long wait for TELNET sessions [7:20097]
Please advise me on the below: PC1-PIX--Router--RouterPIXPC2 PC1 = nt-box PC2 = unix box framerelay is connected between the two routers PIX codes are 5.2(6) My problem is that when I initiate a telnet session to PC2(unix box), the tcp session establishes right away. But I have to wait for about 30-60 seconds to see the login screen. What is the potential problem in this? Is it on the pix or on the router? Thanks for any help. Please reply directly to me. -fRANK __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20097t=20097 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: long wait for TELNET sessions [7:20097]
wreaks of a reverse dns problem.. Brian - Original Message - From: Frank Ofus To: Sent: Sunday, September 16, 2001 12:07 AM Subject: long wait for TELNET sessions [7:20097] Please advise me on the below: PC1-PIX--Router--RouterPIXPC2 PC1 = nt-box PC2 = unix box framerelay is connected between the two routers PIX codes are 5.2(6) My problem is that when I initiate a telnet session to PC2(unix box), the tcp session establishes right away. But I have to wait for about 30-60 seconds to see the login screen. What is the potential problem in this? Is it on the pix or on the router? Thanks for any help. Please reply directly to me. -fRANK __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20099t=20097 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MPLS and RFC 2547 (MPLS VPN's) - opinions? [7:20101]
Hello all: I would like to hear some thoughts on people's opinions on MPLS in general and on RFC 2547-style VPN's in particular. Are providers and (very) large enterprises going to embrace these techniques for their purported advantages, or does it represent too much change for too little benefit? On an off-topic note, I too pray that true justice will be served to those who are responsible for the acts of Sept. 11. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20101t=20101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging [7:20078]
Sure but I'm at a loss to understand what good it would do. If the 2511 was the hub of a hub and spoke WAN, and there was an application between the other two sites that required bridging, that's what good it would do. Dave Lupi, Guy wrote: Can you configure bridging using only serial interfaces, no ethernet involved at all? I have a 2501 connected to a 2511, and a 2503 connected to the same 2511, both via serial. I want to configure the 2 serial interfaces on the 2511 to bridge between them, is that possible? There is no practical reason for this, just setting it up in the lab and I am curious. Thanks. -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20103t=20078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Install 2 8MB flash on Cisco 2502 [7:20043]
Agreed (I think). Remove the 2nd flash and post a show ver. - Original Message - From: MADMAN To: Sent: Saturday, September 15, 2001 7:24 PM Subject: Re: Install 2 8MB flash on Cisco 2502 [7:20043] It's most likely you have old boot roms that are not able to recognize the 16M of memory. Dave Albert Y. Pak wrote: Hi All, I am able to boot Cisco 2502 with 1 x 8MB flash. However, as soon as I install a second 8MB flash (empty), the router hangs at System Bootstrap (Version 11.0(10c)XB1). + doesn't work either. These 2 8MB flash are identical. Please advise, Albert -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20102t=20043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off topic: An Afghan-American speaks [7:20104]
I thougt this might be of some interest to those interested in the situation in Afghanistan..I think it starts to reflect upon some of the complications involved in our deliberations and actions. http://www.salon.com/news/feature/2001/09/14/afghanistan/index.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20104t=20104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RANT Longish, Why Cisco and not ...!!! [7:19933]
Why Robert you have such a low opinion of a person you don't even know, trust me I'm much more pig-headed in real life. My response is in your inbox at work. Yes I did study the page you posted and now everything has become clear. But you really must have pity on me you see. I was so uneducated as to your purposes now I see that without your insight, calm humility, fairness, and understanding I would forever been awash in a sea of Cisco rah-rah happily sipping my kool-aid and toasting the gods in ignorance. Now I see the light and have been saved! Once I thought that not a single interface failure on any of my routers was a good thing, but now I see it's only Cisco obsolescence. One I thought a huge market share was a great thing, now I know its only the death rattle for Cisco. One I thought understanding IOS was cool, now I know its unnecessary and obsolete. Thanks Robert for your time and patience, would it be ok if I started a fan club? Nortel forever, Dan Once an idiot but no more Faulk President of the We like Nortel and think Robert is just wonderful Fan Club PS May I wash your car? End of self-serving message -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Hanley Sent: Saturday, September 15, 2001 10:04 PM To: [EMAIL PROTECTED] Subject: Re: RANT Longish, Why Cisco and not ...!!! [7:19933] Chuck group; So, all this is understood about certs why, etc...; and anyone who has participated in this list for any length of time has seen the same ground covered as Chuck covered below. I've been following this list and participating as time permitted since about June 1999. So I know the deal. I will continue to seek Cisco certifications for two primary reasons: 1. I may need those credentials if I find myself back out in the larger job market in the future. Especially as a consultant called on both to evaluate existing networks and propose changes or upgrades be they piecemeal or forklifted, but also to write, respond to and review responses to RFPs RFIs. All this with a view toward providing my client with an end result that best meets their needs. Regardless of what the vendors are pushing. 2. It enhances my credibility in my current role as a Nortel SE with customers when I need to critique Cisco's designs and or proposals, and my ability to understand what they may propose, and why. So there is more to this than knowing commands, though that may be critical if one wants to stay strictly hands on. There is much more to this business, however; and I think studying the merits and weaknesses of different vendors' gear helps to round us all out, and to provide solutions to problems. Not just the Cisco way, or the Nortel way, or any one vendor's way. But the way that provides the greatest value to our clients and corporations. If we work for Cisco, or Nortel, or any vendor; it gives us an opportunity to understand our strengths and weaknesses and to provide feedback to the people who develop products to make them better. There is always room on this list for people who want to know how to solve a work related problem, or to express political opinions as has been done this past week. I think if people don't want to engage in this type of discussion they should use the Delete Key, not the this is a Cisco List crutch; thereby discouraging honest and constructive dialog. If you don't like it don't participate, but don't keep other people from learning something. There have also been occasions when people have asked for help interfacing Nortel and Cisco gear when I have been happy to help and will certainly continue to do so. No matter how misunderstood the gear or my intentions may be. But again, the only reason I gave the URL for the Nortel cert, was because Dan Faulk asked for it. Not that he expected there was any possible answer of any merit, or that he took a look. But maybe someone else did, and maybe it will help them to advance their career. Learning is the progressive discovery of our own ignorance. That doesn't mean we want to find out how ignorant we are. But it may mean that we need to. Go in peace...and keep your head down. Chuck Larrieu wrote in message ... If I may offer, when one reads the title of the certification most of us have or seek we should remember that it is Cisco certified. the emphasis is on Cisco. The whole purpose of vendor certification is to provide the vendor with a large number of people familiar with their product. this gives potential customers more reason to commit to the vendor in question, knowing they can easily find qualified people to service the equipment in question. Novell certifications served to show clients that if they committed to Netware, they would be able to hire people qualified to work on Netware networks. Microsoft certifications served to show customers the same thing. Sun has had a Solaris / UNIX certification program for years. These days one can attain any number of vendor
Re: MTU Question [7:20096]
I am a little confused about how the MTU size configured on an interface affects the transmission of packets through that interface. My question is does it affects packets received on the interface or packets transmitted out of the interface? Great question. It definitely affects packets transmitted OUT of the interface - if the packet is larger than the interface ip mtu, the router fragments the packet using the configured interface MTU value. A demonstration of this is in GRE tunnel applications, which are by default 1478 bytes (as opposed to 1500), so that a 1500 byte packet gets fragmented when traversing the tunnel. On an INBOUND packet, the MTU is ignored. Just to verify this, I ran a bunch of debugs that show outbound fragmentation, but inbound the packets are not fragmented, just forwarded to the next interface. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20106t=20096 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Install 2 8MB flash on Cisco 2502 [7:20043]
Na- the ROM's he has listed here are 11.0 (10c). They're the newest available. I still think he trying to use 2600/3600/4000 FLASH. Phil - Original Message - From: EA Louie To: Sent: Sunday, September 16, 2001 6:59 AM Subject: Re: Install 2 8MB flash on Cisco 2502 [7:20043] Agreed (I think). Remove the 2nd flash and post a show ver. - Original Message - From: MADMAN To: Sent: Saturday, September 15, 2001 7:24 PM Subject: Re: Install 2 8MB flash on Cisco 2502 [7:20043] It's most likely you have old boot roms that are not able to recognize the 16M of memory. Dave Albert Y. Pak wrote: Hi All, I am able to boot Cisco 2502 with 1 x 8MB flash. However, as soon as I install a second 8MB flash (empty), the router hangs at System Bootstrap (Version 11.0(10c)XB1). + doesn't work either. These 2 8MB flash are identical. Please advise, Albert -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20107t=20043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MTU Question [7:20096]
I believe the correct way to answer this question is, the MTU effects any interface to interface communication where a TCP handshake takes place. That would mean incoming or outgoing. The window of information must match what I expect to receive. Have I come close ??? Phil - Original Message - From: Lists Wizard To: Sent: Sunday, September 16, 2001 2:19 AM Subject: MTU Question [7:20096] Hi Groups, I am a little confused about how the MTU size configured on an interface affects the transmission of packets through that interface. My question is does it affects packets received on the interface or packets transmitted out of the interface? Thanks Lw __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20108t=20096 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Install 2 8MB flash on Cisco 2502 [7:20043]
ahhh, I didn't notice that until you pointed it out. thanks -e- - Original Message - From: Circusnuts To: EA Louie ; Sent: Sunday, September 16, 2001 5:35 AM Subject: Re: Install 2 8MB flash on Cisco 2502 [7:20043] Na- the ROM's he has listed here are 11.0 (10c). They're the newest available. I still think he trying to use 2600/3600/4000 FLASH. Phil - Original Message - From: EA Louie To: Sent: Sunday, September 16, 2001 6:59 AM Subject: Re: Install 2 8MB flash on Cisco 2502 [7:20043] Agreed (I think). Remove the 2nd flash and post a show ver. - Original Message - From: MADMAN To: Sent: Saturday, September 15, 2001 7:24 PM Subject: Re: Install 2 8MB flash on Cisco 2502 [7:20043] It's most likely you have old boot roms that are not able to recognize the 16M of memory. Dave Albert Y. Pak wrote: Hi All, I am able to boot Cisco 2502 with 1 x 8MB flash. However, as soon as I install a second 8MB flash (empty), the router hangs at System Bootstrap (Version 11.0(10c)XB1). + doesn't work either. These 2 8MB flash are identical. Please advise, Albert -- David Madland CCIE# 2016 Senior Network Engineer Qwest Communications 612-664-3367 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20109t=20043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FW: Why Cisco and not ...........!!! [7:19933]
Awww, that's funny! (I don't know which new features I need, but if you don't know 12.0, you can't tell me which features I need, so let's call it a washsee ya later, Mr. 'Old Tech 11.2') Adding to that, instead of just upgrading the routers that NEED the new features (for me, usually at the access level because of the advances in bandwidth grooming features), some shops (understandably) want uniform levels of code, which I find a bit overrated. Consistency in sections and versions...yes. Consistency to weed out major bugs and broken code? definitely. Consistency for consistency's sake? Well...ummm...errr...ahhhjust document it really well and upgrade if/when you find the need. - Original Message - From: Chuck Larrieu To: EA Louie ; Sent: Saturday, September 15, 2001 5:38 PM Subject: RE: FW: Why Cisco and not ...!!! [7:19933] This is an interesting point, and one worth discussing a bit further. I can still recall an interview during the course of which the interviewer questioned my qualification in part because my experience was with IOS 11.2. He stated that they used IOS 12.0 ( newly released at the time. ) I asked why, and he said because we need the new features I had the temerity to ask which ones. There was no answer. The interview went down hill from there. Some folks are upgrade freaks. My own opinion is that in a heavy duty production environment the only reason should upgrade is if the upgrade fixes an identifiable problem. These days, the latest IOS is not necessarily the best IOS. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Friday, September 14, 2001 2:22 PM To: [EMAIL PROTECTED] Subject: Re: FW: Why Cisco and not ...!!! [7:19933] ya know, I am a fan of if it ain't broke, don't fix it, but dudeDo you Me too. and if I never have to mess with the routers because they're doing their job, then why upgrade or futz with them, especially a core router? I love to tinker just like everyone else, but the great thing about a production network is that if everything IS running, then I can let it be and work on some of the other stuff that's important (like my lab studies ;-) If I don't need no new features, then I don't upgrade until I do. I once had a boss who had to have THE LATEST version of code on our network and would make us schedule IOS upgrades regularly, even when we complained that there was no value-add to the upgrade. I guess that's the OTHER extreme...and then we'd have a relatively short amount of time to configure the 'new features' of the code into our network (I really learned to hate frame-relay traffic shaping). never want the fixes and features of newer code? Just curious... Especialy with Cisco NAT in it's infant stages... -Patrick _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20110t=19933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DIAL Backup of Wireless VLAN [7:20058]
To which net I configure as my interesting packet because both net of my remote site LAN is also on sub interfaces of my Central site Fast Ethernet Interface. I can't define route to a net which is also on my directly connected interface. Don't look for an interface going down, instead configure a floating default route as your interesting packet. Dave Khurrum Shahzad wrote: Hi all I want help regarding my scenario which is as follows. I have one central and tow remote sites. Both two remote sites are connected with central through Wireless Ethernet Bridge (high speed). At Central site Ethernet cable from both Wireless Bridge are connected to switch and Cisco 2620 is used for routing between 3 different VLAN ( two for remote and one for central). So at central site I have 3 sub interface on Fast Ethernet each having IP address of separate net. I also require Sync Dial Backup for each remote site. So I placed one 1601 and Sync dialup modem on each remote site and dialup modems at central connected with sync port of 2620. But I can't understand how to configure online (automatic) backup because if any of wireless link will break or down, Ethernet ports will not down and dialer will not initiate. Also for manual backup, if I manually dial to central site from any remote site then after connected to central, I have same IP net on both site of link, it means Ethernet port of 1601 and fast Ethernet port of 2620 have Ethernet IP from same net. Can anybody guide me how I run my main links on Wireless Ethernet Bridge and backup link on dialup with routers? Network diagram of my setup is at http://www.geocities.com/khurrums/ Regards Khurrum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20100t=20058 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX and EXCHANGE [7:20098]
Thank you Ryan, it does make sense! Sorry for the late reply, I was down for 3 days for upgrade. (All my servers are now BEHIND the firewall!). I still have 1 issue however. My Exchange server was receiving mail but could not send any. I finally decided to create a static mapping for the mail server and created two conduits to let all tcp and udp traffic go through! I would like to tighten the security (without causing much down time). Anyone out there who has a MS Exchange 2000 Server and done this before? ... Pierre-Alex -Original Message- From: Ryan Lecomte [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 3:31 PM To: pierreg Subject: RE: PIX -- Cannot locate the static xlate --FIXED [7:19536] Pierre-Alex, The global address is used for computers on the inside network to access the outside. All of the computers on the inside will look like they are originating from this address. With version 6.0 you can use the outside address, not the global address for static mappings but only for a single port to an address. Here's more detail: You can translate 10.1.1.13 on the inside to 102.162.86.53 port 80 on the outside interface You can translate 10.1.1.14 on the inside to 102.162.86.53 port 25 on the outside interface You can translate 10.1.1.15 on the inside to 102.162.86.53 port 53 on the outside interface You can't translate 10.1.1.13 and 10.1.1.14 to 102.162.86.53 and both use port 80. Does that make sense? You're right, before v6.0 the outside address was not useful. Ryan -Original Message- From: pierreg [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 6:50 AM To: [EMAIL PROTECTED] Subject: RE: PIX -- Cannot locate the static xlate --FIXED [7:19536] Thank you, I chose 102.162.86.54 and that did the trick. Please help me understand the following two points: 1) What rational for not being able to use the same IP address for the static mapping and the global translation IP address? 2) Can I use the IP address (outside) of the firewall to do static mapping? If not then: 3) What is the purpose of the outside IP address? Looks kind of a waste to me! Thanks again Pierre-Alex -- Hello, Try This... static (inside,outside) 102.162.86.xxx 10.1.1.13 netmask 255.255.255.255 conduit permit tcp host 102.162.86.xxx eq 80 any You can't use the same address as your global translation 102.162.86.52 try 102.162.86.54 The first line creates the translation and the second line permits any host to access your server on port 80. Let me know if you have any questions. Ryan -Original Message- From: pierreg [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 5:36 PM To: [EMAIL PROTECTED] Subject: PIX -- Cannot locate the static xlate [7:19512] Hi all, I have a Web server on the internal side of the firewall (10.1.1.13) I am trying to open port 80 of the firewall to internet traffic I get the error message: Cannot locate the static xlate when I enter the command: pixfirewall(config)# conduit 102.162.86.52 80 tcp 0 What am I doing wrong? My configs are below: PIX Version 4.0.7 enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall no failover names syslog output 20.3 no syslog console interface ethernet outside 10baset interface ethernet inside 10baset ip address inside 10.1.1.10 255.255.255.0 ip address outside 102.162.86.53 255.255.255.128 arp timeout 14400 global 1 102.162.86.52-102.162.86.52 nat 1 0.0.0.0 0.0.0.0 age 10 no rip outside passive no rip outside default no rip inside passive no rip inside default route outside 0.0.0.0 0.0.0.0 102.162.86.1 1 timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00 http 10.1.1.13 255.255.255.255 no snmp-server location no snmp-server contact telnet 10.1.1.13 255.255.255.255 mtu outside 1500 mtu inside 1500 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20098t=20098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TIME TO STOP RE: 'It's not the US they want to destroy. [7:20111]
Hi Paul and All, I think we have to stop this thread before we convert this List to an other thing not related to our feild.. By the way Karl, I disagree with all attackers and there actions especially the Tuesday Attacks... As muslim man I realised that you have not any knowledge about what you told this list about islam So, it's not fair to say that holy war against Islam amd muslims About the attack... Do you remember the 2 nuclear bombs in the second War?.. The Tuesday attacks excuted by individuals may they are muslims... but they still individuals not all muslims did that... but the two bombs on Japan excuted by the government of USA I mean if we considered these individuals terrorists then we can consider the USA as terrorist country because of the 2 bombs on Jaban in the second war... Please do not forget the USA crimes in Veitnam and 3rd world countries, and do not forget what the Israeli army did with supporting of the USA with teh palestinian peoples... I think you need to study the history with carefully reading to know some thing good about Islam and then talk about it... Again I do not agree with any attack against any one on the earth but you have to be fair when you talk about the others.. Is that clear MR. Karl??? I doubt Regards for the list Magdy Dear Apologist for Genocide I am perfectly entitled to my opinion and I would simply point out that in most of the so called Muslim countries I have been to and seen, intolerance is a watchword for daily life. The usual one party states or army states with a poor and ill educated population mostly led by men who profess their religion and humility before some god and profit greatly from the poor and the disenfranchised. Women are subjugated and mere breeders, young men used as cannon fodder in some so called holy war which turns out to have more in common with a wallet than a valuation of human life. How dare you complain about insults to a so called religion who's members excuse their crimes through some so called god and lies. What am I to expect nowa Fatwah of death (a.k.a. Salman Rushdh) because I have a contary opinion. You intolerance to the insults of your so called religion are quite simply unbelievable. I have fought terrorists and been injured as a result, they (the terrorists) always excuse themselves through religion when really criminal behaviour and greed is what they wish to hide. It does not matter whether it is the great sky god of the Roman Catholic faith and the scum of the IRA or the immature rantings of the most recent hate filled Mullah. There is the EVIL. I strongly suggest that those who are apologists for murder and cannot tolerate democracy would be very wise at this juncture to hold their tongues. I can understand why you would not wish this thread to continue as it might draw attention away from the criminal activities of this so called murderous cult. I know much of Islam and know down through history how the concept of Holy War is abused by men time and time again! It is a religion that has not come out of the middle ages and should have been left there. I have the deepest shock at what I have seen and understand clearly how powerless America was at that instant. There was no mercy and the name of Allah was invoked...that was evil and until the Muslim world categorically removes itself from that evil and hands up its criminals/terrorists then at least I and I think many others will judge it to be evil. I'm sorry if some faint hearts found this upsettingthe poor dears..at least they are alive! Karl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20111t=20111 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Undefined Port Adapter type 55 at bay 1 [7:20112]
Hi, I have a 2621 router with 8M flash and 32M Ram. I inserted a network module with 1 ethernet port into it, the IOS 12.0 did not recognize it. It only sees the FastEthernet ports that came with the router. Upgrading the memory to 64M did not help issues, Changing the module with two other onces did not help the situation. However, the IOS keep saying that the Adapter ports are undefined. Looking forward to your response. Regards. Oletu __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20112t=20112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
flash problem [7:20113]
Hi all, I am having some trouble with the installation of a new flash card. For some reason it marks the flash as Device not programmable, the write protected switch is o.k. I tried to repartition the flash with no luck. I am adding information from the Router, this is the third flash that I am replacing ( Is it possible that bootstrap version is not up to date enough ? ). Cisco Internetwork Operating System Software IOS (tm) 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Tue 18-Mar-97 14:01 by ccai Image text-base: 0x04018060, data-base: 0x02005000 ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router uptime is 2 minutes System restarted by power-on System image file is eprom:c1600-boot-r.111-10.AA, booted via ROM cisco 1601 (68360) processor (revision C) with 3584K/512K bytes of memory. Processor board ID 06037967 X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. 1 Ethernet/IEEE 802.3 interface. 1 Serial(sync/async) network interface. System/IO memory with parity enabled (On Board Memory disabled) 8K bytes of non-volatile configuration memory. 8192K bytes of PCMCIA flash (Device not programmable) Configuration register is 0x2102 PCMCIA flash directory: No files in PCMCIA flash [0 bytes used, 8388608 available, 8388608 total] 8192K bytes of PCMCIA flash (Device not programmable) ChipBankCode Size Name 1 1 4096KBUnknown Chip 2 1 4096KBUnknown Chip Help will be appreciated. Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20113t=20113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MTU Question [7:20096]
Ignoring Inbound I think depends on what type of packet it is. A while back while experimenting with RFC 1483, one end of a circuit had a MTU of 4470 (default ATM if memory serves...) and the other had 1500. OSPF was configured across this circuit but an adjacency would not form. When OSPF debugging was turned on it was cool that we actually got an English type of answer on the lines of MTU mismatch. When the ATM interface was changed to 1500 the adjacency formed and routes were propagated. So another case of it depends. Kevin Wigle - Original Message - From: EA Louie To: Sent: Sunday, 16 September, 2001 08:26 Subject: Re: MTU Question [7:20096] I am a little confused about how the MTU size configured on an interface affects the transmission of packets through that interface. My question is does it affects packets received on the interface or packets transmitted out of the interface? Great question. It definitely affects packets transmitted OUT of the interface - if the packet is larger than the interface ip mtu, the router fragments the packet using the configured interface MTU value. A demonstration of this is in GRE tunnel applications, which are by default 1478 bytes (as opposed to 1500), so that a 1500 byte packet gets fragmented when traversing the tunnel. On an INBOUND packet, the MTU is ignored. Just to verify this, I ran a bunch of debugs that show outbound fragmentation, but inbound the packets are not fragmented, just forwarded to the next interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20114t=20096 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF packets, point-to-multipoint [7:20115]
Group, Can someone help me to understand or point me to a link so that I can get a definitive answer. Thanks. Routing TCP/IP, Vol. 1, Jeff Doyle : (a) Page # 417, 'Point-to-multipoint networks are a special configuration .. because the network are seen as point-to-point links, OSPF packets are multicast'. (b) Page # 451, 'On point-to-multipoint and virtual link networks, updates are unicasted to the interface addresses of adjacent neighbors'. (c) Page # 561, 'The OSPF point-to-multipoint network type treats the underlying as a collection of point-to-point links ..., and OSPF packets are multicast to the neighbor.' Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20115t=20115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Undefined Port Adapter type 55 at bay 1 [7:20112]
no doubt you need a different IOS version. what are you running now? what is the module? actually, you can use the Cisco public configurator at http://www.cisco.com/pcgi-bin/front.x/newConfig/config_root.pl and go through the exercise yourself to discover this. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mr. Oletu Hosea Godswill, CCNA Sent: Sunday, September 16, 2001 8:49 AM To: [EMAIL PROTECTED] Subject: Undefined Port Adapter type 55 at bay 1 [7:20112] Hi, I have a 2621 router with 8M flash and 32M Ram. I inserted a network module with 1 ethernet port into it, the IOS 12.0 did not recognize it. It only sees the FastEthernet ports that came with the router. Upgrading the memory to 64M did not help issues, Changing the module with two other onces did not help the situation. However, the IOS keep saying that the Adapter ports are undefined. Looking forward to your response. Regards. Oletu __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20116t=20112 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF packets, point-to-multipoint [7:20115]
Welcome to the world of OSPF. I trust you are prepared for a long and rewarding journey through the maze of possibilities. Much OSPF study is best done with a router at hand so you can set up various things and look and see how the protocol behaves. page 417: taken out of context. If you check how OSPF defaults on an NMBA interface or multipoint subinterface you will find the default is NMBA Serial2/3.1 is down, line protocol is down Internet Address 99.99.99.99/24, Area 0 Process ID 1000, Router ID 192.168.1.1, Network Type NON_BROADCAST, Cost: 48 Transmit Delay is 1 sec, State DOWN, Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 one can change this interface to an OSPF point-to-multipoint by using the interface command ip ospf network point-to-multipoint, at which time you get Serial2/3.1 is down, line protocol is down Internet Address 99.99.99.99/24, Area 0 Process ID 1000, Router ID 192.168.1.1, Network Type POINT_TO_MULTIPOINT, Cost : 48 Transmit Delay is 1 sec, State DOWN, Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 if you check RFC 2328, you will find that behaviour in terms of LSA's is different for both of these cases. As are the configuration contortions you must now perform. a couple of more quotes from the RFC are found below best wishes in your OSPF pursuits Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex Lee Sent: Sunday, September 16, 2001 9:30 AM To: [EMAIL PROTECTED] Subject: Re: OSPF packets, point-to-multipoint [7:20115] Group, Can someone help me to understand or point me to a link so that I can get a definitive answer. Thanks. Routing TCP/IP, Vol. 1, Jeff Doyle : (a) Page # 417, 'Point-to-multipoint networks are a special configuration .. because the network are seen as point-to-point links, OSPF packets are multicast'. (b) Page # 451, 'On point-to-multipoint and virtual link networks, updates are unicasted to the interface addresses of adjacent neighbors'. (c) Page # 561, 'The OSPF point-to-multipoint network type treats the underlying as a collection of point-to-point links ..., and OSPF packets are multicast to the neighbor.' -- CL inserted: From the RFC: 12.4.1.4. Describing Point-to-MultiPoint interfaces For operational Point-to-MultiPoint interfaces, one or more link descriptions are added to the router-LSA as follows: o A single Type 3 link (stub network) is added with Link ID set to the router's own IP interface address, Link Data set to the mask 0x (indicating a host route), and cost set to 0. o For each fully adjacent neighbor associated with the interface, add an additional Type 1 link (point-to- point) with Link ID set to the Router ID of the neighboring router, Link Data set to the IP interface address and cost equal to the interface's configured output cost. And also: The IP destination address for the packet is selected as follows. On physical point-to-point networks, the IP destination is always set to the address AllSPFRouters. On all other network types (including virtual links), the majority of OSPF packets are sent as unicasts, i.e., sent directly to the other end of the adjacency. In this case, the IP destination is just the Neighbor IP address associated with the other end of the adjacency (see Section 10). The only packets not sent as unicasts are on broadcast networks; on these networks Hello packets are sent to the multicast destination AllSPFRouters, the Designated Router and its Backup send both Link State Update Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20117t=20115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: flash problem [7:20113]
Hi Gil, I guest this is a third party pcmcia flash and it's screwed already. I've had this problem before, get a replacement and you'll be fine. anyong Gil Shulman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I am having some trouble with the installation of a new flash card. For some reason it marks the flash as Device not programmable, the write protected switch is o.k. I tried to repartition the flash with no luck. I am adding information from the Router, this is the third flash that I am replacing ( Is it possible that bootstrap version is not up to date enough ? ). Cisco Internetwork Operating System Software IOS (tm) 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Tue 18-Mar-97 14:01 by ccai Image text-base: 0x04018060, data-base: 0x02005000 ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router uptime is 2 minutes System restarted by power-on System image file is eprom:c1600-boot-r.111-10.AA, booted via ROM cisco 1601 (68360) processor (revision C) with 3584K/512K bytes of memory. Processor board ID 06037967 X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. 1 Ethernet/IEEE 802.3 interface. 1 Serial(sync/async) network interface. System/IO memory with parity enabled (On Board Memory disabled) 8K bytes of non-volatile configuration memory. 8192K bytes of PCMCIA flash (Device not programmable) Configuration register is 0x2102 PCMCIA flash directory: No files in PCMCIA flash [0 bytes used, 8388608 available, 8388608 total] 8192K bytes of PCMCIA flash (Device not programmable) ChipBankCode Size Name 1 1 4096KBUnknown Chip 2 1 4096KBUnknown Chip Help will be appreciated. Gil ** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. ** eSafe scanned this email for viruses, vandals and malicious content ** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20119t=20113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Simulator for ISDN [7:20082]
Rick, You should be able to accomplish all of your CCIE lab tasks using an ISDN simulator like the one at www.cheapisdn.com (Cisco uses a simulator in the CCIE lab as well). I think simulators are more convenient then trying to drag around ISDN phone lines...at least this way you dont have to deal with your phone company and wait 2 years to get your ISDN lines activated!!! :) thanks, -Brad Rick Kingston wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... [demime could not interpret encoding binary - treating as plain text] Is there anything that I will be unable to do [that is relevant to preparing for the CCIE lab] with an ISDN simulator (versus having actual ISDN service with my local phone company). Thanks This email was sent through the free email service at http://www.anonymous.to/ To report abuse, please visit our website and click 'Contact Us.' Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20120t=20082 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fw: RANT Longish, Why Cisco and not ...!!! [7:19933]
such a pissing contest for chrissakes? Being a New Yorker I enjoy the give take. We say f*ck you to each other the way most people say good morning. But pig-headed barely covers it here. Your words not mine Dan. First, three things: Dan; 1. Please don't use my work email address, it is for work only. That was not the point of origin of my message, it was in the header, I know. No hard feelings. Just please don't use it. 2. Why this at least somewhat reasonable reply only to me personally, and that ridiculous post to the list ? 3. Lighten up man. This is neither religion, politics, or sex. Rather than getting a job bagging groceries, why don't you relax and enjoy the opportunity to learn about something new and enhance your career? My warnings about the impending obsolescence of software based routers as such was not intended as an insult, but as a heads up. One would think smart folks like those on this list would want to be hip to the next big thing as Chuck said. Meanwhile understanding routing and protocols is just as important as ever and will continue to be, so your efforts are hardly wasted. But IOS as such has become a limitation to engineering distributed systems which are key to getting away from purely software based boxes. Your sarcasm and anal aggressive attitude notwithstanding, you do bring up some interesting points that I think deserve discussion amongst the broader list so I'm forwarding this along whether you want the list to know you can actually behave like a reasonable human being or not. This does not require a reply on your part btw, unless you genuinely want to add something constructive. Dan stated: Of course we want solid Cisco shops ! This finally gets down to the nitty gritty of it doesn't it ? What if doing it strictly the Cisco way leaves you with a network that is far more complex than it needs to be, doesn't scale, (or at best only scales at huge additional expense), and performs poorly on a day to day basis? As an engineer wouldn't you want to arrive at a solution that best serves your companies or clients needs? How does having a sub-par network make your life easier? How many Cisco clients have put in switched networks and found no improvement? Why was there no improvement? (starts with an r...ends with a call to Nortel...sorry I couldn't resist (1-800-4-Nortel btw)) (that was humor) If you can't implement a 2 layer campus switched network with gig-e risers and 100Mb to the desktops because a pair of Cat6500s can't scale to service all those closets, what do you do? Add a whole extra layer? If you have to interconnect campuses, what do we call the layer that used to be called the core that is now L2 only since the performance of our Core Cat 6500s plummets if we turn on L3? What if you could just enable routing on the ports feeding the risers with no penalty in throughput, and no add-on hardware required? (what a concept ! ..pretty cool huh? Lets start a company!) Personally I would want to have those options if I was designing a network. Lastly what do we do if our Core connects to the rest of our corporate network via optical ethernet and we need one L3 port in our L2 only Core ??? Add another Layer ? How many Cat 6500s do we need in that layer to have redundant links to all the switches in the layer above that can't be connected to each other because of spanning tree issues ? I can understand John Chambers wanting to push a few extra boxes on his loyal customers, but this is getting downright scary! I'm reminded of the Wall St. firm that couldn't implement the network Cisco designed for them (all Cat6500s, everywhere) because the building management said they would have to vacate three floors in the building to provide enough power. Is this stuff becoming relevant yet ? Most of the firms and agencies I have consulted at in the past and work with today use a variety of different systems depending on what serves their purposes and requirements best. Not just in networking equipment, but in systems too; both platform types and network operating systems. All too often the shops that won't consider anything but one brand do so because they either lack the expertise in house to properly evaluate and engineer the alternatives or their technology decisions are being made by upper management without consulting the knowledgeable people they do have on staff, very often to the chagrin of those who must implement and maintain it. Believe me I've watched many a train wreck in progress, and it's very difficult to bear when you are the sort of person who tries to do things properly. Aside from my current responsibilities as a Nortel SE I have no particular preferences and can honestly say that if I were consulting again I would recommend a solution that would best meet my client's criteria, and make sure they understood the trade-offs they were making. If their primary criteria was maintaining a single vendor solution and the already have crisco up the wazoo, so be it. It's
RE: PIX and EXCHANGE [7:20098]
If you do not have a fronted server or you are not using OWA all you need is 25 and 110 TCP. Steve -Original Message- From: Pierre-Alex [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 16, 2001 8:27 AM To: [EMAIL PROTECTED] Subject: PIX and EXCHANGE [7:20098] Thank you Ryan, it does make sense! Sorry for the late reply, I was down for 3 days for upgrade. (All my servers are now BEHIND the firewall!). I still have 1 issue however. My Exchange server was receiving mail but could not send any. I finally decided to create a static mapping for the mail server and created two conduits to let all tcp and udp traffic go through! I would like to tighten the security (without causing much down time). Anyone out there who has a MS Exchange 2000 Server and done this before? ... Pierre-Alex -Original Message- From: Ryan Lecomte [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 3:31 PM To: pierreg Subject: RE: PIX -- Cannot locate the static xlate --FIXED [7:19536] Pierre-Alex, The global address is used for computers on the inside network to access the outside. All of the computers on the inside will look like they are originating from this address. With version 6.0 you can use the outside address, not the global address for static mappings but only for a single port to an address. Here's more detail: You can translate 10.1.1.13 on the inside to 102.162.86.53 port 80 on the outside interface You can translate 10.1.1.14 on the inside to 102.162.86.53 port 25 on the outside interface You can translate 10.1.1.15 on the inside to 102.162.86.53 port 53 on the outside interface You can't translate 10.1.1.13 and 10.1.1.14 to 102.162.86.53 and both use port 80. Does that make sense? You're right, before v6.0 the outside address was not useful. Ryan -Original Message- From: pierreg [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 6:50 AM To: [EMAIL PROTECTED] Subject: RE: PIX -- Cannot locate the static xlate --FIXED [7:19536] Thank you, I chose 102.162.86.54 and that did the trick. Please help me understand the following two points: 1) What rational for not being able to use the same IP address for the static mapping and the global translation IP address? 2) Can I use the IP address (outside) of the firewall to do static mapping? If not then: 3) What is the purpose of the outside IP address? Looks kind of a waste to me! Thanks again Pierre-Alex -- Hello, Try This... static (inside,outside) 102.162.86.xxx 10.1.1.13 netmask 255.255.255.255 conduit permit tcp host 102.162.86.xxx eq 80 any You can't use the same address as your global translation 102.162.86.52 try 102.162.86.54 The first line creates the translation and the second line permits any host to access your server on port 80. Let me know if you have any questions. Ryan -Original Message- From: pierreg [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 5:36 PM To: [EMAIL PROTECTED] Subject: PIX -- Cannot locate the static xlate [7:19512] Hi all, I have a Web server on the internal side of the firewall (10.1.1.13) I am trying to open port 80 of the firewall to internet traffic I get the error message: Cannot locate the static xlate when I enter the command: pixfirewall(config)# conduit 102.162.86.52 80 tcp 0 What am I doing wrong? My configs are below: PIX Version 4.0.7 enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall no failover names syslog output 20.3 no syslog console interface ethernet outside 10baset interface ethernet inside 10baset ip address inside 10.1.1.10 255.255.255.0 ip address outside 102.162.86.53 255.255.255.128 arp timeout 14400 global 1 102.162.86.52-102.162.86.52 nat 1 0.0.0.0 0.0.0.0 age 10 no rip outside passive no rip outside default no rip inside passive no rip inside default route outside 0.0.0.0 0.0.0.0 102.162.86.1 1 timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00 http 10.1.1.13 255.255.255.255 no snmp-server location no snmp-server contact telnet 10.1.1.13 255.255.255.255 mtu outside 1500 mtu inside 1500 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20118t=20098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: POP3 SMTP through Pix to Static NAT Address [7:19931]
Hello, This is common problem in PIX. when internal client gets Public IP from DNS, it tries to reach that IP. Since it is external IP PIX routes it outside hence packets are lost. There is workaround provided by PIX for this kind of problem. YOu need to use alia command on PIX. Please ref to http://www.cisco.com/warp/public/110/alias.html or This document explains the use of the alias command on the Cisco Secure PIX Firewall. The alias command has two possible functions: It can be used to do DNS Doctoring of DNS replies from an external DNS server. In DNS Doctoring, the PIX changes the DNS response from a DNS server to be a different IP address than the DNS server actually answered for a given name. This process is used when we want the actual application call from the internal client to connect to an internal server by its internal IP address. It can be used to do Destination NAT (dnat) of one destination IP address to another IP address. In dnat, the PIX changes the destination IP of an application call from one IP address to another IP address. This process is used when we want the actual application call from the internal client to the server in a perimeter (dmz) network by its external IP address. This does not doctor the DNS replies. For example, if a host sends a packet to 99.99.99.99, you can use the alias command to redirect traffic to another address, such as 10.10.10.10. You can also use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet. For more information, consult the PIX Hope this will help you pat --- atram wrote: I have a situation which someone may be able to shed some light on. The configuration that is in place is a PIX 515 6.01 with a public IP on the 'outside' interface and private IP on the 'inside' interface as you would normally see in a straight-forward config. We are using PAT to another external IP for all internal users. Also there are static NAT statements on this same external IP (one used for PAT) that translate to the appropriate internal IPs for the respective services. Ex. static (inside,outside) tcp x.x.x.x pop3 10.x.x.x pop3 netmask x.x.x.x (translating all pop3 queried traffic on x.x.x.x to be forwarded to 10.x.x.x) One inbound access list is applied to the 'outside' interface filtering for the protocols we need allowed in and for the static nats. So this works fine for all external users and querying the various protocols. All locations are connected via private frame WAN to the central location, where the internet connection out is and also this PIX. Here is the problem. There are travelling users which bounce from site to site and are configured to access email via POP3. Unfortunately this will not work from inside the PIX. What it looks like is that basically the client is querying a pop3 server which resolves to the public IP address which is in turn the same address assigned for the static nat translation to the actual internal pop3 box. I would change the client to resolve pop3 to the actual internal IP address but then they would be unable to reach the box from home or hotel etc. ie. client queries pop3 to 'popserver.domain.com' dns resolves this to x.x.x.x from above static NAT. Query fails. Does anyone have any suggestions on what may be happening and could shed some light on whether this can be done first of all, and what steps may need to be taken on the PIX so that interal queries for pop3 and smtp will be able to go out through the PAT and come back in as the static nat translates them and still work. Thanks VERY much for anyones input. [EMAIL PROTECTED] __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20123t=19931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: POP3 SMTP through Pix to Static NAT Address [7:19931]
Hello, This is common problem in PIX. when internal client gets Public IP from DNS, it tries to reach that IP. Since it is external IP PIX routes it outside hence packets are lost. There is workaround provided by PIX for this kind of problem. YOu need to use alia command on PIX. Please ref to http://www.cisco.com/warp/public/110/alias.html or This document explains the use of the alias command on the Cisco Secure PIX Firewall. The alias command has two possible functions: It can be used to do DNS Doctoring of DNS replies from an external DNS server. In DNS Doctoring, the PIX changes the DNS response from a DNS server to be a different IP address than the DNS server actually answered for a given name. This process is used when we want the actual application call from the internal client to connect to an internal server by its internal IP address. It can be used to do Destination NAT (dnat) of one destination IP address to another IP address. In dnat, the PIX changes the destination IP of an application call from one IP address to another IP address. This process is used when we want the actual application call from the internal client to the server in a perimeter (dmz) network by its external IP address. This does not doctor the DNS replies. For example, if a host sends a packet to 99.99.99.99, you can use the alias command to redirect traffic to another address, such as 10.10.10.10. You can also use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet. For more information, consult the PIX Hope this will help you --- atram wrote: I have a situation which someone may be able to shed some light on. The configuration that is in place is a PIX 515 6.01 with a public IP on the 'outside' interface and private IP on the 'inside' interface as you would normally see in a straight-forward config. We are using PAT to another external IP for all internal users. Also there are static NAT statements on this same external IP (one used for PAT) that translate to the appropriate internal IPs for the respective services. Ex. static (inside,outside) tcp x.x.x.x pop3 10.x.x.x pop3 netmask x.x.x.x (translating all pop3 queried traffic on x.x.x.x to be forwarded to 10.x.x.x) One inbound access list is applied to the 'outside' interface filtering for the protocols we need allowed in and for the static nats. So this works fine for all external users and querying the various protocols. All locations are connected via private frame WAN to the central location, where the internet connection out is and also this PIX. Here is the problem. There are travelling users which bounce from site to site and are configured to access email via POP3. Unfortunately this will not work from inside the PIX. What it looks like is that basically the client is querying a pop3 server which resolves to the public IP address which is in turn the same address assigned for the static nat translation to the actual internal pop3 box. I would change the client to resolve pop3 to the actual internal IP address but then they would be unable to reach the box from home or hotel etc. ie. client queries pop3 to 'popserver.domain.com' dns resolves this to x.x.x.x from above static NAT. Query fails. Does anyone have any suggestions on what may be happening and could shed some light on whether this can be done first of all, and what steps may need to be taken on the PIX so that interal queries for pop3 and smtp will be able to go out through the PAT and come back in as the static nat translates them and still work. Thanks VERY much for anyones input. [EMAIL PROTECTED] __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20122t=19931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: InterVLAN routing VLAN Sub-Interfaces [7:16445]
Ok Agreed. But what if the routers finds 2 matchings for one IP address while performing an ARP broadcast? Hamid * Peter Van Oene wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Keep in mind that one routes between IP subnets, not VLANs. VLANs are a layer two concept. From there you should be able to answer you own first question. In the second case, given IP subnets have unique ranges, only on PC will be on the valid subnet and hence be able to communicate to the rest of the network. Neither PC will be disabled as far as I know, but only one will function. Using DHCP is highly recommended to overcome this manual configuration errors, not to mention it scales better. Pete *** REPLY SEPARATOR *** On 8/18/2001 at 3:55 AM Hamid wrote: Hi I was studying the InterVlan routing documents and I got to some questions. In a scenario like the attached file: 1. How does the external Router decide how to route the packets between the VLANs, is the INTERVLAN routing based on the IP address assigned to sub-inteface? 2. In these scenarios, how does the router detect a conflicting IP address? For example, if each IP subnet is assigned to a VLAN( 10.10.1.0 to VLAN 1 and 10.10.2.0 to VLAN 2), if two computers on both VLANs are assigned the same IP address (for example 10.10.1.5), how is the confilit detected and which computer is disabled? Thanks Hamid [demime removed a uuencoded section named 50a.jpg which was 1310 lines] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20125t=16445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Avoiding IP conflicts in a MULTI-VLAN environment [7:20124]
Hi group I am setting up a network with some NT4 servers, a Catalyst 2948 switch , and a 7204 VXR router and some access servers. The network consists a 7 VLANs, and all the servers and routers are on multi-VLAN or TRUNK interfaces on the switch. The LAN consists of many computers with different operating systems such as UNIX, LINUX and Win2k. lots of computers that will be connected to this LAN are laptops so I can't implemets PORT SECURITY on the Catalyst. The problem is that I want to prevent my clients to make IP Conflicts in my network. Correct me if I am wrong, but someone had told me that when an IP conflict occurs , the computer with the greater ARP version wins (or something like that !), so the RED HAT 7.1 LINUX operating systems would take down my NT servers. Any ideas or soloutions how I could prevent these conflicts? Thanks in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20124t=20124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Avoiding IP conflicts in a MULTI-VLAN environment [7:20124]
Hamid, I would recomend using DHCP for any of devices that dosen't need to be static. Of course you servers would be hard coded with their IPs, but all other workstations would get on dynamically. This way the posibility of have IP confilcts shouldn't be a problem. HTH Nigel. - Original Message - From: Hamid To: Sent: Sunday, September 16, 2001 2:51 PM Subject: Avoiding IP conflicts in a MULTI-VLAN environment [7:20124] Hi group I am setting up a network with some NT4 servers, a Catalyst 2948 switch , and a 7204 VXR router and some access servers. The network consists a 7 VLANs, and all the servers and routers are on multi-VLAN or TRUNK interfaces on the switch. The LAN consists of many computers with different operating systems such as UNIX, LINUX and Win2k. lots of computers that will be connected to this LAN are laptops so I can't implemets PORT SECURITY on the Catalyst. The problem is that I want to prevent my clients to make IP Conflicts in my network. Correct me if I am wrong, but someone had told me that when an IP conflict occurs , the computer with the greater ARP version wins (or something like that !), so the RED HAT 7.1 LINUX operating systems would take down my NT servers. Any ideas or soloutions how I could prevent these conflicts? Thanks in advance Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20126t=20124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS and RFC 2547 (MPLS VPN's) - opinions? [7:20101]
Hello all: I would like to hear some thoughts on people's opinions on MPLS in general and on RFC 2547-style VPN's in particular. Are providers and (very) large enterprises going to embrace these techniques for their purported advantages, or does it represent too much change for too little benefit? There's quite a range of opinion. Speaking personally, I see them used for provider-provisioned VPNs, but terminating at the site level. Also, I question the real need for the amount of flexibility -- and thus complexity -- that they support, which potentially loads more and more state into stressed BGP routers. They are also a market reality. At a NANOG meeting, a respected operator said in a public forum, If this is the answer...it must have been a pretty stupid question. Marketeers from all vendors like to differentiate their products with more and more features. I don't personally equate adding more and more features with improving reliability. Not everything that COULD be done SHOULD be done. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20127t=20101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client [7:19858]
George, do you have control of the vpn3000? the split tunnel list on the concentrator should be setup to with only the networks accessible from ipsec tunnel. otherwise, all ip traffic will be sent through the tunnel. From: George Kallingal Reply-To: George Kallingal To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] Date: Thu, 13 Sep 2001 17:31:20 -0400 I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20128t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MTU Question [7:20096]
At 08:50 AM 9/16/01, Circusnuts wrote: I believe the correct way to answer this question is, the MTU effects any interface to interface communication where a TCP handshake takes place. That would mean incoming or outgoing. The window of information must match what I expect to receive. Have I come close ??? Nope. Sorry. ;-) TCP is end-to-end, so interface-to-interface has no meaning at the TCP layer. You may be thinking about the TCP segment size. Each side of a TCP session specifies the size of the largest TCP segment that it can handle receiving. This info is carried in the TCP Options field in a SYN packet during the 3-way handshake. The two sides do not need to agree. It is not a negotiated value. The segment size is the size of each message. This is not the same as the window size which is much larger. The window size is how much data the host is ready to receive before the other side should stop and wait for an ACK. Regardless, the original question is down a layer and not specific to TCP. When IP goes to send a datagram, if the datagram is larger than the MTU of the output data-link-layer interface, IP fragments the datagram. The end recipient reassembles it. How does the TCP segment size relate to MTU? It usually defaults to something that matches the local interface. For example on a PC that is on Ethernet, it defaults to 1460 (1500 minus the 20-byte IP header and 20-byte TCP header). Cisco lets you set both the interface MTU and an IP MTU. They can actually differ, but there's generally no need for them to be different. As far as incoming frames, I doubt you could affect this by setting the interface MTU. My guess is that checking the size of any incoming frame is done at the chip level. An Ethernet chip would trash a frame bigger than 1522 (counting header, CRC, and any tagging) and report a giant. Priscilla Phil - Original Message - From: Lists Wizard To: Sent: Sunday, September 16, 2001 2:19 AM Subject: MTU Question [7:20096] Hi Groups, I am a little confused about how the MTU size configured on an interface affects the transmission of packets through that interface. My question is does it affects packets received on the interface or packets transmitted out of the interface? Thanks Lw __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20129t=20096 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Larry Seltzer Article - Someone needs some glassess .. [7:20130]
It definitely said CCIE before. We got it changed!!? ;-) Or Larry got a clue finally and did some research. Priscilla At 11:00 PM 9/15/01, Dave wrote: Dish, Thanks for pointing out the change. I did read the article very carefully. The paragraph that includes; Terms like MCSE (Microsoft Certified Systems Engineer) indicate only successful completion of the program and minimal competence in the product., has been changed. Previously it said CCIE. The wonders of electronic publishing! Dave Swink -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Haller Sent: Saturday, September 15, 2001 7:42 PM To: [EMAIL PROTECTED] Subject: Larry Seltzer Article - Someone needs some glassess .. [7:20077] If anyone actually went and read the article by Larry Seltzer, you would have discovered that he refered to the MCSE certification, not the CCIE. I was ticked at Seltzer at first, but now that I see what he actually wrote, I agree with him. I got my MCSE in a box of CrackerJack !! It has taken over a year for me to gain the necessary knowledge and balls to take and pass the written, and even though my lab stae isnt until May of 2002, I still may not be ready. minimal Competence My Pa-too-tie !!! GOD BLESS AMERICA and all those who love her !!! Dish = Chris from Chicago MasterCNE, CCNP, ICNE, MCP __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20130t=20130 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: lab equipment [7:14648]
If you're looking for PRI, take a look at the Adtran Atlas. For BRI I love my Merge AF2000, but they're hard to find. What is the URL for the 3900 sim? -- Ron Bandes, CCNA, MCSE, BA CS, Certified Technical Trainer+ Cloud Nine Networks, LLC [EMAIL PROTECTED] remove Spam_me_not. to email me adam lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I got a quote from Emutel. It's about 2k for the solo and 10k for the pri model. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 02, 2001 7:21 AM To: [EMAIL PROTECTED] Subject: Re: lab equipment [7:14648] I would trade the PIX for a 1010 Lightstream and get a couple of 2504's. This will give you SDN and Token Ring. Of course, if you really want to use the ISDN, you're going to have to invest in an emulator. Teltone's are nice, but I have an Emutel Solo, which is cheaper and more configurable. My .02c, Rob H CCNP,CCDP,MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20131t=14648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF packets, point-to-multipoint [7:20115]
Still do not understand, Building Scalable Cisco Networks, CiscoPress, page 123 However,bcause the point-to-multipoint mode treats the network as a collection of point-to-point links, multicast hello packets discover neighbors dynamically, and statically configuring neighbors is not required. Routing TCP/IP, Vol. 1, page 433 On broadcast and point-to-point network types, hellos are multicast to AllSPFRouters (224.0.0.5). On NBMA, point-to-multipoint, and virtual link network types, hello are unicast to individual neighbors. The implication of unicasting is that router must first learn of the existence of its neighbors either through manual configuration or an underlying mechanism such as Inverse ARP. What have I missed ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20132t=20115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
can 3640 RAS can support both out incoming call [7:20133]
Hai all Does anybody can help me. Can a 3640 router with 16 port NM analog modem can support for both incoming and outgoing calls. I am sure that it supports incoming calls. I am not sure about the out going calls from 3640. The situation is like this : NT server at the HQ should call remote sites through the RAS Cisco 3640 and the remote sites Windows NT workstations should also be possible to call the HQ through the same 3640 RAS. I would like to know whether this is possible are not. please anybody help me regarding this asap. regards jagan and Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20133t=20133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Friday Funnie #2, Couldn't let this one go by!! [7:14809]
I believe Konrad Zuse of Germany built a binary electronic computer before Atanasoff, although it pleases me to hear you giving credit to Atanasoff over Eckert and Mauchly. Poor Atanasoff was restrained for 25 years from taking credit due to his work being an official secret of the US gov't. For info about Zuse, see http://irb.cs.tu-berlin.de/~zuse/Konrad_Zuse/en/index.html . -- Ron Bandes, CCNA, MCSE, BA CS, Certified Technical Trainer Cloud Nine Networks, LLC [EMAIL PROTECTED] remove Spam_me_not. to email me Jennifer Cribbs wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That's what I meant Howard. I think I left out a few words as I do that most of the time. I think much quicker than I type. My understanding of this: All computer machines were decimal[base10] until the 40's. Atanasoff was the original one who suggested binary to be used instead of base10 to correct the computational probems that existed in measuring current/voltage. In those days with base10, one was a little current, two was a little more, three a little more than that and so on and so on. It was not a very good way to be accurate and was met with many failures. With the induction of binary for current measureage, it became easy and computers were on their way to being a successful marketing venture. One was on, zero was off. Very simple. But the original idea of the binary counting concept started with Ada. Not in the computer sense, but in a general sense of numbers. Or at least that what I have read. Jenn -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 05, 2001 4:23 AM To: Jennifer Cribbs; [EMAIL PROTECTED] Subject: RE: Friday Funnie #2, Couldn't let this one go by!! [7:14809] Not serious, but the intellectual credit here goes to George Boole--as in boolean arithmetic. Babbage/Lovelace machines were decimal. At 02:01 PM 8/3/2001 -0400, Jennifer Cribbs wrote: Is this serious? I was under the impression that Ada Lovelace invented the binary counting system. I was also under the impression that John Atanasoff came up with the brilliant coding system that expressed everything in terms of two numbers for the methodology of measuring the current or lack of current in regards to computers way back in the 40's. Before that everyone kept trying to incorporate the base10 system in computers, which was a major headache and unsuccessfull, but that was in the vacuum tube days. hmmm. Surely Microsoft doesn't think they can do this..Maybe this is a joke however and I am just too d*** serious. Jenn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Natasha Sent: Friday, August 03, 2001 10:19 AM To: [EMAIL PROTECTED] Subject: OT: Friday Funnie #2, Couldn't let this one go by!! [7:14809] REDMOND, WA--In what CEO Bill Gates called an unfortunate but necessary step to protect our intellectual property from theft and exploitation by competitors, the Microsoft Corporation patented the numbers one and zero Monday. With the patent, Microsoft's rivals are prohibited from manufacturing or selling products containing zeroes and ones--the mathematical building blocks of all computer languages and programs--unless a royalty fee of 10 cents per digit used is paid to the software giant. Microsoft has been using the binary system of ones and zeroes ever since its inception in 1975, Gates told reporters. For years, in the interest of the overall health of the computer industry, we permitted the free and unfettered use of our proprietary numeric systems. However, changing marketplace conditions and the increasingly predatory practices of certain competitors now leave us with no choice but to seek compensation for the use of our numerals. A number of major Silicon Valley players, including Apple Computer, Netscape and Sun Microsystems, said they will challenge the Microsoft patent as monopolistic and anti-competitive, claiming that the 10-cent-per-digit licensing fee would bankrupt them instantly. While, technically, Java is a complex system of algorithms used to create a platform-independent programming environment, it is, at its core, just a string of trillions of ones and zeroes, said Sun Microsystems CEO Scott McNealy, whose company created the Java programming environment used in many Internet applications. The licensing fees we'd have to pay Microsoft every day would be approximately 327,000 times the total net worth of this company. If this patent holds up in federal court, Apple will have no choice but to convert to analog, said Apple interim CEO Steve Jobs, and I have serious doubts whether this company would be able to remain competitive selling pedal-operated computers running software off vinyl LPs. As a result of the Microsoft patent, many other companies have begun radically revising their product lines:
RE: Bridging [7:20078]
What I was going to do was set up 192.168.1.1 255.255.255.252 on the serial interface of the 2501 and 192.168.1.2 255.255.255.252 on the serial interface of the 2503, and just see if I could ping and get OSPF to work. It isn't working, I have CRB enabled, set up bridge group 1, put both interfaces on the 2511 into that bridge group, and told the router to bridge IP for that bridge group using bridge 1 bridge ip, which doesn't show up in the config for some reason. Here is a partial running config from the 2511, and a show bridge group: bridge crb ! ! ! interface Loopback1 ip address 192.168.247.1 255.255.255.255 no ip mroute-cache ! interface Loopback2 ip address 25.11.0.1 255.255.255.255 no ip mroute-cache ! interface Ethernet0 ip address 198.207.193.112 255.255.255.0 no ip mroute-cache ! interface Serial0 no ip address ip directed-broadcast no ip mroute-cache clockrate 130 bridge-group 1 ! interface Serial1 no ip address ip directed-broadcast no ip mroute-cache bridge-group 1 ! ip kerberos source-interface any ip classless ip route 0.0.0.0 0.0.0.0 198.207.193.254 no ip http server ! ! ! ! ! bridge 1 protocol ieee __ 2511#sh bridge group Concurrent routing and bridging is enabled. Bridge Group 1 is running the IEEE compatible Spanning Tree protocol Port 3 (Serial0) of bridge group 1 is forwarding Port 4 (Serial1) of bridge group 1 is forwarding -Original Message- From: Chuck Larrieu To: [EMAIL PROTECTED] Sent: 9/15/2001 9:09 PM Subject: RE: Bridging [7:20078] yes. how are you going to test that it's working? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lupi, Guy Sent: Saturday, September 15, 2001 5:49 PM To: [EMAIL PROTECTED] Subject: Bridging [7:20078] Can you configure bridging using only serial interfaces, no ethernet involved at all? I have a 2501 connected to a 2511, and a 2503 connected to the same 2511, both via serial. I want to configure the 2 serial interfaces on the 2511 to bridge between them, is that possible? There is no practical reason for this, just setting it up in the lab and I am curious. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20135t=20078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
hyperterminal giberish? [7:20136]
I have just recently started using hyperterminal as opposed to ZOC in order to get ready for the CCIE lab. I noticed that while working in hyperterminal that it spits giberish out of the top of the working area (white area) into the buffer (grey area), hence making my scrollback buffer entirely useless. I played with the settings and can't seem to find any fix for it. Anyone have any input? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20136t=20136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
something about vpn [7:20137]
can a pix and a router(such as 1720) make a vpn? and can a pix(or a router) and netscreen(a sort of hardware firewall)make a vpn? for instance,in usa,there is a pix,in taiwan province of china,there is a netscreen,can they make a vpn connection? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20137t=20137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF packets, point-to-multipoint [7:20115]
Hi Alex In point-to-multipoint network, a DR will be elected and the DR will multicast the message to all the ospf routers. Where else in point-to-point network, there are no DR selection and thats why either we rely on the inverse arp or manually configure it. William Alex Lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Still do not understand, Building Scalable Cisco Networks, CiscoPress, page 123 However,bcause the point-to-multipoint mode treats the network as a collection of point-to-point links, multicast hello packets discover neighbors dynamically, and statically configuring neighbors is not required. Routing TCP/IP, Vol. 1, page 433 On broadcast and point-to-point network types, hellos are multicast to AllSPFRouters (224.0.0.5). On NBMA, point-to-multipoint, and virtual link network types, hello are unicast to individual neighbors. The implication of unicasting is that router must first learn of the existence of its neighbors either through manual configuration or an underlying mechanism such as Inverse ARP. What have I missed ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20138t=20115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client [7:19858]
I believe you will have to enable split tunneling on the concentrator. With this enabled packets destined for networks defined on the concentrator will be encrypted and sent to that gateway, and all others will use local routing. Jeff From: George Kallingal Reply-To: George Kallingal To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] Date: Thu, 13 Sep 2001 17:31:20 -0400 I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20139t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab Swap:Singapore [7:20140]
Hey Guys, I have got lab in singapore for start of march,02. Any one wanna exchange it with any day/date in 2001. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20140t=20140 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridging [7:20078]
concurrent routing and bridging permits routing and bridging on the same router, but not on the same interfaces. you cannot bridge OSPF in this way, if I understand you correctly. I don't see an OSPF configuration below, so I can't really analyze it. bridge bridge is unnecessary in that all bridgeable protocols are bridged by default. -Original Message- From: Lupi, Guy [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 16, 2001 7:27 PM To: 'Chuck Larrieu '; '[EMAIL PROTECTED] ' Subject: RE: Bridging [7:20078] What I was going to do was set up 192.168.1.1 255.255.255.252 on the serial interface of the 2501 and 192.168.1.2 255.255.255.252 on the serial interface of the 2503, and just see if I could ping and get OSPF to work. It isn't working, I have CRB enabled, set up bridge group 1, put both interfaces on the 2511 into that bridge group, and told the router to bridge IP for that bridge group using bridge 1 bridge ip, which doesn't show up in the config for some reason. Here is a partial running config from the 2511, and a show bridge group: bridge crb ! ! ! interface Loopback1 ip address 192.168.247.1 255.255.255.255 no ip mroute-cache ! interface Loopback2 ip address 25.11.0.1 255.255.255.255 no ip mroute-cache ! interface Ethernet0 ip address 198.207.193.112 255.255.255.0 no ip mroute-cache ! interface Serial0 no ip address ip directed-broadcast no ip mroute-cache clockrate 130 bridge-group 1 ! interface Serial1 no ip address ip directed-broadcast no ip mroute-cache bridge-group 1 ! ip kerberos source-interface any ip classless ip route 0.0.0.0 0.0.0.0 198.207.193.254 no ip http server ! ! ! ! ! bridge 1 protocol ieee __ 2511#sh bridge group Concurrent routing and bridging is enabled. Bridge Group 1 is running the IEEE compatible Spanning Tree protocol Port 3 (Serial0) of bridge group 1 is forwarding Port 4 (Serial1) of bridge group 1 is forwarding -Original Message- From: Chuck Larrieu To: [EMAIL PROTECTED] Sent: 9/15/2001 9:09 PM Subject: RE: Bridging [7:20078] yes. how are you going to test that it's working? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lupi, Guy Sent: Saturday, September 15, 2001 5:49 PM To: [EMAIL PROTECTED] Subject: Bridging [7:20078] Can you configure bridging using only serial interfaces, no ethernet involved at all? I have a 2501 connected to a 2511, and a 2503 connected to the same 2511, both via serial. I want to configure the 2 serial interfaces on the 2511 to bridge between them, is that possible? There is no practical reason for this, just setting it up in the lab and I am curious. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20141t=20078 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging [7:20078]
It actually works fine for a spanning tree bridge with no CRB or IRB... lo0 172.17.3.1 | R1 | s0 172.17.1.1 | s0 172.17.1.2 R2 | s1 172.17.1.3 | s0 172.17.1.4 R3 | lo0 172.17.2.1 ***R2 config*** ! interface Serial0 bandwidth 1544 ip address 172.17.1.2 255.255.255.0 no ip mroute-cache no fair-queue clockrate 56000 bridge-group 1 ! interface Serial1 ip address 172.17.1.3 255.255.255.0 clockrate 56000 bridge-group 1 ! router rip network 172.17.0.0 ! bridge 1 protocol ieee ! R2#sh span Bridge group 1 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, address .0c90.b7b8 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Number of topology changes 4 last change occurred 00:40:00 ago from Serial1 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 1, topology change 0, notification 0, aging 300 Port 3 (Serial0) of Bridge group 1 is forwarding Port path cost 647, Port priority 128, Port Identifier 128.3. Designated root has priority 32768, address .0c90.b7b8 Designated bridge has priority 32768, address .0c90.b7b8 Designated port id is 128.3, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 2 BPDU: sent 2256, received 0 Port 4 (Serial1) of Bridge group 1 is forwarding Port path cost 647, Port priority 128, Port Identifier 128.4. Designated root has priority 32768, address .0c90.b7b8 Designated bridge has priority 32768, address .0c90.b7b8 Designated port id is 128.4, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 1214, received 0 R2# ***R1 config*** interface Loopback0 ip address 172.17.3.1 255.255.255.0 no logging event subif-link-status ! interface Serial0 ip address 172.17.1.1 255.255.255.0 no logging event subif-link-status ! router rip network 172.17.0.0 ***R3 config*** interface Loopback0 ip address 172.17.2.1 255.255.255.0 ! interface Serial0 ip address 172.17.1.4 255.255.255.0 ! router rip network 172.17.0.0 ! R1#p 172.17.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.2.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms R3#p Protocol [ip]: Target IP address: 172.17.3.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: lo 0 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.3.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms R3# - Original Message - From: Lupi, Guy To: Sent: Sunday, September 16, 2001 7:47 PM Subject: RE: Bridging [7:20078] What I was going to do was set up 192.168.1.1 255.255.255.252 on the serial interface of the 2501 and 192.168.1.2 255.255.255.252 on the serial interface of the 2503, and just see if I could ping and get OSPF to work. It isn't working, I have CRB enabled, set up bridge group 1, put both interfaces on the 2511 into that bridge group, and told the router to bridge IP for that bridge group using bridge 1 bridge ip, which doesn't show up in the config for some reason. Here is a partial running config from the 2511, and a show bridge group: bridge crb ! ! ! interface Loopback1 ip address 192.168.247.1 255.255.255.255 no ip mroute-cache ! interface Loopback2 ip address 25.11.0.1 255.255.255.255 no ip mroute-cache ! interface Ethernet0 ip address 198.207.193.112 255.255.255.0 no ip mroute-cache ! interface Serial0 no ip address ip directed-broadcast no ip mroute-cache clockrate 130 bridge-group 1 ! interface Serial1 no ip address ip directed-broadcast no ip mroute-cache bridge-group 1 ! ip kerberos source-interface any ip classless ip route 0.0.0.0 0.0.0.0 198.207.193.254 no ip http server ! ! ! ! ! bridge 1 protocol ieee __ 2511#sh bridge group Concurrent routing and bridging is enabled. Bridge Group 1 is running the IEEE compatible Spanning Tree protocol Port 3 (Serial0) of bridge group 1 is forwarding Port 4 (Serial1) of bridge group 1 is forwarding -Original Message- From: Chuck Larrieu To: [EMAIL PROTECTED] Sent: 9/15/2001 9:09 PM Subject: RE: Bridging [7:20078] yes. how are you going to test that it's working? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lupi, Guy Sent: Saturday,
Re: Interconnecting Netware Server and Workstation... [7:19911]
You say the server network is EBDCB76E. Is this the internal network or the network configured for the NIC? (rummaging through the memory here... I'm no Netware guru...) JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 17/09/2001 03:35 pm - Priscilla Oppenheimer To: [EMAIL PROTECTED] Subject: Re: Interconnecting Netware Server Sent by: and Workstation... [7:19911] nobody@groups tudy.com 15/09/2001 04:13 am Please respond to Priscilla Oppenheimer Is the workstation directly connected to E0 on Router_2? What do you see with show int e0? Is it up, up? Is the workstation actually behind a switch and getting bit by no portfast? That's jumping to conclusions, I know, but it's such a common problem What happens when you try to log into the server? What is the error message on the workstation? Could you manually configure SAP at the workstation? Maybe the auto sense encap isn't working. Can the workstation do anything non-NetWare? For example, can it do an IP ping to the routers? Could you put a sniffer on the workstation? That would tell you what's happening. Please let us know what you find out. I'm collecting Novell troubleshooting scenarios! Thanks. ;-) Priscilla At 02:33 AM 9/14/01, you wrote: Hello, Am having difficulty being able to log into Netware 4.11 Server from a workstation. Setup is this: Netware 4.11 Server Tree: LHS Context: LHS Encapsulation: Ethernet_802.2 Network: EBDCB76E Server is attached to hub which is attached to E0 int on Router_1 We have Windows 2000 Pro Workstation attached to this hub also and can login to and manage server (everything works on local network). Router_1 IPX Routing enabled int E0 has IPX network address of EBDCB76E and encapsulation is SAP int S0 is DCE, clockrate is 56000, IPX net is 10, encap is HDLC ipx router rip network EBDCB76E network 10 Router_2 IPX Routing enabled int E0 has IPX net of 20 and encap is SAP int S1 is DTE, IPX net is 10, encap is HDLC ipx router rip network 10 network 20 Windows 2000 Pro Workstation is attached to E0 on Router_2 and IPX address is 20. Encap is on auto sense with Novell Client 4.8 Now, I can sh ipx servers and see the LHS services. Also, sh ipx routes and I have routes established on both routers. Am I missing something? Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20143t=19911 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF packets, point-to-multipoint [7:20115]
without repeating my private response to your private mail, on NMBA networks, one usually configures OSPF neighbors. The whole NMBA issue is complex. There is the frame relay configuration, and then there is the OSPF configuration on top of that. You can have point to multipoint frame relay interfaces connected to physical, or point-to-point interfaces on the distant end. Inverse arp maps a remote IP address to the associated other side dlci. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex Lee Sent: Sunday, September 16, 2001 7:05 PM To: [EMAIL PROTECTED] Subject: Re: OSPF packets, point-to-multipoint [7:20115] Still do not understand, Building Scalable Cisco Networks, CiscoPress, page 123 However,bcause the point-to-multipoint mode treats the network as a collection of point-to-point links, multicast hello packets discover neighbors dynamically, and statically configuring neighbors is not required. Routing TCP/IP, Vol. 1, page 433 On broadcast and point-to-point network types, hellos are multicast to AllSPFRouters (224.0.0.5). On NBMA, point-to-multipoint, and virtual link network types, hello are unicast to individual neighbors. The implication of unicasting is that router must first learn of the existence of its neighbors either through manual configuration or an underlying mechanism such as Inverse ARP. What have I missed ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20144t=20115 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
isdn call even if (apparentely) no ip request are coming to [7:20145]
Looks like a DNS request kicking it off. Try 'debug dialer' - it should tell you clearly what initiates the call. JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 17/09/2001 03:38 pm - TP cc: Sent by: Subject: isdn call even if (apparentely) no nobody@groupsip request are coming to [7:19917] tudy.com 14/09/2001 07:03 pm Please respond to TP Dear Group, I have a 801 ISDN router: it sends a call even if (apparentely) no ip request are coming to. I've enabled the debug ISDN q931 and debug ip packet. And I can observe the following: 00:26:27: IP: s=10.10.10.6 (Ethernet0), d=10.10.10.255 (Ethernet0), len 78, rcvd 3 00:26:28: IP: s=10.10.10.6 (Ethernet0), d=10.10.10.255 (Ethernet0), len 78, rcvd 3 00:26:29: IP: s=10.10.10.6 (Ethernet0), d=10.10.10.255 (Ethernet0), len 78, rcvd 3 00:26:29: IP: s=10.10.10.6 (Ethernet0), d=DNS IP address (BRI0), g=DNS IP address , len 62, forward 00:26:29: IP: s=10.10.10.6 (Ethernet0), d=213.183.144.20 (BRI0), len 62, encapsulation failed 00:26:124554092544: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 67 changed to up 00:26:124554092544: ISDN BR0: TX - SETUP pd = 8 callref = 0x05 00:26:124560085020: Bearer Capability i = 0x8890 00:26:124554092544: Channel ID i = 0x83 00:26:124554092544: Called Party Number i = 0x80, 'xxx' 00:26:31: ISDN BR0: RX Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20145t=20145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
