Re: I have a customer who... food for thought - static routes [7:18164]
I think that PAT solution is a hell of an idea Rob !!! Simple, easy to configure, and scalable. You could use that source ip reverse path checking feature on all the 7206 interfaces to stop anybody from killing PAT on there 800's Killer idea Rob !! Tony M. - Original Message - From: Rob Fielding To: Sent: Friday, August 31, 2001 6:20 PM Subject: Re: I have a customer who... food for thought - static routes [7:18152] Actually, when I mentioned bridging, I was only talking about the 827s. They should still have to route through the 7206 to reach each other. But, bridging is just a bad idea anyway. Instead, you could NAT the home side of the 827 to the address of the 827s wan interface. Each link between the 7206 and the 827s is a separate routed link, but the 7206 doesn't need to know about the networks behind the 827s. It only needs to know about the links that are directly connected. No bridging and no statics needed, and if the wan links are addressed properly, then they can all be summarized to the rest of the corporate network. Since security is a concern, then I would suggest an access list on the 827s to only allow established connections inbound. -Rob Fielding CCIE #7996 - Original Message - From: Chuck Larrieu To: Rob Fielding ; Sent: Friday, August 31, 2001 5:07 PM Subject: RE: I have a customer who... food for thought - static routes [7:18108] yes - sheer numbers of devices in the shared bridging domain. we are talking 500 to a thousand home users, many of whom are technically savvy folks who may have reasons good or bad to connect multiple devices to the home part of the remote access network. not to mention the fact that bridging would mean direct and unrestricted access from each of these home guys to eachother. I can just see the little rascals Code Redding eachother! ;- Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rob Fielding Sent: Friday, August 31, 2001 9:58 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18108] I just quickly glanced at the 827 docs on cisco.com, so please correct me if I'm wrong about them. According to the docs, you can configure the 827's for bridging or NAT. You could avoid static routes on this edge of the customer's network entirely (except for defaults on the 827's). The 7206 would see all of the home networks as being directly connected. NAT overload would probably be my first choice because the 827 could assign addresses to the home pc's with DHCP, so the users wouldn't have to configure anything, and any number of home pc's would just share the 827's wan interface address. No need for statics at all. Does the customer have any issues about this type of config? -Rob Fielding CCIE #7996 - Original Message - From: Chuck Larrieu To: Sent: Thursday, August 30, 2001 10:38 PM Subject: RE: I have a customer who... food for thought - static routes [7:18038] There have been several good replies to my post. In addition to Tony's insight below, Leigh Anne and Jim both had excellent observations that covered issues my customer raised. The customer expressed concerns were with engineers who for any number of reasons, whether careless, inconsiderate, malicious, or as part of their jobs, might bring down various segments. this is something that apparently happens with some regularity in the customer production network. there were concerns with route flapping at the core. we are in California, after all, and we still live under the threat of rolling blackouts. plus many folks out here are doing their part by shutting things down at night, or when not in use. The flapping issue is bogus, as one could always advertise only the summaries into the core, but again, the customer engineer would not hear of it. the customer deliberately turns off CDP. I did not discuss this with him, but I suspect there is a bit of concern with revealing information that CDP transmits. my point in bringing up this situation was in part to stimulate thought about using various forms of routing as one means of enforcing policy. Static routing is not necessarily a bad thing. On the other hand, there are other ways to deal with the stated concerns other than massive static routing. enjoyed the comments. thanks, everyone. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Medeiros Sent: Thursday, August 30, 2001 12:23 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:17826] I'll bite: PROS: 1) If DSL user decides to change his network for some reason and it overlaps another on somewhere, dynamic routing will hose
Re: what is needed for an ISDN LAB ?? [7:18141]
Two BRI lines should do you fine for testing ISDN in your lab Read through the documentation on the TAC pages for useful ISDN configuration and troubleshooting information - Original Message - From: Jaspreet Bhatia To: Sent: Friday, August 31, 2001 4:06 PM Subject: what is needed for an ISDN LAB ?? [7:18141] Guys, I am trying to setup an ISDN lab and do not have access to an ISDN switch . What I do have is two BRI lines each with a SPID . Will that be sufficient or so I need anything else ? Thanks Jaspreet _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18165t=18141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGNORE this very rude person......Was: Re: CCIE Lab exam - [7:18166]
The guy's not just an a**-hole, he's a coward too. Mr. Johnson, I know you're reading this message, and you know what I'm talking about. George Murphy CCNP, CCDP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Life's too short to be mean ;-) nrf wrote: That guy is just a regular a**-hole. He likes flaming people for fun. Tony Medeiros wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think everybody should just IGNORE this Donald B Johnson jr character. All his posts today are just dripping with disdain and sarcasium. He is posting just to stir the pot and piss people off. Mr. Johnson, Please try and be a little nicer sir. Tony M. - Original Message - From: Jason To: Sent: Thursday, August 30, 2001 8:26 PM Subject: Re: CCIE Lab exam - booked twice [7:17310] Just wondering, are you born this rude or do you have to be trained ? All the guy did was ask a question.It may be a dumb question, but only a question. Donald B Johnson jr wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Oh I see maybe they could roll out a red carpet as you stroll up. No better yet I could throw rose petal since I aint busy anymore cause you double booked and I gotta wait for the really good guys to keep going through until they pass. Then you say you would cancel the second one if you failed, I think you meant pass. If this is your thought process you may want to add a third date. You may try pirating that Transcender test for a test brain too. - Original Message - From: Rashid Lohiya To: Sent: Sunday, August 26, 2001 2:49 AM Subject: CCIE Lab exam - booked twice [7:17310] Guys, Does anyone know whether one person can book the lab twice? ie. 1 for April, 1 for June, thus allowing him to cancel and get a refund on the second one if the first is failed. In this way, the year long wait would not need to be endured if I was to fail the first time around. -- Rashid Lohiya [EMAIL PROTECTED] 020 8509 2990 07785 362626 www.pioneer-computers.com London UK www.rashidl.co.uk Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18166t=18166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Difficulty - CCIE written or CCNP [7:16504]
Thanks. I've started the CCNP route now so will finish that before trying to move on. I took the BCMSN exam first. This was hard to study for (esp. multicast) but easier to pass than expected. - Jim Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... do not underestimate the CCIE written. the one I saw had a lot of things that can fool the unwary, unsuspecting, and unprepared. It was tougher than any of the CCNP tests I took. It was similar in many respects to about half the things I saw on the CID test. on the other hand, the CCIE written was not nearly so difficult as I had imagined it would be. Perhaps because of the incremental approach via the CCNP / CCDP route? best wishes to you. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 19, 2001 10:03 AM To: [EMAIL PROTECTED] Subject: Difficulty - CCIE written or CCNP [7:16504] Would anyone who has taken the CCNP and the CCIE written exam care to advise which is the hardest? I hear the CCIE written exam is very basic. It certainly covers some simple topics but would a candidate need to know networking to CCNP level or higher to achieve thes pass mark? Put another way, how would you compare two people, one with CCNP and not CCIE written, the other with the CCIE written and not CCNP? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18167t=16504 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MRTG Horizontal shape? [7:18091]
When MRTG gets nothing back from its SNMP poll, it assumes the last reported value; if it gets nothing back for several hours you see a horizontal line on the graph. This tells you that for several hours, MRTG was not getting SNMP data back from the router. One possible cause is congestion on the link to that router; since SNMP uses UDP it is highly likely to fail just when you most need the data. CPU utilization on the target router is another possible issue. Your MRTG box itself, or its connectivity, is yet another possible culprit. HTH, doctorcisco Silicon ... just fancy sand. Anyone know why the MRTG shape become horizontol for several hours suddenly even there was traffic? thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18169t=18091 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can you filter a subnet on a sniffer pro? [7:18168]
Hi guys, I'm using sniffer pro 3.0 on NT platform. I am able to filter a single host or any host. But I cannot filter a subnet, for example, 10.10.10.0/24. I have tried entering in all sort of combination such as: 10.10.10.* 10.10.10.*.* 10.10.10.0/24 10.10.10.0 /24 10.10.10.0/255.255.255.0 10.10.10.0 /255.255.255.0 10.10.10.0 255.255.255.0 10.10.10.any 10.10.10. 10.10.10.0 What am I missing? Or maybe this sniffer software doesn't support a subnet filtering? If that's the case, then it's rediculous. Because it does support 'any' which is everything. Thanks for any input. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18168t=18168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please Advice:Trunking problem [7:18170]
Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18170t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about domain control across router? [7:17781]
I forgot one other thing besides a WINS server. Is you netbios node type set Hybrid (0x8) ??? Tony My webserver is connected to the e0/0 of the router, and it has a WAN ip address; my windows domain controller is connected to the e0/1 of the router through switch, and it has LAN ip address. I find that I can't add it to the domain, is it because I have to do some deployment on the router? Thanx. -- --Best Regards Yours, Gu De Tel: 027-8792-3238(O) Network Group Wuhan Jinglun Electronic Company Ltd. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18171t=17781 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst Q. [7:18036]
In article , Cisco Lover wrote: How we can restrict catalyst to allow telnet access to particular hosts?? Not sure what CatOS you're running, but look for the set ip permit settings. This will do what you're after. -- Larry Lamb, CCNP, CCDP, MSCE, MCP+I Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18172t=18036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7200 series router [7:18173]
What is the best Cisco IOS version for this router, this router will be supporting E1's, VPDN / Lease lines please advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18173t=18173 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco ACS [7:18084]
try this link and find your answr. http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/index.htm cheers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18174t=18084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can you filter a subnet on a sniffer pro? [7:18168]
Unfortunately, you have to use pattern matching and enter the hex values for the octets you are looking for. I don't have my cheat sheet handy otherwise I would give a specific example. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Frank Kim Sent: Saturday, September 01, 2001 4:10 AM To: [EMAIL PROTECTED] Subject: Can you filter a subnet on a sniffer pro? [7:18168] Hi guys, I'm using sniffer pro 3.0 on NT platform. I am able to filter a single host or any host. But I cannot filter a subnet, for example, 10.10.10.0/24. I have tried entering in all sort of combination such as: 10.10.10.* 10.10.10.*.* 10.10.10.0/24 10.10.10.0 /24 10.10.10.0/255.255.255.0 10.10.10.0 /255.255.255.0 10.10.10.0 255.255.255.0 10.10.10.any 10.10.10. 10.10.10.0 What am I missing? Or maybe this sniffer software doesn't support a subnet filtering? If that's the case, then it's rediculous. Because it does support 'any' which is everything. Thanks for any input. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18175t=18168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Edit an ACL Entry [7:17854]
on pix only - Original Message - From: Ednilson Rosa To: ; Sent: Saturday, September 01, 2001 1:07 AM Subject: Re: Edit an ACL Entry [7:17854] That's not true. I think it depends on the IOS version or the platform. I have two 2501 on my lab that act exactly like you say (they are using old IOS versions). But on some 1720, 3640 and 3660 that I changed recently, I didn't have to group the ACLs to the interfaces again after removing them. Regards, Ednilson Rosa - Original Message - From: To: Sent: Friday, August 31, 2001 1:59 PM Subject: Re: Edit an ACL Entry [7:17854] if u remove an acl u need to put ip access group whatever in or out again conduit doesnt have any suffering - Original Message - From: NP-BASS LEON To: Sent: Thursday, August 30, 2001 5:37 PM Subject: RE: Edit an ACL Entry [7:17854] DOES THE SAME PROCESS APPLY FOR EDITING STATIC AND CONDUIT STATEMENTS ON A PIX CONFIGURATION. -Original Message- From: groupstudy, Nobody [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 9:16 AM To: [EMAIL PROTECTED] Subject: RE: Edit an ACL Entry [7:17854] copy your access list to say notepad. take out the offending item then copy the access list to your clipboard. Then go onto the Cisco router say no access-list blah and then paste the contents of the clipboard in. There is no other way. -Original Message- From: atram [mailto:[EMAIL PROTECTED]] Sent: 30 August 2001 13:54 To: [EMAIL PROTECTED] Subject: Edit an ACL Entry [7:17854] Simple question that I'm obviously having a brain fart on. How to remove an entry from an ACL? Is there a specific command or technique for removing an entry. In testing I have noticed that the no command infront of the statement will delete the entire ACL. I'm sure someone can provide the answer pretty quickly. Pardon my ingnorance. Kind of blanking out on this for some reason. Thanks in advance! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18176t=17854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT standarts-units of measure [7:18177]
While cleaning up my mailbox I found an interesting article about the evolution of standards. Disclaimer: Don't read this unless you are a total geek like me ;-) The US standard railroad gauge (distance between the rails) is 4 feet 8.5 inches. That's an exceedingly odd number. Why was that gauge used? Because that's the way they built them in England, and English expatriates built the US railroads. Why did the English build them like that? Because the first rail lines were built by the same people who built the pre-railroad tramways, and that's the gauge they used. Why did 'they' use that gauge then? Because the people who built the tramways used the same jigs and tools that they used for building wagons, which used that wheel spacing. Okay! Why did the wagons have that particular odd wheel spacing? Well, if they tried to use any other spacing, the wagon wheels would break on some of the old, long distance roads in England, because that's the spacing of the wheel ruts. So who built those old rutted roads? The first long distance roads in Europe (and England) were built by Imperial Rome for their legions. The roads have been used ever since. And the ruts? Roman war chariots first made the initial ruts, which everyone else had to match for fear of destroying their wagon wheels and wagons. Since the chariots were made for, or by Imperial Rome, they were all alike in the matter of wheel spacing. Thus, we have the answer to the original question. The United States standard railroad gauge of 4 feet, 8.5 inches derives from the original specification for an Imperial Roman war chariot. Specifications and bureaucracies live forever. So, the next time you are handed a specification and wonder which horse's rear came up with it, you may be exactly right. Because the Imperial Roman war chariots were made just wide enough to accommodate the back ends of two war-horses. And now, the twist to the story... There's an interesting extension to the story about railroad gauges and horses' behinds. When we see a Space Shuttle sitting on its launch pad, there are two big booster rockets attached to the sides of the main fuel tank. These are solid rocket boosters, or SRBs. Thiokol makes the SRBs at their factory at Utah. The engineers who designed the SRBs might have preferred to make them a bit fatter, but the SRBs had to be shipped by train from the factory to the launch site. The railroad line from the factory had to run through a tunnel in the mountains. The SRBs had to fit through that tunnel. The tunnel is slightly wider than the railroad track, and the railroad track is about as wide as two horses behinds. So, the major design feature of what is arguably the world's most advanced transportation system was determined by the width of a Horse's ass! George Yiannibas MCSE CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18177t=18177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2610 Router for sale [7:17984]
what price have you fixed for that Warm Regards Swapnil Jain (CNE,MCSE,CCNA,CCDA) Project Consultant Digitec Engineers Computech Pvt Ltd Ph: +91-731-533455 / 268851 Fax: +91-731-435701 Terence wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey Guys/Girls, I have 3 2610 Cisco routers for sale. They are in great condition. Was used at a client site that were replaced with 3600 series routers. Here is the spec's: Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-D-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 17-Aug-99 13:11 by cmong Image text-base: 0x80008088, data-base: 0x80859E60 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 0 minutes System returned to ROM by power-on System image file is flash:c2600-d-mz.120-5.T1.bin cisco 2610 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18178t=17984 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7200 series router [7:18173]
what features do you require? IP only? IS-IS? Apollo? IPSec? firewall? Vines? IPX? Appletalk? then you have to get something that works with the specific cards in the box. you may want to fool around with the Cisco public configuration tool at: http://www.cisco.com/pcgi-bin/front.x/newConfig/config_root.pl no login required. configure a box and see what IOS options come up. from there make your choice. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 01, 2001 2:17 AM To: [EMAIL PROTECTED] Subject: 7200 series router [7:18173] What is the best Cisco IOS version for this router, this router will be supporting E1's, VPDN / Lease lines please advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18179t=18173 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I have a customer who... food for thought - static routes [7:18180]
you know something? That's an interesting idea! May I think out loud here? core_network7200--827--home_ user routed NATinside_network subinterfaces global outside who cares what's inside? need an ip on the 7200 side and the 827 side - takes up two hosts of the /28 the customer is specifying... well, let's see... there is still the matter of the home user inside addressing. Care needs be taken because even though there is private addressing in place, there is still the possibility of overlap with other parts of the network. hhhmmm... on the 7200 side, all subnets are on directly connected interfaces. run the routing protocol of choice, and summarize the subnets into the core. eventually there will be several hundred /28's. at 16x28 per /24, that means a lot of /24's eventually. if the customer played their cards right, they could advertise what? a single /20 or so? maybe even a /19? for address conservation, the customer is insisting on ip unnumbered on the links. I'm pondering the relative merits - does NAT'ing create more or less work? Does it require more or fewer things to keep track of? on the other hand, it does answer a number of the customer expressed concerns and policies. You know, Rob, it would be a hell of a lot easier dealing with you than with the particular group I am dealing with. At least you have some creativity and some understanding of the alternatives. I'll bet the two of us could come up with a solution that would knock their socks off. So far I've had to listen to the bogus route flapping argument ( every time a DSL user turns off his equipment, we'll see route flaps in our core ) the bogus default route advertisement argument ( these guys will connect a router at home and start advertising a default that will screw up the entire company ) ok, so we put them in their own domain and redistribute with strict filtering. or we use On Demand Routing. well we don't want CDP running on these routers because it's insecure OK. I give up. well we don't understand why you have to do it this way anyway. when we were with X company all we did was use a static default yes but X company was an ISP and you were using a VPN with the associated overhead. our solution is equivalent to a frame relay network, and can be treated accordingly. and the final definitive argument, against which there is no counter - our policy does not allow routing to remote access users As I said someplace else, the real issue here lies somewhere above layer 7. Hey, Howard, at what layer are ignorance and lack of clue? ;- Chuck -Original Message- From: Rob Fielding [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 6:06 PM To: Chuck Larrieu; [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18108] Actually, when I mentioned bridging, I was only talking about the 827s. They should still have to route through the 7206 to reach each other. But, bridging is just a bad idea anyway. Instead, you could NAT the home side of the 827 to the address of the 827s wan interface. Each link between the 7206 and the 827s is a separate routed link, but the 7206 doesn't need to know about the networks behind the 827s. It only needs to know about the links that are directly connected. No bridging and no statics needed, and if the wan links are addressed properly, then they can all be summarized to the rest of the corporate network. Since security is a concern, then I would suggest an access list on the 827s to only allow established connections inbound. -Rob Fielding CCIE #7996 - Original Message - From: Chuck Larrieu To: Rob Fielding ; Sent: Friday, August 31, 2001 5:07 PM Subject: RE: I have a customer who... food for thought - static routes [7:18108] yes - sheer numbers of devices in the shared bridging domain. we are talking 500 to a thousand home users, many of whom are technically savvy folks who may have reasons good or bad to connect multiple devices to the home part of the remote access network. not to mention the fact that bridging would mean direct and unrestricted access from each of these home guys to eachother. I can just see the little rascals Code Redding eachother! ;- Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rob Fielding Sent: Friday, August 31, 2001 9:58 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18108] I just quickly glanced at the 827 docs on cisco.com, so please correct me if I'm wrong about them. According to the docs, you can configure the 827's for bridging or NAT. You could avoid static routes on this edge of the customer's network entirely (except for defaults on the 827's). The 7206 would see all of the home networks as being directly connected. NAT overload would probably be my first choice because the 827 could
CCIP [7:18181]
anyone tried taking any of the CCIP exams yet? just wondering how it is ? __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18181t=18181 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I have a customer who... food for thought - static routes [7:18182]
While some of my colleagues in the cable industry differ, unconstrained bridging, which lets user hosts reach one another with no filtering, is a disaster waiting to happen. Consider the Cisco private VLAN feature to get some control. It may or may not fit the topology. Also, I find the operators of such networks often forget Murphy's Law. The network per se may be OK for routine data transfer, but what about infrastructure hosts such as DNS/DHCP, and ARP servers when present? I often hear a lot of hand-waving about how they are fast machines, but I always pose one question, perhaps especially relevant in California. Your serving area has an electrical blackout. All the power comes back on at once. All the hosts/routers will try to ARP and DHCP simultaneously. Have you considered the queueing behavior this may cause? Are you protected against broadcast storms? Actually, when I mentioned bridging, I was only talking about the 827s. They should still have to route through the 7206 to reach each other. But, bridging is just a bad idea anyway. Instead, you could NAT the home side of the 827 to the address of the 827s wan interface. Each link between the 7206 and the 827s is a separate routed link, but the 7206 doesn't need to know about the networks behind the 827s. It only needs to know about the links that are directly connected. No bridging and no statics needed, and if the wan links are addressed properly, then they can all be summarized to the rest of the corporate network. Since security is a concern, then I would suggest an access list on the 827s to only allow established connections inbound. -Rob Fielding CCIE #7996 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18182t=18182 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP Authentication CHAP [7:18093]
i have been through this one . your config is fine just check the following the name of the remote router has to be the username and the password the same on both example local router r4 username r3 pass cisco remote router r3 username r4 pass cisco Gaz wrote: Hi, Can you help me plz guys been trying to get me 1601 with ISDN WIC to work for yonks. From debug's it looks like CHAP AUTH is failing but I don't know why ?! I have enclosed sh ver, sh run and debug dialer, debug ppp auth chap. Any help would be greatly appreciated. Thanx in advance. Sh ver 1601#sh ver Cisco Internetwork Operating System Software IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 06-Dec-99 18:03 by phanguye Image text-base: 0x0803DCE8, data-base: 0x02005000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) ROM: 1600 Software (C1600-BOOT-R), Version 11.1(7)AX, EARLY DEPLOYMENT RELEASE S OFTWARE (fc2) 1601 uptime is 1 hour, 30 minutes System returned to ROM by power-on System image file is flash:/c1600-1207T.bin cisco 1601 (68360) processor (revision C) with 13824K/4608K bytes of memory. Processor board ID 04909005, with hardware revision Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 1 Ethernet/IEEE 802.3 interface(s) 1 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) System/IO memory with parity disabled 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM System running from FLASH 7K bytes of non-volatile configuration memory. 8192K bytes of processor board PCMCIA flash (Read ONLY) Configuration register is 0x2102 Sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 1601 ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username xx password 0 x ! ! ! ! ip subnet-zero no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 physical-layer async bandwidth 64000 ip unnumbered Ethernet0 no ip directed-broadcast encapsulation ppp no ip route-cache no ip mroute-cache keepalive 10 dialer in-band dialer wait-for-carrier-time 120 async mode interactive fair-queue 64 16 0 ppp authentication chap callin ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08451400101 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap ! ip nat inside source list 100 interface BRI0 overload ip classless ip route 0.0.0.0 0.0.0.0 BRI0 no ip http server ! access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line 1 modem InOut transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 exec-timeout 0 0 login local length 25 line vty 1 4 exec-timeout 0 0 login local ! 1601#sh deb Dial on demand: Dial on demand events debugging is on PPP: PPP protocol negotiation debugging is on ISDN: ISDN Q931 packets debugging is on ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-) DSL 0 -- 1 1 - 1601#ping 4.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.1.1.1, timeout is 2 seconds: *Mar 1 01:42:51.533: BRI0 DDR: Dialing cause ip (s=10.10.1.1, d=4.1.1.1) *Mar 1 01:42:51.537: BRI0 DDR: Attempting to dial 08451400101 *Mar 1 01:42:51.549: ISDN BR0: TX - SETUP pd = 8 callref = 0x04 *Mar 1 01:42:51.553: Bearer Capability i = 0x8890 *Mar 1 01:42:51.553: Channel ID i = 0x83 *Mar 1 01:42:51.557: Called Party Number i = 0x80, '08451400101' *Mar 1 01:42:51.747: ISDN BR0: RX CONNECT_ACK pd = 8 callref = 0x04 01:43:43: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up 01:43:43: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to 08451400101 *Mar 1 01:42:53.561: BR0:2 PPP: Treating connection as a callout *Mar 1 01:42:53.565: BR0:2 PPP: Phase is ESTABLISHING, Active Open *Mar 1 01:42:53.569: BR0:2 LCP: O CONFREQ [Closed] id 7 len 15 *Mar 1 01:42:53.573: BR0:2 LCP:AuthProto CHAP (0x0305C22305) *Mar 1 01:42:53.577: BR0:2 LCP:MagicNumber
RE: I have a customer who... food for thought - static routes [7:18183]
One of the factors, for my customer in particular, but for all networks in general, is the manner in which the network is expected to be used. I can't name the name, of course, but my customer is a high tech company. It is true that many of the remote users will be management and support types, but many are developers and practitioners of the technology this company produces. There may be good reason for a team of software developers, for example, to test their applications across this network. there may be good reason for an engineer to set something up in his office lab, then work from home, free of the interruptions that his mere presence in the office can attract. Against this, the company must weigh the potential damage these folks can cause, intended or not. this continues to be a good thread for all the high level thought and good ideas folks have presented. I brought the subject up here because I thought it could serve as the starting point for the excellent conversation I continue to see. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Saturday, September 01, 2001 6:56 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18182] While some of my colleagues in the cable industry differ, unconstrained bridging, which lets user hosts reach one another with no filtering, is a disaster waiting to happen. Consider the Cisco private VLAN feature to get some control. It may or may not fit the topology. Also, I find the operators of such networks often forget Murphy's Law. The network per se may be OK for routine data transfer, but what about infrastructure hosts such as DNS/DHCP, and ARP servers when present? I often hear a lot of hand-waving about how they are fast machines, but I always pose one question, perhaps especially relevant in California. Your serving area has an electrical blackout. All the power comes back on at once. All the hosts/routers will try to ARP and DHCP simultaneously. Have you considered the queueing behavior this may cause? Are you protected against broadcast storms? Actually, when I mentioned bridging, I was only talking about the 827s. They should still have to route through the 7206 to reach each other. But, bridging is just a bad idea anyway. Instead, you could NAT the home side of the 827 to the address of the 827s wan interface. Each link between the 7206 and the 827s is a separate routed link, but the 7206 doesn't need to know about the networks behind the 827s. It only needs to know about the links that are directly connected. No bridging and no statics needed, and if the wan links are addressed properly, then they can all be summarized to the rest of the corporate network. Since security is a concern, then I would suggest an access list on the 827s to only allow established connections inbound. -Rob Fielding CCIE #7996 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18183t=18183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please Advice:Trunking problem [7:18170]
Type in show port cap to see if that port is even capable of either ISL or dot1q. You'll probably find that it's not. HTH, John On Sat, 1 Sep 2001 04:48:29 -0400, Cisco Lover wrote: | Hi guys, | | Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. | Console (enable) set trunk 3/1 on dot1q 1 | Feature not supported on Module 3. | | | Is that due to IOS???if yes ,please advice required IOS for this module. | | Thanks. | | Console (enable) sh ver | WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) | Copyright (c) 1995-2000 by Cisco Systems | NMP S/W compiled on Dec 14 2000, 17:42:24 | MCP S/W compiled on Dec 14 2000, 17:37:38 | | System Bootstrap Version: 3.1.2 | | Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 | | Mod Port Model Serial # Versions | --- -- - | 1 0WS-X5530 012758150 Hw : 3.0 |Fw : 3.1.2 |Fw1: 4.2(1) |Sw : 5.5(5) | WS-F5521 011477888 Hw : 1.1 | 3 24 WS-X5224 011795763 Hw : 1.4 |Fw : 3.1(1) |Sw : 5.5(5) | | DRAMFLASH NVRAM | Module Total UsedFreeTotal UsedFreeTotal Used Free | -- --- --- --- --- --- --- - - - | 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K | | | Console (enable) sh flash | -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name |1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 | cat5000-sup3 | .5-5-5.bin | | 2680336 bytes available (4921840 bytes used) | | | _ | Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp | | | | ___ http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18184t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Edit an ACL Entry [7:17854]
I agree.. maybe it depends on the IOS version because I don't have to group the ACLs after removing them either. -- Haydn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ednilson Rosa Sent: Friday, August 31, 2001 5:27 PM To: [EMAIL PROTECTED] Subject: Re: Edit an ACL Entry [7:17854] That's not true. I think it depends on the IOS version or the platform. I have two 2501 on my lab that act exactly like you say (they are using old IOS versions). But on some 1720, 3640 and 3660 that I changed recently, I didn't have to group the ACLs to the interfaces again after removing them. Regards, Ednilson Rosa - Original Message - From: To: Sent: Friday, August 31, 2001 1:59 PM Subject: Re: Edit an ACL Entry [7:17854] if u remove an acl u need to put ip access group whatever in or out again conduit doesnt have any suffering - Original Message - From: NP-BASS LEON To: Sent: Thursday, August 30, 2001 5:37 PM Subject: RE: Edit an ACL Entry [7:17854] DOES THE SAME PROCESS APPLY FOR EDITING STATIC AND CONDUIT STATEMENTS ON A PIX CONFIGURATION. -Original Message- From: groupstudy, Nobody [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 30, 2001 9:16 AM To: [EMAIL PROTECTED] Subject: RE: Edit an ACL Entry [7:17854] copy your access list to say notepad. take out the offending item then copy the access list to your clipboard. Then go onto the Cisco router say no access-list blah and then paste the contents of the clipboard in. There is no other way. -Original Message- From: atram [mailto:[EMAIL PROTECTED]] Sent: 30 August 2001 13:54 To: [EMAIL PROTECTED] Subject: Edit an ACL Entry [7:17854] Simple question that I'm obviously having a brain fart on. How to remove an entry from an ACL? Is there a specific command or technique for removing an entry. In testing I have noticed that the no command infront of the statement will delete the entire ACL. I'm sure someone can provide the answer pretty quickly. Pardon my ingnorance. Kind of blanking out on this for some reason. Thanks in advance! _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18186t=17854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can you filter a subnet on a sniffer pro? [7:18168]
I do this all the time and it's actually very easy to do. Do a quick capture on any traffic...stop and decode. Create a new Capture profile by clicking on the wizard and profiles new. I usually name these types for the subnet that I wish to sniff. In the new profile click on data pattern and change the AND to an OR. Add a NOT and then add pattern, I always add a NOT so that I can turn on and off this match, since you'll want this one on click the NOT so it is just red this will make it match. Click on Add Pattern and click on the source address in the IP Header and click on Set Data, it doesn't matter if this is the subnet you want or not. Delete the fourth Octet so that you only have the Subnet octets still showing. Keep the portions that match what you want and if one of the octets isn't what you want change this to what you do want. You can use the Windows calculater in scientific mode to convert from decimal to hex by typing in the decimal and then clicking on Hex. If you only get one character like A for 10 add a Zero in front of it in the Pattern. Change the description to state this as the Source subnet you are sniffing. When done click on OK...then click on the OR and add another NOT and follow the same method but this time use the destination address in the IP header. When all done click on OK. You will now only match addresses with the subnet you want too capture. Thomas Moore CCNP, CCDP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18185t=18168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CID Exam Topics [7:18187]
Wanted feedback from those who have recently sat this exam and what they recommend for the following since the CID Cisco Press book doesn't really delve into: VPN, QOS. IP Telephony call phases, Voice over packet network design considerations. Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18187t=18187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you filter a subnet on a sniffer pro? [7:18168]
hey bro... I don't think there's a way to do that...I looked through the Sniffer Pro 3.0 menus and the only way I could see it working is if you: 1. put all 254 individual addresses in the Capture or Display filter 2. create an address book with that subnet in it. I could mess with it some more later, but right now that's the only solution that I can see. -e- PS - where's that cigar you 'owe' me??? ;-) - Original Message - From: Frank Kim To: Sent: Saturday, September 01, 2001 1:10 AM Subject: Can you filter a subnet on a sniffer pro? [7:18168] Hi guys, I'm using sniffer pro 3.0 on NT platform. I am able to filter a single host or any host. But I cannot filter a subnet, for example, 10.10.10.0/24. I have tried entering in all sort of combination such as: 10.10.10.* 10.10.10.*.* 10.10.10.0/24 10.10.10.0 /24 10.10.10.0/255.255.255.0 10.10.10.0 /255.255.255.0 10.10.10.0 255.255.255.0 10.10.10.any 10.10.10. 10.10.10.0 What am I missing? Or maybe this sniffer software doesn't support a subnet filtering? If that's the case, then it's rediculous. Because it does support 'any' which is everything. Thanks for any input. -Frank _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18188t=18168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: I have a customer who... food for thought - static routes [7:18189]
As far as address conservation goes, they're better off addressing the wan links between the 7206 and the 827's as /30, and letting the 827's provide dhcp address to the home users. The home networks can all be the same network (and 1000 duplicate addresses, who cares). As far as the rest of the network is concerned, there's only one address for each home network, the unique nat outside address of the 827. Using IP unnumbered on the wan links is only going to eat up more addresses because they will have to advertise the networks on the home side of the 827's. They can burn up 1000 /30s or 1000 /28s. The 827s can be build with a cookie cutter config. The only thing that needs to be different on each one is the wan ip address. Nobody needs to keep track of what addresses are in use at what house, no static address database is needed (for these 1000 links anyway - I don't know what the rest of their network looks like), and the home pc's could be built cooke cutter, too. They could save a ton of money on man hours if layer 8 wasn't in the way. -Rob Fielding CCIE #7996 - Original Message - From: Chuck Larrieu To: Sent: Saturday, September 01, 2001 6:43 AM Subject: RE: I have a customer who... food for thought - static routes [7:18180] you know something? That's an interesting idea! May I think out loud here? core_network7200--827--home_ user routed NATinside_network subinterfaces global outside who cares what's inside? need an ip on the 7200 side and the 827 side - takes up two hosts of the /28 the customer is specifying... well, let's see... there is still the matter of the home user inside addressing. Care needs be taken because even though there is private addressing in place, there is still the possibility of overlap with other parts of the network. hhhmmm... on the 7200 side, all subnets are on directly connected interfaces. run the routing protocol of choice, and summarize the subnets into the core. eventually there will be several hundred /28's. at 16x28 per /24, that means a lot of /24's eventually. if the customer played their cards right, they could advertise what? a single /20 or so? maybe even a /19? for address conservation, the customer is insisting on ip unnumbered on the links. I'm pondering the relative merits - does NAT'ing create more or less work? Does it require more or fewer things to keep track of? on the other hand, it does answer a number of the customer expressed concerns and policies. You know, Rob, it would be a hell of a lot easier dealing with you than with the particular group I am dealing with. At least you have some creativity and some understanding of the alternatives. I'll bet the two of us could come up with a solution that would knock their socks off. So far I've had to listen to the bogus route flapping argument ( every time a DSL user turns off his equipment, we'll see route flaps in our core ) the bogus default route advertisement argument ( these guys will connect a router at home and start advertising a default that will screw up the entire company ) ok, so we put them in their own domain and redistribute with strict filtering. or we use On Demand Routing. well we don't want CDP running on these routers because it's insecure OK. I give up. well we don't understand why you have to do it this way anyway. when we were with X company all we did was use a static default yes but X company was an ISP and you were using a VPN with the associated overhead. our solution is equivalent to a frame relay network, and can be treated accordingly. and the final definitive argument, against which there is no counter - our policy does not allow routing to remote access users As I said someplace else, the real issue here lies somewhere above layer 7. Hey, Howard, at what layer are ignorance and lack of clue? ;- Chuck -Original Message- From: Rob Fielding [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 6:06 PM To: Chuck Larrieu; [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18108] Actually, when I mentioned bridging, I was only talking about the 827s. They should still have to route through the 7206 to reach each other. But, bridging is just a bad idea anyway. Instead, you could NAT the home side of the 827 to the address of the 827s wan interface. Each link between the 7206 and the 827s is a separate routed link, but the 7206 doesn't need to know about the networks behind the 827s. It only needs to know about the links that are directly connected. No bridging and no statics needed, and if the wan links are addressed properly, then they can all be summarized to the rest of the corporate network. Since security is a concern, then I would suggest an access list on the 827s to only allow established connections inbound. -Rob Fielding CCIE #7996
Re: Can you filter a subnet on a sniffer pro? [7:18168]
You could also set up the port that your sniffer is on as span destination port on your switch. You can span by port or by vlan(s). Very effective and fast. Jeff Frank Kim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys, I'm using sniffer pro 3.0 on NT platform. I am able to filter a single host or any host. But I cannot filter a subnet, for example, 10.10.10.0/24. I have tried entering in all sort of combination such as: 10.10.10.* 10.10.10.*.* 10.10.10.0/24 10.10.10.0 /24 10.10.10.0/255.255.255.0 10.10.10.0 /255.255.255.0 10.10.10.0 255.255.255.0 10.10.10.any 10.10.10. 10.10.10.0 What am I missing? Or maybe this sniffer software doesn't support a subnet filtering? If that's the case, then it's rediculous. Because it does support 'any' which is everything. Thanks for any input. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18190t=18168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Advice:Trunking problem [7:18170]
I'd say not as well. I'd say it doesn't support ISL either. Check out the following link: http://www.cisco.com/warp/public/cc/pd/si/casi/ca5000/prodlit/c5swt_ds.htm It's a hardware thing - not a software issue. What you wanted is a WS-X5234. That one does everything. When I was searching for information on that card, I found this as well: REISSUE: Specific WS-X5012 Line Cards Have the Potential to Short Nasty! Especially since so many of us buy equipment for our homes. Mind you, this card requires a telco connector. I don't think many people have purchased such cards, but still--it's not the type of thing you think of when you buy used equipment. Here's the link on this problem: http://www.cisco.com/warp/public/770/fn12896.shtml -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Saturday, September 01, 2001 9:22 AM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] Type in show port cap to see if that port is even capable of either ISL or dot1q. You'll probably find that it's not. HTH, John On Sat, 1 Sep 2001 04:48:29 -0400, Cisco Lover wrote: | Hi guys, | | Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. | Console (enable) set trunk 3/1 on dot1q 1 | Feature not supported on Module 3. | | | Is that due to IOS???if yes ,please advice required IOS for this module. | | Thanks. | | Console (enable) sh ver | WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) | Copyright (c) 1995-2000 by Cisco Systems | NMP S/W compiled on Dec 14 2000, 17:42:24 | MCP S/W compiled on Dec 14 2000, 17:37:38 | | System Bootstrap Version: 3.1.2 | | Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 | | Mod Port Model Serial # Versions | --- -- - | 1 0WS-X5530 012758150 Hw : 3.0 |Fw : 3.1.2 |Fw1: 4.2(1) |Sw : 5.5(5) | WS-F5521 011477888 Hw : 1.1 | 3 24 WS-X5224 011795763 Hw : 1.4 |Fw : 3.1(1) |Sw : 5.5(5) | | DRAMFLASH NVRAM | Module Total UsedFreeTotal UsedFreeTotal Used Free | -- --- --- --- --- --- --- - - - | 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K | | | Console (enable) sh flash | -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name |1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 | cat5000-sup3 | .5-5-5.bin | | 2680336 bytes available (4921840 bytes used) | | | _ | Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp | | | | ___ http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18192t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Don't think this is true ! Re: CCIE One-Day Lab layout [7:18193]
I dont know about the PIX but the 6500s will replace the 5500s. That you can count on. jc0 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, I DO NOT think this is true though. Unless someone can verify this with Cisco. Brad Ellis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's the info from the grapevine on the layout for the new ONE-DAY CCIE Lab: 1x Cisco PIX 1x 2600 3x 25xx 3x 3640 1x 4000 (Frame router) 1x Cat 6509 This is the standard layout for all CCIE lab's except for WAN switching. Gotta wonder if people will start seeing some Pix stuff on the CCIE RS lab!!! -Brad Ellis CCIE#5796 [EMAIL PROTECTED] Network Learning Inc Used Cisco: www.optsys.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18193t=18193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: I have a customer who... food for thought - static routes [7:18194]
One of the factors, for my customer in particular, but for all networks in general, is the manner in which the network is expected to be used. I can't name the name, of course, but my customer is a high tech company. It is true that many of the remote users will be management and support types, but many are developers and practitioners of the technology this company produces. There may be good reason for a team of software developers, for example, to test their applications across this network. there may be good reason for an engineer to set something up in his office lab, then work from home, free of the interruptions that his mere presence in the office can attract. Against this, the company must weigh the potential damage these folks can cause, intended or not. But that's pretty much exactly what I do, although I get into the corporate network via IPsec tunneling across arbitrary ISPs. When we need a cooperative network, we route to it to keep it isolated. The argument your customer raises might apply to users in a specific geographical area, but would be irrelevant to mobile users. If the principle that it may be good for developers to have cross-network applications, in today's market, isn't there an advantage for being able to do so from arbitrary applications? For example, the main project I work with has participants in Virginia, Massachusetts, North Carolina, Canada, the UK, and Sweden. Hint: we aren't bridged. Mixing test networks and production networks is rarely a good idea. this continues to be a good thread for all the high level thought and good ideas folks have presented. I brought the subject up here because I thought it could serve as the starting point for the excellent conversation I continue to see. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Saturday, September 01, 2001 6:56 AM To: [EMAIL PROTECTED] Subject: Re: I have a customer who... food for thought - static routes [7:18182] While some of my colleagues in the cable industry differ, unconstrained bridging, which lets user hosts reach one another with no filtering, is a disaster waiting to happen. Consider the Cisco private VLAN feature to get some control. It may or may not fit the topology. Also, I find the operators of such networks often forget Murphy's Law. The network per se may be OK for routine data transfer, but what about infrastructure hosts such as DNS/DHCP, and ARP servers when present? I often hear a lot of hand-waving about how they are fast machines, but I always pose one question, perhaps especially relevant in California. Your serving area has an electrical blackout. All the power comes back on at once. All the hosts/routers will try to ARP and DHCP simultaneously. Have you considered the queueing behavior this may cause? Are you protected against broadcast storms? Actually, when I mentioned bridging, I was only talking about the 827s. They should still have to route through the 7206 to reach each other. But, bridging is just a bad idea anyway. Instead, you could NAT the home side of the 827 to the address of the 827s wan interface. Each link between the 7206 and the 827s is a separate routed link, but the 7206 doesn't need to know about the networks behind the 827s. It only needs to know about the links that are directly connected. No bridging and no statics needed, and if the wan links are addressed properly, then they can all be summarized to the rest of the corporate network. Since security is a concern, then I would suggest an access list on the 827s to only allow established connections inbound. -Rob Fielding CCIE #7996 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18194t=18194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is needed for an ISDN LAB ?? [7:18141]
We are using the Atlas 550 in our CCNP labs for both Frame Relay and ISDN. Haven't had a chance to play with it yet as our BCRAN course won't be offered until the Spring semester. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy Brian wrote: On Sat, 1 Sep 2001, Thomas N. wrote: I heard that if one has an Adtran 800, he/she can use it as the ISDN switch... yes, an Adtran Atlas 800 is quite awesome when it comes to simulation and testing. Brian Jaspreet Bhatia wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, I am trying to setup an ISDN lab and do not have access to an ISDN switch . What I do have is two BRI lines each with a SPID . Will that be sufficient or so I need anything else ? Thanks Jaspreet I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Netjam, LLC [EMAIL PROTECTED] http://www.netjam.net VISA/MC/AMEX/COD phone: 318-212-0245 30 day warranty fax: 318-212-0246 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18195t=18141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst Q. [7:18036]
You can't, a catalyst is a layer 2 device. If you have an RSM or MSFC it's the same as any other router. Dave Cisco Lover wrote: Hi Guys, How we can restrict catalyst to allow telnet access to particular hosts?? Thanks for the help. Cisco Lover _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18197t=18036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which IOS's support DSL? [7:18034]
Not sure what you mean, do you mean the new DSL WIC? As far as configuring ATM for DSL there is no special IOS, we have been doing this for quite some time. Dave Matthew Wilkinson wrote: I have been looking on Cisco's site and around the web and cannot seem to find out which IOS's support DSL besides 12.1(5)YB. Are there any others? -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18196t=18034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please Advice:Trunking problem [7:18170]
You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18198t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst Q. [7:18036]
How we can restrict catalyst to allow telnet access to particular hosts?? Assuming you're trying to restrict access to the Catalyst itself, have a look at IP permit list configuration. See the Configuring IP Permit List portion of the Catalyst 5000 series Software Configuration Guide for the details. In essence: set ip permit 172.16.1.0 255.255.255.0 telnet set ip permit enable telnet -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18199t=18036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Which IOS's support DSL? [7:18034]
hey anyone know any good mcse sites like groupstudy. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18200t=18034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CID Exam Topics [7:18187]
Just passed this exam last week. No VPN,No Qos, Voip nothing. All stuff covered in CID Cisco press book. Only Stratacom stuff is not covered but it is more thna enough in Robert Padjen CID book. Very poorly worded exam and most of the questions didnt make much sense to me. I just hung around and passed with 820. No clue how!!By the way same situation when I sat for CCDA where case studies didnt make much sense but passed with 900. So just go there and take ur time and eliminate wrong answers, dont try even to find the right answer!!!I dont know when Cisco is going to make it a fair exam. my 2 cents Shahid Shafi = Shahid Muhammad Shafi Network Engineer Level(3) Communications Inc. MCSE+I/MCSE(Win2K),CNA,CCNP,CCDP Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18201t=18187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Advice:Trunking problem [7:18170]
Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Saturday, September 01, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18202t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Security [7:18203]
I'm finishing a project @ work have an opportunity to recommend multiple 3500 series switches or VLAN configuration. The placement of these boxes will be before a firewall, coming off of a BGP router (for IDS's, SwitchProbes, DMZ, etc.,). Can anyone think of an argument either way ??? Thanks Everyone Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18203t=18203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst Q. [7:18036]
For any type of switch, what you can do is set the interface with the IP address to be configured with a subnet (and VLAN if you wish) that is strictly for the management of network switches. You can then use the router to control which IP addresses can be routed to that subnet. If you only permitted access from let's say, your PC and that of your supervisor, use an access list to permit those addresses only. The greater the range of addresses that have access, the greater the risk of someone changing their personal IP address to that of an IP address that can be routed to the switch administration subnet. -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Lover Sent: Thursday, August 30, 2001 11:21 PM To: [EMAIL PROTECTED] Subject: Catalyst Q. [7:18036] Hi Guys, How we can restrict catalyst to allow telnet access to particular hosts?? Thanks for the help. Cisco Lover _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18204t=18036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please Advice:Trunking problem [7:18170]
My mistake, I just flipped that off the top of my head, I new that the R supported trunking and FEC but yes it is the 5225-R that you need Dave Leigh Anne Chisholm wrote: Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Saturday, September 01, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18205t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Advice:Trunking problem [7:18170]
It's probably a limitation of the module...some older modules do trunk but will only encapsulate with isl. There's a matrix buried somewhere in the bowels of CCO that shows which module has what features. Aloha, Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leigh Anne Chisholm Sent: Saturday, September 01, 2001 1:58 PM To: [EMAIL PROTECTED] Subject: RE: Please Advice:Trunking problem [7:18170] Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Saturday, September 01, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18206t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Security [7:18203]
Why a 3500? You could go with a lower end switch if you only need it for that and save some money. A 2900 would do the job... you can span to multiple ports as well. Jeff Circusnuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm finishing a project @ work have an opportunity to recommend multiple 3500 series switches or VLAN configuration. The placement of these boxes will be before a firewall, coming off of a BGP router (for IDS's, SwitchProbes, DMZ, etc.,). Can anyone think of an argument either way ??? Thanks Everyone Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18207t=18203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can you filter a subnet on a sniffer pro? [7:18168]
There is a way to do it...see my response just above yours :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18208t=18168 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX failover!! [7:15848]
And keep in mind this Primary/Secondary business is completely separate from which firewall is Active and which is Standby. The Active/Standby question is the more important one. MikeN wrote: I believe that the serial numbers will be registered as to whether it is UR or a failover. Both will work as stand-alone firewalls. Yes, the failover cable will determine which will be primary and which will be secondary. Once they are configured: show failover will show you which PIX is primary and which is secondary. Thanks, MikeN Magdy H. Ibrahim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, Sorry for the stupid question but I want to confirm it. I have to configure my PIX 515UR bundle... How can I know the primary unit from the secondary unit?? Is that from the failover cable only OR there is an other thing marked the unit as primary or secondary??? Please advice me soon,,, Regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18209t=15848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN Security [7:18203]
I don't believe your talking that much of a savings (between the 2900 3500). The 3500 wills scale to Gig uplink , plus the 2900's EOL's in October. The 3500's will also enforce QOS, although this in not a concern in my application of the switch. Thanks for the .02 though !!! Phil - Original Message - From: Jeff Duchin To: Sent: Saturday, September 01, 2001 9:13 PM Subject: Re: VLAN Security [7:18203] Why a 3500? You could go with a lower end switch if you only need it for that and save some money. A 2900 would do the job... you can span to multiple ports as well. Jeff Circusnuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm finishing a project @ work have an opportunity to recommend multiple 3500 series switches or VLAN configuration. The placement of these boxes will be before a firewall, coming off of a BGP router (for IDS's, SwitchProbes, DMZ, etc.,). Can anyone think of an argument either way ??? Thanks Everyone Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18210t=18203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst Q. [7:18036]
TACACS - Original Message - From: Leigh Anne Chisholm To: Sent: Saturday, September 01, 2001 8:11 PM Subject: RE: Catalyst Q. [7:18036] For any type of switch, what you can do is set the interface with the IP address to be configured with a subnet (and VLAN if you wish) that is strictly for the management of network switches. You can then use the router to control which IP addresses can be routed to that subnet. If you only permitted access from let's say, your PC and that of your supervisor, use an access list to permit those addresses only. The greater the range of addresses that have access, the greater the risk of someone changing their personal IP address to that of an IP address that can be routed to the switch administration subnet. -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Lover Sent: Thursday, August 30, 2001 11:21 PM To: [EMAIL PROTECTED] Subject: Catalyst Q. [7:18036] Hi Guys, How we can restrict catalyst to allow telnet access to particular hosts?? Thanks for the help. Cisco Lover _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18211t=18036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Advice:Trunking problem [7:18170]
URL is: (watch line-wrap) http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/hardware/modules/04ether.htm PDF FORMAT: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/hardware/modules/04ether.pdf From: Frank B Reply-To: Frank B To: , CC: Leigh Anne Chisholm , Subject: RE: Please Advice:Trunking problem [7:18170] Date: Sat, 1 Sep 2001 14:35:12 -1000 It's probably a limitation of the module...some older modules do trunk but will only encapsulate with isl. There's a matrix buried somewhere in the bowels of CCO that shows which module has what features. Aloha, Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leigh Anne Chisholm Sent: Saturday, September 01, 2001 1:58 PM To: [EMAIL PROTECTED] Subject: RE: Please Advice:Trunking problem [7:18170] Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Saturday, September 01, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 **Please read:http://www.groupstudy.com/list/posting.html _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18212t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Advice:Trunking problem [7:18170]
Frank, The first link I sent describes each module, but doesn't show whether it can handle ISL. This link shows ISL capabitities for each module: http://www.cisco.com/univercd/cc/td/doc/pcat/ca5000.htm Kym From: Frank B Reply-To: Frank B To: , CC: Leigh Anne Chisholm , Subject: RE: Please Advice:Trunking problem [7:18170] Date: Sat, 1 Sep 2001 14:35:12 -1000 It's probably a limitation of the module...some older modules do trunk but will only encapsulate with isl. There's a matrix buried somewhere in the bowels of CCO that shows which module has what features. Aloha, Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leigh Anne Chisholm Sent: Saturday, September 01, 2001 1:58 PM To: [EMAIL PROTECTED] Subject: RE: Please Advice:Trunking problem [7:18170] Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Saturday, September 01, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 **Please read:http://www.groupstudy.com/list/posting.html _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18213t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Advice:Trunking problem [7:18170]
You could have checked my first email on this subject. It has a link that has a nicely formatted table that compares all of the Cat 5000 modules. It shows the Model Number, Number of Ports, Number of Slots, Connector Type, Broadcast Suppression, ISL, 802.IQ/P, Ether-Channel, Inline Rewrite, 802.3x Flow Control, and WRED -Original Message- From: kym blair [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 01, 2001 9:11 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Please Advice:Trunking problem [7:18170] URL is: (watch line-wrap) http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/hardwa re/modules/04ether.htm PDF FORMAT: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/hardwa re/modules/04ether.pdf From: Frank B Reply-To: Frank B To: , CC: Leigh Anne Chisholm , Subject: RE: Please Advice:Trunking problem [7:18170] Date: Sat, 1 Sep 2001 14:35:12 -1000 It's probably a limitation of the module...some older modules do trunk but will only encapsulate with isl. There's a matrix buried somewhere in the bowels of CCO that shows which module has what features. Aloha, Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leigh Anne Chisholm Sent: Saturday, September 01, 2001 1:58 PM To: [EMAIL PROTECTED] Subject: RE: Please Advice:Trunking problem [7:18170] Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Saturday, September 01, 2001 4:33 PM To: [EMAIL PROTECTED] Subject: Re: Please Advice:Trunking problem [7:18170] You need the 5224-R for trunking support Dave Cisco Lover wrote: Hi guys, Trying to run ISL/DOt1Q trunking on my cat5,but getting this error. Console (enable) set trunk 3/1 on dot1q 1 Feature not supported on Module 3. Is that due to IOS???if yes ,please advice required IOS for this module. Thanks. Console (enable) sh ver WS-C5505 Software, Version McpSW: 5.5(5) NmpSW: 5.5(5) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Dec 14 2000, 17:42:24 MCP S/W compiled on Dec 14 2000, 17:37:38 System Bootstrap Version: 3.1.2 Hardware Version: 1.0 Model: WS-C5505 Serial #: 066546807 Mod Port Model Serial # Versions --- -- - 1 0WS-X5530 012758150 Hw : 3.0 Fw : 3.1.2 Fw1: 4.2(1) Sw : 5.5(5) WS-F5521 011477888 Hw : 1.1 3 24 WS-X5224 011795763 Hw : 1.4 Fw : 3.1(1) Sw : 5.5(5) DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 32640K 19331K 13309K 8192K 5575K 2617K 512K 170K 342K Console (enable) sh flash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .. 89280598 4f19f0 22 4921710 Jul 09 2001 09:41:19 cat5000-sup3 .5-5-5.bin 2680336 bytes available (4921840 bytes used) _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 **Please read:http://www.groupstudy.com/list/posting.html _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18214t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
T1 Question: What happens after the SmartJack? [7:18215]
Hi gang, Ok, this may sound like a stupid question, but as they say the only stupid question is the one not asked. So, here it goes. What exactly is the function of the smartjack on local-loop circuits? I mean, I understand their function but I am a little unclear on exactly how they fit in the scope of things. If I have a CSU/DSU which connects to the demarc (smartjack), then it is the smartjack's job to regenerate that signal and send it to the CO, correct? They also have the capability of being placed in loopback. So, is there a special inband signal which the telco can send which is picked up by just the smartjack and not the customer's CSU/DSU which raises/drops loopback? Is there a normal smartjack -like device on the telco side as well, or does the leased line connect directly to a CSU/DSU? Thanks, James Willard [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18215t=18215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: RE: Please Advice:Trunking problem [7:18170]
Is there a 5224R? I can't find one on Cisco's site. I did however find a WS-X5225R and it does trunking... Well sort of... There is a WS-X5224 module. It does hardly anything. It will not do any type of trunking (ISL or 802.1Q), it will not do FEC, and it is not MLS capable. In short, it is not terribly useful. The WS-X5225R does do all of the listed features above and also supports 802.3X flow control and WRED. Here's the link(watch wrap): http://www.cisco.com/warp/public/cc/pd/si/casi/ca5000/prodlit/c5 swt_ds.htm HTH, Paul Werner Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18216t=18170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]