0 > Times: hold 1, topology change 35, notification 2 > hello 2, max age 20, forward delay 15 > Timers: hello 0, topology change 0, notification 0, aging 300 > > Port 3 (Serial0) of Bridge group 1 is forwarding > --More-- >01:00:03: Returning spanning tree stats @ 5CEDA0 >01:00:03: Returning spanning tree port stat Port path cost >647, Port priority >128, Port Identifier 128.3. >Designated root has priority 32768, address .0c83.e2d0 >Designated bridge has priority 32768, address .0c83.e2d0 >Designated port id is 128.6, designated path cost 0 >Timers: message age 2, forward delay 0, hold 0 >Number of transitions to forwarding state: 3 >BPDU: sent 57, received 1502 > > Port 4 (Serial1) of Bridge group 1 is blocking >Port path cost 647, Port priority 128, Port Identifier 128.4. >Designated root has priority 32768, address .0c83.e2d0 >Designated bridge has priority 32768, address .0c83.e2d0 >Designated port id is 128.7, designated path cost 0 >Timers: message age 2, forward delay 0, hold 0 >Number of transitions to forwarding state: 1 >BPDU: sent 56, received 1509 > >Here are the debugs: > >2511#sh deb >Spanning Tree: > Spanning Tree general debugging is on > Spanning Tree Exceptions debugging is on > Spanning Tree BPDU debugging is on > Spanning Tree event debugging is on > Spanning Tree root changes debugging is on > Spanning Tree configuration debugging is on > Spanning Tree etherchannel support debugging is on > Spanning Tree PVST+ debugging is on > Spanning Tree uplinkfast debugging is on > Spanning Tree uplinkfast exceptions debugging is on > Spanning Tree backbonefast general debu
Re: Does access list work for router originated packets [7:17344]
Priscilla, Are you saying that pings sent by one router will not be filtered by another router? I beg to differ. -Brad ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 06:26 PM 8/26/01, Brad Ellis wrote: > >Sami, > > > >You'll need to give more info than that. The router does not care if the > >packets are originated from a host or another router. It will filter > >packets based on packet information, ie, source address, destination > >address, port #... > > This filtering happens as part of the packet-forwarding process. Packets > sent by the router (such as pings) may not go through this process. Sorry > that I don't have the details, but I have run into surprising results in a > lab environment when testing access lists from a router. You need to test > them from end hosts. > > I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody else > would, and I think the question bears more research. > > Priscilla > > >Are you saying the router wont filter packets originated from the router > >itself? How are your access-lists applied? Inbound or Outbound? What are > >you trying to filter? Explain your situation a little better, and include > >your access-list if you so desire. > > > >-Brad Ellis > >CCIE#5796 > >[EMAIL PROTECTED] > >used Cisco: www.optsys.net > > > >""sami natour"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi All , > > > When I made standard access list I discoverd that it > > > prevented packets originated form PC's and host but > > > not packets originated from other routers.Any idea why > > > this will happen. > > > > > > Best Regards , > > > sami , > > > > > > > > > __ > > > Do You Yahoo!? > > > Make international calls for as low as $.04/minute with Yahoo! Messenger > > > http://phonecard.yahoo.com/ > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17344&t=17344 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP/IP question [7:17343]
there was a question regarding 127.0.0.1. I understand that the actual
TCP/IP "software" actually uses this address for self testing.
when ping localhost {or computer {netbios} name} the actual ip address of
127.0.0.1 shows up on the screen.
In doing some research one book explains that 127.0.0.1 is not useable but
the rest of the addresses in the 127 network can be used.
I went to my trusty 2500 and try to plug in 127.12.12.25 and the router
would not allow me config the interface with that address.
Is entire 127 network off limits or just 127.0.0.1. is this a cisco thing.
any explaination is appreicated..
Thank You..
Rico Ortiz,
Regional Systems Manager,
Electronic Support Detachment New York
United States Coast Guard
[GroupStudy.com removed an attachment of type application/ms-tnef which had
a name of winmail.dat]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17343&t=17343
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17346]
At 08:06 PM 8/26/01, Brad Ellis wrote: >Priscilla, > >Are you saying that pings sent by one router will not be filtered by another >router? I beg to differ. Of course not. Pings sent by the router where the ACL is configured are not affected by the ACL. Try it. Priscilla >-Brad > >""Priscilla Oppenheimer"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 06:26 PM 8/26/01, Brad Ellis wrote: > > >Sami, > > > > > >You'll need to give more info than that. The router does not care if the > > >packets are originated from a host or another router. It will filter > > >packets based on packet information, ie, source address, destination > > >address, port #... > > > > This filtering happens as part of the packet-forwarding process. Packets > > sent by the router (such as pings) may not go through this process. Sorry > > that I don't have the details, but I have run into surprising results in a > > lab environment when testing access lists from a router. You need to test > > them from end hosts. > > > > I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody else > > would, and I think the question bears more research. > > > > Priscilla > > > > >Are you saying the router wont filter packets originated from the router > > >itself? How are your access-lists applied? Inbound or Outbound? What >are > > >you trying to filter? Explain your situation a little better, and >include > > >your access-list if you so desire. > > > > > >-Brad Ellis > > >CCIE#5796 > > >[EMAIL PROTECTED] > > >used Cisco: www.optsys.net > > > > > >""sami natour"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi All , > > > > When I made standard access list I discoverd that it > > > > prevented packets originated form PC's and host but > > > > not packets originated from other routers.Any idea why > > > > this will happen. > > > > > > > > Best Regards , > > > > sami , > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Make international calls for as low as $.04/minute with Yahoo! >Messenger > > > > http://phonecard.yahoo.com/ > > > > > > Priscilla Oppenheimer > > http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17346&t=17346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token-Ring DB-9 to RJ-45 [7:17301]
Should use medium filter. Regards, Fanglo ""Omer Ehsan Dar"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > I have IBM Token ring MAUs and I want to connect them to my token ring > lan cards. Can I connect the DB-9 to a terminal adapter and then connect > it via RJ-45 to the lan card. Will it work? in theory it should. > > Thanks > Omer Ehsan Dar Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17348&t=17301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17349]
Priscilla, that's not what I said. Here's what I said: "...pings sent by one router will not be filtered by another router? " Hence my diagram for further explanation: Router A -=- Router B -=- Device A (-=- can be ethernet x-over, serial back-to-back, etc) An ACL is applied on Router B's interface (applied inbound) that is connected to Router A. What I originally said, and continue to say, is that Router B will most certainly block packets (pings or whatever) coming from Router A...and it is irrelevant if Router A is a router or a host device. The ACL on Router B doesnt care if the device sending packets is a router or an end host device! If Router B was initiating the ping and Router B had the ACL applied, that would be a different story. ttyl, -Brad Ellis CCIE#5796 [EMAIL PROTECTED] used Cisco: www.optsys.net ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 08:06 PM 8/26/01, Brad Ellis wrote: > >Priscilla, > > > >Are you saying that pings sent by one router will not be filtered by another > >router? I beg to differ. > > Of course not. Pings sent by the router where the ACL is configured are not > affected by the ACL. Try it. > > Priscilla > > > >-Brad > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 06:26 PM 8/26/01, Brad Ellis wrote: > > > >Sami, > > > > > > > >You'll need to give more info than that. The router does not care if > the > > > >packets are originated from a host or another router. It will filter > > > >packets based on packet information, ie, source address, destination > > > >address, port #... > > > > > > This filtering happens as part of the packet-forwarding process. Packets > > > sent by the router (such as pings) may not go through this process. Sorry > > > that I don't have the details, but I have run into surprising results in > a > > > lab environment when testing access lists from a router. You need to test > > > them from end hosts. > > > > > > I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody else > > > would, and I think the question bears more research. > > > > > > Priscilla > > > > > > >Are you saying the router wont filter packets originated from the router > > > >itself? How are your access-lists applied? Inbound or Outbound? What > >are > > > >you trying to filter? Explain your situation a little better, and > >include > > > >your access-list if you so desire. > > > > > > > >-Brad Ellis > > > >CCIE#5796 > > > >[EMAIL PROTECTED] > > > >used Cisco: www.optsys.net > > > > > > > >""sami natour"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Hi All , > > > > > When I made standard access list I discoverd that it > > > > > prevented packets originated form PC's and host but > > > > > not packets originated from other routers.Any idea why > > > > > this will happen. > > > > > > > > > > Best Regards , > > > > > sami , > > > > > > > > > > > > > > > __ > > > > > Do You Yahoo!? > > > > > Make international calls for as low as $.04/minute with Yahoo! > >Messenger > > > > > http://phonecard.yahoo.com/ > > > > > > > > > Priscilla Oppenheimer > > > http://www.priscilla.com > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17349&t=17349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: banner motd [7:17204]
Yes, that is the exact IOS I have on them. I will play around with that method you suggested. I am going to upgrade them anyway, so it is a moot point, but I want to see if I can get it to work. In response to someone elses question, Ray, you asked how I got the framing around the banner, I am assuming you mean the asterisks. All you have to do is put asterisks in around the entire banner, there is no special command or anything, just characters like anything else. Thanks to everyone who posted a response to this question. -Original Message- From: Ednilson Rosa To: [EMAIL PROTECTED] Sent: 8/25/01 11:16 PM Subject: Re: banner motd [7:17204] Just one question: the routers on which I had this problem were 1270 with 12.0(3)T3 IP Plus IOS. Do you have something like this? Ednilson Rosa - Original Message - From: "Ednilson Rosa" To: "Lupi, Guy" ; "Group Study" Sent: Saturday, August 25, 2001 11:50 PM Subject: Re: banner motd [7:17204] Yes, there is a work around for this!!! I had this exact problem on some routers of a network and what I did to overcome it was to crate two banners, one MOTD BANNER and another LOGIN BANNER. As LOGIN banners are presented right after MOTD banners, the trick is to make the LOGIN banner start exactly where the MOTD one finishes, like this: banner motd ^C * ! WARNING !* * * * This is a private system. Unauthorized access is prohibited by law. * * * ^C banner login ^C * Violators may be prosecuted. If you are not authorized* * * *to access this system, please disconnect now. * * * ^C You probably will have to make some tries until it gets exactly want you want but you may be able to get it! Regards, Ednilson Rosa - Original Message - From: "Lupi, Guy" To: Sent: Saturday, August 25, 2001 7:31 PM Subject: RE: banner motd [7:17204] A code upgrade definitely fixes it, I was just wondering if anyone knew of a way around it. Probably not, but I thought it would be interesting to ask. Thanks. -Original Message- From: Rob Robinson To: [EMAIL PROTECTED] Sent: 8/25/01 5:48 PM Subject: RE: banner motd [7:17204] Have you tried a code upgrade? We had a situation where a 4906 Switch displayed the same behavior...only displayed the partial banner. It's code version only allowed a certain number of characters in the banner. Upgrade to latest IOS fixed it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lupi, Guy Sent: Saturday, August 25, 2001 3:20 PM To: [EMAIL PROTECTED] Subject: RE: banner motd [7:17204] Should have done that in the first email, here it is. Like I said, works on all my other routers, just not on the ones running Version 12.0(3)T3. Thanks. banner motd x * ! WARNING !* * * * This is a private system. Unauthorized access is prohibited by law. * * * * Violators may be prosecuted. If you are not authorized* * * *to access this system, please disconnect now. * * * x Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17351&t=17204 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for CISCO newsgroups [7:17352]
Hi. This is my first post on this news group. I am working in an environment where I need to learn as much as possible about CISCO routers and switches, so I am looking for newsgroups as well as books and classes to take. My boss also wants me to evaluate a CISCO enterprise level routable switch that we have an opportunity to buy. He wants me to give him an assessment of what it is worth. Do any of you know some good sources to check on this? Are there other public news groups that you use for CISCO info? Please reply also to: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17352&t=17352 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17353]
I know it's not what you said. What you said was obvious. I guess it comes about because I said to test with end devices. Router A is acting like an end device in your example. I should have been more clear. What is not obvious is that ACLs on Router B do not apply to pings to and from Router B. Every newbie has probably been bitten by that one, especially in simple labs. Priscilla At 09:42 PM 8/26/01, Brad Ellis wrote: >Priscilla, that's not what I said. Here's what I said: > >"...pings sent by one router will not be filtered by another router? " > >Hence my diagram for further explanation: > >Router A -=- Router B -=- Device A >(-=- can be ethernet x-over, serial back-to-back, etc) > >An ACL is applied on Router B's interface (applied inbound) that is >connected to Router A. What I originally said, and continue to say, is that >Router B will most certainly block packets (pings or whatever) coming from >Router A...and it is irrelevant if Router A is a router or a host device. >The ACL on Router B doesnt care if the device sending packets is a router or >an end host device! > >If Router B was initiating the ping and Router B had the ACL applied, that >would be a different story. > >ttyl, >-Brad Ellis >CCIE#5796 >[EMAIL PROTECTED] >used Cisco: www.optsys.net > >""Priscilla Oppenheimer"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 08:06 PM 8/26/01, Brad Ellis wrote: > > >Priscilla, > > > > > >Are you saying that pings sent by one router will not be filtered by >another > > >router? I beg to differ. > > > > Of course not. Pings sent by the router where the ACL is configured are >not > > affected by the ACL. Try it. > > > > Priscilla > > > > > > >-Brad > > > > > >""Priscilla Oppenheimer"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > At 06:26 PM 8/26/01, Brad Ellis wrote: > > > > >Sami, > > > > > > > > > >You'll need to give more info than that. The router does not care if > > the > > > > >packets are originated from a host or another router. It will filter > > > > >packets based on packet information, ie, source address, destination > > > > >address, port #... > > > > > > > > This filtering happens as part of the packet-forwarding process. >Packets > > > > sent by the router (such as pings) may not go through this process. >Sorry > > > > that I don't have the details, but I have run into surprising results >in > > a > > > > lab environment when testing access lists from a router. You need to >test > > > > them from end hosts. > > > > > > > > I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody >else > > > > would, and I think the question bears more research. > > > > > > > > Priscilla > > > > > > > > >Are you saying the router wont filter packets originated from the >router > > > > >itself? How are your access-lists applied? Inbound or Outbound? >What > > >are > > > > >you trying to filter? Explain your situation a little better, and > > >include > > > > >your access-list if you so desire. > > > > > > > > > >-Brad Ellis > > > > >CCIE#5796 > > > > >[EMAIL PROTECTED] > > > > >used Cisco: www.optsys.net > > > > > > > > > >""sami natour"" wrote in message > > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > Hi All , > > > > > > When I made standard access list I discoverd that it > > > > > > prevented packets originated form PC's and host but > > > > > > not packets originated from other routers.Any idea why > > > > > > this will happen. > > > > > > > > > > > > Best Regards , > > > > > > sami , > > > > > > > > > > > > > > > > > > __ > > > > > > Do You Yahoo!? > > > > > > Make international calls for as low as $.04/minute with Yahoo! > > >Messenger > > > > > > http://phonecard.yahoo.com/ > > > > > > > > > > > > Priscilla Oppenheimer > > > > http://www.priscilla.com > > > > > > Priscilla Oppenheimer > > http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17353&t=17353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Great Mortgage Rates [7:17354]
fs756d Whether a new home loan is what you seek or to refinance your current home loan at a lower interest rate, we can help! Mortgage rates haven't been this low in the last 12 months, take action now! Refinance your home with us and include all of those pesky credit card bills or use the extra cash for that pool you've always wanted... Where others say NO, we say YES!!! Even if you have been turned down elsewhere, we can help! Easy terms! Our mortgage referral service combines the highest quality loans with the most economical rates and the easiest qualifications! Take just 2 minutes to complete the following form. There is no obligation, all information is kept strictly confidential, and you must be at least 18 years of age. Service is available within the United States only. This service is fast and free. Free information request form: PLEASE VISIT http://www.freewebdirect.net/mortgagezone Since you have received this message you have either responded to one of our offers in the past or your address has been registered with us. If you wish to be removed please reply to: mailto:[EMAIL PROTECTED]@yahoo.com?subject=remove fsda0uio *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17354&t=17354 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Great Mortgage Rates [7:17354]
Is this list no moderated How do people get away with this type of non-sense?? Rob "[EMAIL PROTECTED]" wrote: > fs756d > Whether a new home loan is what you seek or to refinance > your current home loan at a lower interest rate, we can help! > > Mortgage rates haven't been this low in the last 12 months, > take action now! > > Refinance your home with us and include all of those pesky > credit card bills or use the extra cash for that pool you've > always wanted... > > Where others say NO, we say YES!!! > Even if you have been turned down elsewhere, we can help! > > Easy terms! Our mortgage referral service combines the > highest quality loans with the most economical rates and > the easiest qualifications! > > Take just 2 minutes to complete the following form. > There is no obligation, all information is kept strictly > confidential, and you must be at least 18 years of age. > Service is available within the United States only. > This service is fast and free. > > Free information request form: > PLEASE VISIT > http://www.freewebdirect.net/mortgagezone > > > Since you have received this message you have either responded > to one of our offers in the past or your address has been > registered with us. If you wish to be removed please reply to: > mailto:[EMAIL PROTECTED]@yahoo.com?subject=remove > > > fsda0uio > > *** [GroupStudy.com removed an attachment of type text/x-vcard which had a name of rbains.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17356&t=17354 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17357]
Hi I can't believe I am challenging Priscilla! I just tried what you are talking about, i.e. that the ACL on the router does not effect the traffic generated by the router it's self. I created an extended ACL to block all ICMP traffic and applied it to E0 as both IN and OUT. Before appling the ACL I can ping just fine to any host on the network and any host on the network can ping the router. After Appling the ACL I am not able to ping from the router, or to the router. I am running 11.1 IOS, maybe it would yield different results with a different IOS version. What IOS and platform did you see this behavior? Here's my config. Windoze PC 192.168.10.50 --- E0 Router2 192.168.10.20 RedHat PC 192.168.10.2 -Router config-- Current configuration: ! version 11.1 service udp-small-servers service tcp-small-servers ! hostname C2501-R2 ! enable secret 5 XXX enable password none ! ip subnet-zero ! interface Ethernet0 ip address 192.168.10.20 255.255.255.0 ip access-group 100 in ip access-group 100 out no ip mroute-cache no ip route-cache ! interface Serial0 ip address 192.168.50.1 255.255.255.252 no ip mroute-cache encapsulation ppp no ip route-cache ! interface Serial1 no ip address no ip mroute-cache no ip route-cache shutdown ! ip classless logging buffered access-list 100 deny icmp any any access-list 100 permit ip any any ! line con 0 exec-timeout 0 0 line aux 0 transport input all line vty 0 4 exec-timeout 0 0 password login ! end ---Router Config-- ---Ping results- C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: . Success rate is 0 percent (0/5) C2501-R2#conf t Enter configuration commands, one per line. End with CNTL/Z. C2501-R2(config)#int e0 C2501-R2(config-if)#no ip access-group 100 in C2501-R2(config-if)#no ip access-group 100 out C2501-R2(config-if)#^Z C2501-R2# %SYS-5-CONFIG_I: Configured from console by console C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms C2501-R2# Windoze Ping with ACL C:\>ping 192.168.10.20 Pinging 192.168.10.20 with 32 bytes of data: Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Ping statistics for 192.168.10.20: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Windoze Ping without ACL C:\>ping 192.168.10.20 Pinging 192.168.10.20 with 32 bytes of data: Reply from 192.168.10.20: bytes=32 time wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know it's not what you said. What you said was obvious. I guess it comes > about because I said to test with end devices. Router A is acting like an > end device in your example. I should have been more clear. > > What is not obvious is that ACLs on Router B do not apply to pings to and > from Router B. Every newbie has probably been bitten by that one, > especially in simple labs. > > Priscilla > > At 09:42 PM 8/26/01, Brad Ellis wrote: > >Priscilla, that's not what I said. Here's what I said: > > > >"...pings sent by one router will not be filtered by another router? " > > > >Hence my diagram for further explanation: > > > >Router A -=- Router B -=- Device A > >(-=- can be ethernet x-over, serial back-to-back, etc) > > > >An ACL is applied on Router B's interface (applied inbound) that is > >connected to Router A. What I originally said, and continue to say, is that > >Router B will most certainly block packets (pings or whatever) coming from > >Router A...and it is irrelevant if Router A is a router or a host device. > >The ACL on Router B doesnt care if the device sending packets is a router or > >an end host device! > > > >If Router B was initiating the ping and Router B had the ACL applied, that > >would be a different story. > > > >ttyl, > >-Brad Ellis > >CCIE#5796 > >[EMAIL PROTECTED] > >used Cisco: www.optsys.net > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 08:06 PM 8/26/01, Brad Ellis wrote: > > > >Priscilla, > > > > > > > >Are you saying that pings sent by one router will not be filtered by > >another > > > >router? I beg to differ. > > > > > > Of course not. Pings sent by the router where the ACL is configured are > >not > > > affected by the ACL. Try it. > > > > > > Priscilla > > > > > > > > > >-Brad > > > > > > > >""Priscilla Oppenheimer"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > At 06:26 PM 8/26/01, Brad Ellis wrote: > > > > > >Sami, > > > > > > > > > > > >You'll need to g
RE: Does access list work for router originated packets [7:17359]
Since ping uses returning packets to work its those that are being blocked. Use a sniffer to see the process. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 26, 2001 11:16 PM To: [EMAIL PROTECTED] Subject: Re: Does access list work for router originated packets [7:17357] Hi I can't believe I am challenging Priscilla! I just tried what you are talking about, i.e. that the ACL on the router does not effect the traffic generated by the router it's self. I created an extended ACL to block all ICMP traffic and applied it to E0 as both IN and OUT. Before appling the ACL I can ping just fine to any host on the network and any host on the network can ping the router. After Appling the ACL I am not able to ping from the router, or to the router. I am running 11.1 IOS, maybe it would yield different results with a different IOS version. What IOS and platform did you see this behavior? Here's my config. Windoze PC 192.168.10.50 --- E0 Router2 192.168.10.20 RedHat PC 192.168.10.2 -Router config-- Current configuration: ! version 11.1 service udp-small-servers service tcp-small-servers ! hostname C2501-R2 ! enable secret 5 XXX enable password none ! ip subnet-zero ! interface Ethernet0 ip address 192.168.10.20 255.255.255.0 ip access-group 100 in ip access-group 100 out no ip mroute-cache no ip route-cache ! interface Serial0 ip address 192.168.50.1 255.255.255.252 no ip mroute-cache encapsulation ppp no ip route-cache ! interface Serial1 no ip address no ip mroute-cache no ip route-cache shutdown ! ip classless logging buffered access-list 100 deny icmp any any access-list 100 permit ip any any ! line con 0 exec-timeout 0 0 line aux 0 transport input all line vty 0 4 exec-timeout 0 0 password login ! end ---Router Config-- ---Ping results- C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: . Success rate is 0 percent (0/5) C2501-R2#conf t Enter configuration commands, one per line. End with CNTL/Z. C2501-R2(config)#int e0 C2501-R2(config-if)#no ip access-group 100 in C2501-R2(config-if)#no ip access-group 100 out C2501-R2(config-if)#^Z C2501-R2# %SYS-5-CONFIG_I: Configured from console by console C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms C2501-R2# Windoze Ping with ACL C:\>ping 192.168.10.20 Pinging 192.168.10.20 with 32 bytes of data: Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Ping statistics for 192.168.10.20: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Windoze Ping without ACL C:\>ping 192.168.10.20 Pinging 192.168.10.20 with 32 bytes of data: Reply from 192.168.10.20: bytes=32 time wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know it's not what you said. What you said was obvious. I guess it comes > about because I said to test with end devices. Router A is acting like an > end device in your example. I should have been more clear. > > What is not obvious is that ACLs on Router B do not apply to pings to and > from Router B. Every newbie has probably been bitten by that one, > especially in simple labs. > > Priscilla > > At 09:42 PM 8/26/01, Brad Ellis wrote: > >Priscilla, that's not what I said. Here's what I said: > > > >"...pings sent by one router will not be filtered by another router? " > > > >Hence my diagram for further explanation: > > > >Router A -=- Router B -=- Device A > >(-=- can be ethernet x-over, serial back-to-back, etc) > > > >An ACL is applied on Router B's interface (applied inbound) that is > >connected to Router A. What I originally said, and continue to say, is that > >Router B will most certainly block packets (pings or whatever) coming from > >Router A...and it is irrelevant if Router A is a router or a host device. > >The ACL on Router B doesnt care if the device sending packets is a router or > >an end host device! > > > >If Router B was initiating the ping and Router B had the ACL applied, that > >would be a different story. > > > >ttyl, > >-Brad Ellis > >CCIE#5796 > >[EMAIL PROTECTED] > >used Cisco: www.optsys.net > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 08:06 PM 8/26/01, Brad Ellis wrote: > > > >Priscilla, > > > > > > > >Are you saying that pings sent by one router will not be filtered by > >another > > > >router? I beg to differ. > > > > > > Of course not. Pings sent by the router where the
Re: Does access list work for router originated packets [7:17360]
The access list is actually only blocking the icmp packets on the return path from the "pinged" router or host. The icmp packets sent outbound by the router sourcing the pings are actually allowed through the outbound access list. This can be seen by adding the "log" extension to your access list commands. Then you should see the following message: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 192.168.10.50 -> 192.168.10.20 (0/0), 1 packet The key is that you won't see the same log message for the outbound icmp packets. You can also run "debug ip packet" to see something similar to the following: IP: s=192.168.10.20 (local), d=192.168.10.50 (Ethernet0), len 100, sending ICMP type=8, code=0 IP: s=192.168.10.50 (Ethernet0), d=192.168.10.20 , len 100, access denied ICMP type=0, code=0 The outbound packets were sent, but the return packets were "access denied". Hence you get: C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: . because the entire ping path consists of both the forwarding AND the return path. HTH, Jason ""John Hardman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi > > I can't believe I am challenging Priscilla! > > I just tried what you are talking about, i.e. that the ACL on the router > does not effect the traffic generated by the router it's self. > > I created an extended ACL to block all ICMP traffic and applied it to E0 as > both IN and OUT. Before appling the ACL I can ping just fine to any host on > the network and any host on the network can ping the router. After Appling > the ACL I am not able to ping from the router, or to the router. > > I am running 11.1 IOS, maybe it would yield different results with a > different IOS version. What IOS and platform did you see this behavior? > > Here's my config. > > Windoze PC 192.168.10.50 --- E0 Router2 192.168.10.20 > RedHat PC 192.168.10.2 > > -Router config-- > Current configuration: > ! > version 11.1 > service udp-small-servers > service tcp-small-servers > ! > hostname C2501-R2 > ! > enable secret 5 XXX > enable password none > ! > ip subnet-zero > ! > interface Ethernet0 > ip address 192.168.10.20 255.255.255.0 > ip access-group 100 in > ip access-group 100 out > no ip mroute-cache > no ip route-cache > ! > interface Serial0 > ip address 192.168.50.1 255.255.255.252 > no ip mroute-cache > encapsulation ppp > no ip route-cache > ! > interface Serial1 > no ip address > no ip mroute-cache > no ip route-cache > shutdown > ! > ip classless > logging buffered > access-list 100 deny icmp any any > access-list 100 permit ip any any > ! > line con 0 > exec-timeout 0 0 > line aux 0 > transport input all > line vty 0 4 > exec-timeout 0 0 > password > login > ! > end > > ---Router Config-- > > ---Ping results- > > C2501-R2#ping 192.168.10.50 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > C2501-R2#conf t > Enter configuration commands, one per line. End with CNTL/Z. > C2501-R2(config)#int e0 > C2501-R2(config-if)#no ip access-group 100 in > C2501-R2(config-if)#no ip access-group 100 out > C2501-R2(config-if)#^Z > C2501-R2# > %SYS-5-CONFIG_I: Configured from console by console > C2501-R2#ping 192.168.10.50 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: > ! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms > C2501-R2# > > Windoze Ping with ACL > C:\>ping 192.168.10.20 > > Pinging 192.168.10.20 with 32 bytes of data: > > Reply from 192.168.10.20: Destination net unreachable. > Reply from 192.168.10.20: Destination net unreachable. > Reply from 192.168.10.20: Destination net unreachable. > Reply from 192.168.10.20: Destination net unreachable. > > Ping statistics for 192.168.10.20: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > Windoze Ping without ACL > > C:\>ping 192.168.10.20 > > Pinging 192.168.10.20 with 32 bytes of data: > > Reply from 192.168.10.20: bytes=32 time wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I know it's not what you said. What you said was obvious. I guess it comes > > about because I said to test with end devices. Router A is acting like an > > end device in your example. I should have been more clear. > > > > What is not obvious is that ACLs on Router B do not apply to pings to and > > from Router B. Every newbie has probably been bitten by that one, > > especially in simple labs. > > > > Priscilla > > > > At 09:42 PM 8/26/01, Brad Ellis wrote: > > >Priscilla, that's not what I said. Here's what I said: > > > > > >"...pings sent by one router will not be filtered by an
Re: Does access list work for router originated packets [7:17361]
Try making it an outbound access list only and see what happens. I haven't played around with it much myself, but I think that the outbound packets (originating from the router) will pass through the ACL OK. However I think your ping replies are being blocked on the way back - I'm not going to dig through manuals right now, but I think the ACL will be checked and acted on before the router works out that the ping reply is for itself. So I think (without testing myself) that Priscilla is only half correct with the statement "ACLs on Router B do not apply to pings to and from Router B." - I think they apply to pings *to* router B but not *from* router B. JMcL "John Hardman" To: [EMAIL PROTECTED] Subject: Re: Does access list work for router Sent by: originated packets [7:17357] nobody@groups tudy.com 27/08/2001 02:16 pm Please respond to "John Hardman" Hi I can't believe I am challenging Priscilla! I just tried what you are talking about, i.e. that the ACL on the router does not effect the traffic generated by the router it's self. I created an extended ACL to block all ICMP traffic and applied it to E0 as both IN and OUT. Before appling the ACL I can ping just fine to any host on the network and any host on the network can ping the router. After Appling the ACL I am not able to ping from the router, or to the router. I am running 11.1 IOS, maybe it would yield different results with a different IOS version. What IOS and platform did you see this behavior? Here's my config. Windoze PC 192.168.10.50 --- E0 Router2 192.168.10.20 RedHat PC 192.168.10.2 -Router config-- Current configuration: ! version 11.1 service udp-small-servers service tcp-small-servers ! hostname C2501-R2 ! enable secret 5 XXX enable password none ! ip subnet-zero ! interface Ethernet0 ip address 192.168.10.20 255.255.255.0 ip access-group 100 in ip access-group 100 out no ip mroute-cache no ip route-cache ! interface Serial0 ip address 192.168.50.1 255.255.255.252 no ip mroute-cache encapsulation ppp no ip route-cache ! interface Serial1 no ip address no ip mroute-cache no ip route-cache shutdown ! ip classless logging buffered access-list 100 deny icmp any any access-list 100 permit ip any any ! line con 0 exec-timeout 0 0 line aux 0 transport input all line vty 0 4 exec-timeout 0 0 password login ! end ---Router Config-- ---Ping results- C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: . Success rate is 0 percent (0/5) C2501-R2#conf t Enter configuration commands, one per line. End with CNTL/Z. C2501-R2(config)#int e0 C2501-R2(config-if)#no ip access-group 100 in C2501-R2(config-if)#no ip access-group 100 out C2501-R2(config-if)#^Z C2501-R2# %SYS-5-CONFIG_I: Configured from console by console C2501-R2#ping 192.168.10.50 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms C2501-R2# Windoze Ping with ACL C:\>ping 192.168.10.20 Pinging 192.168.10.20 with 32 bytes of data: Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Reply from 192.168.10.20: Destination net unreachable. Ping statistics for 192.168.10.20: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Windoze Ping without ACL C:\>ping 192.168.10.20 Pinging 192.168.10.20 with 32 bytes of data: Reply from 192.168.10.20: bytes=32 time wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know it's not what you said. What you said was obvious. I guess it comes > about because I said to test with end devices. Router A is acting like an > end device in your example. I should have been more clear. > > What is not obvious is that ACLs on Router B do not apply to pings to and > from Router B. Every newbie has probably been bitten by that one, > especially in simple labs. > > Priscilla > > At 09
Re: Pix Route issue [7:17242]
PIX can't route back on the same interface. Hence this does not work. So workaround will be to let router be gateway to your subnet & PIX be gateway to router. Router can route to remote subnet accross point to point link as well as to PIX. Hope this helps. --- Bob Nawrocki wrote: > We have a Pix firewall that is serving as a default > gateway to the Internet > as well as providing ipsec tunnel connectivity to > several remote offices for > serveral hosts on a subnet. On the same subnet we > have a 2600 providing a > point to point wan link. I added a route to the Pix > on the inside interface > to point to the 2600 for the wan route. I am still > not able to connect to > that subnet unless i add a specific route on the > hosts. When running debug > logging on the Pix I get the following output: > > 106011: Deny inbound (No xlate) icmp src > inside:10.111.1.55 dst > inside:10.112.3.3 (type 8, code 0) > > Any thoughts? > > Bob Nawrocki > CCNP CCDP [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17362&t=17242 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17363]
BTW, If you do an extended ping and source the ping from an interface that is not connected in the path to the destination the ACL will filter the packet. Lance ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know it's not what you said. What you said was obvious. I guess it comes > about because I said to test with end devices. Router A is acting like an > end device in your example. I should have been more clear. > > What is not obvious is that ACLs on Router B do not apply to pings to and > from Router B. Every newbie has probably been bitten by that one, > especially in simple labs. > > Priscilla > > At 09:42 PM 8/26/01, Brad Ellis wrote: > >Priscilla, that's not what I said. Here's what I said: > > > >"...pings sent by one router will not be filtered by another router? " > > > >Hence my diagram for further explanation: > > > >Router A -=- Router B -=- Device A > >(-=- can be ethernet x-over, serial back-to-back, etc) > > > >An ACL is applied on Router B's interface (applied inbound) that is > >connected to Router A. What I originally said, and continue to say, is that > >Router B will most certainly block packets (pings or whatever) coming from > >Router A...and it is irrelevant if Router A is a router or a host device. > >The ACL on Router B doesnt care if the device sending packets is a router or > >an end host device! > > > >If Router B was initiating the ping and Router B had the ACL applied, that > >would be a different story. > > > >ttyl, > >-Brad Ellis > >CCIE#5796 > >[EMAIL PROTECTED] > >used Cisco: www.optsys.net > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 08:06 PM 8/26/01, Brad Ellis wrote: > > > >Priscilla, > > > > > > > >Are you saying that pings sent by one router will not be filtered by > >another > > > >router? I beg to differ. > > > > > > Of course not. Pings sent by the router where the ACL is configured are > >not > > > affected by the ACL. Try it. > > > > > > Priscilla > > > > > > > > > >-Brad > > > > > > > >""Priscilla Oppenheimer"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > At 06:26 PM 8/26/01, Brad Ellis wrote: > > > > > >Sami, > > > > > > > > > > > >You'll need to give more info than that. The router does not care > if > > > the > > > > > >packets are originated from a host or another router. It will > filter > > > > > >packets based on packet information, ie, source address, destination > > > > > >address, port #... > > > > > > > > > > This filtering happens as part of the packet-forwarding process. > >Packets > > > > > sent by the router (such as pings) may not go through this process. > >Sorry > > > > > that I don't have the details, but I have run into surprising results > >in > > > a > > > > > lab environment when testing access lists from a router. You need to > >test > > > > > them from end hosts. > > > > > > > > > > I can't believe I'm challenging a CCIE, ;-) but I was afraid nobody > >else > > > > > would, and I think the question bears more research. > > > > > > > > > > Priscilla > > > > > > > > > > >Are you saying the router wont filter packets originated from the > >router > > > > > >itself? How are your access-lists applied? Inbound or Outbound? > >What > > > >are > > > > > >you trying to filter? Explain your situation a little better, and > > > >include > > > > > >your access-list if you so desire. > > > > > > > > > > > >-Brad Ellis > > > > > >CCIE#5796 > > > > > >[EMAIL PROTECTED] > > > > > >used Cisco: www.optsys.net > > > > > > > > > > > >""sami natour"" wrote in message > > > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > > Hi All , > > > > > > > When I made standard access list I discoverd that it > > > > > > > prevented packets originated form PC's and host but > > > > > > > not packets originated from other routers.Any idea why > > > > > > > this will happen. > > > > > > > > > > > > > > Best Regards , > > > > > > > sami , > > > > > > > > > > > > > > > > > > > > > __ > > > > > > > Do You Yahoo!? > > > > > > > Make international calls for as low as $.04/minute with Yahoo! > > > >Messenger > > > > > > > http://phonecard.yahoo.com/ > > > > > > > > > > > > > > > Priscilla Oppenheimer > > > > > http://www.priscilla.com > > > > > > > > > Priscilla Oppenheimer > > > http://www.priscilla.com > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17363&t=17363 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does access list work for router originated packets [7:17364]
Nice catch Dan :) ""Dan Faulk"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Since ping uses returning packets to work its those that are being blocked. > Use a sniffer to see the process. > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Sunday, August 26, 2001 11:16 PM > To: [EMAIL PROTECTED] > Subject: Re: Does access list work for router originated packets > [7:17357] > > > Hi > > I can't believe I am challenging Priscilla! > > I just tried what you are talking about, i.e. that the ACL on the router > does not effect the traffic generated by the router it's self. > > I created an extended ACL to block all ICMP traffic and applied it to E0 as > both IN and OUT. Before appling the ACL I can ping just fine to any host on > the network and any host on the network can ping the router. After Appling > the ACL I am not able to ping from the router, or to the router. > > I am running 11.1 IOS, maybe it would yield different results with a > different IOS version. What IOS and platform did you see this behavior? > > Here's my config. > > Windoze PC 192.168.10.50 --- E0 Router2 192.168.10.20 > RedHat PC 192.168.10.2 > > -Router config-- > Current configuration: > ! > version 11.1 > service udp-small-servers > service tcp-small-servers > ! > hostname C2501-R2 > ! > enable secret 5 XXX > enable password none > ! > ip subnet-zero > ! > interface Ethernet0 > ip address 192.168.10.20 255.255.255.0 > ip access-group 100 in > ip access-group 100 out > no ip mroute-cache > no ip route-cache > ! > interface Serial0 > ip address 192.168.50.1 255.255.255.252 > no ip mroute-cache > encapsulation ppp > no ip route-cache > ! > interface Serial1 > no ip address > no ip mroute-cache > no ip route-cache > shutdown > ! > ip classless > logging buffered > access-list 100 deny icmp any any > access-list 100 permit ip any any > ! > line con 0 > exec-timeout 0 0 > line aux 0 > transport input all > line vty 0 4 > exec-timeout 0 0 > password > login > ! > end > > ---Router Config-- > > ---Ping results- > > C2501-R2#ping 192.168.10.50 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > C2501-R2#conf t > Enter configuration commands, one per line. End with CNTL/Z. > C2501-R2(config)#int e0 > C2501-R2(config-if)#no ip access-group 100 in > C2501-R2(config-if)#no ip access-group 100 out > C2501-R2(config-if)#^Z > C2501-R2# > %SYS-5-CONFIG_I: Configured from console by console > C2501-R2#ping 192.168.10.50 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echoes to 192.168.10.50, timeout is 2 seconds: > ! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms > C2501-R2# > > Windoze Ping with ACL > C:\>ping 192.168.10.20 > > Pinging 192.168.10.20 with 32 bytes of data: > > Reply from 192.168.10.20: Destination net unreachable. > Reply from 192.168.10.20: Destination net unreachable. > Reply from 192.168.10.20: Destination net unreachable. > Reply from 192.168.10.20: Destination net unreachable. > > Ping statistics for 192.168.10.20: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > Windoze Ping without ACL > > C:\>ping 192.168.10.20 > > Pinging 192.168.10.20 with 32 bytes of data: > > Reply from 192.168.10.20: bytes=32 time wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I know it's not what you said. What you said was obvious. I guess it comes > > about because I said to test with end devices. Router A is acting like an > > end device in your example. I should have been more clear. > > > > What is not obvious is that ACLs on Router B do not apply to pings to and > > from Router B. Every newbie has probably been bitten by that one, > > especially in simple labs. > > > > Priscilla > > > > At 09:42 PM 8/26/01, Brad Ellis wrote: > > >Priscilla, that's not what I said. Here's what I said: > > > > > >"...pings sent by one router will not be filtered by another router? " > > > > > >Hence my diagram for further explanation: > > > > > >Router A -=- Router B -=- Device A > > >(-=- can be ethernet x-over, serial back-to-back, etc) > > > > > >An ACL is applied on Router B's interface (applied inbound) that is > > >connected to Router A. What I originally said, and continue to say, is > that > > >Router B will most certainly block packets (pings or whatever) coming > from > > >Router A...and it is irrelevant if Router A is a router or a host device. > > >The ACL on Router B doesnt care if the device sending packets is a router > or > > >an end host device! > > > > > >If Router B was initiating the ping and Router B had the ACL applied, > that > > >would be a different story. > > > > > >ttyl, > > >-Brad Ellis > > >CCIE
Re: Does access list work for router originated packets [7:17365]
You can use a local policy route to get packets generated by the router to go through an ACL. Not as straight forward but... --- "[EMAIL PROTECTED]" wrote: > Try making it an outbound access list only and see > what happens. > I haven't played around with it much myself, but I > think that the outbound > packets (originating from the router) will pass > through the ACL OK. > However I think your ping replies are being blocked > on the way back - I'm > not going to dig through manuals right now, but I > think the ACL will be > checked and acted on before the router works out > that the ping reply is for > itself. > So I think (without testing myself) that Priscilla > is only half correct > with the statement "ACLs on Router B do not apply to > pings to and from > Router B." - I think they apply to pings *to* router > B but not *from* > router B. > > JMcL > > > > > > "John > Hardman" To: > [EMAIL PROTECTED] >Subject: Re: Does > access list work for > router > Sent by: originated > packets > [7:17357] > > nobody@groups > > tudy.com > > > > > > 27/08/2001 > 02:16 > pm > > Please > respond > to > > "John > > Hardman" > > > > > > > > > Hi > > I can't believe I am challenging Priscilla! > > I just tried what you are talking about, i.e. that > the ACL on the router > does not effect the traffic generated by the router > it's self. > > I created an extended ACL to block all ICMP traffic > and applied it to E0 as > both IN and OUT. Before appling the ACL I can ping > just fine to any host on > the network and any host on the network can ping the > router. After Appling > the ACL I am not able to ping from the router, or to > the router. > > I am running 11.1 IOS, maybe it would yield > different results with a > different IOS version. What IOS and platform did you > see this behavior? > > Here's my config. > > Windoze PC 192.168.10.50 --- E0 Router2 > 192.168.10.20 > RedHat PC 192.168.10.2 > > -Router config-- > Current configuration: > ! > version 11.1 > service udp-small-servers > service tcp-small-servers > ! > hostname C2501-R2 > ! > enable secret 5 XXX > enable password none > ! > ip subnet-zero > ! > interface Ethernet0 > ip address 192.168.10.20 255.255.255.0 > ip access-group 100 in > ip access-group 100 out > no ip mroute-cache > no ip route-cache > ! > interface Serial0 > ip address 192.168.50.1 255.255.255.252 > no ip mroute-cache > encapsulation ppp > no ip route-cache > ! > interface Serial1 > no ip address > no ip mroute-cache > no ip route-cache > shutdown > ! > ip classless > logging buffered > access-list 100 deny icmp any any > access-list 100 permit ip any any > ! > line con 0 > exec-timeout 0 0 > line aux 0 > transport input all > line vty 0 4 > exec-timeout 0 0 > password > login > ! > end > > ---Router Config-- > > ---Ping results- > > C2501-R2#ping 192.168.10.50 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echoes to 192.168.10.50, > timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > C2501-R2#conf t > Enter configuration commands, one per line. End > with CNTL/Z. > C2501-R2(config)#int e0 > C2501-R2(config-if)#no ip access-group 100 in > C2501-R2(config-if)#no ip access-group 100 out > C2501-R2(config-if)#^Z > C2501-R2# > %SYS-5-CONFIG_I: Configured from console by console > C2501-R2#ping 192.168.10.50 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echoes to 192.168.10.50, > timeout is 2 seconds: > ! > Success rate is 100 percent (5/5), round-trip > min/avg/max = 1/2/4 ms > C2501-R2# > > Windoze Ping with ACL > C:\>ping 192.168.10.20 > > Pinging 192.168.10.20 with 32 bytes of data: > > Reply from 192.168.10.20: Destination net > unreachable. > Reply from 192.168.10.20: Destination net > unreachable. > Reply from 192.168.10.20: Destination net > unreachable. > Reply from 192.168.10.20: Destination net > unreachable. > > Ping statistics for 192.168.10.20: > Packets: Sent = 4, Received = 4, Lost = 0 (0% > loss), > Approximate round trip times in milli-seconds: > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > Windoze Ping without ACL > > C:\>ping 192.168.10.20 > > Pinging 192.1
Data Encryption... [7:17366]
Hi, Can u tell me the equivalent of Cylink Link encrytor in Cisco?? Can v use Cisco's VPN concentrator?? Kindly revert back immediately. Regds, Surya. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17366&t=17366 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
