catalyst 6000 [7:20244]
hello, i need a help from the list. i have a switch (catalyst6000) as a central node in a physical star topology. the other nodes are three catalyst2948. they are connected to the central catalyst6000 with optic fiber. i have spanning tree disabled cause we don't have redundancy links yet,thus no loops. now one server connected with optic fiber is periodically unreachable(every 2 minutes). i log into the console and i found this error message PAGP-5-PORTTOSTP : port 2/4 left bridge port 2/4 PAGP-5-PORTTOSTP : port 2/4 joined bridge port 2/4 does it have anything to do with STP ? who can help ? /'^ ^'\ ((o)-(o)) |oOOO--(_)--OOOo--|-|- | Ndabarasa Michel... | | CCNA,CCAI.. | | cell (+250)08510951..| | .oooO | | ( )Oooo. | |---\ (--- ( )---|-| \_) ) /|-| (_/ -- FREE! The Best in Rwanda Email Address @mail.rw Reserve your name right now at http://mail.rw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20244&t=20244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: ARMAGEDON R: TIME TO STOP RE: 'It's not the US they want to [7:20243]
Hey, I thin that we Have to start thinking with proffesional way to find out the real attackers as the following: Have we all forgotten the Benjamin Franklin's prophecy that he had made at the Philadelphia Constitutional Convention of 1787 in which he had pleaded that "If you do not exclude them from these United States, in this constitution, in less than 200 years they will have swarmed here in such great numbers that they will dominate and devour the land and change our form of government, for which we Americans have shed our blood, given our lives, our substance and jeopardized our liberty. If you do not exclude them, in less than 200 years our descendants will be working in the fields to furnish them substance, while they will be in the counting houses rubbing their hands. I warn you, gentlemen, if you do not exclude them for all time, your children will curse you in your graves." Of course we have forgotten these words; otherwise we would have seen the villains through along with their viles. In the midst of the attacks in WTC and Pentagon, we are being led to believe that this kind of operation has been launched by someone from the dark corners of the world putting the whole American intelligence apparatus at bay. Dont we understand as to who exactly are the real beneficiaries of this episode. Look at the precision work with which this operation has been conducted and the way commercial jetliners were rammed into the WTCs; the only parallel we can draw is the Entebbe Operation. This kind of precision and accuracy could have only been achieved by just one country in the world. They knew well that this operation would open the gates of backlash against their archrivals. The Christians have been used in the past, yet they are going to be used again. Every one knows about the plans to blow up the Temple in Jerusalem (Dome of the Rock) to rebuild the temple -it was therefore necessary for the WTC operation planners to arrange it in a way so that their ends are achieved by killing all the birds with one stone. Now the forces of whole of Western Europe and the US are being garnered to strike the East-another series of the Crusades are in the offing, for which there would be the offering of the animal sacrifice with the blood of humanity at large. Grace Halsell had warned in her book, "Forcing God Hands", published by Crossroads International Publishing , Washington DC, about all those millions who are praying for a quick rapture and destruction of planet earth and all those who are anxiously waiting and striving to hasten the Armageddon to happen. Rev. Jerry Falwell had told Pastor's Conference on January 15, 1999 that the Anti Christ - portrayed for some 2000 years as evil incarnate - may be a Jew alive today. Israel is contemplating on the destruction and defiling of the Temple in Jerusalem (i.e. the present Dome of the Rock) and is using the garb of the West-East clash of civilization. It would not have been possible without causing this colossal damage in the NYC and by injecting anger amongst the Americans against the whole Islamic World. We must see through the prism the stark reality and let us not be led through by the mindless zealots. Should America and the Americans become pawns in the Great Game? Are we guinea pigs in the hands of those who are trying to impose their New World Order on us? Let us join hands in fighting these rascals. We must know that who will roost the pigeon in the end? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20243&t=20243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec VPN passing through Cisco 803 [7:20245]
Hi, Have someone already experienced a problem with VPN passing through a cisco 803? I want to initiate a VPN from a MS VPN Client to a IOS FW terminating the VPN through a Cisco 803. PC(with VPN client)-Cisco803-Internet-Cisco2600(IOS FW)-Corporate Net My session goes to the terminating router, it checks userID and Pwd, and then nothing is coming back and the session ends. Do you know if there is any restriction about VPN in the Cisco 803 ? thanks chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20245&t=20245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BRI D channel [7:20241]
Dialer profiles are your friend. Read up on them on CCO. JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 18/09/2001 05:49 pm - "Mohammed Saro"To: [EMAIL PROTECTED] Subject: BRI D channel [7:20241] Sent by: nobody@groups tudy.com 18/09/2001 05:04 pm Please respond to "Mohammed Saro" the D channel is the channel that takes the ip address so how can i dial to two different locations with the same BRI interface and the other question about cisco BOD how can i use dialer load-threshold load without enabling MLPPP what will happen to ips is it will take two different ips ? Best Regards, Mohammed Saro Network Engineer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20246&t=20241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how many tunnels can pix515 support ? [7:20247]
for instance,I am in usa,I want to connect uk,canada,china,and russia,can I ? how many tunnels can pix515(r or ur) support most? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20247&t=20247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ARMAGEDON R: TIME TO STOP RE: 'It's not the US they want to [7:20248]
Hey take a look on these two articles and tell me your opinion. Have we all forgotten the Benjamin Franklin's prophecy that he had made at the Philadelphia Constitutional Convention of 1787 in which he had pleaded that "If you do not exclude them from these United States, in this constitution, in less than 200 years they will have swarmed here in such great numbers that they will dominate and devour the land and change our form of government, for which we Americans have shed our blood, given our lives, our substance and jeopardized our liberty. If you do not exclude them, in less than 200 years our descendants will be working in the fields to furnish them substance, while they will be in the counting houses rubbing their hands. I warn you, gentlemen, if you do not exclude them for all time, your children will curse you in your graves." Of course we have forgotten these words; otherwise we would have seen the villains through along with their viles. In the midst of the attacks in WTC and Pentagon, we are being led to believe that this kind of operation has been launched by someone from the dark corners of the world putting the whole American intelligence apparatus at bay. Dont we understand as to who exactly are the real beneficiaries of this episode. Look at the precision work with which this operation has been conducted and the way commercial jetliners were rammed into the WTCs; the only parallel we can draw is the Entebbe Operation. This kind of precision and accuracy could have only been achieved by just one country in the world. They knew well that this operation would open the gates of backlash against their archrivals. The Christians have been used in the past, yet they are going to be used again. Every one knows about the plans to blow up the Temple in Jerusalem (Dome of the Rock) to rebuild the temple -it was therefore necessary for the WTC operation planners to arrange it in a way so that their ends are achieved by killing all the birds with one stone. Now the forces of whole of Western Eur ope and the US are being garnered to strike the East-another series of the Crusades are in the offing, for which there would be the offering of the animal sacrifice with the blood of humanity at large. Grace Halsell had warned in her book, "Forcing God Hands", published by Crossroads International Publishing , Washington DC, about all those millions who are praying for a quick rapture and destruction of planet earth and all those who are anxiously waiting and striving to hasten the Armageddon to happen. Rev. Jerry Falwell had told Pastor's Conference on January 15, 1999 that the Anti Christ - portrayed for some 2000 years as evil incarnate - may be a Jew alive today. Israel is contemplating on the destruction and defiling of the Temple in Jerusalem (i.e. the present Dome of the Rock) and is using the garb of the West-East clash of civilization. It would not have been possible without causing this colossal damage in the NYC and by injecting anger amongst the Americans against the whole Islamic World. We must see through the prism the stark reality and let us not be led through by the mindless zealots. Should America and the Americans become pawns in the Great Game? Are we guinea pigs in the hands of those who are trying to impose their New World Order on us? Let us join hands in fighting these rascals. We must know that who will roost the pigeon in the end? NEWS EMBARGO AFTER ISRAELI LINK LEAK Stern-Intel (Canada). A US military intelligence source revealed details of an internal intelligence memo that points to the Israeli Mossad intelligence service having links to the World Trade Center and Pentagon attacks. The intelligence source, who requested his name be withheld, confirmed the internal US intelligence memo circulated four weeks ago described information that pointed to the threat of a covert Israeli operation on US soil to turn mass public opinion against Palestinian Arabs via an apparent terrorist attack on US interests that would give Israel the green light to implement a large scale military onslaught against the Palestinian Arab population. The 11 September attack has been described by experts as being too sophisticated for a lone terrorist group to execute. "This attack required a high level of military precision and the resources of an advanced intelligence agency. In addition, the attackers would have needed to be extremely familiar with both air force one flight operations, civil airline flight paths and aerial assault tactics on sensitive US cities like Washington," Stated David Stern an expert on Israeli intelligence operations. The attacks targeted the Pentagon, World Trade Center towers, with the White House and air force also being targets according to the FBI. "The attacks have certainly turned US public opinion firmly back in Israel's favor after 11 months of Palestinian uprising, heavy criticism of Israel over war crimes allegations and racism by a UN conference in Durban. The at
Re: Bit Swapping in SR/TLB [7:20214]
After reading the message I sent I knew somebody would want to correct my verbage. My original message was more for ease of bit swapping instead of wording. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20249&t=20214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access lists or inbound/outbound statements [7:20250]
Greetz, I am new to the world of Pix firewalls. I would just like to get your opinion on which is better to use, normal extended access lists or inbound/outbound statements. I have experience with extended access lists on cisco routers but I only just got to know about inbound/outbound statements... What does the list recommend and why! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20250&t=20250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: [7:20251]
Use "floating static" instead Howard Choi CCNP, CCDP -- From: Cisco Lover To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Tuesday, September 18, 2001 5:22PM Hi guys, Any one can explain what the other ways for DDR if we are not allowed to use backip interface command??? IP Ospf demand circuit???Any one can explain please how does it works?? Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20251&t=20251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to redistribute default route to R4? [7:20252]
Hi, I need someone advise on how to redistribute default route to R4 on the scenario and configuration attached. Any help is appreciated. TIA. Paul Loh __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ [GroupStudy.com removed an attachment of type application/msword which had a name of Q2.doc] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20252&t=20252 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can 3640 RAS can support both out & incomi [7:20133]
yes its possible u need to install ras on nt -Original Message- From: Jagan Krishnaraj [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 5:12 AM To: [EMAIL PROTECTED] Subject: RE: can 3640 RAS can support both out & incomi [7:20133] Thank you Chris Cell. The situation is like this: 1. Windows NT server >> Cisco 3640 >> Remote Site Windows 98 PC dialout 16 port NM-Analog RAS 2. Windows NT server << Cisco 3640 << Remote Site Windows 98 PC dialout 16 port NM-Analog RAS Are these methods possible. Please let me know. regards jagan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20253&t=20133 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE : [7:20254]
Hi, Take a look at dialer watches. Demand circuits is another way of using a circuit on a demand basis, and bring it up if needed (don't need to be a backup, can be a standard link). If you want to use it as a backup, u just need to adjust the cost of the link so that it's not used if there is another circuit available. Don't forget to indicate it (ip ospf demand-circuit) only on one side of the link. Olivier -Message d'origine- De : Cisco Lover [mailto:[EMAIL PROTECTED]] Envoyi : 18 septembre, 2001 05:23 @ : [EMAIL PROTECTED] Cc : [EMAIL PROTECTED] Objet : Hi guys, Any one can explain what the other ways for DDR if we are not allowed to use backip interface command??? IP Ospf demand circuit???Any one can explain please how does it works?? Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20254&t=20254 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial is reset? [7:20255]
After look at some of the t1's in one of my boxes. I see the following Serial2/0:23 is reset, line protocol is down After looking on cisco, I couldn't find an exact description of what this means. Can anyone provide some insight? May god have mercy on the souls of those who betray him. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20255&t=20255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Need clarification on BDR promotion to DR [7:20163]
Thank you for the inputs. What I'm trying to understand is that with R3 as DR for the Segment connecting R5-R4-R3-R1 and R1 as BDR, it's true that R1 Will promote itself as DR, but what confuses me is the fact that R3/DR actually stayed up as far as R4 and R5 are concerned. I also missed the fact that between R1-R2 and R2-R3 there won't be Any DR/BDR since these are point-to-point serial links. So in essence what BSCN is saying is that the two DR's would actually "slug it out" to see who keeps the DR role. As far as the two routers getting stuck in "Exstart/Exchange" phase, I failed to mention that this happens after the Ethernet link gets Reconnected. Like you said, this might be an IOS version issue. As a side note, I also saw another case where after replacing A 2500 with a 4500 the new router would not reach FULL state with A 7200 on the other end of a point-to-point connection. I never Did hear from TAC if this was another IOS version issue. Thanks again. Elmer -Original Message- From: Peter van Oene [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 10:06 PM To: [EMAIL PROTECTED] Subject: RE: Need clarification on BDR promotion to DR [7:20163] If that is the case then you are dealing with code issues. As Chuck points out, in this scenario, both routers will either promote themselves to DR while alone, or both will see the link as inactive (no keepalives) In either case, reintroduction to the segment will stimulate a new DR election. I can't see how this could be any more logical. What do you find illogical. Also, I'm not sure what role R2 plays in this scenario? Pete On 17 Sep 2001 11:04:38 -0400, Elmer Deloso wrote: > I understand this principle, but there is no logic with the scenario > On convergence as outlined in BSCN as follows > > R2 > R5 R4 R3 R1 > > Here, R2 has serial links to R1 and R3. Let's say R3=DR and R1=BDR. > BSCN states that if the Ethernet link is disconnected between > R1 and R3, then R1 would sense that the DR went "down" and proceed > To promoting itself as the new DR. > I must admit I haven't tested this exact scenario yet, but I've seen > Similar cases where the two routers in question would get stuck in > Exstart/Exchange forever, and this particular behavior I've succeeded > In reproducing on a test lab. > > Elmer > > > > -Original Message- > From: Peter Van Oene [mailto:[EMAIL PROTECTED]] > Sent: Monday, September 17, 2001 9:42 AM > To: [EMAIL PROTECTED] > Subject: Re: Need clarification on BDR promotion to DR [7:20163] > > So far as the multiaccess segment is concerned, when you remove the DR from > the segment, the DR is down. The only way a DR can do its job is if it has > access to the segment in question. In this case, promoting the BDR makes > sense since the BDR is the only other router on the segment which has > adjacencies with all other routers and has sufficient information on where > the DR left off to be able to take over quickly. When the old DR comes > back, it will not become the BDR unless it is the only other router eligible > on the segment since a BDR election would have already taken place to > replace the promoted BDR. > > Does that help? > > Pete > > *** REPLY SEPARATOR *** > > On 9/17/2001 at 8:55 AM Elmer Deloso wrote: > > >Hi, all. > >I'm trying to understand the PURPOSE and LOGIC behind OSPF BDR > >Promotion to DR. Let's say R1 is DR and R2 is BDR connected via Ethernet > >Link. If I disconnect the cable, this would mean the BDR will promote > >itself > >To DR status, even though the DR never went "down". So when I reconnect the > >Link the DR will just "abdicate" the role? I just don't see the logic here. > >So now the DR will become the BDR, and if we repeat the process of > >disconnecting > >The link, the original scenario is restored. I've read OSPF on CCO and > >Doyle > >but > >Have not come across the explanation of why OSPF was designed to behave > >this > >Way. Any enlightenment on this is welcome. > > > >Elmer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20256&t=20163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial is reset? [7:20255]
try seeing if the controller (T1) is up/down. this is normally the case when
the E1/T1 is down.
show controller t1 2/0
regards
George
-Original Message-
From: Ouellette, Tim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 14:09
To: [EMAIL PROTECTED]
Subject: Serial is reset? [7:20255]
After look at some of the t1's in one of my boxes. I see the following
Serial2/0:23 is reset, line protocol is down
After looking on cisco, I couldn't find an exact description of what this
means. Can anyone provide some insight?
May god have mercy on the souls of those who betray him.
Tim
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20257&t=20255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: catalyst 6000 [7:20244]
This sounds like a classical auto-negotiation issue. If the server is capable of supporting 100FDX then hard code it as well as the Catalyst, and the messages should stop. Another thing to look at, is the port counters, if you see lots of FCS errors, that is usually a tell-tell sign. HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ndabarasa michel Sent: Tuesday, September 18, 2001 3:39 AM To: [EMAIL PROTECTED] Subject: catalyst 6000 [7:20244] hello, i need a help from the list. i have a switch (catalyst6000) as a central node in a physical star topology. the other nodes are three catalyst2948. they are connected to the central catalyst6000 with optic fiber. i have spanning tree disabled cause we don't have redundancy links yet,thus no loops. now one server connected with optic fiber is periodically unreachable(every 2 minutes). i log into the console and i found this error message PAGP-5-PORTTOSTP : port 2/4 left bridge port 2/4 PAGP-5-PORTTOSTP : port 2/4 joined bridge port 2/4 does it have anything to do with STP ? who can help ? /'^ ^'\ ((o)-(o)) |oOOO--(_)--OOOo--|-|- | Ndabarasa Michel... | | CCNA,CCAI.. | | cell (+250)08510951..| | .oooO | | ( )Oooo. | |---\ (--- ( )---|-| \_) ) /|-| (_/ -- FREE! The Best in Rwanda Email Address @mail.rw Reserve your name right now at http://mail.rw [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20258&t=20244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HP Openview [7:20259]
Need some info from all you HPOV experts, I'm seeing alarms from a router every 62 minutes. The alarm states "router reports address 0x0c07ac00 for 10.10.10.1, router reported 0x00d0bbcc9400 via snmp" -the first mac address is the virtual mac address for the standby interface, -the second mac address is one of the ethernet interfaces from the router. >From reading the detail information on the trap it appears this info is generated because the node has more than one mac for the interface. Can anyone help me stop these traps, I'm about to set up a lot more standby interfaces so it'll become a real nuisance then. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20259&t=20259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access lists or inbound/outbound statements [7:20250]
I just did a PIX install, and I don't recall the "inbound / outbound" statements, I do recall applying the ACL's with an inbound statement. I even remember that ACL's can only be applied inbound, which I thought of as a limitation, though I can't come up with a scenario off the top of my head to support my position ;->. The PIX with the last couple of code rev's is moving (well pushing) towards the use of ACL's vs. the legacy "conduit" statements. Once you have the NAT concepts nailed, setting up the ACL's on the PIX is pretty much like doing it in Cisco IOS. HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Langa Kentane Sent: Tuesday, September 18, 2001 6:18 AM To: [EMAIL PROTECTED] Subject: Access lists or inbound/outbound statements [7:20250] Greetz, I am new to the world of Pix firewalls. I would just like to get your opinion on which is better to use, normal extended access lists or inbound/outbound statements. I have experience with extended access lists on cisco routers but I only just got to know about inbound/outbound statements... What does the list recommend and why! [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20260&t=20250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Memory Need for GSR's [7:20233]
Tony; One possible point could be; I would assume that you would be using CEF, for the best forwarding performance. With that said, CEF maintains the FIB which can use a sizable amount of memory. Also, assuming that they are wanting to traffic engineer the multiple OC-12's (even if they don't plan on it now, they will), they will need to run MPLS (tag switching) on top of CEF, even more memory demands. Their possible comebacks could be that these are just core routers that will be acting as BGP route reflectors, and so all they have to do is route traffic based on the current BGP table. If this is the case then they could have tremendous performance gains by not running BGP in the core, and simply let MPLS handle the switching. This has a net result of simplifying the configuration, improving performance, and reducing memory requirements. HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Medeiros Sent: Monday, September 17, 2001 11:48 PM To: [EMAIL PROTECTED] Subject: Memory Need for GSR's [7:20233] Hello everybody, I have to spec. a few 12008's for a customer. When I configured them, I maxed out the memory for the GRP and the line cards at 256 meg. The customer would like to know why I am doing this as the memory for the puppy's is gawd awful expensive. The router will be doing BGP and has a lot of OC-12 interfaces. Question: Can any of you Provider gurus recommend the correct memory for the current BGP table. Is 256 too much? Is 128 going to be too small soon? Thanks in advance and GOD BLESS AMERICA ! Tony M. #6172 [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20261&t=20233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial is reset? [7:20255]
Are you by chance running channelized T-1's. That looks like a channel configuration mis-match between the ends of the T-1 (i.e. site a is configured to use channels 1-23 and site b is only configured to use channels 1-22)? HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ouellette, Tim Sent: Tuesday, September 18, 2001 8:09 AM To: [EMAIL PROTECTED] Subject: Serial is reset? [7:20255] After look at some of the t1's in one of my boxes. I see the following Serial2/0:23 is reset, line protocol is down After looking on cisco, I couldn't find an exact description of what this means. Can anyone provide some insight? May god have mercy on the souls of those who betray him. Tim [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20264&t=20255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BRI D channel [7:20241]
You can use dialer profiles to dial multiple locations. To accomplish this you would create a virtual interface with interface dialer1 and place relevant commands under that interface. Hope this helps -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mohammed Saro Sent: Tuesday, September 18, 2001 2:05 AM To: [EMAIL PROTECTED] Subject: BRI D channel [7:20241] the D channel is the channel that takes the ip address so how can i dial to two different locations with the same BRI interface and the other question about cisco BOD how can i use dialer load-threshold load without enabling MLPPP what will happen to ips is it will take two different ips ? Best Regards, Mohammed Saro Network Engineer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20263&t=20241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT [7:20266]
> > > Propaganda Watch > > > CNN Used 1991 Film To Incite Against > Palestinians > > > Posted: 26 Jamad-u-Thani 1422, 14 September 2001 > > > > CNN showed Palestinians cheering the death and > > destruction of 11 > > > September. The scenes were repeated throughout > the > > day and around the > > > world to sow hatred against the "callous" > > Palestinians. > > > > > > Now it turns out that it used footage from 1991 > > and just claimed that it > > > was today's footage. A contributor to > CounterPunch > > > > > > > (edited by Alexander > > > Cockburn) reports that he and his colleagues had > > compared this tape with > > > one from 1991 showing Palestinian cheering, and > > found them to be > > > identical. Here are excerpts from that letter by > > Marcio A. V. Carvalho at > > > State University of Campinas - Brazil: > > > > > > "All around the world we are subjected to 3 or > 4 > > huge news > > > distributors, and one of them - as you well know > - > > is CNN. Very well, I > > > guess all of you have been seeing (just as I've > > been) images from this > > > company. In particular, one set of images called > > my attencion: the > > > Palestinians celebrating the bombing, out on the > > streets, eating some cake > > > and making funny faces for the camera. > > > > > > Well, THOSE IMAGES WERE SHOT BACK IN 1991! > Those > > are images of > > > Palestinians celebrating the invasion of Kuwait! > > It's simply unacceptable > > > that a super-power of communications as CNN uses > > images which do not > > > correspond to the reality in talking about so > > serious an issue. > > > > > > A teacher of mine, here in Brazil, has > videotapes > > recorded in 1991, > > > with the very same images; he's been sending > > emails to CNN, Globo (the > > > major TV network in Brazil) and newspapers, > > denouncing what I myself > > > classify as a crime against the public opinion. > If > > anyone of you has > > > access to this kind of files, search for it. In > > the meanwhile, I'll try to > > > 'put my hands' on a copy of this tape. > > > > > > But now, think for a moment about the impact of > > such images. Your > > > people are hurt, emotionally fragile, and this > > kind of broadcast have very > > > high possibility of causing waves of anger and > > rage against Palestinians. > > > It's simply irresponsible to show images such as > > those." > > > > > > Marcio A. V. Carvalho State University of > > Campinas - Brazil. > > > > > > __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20266&t=20266 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:Teaching Lessons [7:20265]
> > > by Harry Browne > > > September 12, 2001 > > > > > > The terrorist attacks against America comprise a > > horrible tragedy. But > > > they shouldn't be a surprise. > > > > > > It is well known that in war, the first casualty > > is truth - that during > > > any war truth is forsaken for propaganda. But > > sanity was a prior > > > casualty: it was the loss of sanity that led to > > war in the first place. > > > > > > Our foreign policy has been insane for decades. > It > > was only a matter of > > > time until Americans would have to suffer > > personally for it. It is a > > > terrible tragedy of life that the innocent so > > often have to suffer for > > > the sins of the guilty. > > > > > > When will we learn that we can't allow our > > politicians to bully the > > > world without someone bullying back eventually? > > > > > > President Bush has authorized continued bombing > of > > innocent people in > > > Iraq. President Clinton bombed innocent people > in > > Sudan, Afghanistan, > > > Iraq, and Serbia. President Bush Senior invaded > > Iraq and Panama. > > > President Reagan bombed innocent people in Libya > > and invaded Grenada. > > > And on and on it goes. > > > > > > Did we think the people who lost their families > > and friends and property > > > in all that destruction would love America for > > what happened? > > > > > > When will we learn that violence always begets > > violence? > > > > > > Teaching Lessons > > > Supposedly, Reagan bombed Libya to teach Muammar > > al-Qaddafi a lesson > > > about terrorism. But shortly thereafter a PanAm > > plane was destroyed over > > > Scotland, and our government tried to convince > the > > world it was Libyans > > > who did it. > > > > > > When will we learn that "teaching someone a > > lesson" never teaches > > > anything but resentment - that it only inspires > > the recipient to greater > > > acts of defiance. > > > > > > How many times on Tuesday did we hear someone > > describe the terrorist > > > attacks as "cowardly acts"? But as misguided and > > despicable as they > > > were, they were anything but cowardly. The > people > > who committed them > > > knowingly gave their lives for whatever stupid > > beliefs they held. > > > > > > But what about the American presidents who order > > bombings of innocent > > > people - while the presidents remain completely > > insulated from any > > > danger? What would you call their acts? > > > > > > When will we learn that forsaking truth and > reason > > in the heat of battle > > > almost always assures that we will lose the > > battle? > > > > > > Losing our Last Freedoms. And now, as sure as > > night follows day, we will > > > be told we must give up more of our freedoms to > > avenge what never should > > > have happened in the first place. > > > > > > When will we learn that it makes no sense to > give > > up our freedoms in the > > > name of freedom? > > > > > > What to Do > > > What should be done? > > > > > > First of all, stop the hysteria. Stand back and > > ask how this could have > > > happened. Ask how a prosperous country isolated > by > > two oceans could have > > > so embroiled itself in other people's business > > that someone would want > > > to do us harm. Even sitting in the middle of > > Europe, Switzerland isn't > > > beset by terrorist attacks, because the Swiss > mind > > their own business. > > > > > > Second, resolve that we won't let our leaders > use > > this occasion to > > > commit their own terrorist acts upon more > innocent > > people, foreign and > > > domestic, that will inspire more terrorist > attacks > > in the future. > > > > > > Third, find a way, with enforceable > constitutional > > limits, to prevent > > > our leaders from ever again provoking this kind > of > > anger against > > > America. > > > > > > Patriotism? > > > There are those who will say this article is > > unpatriotic and un-American > > > - that this is not a time to question our > country > > or our leaders. > > > > > > When will we learn that without freedom and > > sanity, there is no reason > > > to be patriotic? > > > > > > Harry Browne was the 2000 Libertarian Party > > candidate for President. You > > > can read more of his articles at > > www.HarryBrowne.org > > > > > > > , his books are > > available at > > > www.HBBooks.com > > > . > > > > > > > > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20265&t=20265 -- FAQ, list archives, and subscription info: http://www.groupstu
Re: OT:Teaching Lessons [7:20265]
And your point in sending this to the list was?? Trolling at this point is my only guess Interesting how many people become foreign policy experts overnight.. "Raynold D Cruz" cc: Sent by:Subject: OT:Teaching Lessons [7:20265] nobody@groupstud y.com 09/18/2001 09:09 AM Please respond to "Raynold D Cruz" > > > by Harry Browne > > > September 12, 2001 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20267&t=20265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab swap:rtp.... [7:20268]
Hi I have a lab date at RTP oct 1 2001 does anyone want to trade? _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20268&t=20268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fwd: OT [7:20262]
4000 Israeli Employees in WTC Absent the Day of the Attack Manar TV - Sept 17, 2001 With the announcement of the attacks at the > World > > Trade Center in New > > > York, the international media, particularly the > > Israeli one, hurried to > > > take advantage of the incident and started > > mourning 4000 Israelis who work > > > at the two towers. Then suddenly, no one ever > > mentioned anything about > > > those Israelis and later it became clear that > they > > remarkably did not show > > > up in their jobs the day the incident took > place. > > No one talked about any > > > Israeli being killed or wounded in the attacks. > > Arab diplomatic sources > > > revealed to the Jordanian al-Watan newspaper > that > > those Israelis remained > > > absent that day based on hints from the Israeli > > General Security > > > Apparatus, the Shabak, the fact which evoked > > unannounced suspicions on > > > American officials who wanted to know how the > > Israeli government learned > > > about the incident before it occurred, and the > > reasons why it refrained > > > from informing the U.S authorities of the > > information it had. Suspicions > > > had increased further after Israeli newspaper > > Yadiot Ahranot revealed that > > > the Shabak prevented Israeli premier Ariel > Sharon > > from traveling to New > > > York and particularly to the citys eastern coast > > to participate in a > > > festival organized by the Zionist organizations > in > > support of the > > > "Israel". Aharon Bernie, the commentator at the > > newspaper, brought up the > > > issue and came up with a negative conclusion, > > saying no answer. He then > > > asked about the clue behind the Shabaks position > > in preventing Sharons > > > participation, and again without giving an > answer. > > Bernie added that > > > Sharon, who was delighted for having his speech > on > > top of the festival > > > agenda, asked the head of the organization to > > mediate and convince the > > > Shabak to change its position, but his attempts > > were in vein. The next day > > > after Sharons secretary officially announced > that > > Sharon would not > > > participate the incident took place. For its > part, > > the Israeli Haaretz > > > newspaper revealed that the FBI arrested five > > Israelis four hours after > > > the attack on the Twin Towers while filming the > > smoking skyline from the > > > roof of their companys building. The FBI had > > arrested the five for > > > puzzling behavior. They are said to have been > > caught videotaping the > > > disaster in what was interpreted as cries of joy > > and mockery. > > > > > > Contact Us : [EMAIL PROTECTED] > > > > > > > > > > > == > > > == > > > ININ List Archives Found Here: > > > > > > > > == > > > == > > > > > == > > > == > > >ISLAMIC NEWS AND INFORMATION NETWORK: > > > > > > > > VISIT: > > > > > > > > WE AFFIRM THAT INJUSTICE ANYWHERE IS A THREAT > TO > > JUSTICE EVERYWHERE > > > > > > > > > DEFINING APARTHEID > > > > > > Article 2 of the "International Convention of > the > > Suppression and > > > Punishment of the Crime of Apartheid" of 1973 > > clearly defined the > > > term "crime of apartheid." This includes similar > > policies and practices > > > of segregation and discrimination as practiced > in > > South Africa and > > > which also apply to inhuman acts committed for > the > > purpose of the > > > establishment and maintaining of domination by > one > > racial group over > > > another. This includes the deliberated > imposition > > of living conditions > > > calculated to cause physical destruction and any > > legislative or other > > > measures preventing a racial group from full > > development of their > > > political, social, economic and cultural life. > > This is an accurate > > > description of what the zionists are doing to > the > > Palestinian people > > > with the full support of the USA. > > > > > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20262&t=20262 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem of ATM to Frame Relay connections [7:20239]
Hi all, Our company is using ATM to Frame Relay connections to connect the head office to some remote offices. The head office is using Cisco 7200 (ATM) and the remote office is using Cisco 2500 (Frame Relay). Some of the offices are using T1 Framelink while some of the offices are using 256k Framelink to the head office. Head office Cisco 7200 (ATM port) || || [ ATM/Frame Relay Cloud ] |||| |||| T1T1 256k 256k Off1Off2 Off3 Off4 There was no any problems in the connections. However, at the log file of the Cisco 7200 (ATM router), it always show that the line protocol of the 256k subinterfaces (i.e. Off3 and Off4) are DOWN for several seconds and then UP again. e.g. XXX XXX Line protocol on Interface ATM0/0.4, changed state to down XXX XXX Line protocol on Interface ATM0/0.4, changed state to up When I used "show ip eigrp neighbors", it shows that Uptime of Off3 and Off4 were only several minutes I had tried to PING the remote offices from the head office and it show that there was no any packet lost although the Cisco 7200 log file show the line protocol down and up. Can anyone help me? Regards. Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20239&t=20239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dial Backup Routing??? [7:19478]
Thanks for your replies Dave. I called Cisco and we decided on a 2611 with the 16 port modem module. The 1601's we have do not have an aux. port so they recommend changing to 1720's. They did say that it may be possible to configure the console port for the modem but that it was not recommended. (Security hole) Anyway, just wanted to say thanks for the response and your insight! Thank you, Andy Davidson IS Support CPS Distributors, Inc. 303-394-6040 [EMAIL PROTECTED] -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 1:12 PM To: Andy Davidson Cc: [EMAIL PROTECTED] Subject: Re: Dial Backup Routing??? [7:19478] Internal modems look at the 2600 and 3600 series routers. It's fortunately been years since I have set up an external modem rack but any of the big names surely make them. Dave Andy Davidson wrote: > > Any reccomendations on hardware to use? I see that the 2511 is a access > server that you can connect multiple exterior modems to. Is this what you > would reccomend for the data center office? Is there a solution that has the > modems internal so that we don't have a bunch of modems stacked up and > seperate? Possibly a rack mountable modem pool that would work with the 2511 > to achieve our goal of 10 incoming lines? > > All replies appreciated!!! > > Andy > > ""MADMAN"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > You sure can, this is a good URL showing how to conifigure your aux > > ports and set up the chat scripts that make it happen. > > > > http://www.cisco.com/warp/customer/471/aux-aux-watch.html > > > > Dave > > > > Andy Davidson wrote: > > > > > > Hello group! > > > I have a network that is set up in a hub and spoke arrangement. We have > 10 > > > remote offices with 3-5 users at each location, and 1 data center which > > > controls all internet access, file and printer sharing and email > services. > > > Our teleco arrangemet is as follows. > > > > > > Data Center: 1 Frame relay T1 with subinterfaces to 7 remote offices > at > > > speeds of 56K and 128K. > > >1 AT&T T1 that goes into a channel bank where > > the > > > other 3 remote sites get 56K lines and then the rest of the channels of > the > > > T1 are dedicated to voice. > > > Hardware Cisco 2522 > > > > > > Remote Sites:56k or 128k data circuits either frame or Point to > Point. > > > Hardware is Cisco 1600 > > > > > > My Question!!!: Is there a way to have a modem connection on the 1600's > > that > > > dials up the 2522 when the circuit goes down? We currently have no > backup > > > for our data connection and I think that this is a major problem. > (Circuits > > > can go down and with no communication to the ERP system, phones ring > off > > > the hook) Cost of course is a major issue, as funding is currently very > > > limited. Possibly a $2500 budget? > > > > > > We do have phone lines into the remote sites that could be used to dial > out > > > from. > > > > > > I am looking for a solution that would maybe use modems on the 1600's > and > > > some sort of a modem pool or modem bank to receive all the connections > in > > > the case of a major outage at the data center on the 2522. > > > > > > If this is possible, please let me know how you would do it!! Also if > you > > > have any reccomendations for modem banks or pools that would send the > > > authentication requests to our 2522 that would be great! > > > > > > Thanks in advance for your replies.. > > > > > > Andy Davidson > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Andy Davidson (E-mail).vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20269&t=19478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT:Teaching Lessons [7:20265]
Actually, I'm glad he posted it - pretty much sums up my feelings about the whole thing. (By the way, Harry Browne isn't an "overnight" expert on foreign relations. He's *been* one for a while now.) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:35 AM To: [EMAIL PROTECTED] Subject: Re: OT:Teaching Lessons [7:20265] And your point in sending this to the list was?? Trolling at this point is my only guess Interesting how many people become foreign policy experts overnight.. "Raynold D Cruz" cc: Sent by:Subject: OT:Teaching Lessons [7:20265] nobody@groupstud y.com 09/18/2001 09:09 AM Please respond to "Raynold D Cruz" > > > by Harry Browne > > > September 12, 2001 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20270&t=20265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet on PIX outside interface [7:20271]
Guys/Gurus, Can anyone please help me in setting up Telnet access on outside interface of PIX. I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN client, can it still be done. Please help. Thanks, NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20271&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Professorship in Cisco [7:20273]
Dear friend I have heard about professorships being given to cisco academies. Does any body have info?. Suranjith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20273&t=20273 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 6000 [7:20244]
You could try disabling PAGP and all that good stuff with the "set port host" command. Dave ndabarasa michel wrote: > > hello, > i need a help from the list. > i have a switch (catalyst6000) as a central node in a > physical star topology. > the other nodes are three catalyst2948. > they are connected to the central catalyst6000 with optic > fiber. > > i have spanning tree disabled cause we don't have redundancy > links yet,thus no loops. > > now one server connected with optic fiber is periodically > unreachable(every 2 minutes). > > i log into the console and i found this error message > > PAGP-5-PORTTOSTP : port 2/4 left bridge port 2/4 > > PAGP-5-PORTTOSTP : port 2/4 joined bridge port 2/4 > > does it have anything to do with STP ? > > who can help ? > > /'^ ^'\ > ((o)-(o)) > |oOOO--(_)--OOOo--|-|- > | Ndabarasa Michel... | > | CCNA,CCAI.. | > | cell (+250)08510951..| > | .oooO | > | ( )Oooo. | > |---\ (--- ( )---|-| > \_) ) /|-| >(_/ > > > -- > FREE! The Best in Rwanda Email Address @mail.rw > Reserve your name right now at http://mail.rw -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20272&t=20244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Video over Ip [7:20276]
Dear friends, I wish to improve my knowledge in Video over IP. Would appriciate if someone could give me some urls. Suranjith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20276&t=20276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT Re: HP Openview [7:20259]
In situations like this I would select the alarm that is bugging you and then go to Event Configuration. From there you can choose to neither log nor display those events. Unless you want to disable this alarm for eternity you'll have to do it individually as you add standby interfaces. If you don't mind never getting this trap again forever, then choose "All Sources" and it will stop that alarm for good. HTH, John >>> "Patrick Donlon" 9/18/01 6:41:06 AM >>> Need some info from all you HPOV experts, I'm seeing alarms from a router every 62 minutes. The alarm states "router reports address 0x0c07ac00 for 10.10.10.1, router reported 0x00d0bbcc9400 via snmp" -the first mac address is the virtual mac address for the standby interface, -the second mac address is one of the ethernet interfaces from the router. >From reading the detail information on the trap it appears this info is generated because the node has more than one mac for the interface. Can anyone help me stop these traps, I'm about to set up a lot more standby interfaces so it'll become a real nuisance then. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20274&t=20259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT [7:20266]
If the Palestinians weren't cheering in the streets over the attacks on the World Trade Center and Pentagon don't you think that the Palestinian leaders would protest the footage instead of threatening reporters if they showed the video. This article references a veiled threat by the Palestinian Cabinet Secretary Ahmed Abdel Rahman against news agencies for showing celebration video, http://www.usatoday.com/news/world/2001/09/13/palestinian.htm I also saw a report on CBC that stated that AP had an even more inflammatory video but refused to release it due to threats from Palestinians against the life of the cameraman that captured the celebration. -Original Message- From: Raynold D Cruz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 9:13 AM To: [EMAIL PROTECTED] Subject: OT [7:20266] > > > Propaganda Watch > > > CNN Used 1991 Film To Incite Against > Palestinians > > > Posted: 26 Jamad-u-Thani 1422, 14 September 2001 > > > > CNN showed Palestinians cheering the death and > > destruction of 11 > > > September. The scenes were repeated throughout > the > > day and around the > > > world to sow hatred against the "callous" > > Palestinians. > > > > > > Now it turns out that it used footage from 1991 > > and just claimed that it > > > was today's footage. A contributor to > CounterPunch > > > > > > > (edited by Alexander > > > Cockburn) reports that he and his colleagues had > > compared this tape with > > > one from 1991 showing Palestinian cheering, and > > found them to be > > > identical. Here are excerpts from that letter by > > Marcio A. V. Carvalho at > > > State University of Campinas - Brazil: > > > > > > "All around the world we are subjected to 3 or > 4 > > huge news > > > distributors, and one of them - as you well know > - > > is CNN. Very well, I > > > guess all of you have been seeing (just as I've > > been) images from this > > > company. In particular, one set of images called > > my attencion: the > > > Palestinians celebrating the bombing, out on the > > streets, eating some cake > > > and making funny faces for the camera. > > > > > > Well, THOSE IMAGES WERE SHOT BACK IN 1991! > Those > > are images of > > > Palestinians celebrating the invasion of Kuwait! > > It's simply unacceptable > > > that a super-power of communications as CNN uses > > images which do not > > > correspond to the reality in talking about so > > serious an issue. > > > > > > A teacher of mine, here in Brazil, has > videotapes > > recorded in 1991, > > > with the very same images; he's been sending > > emails to CNN, Globo (the > > > major TV network in Brazil) and newspapers, > > denouncing what I myself > > > classify as a crime against the public opinion. > If > > anyone of you has > > > access to this kind of files, search for it. In > > the meanwhile, I'll try to > > > 'put my hands' on a copy of this tape. > > > > > > But now, think for a moment about the impact of > > such images. Your > > > people are hurt, emotionally fragile, and this > > kind of broadcast have very > > > high possibility of causing waves of anger and > > rage against Palestinians. > > > It's simply irresponsible to show images such as > > those." > > > > > > Marcio A. V. Carvalho State University of > > Campinas - Brazil. > > > > > > __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20275&t=20266 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
Hi, If your inside servers run W2k then you can setup the remote access service on the W2k server and add static command on your PIX with conduit command to permit remote access from outside to your W2k server. then permit telnetting for this server to the inside interface... if you want exactly the command mail me again and I'll be pleased to help.. Bytheway there is no way to telnet on the outside interface... Magdy H. Ibrahim ""NRB"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20277&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet on PIX outside interface [7:20271]
With version 5.1, you can setup a vpdn/pptp connection to telnet to the outside interface of the pix. Watch the wrap. http://www.cisco.com/warp/public/110/pptppix.html -Original Message- From: Magdy H. Ibrahim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 10:38 AM To: [EMAIL PROTECTED] Subject: Re: Telnet on PIX outside interface [7:20271] Hi, If your inside servers run W2k then you can setup the remote access service on the W2k server and add static command on your PIX with conduit command to permit remote access from outside to your W2k server. then permit telnetting for this server to the inside interface... if you want exactly the command mail me again and I'll be pleased to help.. Bytheway there is no way to telnet on the outside interface... Magdy H. Ibrahim ""NRB"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20281&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HP Openview [7:20259]
I've heard of this one before. HSRP drives OpenView nuts. As others have already pointed out, you can disable this event in Event Configuration. I don't know about you, but I have way too many other problems to shoot to be worrying about duplicate IP issues, so losing this event shouldn't hinder your ability to manage your network. I would check on OVFORUM (http://www.ovforum.org) to see if any of the OV gurus there have an answer. I seem to remember a couple of questions about HSRP on that group lately. Timothy Estes CCNA CCDA Brainbench MVP for TCP/IP Administration Senior Network Systems Analyst Tier III Systems Support Intermedia Communications [EMAIL PROTECTED] -Original Message- From: Patrick Donlon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: HP Openview [7:20259] Need some info from all you HPOV experts, I'm seeing alarms from a router every 62 minutes. The alarm states "router reports address 0x0c07ac00 for 10.10.10.1, router reported 0x00d0bbcc9400 via snmp" -the first mac address is the virtual mac address for the standby interface, -the second mac address is one of the ethernet interfaces from the router. >From reading the detail information on the trap it appears this info is generated because the node has more than one mac for the interface. Can anyone help me stop these traps, I'm about to set up a lot more standby interfaces so it'll become a real nuisance then. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20279&t=20259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
I was talking about normal telnetting from outside without extra setting for vpdn/pptp... Just my two cents;-) Regards,, Magdy ""Eric Hoffman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > With version 5.1, you can setup a vpdn/pptp connection to telnet to the > outside interface of the pix. > > Watch the wrap. > > http://www.cisco.com/warp/public/110/pptppix.html > > > > -Original Message- > From: Magdy H. Ibrahim [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 10:38 AM > To: [EMAIL PROTECTED] > Subject: Re: Telnet on PIX outside interface [7:20271] > > > Hi, > > If your inside servers run W2k then you can setup the remote access service > on the W2k server and add static command on your PIX with conduit command to > permit remote access from outside to your W2k server. then permit telnetting > for this server to the inside interface... > > if you want exactly the command mail me again and I'll be pleased to help.. > Bytheway there is no way to telnet on the outside interface... > > Magdy H. Ibrahim > > > > ""NRB"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Guys/Gurus, > > > > Can anyone please help me in setting up Telnet access on outside > interface > > of PIX. > > I heard that we need to uses IPSec and Cisco VPN client. I do not have > VPN > > client, > > can it still be done. Please help. > > > > Thanks, > > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20282&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
If what you trying to do is telnet to the PIX outside interface, no can do. dave NRB wrote: > > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20283&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet on PIX outside interface [7:20271]
Why don't you set up ssh. This can be done to the outside interface and is secure... -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: 18 September 2001 16:09 To: [EMAIL PROTECTED] Subject: Re: Telnet on PIX outside interface [7:20271] If what you trying to do is telnet to the PIX outside interface, no can do. dave NRB wrote: > > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20284&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT:Teaching Lessons [7:20265]
I'm no history expert, especially foreign history, but I'm confident in my memory that there is no way that Lybia was innocent when we attacked them. In fact, Lybia quit participating so blatantly in sponsoring terrorism after that attack and serves as a good example of what language that terrorists understand. The fact that you could state that we bombed innocents in that example discredits every other point you have made Larry Puckette Network Analyst CCNA,MCP,LANCP Temple Inland [EMAIL PROTECTED] 512/434-1838 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:35 AM To: [EMAIL PROTECTED] Subject:Re: OT:Teaching Lessons [7:20265] And your point in sending this to the list was?? Trolling at this point is my only guess Interesting how many people become foreign policy experts overnight.. "Raynold D Cruz" cc: Sent by:Subject: OT:Teaching Lessons [7:20265] nobody@groupstud y.com 09/18/2001 09:09 AM Please respond to "Raynold D Cruz" > > > by Harry Browne > > > September 12, 2001 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20285&t=20265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Etherchannel [7:20195]
Thanks for your input. I was hopeful that something would work but several of you have reiterated what I believed. It is not possible to Etherchannel accross redundant switches. I will be making recommendations and we will see which way they want it, redundant across switches or redundant to the switch. Thanks again for your help. Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20286&t=20195 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial is reset? [7:20255]
Typically (assuming the interface was working originally and you've made no changes) this would indicate that the circuit is disconnected... Can you see what the equipment at the other end is saying? Again assuming there hasn't been a configuration change it could be anthing from a cable gone bad (somewhat unlikely if you haven't made any physical changes) to a Telco employee accidently pulling a cross connect in a CO (quite likely in my experience).. You'd be best to start up a trouble ticket with the carrier... > -Original Message- > From: Ouellette, Tim [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 5:09 AM > To: [EMAIL PROTECTED] > Subject: Serial is reset? [7:20255] > > > After look at some of the t1's in one of my boxes. I see the following > > Serial2/0:23 is reset, line protocol is down > > After looking on cisco, I couldn't find an exact description > of what this > means. Can anyone provide some insight? > > May god have mercy on the souls of those who betray him. > > Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20287&t=20255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Beachfront Quizzer Exams for CCNP [7:20288]
Anyone used these? How good are they? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20288&t=20288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Worm probes [7:20289]
A la Chuck style, I'm forwarding this for those of you that don't follow the NANOG newsgroup... -- Leigh Anne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 9:30 AM To: Bryan Heitman Cc: [EMAIL PROTECTED] Subject: Re: Worm probes On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman said: > > We're also seeing a large increase in this activity. This seems to be more > severe than the first time. Have an additional 30 to 40 meg inbound from > this. This seems to be the culprit: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China I've nailed a copy, and am working on getting it to the right security people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that this one *both* sends itself via-email a la SirCam, *AND* scans for vulnerable web servers, and if it finds a vulnerable server, it causes anybody visiting that webpage to be offered a contaminated .exe as well. I do *NOT* have a handle on what malicious effects it has other than just propagating. This one's nasty, folks... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20289&t=20289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
I set up telnet to the outside if with every PIX I send out the door. It does require IPSec and I use v6.01 and VPN client 3.0/3.1 (don't know the ins and outs on older versions). Below is a sample configuration that's actually in use, with the IP's changed to protect the innocent. Note that the basic elements include: defining an IP local pool, creating an access list with source address being the outside interface of the PIX and the destination being the IP Pool range. Then, of course, you have to do the telnet outside statement and the rest of the IPSec stuff. Note that with this configuration you would need to set up a client to go to address 99.12.192.121, with the username vpnuser and the password idontthinkso. Below is a sample, from a 506: PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable xoxoxoxo passwd abababab hostname asdf ... ... access-list 91 permit ip host 99.12.192.121 192.168.210.0 255.255.255.0 ... ... ip address outside 99.12.192.121 255.255.255.224 ip address inside 192.168.1.1 255.255.255.0 ... ... ip local pool vpnpool 192.168.210.1-192.168.210.30 ... ... sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set triple esp-3des esp-md5-hmac crypto dynamic-map dynmap 20 set transform-set triple ... ... crypto map clientmap 20 ipsec-isakmp dynamic dynmap crypto map clientmap client configuration address initiate crypto map clientmap client configuration address respond crypto map clientmap interface outside isakmp enable outside ... isakmp client configuration address-pool local vpnpool outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 28800 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 1000 vpngroup vpnuser address-pool vpnpool vpngroup vpnuser idle-time 1800 vpngroup vpnuser password idontthinkso telnet 192.168.210.0 255.255.255.0 outside ... telnet timeout 5 ... ... - Original Message - From: "MADMAN" To: Sent: Tuesday, September 18, 2001 8:09 AM Subject: Re: Telnet on PIX outside interface [7:20271] > If what you trying to do is telnet to the PIX outside interface, no > can do. > > dave > > NRB wrote: > > > > Guys/Gurus, > > > > Can anyone please help me in setting up Telnet access on outside > interface > > of PIX. > > I heard that we need to uses IPSec and Cisco VPN client. I do not have > VPN > > client, > > can it still be done. Please help. > > > > Thanks, > > NRB > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20290&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 6000 [7:20244]
set port host disables negotiation for ether channnel, trunking, and stp. I would also recommend to set speed and duplex manually. Alex MADMAN wrote: > You could try disabling PAGP and all that good stuff with the "set > port host" command. > > Dave > > ndabarasa michel wrote: > > > > hello, > > i need a help from the list. > > i have a switch (catalyst6000) as a central node in a > > physical star topology. > > the other nodes are three catalyst2948. > > they are connected to the central catalyst6000 with optic > > fiber. > > > > i have spanning tree disabled cause we don't have redundancy > > links yet,thus no loops. > > > > now one server connected with optic fiber is periodically > > unreachable(every 2 minutes). > > > > i log into the console and i found this error message > > > > PAGP-5-PORTTOSTP : port 2/4 left bridge port 2/4 > > > > PAGP-5-PORTTOSTP : port 2/4 joined bridge port 2/4 > > > > does it have anything to do with STP ? > > > > who can help ? > > > > /'^ ^'\ > > ((o)-(o)) > > |oOOO--(_)--OOOo--|-|- > > | Ndabarasa Michel... | > > | CCNA,CCAI.. | > > | cell (+250)08510951..| > > | .oooO | > > | ( )Oooo. | > > |---\ (--- ( )---|-| > > \_) ) /|-| > >(_/ > > > > > > -- > > FREE! The Best in Rwanda Email Address @mail.rw > > Reserve your name right now at http://mail.rw > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20293&t=20244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Worm probes - Part II [7:20294]
More information below.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mark Radabaugh - Amplex
Sent: Tuesday, September 18, 2001 9:49 AM
To: [EMAIL PROTECTED]
Subject: RE: Worm probes
This is new - it modifies the web pages of the infected machine to
include a (I assume) virus. It adds this string to the web page:
window.open("readme.eml", null,
"resizable=no,top=6000,left=6000")
Viewing infected web servers may be dangerous.
Mark Radabaugh
Amplex
(419) 833-3635
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
ravi pina
Sent: Tuesday, September 18, 2001 9:35 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Worm probes
indeed. scanning for strings that appear to be associated
with the Concept Virus(CV) V.5, there is a tremendous
increase in bandwidth usage. today alone i match:
/scripts:18013
/_vti_bin: 1885
_mem_bin: 1916
/ms_adc/: 1945
/winnt/system32:27648
bugtraq is starting to get in the preliminary reports
of this worm. beware that infected host's home pages
contain a javascript that sends you to a page that
attempts to send you a copy of the worm. fantastic, eh?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Braun, Mike
Sent: Tuesday, September 18, 2001 9:34 AM
To: '[EMAIL PROTECTED]'
Subject: FW: Worm probes
I received this warning from TruSecure regarding the latest worm attack.
Mike Braun
First American CREDCO
-Original Message-
TruSecure ALERT- TSA 01-023 - W32.nimda.a.mm
Date: September 18, 2001
Time: 1000 EDT
RISK INDICES:
Initial Assessment: RED HOT
Threat: VERY HIGH, (rapidly increasing)
Vulnerability Prevalence: VERY HIGH, effects IIS servers version 4.0,
5.0, and internal networks.
Cost: High, command execution is possible
Vulnerable Systems: IIS 4.0 and 5.0
SUMMARY:
A new IIS worm is spreading rapidly. Its working name is Nimda:
W32.nimda.a.mm
It started about 9am eastern time today, Tuesday,September 18, 2001,
Mulitple sensors world-wide run by TruSecure corporation are getting
multiple hundred hits per hour. And began at 9:08am am.
The worm seems to be targeting IIS 4 and 5 boxes and tests boxes for
multiple vulnerabilities including:
Almost all are get scripts, and a get msadc (cmd.exe)
get_mem_bin
vti_bin owssvr.dll
Root.exe
CMD.EXE
../ (Unicode)
Getadmin.dll
Default.IDA
/Msoffice/ cltreq.asp
This is not code red or a code red variant.
The worm, like code red attempts to infect its local sub net first,
then spreads beyond the local address space.
It is spreading very rapidly.
TruSecure believes that this worm will infect any IIS 4 and IIS 5
box with well known vulnerabilities. We believe that there are
nearly 1Million such machines currently exposed to the Internet.
Risks Indices:
Vulnerability VULNERABILITY PREVALANCE is very high - Milllions of
Internet Web server hosts: TruSecure process and essential
configurations should generally be protective. The vulnerability
prevalence world-wide is very high
Threat - VERY HIGH and Growing The rate of growth and spread is
exceedingly rapid - significantly faster than any worm to date and
significantly faster than any variant of Code red.
Cost -- Unknown, probably moderate per infected system.
The worm itself is a file called
README.EXE, or ADMIN.DLL
a 56K file which is advertised as an audio xwave mime type file.
Other RISKS:
There is risk of DOS of network segments by traffic volume alone
There is large risk of successful attack to both Internet exposed IIS
boxes and to developer and Intranet boxes inside of corporations.
Judging by the Code Red II experience, we expect many subtle routes
of infection leading to inside corporate infections.
We cannot discount the coincidence of the date and time of release,
exactly one week to (probably to the minute) as the World Trade
Center attack .
REPLICATION:
There are at least three mechanisms of spread:
The worm seems to spread both by a direct IIS across Internet (IP
spread)
It probably also spreads by local shares. (this is not known for
sure at this time)
There is also an email vector where README.EXE is sent via email to
numerous accounts.
Mitigations
TruSecure essential practices should work.
Block all email with EXE attachments
Filter for README.EXE
Make sure IIS boxes are well patched and hardened, or removed from
both the Internet and Intranets.
Make sure any developer computing platforms are not running IIS of
any version (many do so by default if either.
Disconnect mail from the Internet
Advise users not to double click on any unexpected attachments.
Update anti-virus when your vendor has the signature.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Eric Gauthier
Sent: Tuesday, September 18, 2001 9:55 AM
To: [EMAIL PROTECTED]
Subject: Re: Worm probes
> Concept Virus(CV) V.5, Copyright(C)2001 R.P.China
> I've nai
Re: [7:20291]
I believe an OSPF demand circuit is used in instances where you don't want hello packets to always keep a DDR link active. Cisco Lover wrote: Hi guys, Any one can explain what the other ways for DDR if we are not allowed to use backip interface command??? IP Ospf demand circuit???Any one can explain please how does it works?? Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html - Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information inYahoo! News. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20291&t=20291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
Secure only in the sense that you can limit source IP's (which can possibly be circumvented) and that the session is encrypted so it is more difficult to sniff the password. However, this would possibly allow someone on the internet to gain access to the firewall and set up thier own rules to allow access to your inside network or take it completely down by wiping the config and changing the password on you. Just be weary of doing anything that allows people potential access to the hardware protecting it. Static commands can be set up to limit connections to inside hosts, but just imagine someone doing a DOS involving several thousand attempted telnet/ssh connections when that port is open You can't limit those on the outside interface since it is not controlled by a static statement. Personally I prefer setting up an IPSec tunnel to the inside and then telnetting to the inside interface with SSH. One step below that would be some kind of RAS to the inside. That at least adds an additional step the would-be hackers would have to navigate through with username/passwords in order to change access to the network from the outside. - Original Message - From: "Burnham, Chris" To: Sent: Tuesday, September 18, 2001 10:30 AM Subject: RE: Telnet on PIX outside interface [7:20271] > Why don't you set up ssh. This can be done to the outside interface and is > secure... > > > -Original Message- > From: MADMAN [mailto:[EMAIL PROTECTED]] > Sent: 18 September 2001 16:09 > To: [EMAIL PROTECTED] > Subject: Re: Telnet on PIX outside interface [7:20271] > > > If what you trying to do is telnet to the PIX outside interface, no > can do. > > dave > > NRB wrote: > > > > Guys/Gurus, > > > > Can anyone please help me in setting up Telnet access on outside > interface > > of PIX. > > I heard that we need to uses IPSec and Cisco VPN client. I do not have > VPN > > client, > > can it still be done. Please help. > > > > Thanks, > > NRB > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20292&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
H.323 [7:20295]
Does any one have experience with H.323 Polycom units? If so any hints on why they can be drooping the connection to the remote site while they are in session. All of the units are sitting behind the Cisco Pix firewall. Thanks, Alex [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20295&t=20295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: catalyst 6000 [7:20244]
a lot of thanx. i disabled the pagp thing On Tue, 18 Sep 2001 10:14:13 -0400 "MADMAN" wrote: > You could try disabling PAGP and all that good stuff with > the "set > port host" command. > > Dave > > ndabarasa michel wrote: > > > > hello, > > i need a help from the list. > > i have a switch (catalyst6000) as a central node in a > > physical star topology. > > the other nodes are three catalyst2948. > > they are connected to the central catalyst6000 with > optic > > fiber. > > > > i have spanning tree disabled cause we don't have > redundancy > > links yet,thus no loops. > > > > now one server connected with optic fiber is > periodically > > unreachable(every 2 minutes). > > > > i log into the console and i found this error message > > > > PAGP-5-PORTTOSTP : port 2/4 left bridge port 2/4 > > > > PAGP-5-PORTTOSTP : port 2/4 joined bridge port 2/4 > > > > does it have anything to do with STP ? > > > > who can help ? > > > > /'^ ^'\ > > ((o)-(o)) > > |oOOO--(_)--OOOo--|-|- > > | Ndabarasa Michel... | > > | CCNA,CCAI.. > | > > | cell (+250)08510951..| > > | .oooO | > > | ( )Oooo. | > > |---\ (--- ( )---|-| > > \_) ) /|-| > >(_/ > > > > > > -- > > FREE! The Best in Rwanda Email Address @mail.rw > > Reserve your name right now at http://mail.rw > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" > [EMAIL PROTECTED] /'^ ^'\ ((o)-(o)) |oOOO--(_)--OOOo--|-|- | Ndabarasa Michel... | | CCNA,CCAI.. | | National University of Rwanda.. | | Computing Centre... | | voice.. | | office (+250)530666 | | cell (+250)08510951..| | .oooO | | ( )Oooo. | |---\ (--- ( )---|-| \_) ) /|-| (_/ -- FREE! The Best in Rwanda Email Address @mail.rw Reserve your name right now at http://mail.rw Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20297&t=20244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Call Manager. [7:20298]
I have a question about Cisco call Manager 3.1 and Active Directory. We have installed the plug in but when we go to search for user in the global directory in call manager we do not have any users. If we create a user in call manager it will show up in call manager and active directory. How do we get it to pull from active directory. And also, after we do get it to pull, can I make it pull from more than just the Users OU? Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20298&t=20298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT - Goodbye [7:20296]
Over the course of time I have read some interesting and very helpful things - Cisco related - on this mailing list. The recent spate of off topic subjects given the circumstances is certainly understandable. However, some have decided to use this forum to spout what is essentially garbage. Yes, I am still angry over what happened, and yes, I want to extricate a toll on those involved, so perhaps my vision is somewhat skewed. However, even so, I promised that I would not respond to any more trolls like the one recently posted by a one Raynold Cruz. I have, unfortunately broken that promise. As such, I am saying my farewells to this group. Many of you have been helpful in my studies, and some have been a calming rational voice in this trying time. Other's not so. I am not much of a contributor to this list so I'm sure my departure will not be missed in the least, rightly so. Take care all, well most anyway, good luck to those pursuing their CCIE. I'll let myself out :) Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20296&t=20296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
Gosh, that means you are allowing accessto your win2k servers from the outside... Remember... Microsoft doesn't belong on the internet... : ) On a serious note... Say you have a static statement to your internal host...What ports would you allow through? Surely you are not reffering to pcanywhere or win2k's remote management console? I would only recommend this if the source ip was ALWAYS the same and the acl would reflect that! (And even then as paranoid as I am I still wouldn't do it!) I might consider throwing a hardened linux box with absolutely no type of ftp/telnet client on it in the dmz. SSH to it, then re-ssh to the pix. And rename ssh while you are at it to something inconspicuous and take the execute attributes off of it! : ) my $.02 -Patrick >>> "Magdy H. Ibrahim" 09/18/01 10:37AM >>> Hi, If your inside servers run W2k then you can setup the remote access service on the W2k server and add static command on your PIX with conduit command to permit remote access from outside to your W2k server. then permit telnetting for this server to the inside interface... if you want exactly the command mail me again and I'll be pleased to help.. Bytheway there is no way to telnet on the outside interface... Magdy H. Ibrahim ""NRB"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20299&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Beachfront Quizzer Exams for CCNP [7:20288]
I've heard REALLY good things about them. I'd definitely recommend checking them out! thanks, -Brad Ellis CCIE#5796 Network Learning Inc [EMAIL PROTECTED] used Cisco: www.optsys.net ""Hosey Roger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone used these? How good are they? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20300&t=20288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: [7:20291]
You can use the dialer watch option which will look for the existence of a route in the table. If the route is no longer there, the router will dial... -Original Message- From: "Jason Wydra" To: [EMAIL PROTECTED] Date: Tue, 18 Sep 2001 12:19:06 -0400 Subject: Re: [7:20291] I believe an OSPF demand circuit is used in instances where you don't want hello packets to always keep a DDR link active. Cisco Lover wrote: Hi guys, Any one can explain what the other ways for DDR if we are not allowed to use backip interface command??? IP Ospf demand circuit???Any one can explain please how does it works?? Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html - Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information inYahoo! News. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20302&t=20291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF demand Circuit [7:20228]
Is there any way I can find which routers do not support it, I assume that each router must run IOS 11.3 or later? Thanks, Lance ""Sasa Milic"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Lance, > > DNA LSAs are not allowed because router received LSAs (ten different > LSAa) without DC bit set in options field from other routers in the > area. That means that there are routers in the area which doesn't > support demand circuit. As you remember, in order to support DNAs, > all routers in the area must support it, which is not the case in > your network. > > Sasa > > > Lance wrote: > > > > I have R6 connected to R5 via an ethernet and a ISDN link. The ISDN link > is > > configured as an OSPF demand circuit however when I do a show ip ospf int I > > get the following output. Notice that it says "DoNotAge LSA not allowed > > (Number of DCbitless LSA is 10)". Why is this, I need for the DoNotAge LSA > > to be allowed and I thought this is what ospf demand-circuit is for. BTW > > this is CCbootcamp lab 8a. Please help? > > > > R6#sho ip ospf int bri0 > > BRI0 is up, line protocol is up (spoofing) > > Internet Address 137.20.224.6/20, Area 0 > > Process ID 64, Router ID 137.20.60.1, Network Type POINT_TO_POINT, Cost: > > 1562 > > Configured as demand circuit. > > Run as demand circuit. > > DoNotAge LSA not allowed (Number of DCbitless LSA is 10). > > Transmit Delay is 1 sec, State POINT_TO_POINT, > > Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 > > Hello due in 00:00:06 > > Neighbor Count is 1, Adjacent neighbor count is 1 > > Adjacent with neighbor 137.20.240.1 (Hello suppressed) > > Suppress hello for 1 neighbor(s) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20303&t=20228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: [7:20301]
The demand circuit option also sets routing entries learned over the demand interface with the DNA (do not age) bit set. -Original Message- From: Jason Wydra To: Cisco Lover , [EMAIL PROTECTED] Date: Tue, 18 Sep 2001 09:02:36 -0700 (PDT) Subject: Re: I believe an OSPF demand circuit is used in instances where you don't want hello packets to always keep a DDR link active. Cisco Lover wrote: Hi guys, Any one can explain what the other ways for DDR if we are not allowed to use backip interface command??? IP Ospf demand circuit???Any one can explain please how does it works?? Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html - Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information inYahoo! News. **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20301&t=20301 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multihoming Without BGP!!!!!....How Posible???? [7:20305]
Hi all, first let me pay tribute to my numerous Networking colleagues, who lost their life while in active service at WTC and Pentagon that fatefull Tuesday and may God grant their love ones in this group the courage to bear the lost. I stand with the popular side 'Terrorism must be completely stamped out' I will need some help with this configuration am proposing. I want to implement multihoming for one of my clients and I do not want to use BGP at all neither do I want to ask each of my upstream providers to route the other provider's Set of IP Addresses given to me, through its own Network. I have two Routers called RouterA and RouterB. RouterA have three ethernet ports (EA1, EA2 and EA3), while RouterB have two ethernet ports (EB1 and EB2). My two upstream providers (ISPs) are Source1 with IP address 63.98.9.0 255.255.255.0 and Source2 with IP address 100.10.10.0 255.255.255.0. Source1's link is terminated on port EA1 on RouterA while Source2's link is terminated on port EA2 on RouterA as well. Port EA3 on RouterA is connected to port EB1 on RouterB, while Port EB2 on RouterB is connected to my Access layer Switch. That is the schematic above, my proposed configuration is stated below: RouterA(Config)#Interface EA1 RouterA(Config-inf)#IP Address 63.98.9.1 255.255.255.0 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routing issue [7:20306]
I've got two 5505 at the core with RSM modules, both of the 5505s have connection to the firewall. Plus I've got a trunk between the 5505s. When I do a trace route from one of the routers that is attached to one of the 5505 to a server outside of the firewall it first hits 5505 that the router is attached to then it goes over the trunk to the second 5505 and only then it hits the firewall and a server. Both of the 5505 RSMs have static routes to the firewall. What can I do to prevent packets from going over the trunk to the second 5505 and go directly to the firewall? Thanks in advance, AK [GroupStudy.com removed an attachment of type text/x-vcard which had a name of khramov.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20306&t=20306 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF demand Circuit [7:20228]
"show ip ospf database router", look at LSAs without DC in options field. Sasa Lance wrote: > > Is there any way I can find which routers do not support it, I assume that > each router must run IOS 11.3 or later? > > Thanks, > Lance > > ""Sasa Milic"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Lance, > > > > DNA LSAs are not allowed because router received LSAs (ten different > > LSAa) without DC bit set in options field from other routers in the > > area. That means that there are routers in the area which doesn't > > support demand circuit. As you remember, in order to support DNAs, > > all routers in the area must support it, which is not the case in > > your network. > > > > Sasa > > > > > > Lance wrote: > > > > > > I have R6 connected to R5 via an ethernet and a ISDN link. The ISDN > link > > is > > > configured as an OSPF demand circuit however when I do a show ip ospf > int I > > > get the following output. Notice that it says "DoNotAge LSA not allowed > > > (Number of DCbitless LSA is 10)". Why is this, I need for the DoNotAge > LSA > > > to be allowed and I thought this is what ospf demand-circuit is for. > BTW > > > this is CCbootcamp lab 8a. Please help? > > > > > > R6#sho ip ospf int bri0 > > > BRI0 is up, line protocol is up (spoofing) > > > Internet Address 137.20.224.6/20, Area 0 > > > Process ID 64, Router ID 137.20.60.1, Network Type POINT_TO_POINT, > Cost: > > > 1562 > > > Configured as demand circuit. > > > Run as demand circuit. > > > DoNotAge LSA not allowed (Number of DCbitless LSA is 10). > > > Transmit Delay is 1 sec, State POINT_TO_POINT, > > > Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 > > > Hello due in 00:00:06 > > > Neighbor Count is 1, Adjacent neighbor count is 1 > > > Adjacent with neighbor 137.20.240.1 (Hello suppressed) > > > Suppress hello for 1 neighbor(s) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20307&t=20228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dual FIFO: An Answer [7:20308]
No, Dual FIFO does not mean "a pair of poodles." That would be Dual FOOFOO. Then again, it may be Dual FIDO. Anyway While browsing on CCO I found a better explanation of the Dual FIFO queue. This excerpt is taken from: http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/qossol/qosvoip.htm#xtocid635517 At the interface level, a FIFO queue is set up unless you have enabled FRF.12 fragmentation. In that case, a dual FIFO system is set up with a high priority queue and a low priority queue. The high priority queue receives the PQ traffic from all PVCs plus Layer 2 control traffic. The low priority queue receives all other traffic from all PVCs. Remember that Frame Relay traffic shaping (FRTS) is required for Frame Relay circuits whether FRF.12 fragmentation is enabled or not. FRTS provides the back-pressure mechanism to detect congestion per PVC. Support for ATM PVCs is available in Cisco IOS Release 12.2(1)T. HTH, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20308&t=20308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Professorship in Cisco [7:20273]
The Network Academy program is being taught in 2/4 year colleges. Thus, often professors, such as myself, are teaching the courses. However, professorships aren't being "given to" the acadamies specifically as far as I know. HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy SUranjith Ariyapperuma wrote: Dear friend I have heard about professorships being given to cisco academies. Does any body have info?. Suranjith [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20310&t=20273 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multihoming Without BGP!!!!!....How Posible???? [7:20305]
Posting guidelines for this mailing list - http://www.groupstudy.com/list/guide.html bullet #5 applies in this case Let's do our best to keep within the guidelines of groupstudy please, folks. Please treat this as a request, and not as demand. I'm not the posting police, but in the past few weeks I've noticed a lot more "My customer wants", or "I need to do this for my client", which may be fun and educational and challenging and interesting, but not within the spriit and context of this mailing list. - Original Message - From: "Mr. Oletu Hosea Godswill, CCNA" To: Sent: Tuesday, September 18, 2001 10:59 AM Subject: Multihoming Without BGP!How Posible [7:20305] > Hi all, > > first let me pay tribute to my numerous Networking > colleagues, who lost their life while in active > service at WTC and Pentagon that fatefull Tuesday and > may God grant their love ones in this group the > courage to bear the lost. I stand with the popular > side 'Terrorism must be completely stamped out' > > I will need some help with this configuration am > proposing. > > I want to implement multihoming for one of my clients > and I do not want to use BGP at all neither do I want > to ask each of my upstream providers to route the > other provider's Set of IP Addresses given to me, > through its own Network. I have two Routers called > RouterA and RouterB. RouterA have three ethernet ports > (EA1, EA2 and EA3), while RouterB have two ethernet > ports (EB1 and EB2). > > > My two upstream providers (ISPs) are Source1 with IP > address 63.98.9.0 255.255.255.0 and Source2 with IP > address 100.10.10.0 255.255.255.0. Source1's link is > terminated on port EA1 on RouterA while Source2's link > is terminated on port EA2 on RouterA as well. Port EA3 > on RouterA is connected to port EB1 on RouterB, while > Port EB2 on RouterB is connected to my Access layer > Switch. > > That is the schematic above, my proposed configuration > is stated below: > > RouterA(Config)#Interface EA1 > RouterA(Config-inf)#IP Address 63.98.9.1 255.255.255.0 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20311&t=20305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multihoming Without BGP!!!!!....How Posible???? [7:20305]
check out the following: www.fatpipeinc.com www.radware.com Both companies have products that you might be interested in. The Fatpipe product is called Xtreme but I don't remember what Radware's alternative is called. HTH, John >>> "Mr. Oletu Hosea Godswill, CCNA" 9/18/01 11:59:50 AM >>> Hi all, first let me pay tribute to my numerous Networking colleagues, who lost their life while in active service at WTC and Pentagon that fatefull Tuesday and may God grant their love ones in this group the courage to bear the lost. I stand with the popular side 'Terrorism must be completely stamped out' I will need some help with this configuration am proposing. I want to implement multihoming for one of my clients and I do not want to use BGP at all neither do I want to ask each of my upstream providers to route the other provider's Set of IP Addresses given to me, through its own Network. I have two Routers called RouterA and RouterB. RouterA have three ethernet ports (EA1, EA2 and EA3), while RouterB have two ethernet ports (EB1 and EB2). My two upstream providers (ISPs) are Source1 with IP address 63.98.9.0 255.255.255.0 and Source2 with IP address 100.10.10.0 255.255.255.0. Source1's link is terminated on port EA1 on RouterA while Source2's link is terminated on port EA2 on RouterA as well. Port EA3 on RouterA is connected to port EB1 on RouterB, while Port EB2 on RouterB is connected to my Access layer Switch. That is the schematic above, my proposed configuration is stated below: RouterA(Config)#Interface EA1 RouterA(Config-inf)#IP Address 63.98.9.1 255.255.255.0 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20313&t=20305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Worm probes [7:20289]
- Original Message - From: "Leigh Anne Chisholm" To: Sent: Tuesday, September 18, 2001 5:03 PM Subject: FW: Worm probes [7:20289] > A la Chuck style, I'm forwarding this for those of you that don't follow the > NANOG newsgroup... > > > -- Leigh Anne > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, September 18, 2001 9:30 AM > To: Bryan Heitman > Cc: [EMAIL PROTECTED] > Subject: Re: Worm probes > > > On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman > said: > > > > We're also seeing a large increase in this activity. This seems to be > more > > severe than the first time. Have an additional 30 to 40 meg inbound from > > this. > > This seems to be the culprit: > > Concept Virus(CV) V.5, Copyright(C)2001 R.P.China > > I've nailed a copy, and am working on getting it to the right security > people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates that > this one *both* sends itself via-email a la SirCam, *AND* scans for > vulnerable > web servers, and if it finds a vulnerable server, it causes anybody visiting > that webpage to be offered a contaminated .exe as well. > > I do *NOT* have a handle on what malicious effects it has other than just > propagating. > > This one's nasty, folks... > > -- > Valdis Kletnieks > Operating Systems Analyst > Virginia Tech Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20314&t=20289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Syslogd question [7:20315]
Hi folks, I have many routers pointing to one syslogd server. Is it possible to tell the Router to prepend the router's name in each log message so when looking at the logs, you can tell which message originates from which router? The below log does not tell me the name of the router: R2501#show log Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 436 messages logged Monitor logging: level debugging, 0 messages logged Trap logging: level informational, 440 message lines logged Logging to 192.168.1.1, 6 message lines logged Buffer logging: level debugging, 436 messages logged Log Buffer (4096 bytes): te to up Jul 20 20:47:40.208 EDT: %FR-5-DLCICHANGE: Interface Serial1 - DLCI 203 state changed to ACTIVE Jul 30 20:28:47.094 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down Jul 30 20:28:48.130 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up Jul 31 12:41:22.688 EDT: %SYS-5-CONFIG_I: Configured from console by dpendlet on vty0 (192.168.1.50) Jul 31 12:44:56.400 EDT: %SYS-5-CONFIG_I: Configured from console by dpendlet on vty0 (192.168.1.50) Aug 2 14:03:15.847 EDT: %SYS-5-CONFIG_I: Configured from console by lkim on vty0 (192.168.1.50) Aug 4 21:38:48.371 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down I want the name of the router to be in each line of the log. Thanks for any help. -Frank __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20315&t=20315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslogd question [7:20315]
This should be functionallity of the logging server... It should do a reverse lookup on the ip and post it there... If there is no reverse lookup, it hsould at least post the ip address... what syslog are you running and what platform? -Patrick >>> "Frank Ofus" 09/18/01 04:34PM >>> Hi folks, I have many routers pointing to one syslogd server. Is it possible to tell the Router to prepend the router's name in each log message so when looking at the logs, you can tell which message originates from which router? The below log does not tell me the name of the router: R2501#show log Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 436 messages logged Monitor logging: level debugging, 0 messages logged Trap logging: level informational, 440 message lines logged Logging to 192.168.1.1, 6 message lines logged Buffer logging: level debugging, 436 messages logged Log Buffer (4096 bytes): te to up Jul 20 20:47:40.208 EDT: %FR-5-DLCICHANGE: Interface Serial1 - DLCI 203 state changed to ACTIVE Jul 30 20:28:47.094 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down Jul 30 20:28:48.130 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up Jul 31 12:41:22.688 EDT: %SYS-5-CONFIG_I: Configured from console by dpendlet on vty0 (192.168.1.50) Jul 31 12:44:56.400 EDT: %SYS-5-CONFIG_I: Configured from console by dpendlet on vty0 (192.168.1.50) Aug 2 14:03:15.847 EDT: %SYS-5-CONFIG_I: Configured from console by lkim on vty0 (192.168.1.50) Aug 4 21:38:48.371 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down I want the name of the router to be in each line of the log. Thanks for any help. -Frank __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20316&t=20315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslogd question [7:20315]
Patrick, Thanks for the response. I'm running unix tftpd. I can't seem to find the syntax to force my tftpd to prepend in the name for each log. Any advice? Thanks, -Frank --- Patrick Ramsey wrote: > This should be functionallity of the logging > server... It should do a reverse lookup on the ip > and post it there... If there is no reverse lookup, > it hsould at least post the ip address... what > syslog are you running and what platform? > > -Patrick > > >>> "Frank Ofus" 09/18/01 > 04:34PM >>> > Hi folks, > I have many routers pointing to one syslogd server. > Is it possible to tell the Router to prepend the > router's name in each log message so when looking at > the logs, you can tell which message originates from > which router? The below log does not tell me the > name > of the router: > > R2501#show log > Syslog logging: enabled (0 messages dropped, 0 > flushes, 0 overruns) > Console logging: level debugging, 436 messages > logged > Monitor logging: level debugging, 0 messages > logged > Trap logging: level informational, 440 message > lines logged > Logging to 192.168.1.1, 6 message lines > logged > Buffer logging: level debugging, 436 messages > logged > > Log Buffer (4096 bytes): > te to up > Jul 20 20:47:40.208 EDT: %FR-5-DLCICHANGE: Interface > Serial1 - DLCI 203 state changed to ACTIVE > Jul 30 20:28:47.094 EDT: %LINEPROTO-5-UPDOWN: Line > protocol on Interface Serial1, changed state to down > Jul 30 20:28:48.130 EDT: %LINEPROTO-5-UPDOWN: Line > protocol on Interface Serial1, changed state to up > Jul 31 12:41:22.688 EDT: %SYS-5-CONFIG_I: Configured > from console by dpendlet on vty0 (192.168.1.50) > Jul 31 12:44:56.400 EDT: %SYS-5-CONFIG_I: Configured > from console by dpendlet on vty0 (192.168.1.50) > Aug 2 14:03:15.847 EDT: %SYS-5-CONFIG_I: Configured > from console by lkim on vty0 (192.168.1.50) > Aug 4 21:38:48.371 EDT: %LINEPROTO-5-UPDOWN: Line > protocol on Interface Serial1, changed state to down > > > > I want the name of the router to be in each line of > the log. Thanks for any help. > > > -Frank > > > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > [EMAIL PROTECTED] > __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20317&t=20315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multihoming Without BGP!!!!!....How Posible???? Here's How [7:20318]
If you do not want to go the complexity of running BGP and you still want to multihome your network to the Internet here's how to do it: Purchase and configure two egresses to the Internet via two different ISPs. Say that both edge routers are Cisco 3640's and both have a Firewall, say a Pix behind them for security. I emphasize that for this to work make sure both 3640s have at least two Ethernet or Fa ports each! Setup your default gateway on both 3640s to be each respective ISP next hop. Setup the default gateway of your Pix to its respective edge 3640 router. Setup a vlan on a switch, do not make any routers aware of that vlan...its only a local broadcast domain...kind of like using a hub. Say your primary Ethernet interface on both edge routers is E0/0. Patch both E0/1 interfaces on each 3640 to your local vlan so that they can communicate, don't forget to no shut these interfaces of course. Configure both E0/1 interfaces so that they are both in the same subnet, use a /30 bit mask so that there is never a possiblity for IP overlap.you may totally forget about these interfaces..I warn you..I have on my network ; -). Now configure HSRP on Both E0/0 interfaces with each other's E0/0 as the stanby IP address. Your done! If ISP 1 dies, HSRP will kick in and spoof the mac of your other 3640. All traffic that hits your edge router pointed toward the dead ISP will be forwarded across your local vlan to your other ISP! This of course doesn't work if your are running a web server and you are NATing simultaneously like 99% of the world, however I have a workaround for that. Instead of registering with the A root DNS server the outside IP address of your primary 3640 as the resolution to www.yourwebpage.com. Pay a little extra for a fully meshed ISP to host a static page for you. Register this static page with Internic. Write the static page to do a JAVA redirection into your network. The ISP will have the headaches of running the BGP and even if their link to you fails, chances are that your static page that they are hosting will still be veiwable to the Internet. Simply write your JAVA redirector to have your secondary 3640's outside IP address as a mirror site for immediate redirection. John Squeo Technical Specialist Papa John's Corporation (502) 261-4035 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20318&t=20318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access lists or inbound/outbound statements [7:20319]
Greetz, I am new to the world of Pix firewalls. I would just like to get your opinion on which is better to use, normal extended access lists or inbound/outbound statements. I have experience with extended access lists on cisco routers but I only just got to know about inbound/outbound statements... What does the list recommend and why! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20319&t=20319 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay - duplex. [7:20320]
We have a discrepancy going on between our infrastructure group. The question is. Is Frame Relay full duplex or half? We've called several providers several times each and we get different answers from the same provider. We are fairly certian that a T1 is full duplex -1.544 both in and out. If we have a frame circuit that has a port of 256 and a CIR of 128. Are we guaranteed 128 to transmit and 128 to receive, or are we guaranteed 128 to both transmit and receive. Curious and thanks!, Rob Michel [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20320&t=20320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay - duplex. [7:20320]
serial connections are definately fulldux... CIR can be set however by the provider either way... most give you cir fulldux where some don't. You can specify incoming cir and outgoing cir if your provider told you that is how they operate. -Patrick ps. I can't think of the last time I even saw a different cir set for incoming and outgoingas a matter of fact, I haven't even seen it in IOS recently...Of course I haven't looked for it either... : ) I do remember setting up circuits yrs ago with some old 3com equipment that had different cirs... >>> "[EMAIL PROTECTED]" 09/18/01 05:52PM >>> We have a discrepancy going on between our infrastructure group. The question is. Is Frame Relay full duplex or half? We've called several providers several times each and we get different answers from the same provider. We are fairly certian that a T1 is full duplex -1.544 both in and out. If we have a frame circuit that has a port of 256 and a CIR of 128. Are we guaranteed 128 to transmit and 128 to receive, or are we guaranteed 128 to both transmit and receive. Curious and thanks!, Rob Michel [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20321&t=20320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multihoming Without BGP!!!!!....How Posible???? Here's How [7:20322]
Hi, Wouldn't this also depend largely on the routing etc from each of the upstream providers. For example, if the address range used is within one provided via the upstream provider it is likely the routes to others in that upstream provider will only come via the link provided by the upstream provider. eg. (I know this example uses private space but it is just an example) You are given a range say 172.16.20.0/23 by you provider. This fits in the providers range of 172.16.0.0/16. The provider does not allow it's own addresses in to its network via another provider (quite a normal arrangement). It will not be possible then to access a number of sites. Just a thought on something I have seen on a number of occasions. Maybe you have an answer for this. Teunis, Hobart, Tasmania Australia On Tuesday, September 18, 2001 at 05:15:22 PM, [EMAIL PROTECTED] wrote: > If you do not want to go the complexity of running BGP and you still want > to multihome your network to the Internet here's how to do it: > > Purchase and configure two egresses to the Internet via two different ISPs. > Say that both edge routers are Cisco 3640's and both have a Firewall, say a > Pix behind them for security. > > I emphasize that for this to work make sure both 3640s have at least two > Ethernet or Fa ports each! > > Setup your default gateway on both 3640s to be each respective ISP next > hop. Setup the default gateway of your Pix to its respective edge 3640 > router. Setup a vlan on a switch, do not make any routers aware of that > vlan...its only a local broadcast domain...kind of like using a hub. > > Say your primary Ethernet interface on both edge routers is E0/0. Patch > both E0/1 interfaces on each 3640 to your local vlan so that they can > communicate, don't forget to no shut these interfaces of course. Configure > both E0/1 interfaces so that they are both in the same subnet, use a /30 > bit mask so that there is never a possiblity for IP overlap.you may > totally forget about these interfaces..I warn you..I have on my network ; > -). Now configure HSRP on Both E0/0 interfaces with each other's E0/0 as > the stanby IP address. > > Your done! If ISP 1 dies, HSRP will kick in and spoof the mac of your > other 3640. All traffic that hits your edge router pointed toward the dead > ISP will be forwarded across your local vlan to your other ISP! > > This of course doesn't work if your are running a web server and you are > NATing simultaneously like 99% of the world, however I have a workaround > for that. Instead of registering with the A root DNS server the outside IP > address of your primary 3640 as the resolution to www.yourwebpage.com. Pay > a little extra for a fully meshed ISP to host a static page for you. > Register this static page with Internic. Write the static page to do a > JAVA redirection into your network. The ISP will have the headaches of > running the BGP and even if their link to you fails, chances are that your > static page that they are hosting will still be veiwable to the Internet. > Simply write your JAVA redirector to have your secondary 3640's outside IP > address as a mirror site for immediate redirection. > > > > John Squeo > Technical Specialist > Papa John's Corporation > (502) 261-4035 -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20322&t=20322 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Everything-CCNA-CCNP-CCIE- [7:20323]
Any one studying for CCNA, CCNP or CCIE, I have a lot of things to offer you, Plenty of Electronic Books Almost real exams You can also complete your all practicals:) +more after this I am so sure you do'nt need to spend a single pany or looking anything to get success. +I am also Certified and can help you if you require my personal help... if you have good laptop then I do'nt mind in exchange as I am badly looking one dream NoteBook. if you do'nt have one do'nt mind you can still contact me, I would love to hear from you and definately help you and prepare you for success...wish you good luck!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20323&t=20323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BRI D channel [7:20241]
Hi, I think you might find the "D" channel sets up the link to the ISDN switch and does some communication with it. When making the call to the IP address and the other end this is done via the "B" channels. When creating different dialer interfaces each uses a different "B" channel to communicate and the "D" channel is used to setup the call via the ISDN switch. Therefore on the first call the "D" channnel will be brought up and communications will start with the ISDN switch. The line is setup (TEI, Speeds etc) number of the remote end is dialed and called. This might require a "D" channel is brought up or it might indeed be up to the remote end. Once up the "B" channels setup the end to end call and authentication takes place. After successful authentication the protocol negotiations take place establishing the IP addresses etc. I realise this is not complete but gives a rough idea of what happens. You can indeed use one dialer interface to call 2 different remote sites if required. Each on its own "B" channel. You can indeed spread these across a number of "B" channels on multiple PRI's if required. Just some thoughts. Teunis, Hobart, Tasmania Australia On Tuesday, September 18, 2001 at 08:56:26 AM, Dennie Turner wrote: > You can use dialer profiles to dial multiple locations. To accomplish > this you would create a virtual interface with interface dialer1 and > place relevant commands under that interface. Hope this helps > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Mohammed Saro > Sent: Tuesday, September 18, 2001 2:05 AM > To: [EMAIL PROTECTED] > Subject: BRI D channel [7:20241] > > the D channel is the channel that takes the ip address so how can i > dial to > two different locations with the same BRI interface > and the other question about cisco BOD how can i use dialer > load-threshold > load > > without enabling MLPPP what will happen to ips is it will take two > different > ips ? > > > Best Regards, > Mohammed Saro > Network Engineer -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20324&t=20241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Worm probes [7:20289]
oops, anyway, here it is again, http://www.datarescue.com/fprot/virinfo/nimda.htm (is it 'related' ? ) - Original Message - From: "dlci_16" To: Sent: Tuesday, September 18, 2001 9:11 PM Subject: Re: Worm probes [7:20289] > - Original Message - > From: "Leigh Anne Chisholm" > To: > Sent: Tuesday, September 18, 2001 5:03 PM > Subject: FW: Worm probes [7:20289] > > > > A la Chuck style, I'm forwarding this for those of you that don't follow > the > > NANOG newsgroup... > > > > > > -- Leigh Anne > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, September 18, 2001 9:30 AM > > To: Bryan Heitman > > Cc: [EMAIL PROTECTED] > > Subject: Re: Worm probes > > > > > > On Tue, 18 Sep 2001 10:22:06 CDT, Bryan Heitman > > said: > > > > > > We're also seeing a large increase in this activity. This seems to be > > more > > > severe than the first time. Have an additional 30 to 40 meg inbound > from > > > this. > > > > This seems to be the culprit: > > > > Concept Virus(CV) V.5, Copyright(C)2001 R.P.China > > > > I've nailed a copy, and am working on getting it to the right security > > people. A *PRELIMINARY* (eyeballing the output of 'strings' indicates > that > > this one *both* sends itself via-email a la SirCam, *AND* scans for > > vulnerable > > web servers, and if it finds a vulnerable server, it causes anybody > visiting > > that webpage to be offered a contaminated .exe as well. > > > > I do *NOT* have a handle on what malicious effects it has other than just > > propagating. > > > > This one's nasty, folks... > > > > -- > > Valdis Kletnieks > > Operating Systems Analyst > > Virginia Tech Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20325&t=20289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN - NAT interoperability [7:20326]
I'm looking to study the Cisco method of VPN implementation. I've worked a little with the IOS firewall feature pack, but have a few questions about how all of these features on a Cisco edge router work together. First of all, does anyone know which feature set is required to nail up a tunnel? I'm assuming that its the IP plus IPsec 56 feature pack, and that I would have both firewalling and tunneling ability with the IP/FW plus IPSec 56 feature set. Can anyone in the know verify this for me before I hose up the home lab?? Also, one final question. Let's say I've got an edge router at 2 remote offices connecting each private network to the Internet. How do NAt and tunneling work together? If dynamic NAT is enabled with the outside address of the router, wouldn't all traffic existing the outside interface be NAted? Surely not, but I'm in need of documentation. How is traffic bound for the other office directed down the tunnel? Does anyone know of a good tutorial about how this all works toghether? Thanks in advance for any info, Bob McIntire, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20326&t=20326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslogd question [7:20315]
I worked once for a company that had separate files for each device, that really seems the most sensible to me. Brian - Original Message - From: "Frank Ofus" To: Sent: Tuesday, September 18, 2001 1:52 PM Subject: Re: Syslogd question [7:20315] > Patrick, > Thanks for the response. I'm running unix tftpd. I > can't seem to find the syntax to force my tftpd to > prepend in the name for each log. Any advice? > > Thanks, > > -Frank > > > --- Patrick Ramsey > wrote: > > This should be functionallity of the logging > > server... It should do a reverse lookup on the ip > > and post it there... If there is no reverse lookup, > > it hsould at least post the ip address... what > > syslog are you running and what platform? > > > > -Patrick > > > > >>> "Frank Ofus" 09/18/01 > > 04:34PM >>> > > Hi folks, > > I have many routers pointing to one syslogd server. > > Is it possible to tell the Router to prepend the > > router's name in each log message so when looking at > > the logs, you can tell which message originates from > > which router? The below log does not tell me the > > name > > of the router: > > > > R2501#show log > > Syslog logging: enabled (0 messages dropped, 0 > > flushes, 0 overruns) > > Console logging: level debugging, 436 messages > > logged > > Monitor logging: level debugging, 0 messages > > logged > > Trap logging: level informational, 440 message > > lines logged > > Logging to 192.168.1.1, 6 message lines > > logged > > Buffer logging: level debugging, 436 messages > > logged > > > > Log Buffer (4096 bytes): > > te to up > > Jul 20 20:47:40.208 EDT: %FR-5-DLCICHANGE: Interface > > Serial1 - DLCI 203 state changed to ACTIVE > > Jul 30 20:28:47.094 EDT: %LINEPROTO-5-UPDOWN: Line > > protocol on Interface Serial1, changed state to down > > Jul 30 20:28:48.130 EDT: %LINEPROTO-5-UPDOWN: Line > > protocol on Interface Serial1, changed state to up > > Jul 31 12:41:22.688 EDT: %SYS-5-CONFIG_I: Configured > > from console by dpendlet on vty0 (192.168.1.50) > > Jul 31 12:44:56.400 EDT: %SYS-5-CONFIG_I: Configured > > from console by dpendlet on vty0 (192.168.1.50) > > Aug 2 14:03:15.847 EDT: %SYS-5-CONFIG_I: Configured > > from console by lkim on vty0 (192.168.1.50) > > Aug 4 21:38:48.371 EDT: %LINEPROTO-5-UPDOWN: Line > > protocol on Interface Serial1, changed state to down > > > > > > > > I want the name of the router to be in each line of > > the log. Thanks for any help. > > > > > > -Frank > > > > > > > > __ > > Terrorist Attacks on U.S. - How can you help? > > Donate cash, emergency relief information > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > [EMAIL PROTECTED] > > > > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20328&t=20315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay - duplex. [7:20320]
Hi, In most cases a CIR of 128K in each direction (full duplex) with bursts up to 256K depending on frame switch and or other PVC's on the link's utilsation. Just a thought Teunis Hobart, Tasmania Australia On Tuesday, September 18, 2001 at 05:52:57 PM, [EMAIL PROTECTED] wrote: > We have a discrepancy going on between our infrastructure group. The question > is. Is Frame Relay full duplex or half? We've called several providers > several > times each and we get different answers from the same provider. We are fairly > certian that a T1 is full duplex -1.544 both in and out. > > If we have a frame circuit that has a port of 256 and a CIR of 128. Are we > guaranteed 128 to transmit and 128 to receive, or are we guaranteed 128 to > both > transmit and receive. > > Curious and thanks!, > Rob Michel > [EMAIL PROTECTED] -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20327&t=20320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multihoming Without BGP!!!!!....How Posible???? Here's How [7:20329]
I think the key here is that you have to NAT into each provider separately. This really only requires some intelligence internal to the network such that you can choose an outbound route towards an active ISP/link. This works well for outbound only and in reality, choosing outbound paths based on various criteria is simple relative to figuring out inbound load balancing, BGP or otherwise. To add to John N's list of gear on that topic, I'd mention the F5 3DNS as one of the more popular DNS based load distribution boxes. Pete *** REPLY SEPARATOR *** On 9/18/2001 at 6:41 PM Tony van Ree wrote: >Hi, > >Wouldn't this also depend largely on the routing etc from each of the >upstream providers. For example, if the address range used is within one >provided via the upstream provider it is likely the routes to others in >that >upstream provider will only come via the link provided by the upstream >provider. > >eg. (I know this example uses private space but it is just an example) You >are given a range say 172.16.20.0/23 by you provider. This fits in the >providers range of 172.16.0.0/16. The provider does not allow it's own >addresses in to its network via another provider (quite a normal >arrangement). It will not be possible then to access a number of sites. > >Just a thought on something I have seen on a number of occasions. Maybe >you >have an answer for this. > >Teunis, >Hobart, Tasmania >Australia > >On Tuesday, September 18, 2001 at 05:15:22 PM, [EMAIL PROTECTED] >wrote: > >> If you do not want to go the complexity of running BGP and you still want >> to multihome your network to the Internet here's how to do it: >> >> Purchase and configure two egresses to the Internet via two different >ISPs. >> Say that both edge routers are Cisco 3640's and both have a Firewall, >say a >> Pix behind them for security. >> >> I emphasize that for this to work make sure both 3640s have at least two >> Ethernet or Fa ports each! >> >> Setup your default gateway on both 3640s to be each respective ISP next >> hop. Setup the default gateway of your Pix to its respective edge 3640 >> router. Setup a vlan on a switch, do not make any routers aware of that >> vlan...its only a local broadcast domain...kind of like using a hub. >> >> Say your primary Ethernet interface on both edge routers is E0/0. Patch >> both E0/1 interfaces on each 3640 to your local vlan so that they can >> communicate, don't forget to no shut these interfaces of course. >Configure >> both E0/1 interfaces so that they are both in the same subnet, use a /30 >> bit mask so that there is never a possiblity for IP overlap.you may >> totally forget about these interfaces..I warn you..I have on my network ; >> -). Now configure HSRP on Both E0/0 interfaces with each other's E0/0 as >> the stanby IP address. >> >> Your done! If ISP 1 dies, HSRP will kick in and spoof the mac of your >> other 3640. All traffic that hits your edge router pointed toward the >dead >> ISP will be forwarded across your local vlan to your other ISP! >> >> This of course doesn't work if your are running a web server and you are >> NATing simultaneously like 99% of the world, however I have a workaround >> for that. Instead of registering with the A root DNS server the outside >IP >> address of your primary 3640 as the resolution to www.yourwebpage.com. >Pay >> a little extra for a fully meshed ISP to host a static page for you. >> Register this static page with Internic. Write the static page to do a >> JAVA redirection into your network. The ISP will have the headaches of >> running the BGP and even if their link to you fails, chances are that >your >> static page that they are hosting will still be veiwable to the Internet. >> Simply write your JAVA redirector to have your secondary 3640's outside >IP >> address as a mirror site for immediate redirection. >> >> >> >> John Squeo >> Technical Specialist >> Papa John's Corporation >> (502) 261-4035 >-- >www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20329&t=20329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Syslogd question [7:20315]
I am smoking crack. I meant to say syslogd. The reason I typed in tftpd cuz I was also working on tftping an ios into a router when I typed this email out. Don't laugh guys. -Frank --- Patrick Ramsey wrote: > I've never used tftpd to syslog > > Are you running syslogd on the same server by > chance? If so I would use that. > > -Patrick > > >>> Frank Ofus 09/18/01 04:36PM > >>> > Patrick, > Thanks for the response. I'm running unix tftpd. I > can't seem to find the syntax to force my tftpd to > prepend in the name for each log. Any advice? > > Thanks, > > -Frank > > > --- Patrick Ramsey > wrote: > > This should be functionallity of the logging > > server... It should do a reverse lookup on the ip > > and post it there... If there is no reverse > lookup, > > it hsould at least post the ip address... what > > syslog are you running and what platform? > > > > -Patrick > > > > >>> "Frank Ofus" 09/18/01 > > 04:34PM >>> > > Hi folks, > > I have many routers pointing to one syslogd > server. > > Is it possible to tell the Router to prepend the > > router's name in each log message so when looking > at > > the logs, you can tell which message originates > from > > which router? The below log does not tell me the > > name > > of the router: > > > > R2501#show log > > Syslog logging: enabled (0 messages dropped, 0 > > flushes, 0 overruns) > > Console logging: level debugging, 436 messages > > logged > > Monitor logging: level debugging, 0 messages > > logged > > Trap logging: level informational, 440 message > > lines logged > > Logging to 192.168.1.1, 6 message lines > > logged > > Buffer logging: level debugging, 436 messages > > logged > > > > Log Buffer (4096 bytes): > > te to up > > Jul 20 20:47:40.208 EDT: %FR-5-DLCICHANGE: > Interface > > Serial1 - DLCI 203 state changed to ACTIVE > > Jul 30 20:28:47.094 EDT: %LINEPROTO-5-UPDOWN: Line > > protocol on Interface Serial1, changed state to > down > > Jul 30 20:28:48.130 EDT: %LINEPROTO-5-UPDOWN: Line > > protocol on Interface Serial1, changed state to up > > Jul 31 12:41:22.688 EDT: %SYS-5-CONFIG_I: > Configured > > from console by dpendlet on vty0 (192.168.1.50) > > Jul 31 12:44:56.400 EDT: %SYS-5-CONFIG_I: > Configured > > from console by dpendlet on vty0 (192.168.1.50) > > Aug 2 14:03:15.847 EDT: %SYS-5-CONFIG_I: > Configured > > from console by lkim on vty0 (192.168.1.50) > > Aug 4 21:38:48.371 EDT: %LINEPROTO-5-UPDOWN: Line > > protocol on Interface Serial1, changed state to > down > > > > > > > > I want the name of the router to be in each line > of > > the log. Thanks for any help. > > > > > > -Frank > > > > > > > > __ > > Terrorist Attacks on U.S. - How can you help? > > Donate cash, emergency relief information > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > [EMAIL PROTECTED] > > > > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20330&t=20315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial is reset? [7:20255]
Hi, This is some info that may be of help. Interfaces resets happen when packets queued for transmission were not sent within several seconds. On Serial this can be caused by a malfunctioning of modem that is not supplying the clock signal or by a cable problem. If the system notices that the carrier detect line of serial interface is up, but the protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when the interface is looped back or shut down. For more details lookup Serial and Trouble shooting, or check the CIT exam certification guide by Cisco Press. cheers Vijay Patankar CCSI,CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20331&t=20255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: Worm probes - Part II [7:20294]
I am surprised Symantec still has not updated their source on this yet. The last update from them is at noon and has it listed as low threat. I had to goto antivirus.com to get updates.. At least on our network, this worm is creating some sort of a tftp service on the host PCs and creating extra traffic and it is also creating tremendous amount of arp traffic over the network. I do not take care of the internal network where I am, but after running the sniffer on my PC, I have seen our broadcast traffic increase by about 7 times then normal, mostly due to arp. And the VLAN that I am tied into seems to be the least affected side. Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20332&t=20294 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix and DMZ [7:20333]
Hi All, I am having a problem configuring the Pix's DMZ interface specifically getting it to talk to the inside and also having the inside talking to it. Here's the scenario: I have 3 interfaces on a Pix 520 running 6.0(1). I have a inside interface which is on the 192.168.1.0 network, dmz which is on 172.22.100.0 network, and outside which is 62.20.100.x Class C network. I want inside boxes to be able to access a pc on the dmz called DMZPC with ip address of 172.22.100.100. I also want the DMZPC to be able to access machines on the inside of the network. All interfaces on the Pix uses x.x.x.1 for their respective ip addresses. Currently, my box on the DMZ can access the Internet and the Internet can access it via a "static (dmz,outside) 62.20.100.131 172.22.100.131 netmask 255.255.255.255 0 0" command. Here's the output from a show route on my Pix: outside 0.0.0.0 0.0.0.0 62.20.99.2 1 OTHER static(that's the ip address of the router on the outside that gets forwarded to our ISP) outside 62.20.100.0 255.255.255.0 62.20.100.1 1 CONNECT static dmz 172.22.100.0 255.255.255.0 172.22.100.1 1 CONNECT static inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static Other commands in my configuration that might be important: global (outside) 1 62.20.100.7 netmask 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 I have read the Cisco Pix manual and tried the using the syntax in the manual but I am now more confused than when I started. Can someone provide me the configuration lines I need to get it working? Any help or tips would be greatly appreciated. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20333&t=20333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay - duplex. [7:20320]
I agree with everyone, most are going to automatically set the CIR to be the same both ways. Setting traffic at different speed at each direction would most likely be a request from the customer now days. If you need to be sure, you can ask the provider how your settings are set. They should be able to provide how your connections are configured. Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20334&t=20320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay - duplex. [7:20320]
Full Dave Tony van Ree wrote: > > Hi, > > In most cases a CIR of 128K in each direction (full duplex) with bursts up > to 256K depending on frame switch and or other PVC's on the link's utilsation. > > Just a thought > > Teunis > Hobart, Tasmania > Australia > > On Tuesday, September 18, 2001 at 05:52:57 PM, [EMAIL PROTECTED] wrote: > > > We have a discrepancy going on between our infrastructure group. The > question > > is. Is Frame Relay full duplex or half? We've called several providers > > several > > times each and we get different answers from the same provider. We are > fairly > > certian that a T1 is full duplex -1.544 both in and out. > > > > If we have a frame circuit that has a port of 256 and a CIR of 128. Are we > > guaranteed 128 to transmit and 128 to receive, or are we guaranteed 128 to > > both > > transmit and receive. > > > > Curious and thanks!, > > Rob Michel > > [EMAIL PROTECTED] > -- > www.tasmail.com -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20335&t=20320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7206 reverse telnet to aux port [7:20336]
Alright, I am being a slacker, I can't remember the port number for the aux port on the 7206 routers. I am setting up another router at a remote site and have a console cable running from the aux port of the 7206 into the console port of the new router (36xx) and I can't remember the port number to do the reverse telnet. Anyway if you know it or can find it on CCO before me ;-) I would appreciate it. Thanks, Ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20336&t=20336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What kind of DRAM is being used on this 7505/VIP2 [7:20337]
Hi folks, I thought I send out this question for a quick answer before I open up this router apart. What kind of ram can I use for this router? Is it 72pins, pc66, or pc100? Below is my show version. Thanks for any help. R7505#sh ver Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-JK2SV-M), Version 12.0(4)T, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Wed 28-Apr-99 22:49 by kpma Image text-base: 0x60010908, data-base: 0x61186000 ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc 1) BOOTFLASH: GS Software (RSP-BOOT-M), Version 11.1(22)CA, EARLY DEPLOYMENT RELEAS E SOFTWARE (fc1) R7505 uptime is 1 weeks, 1days, 2hours, 52 minutes System restarted by reload at 08:39:07 est Sun May 13 2001 System image file is "slot0:rsp-jk2sv-mz.120-4.T" cisco RSP4 (R5000) processor with 32768K/2072K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on G.703/E1 software, Version 1.0. G.703/JT2 software, Version 1.0. X.25 software, Version 3.0.0. SuperLAT software copyright 1990 by Meridian Technology Corp). Bridging software. TN3270 Emulation software. Chassis Interface. 2 VIP2 controllers (3 FastEthernet)(4 Serial). 3 FastEthernet/IEEE 802.3 interface(s) 4 Serial network interface(s) 123K bytes of non-volatile configuration memory. 16384K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x102 __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20337&t=20337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN - NAT interoperability [7:20326]
You first decide what traffic you wan to tunnel. That traffic will match an access list for sening over the tunnel. I believe that plain old GRE tunneling is supported in the standard IP feature set, but I'm not sure. To make use of IPSec, I do believe you need the IP PLUS feature set, but I'm feeling too lazy to go look it up on Ciscos web site... Anyways... Once that feature is set, you configure a crypto map with your desired encryption strength, and apply that to both the terminating and the tunnel interfaces... That should do it. Please correct me if I missed anything... -Brant. -Original Message- From: "Robert McIntire" To: [EMAIL PROTECTED] Date: Tue, 18 Sep 2001 18:58:18 -0400 Subject: VPN - NAT interoperability [7:20326] I'm looking to study the Cisco method of VPN implementation. I've worked a little with the IOS firewall feature pack, but have a few questions about how all of these features on a Cisco edge router work together. First of all, does anyone know which feature set is required to nail up a tunnel? I'm assuming that its the IP plus IPsec 56 feature pack, and that I would have both firewalling and tunneling ability with the IP/FW plus IPSec 56 feature set. Can anyone in the know verify this for me before I hose up the home lab?? Also, one final question. Let's say I've got an edge router at 2 remote offices connecting each private network to the Internet. How do NAt and tunneling work together? If dynamic NAT is enabled with the outside address of the router, wouldn't all traffic existing the outside interface be NAted? Surely not, but I'm in need of documentation. How is traffic bound for the other office directed down the tunnel? Does anyone know of a good tutorial about how this all works toghether?f0D Thanks in advance for any info, Bob McIntire, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20339&t=20326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7206 reverse telnet to aux port [7:20336]
I found it, did the obvious - show line Anyway it showed that the aux port is 2001 Ed ""Ed Horley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Alright, I am being a slacker, I can't remember the port number for the aux > port on the 7206 routers. I am setting up another router at a remote site > and have a console cable running from the aux port of the 7206 into the > console port of the new router (36xx) and I can't remember the port number > to do the reverse telnet. > > Anyway if you know it or can find it on CCO before me ;-) I would appreciate > it. > > Thanks, > Ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20338&t=20336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN experts [7:20340]
HI I have a cisco router at a remote site that is connected to the internet with a dynamic IP from ISP. I am using a vpn tunnel with ipsec 3DES to connect to a Pix firewall at my central site. My question is, am I exposed to any security problems on my cisco router?. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20340&t=20340 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HP Openview [7:20259]
Patrick, I was going through cisco site and found this solution to your problem.The link is http://www.cisco.com/warp/public/477/Gen_NMS/23.html When Running HSRP, "Duplicate IP Address" Messages Appear in HP OpenView NNM Event Browser --- This technical tip addresses the problem of "Duplicate IP Address" messages appearing in (and sometimes flooding) the Hewlett-Packard (HP) OpenView Network Node Manager (NNM) event browser when running Hot Standby Router Protocol (HSRP). Note: This document originated from HP technical support. If you would like more information or have further questions on this issue, you may wish to contact HP: http://www.openview.hp.com As an example, you could see this problem when you have two RSMs with HSRP enabled. One message would display in the event browser for each IP address configured on the RSMs. Note: This workaround causes HP OpenView to poll the Hot Standby routers with an incorrect community string. If configured, these routers could potentially flood your management station with Authorization Failure traps. An unsupported method of working around this problem is to create a file called netmon.noDiscover in the /etc/opt/OV/share/conf directory that contains all the Hot Standby IP addresses. This causes HP OpenView's discovery mechanism to disregard these addresses before beginning to poll them. The following steps detail a Hewlett-Packard recommended procedure that allows HP OpenView NNM to operate correctly in an environment that includes Cisco routers supporting HSRP. Obtain a list of all Hot Standby addresses in the management domain. These are the IP addresses that will migrate from one physical router to another when one router goes down. Use the "Options->SNMP Configuration" menu item to add an entry for each Hot Standby address. In each entry, enter the IP address in the Target field, and an incorrect community name in the Community field. This causes all SNMP access to the Hot Standby address to fail because of the incorrect community name. Make sure that none of the Hot Standby addresses resolve to the same hostname as any of the real routers in the /etc/hosts file or the nameserver. If the "I" flag had previously been added to the /etc/opt/OV/share/conf/oid_to_type file in an attempt to fix the HSRP problem, it can be safely removed at this time. Stop network monitoring with the ovstop netmon command. Find all instances of the Hot Standby addresses in your map, and delete any interface containing these addresses. This may need to be repeated for all maps, if you have multiple OVW maps. If any of the routers in the map look incorrect (that is, they have incorrect addresses or interfaces associated with them), then delete these routers as well. They should be rediscovered later. Clear the IP address-to-name mapping cache with the xnmsnmpconf -clearCache command. Restart network monitoring with the ovstart netmon command. Tribavan Raina Network Consultant TechTonics Group Limited Level 31 Grand Plimmer Tower 2-6 Gilmer Terrace PO Box 11 199 Wellington Ph: +64 4 385 2628 Fax: +64 4 385 2400 www.techtonics.co.nz -Original Message- From: Estes, Timothy R. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 September 2001 6:47 a.m. To: [EMAIL PROTECTED] Subject: RE: HP Openview [7:20259] I've heard of this one before. HSRP drives OpenView nuts. As others have already pointed out, you can disable this event in Event Configuration. I don't know about you, but I have way too many other problems to shoot to be worrying about duplicate IP issues, so losing this event shouldn't hinder your ability to manage your network. I would check on OVFORUM (http://www.ovforum.org) to see if any of the OV gurus there have an answer. I seem to remember a couple of questions about HSRP on that group lately. Timothy Estes CCNA CCDA Brainbench MVP for TCP/IP Administration Senior Network Systems Analyst Tier III Systems Support Intermedia Communications [EMAIL PROTECTED] -Original Message- From: Patrick Donlon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: HP Openview [7:20259] Need some info from all you HPOV experts, I'm seeing alarms from a router every 62 minutes. The alarm states "router reports address 0x0c07ac00 for 10.10.10.1, router reported 0x00d0bbcc9400 via snmp" -the first mac address is the virtual mac address for the standby interface, -the second mac address is one of the ethernet interfaces from the router. >From reading the detail information on the trap it appears this info is generated because the node has more than one mac for the interface. Can anyone help me stop these traps, I'm about to set up a lot more standby interfaces so it'll become a real nuisance then. Thanks Message Posted at: http://www.g
RE: Pix and DMZ [7:20333]
Hi.. There is nothing big,Just remember one rule, 1)When traffic is allowed to flow from higher security interface to lower you have to use global and nat. 2)When traffic is allowed to flow from lower to higher then you have to use static and access-list. In your case you have to allow access from high to low so add one more global command with the address used for natting and also a nat command with respect to that. the command which you have to write is global(dmz) 1 172.22.100.1-172.22.100.10. This should solve your problem.The range which I have givenin global is just an example and these addresses would be used ny pix to nat internal hosts when they would be accessing the dmz.You dont need to add nat as you have already defined that. Hope this helps. Regds Tribavan Raina Network Consultant TechTonics Group Limited Level 31 Grand Plimmer Tower 2-6 Gilmer Terrace PO Box 11 199 Wellington Ph: +64 4 385 2628 Fax: +64 4 385 2400 www.techtonics.co.nz -Original Message- From: Tai Ngo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 18 September 2001 4:05 p.m. To: [EMAIL PROTECTED] Subject: Pix and DMZ [7:20333] Hi All, I am having a problem configuring the Pix's DMZ interface specifically getting it to talk to the inside and also having the inside talking to it. Here's the scenario: I have 3 interfaces on a Pix 520 running 6.0(1). I have a inside interface which is on the 192.168.1.0 network, dmz which is on 172.22.100.0 network, and outside which is 62.20.100.x Class C network. I want inside boxes to be able to access a pc on the dmz called DMZPC with ip address of 172.22.100.100. I also want the DMZPC to be able to access machines on the inside of the network. All interfaces on the Pix uses x.x.x.1 for their respective ip addresses. Currently, my box on the DMZ can access the Internet and the Internet can access it via a "static (dmz,outside) 62.20.100.131 172.22.100.131 netmask 255.255.255.255 0 0" command. Here's the output from a show route on my Pix: outside 0.0.0.0 0.0.0.0 62.20.99.2 1 OTHER static(that's the ip address of the router on the outside that gets forwarded to our ISP) outside 62.20.100.0 255.255.255.0 62.20.100.1 1 CONNECT static dmz 172.22.100.0 255.255.255.0 172.22.100.1 1 CONNECT static inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static Other commands in my configuration that might be important: global (outside) 1 62.20.100.7 netmask 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 I have read the Cisco Pix manual and tried the using the syntax in the manual but I am now more confused than when I started. Can someone provide me the configuration lines I need to get it working? Any help or tips would be greatly appreciated. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20342&t=20333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how does HSRP integrate with OSPF [7:20343]
Hi all.. I have 2 routers and I am running HSRP on them.The third router is connected via a switch through its e0/0 and running OSPF.All the routers are running OSPF. What routing tables will the exchange. Regds Tribavan Raina Network Consultant TechTonics Group Limited Level 31 Grand Plimmer Tower 2-6 Gilmer Terrace PO Box 11 199 Wellington Ph: +64 4 385 2628 Fax: +64 4 385 2400 www.techtonics.co.nz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20343&t=20343 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What kind of DRAM is being used on this 7505/VIP2 [7:20337]
A great way to find out what kind of memory you need is to hit up www.crucial.com - Choose "Cisco" for your vendor, and then pick the model of your router/switch/whatever. At this point, you can then determine what type of RAM is used, and even buy RAM from other vendors besides Cisco. - Sean ""Frank Ofus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi folks, > I thought I send out this question for a quick answer > before I open up this router apart. What kind of ram > can I use for this router? Is it 72pins, pc66, or > pc100? Below is my show version. Thanks for any > help. > > R7505#sh ver > Cisco Internetwork Operating System Software > IOS (tm) RSP Software (RSP-JK2SV-M), Version 12.0(4)T, > RELEASE SOFTWARE (fc1) > Copyright (c) 1986-1999 by cisco Systems, Inc. > Compiled Wed 28-Apr-99 22:49 by kpma > Image text-base: 0x60010908, data-base: 0x61186000 > > ROM: System Bootstrap, Version 11.1(8)CA1, EARLY > DEPLOYMENT RELEASE SOFTWARE (fc > 1) > BOOTFLASH: GS Software (RSP-BOOT-M), Version > 11.1(22)CA, EARLY DEPLOYMENT RELEAS > E SOFTWARE (fc1) > > R7505 uptime is 1 weeks, 1days, 2hours, 52 minutes > System restarted by reload at 08:39:07 est Sun May 13 > 2001 > System image file is "slot0:rsp-jk2sv-mz.120-4.T" > > cisco RSP4 (R5000) processor with 32768K/2072K bytes > of memory. > R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB > L2 Cache > Last reset from power-on > G.703/E1 software, Version 1.0. > G.703/JT2 software, Version 1.0. > X.25 software, Version 3.0.0. > SuperLAT software copyright 1990 by Meridian > Technology Corp). > Bridging software. > TN3270 Emulation software. > Chassis Interface. > 2 VIP2 controllers (3 FastEthernet)(4 Serial). > 3 FastEthernet/IEEE 802.3 interface(s) > 4 Serial network interface(s) > 123K bytes of non-volatile configuration memory. > > 16384K bytes of Flash PCMCIA card at slot 0 (Sector > size 128K). > 8192K bytes of Flash internal SIMM (Sector size 256K). > Configuration register is 0x102 > > > __ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20344&t=20337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT : bandwidth requirement for SAP (ERP system) [7:20345]
Anyone has the experience of having SAP running on their network ? What is the actual bandwidth requirement per active SAP user ? On CCO, there is a formula provided by Cisco : SAP bandwidth requirement = 16000 * Number of active SAP users / (dialog think time + response time) bit/sec _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20345&t=20345 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF demand Circuit [7:20228]
I don't know the answer, so I will ask: isn't demand circuit a part of the OSPF specification, per RFC 1793? ( and please don't rag on me if I misremembered the RFC #. My ISP has apparently been crippled by the nambia worm, and I can't get to any web sites tonight ) Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lance Sent: Tuesday, September 18, 2001 10:06 AM To: [EMAIL PROTECTED] Subject: Re: OSPF demand Circuit [7:20228] Is there any way I can find which routers do not support it, I assume that each router must run IOS 11.3 or later? Thanks, Lance ""Sasa Milic"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Lance, > > DNA LSAs are not allowed because router received LSAs (ten different > LSAa) without DC bit set in options field from other routers in the > area. That means that there are routers in the area which doesn't > support demand circuit. As you remember, in order to support DNAs, > all routers in the area must support it, which is not the case in > your network. > > Sasa > > > Lance wrote: > > > > I have R6 connected to R5 via an ethernet and a ISDN link. The ISDN link > is > > configured as an OSPF demand circuit however when I do a show ip ospf int I > > get the following output. Notice that it says "DoNotAge LSA not allowed > > (Number of DCbitless LSA is 10)". Why is this, I need for the DoNotAge LSA > > to be allowed and I thought this is what ospf demand-circuit is for. BTW > > this is CCbootcamp lab 8a. Please help? > > > > R6#sho ip ospf int bri0 > > BRI0 is up, line protocol is up (spoofing) > > Internet Address 137.20.224.6/20, Area 0 > > Process ID 64, Router ID 137.20.60.1, Network Type POINT_TO_POINT, Cost: > > 1562 > > Configured as demand circuit. > > Run as demand circuit. > > DoNotAge LSA not allowed (Number of DCbitless LSA is 10). > > Transmit Delay is 1 sec, State POINT_TO_POINT, > > Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 > > Hello due in 00:00:06 > > Neighbor Count is 1, Adjacent neighbor count is 1 > > Adjacent with neighbor 137.20.240.1 (Hello suppressed) > > Suppress hello for 1 neighbor(s) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20346&t=20228 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
