Re: EIGRP network design [7:21019]
The firewalls are for the internet and the intranet. At the moment I thinking of using statics on the outside of internet firewall and possible using RIPv2 for the inside. For the intranet I'm considering using RIP on both sides, but statics haven't been ruled out for either firewall regards ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > my question was the design itself - why are there firewalls at all these > branches if this is an internal network? firewalls generally would be placed > at network edges? Is this a VPN solution? > > otherwise, if this is an issue of placing security zones throughout a > corporate network, I would make each zone self contained, with static routes > into the other zones. I'm not so sure I would want to be running routing > protocols through a firewall, if for no other reason than that the routing > updates could be sniffed, and would reveal more that should be revealed > about network structure. > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Priscilla Oppenheimer > Sent: Wednesday, September 26, 2001 10:08 AM > To: [EMAIL PROTECTED] > Subject: Re: EIGRP network design [7:21019] > > > RIPv1 sends to 255.255.255.255. RIPv2 sends to 224.0.0.9. They both use UDP > port 520. Both the source and dest ports are 520. > > Are you sure static routes wouldn't be the best bet, though? I haven't > followed the entire discussion, so if that's off the wall, just ignore it. > > Priscilla > > > At 09:09 AM 9/26/01, Carroll Kong wrote: > >Hm. If you are that worried about internal security, you should probably > >make an ACL that allows only the redistributing router's ip, deny all other > >udp port 520 reqs (for ripv1, or multicast 224.0.0.5? re-check what it > >uses). Also, you might need to write some no nat rules to avoid nat. That > >might be more work than statics. > > > >Yes, IPs are spoofable, and so are MAC addresses. If your internal > >security helps avoid this (easy to do), then an ACL for Rip updates should > >be fairly secure. > > > >At 04:41 AM 9/26/01 -0400, Patrick Donlon wrote: > > >Yes the firewalls are all PIX. For the PIX can I set up the PIX to > receive > > >RIP routes redistributed from the EIGRP routers? If so this will save a > lot > > >of admin work, but will this be a security risk, ie. someone being able > to > > >inject routes into the PIX? > > > > > >regards > > > > > >""Carroll Kong"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > What kind of firewalls? Pix? If so, try RIP v2 with redistribution > into > > > > your routers. As for discontiguous networks, there are many ways > around > > > > that, with a different cost associated of course. > > > > > > > > At 12:52 PM 9/25/01 -0400, Patrick Donlon wrote: > > > > >Hi everyone > > > > > > > > > >I've got a project where I have to design and implement EIGRP in a > small > > >to > > > > >medium sized network of about 50 to 70 routers. One of my main > problems > > >is > > > > >what to do with routing updates at the firewalls at each site, should > > >they > > > > >be allowed to pass through the firewall or should statics be used > either > > > > >side of the firewalls. Another problem I can see is the routes on the > > > > >firewalls, is there a way to avoid having to type all those route > >entries > > >in > > > > >them, the network has many discontiguous networks. And one last point > is > > >the > > > > >redistribution to the BGP routers at the edge of the network I'm > after > > >some > > > > >tips, experiences and URLs so I can read around the subject myself > > > > > > > > > >Regards Pat > > > > -Carroll Kong > >-Carroll Kong > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21269&t=21019 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RIPv2 authentication, routing, pinging [7:21267]
interesting phenomenon, one which makes no sense to me. sorry, I don't have configs or traces, so I hope my word is good here. Practicing authentication of various kinds. RIPv2. R1R2-R3 the authentication key chain and key strings are different on the R1-R2 link than on the R2-R3 link. all routes on all routers appear as expected. however, I am unable to ping from R1 to R3 or visa versa. when I remove authentication, save, all routes appear again, and end to end pinging occurs just fine put in authentication again, with all links using the same authentication key-string. all routes appear in all routing tables and end to end pinging occurs. question - how is it that all routes appear everywhere, but pinging is not possible when the authentication key-string is different for the different links? authentication has nothing to do with the routed protocol - only the routing protocol messages. anyone run into this one? my CCO searches were not enlightening. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21267&t=21267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tunning buffers [7:21268]
hello all any bidy has an idea what does it mean by need-11 the router is suffereing form no buffer Buffer elements: 437 in free list (500 max allowed) 475 hits, 0 misses, 0 created Small buffers, 104 bytes (total 60, permanent 60): 60 in free list (20 min, 150 max allowed) 62 hits, 0 misses, 0 trims, 0 created Middle buffers, 600 bytes (total 25, permanent 25): 23 in free list (10 min, 75 max allowed) 58 hits, 0 misses, 0 trims, 0 created Big buffers, 1524 bytes (total 71, permanent 66, need -11): 5 in free list (5 min, 40 max allowed) 66 hits, 0 misses, 0 trims, 5 created 16 max cached, 15 in cache free list Large buffers, 5024 bytes (total 0, permanent 0): 0 in free list (0 min, 10 max allowed) 0 hits, 0 misses, 0 trims, 0 created Huge buffers, 18024 bytes (total 0, permanent 0): 0 in free list (0 min, 4 max allowed) 0 hits, 0 misses, 0 trims, 0 created Best Regards Have A Good Day!! ;;; Farhan AhmedR MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21268&t=21268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tunning buffers in 2500 router [7:21270]
hello all any bidy has an idea what does it mean by need-11 the router is suffereing form no buffer Buffer elements: 437 in free list (500 max allowed) 475 hits, 0 misses, 0 created Small buffers, 104 bytes (total 60, permanent 60): 60 in free list (20 min, 150 max allowed) 62 hits, 0 misses, 0 trims, 0 created Middle buffers, 600 bytes (total 25, permanent 25): 23 in free list (10 min, 75 max allowed) 58 hits, 0 misses, 0 trims, 0 created Big buffers, 1524 bytes (total 71, permanent 66, need -11): 5 in free list (5 min, 40 max allowed) 66 hits, 0 misses, 0 trims, 5 created 16 max cached, 15 in cache free list Large buffers, 5024 bytes (total 0, permanent 0): 0 in free list (0 min, 10 max allowed) 0 hits, 0 misses, 0 trims, 0 created Huge buffers, 18024 bytes (total 0, permanent 0): 0 in free list (0 min, 4 max allowed) 0 hits, 0 misses, 0 trims, 0 created Best Regards Have A Good Day!! ;;; Farhan AhmedR MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. ;;; Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21270&t=21270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Strange CAR behaviour ! ! ! Is is an IOS bug ??? [7:21271]
Hi group, I have set CAR on one of my sub-interfaces on my 3661 router, the problem is that it only limits the OUTPUT packets. Here are my configs: interface FastEthernet0/0.3 description 32/128 kbps test encapsulation isl 3 ip address 213.217.37.245 255.255.255.252 no ip redirects no ip directed-broadcast rate-limit input 32000 8000 8000 conform-action transmit exceed-action drop rate-limit output 128000 8000 8000 conform-action transmit exceed-action drop end And bellow are the results when I stated pinging (ping -f ) a host on VLAN 3 (213.217.37.246) from my linux server Router#sh int rate-limit FastEthernet0/0.3 32/128 test Input matches: all traffic params: 32000 bps, 8000 limit, 8000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 1867294456ms ago, current burst: 0 bytes last cleared 00:32:57 ago, conformed 0 bps, exceeded 0 bps Output matches: params: 128000 bps, 8000 limit, 8000 extended limit conformed 9943 packets, 10337248 bytes; action: transmit exceeded 312 packets, 449888 bytes; action: drop last packet: 392ms ago, current burst: 2760 bytes last cleared 00:37:28 ago, conformed 36000 bps, exceeded 1000 bps Any idea why the input limit doesn't work? Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21271&t=21271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
re: assistance from your experience please! [7:21272]
Good morning All i have a small issue here of which i need your experience am new to pix firewall and am runing ver 5.3 i need to set up an access list to allow TFTP, FTP, only inside. is this correct? **marked access-list acl_inside permit tcp 10.0.0.0 255.0.0.0 10.19.22.0 255.255.255.0 eq www access-list acl_inside permit tcp 10.0.0.0 255.0.0.0 10.19.22.0 255.255.255.0 eq 139 access-list acl_inside permit udp 10.0.0.0 255.0.0.0 10.19.22.0 255.255.255.0 eq TFTP*** access-list acl_inside permit tcp 10.0.0.0 255.0.0.0 10.19.22.0 255.255.255.0 eq 69* access-list acl_inside permit tcp 10.0.0.0 255.0.0.0 10.190.22.0255.255.255.0 eq ftp-data* access-list acl_inside permit tcp 10.0.0.0 255.0.0.0 10.190.22.0255.255.255.0 eq 20* also is this statement correct? access-list acl_inside permit udp 10.0.0.0 255.0.0.0 10.19.22.0 255.255.255.0 eq snmp-req Basicaly i need to allow ftp inside and tftp only. Thanks Rod Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21272&t=21272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF summary LSA's [7:21273]
Please help. I am a bit confused with the following: Summary type 3 LSA's are generated by the ABR for every network and propogated across area 0. When one of these networks goes down the ABR will send an update summary LSA to all it's areas ??? If this is the case does this mean that all SPF routers in all areas will recalculate their SPF algorithm. As I understand the whole point of areas is to stop this from happening? My question is when an internal router receives a type3 LSA from an ABR ,does it recalculate it's link state database??? Chris Burnham, Systems Engineer, Delphis Consulting Plc. Tel: +(44) 020 7916 0200 Mob: +(44) 07799403576 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21273&t=21273 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: policy route [7:21044]
my appologies. i always presumed it worked in the same way as unix-HA... thanks for the correction steve >From: "Kent Hundley" >Reply-To: "Kent Hundley" >To: [EMAIL PROTECTED] >Subject: RE: policy route [7:21044] >Date: Wed, 26 Sep 2001 13:52:32 -0400 > >Stephen, > >Your statement is incorrect. Enabling HSRP on a router does not cause the >standby router to send all packets to the primary. The only things that >enabling HSRP does is: > >1) Enable the primary router to answer arp replies and accept/return >packets >for the virtual IP address (it does this by creating a virtual MAC to match >the virtual IP) >2) Enable a hearbeat signal so that secondaries can takeover for the >primary >in the event of failure > >Neither of these things has any effect on the backup HSRP routers ability >to >forward IP packets as it normally would. You can still use the secondary >HSRP router as you normally would by sending packets to its real IP. The >secondary routers will forward packets sent to them based on the contents >of >their routing table, they will not simply send all traffic over to the >primary router. > >I've tested this in real world scenarios before and just re-confirmed it in >my lab. > >-Kent > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Stephen Skinner >Sent: Wednesday, September 26, 2001 8:12 AM >To: [EMAIL PROTECTED] >Subject: RE: policy route [7:21044] > > >i have to diasgreeevery 3 secs a pulse is sent from the active to >standby.even if you have a route connected to your standbywhen >thestandby gets any routed packets HSRP (which is layer 1/2) will send >it to the active master..this wil then route the packets accordingly... > >i`m told ther is a way around this but you will have to search the >archives...it was only a couple of weeks ago > >Cheers > >steve > > >From: "Jim Bond" > >Reply-To: "Jim Bond" > >To: [EMAIL PROTECTED] > >Subject: RE: policy route [7:21044] > >Date: Tue, 25 Sep 2001 17:15:07 -0400 > > > >I have to disagree. The standby router has static > >route point to the other side. Once traffic gets to > >standby, it should route... > > > >Jim > > > >--- Liang Mark J Civ AFRL/PROI > > wrote: > > > Standby is stanby, it doesn't do any routing until > > > the active router goes > > > down. > > > > > > Regards, > > > > > > Mark, > > > > > > -Original Message- > > > From: Jim Bond [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, September 25, 2001 11:52 AM > > > To: [EMAIL PROTECTED] > > > Subject: policy route [7:21044] > > > > > > > > > Hello, > > > > > > I have 2 routers running HSRP in a small office. I > > > want SMTP traffic go through standby router so I > > > configured policy route on active router that all > > > SMTP > > > traffic, send to standby router. But it doesn't > > > work. > > > I'm wondering if policy route will work this way? > > > > > > At active router: > > > interface e0 > > > ip address 10.1.1.2 255.255.255.0 > > > ip policy route-map SMTP > > > standby ip 10.1.1.1 > > > ... > > > route-map SMTP permit 10 > > > match ip address 102 > > > set ip next-hop 10.1.1.3 !standby router ethernet > > > ... > > > access-list 102 permit tcp any any eq 25 > > > > > > Thanks in advance. > > > > > > Jim > > > > > > __ > > > Do You Yahoo!? > > > Get email alerts & NEW webcam video instant > > > messaging with Yahoo! Messenger. > > > http://im.yahoo.com > >[EMAIL PROTECTED] > > > > > >__ > >Do You Yahoo!? > >Get email alerts & NEW webcam video instant messaging with Yahoo! > >Messenger. > >http://im.yahoo.com >_ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21275&t=21044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS Beta Exam + Multicast/QOS Beta Exam [7:21116]
Any comments?! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21274&t=21116 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fastethernet failover [7:21177]
hi, with my new found knowledge on this subject... why don`t you load share your HSRP by using the standby preempt and standby track commands..then simply connect the other ethernet interface to the other switch running HSRP ...job done... ~BTW I THINK.i`m not sure List??? CU steve >From: "David C Prall" >Reply-To: "David C Prall" >To: [EMAIL PROTECTED] >Subject: Re: Fastethernet failover [7:21177] >Date: Wed, 26 Sep 2001 22:54:45 -0400 > >I'd start looking at IRB. > >David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com >- Original Message - >From: "Steve Smith" >To: >Sent: Wednesday, September 26, 2001 12:43 PM >Subject: Fastethernet failover [7:21177] > > > > Hey gang this may sound strange but it was just a thought. I have a 3640 > > that has two separate Ethernet interfaces. I have one that runs into one > > of our cats running HSRP. Is there a way to run the second one to the > > other cat as a fail over path? Can this be done with weights or anything > > like that? > > > > Thanks in advance! > > > > Steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21276&t=21177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE-Security Written [7:21140]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would say the PIX will gain a lot of market share because of the 501 and 506. You can't get a Checkpoint box that will run on a decent box for the prices of the 501 and 506. Some may disagree on that. But, there's no reason not to get both Cisco and Checpoint certs. Checkpoint is a great product and it's not going away anytime soon. It really depends on what you think you'll be exposed to. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm ""Paul Jin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The word out on the street is that Brad Ellis here on the forum > is going to start studying for it... > > Can u confirm brad? > > also, for those that are going to start on some security > specialization, which do you guys think will be more in demand - > Pix side or the Checkpoint side??? > Nondisclosure violations to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBO7MHgEalz3dLMFzwEQJo5QCgwMxOTsGZ+HzC6G5ozoClU4v2LKAAoPGv 2ZR/JbyIcbV4aPcMKAkfItLV =cUiQ -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21277&t=21140 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Way OT but pretty funny.... [7:21210]
I created an order, and they actually give you free shipping and a 15% discount off your order or screws!!! -Original Message- From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 7:18 PM To: [EMAIL PROTECTED] Subject: RE: Way OT but pretty funny [7:21210] That memo would, of course, be on refurbished letterhead. I did a search on the word "screw" on Dell's site. Came up with 38 matches. All "refurbished". I guess the US economy **IS** in dire straits when you can't buy a new screw anymore. Personally, I'm tempted to order ONE refurbished screw. See what they say about my order... -- Leigh Anne > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Bob Johnson > Sent: Wednesday, September 26, 2001 4:07 PM > To: [EMAIL PROTECTED] > Subject: RE: Way OT but pretty funny [7:21210] > > > Hopefully no one from management will have read about the screws > or. I'm just waiting for the new "memo" > > To: All Engineering Staff > Re: IP Packets > > It has come to managements attention that we are continually paying > for new packets with our Internet feed. This is a substantial cost and > must be stopped. All existing packets are to be re-used and no new > packets can be purchased unless authorized by a manager. > > > > > -Original Message- > > From: Patrick [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, September 26, 2001 2:07 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Way OT but pretty funny [7:21210] > > > > > > Hmm... Refurbished screws. Times ARE tough, aren't they. I need to > > look into purchasing some refurbished rubber bands and paper clips > > for the office. > > > > ""John Neiberger"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Sorry, this really struck me as funny and I didn't have > > anyone else to > > > share it with.I'm hoping that this--while not hilarious--will > > > give someone a few laughs. The humor should be apparent. > > > > > > > > http://accessories.us.dell.com/sna/productdetail.asp?Sku=97580 > > &customer_id=1 > > 9&spagenum=5&page=dellitems.asp&icompatid=108891&docid=6158 > > > > > > > > > Long link, sorry > > > > > > Regards, > > > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21278&t=21210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF summary LSA's [7:21273]
No, Chris, the routers receiving a type-3 LSA do NOT need to recalculate the SPF algorithm. The key to understanding this is to realize that the routers within an area have complete knowledge of the topology of the area. In order to get to any destination in a different area, they must go through the ABR. If something changes in another area's topology, it does not affect how they get to the ABR, so no recalculation is required. Another way to look at it is to recall what information is contained in each type of LSA. Type-1 and type-2 LSAs contain detailed topology information -- not only subnet and mask, but exactly what routers are connected to each of the network(s) in question. The type-3 LSA contains only information about subnets/networks (and their costs) that are reachable through the advertising ABR, not which routers are connected to them. So the topology of an area is invisible to any routers outside that area. If the routers don't have any topology information on an area, there's no information to run SPF against. A foggy reply for early in the morning, but hope this helps a bit. Pamela At 05:21 AM 9/27/01 -0400, "Burnham, Chris" wrote: >Please help. I am a bit confused with the following: > >Summary type 3 LSA's are generated by the ABR for every network and >propogated across area 0. When one of these networks goes down the ABR will >send an update summary LSA to all it's areas ??? If this is the case does >this mean that all SPF routers in all areas will recalculate their SPF >algorithm. > As I understand the whole point of areas is to stop this from >happening? >My question is when an internal router receives a type3 LSA from an ABR >,does it recalculate it's link state database??? >Chris Burnham, >Systems Engineer, >Delphis Consulting Plc. >Tel: +(44) 020 7916 0200 >Mob: +(44) 07799403576 >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21279&t=21273 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Dial up access, isp side [7:21280]
This is way off track but someone might have an idea. I want to set up a test lab for dial up internet access. from the isp side. I want up to be able to cope with 100+ users dialing in at any one time, using standard 56k uk lines. Telco lines are not a problem, what i want to know is what do i need between the modems and the server? Cheers George = George Dodds CCNA, MCP Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21280&t=21280 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
packet loss [7:21281]
Group, I have a problem with a certain vlan on our network. The problem goes something like this... I have a vlan105 interface created on a cat 6509. The primary ip address is x.x.105.254. The interface has secondary addresses of x.x.155.254, x.x.156.254 and x.x.157.254. Servers on this network are dropping packets, one in particular, serverA-x.x.155.219, is dropping packets 50% of the time. Moved the server to a different switch, same vlan105, the problem continues. Moved the server to vlan100, it works fine. Replaced cable and nics. Ensured proper speed and duplex are configured. No output from a debug vlan or span. Opened a TAC case a few days ago and the problem still remains. I just got a suggestion to remove and rebuild the vlan105 interface on the router. That will happen later this afternoon. Any other suggestions will be greatly appreciated. Robert Robert M. Lopez Network Planning CIT PGRD Ann Arbor Pfizer Global Research & Development Phone 734-622-3948 Fax 734-622-1690 "There are only two ways to live your life. One is as though nothing is a miracle. The other is as though everything is a miracle." ...Albert Einstein Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21281&t=21281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
