EIGRP & load balancing between ISDN & leased line [7:24629]
A branch is connected to two hub locations, one with 64 Kbps Leased line other with ISDN. Server is at hub location connected by 64Kbps LL. Two hub locations are connected using multiple 2 Mbps links. EIGRP is implemented. If ISDN is fired to 2nd location the load balancing does not happen on both link (64Kbps & ISDN link). If both the channels of ISDN is fired, traffic goes through ISDN, not through 64Kbps LL. Load balancing happens if the 64Kbps Leased line & ISDN is connecting to same hub location. We need to share the load when it crosses above 64 Kbps on LL..Any solution ? _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24629&t=24629 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP & load balancing between ISDN & leased line [7:24630]
A branch is connected to two hub locations, one with 64 Kbps Leased line other with ISDN. Server is at hub location connected by 64Kbps LL. Two hub locations are connected using multiple 2 Mbps links. EIGRP is implemented. If ISDN is fired to 2nd location the load balancing does not happen on both link (64Kbps & ISDN link). If both the channels of ISDN is fired, traffic goes through ISDN, not through 64Kbps LL. Load balancing happens if the 64Kbps Leased line & ISDN is connecting to same hub location. We need to share the load when it crosses above 64 Kbps on LL..Any solution ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24630&t=24630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Security Lab [7:17848]
I have an official statement from Cisco that says that there will be no UNIX, only NT. I was there and it's true. MS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24631&t=17848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Satelite modem with CISCO 7206 router [7:24632]
Hi all, I have faced problem for connectivity between cisco 7206 router and satelite modem (READYNE DMD-15 ) . i need info for this ASAP. My id is [EMAIL PROTECTED] Kalpit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24632&t=24632 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Questions about PIX firewall [7:24634]
Hi all, Our company wants to use PIX 515 firewall but I never use it before. I have some questions and I hope someone can help me. 1. To configure a PIX, is there any GUI interface or need to use Command Line Interface? If it has GUI interface, is it bundle with a PIX or need to purchase separately? 2. We plan to use 2 PIX for HA solution. Is it stable? 3. Is there any materials to describe the PIX failover? Regards, Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24634&t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CPA-2509 ios problem.. [7:24635]
I have a problem with this hardware `cause I erased old ios while I was trying to update it. and Now I couldn`t find any ios compatible with this device. I can boot it only boostrap ios. Can anyone help me which ios compatable with this device? Best Regards Cisco Internetwork Operating System Software IOS (tm) 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1995 by cisco Systems, Inc. Compiled Tue 24-Oct-95 15:46 by mkamson Image text-base: 0x0102, data-base: 0x1000 ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Router_L uptime is 18 minutes System restarted by power-on Running default software cisco CPA2509 (68030) processor (revision D) with 16380K/2048K bytes of memory. Processor board serial number 04603591 with hardware revision X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. Authorized for CiscoPro software set only. (0x80) 1 Ethernet/IEEE 802.3 interface. 2 Serial network interfaces. 8 terminal lines. 32K bytes of non-volatile configuration memory. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24635&t=24635 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
async line drops [7:24636]
I have the following scenario and would welcome comments. I have a 2621 fitted with an 8 port Analog modem card ,which I have connected to a pots line. I am using PPP authentication for users to dial into from laptops. The problem I am facing is that users connect, authenticate ok and remain connected for around 2 mins and then the line drops. Idle timers do not come into play because the line drops even when traffic is passing. Keepalives have been disabled and there are no acl's running. Looking through the modem logs I can see that an event occurs giving the message DISCONNECT duration xxx, reason (0x9) DTR Drop. Things I have already done include upgrading IOS, Firmware, swapping telephone lines (direct line ,no pbx) and debugging the interface. All of which have had no effect. Has anyone experienced a similar problem or have any ideas ?. Regards Jonathan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24636&t=24636 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ORA 3113 [7:24637]
Hello, Is error ORA 3113 network related? Has anyone encountered this problem? If yes then how did you solve this problem. Thank you. Regards, Rock BASSOLE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24637&t=24637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "no ip route-cache cef" [7:24612]
Thanks Chuck! ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > according to the informtion found on the Cisco website, under the command > reference master: > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/swit > ch_r/xrdscmd2.htm#1029825 > > To enable Cisco Express Forwarding (CEF) operation on an interface after CEF > operation has been disabled, use the ip route-cache cef command in interface > configuration mode. To disable CEF operation on an interface, use the no > form of this command. > > Now that you have a starting point, you can follow up with some reading on > CEF and what is is and is supposed to do. > > Sometimes the folks over on NANOG don't have much good to say about CEF but > that's another story. > > Chuck > > > ""Thomas N."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > What does the "no ip route-cache cef" does? Anyone knows? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24638&t=24612 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Bay BLN Documentation [7:24620]
What are you looking for? Hardware or Software config docs and for what version of BayRS? The docs should be found at www.nortelnetworks.com under customer support -> documentation. Might need a login to get into docs these days but I'm not 100% sure. Before they changed their site you could get download docs in PDF without a signon. If that doesn't work, I can hook you up with the PDFs or answer questions you may have. --- Bill Pearch wrote: > Searching for BLN Documentation - came up empty on > www.nortel.com > Anyone know where the BLN docs can be found? > > TIA, > Bill in Anchorage [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24639&t=24620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN and IPX [7:24641]
Hi all, I have a customer that uses both Novell and NT. We upgraded their LAN with 6500 and 3500 switches. Now we will implement VLANs. I know how to configure VLAN for IP but never done it with IPX. I red the docs on cisco but I have a question on my mind. As I know the customer only give a network IPX number to the server and clients get their Network numbers from the server. If I put the server on a different VLAN will the router give a network number to clients or will I have to show the way to clients to reach the server. My guess is this interface vlan 2 ip address .. ipx network 101 (this is the network where the server is) interface vlan 3 ip address ipx network 102 (this is the network where clients will be) If I configure my router like this will clients able to find the server or what should I do? Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24641&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Token Ring defined [7:24643]
I have conflicting reports. I see in one of my books that token ring is a physical ring - logical star. The next book claims a physical ring - logical bus. Which is correct? -D.L. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24643&t=24643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pretty complex BGP load balancing scenarios [7:24628]
On Tue, 30 Oct 2001, suaveguru wrote: > situation goes this way > > R1Receive-Only---R2-Terrestrial gw > | > | > Transmit-Only > > > Problem : > customer has only one block of Class C Address and > when I advertise the whole class C over the satellite > link it does off-load the terrestrial link for the > return path but this time the satellite link get > congested . I could not do a AS-PATH prepend as they > are using Private-As and the provider is stripping > private-as at their end > > My question is how can I solve this problem of > load-balancing by introducing as shown in the diagram > another satellite link from the same provider with > only a transmit path ? Correct me if I am wrong but it sounds like the customers Class C was assigned by the terrestrial provider. If so the most likely problem is that the Class C is being aggregated by the terrestrial provider into a larger block. The satellite provider on the other hand is announcing the more specific /24. terrestrial provider /19 > Global BGP table satellite provider /24 Since the more specific route would be preferred most traffic would prefer the satellite link. There are a couple of ways you could address this. One would be to ask the terrestrial provider to announce the more specific /24 as well. This would probably help but you would still not have any control over the traffic...The other option would be to get an AS# and run BGP with both providers. > > appreicate your inputs > > suaveguru > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24642&t=24628 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring defined [7:24643]
Both are wrong. Physically, it is a star all connected to a token ring MAU. Logically, it a ring with token passing. ""Dave Luancing"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have conflicting reports. I see in one of my books > that token ring is a physical ring - logical star. > > The next book claims a physical ring - logical bus. > > Which is correct? > > -D.L. > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24644&t=24643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1924 Switch: Takes long time to ping device after connecting to [7:24645]
Hi, I installed a Catalyst 1924 switch on the LAN. It seems to work ok, however, I am concerned, because when I first plug a device (any device) into a new switch port. It takes a long time (minutes) before I can ping it. After that if I unplug it and reconnect I can ping immediately. Does anyone know if this is normal? Thanks in advance. KM _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24645&t=24645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: custom queueing on seperate dlci's [7:24625]
I believe this should work for you. interface Serial0/0 description no ip address encapsulation frame-relay no ip mroute-cache logging event subif-link-status logging event dlci-status-change frame-relay traffic-shaping ! interface Serial0/0.1 point-to-point description to REMOTE SITE 1 ip address 192.168.1.30 255.255.255.252 no arp frame-relay frame-relay interface-dlci 16 ! interface Serial0/0.2 point-to-point description to REMOTE SITE 2 bandwidth 512 ip address 192.168.1.25 255.255.255.252 no arp frame-relay frame-relay interface-dlci 17 frame-relay class DLCI17 map-class frame-relay DLCI17 frame-relay custom-queue-list 1 queue-list 1 protocol ip -Original Message- From: Brad M [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 30, 2001 1:57 AM To: [EMAIL PROTECTED] Subject: custom queueing on seperate dlci's [7:24625] Hi all. I've got a situation where I want to apply a custom queue list to a dlci under my frame-relay connection. I can apply the custom-queue-list to my serial interface, but not the sub serial interfaces. For example here is a piece of my config: interface Serial0/0 description no ip address encapsulation frame-relay no ip mroute-cache logging event subif-link-status logging event dlci-status-change custom-queue-list 1 ! interface Serial0/0.1 point-to-point description to REMOTE SITE 1 ip address 192.168.1.30 255.255.255.252 no arp frame-relay frame-relay interface-dlci 16 ! interface Serial0/0.2 point-to-point description to REMOTE SITE 2 bandwidth 512 ip address 192.168.1.25 255.255.255.252 no arp frame-relay frame-relay interface-dlci 17 What I would like to do is apply that custom-queue-list to only dlci 17 (REMOTE SITE 2). I don't want to use it whatsoever for dlci 16. Is this possible? Any help/responses will be very helpful. Thanks, Brad M. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24646&t=24625 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AARRGGHH!!! Flash on a 2500! [7:24564]
> I'm trying to upgrade the IOS on a 2500 router. When I attempt to delete > the current IOS image, or erase the flash altogether, it tells me it's in > read-only mode. Fine. I've scoured Cisco's website trying to find a way > to > put the flash into read/write mode so I can do this IOS update, but to no > avail. I did fine one page talking about partitioning the flash, but > couldn't seem to use that to my advantage. My next thing is to boot to > rommon and try to wipe the flash there (then use the console to transfer > the > 10MB IOS image at a blazing 9600 baud. goodie =) > > Any thoughts or information is appreciated. > > Mike W. -- Sent through GMX FreeMail - http://www.gmx.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24647&t=24564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1924 Switch: Takes long time to ping device after [7:24648]
"Clients (end stations) on switch ports - You can also set the set spantree portfast command. This is done on a per-port basis. The portfast variable, when enabled on a port, causes the port to immediately switch from blocking mode to forwarding mode. This helps prevent time-outs on clients that use Novell Netware or that use DHCP to obtain an IP address. However, it is important that you do not use this command when you have switch-to-switch connection. It could potentially result in a loop. The 30-60 second delay that occurs when transitioning from blocking to forwarding mode transition prevents a temporal loop condition in the network when connecting two switches." http://www.cisco.com/warp/public/473/5.html Paul C ""KM Reynolds"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I installed a Catalyst 1924 switch on the LAN. It seems to work ok, > however, I am concerned, because when I first plug a device (any device) > into a new switch port. It takes a long time (minutes) before I can ping > it. After that if I unplug it and reconnect I can ping immediately. > > Does anyone know if this is normal? > > Thanks in advance. > > KM > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24648&t=24648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions about PIX firewall [7:24634]
See comments inline: ""dovelet"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Our company wants to use PIX 515 firewall but I never use it before. I have > some questions and I hope someone can help me. > > 1. To configure a PIX, is there any GUI interface or need to use Command > Line Interface? If it has GUI interface, is it bundle with a PIX or need to > purchase separately? It has a CLI. It also comes with a GUI. You don't need to purchase it separately. > 2. We plan to use 2 PIX for HA solution. Is it stable? Ok. I give up, what's HA solution? Yes, the pix is stable. > 3. Is there any materials to describe the PIX failover? PIX firewall is described in the documentation. You can also search CCO for "pix failover" It's very simple, taking just a few commands. > > Regards, > Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24649&t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Router price [7:24537]
Charles, I have a 2523 and just adore it. From what I've found in my home studies is that even a low speed serial is good enough for testing. It's all about routable ports and my 2523 has 8 low speed serials, 2 high-speed serials, a TR port and I think an ISDN too. I paid $800 for my 2523 with 16/16 which at the time was a decent price. I prefer to use that as my frame switch rather than my 4000. It's not like you'll be passing tons of traffic over these links since it would just be in a lab environment so the low-speed serials are good enough. Hope that helped. Tim > -Original Message- > From: Charles Lin [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, October 30, 2001 12:14 AM > To: [EMAIL PROTECTED] > Subject: Re: Off Topic - Router price [7:24537] > > Thank You Brad! > > So you suggest that I not take the 4000M right? Even if it cost 400 with > all > those plugins? I thought it was good though, hehe. Does the lab have a > 4000 > in it then? (hope it won't violate the NDA). You also said that the 2522 > was > good for frame switch right? How about a 2520 or a 2521 because it has 4 > serials too! Could you help me please? Thanks! > > > >From: "Brad Ellis" > >Reply-To: "Brad Ellis" > >To: [EMAIL PROTECTED] > >Subject: Re: Off Topic - Router price [7:24537] > >Date: Mon, 29 Oct 2001 16:02:01 -0500 > > > >I'd recommend using the following routers instead for a CCIE lab: > > > >2x 2501s > >2x 2503s (for ISDN) > >1x 2511 (reverse telnet AS) > >2x 2513s (TR/Ether) > >1x 2522 (frame-switch) > >ISDN Simulator > >Catalyst 5k switch > > > >If you still want to add on: > >26xx routers with Voice > >3900 TR Switch > > > >That is usually the formula that I suggest to people trying to build home > >labs. The 4000s are a pain in the butt to deal with and have given me > >nothing but problems (hence I dont sell/buy them anymore). Make sure > your > >25xx routers have 16D/16F so you can run enterprise 12.x IOS. > > > >thanks, > >-Brad Ellis > >CCIE#5796 > >Network Learning Inc > >[EMAIL PROTECTED] > >used Cisco gear: www.optsys.net > >CCIE Labs, racks, and classes: www.ccbootcamp.com > > > >""Charles Lin"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hello! > > > Someone is going to sell me his routers and wanted to ask if they are > a > >good > > > deal. Please help me and advice me if they are good price. > > > > > > 1.) Cisco 4000M Router with 16/16, 2 Serials Ports, 2 Tokens Rings > > > Ports, and 4 ISDN ports for $400USD. > > > > > > 2.) Cisco 2524 Router with 8/4 flash, 1 module of isdn and 1 module of > > >56k > > > included for 350$ > > > > > > 3.) Cisco 2516 Router for $449 USD > > > > > > 4.) Cisco 1602 for 200 USD > > > > > > 5.) Cisco 2515 for 425 USD > > > > > > > > > Please tell me which ones are good priced. I am really grateful for > your > > > help. > > > > > > > > > _ > > > Get your FREE download of MSN Explorer at > >http://explorer.msn.com/intl.asp > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24650&t=24537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AARRGGHH!!! Flash on a 2500! [7:24564]
This worked for me on a 2513: First you have to make the router run an image other than that in FLASH. The router has to boot in RxBoot mode (small IOS image with a small set of commands). While in RxBoot mode, the router can download the new IOS. You have to boot into RxBoot mode, then you can deal with the IOS. #conf term #config-reg 0x2101 (This tells it to boot from RxBoot mode) #^Z If you do a show ver, it should display 0x2101 as the register number for the next boot. Reload the router and answer "yes" or hit "enter" to confirm for the modify question. #reload (your telnet session will be lost, but after a few minutes, you can telnet back) #copy tftp flash (if you are using a telnet server) #config term #config-register 0x2102 (to put the register back to normal boot mode) #^Z At this point, you may want to reload the router again to make sure it boots OK. I hope this helps. Craig. - Original Message - From: Mark Shickell To: Sent: Tuesday, October 30, 2001 8:28 AM Subject: Re: AARRGGHH!!! Flash on a 2500! [7:24564] > > I'm trying to upgrade the IOS on a 2500 router. When I attempt to delete > > the current IOS image, or erase the flash altogether, it tells me it's in > > read-only mode. Fine. I've scoured Cisco's website trying to find a way > > to > > put the flash into read/write mode so I can do this IOS update, but to no > > avail. I did fine one page talking about partitioning the flash, but > > couldn't seem to use that to my advantage. My next thing is to boot to > > rommon and try to wipe the flash there (then use the console to transfer > > the > > 10MB IOS image at a blazing 9600 baud. goodie =) > > > > Any thoughts or information is appreciated. > > > > Mike W. > -- > Sent through GMX FreeMail - http://www.gmx.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24651&t=24564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1924 Switch: Takes long time to ping device af [7:24648]
Thanks Paul, The switch port connected to the device (PC) has Port fast mode enabled and full duplex enabled. The port the connects to another switch is a 100Base-T and has Port fast mode disabled. So I don't think this is the cause. KM Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24652&t=24648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN and IPX [7:24641]
The config is correct, although you need to find out what IPX encapsulation is. Probably 802.2. I would put the commands in this way; interface vlan 2 ip address .. ipx network 101 encapsulation sap interface vlan 3 ip address ipx network 102 encapsulation sap -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cisco Breaker Sent: Tuesday, October 30, 2001 6:09 AM To: [EMAIL PROTECTED] Subject: VLAN and IPX [7:24641] Hi all, I have a customer that uses both Novell and NT. We upgraded their LAN with 6500 and 3500 switches. Now we will implement VLANs. I know how to configure VLAN for IP but never done it with IPX. I red the docs on cisco but I have a question on my mind. As I know the customer only give a network IPX number to the server and clients get their Network numbers from the server. If I put the server on a different VLAN will the router give a network number to clients or will I have to show the way to clients to reach the server. My guess is this interface vlan 2 ip address .. ipx network 101 (this is the network where the server is) interface vlan 3 ip address ipx network 102 (this is the network where clients will be) If I configure my router like this will clients able to find the server or what should I do? Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24653&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multilayer Switching [7:24595]
I have never tried so I gave er a go and it took the command just fine: C6509> ses 16 Trying Router-16... Connected to Router-16. Escape character is '^]'. User Access Verification Password: MSFC16>en Password: MSFC16#conf t Enter configuration commands, one per line. End with CNTL/Z. MSFC16(config)#inter vlan 50 MSFC16(config-if)#ip nat inside MSFC16(config-if)#^Z MSFC16# Dave "Thomas N." wrote: > > Anyone have any problem turning on VLAN interfaces that are running on NAT > protocol? I couldn't turn VLAN on my 6509 that has "ip nat inside" > statement. Thanks! > > Thomas N. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24655&t=24595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ECP Replacment [7:24571]
Hi Zap: I am working with Bruce and Val on the logistical end of the class. If you need more info or want to register, please send me an e-mail. India Teller [EMAIL PROTECTED] Fred Ingham wrote: > Zap: Bruce Caslow and Val Pavlichenko, the designers and instructors > for the ECP1 and ECP2 courses have a new course and a new company. The > first classes are 26 Nov and 10 Dec. > > Go to www.netmasterclass.net to view the course outline. > > Cheers, Fred. > > zapeta zape wrote: > > > > Hello guys, > > I was planning to ECP1 next month now there are gone..Do yu guys know any > > other traning program? > > Thanks > > Zap > > > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24654&t=24571 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to Configure ISDN Sites. [7:24656]
Hi All, I have to configure 2620 @ HeadOffice and 803 @ different branch offices using ISDN , I appreciate if i could get some sample configuration for such scenario. Thanx Faheem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24656&t=24656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Router price [7:24537]
I also have 2523 and have found it awsome as frame switch. *00 is an excellent priceI got mine for a little over 900 with 16/16 Raul - Original Message - From: "Ouellette, Tim" To: Sent: Tuesday, October 30, 2001 9:03 AM Subject: RE: Off Topic - Router price [7:24537] > Charles, > > I have a 2523 and just adore it. From what I've found in my home studies is > that even a low speed serial is good enough for testing. It's all about > routable ports and my 2523 has 8 low speed serials, 2 high-speed serials, a > TR port and I think an ISDN too. I paid $800 for my 2523 with 16/16 which at > the time was a decent price. I prefer to use that as my frame switch rather > than my 4000. It's not like you'll be passing tons of traffic over these > links since it would just be in a lab environment so the low-speed serials > are good enough. Hope that helped. > > Tim > > > > -Original Message- > > From: Charles Lin [SMTP:[EMAIL PROTECTED]] > > Sent: Tuesday, October 30, 2001 12:14 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Off Topic - Router price [7:24537] > > > > Thank You Brad! > > > > So you suggest that I not take the 4000M right? Even if it cost 400 with > > all > > those plugins? I thought it was good though, hehe. Does the lab have a > > 4000 > > in it then? (hope it won't violate the NDA). You also said that the 2522 > > was > > good for frame switch right? How about a 2520 or a 2521 because it has 4 > > serials too! Could you help me please? Thanks! > > > > > > >From: "Brad Ellis" > > >Reply-To: "Brad Ellis" > > >To: [EMAIL PROTECTED] > > >Subject: Re: Off Topic - Router price [7:24537] > > >Date: Mon, 29 Oct 2001 16:02:01 -0500 > > > > > >I'd recommend using the following routers instead for a CCIE lab: > > > > > >2x 2501s > > >2x 2503s (for ISDN) > > >1x 2511 (reverse telnet AS) > > >2x 2513s (TR/Ether) > > >1x 2522 (frame-switch) > > >ISDN Simulator > > >Catalyst 5k switch > > > > > >If you still want to add on: > > >26xx routers with Voice > > >3900 TR Switch > > > > > >That is usually the formula that I suggest to people trying to build home > > >labs. The 4000s are a pain in the butt to deal with and have given me > > >nothing but problems (hence I dont sell/buy them anymore). Make sure > > your > > >25xx routers have 16D/16F so you can run enterprise 12.x IOS. > > > > > >thanks, > > >-Brad Ellis > > >CCIE#5796 > > >Network Learning Inc > > >[EMAIL PROTECTED] > > >used Cisco gear: www.optsys.net > > >CCIE Labs, racks, and classes: www.ccbootcamp.com > > > > > >""Charles Lin"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hello! > > > > Someone is going to sell me his routers and wanted to ask if they are > > a > > >good > > > > deal. Please help me and advice me if they are good price. > > > > > > > > 1.) Cisco 4000M Router with 16/16, 2 Serials Ports, 2 Tokens Rings > > > > Ports, and 4 ISDN ports for $400USD. > > > > > > > > 2.) Cisco 2524 Router with 8/4 flash, 1 module of isdn and 1 module of > > > > >56k > > > > included for 350$ > > > > > > > > 3.) Cisco 2516 Router for $449 USD > > > > > > > > 4.) Cisco 1602 for 200 USD > > > > > > > > 5.) Cisco 2515 for 425 USD > > > > > > > > > > > > Please tell me which ones are good priced. I am really grateful for > > your > > > > help. > > > > > > > > > > > > _ > > > > Get your FREE download of MSN Explorer at > > >http://explorer.msn.com/intl.asp > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24657&t=24537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Difference between Sync and Async - Just a note to you all. [7:24658]
After writing an email to someone else on this groupstudy, I figured i'd share a part of it with the rest of ya. Hopefully it's readable. To sum up the difference between sync and sync communication is this. Asynchronous communication requires each side maintain it's own clocking. Synchronous means that one side will generate clocking as it sends it's data (faster). For some reason, my analogy has always been this. Picture two people dancing the tango. If both of the dancers try to keep their own beat (clock) in their mind by thinking about the rhythm, they'll have more on their mind so they'll be slower to execute the moves = Asynchronous. Now picture the other side. Imagine if one of the dancers just did all the rhythm stuff and kept the beat. The other person would just have to follow. Would be much quicker since the follower is just taking the rhythm from the leader. Ala Synchronous. So, Synchronous is like they're in-step or synchronized to the beat. Hope that makes sense. It was much clearer in my mind before i started describing it. Guess thinking about dancing or something blurred it all up. Tim btw, check out this link if you want more geeky details. http://www.erg.abdn.ac.uk/users/gorry/eg2069/async.html > Timothy Ouellette, Infrastructure Analyst > MCSE, CCSE, CCNP/DP > EDS - New Business Implementation > 1075 W. Entrance Drive > Auburn Hills, MI 48326 > > ( 01-248-754-7535 > * [EMAIL PROTECTED] > Pager 888-351-4584 > www.eds.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24658&t=24658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF across PIX [7:24608]
First thought is that this will not work. imagine this and tell me what you think. In pix, your acl's are based on tcp/udp/icmp these all are protocols, like ospf is it's own protocol... since ospf (protocol 89) is separate, opening up a port dealing with tcp/udp/icmp would be completely useless. -Patrick >>> "pat" 10/29/01 11:01PM >>> Does anybody has any ideas on how to run OSPF across firewall. What ports to be open & how to make router esablish nighbour relations across firewall. Any thought on this will be greatly appriciated. Thanks, patterson. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24659&t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF across PIX [7:24608]
ahhh.. I may have to investigate this... This is interesting. I didn't realize pix had this abillity! -Patrick >>> "Engelhard M. Labiro" 10/30/01 12:26AM >>> Pat, Since OSPF uses IP protocol 89, permit this protocol between the two OSPF routers with access-list applied at outside and inside PIX interfaces, something like this: access-list 101 permit 89 host 1.1.1.1 host 2.2.2.2 access-list 102 permit 89 host 2.2.2.2 host 1.1.1.1 access-group 101 interface inside access-group 102 interface outside At the OSPF routers, put neighbour command, so they can speak each other directly without multicasting the hello packets. Hope you get the idea. - Original Message - From: "pat" To: Sent: Tuesday, October 30, 2001 1:01 PM Subject: OSPF across PIX [7:24608] > Does anybody has any ideas on how to run OSPF across > firewall. What ports to be open & how to make router > esablish nighbour relations across firewall. > > Any thought on this will be greatly appriciated. > > Thanks, > patterson. > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24660&t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX advanced exam [7:24478]
Go buy the Boson exams, they are 98% accurate. Matthew Mohamed El Komy wrote: > > Hi all, > > I'm preparing for taking the PIX advanced exam within 2 days > but I need to > know how the exam looks like...type of questions and main > points to focus on > in my study. > Any help greatly appreciated. > > BR, > komy > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24661&t=24478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to Configure ISDN Sites. [7:24656]
Here is a good page to start with: http://www.cisco.com/warp/customer/793/access_dial/index.html Dave Muhammad Faheem wrote: > > Hi All, > > I have to configure 2620 @ HeadOffice and 803 @ different branch offices > using ISDN , I appreciate if i could get some sample configuration for such > scenario. > > Thanx > Faheem. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24662&t=24656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF across PIX [7:24608]
Try these for the access-group commands: access-group 101 in interface inside access-group 102 in interface outside -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Tuesday, October 30, 2001 9:22 AM To: [EMAIL PROTECTED] Subject: Re: OSPF across PIX [7:24608] ahhh.. I may have to investigate this... This is interesting. I didn't realize pix had this abillity! -Patrick >>> "Engelhard M. Labiro" 10/30/01 12:26AM >>> Pat, Since OSPF uses IP protocol 89, permit this protocol between the two OSPF routers with access-list applied at outside and inside PIX interfaces, something like this: access-list 101 permit 89 host 1.1.1.1 host 2.2.2.2 access-list 102 permit 89 host 2.2.2.2 host 1.1.1.1 access-group 101 interface inside access-group 102 interface outside At the OSPF routers, put neighbour command, so they can speak each other directly without multicasting the hello packets. Hope you get the idea. - Original Message - From: "pat" To: Sent: Tuesday, October 30, 2001 1:01 PM Subject: OSPF across PIX [7:24608] > Does anybody has any ideas on how to run OSPF across > firewall. What ports to be open & how to make router > esablish nighbour relations across firewall. > > Any thought on this will be greatly appriciated. > > Thanks, > patterson. > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24664&t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1924 Switch: Takes long time to ping device af [7:24648]
I'm in the boat with Paul, as my kneejerk reaction was "enable portfast". However, if you've done that, then you can start to analyse the problem from ground up (or Layer 1 up =) . Since you *can* ping this thing eventually, I think we could safely rule out a physical wiring problem or the like. So next, I would console (or telnet) into the switch and watch the that specific port (in the 1900 series it's under the Port Addressing menu). Then, plug the PC in and keep watching the port addressing for that port and see how long/when the switch learns the MAC for the PC. If it learns the MAC instantly (which it should), then I don't see where the switch is causing the problem. As long as switch sees the MAC addr. Also, assuming your switch and the PC are in the same IP subnet, I would try pinging the PC from the switch directly instead of from another PC. Hope this helps some let me know how it goes.. interesting problem. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24665&t=24648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Token Ring defined [7:24643]
(Don't quote me.. hehe) but I always believed that Token Ring was a logical ring, but a physical star. Check out (careful for wrap) http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/tokenrng.htm http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introlan.htm The above links, one classifies Token Ring as a logical ring, which makes sense. The other talks about how IBM's Token Ring requires a physical star (stations connected to MSAUs) while IEEE 802.5 doesn't specify a physical topology. Having said that, everything is subjective. Although stations may connect to a common MSAU, (from what I understand) the MSAU connects the endstations into a physical ring, so I could see the physical topology being labeled as a ring. Also, I could see how the logical ring could be referred to as a bus, never a star tho. So, I would say: physical star, logical ring. But if I had to choose between the 2 you mentioned, I'd pick: physical ring, logical bus. Mike W. Dave Luancing wrote: > > I have conflicting reports. I see in one of my books > that token ring is a physical ring - logical star. > > The next book claims a physical ring - logical bus. > > Which is correct? > > -D.L. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24666&t=24643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: PIX advanced exam [7:24478]
What books did you use to study for the exam? Bill Harrison -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matthew Crane Sent: Tuesday, October 30, 2001 9:32 AM To: [EMAIL PROTECTED] Subject: RE: PIX advanced exam [7:24478] Go buy the Boson exams, they are 98% accurate. Matthew Mohamed El Komy wrote: > > Hi all, > > I'm preparing for taking the PIX advanced exam within 2 days > but I need to > know how the exam looks like...type of questions and main > points to focus on > in my study. > Any help greatly appreciated. > > BR, > komy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24669&t=24478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN and IPX [7:24641]
I would agree. The clients can find the servers because they'll do a GNS (GetNearestServer) request, and the routers should be able to answer that request with the info the client needs. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24667&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Collisions on a Serial Line [7:24601]
In general no On a serial line, the connection is a two way relationship (master/slave) although Cisco router do show a collisions on serial interface. This I feel is a template for IOS Interfaces in general. HTH Bill Harrison -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Luancing Sent: Monday, October 29, 2001 9:03 PM To: [EMAIL PROTECTED] Subject: Collisions on a Serial Line [7:24601] Is it possible to have collisions on a serial line ?? if so, what causes this? - D.L. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24668&t=24601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Collisions on a Serial Line [7:24601]
AFAIK, collisions on a serial interface cannot happen. Perhaps, I'm wrong, but as Brian said, collisions are a side effect of half-duplex transmissions where the two ends try to transmit at the same time. I can't think of any other specification besides ethernet where collisions can happen. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24670&t=24601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AARRGGHH!!! Flash on a 2500! [7:24564]
Thanks again to everyone that replied. I did the "config register to 0x2101" and it worked just fine. The nice thing about that approach was that it loaded my current config upon booting, so once it was up, my flash was in Read/Write and I could TFTP the new image. I manually did an "erase flash" before starting the TFTP, however, upon giving the "copy tftp flash" command, it prompted me to see if I wanted to erase the flash. Thanks again! Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24671&t=24564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FTP Server [7:24525]
That would work, although you don't need the "deny ip any any" as there is always an implied "deny all" at the end of the access list. However, to protect yourself from unwanted traffic/attacks, you can changed your access list to only allow traffic incoming on port 21 (eq ftp): access-list 110 permit tcp any host 192.3.10.10 eq ftp That should do it for ya. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24672&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing with Win2k and Cat6k [7:24494]
Patrick Donlon wrote: > had a look on the CCO, m'soft and HPs site but I can't see much relevant > info, can any provide some info or experience on this Really? I searched www.microsoft.com/technet with the phrase "network interface load balancing" and came up with quite a few hits discussing load balancing (e.g., "Configuring Network Load Balancing Q240997"). You may get more help on your problem from a Microsoft newsgroup. It's hard to see how this is a Cisco ACS problem; it seems more like a Microsoft Windows problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24673&t=24494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test 1 [7:24674]
_ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24674&t=24674 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Questions about PIX firewall [7:24634]
Yeah, there is a GUI but you'll be better off just trying to get used to the CLI. It's just better, trust me. By HA I suppose you mean High Availability, there is a good link describing how failover works: http://www.cisco.com/warp/customer/110/failover.html We've had good experience with failover, I think it rocks ! ""dovelet"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Our company wants to use PIX 515 firewall but I never use it before. I have > some questions and I hope someone can help me. > > 1. To configure a PIX, is there any GUI interface or need to use Command > Line Interface? If it has GUI interface, is it bundle with a PIX or need to > purchase separately? > 2. We plan to use 2 PIX for HA solution. Is it stable? > 3. Is there any materials to describe the PIX failover? > > Regards, > Dovelet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24675&t=24634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Drawings [7:24574]
hi, also.cabinet/room location access details...access details contact... depending on the size of your site..we have 5000 users in one you may want to have a wan diagram lan diagram generic floor diagram what i did last time was to create a folder with these pages in 1)front page 2)site access details page 3)wan diagram 4)Lan diagram 5)generic floor diagram 6)Complete ip address list (for network devices) hth steve >From: "Hyde, Lori" >Reply-To: "Hyde, Lori" >To: [EMAIL PROTECTED] >Subject: Network Drawings [7:24574] >Date: Mon, 29 Oct 2001 17:12:46 -0500 > >Hi All >I'm wondering what you think of as necessary information on a network >drawing. I'm thinking that each site will consist of two layers of >drawings, one for the WAN and one for the LAN. >Here's what I have so far as necessary for the wan: >site name - site address - site contact name - wan router address - wan >address range - lan address and range - isp - circuit ID - contact info - >vpn/tunnel addresses. >Anyone have other suggestions? >Also, does anyone have an example of what they think of as a "great" >network >drawing? > >Lori Hyde CCNA _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24676&t=24574 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Token Ring defined [7:24643]
The term Token-Ring describes the original IBM specification and the subsequent IEEE 802.5. However 802.5 does not specify a physical topology. Original IBM's TokenRing specifies a star topology with all workstations connected to a Multistation access unit (MAU)ie Physical star logical ring. h1 | | h2-(Mau)-h4 | | h3 Token flows from h1 to h2 to h3 to h4 then back to h1. Eric CCNP --- Dave Luancing wrote: > I have conflicting reports. I see in one of my books > that token ring is a physical ring - logical star. > > The next book claims a physical ring - logical bus. > > Which is correct? > > -D.L. > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24677&t=24643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What do you cats do for motivation? [7:24549]
Well, my "paycheck" crack didn't seem to satisfy the mark. I know it's a tough job. Old readers will note my previous, and current, affiliation with commercial salmon fishing. Nowadays it is for "relaxation". That smallish break in the summer has had its moments, and I'm grateful for the escape into "extreme nature" from year to year. I see too much stress in this newsgroup. People can be harsh when pushing hard over a long haul. Like fishing, we are brothers (sisters, too) of a common misery. Also like fishing, I have seen friends die from their high-tech jobs. Maybe not as violent an end, but nonetheless, the end. Lots of folks want to enter the high tech field. Sometimes, though, the wanting is considerably different than the having. I used to think that, with enough work and dedication, anyone could excel in this field. I don't think that, anymore. The learning never stops. Know what you've signed up for. If you think it's hard now, wait 'til you look back at 20 years and wonder where all that time went! We're all in this together. So let's keep our sticks on the ice and pull for each other. Very best, G. VP OGC "Youth is wasted on the wrong people." -Original Message- From: Joe [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 7:10 PM To: [EMAIL PROTECTED] Subject: Re: What do you cats do for motivation? [7:24549] I am sick of networking after doing it for a few years and I quit my job and take a long break for 2 years and do something that is totally irrelevant to computer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24679&t=24549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX advanced exam [7:24478]
Cisco hasn't releast the cisco advanced pix firewall book yet. Shoud be out in a couple of months. What books did you use to study for the exam? Bill Harrison -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matthew Crane Sent: Tuesday, October 30, 2001 9:32 AM To: [EMAIL PROTECTED] Subject: RE: PIX advanced exam [7:24478] Go buy the Boson exams, they are 98% accurate. Matthew Mohamed El Komy wrote: > > Hi all, > > I'm preparing for taking the PIX advanced exam within 2 days > but I need to > know how the exam looks like...type of questions and main > points to focus on > in my study. > Any help greatly appreciated. > > BR, > komy _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24678&t=24478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing with Win2k and Cat6k [7:24494]
Just an FYI, last week our server guys at the campus fired up a Win2k load balancing scenario and it was spewing multicasts like a bat out of hell and made parts of the network inaccessible, like printers, an ISDN 128k link, etc. We were using Observer to sniff. Now we have put the little monsters in there own VLAN. the highway is smooth now with the HOV lane in operation ;-) Jonathan Hays wrote: >Patrick Donlon wrote: > >>had a look on the CCO, m'soft and HPs site but I can't see much relevant >>info, can any provide some info or experience on this >> > >Really? I searched www.microsoft.com/technet with the phrase "network >interface load >balancing" and came up with quite a few hits discussing load balancing (e.g., >"Configuring Network Load Balancing Q240997"). > >You may get more help on your problem from a Microsoft newsgroup. It's hard >to see how >this is a Cisco ACS problem; it seems more like a Microsoft Windows problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24680&t=24494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Collisions on a Serial Line [7:24601]
There are no collisions on a serial link. Collisions happen on networks that use CSMA, including Ethernet, 802.11 wireless, LocalTalk, and Aloha. The programmers for "show int" use a template that doesn't remove the collision count when the interface is a serial interface. We have discussed this before. See the archives. If you are asked a question on a test such as "what would you do if you saw a non-zero collision count when viewing 'show interface serial' results," the right answers would be something like "get your glasses checked" or "check the IOS bug database." Priscilla >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Dave Luancing >Sent: Monday, October 29, 2001 10:03 PM >To: [EMAIL PROTECTED] >Subject: Collisions on a Serial Line [7:24601] > > >Is it possible to have collisions on a serial line ?? >if so, what causes this? > >- D.L. > >__ >Do You Yahoo!? >Make a great connection at Yahoo! Personals. >http://personals.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24681&t=24601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VLAN and IPX [7:24641]
Every client VLAN will need its' own IPX network number and appropriate frame encapsulation type. int vlan 10 ip address 10.10.10.2 255.255.255.0 standby 10 ip 10.10.10.1 standby 10 prior 110 pre ipx network 10 encapsulation sap int vlan 11 ip address 10.10.11.2 255.255.255.0 standby 11 ip 10.10.11.1 standby 11 prior 110 pre ipx network 11 encapsulation sap In addition, you must enable IPX routing... (global mode, ipx routing ...) just use IPX RIP for now. ipx router rip network 10 network 11 Do yourself a favor and have the clients (and servers) hard-coded to the frame type and STP portfast enabled. -Brant - Original Message - From: "Cisco Breaker" To: Sent: Tuesday, October 30, 2001 7:09 AM Subject: VLAN and IPX [7:24641] > Hi all, > > I have a customer that uses both Novell and NT. We upgraded their LAN with > 6500 and 3500 switches. Now we will implement VLANs. I know how to configure > VLAN for IP but never done it with IPX. I red the docs on cisco but I have a > question on my mind. As I know the customer only give a network IPX number > to the server and clients get their Network numbers from the server. If I > put the server on a different VLAN will the router give a network number to > clients or will I have to show the way to clients to reach the server. > > My guess is this > > interface vlan 2 > ip address .. > ipx network 101 (this is the network where the server is) > interface vlan 3 > ip address > ipx network 102 (this is the network where clients will be) > > If I configure my router like this will clients able to find the server or > what should I do? > > Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24683&t=24641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1924 Switch: Takes long time to ping device af [7:24648]
What is doing the pinging and what is being pinged? In addition to the great advice from Michael, which has you check to see when the switch learns a MAC address, keep in mind that the pinger needs to get a MAC address too. Assuming it's on the same subnet as the device that it is pinging, it will ARP for the device. That can take a little while. If the pinger is a PC, you can check its ARP table with arp -a from an MS-DOS prompt. If the devices are in different subnets, then the pinger would ARP for its default gateway. Just a couple other things to keep in mind, not a definite answer. Priscilla At 10:58 AM 10/30/01, Michael Williams wrote: >I'm in the boat with Paul, as my kneejerk reaction was "enable portfast". >However, if you've done that, then you can start to analyse the problem from >ground up (or Layer 1 up =) . Since you *can* ping this thing eventually, I >think we could safely rule out a physical wiring problem or the like. So >next, I would console (or telnet) into the switch and watch the that >specific port (in the 1900 series it's under the Port Addressing menu). >Then, plug the PC in and keep watching the port addressing for that port and >see how long/when the switch learns the MAC for the PC. If it learns the >MAC instantly (which it should), then I don't see where the switch is >causing the problem. As long as switch sees the MAC addr. Also, assuming >your switch and the PC are in the same IP subnet, I would try pinging the PC >from the switch directly instead of from another PC. > >Hope this helps some let me know how it goes.. interesting problem. > >Mike W. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24685&t=24648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Collisions on a Serial Line [7:24601]
Whether a protocol is reliable or not has nothing to do with collisions. Collisions have to do with media access control at the data-link layer. Ethernet is not reliable. It's best effort. The only problem it monitors is collisions, (if you're using half-duplex). Cisco's HDLC is not reliable. That's not relevant as far as to whether it has collisions, however. What is relevant is its media access control, which is very simple because there's nothing else sharing its transmit circuit, so it can send whenever it wants. It's used on point-to-point circuits. X.25 is a network-layer protocol so it is not relevant to a question that is asking about a media-access control function. Priscilla At 10:57 PM 10/29/01, Albert Y. Pak wrote: >That's depending on the WAN side what technology you are using. If you are >using Frame Relay or HDLC between the WAN side via serial link, there will >be no collision. Since Frame Relay and HDLC are connection-oriented but not >reliable. All the re-transmission are done by between 2 hosts of each >opposite end. In case of using X.25, there will be a collision since X.25 is >connection-oriented and reliable. 2 routers between the serial line will do >all the re-transmission. So there will be a collision. >HTH >Albert > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Dave Luancing >Sent: Monday, October 29, 2001 10:03 PM >To: [EMAIL PROTECTED] >Subject: Collisions on a Serial Line [7:24601] > > >Is it possible to have collisions on a serial line ?? >if so, what causes this? > >- D.L. > >__ >Do You Yahoo!? >Make a great connection at Yahoo! Personals. >http://personals.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24684&t=24601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: PIX advanced exam [7:24478]
None, because there have not been any until recently, check out: Cisco Press - Cisco Secure Internet Security Solutions. I did it the hard way, bought a 506, 515 & 520 and got loads of hands on experience. There is also a lot of theory in the exams about IKE, IPsec etc so for this use cco and finally went on the PIX traing courses which helped to clarify any misunderstandings. As to the courses forget the basics just go for the advanced course as there is way to much overlap in the courses. Matthew William Harrison wrote: > > What books did you use to study for the exam? > > Bill Harrison > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Matthew Crane > Sent: Tuesday, October 30, 2001 9:32 AM > To: [EMAIL PROTECTED] > Subject: RE: PIX advanced exam [7:24478] > > Go buy the Boson exams, they are 98% accurate. > > Matthew > > Mohamed El Komy wrote: > > > > Hi all, > > > > I'm preparing for taking the PIX advanced exam within 2 days > > but I need to > > know how the exam looks like...type of questions and main > > points to focus on > > in my study. > > Any help greatly appreciated. > > > > BR, > > komy > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24686&t=24478 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX RIP [7:24621]
Triggered updates on IPX RIP are stupid compared to something like EIGRP. They just get sent out by a router that brings a route up or notices that one goes down. They don't get propagated. More than one router might decide a route is up or down, but not necessarily, depending on timing. As you know I'm sure, IPX routes are marked invalid if no routing updates are heard within three times the value of the update interval and are advertised with a metric of infinity. IPX routes are removed from the routing table if no routing updates are heard within four times the value of the update interval. I think RT2 in your case would wait 15 minutes to mark a route from RT1 invalid. In the meantime, RT2 is still sending RIPs every 60 seconds out to RT3 with the routes from RT1 still valid. So, I would say that the triggered update from RT1 would not cause any extra traffic on the RT2---RT3 link or on the RT3---RT4 link. You can configure the interval at which a network RIP entry ages out, by the way, with the ipx rip-multiplier command. That could confuse matters Sorry I don't have any more experience to share. Good luck. I'm sorry you're having a bad week. We're learning from your experiences too, if that helps at all. ;-] Priscilla At 01:36 AM 10/30/01, [EMAIL PROTECTED] wrote: >OK, I'm asking a few more questions than I'm answering lately. > >Question about IPX RIP (not IP RIP - although they may work the same way in >this instance). > >Say I have the following setup... > >RT1---RT2---RT3---RT4 > >The RT2 to RT3 link is ethernet, the others are serial, although I'm not >sure that that makes a difference. The IPX RIP update time is set to five >minutes on the RT1 to RT2 link, and defaults (to 60 seconds) on the other >two links - again, I'm not sure that this makes a difference. There are no >relevant filters in this scenario. > >If the IPX routes are cleared on RT1 (clear ipx route *), how far will >triggered RIP updates/changes be propagated? Will any extra traffic (above >normal RIP updates) be created from RT3 to RT4? > >Thanks, >JMcL Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24689&t=24621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Announcements [7:24690]
Can anyone point me to a good resources for different providers BGP policies? Such as who will listen to what size blocks and what their filter rules are, thanks. Guy H. Lupi NOC Engineer Eureka GGN 270 Madison Avenue, 5th Floor NY, NY 10016 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24690&t=24690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FTP Server [7:24525]
Michael Williams wrote: > That would work, although you don't need the "deny ip any any" as there is > always an implied "deny all" at the end of the access list. > > However, to protect yourself from unwanted traffic/attacks, you can changed > your access list to only allow traffic incoming on port 21 (eq ftp): > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > Don't we also want a ACL line for the ftp data channel? access-list 110 permit tcp any host 192.3.10.10 eq ftp-data And if the server is using passive ftp access-list 110 permit tcp any host 192.3.10.10 gt 1023 established Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24691&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LARP Port 91 [7:24693]
I realise that this is a bit off topic but it may be of interest as well and its driving me nuts. I'm dealing with what appears to be a security breach at the moment and from what I can accretion it deals with LARP on port 91 and FTP on Port 21. I really don't know where to start with this can anyone give me some idea or pointers as to what possible connection there can be between the pair. As far as I can make out someone has FTP'ed out of the network or even within it to an unknown address (I can't establish whether it was in or outside as I have only a partial log entry) and used Port 91LARP for some purpose. Coincidentally three terminals on the same subnet (Windows 98 with MS Proxy 2 Client) have then been disabled from seeing the Proxy Server subsequently and only the Proxy Server, all other services were OK. This has been at great inconvenience to a finance office which was then "fixed" by somebody in two minutes flat by a person removed the Proxy Client Software i.e. he/she knew exactly where to go, if you see what I mean. This was after two weeks scratching around for answersthings could not be disturbed too much. Can anyone shed any light on this at all, I cannot find any good explanation of LARP apart from a passing reference to MAC addresses. As you can imagine its caused a few questions that I for one would like answering. Thanks Karl IMPORTANT NOTICE: This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Karl or Pauline HUTCHINSON. Karl & Pauline HUTCHINSON accepts no responsibility for loss or damage arising from its use, including damage from virus. > IMPORTANT NOTICE: This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Karl or Pauline HUTCHINSON. Karl & Pauline HUTCHINSON accepts no responsibility for loss or damage arising from its use, including damage from virus. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24693&t=24693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multilayer Switching [7:24595]
I am now very confused. On the 6509, if I put "show mls rp", it said MLSs was globally disable. When I turned on MLS on both global and interface mode (include vlans that have NAT), it took just fine. Now I issued "show mls rp interfaces", VLANs with NAT didn't appear on the list of interfaces enabled for MLS, though those VLANs took the command without error. On Cisco documentation, it says the above set of commands are only for CAT 5000 platform; and that MLS will be automatically disable on VLANs running NAT. It also says that MLS is enabled by default on 6509s. Issuing a command "show mls status" on 6509 MSFC will show the output below. However, if you do a ? browsing after "show mls", you won't see a subcommand "status". But if you just type the whole command "show mls status", it doesn't give any error, but yield the output below: MLS global configuration status: global mls ip: enabled global mls ipx:enabled global mls ip multicast: enabled current ip flowmask for unicast: destination only current ipx flowmask for unicast: destination only According to this, I assume 6509 has both MSFC and sup. engines enlabled for MLS, but I am not sure if VLANs with NAT still running MLS... How should I check it? What about Multicast MLS for NATed VLANs? Thomas N. ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have never tried so I gave er a go and it took the command just > fine: > > > C6509> ses 16 > Trying Router-16... > Connected to Router-16. > Escape character is '^]'. > > > User Access Verification > > Password: > MSFC16>en > Password: > MSFC16#conf t > Enter configuration commands, one per line. End with CNTL/Z. > MSFC16(config)#inter vlan 50 > MSFC16(config-if)#ip nat inside > MSFC16(config-if)#^Z > MSFC16# > > Dave > > "Thomas N." wrote: > > > > Anyone have any problem turning on VLAN interfaces that are running on NAT > > protocol? I couldn't turn VLAN on my 6509 that has "ip nat inside" > > statement. Thanks! > > > > Thomas N. > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24694&t=24595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7206 VXR???? [7:24692]
Has anyone had any experience with a Cisco product called the 7206 VXR router? Raul De La Garza III CCDP NNCSS MCSE CNE "Rome has spoken; the cause is finished." -St. Augustine (354-430) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24692&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FTP Server [7:24525]
If it's not passive mode, the data channel is initiated by the server from port 20 (FTP data) to the ephemeral port provided by the client in its PORT command. Ephemeral just means a short-lived port with a number greater than 1023. If it is passive mode, then the data channel is initiated by the client from an ephemeral port to an ephemeral port provided by the server in its PASV command. In other words, access lists with FTP are tricky. Priscilla At 03:14 PM 10/30/01, Jonathan Hays wrote: >Michael Williams wrote: > > > That would work, although you don't need the "deny ip any any" as there is > > always an implied "deny all" at the end of the access list. > > > > However, to protect yourself from unwanted traffic/attacks, you can changed > > your access list to only allow traffic incoming on port 21 (eq ftp): > > > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > > >Don't we also want a ACL line for the ftp data channel? > >access-list 110 permit tcp any host 192.3.10.10 eq ftp-data > >And if the server is using passive ftp > >access-list 110 permit tcp any host 192.3.10.10 gt 1023 established Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24695&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7206 VXR???? [7:24692]
Yeah, I am running 2 7206 Vxr 300. Good router Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24696&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FTP Server [7:24525]
e7phem7er7al (i-fem'?r-?l) adj. Lasting for a markedly brief time: "There remain some truths too ephemeral to be captured in the cold pages of a court transcript" (Irving R. Kaufman). Living or lasting only for a day, as certain plants or insects do. n. A markedly short-lived thing. I needed to look it up : ) -Eric -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 30, 2001 2:43 PM To: [EMAIL PROTECTED] Subject: Re: FTP Server [7:24525] If it's not passive mode, the data channel is initiated by the server from port 20 (FTP data) to the ephemeral port provided by the client in its PORT command. Ephemeral just means a short-lived port with a number greater than 1023. If it is passive mode, then the data channel is initiated by the client from an ephemeral port to an ephemeral port provided by the server in its PASV command. In other words, access lists with FTP are tricky. Priscilla At 03:14 PM 10/30/01, Jonathan Hays wrote: >Michael Williams wrote: > > > That would work, although you don't need the "deny ip any any" as there is > > always an implied "deny all" at the end of the access list. > > > > However, to protect yourself from unwanted traffic/attacks, you can changed > > your access list to only allow traffic incoming on port 21 (eq ftp): > > > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > > >Don't we also want a ACL line for the ftp data channel? > >access-list 110 permit tcp any host 192.3.10.10 eq ftp-data > >And if the server is using passive ftp > >access-list 110 permit tcp any host 192.3.10.10 gt 1023 established Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24698&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
What is the T1 module for? [7:24697]
Hello! I like to ask what is a FT1/T1 DSU/CSU module for? If I install one on a 2525. Would that make me able to connect to ethernet lan using that module? Since the module port is rj45 right? Thank You! _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24697&t=24697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Employment Opportunity [7:24699]
Hello All, > > We are looking for two Senior Network Engineer in my company. Very > interesting environment to work , good pay and lots of Cisco gear to play > with. Please send me an email with your resume attached and a phone number > to contact you back. > > > > > Cheers, > > Sandy Thielamay > CCIE#6937 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24699&t=24699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What do you cats do for motivation? [7:24549]
I found that if I take a break from studying, it can be really hard to get back into it so I came at it from a different direction. I realized that it wasn't the studying that I was burnt out on, it was the monotony. The same subject all day every day. I decided that if I was burnt out on networking I would change subjects. I would study Mayan Mythology, Maltese Archaeology, 5th century Spanish history, ANYTHING. As long as it wasn't computers or networking. It kept me in the habit of studying, rounded out my education quite a bit, and gave me a break from the subject that I was burnt out on. Having a goal is important and sometimes something like "Become a CCIE" is a bit much. Its too overwhelming. Having some intermediary goals helps keep you from burning out too badly. It doesn't have to be a big goal, just something that you can meet in the next few weeks. Something small enough that you can see it happening. Try taking a look at some of the technical papers out there that are above your level. It shows you how much more there is to learn and gives you something to shoot for (understanding that tech paper). Just my 2 cents worth. Karen *** REPLY SEPARATOR *** On 10/29/01 at 8:34 PM Dave wrote: >I have hit burnout several times aready. Sometimes you just have to give >yourself a short "vacation" so the batteries can recharge. > >Find some geeks that are as crazy about networking as you are. My best >motivator is my study partner. We meet every few weeks and talk >networking, >labs, good Cisco books, issues we have dealt with, the progress of our >studies and so on. I come away pumped and ready to hit my lab. > >I also have a young networker at my workplace that I am mentoring to some >extent (just passed CCNA). His enthusiasm is boundless and helps keep me >going. > >Dave Swink > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Ouellette, Tim >Sent: Monday, October 29, 2001 1:52 PM >To: [EMAIL PROTECTED] >Subject: What do you cats do for motivation? [7:24549] > > >Man O Man. I'm finding it super-tough to stay motivated with all of this >super-duper-heavy-geeky CCIE studying that I have to do. How do you guys >keep your mind focused and your eyes straight ahead? I find it really easy >to answer my phone on a friday night and talk to my buddies, next thing you >know i'm at the local pub forgetting my name. I've got soo many books to >ready, and soo man labs that I want to do. The light at the end of the >tunnel isn't even close to being visable and it's tough. Can anyone help? > >btw, anyone used any audio tapes/cd's to listen to cisco type stuff during >the commute to work? I was thinking about doing something like that but I >think hearing my own voice speak would be enough to drive me insane. Any >thoughtS? > >Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24700&t=24549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the T1 module for? [7:24697]
oh no definately not rj45 is a commonly used connector for phones/serial devices/t1's/ethernet/faste/gige/etc the phyiscal connection has nothing to do with the type of network you are connecting to. the t1 module supports connecting to a service provider at 1.5mb without the need for an external csu/dsu. -Patrick >>> "Charles Lin" 10/30/01 04:20PM >>> Hello! I like to ask what is a FT1/T1 DSU/CSU module for? If I install one on a 2525. Would that make me able to connect to ethernet lan using that module? Since the module port is rj45 right? Thank You! _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24701&t=24697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7206 VXR???? [7:24692]
We use them here, there is info on Cisco's site about them as well. Basically to Use the NPE300, NPE400 or NSE engines you need a VXR compatible. Also certain PA's require that the router be a VXR. Brian On Tue, 30 Oct 2001, Raul De La Garza III wrote: > Has anyone had any experience with a Cisco product called the 7206 VXR > router? > > > > Raul De La Garza III > CCDP NNCSS MCSE CNE > > "Rome has spoken; the cause is finished." -St. Augustine (354-430) I'm buying / selling used CISCO gear!! email me for a quote Brian Feeny, CCIE #8036 Netjam, LLC [EMAIL PROTECTED] http://www.netjam.net VISA/MC/AMEX/COD phone: 318-212-0245 30 day warranty fax: 318-212-0246 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24702&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ORA 3113 [7:24637]
ORA messages are Oracle messages sent in the TNS protocol and can be decoded. If you are seeing this in a sniffer trace it refers to some oracle application or query condition. I have seen many many of these ORA type messages when analyzing Oracle application for inneffiencies and network behavior. For example you may see many ORA 1403 "no data found" in a trace of a query that did not return anything. These messages could be looked up in the oracle documentation or you can send it to your oracle support rep. The oracle TNS protocol has many different network related messages involving Oracle clients and Servers but I do not recall a 3113 being network related. Check your oracle documentation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24703&t=24637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7206 VXR???? [7:24692]
Yes, Its a very good router. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Raul De La Garza III Sent: Tuesday, October 30, 2001 2:19 PM To: [EMAIL PROTECTED] Subject: 7206 VXR [7:24692] Has anyone had any experience with a Cisco product called the 7206 VXR router? Raul De La Garza III CCDP NNCSS MCSE CNE "Rome has spoken; the cause is finished." -St. Augustine (354-430) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24704&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Employment Opportunity-- [7:24705]
I am sorry but at this time I am looking for 2 people for our San Francisco Office. Cheers Sandy T. > -Original Message- > From: Sandy Thielamay > Sent: Tuesday, October 30, 2001 1:27 PM > To: '[EMAIL PROTECTED]' > Subject: Employment Opportunity > > Hello All, > > > > We are looking for two Senior Network Engineer in my company. Very > > interesting environment to work , good pay and lots of Cisco gear to > play > > with. Please send me an email with your resume attached and a phone > number > > to contact you back. > > > > > > > > > > > Cheers, > > > > Sandy Thielamay > > CCIE#6937 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24705&t=24705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the T1 module for? [7:24697]
No, you will *not* be able to use that to connect to an ethernet lan! As it's name suggests, that module is for connecting to a T1 or Fractional T1 access line. It is not a lan module at all; it is strictly for wan connections. John >>> "Charles Lin" 10/30/01 2:20:40 PM >>> Hello! I like to ask what is a FT1/T1 DSU/CSU module for? If I install one on a 2525. Would that make me able to connect to ethernet lan using that module? Since the module port is rj45 right? Thank You! _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24706&t=24697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Announcements [7:24690]
You might want tolook around here: http://www.nanog.org/resources.html Dave "Lupi, Guy" wrote: > > Can anyone point me to a good resources for different providers BGP > policies? Such as who will listen to what size blocks and what their filter > rules are, thanks. > > Guy H. Lupi > NOC Engineer > Eureka GGN > 270 Madison Avenue, 5th Floor > NY, NY 10016 -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24707&t=24690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7206 VXR???? [7:24692]
Several of them, why?? Dave Raul De La Garza III wrote: > > Has anyone had any experience with a Cisco product called the 7206 VXR > router? > > Raul De La Garza III > CCDP NNCSS MCSE CNE > > "Rome has spoken; the cause is finished." -St. Augustine (354-430) -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24708&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the T1 module for? [7:24697]
No, the module is just what it says, a CSU/DSU which terminate your T1 via an RJ45. looks like a 10BaseT connector but the similiarities end there! http://www.cisco.com/warp/public/471/61.html Dave Charles Lin wrote: > > Hello! > > I like to ask what is a FT1/T1 DSU/CSU module for? If I install one on a > 2525. Would that make me able to connect to ethernet lan using that module? > Since the module port is rj45 right? Thank You! > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24709&t=24697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mentor Technologies [7:24550]
I feel bad for the instructors and employees but what about the students and customers like me who have paid for classes and may not get there classes or refund? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24710&t=24550 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What do you cats do for motivation? [7:24549]
My method : On my desk I have a list of all CCIE 's in my country (Greece). I personally know/do business with most of them and this is in itself a motivation because they are people to look up to. Since this list only has 15 names this is also a driving force to join an "elite" club such as this. Regards George Yiannibas MCSE CCNP P.S. Back to Token Ring RIF's ,ATM LES LEC LECS and the list goes on ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24711&t=24549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP addressing Subnetting [7:24712]
Hi.. I was going through some subnetting scenarios and came across this stuf which is confusing for me.We have been given a network range of 10.60.0.0/24. We have 3 routers which are connected back to back and they all have 3 ethernet ports for 3 ethernet networks.Each subnet will have max. hosts 60 and we also need to design IP addressing for serial links with max.2 IP addresses to conserve IP addresses. In the solution it says, For 60 hosts we need minimum 6 bits ,2^6-2=62 hosts per subnet. By subnetting 10.60.0.0/24 we get 4 subnets with 26 bit mask. 10.60.0.0/26 10.60.0.64/26 10.60.0.128/26 10.60.0.192/26 NOw my question is that can we use 1st and 4th subnet as the rule says that u cant use subnet with all 0's and all 1's. Same way for the network 10.60.0.0/26 the first host would be 10.60.0.1/26 and the broadcast address would be 10.60.0.63/26 Can I use 10.60.0.63 as an IP address ,and If not what will happen if I ping this broadcast address. I tried this on Win2k and it allows me to use broadcast ip for a network interface .What is the effect of using broadcast IP as a IP address on a network card? Thanks in advance Tribavan Raina Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24712&t=24712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FTP Server [7:24525]
It's too bad FTP didn't last for a "markedly brief time." What a silly protocol! ;-) Priscilla At 04:24 PM 10/30/01, Lange, Eric wrote: >e7phem7er7al (i-fem'?r-?l) >adj. >Lasting for a markedly brief time: "There remain some truths too ephemeral >to be captured in the cold pages of a court transcript" (Irving R. Kaufman). >Living or lasting only for a day, as certain plants or insects do. >n. >A markedly short-lived thing. > >I needed to look it up : ) >-Eric > > >-Original Message- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, October 30, 2001 2:43 PM >To: [EMAIL PROTECTED] >Subject: Re: FTP Server [7:24525] > > >If it's not passive mode, the data channel is initiated by the server from >port 20 (FTP data) to the ephemeral port provided by the client in its PORT >command. Ephemeral just means a short-lived port with a number greater than >1023. > >If it is passive mode, then the data channel is initiated by the client >from an ephemeral port to an ephemeral port provided by the server in its >PASV command. > >In other words, access lists with FTP are tricky. > >Priscilla > >At 03:14 PM 10/30/01, Jonathan Hays wrote: > >Michael Williams wrote: > > > > > That would work, although you don't need the "deny ip any any" as there >is > > > always an implied "deny all" at the end of the access list. > > > > > > However, to protect yourself from unwanted traffic/attacks, you can >changed > > > your access list to only allow traffic incoming on port 21 (eq ftp): > > > > > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > > > > > >Don't we also want a ACL line for the ftp data channel? > > > >access-list 110 permit tcp any host 192.3.10.10 eq ftp-data > > > >And if the server is using passive ftp > > > >access-list 110 permit tcp any host 192.3.10.10 gt 1023 established > > >Priscilla Oppenheimer >http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24713&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF across PIX [7:24608]
Thanks for your repply. When I try to specify outside router as neighbor using neighbor command I get "OSPF: Neighbor address does not map to an interface". How do I resolve this issue ? What do you mean by "If you are doing NAT then a global and nat combination need to represent the internal IP addresses to the outside network"...? Can you give can example? I am doing NAT on firewall. The Ip address are as follows Inside router Ethernet 10.10.2.1 Firewall inside 10.10.2.1 Firewall outside 138.12.48.2 Outside Router ethernet 138.12.48.1 Thanks a lot for everybody's response. --- "Engelhard M. Labiro" wrote: > Sorry, replying my own message. > The access-list below assumes that you are able to > use nat 0 command (no NAT translation will occur > for the internal IP addressess to be seen from > outside > network). If you are doing NAT then a global and > nat combination need to represent the internal IP > addresses > to the outside network, before applying the > access-list below. > > Hope you get the idea. > > > Since OSPF uses IP protocol 89, permit this > protocol between > > the two OSPF routers with access-list applied at > outside and inside > > PIX interfaces, something like this: > > access-list 101 permit 89 host 1.1.1.1 host > 2.2.2.2 > > access-list 102 permit 89 host 2.2.2.2 host > 1.1.1.1 > > access-group 101 interface inside > > access-group 102 interface outside > > > > At the OSPF routers, put neighbour command, so > they can speak > > each other directly without multicasting the hello > packets. > > > > Hope you get the idea. > > > > - Original Message - > > From: "pat" > > To: > > Sent: Tuesday, October 30, 2001 1:01 PM > > Subject: OSPF across PIX [7:24608] > > > > > > > Does anybody has any ideas on how to run OSPF > across > > > firewall. What ports to be open & how to make > router > > > esablish nighbour relations across firewall. > > > > > > Any thought on this will be greatly appriciated. > > > > > > Thanks, > > > patterson. > > > > > > > __ > > > Do You Yahoo!? > > > Make a great connection at Yahoo! Personals. > > > http://personals.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24714&t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 7206 VXR???? [7:24692]
wait till pxf get release having unbelievable performance boost..(only on nse-1) thanks, rahul. ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Several of them, why?? > > Dave > > Raul De La Garza III wrote: > > > > Has anyone had any experience with a Cisco product called the 7206 VXR > > router? > > > > Raul De La Garza III > > CCDP NNCSS MCSE CNE > > > > "Rome has spoken; the cause is finished." -St. Augustine (354-430) > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24715&t=24692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multilayer Switching [7:24595]
You can go to the switch prompt to check MLS by using the command . There are other options with this command. ""Thomas"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am now very confused. On the 6509, if I put "show mls rp", it said MLSs > was globally disable. When I turned on MLS on both global and interface > mode (include vlans that have NAT), it took just fine. Now I issued "show > mls rp interfaces", VLANs with NAT didn't appear on the list of interfaces > enabled for MLS, though those VLANs took the command without error. > > On Cisco documentation, it says the above set of commands are only for CAT > 5000 platform; and that MLS will be automatically disable on VLANs running > NAT. It also says that MLS is enabled by default on 6509s. Issuing a > command "show mls status" on 6509 MSFC will show the output below. However, > if you do a ? browsing after "show mls", you won't see a subcommand > "status". But if you just type the whole command "show mls status", it > doesn't give any error, but yield the output below: > > MLS global configuration status: > > global mls ip: enabled > global mls ipx:enabled > global mls ip multicast: enabled > current ip flowmask for unicast: destination only > current ipx flowmask for unicast: destination only > > According to this, I assume 6509 has both MSFC and sup. engines enlabled for > MLS, but I am not sure if VLANs with NAT still running MLS... How should I > check it? What about Multicast MLS for NATed VLANs? > > Thomas N. > > > > ""MADMAN"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have never tried so I gave er a go and it took the command just > > fine: > > > > > > C6509> ses 16 > > Trying Router-16... > > Connected to Router-16. > > Escape character is '^]'. > > > > > > User Access Verification > > > > Password: > > MSFC16>en > > Password: > > MSFC16#conf t > > Enter configuration commands, one per line. End with CNTL/Z. > > MSFC16(config)#inter vlan 50 > > MSFC16(config-if)#ip nat inside > > MSFC16(config-if)#^Z > > MSFC16# > > > > Dave > > > > "Thomas N." wrote: > > > > > > Anyone have any problem turning on VLAN interfaces that are running on > NAT > > > protocol? I couldn't turn VLAN on my 6509 that has "ip nat inside" > > > statement. Thanks! > > > > > > Thomas N. > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24716&t=24595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Has anyone seen anything from Cisco in reference to this? [7:24717]
Hardware flaws hang some Cisco firewalls Failures don't threaten security, but could cause network availability headaches Stephen Lawson, SAN FRANCISCO Hardware flaws in some Cisco Systems firewalls for corporate central and branch offices have caused the systems to hang or shut themselves down and forced Cisco to replace the affected boxes. Some Cisco Pix 515, 515-DC and 506 Firewalls have suffered system hangs when traffic on the network becomes too heavy, requiring IS staff to manually restart the firewall, Cisco reported in an October 18 field notice on its website. Cisco expects the problem to occur most often in the 515 models, which are designed for corporate central offices, but said it may also happen in 506 units in some cases. The 506 is designed for branch offices, which tend to experience lower traffic levels. The firewalls typically are installed between a company's internal network and the internet to guard against intrusion. The flaws can cut off an internet connection that runs through a firewall but will not cause a connection to become insecure, Cisco said on its website. Officials at the company weren't available to comment in detail about the problem. While the failures don't pose a security issue, they could cause network availability headaches for a number of large corporations. Cisco holds about one quarter of the overall firewall market, according to Richard Stiennon, a Gartner analyst in Detroit. A serious hardware flaw in such a widely sold firewall device is probably unprecedented, Stiennon says. Cisco has traced the source of the problem to a component that the networking giant began buying from a new supplier in May. The component's timing is slightly different from that on previous units, and the difference makes the system unstable, according to the field notice. Units made after October 2 don't have the flaw. Cisco is replacing the firewalls for registered customers, free of charge. However, because the replacement units need to come from the company's manufacturing facilities in California instead of stock in local service centres, service agreements for overnight replacement can't necessarily be met, especially outside the US. The only workaround Cisco offers is to reduce the traffic load by hard-coding all the firewall's interfaces to 10Mbit/s, or making a change elsewhere in the network that reduces traffic to that level. The units most often hang when traffic exceeds 15Mbit/s, though the threshold varies, according to Cisco. The devices are available with 10Mbit/s, 100Mbit/s, or 1Gbit/s interfaces. Few enterprises are equipped to deal with a workaround that would throttle down a critical network connection so dramatically, Gartner's Stiennon says. On the bright side, only a small percentage have internet connections of more than 10Mbit/s, he adds. Cisco also reported on October 18 a flaw in the way power supplies are attached to motherboards in some Pix 506 Firewalls. Over time, friction and vibration can work the power connection loose, causing the firewall to freeze or reboot, according to the field notice. A cable tie-down was introduced on October 2 that will keep the power supply attached. Cisco is replacing the affected 506 units for registered customers, free of charge. As a workaround, Cisco provides instructions on its website for opening the firewall and reinserting the power connector in the motherboard. The failures and possible long waits for replacements put the spotlight on one problem with integrated hardware-software "appliances" such as the Pix Firewalls, Stiennon says. If hardware problems befall a software firewall, such as one from Check Point Software Technologies, most users can solve them easily and quickly by replacing the Intel-based PC on which the software runs. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24717&t=24717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What is the T1 module for? [7:24697]
You are all just a little off here. It has a RJ48 connection not RJ45 ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > No, the module is just what it says, a CSU/DSU which terminate your T1 > via an RJ45. looks like a 10BaseT connector but the similiarities end > there! > > http://www.cisco.com/warp/public/471/61.html > > Dave > > > > Charles Lin wrote: > > > > Hello! > > > > I like to ask what is a FT1/T1 DSU/CSU module for? If I install one on a > > 2525. Would that make me able to connect to ethernet lan using that module? > > Since the module port is rj45 right? Thank You! > > > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24718&t=24697 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LARP Port 91 [7:24693]
Hi Karl, Do you mean that it is Protocol 91 (LARP) or TCP/UDP Port 91 (MIT Dover Spooler). Not that it will make much difference to my answer except that I would presume that Protocol 91 would not be routable so would be internal, whereas port 91 could have come from outside. The only minor things I have found relate to http (port 80) and port 91 in conjunction with a Trojan attack, but there is no more information, just that the person who detected the ports used was confused as to why Port 91 appeared at all in the IDS reports. Can you tell I was bored tonight, any excuse for a sidetrack. Not much help for you but may spur someone on to tell us about Port 91. Gareth ""hal9001"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I realise that this is a bit off topic but it may be of interest as well and > its driving me nuts. I'm dealing with what appears to be a security breach > at the moment and from what I can accretion it deals with LARP on port 91 > and FTP on Port 21. I really don't know where to start with this can anyone > give me some idea or pointers as to what possible connection there can be > between the pair. > > As far as I can make out someone has FTP'ed out of the network or even > within it to an unknown address (I can't establish whether it was in or > outside as I have only a partial log entry) and used Port 91LARP for > some purpose. Coincidentally three terminals on the same subnet (Windows 98 > with MS Proxy 2 Client) have then been disabled from seeing the Proxy Server > subsequently and only the Proxy Server, all other services were OK. This > has been at great inconvenience to a finance office which was then "fixed" > by somebody in two minutes flat by a person removed the Proxy Client > Software i.e. he/she knew exactly where to go, if you see what I mean. This > was after two weeks scratching around for answersthings could not be > disturbed too much. > > Can anyone shed any light on this at all, I cannot find any good explanation > of LARP apart from a passing reference to MAC addresses. As you can imagine > its caused a few questions that I for one would like answering. > > Thanks > > Karl > > IMPORTANT NOTICE: > This message is intended solely for the use of the Individual or > organisation to whom it is addressed. It may contain privileged or > confidential information. If you have received this message in error, > please notify the originator immediately. > > If you are not the intended recipient, you should not use, copy, alter, or > disclose the contents of this message. All information or opinions > expressed in this message and/or any attachments are those of the author and > are not necessarily those of Karl or Pauline HUTCHINSON. > Karl & Pauline HUTCHINSON accepts no responsibility > for loss or damage arising from its use, including damage from virus. > > > > > IMPORTANT NOTICE: > This message is intended solely for the use of the Individual or > organisation to whom it is addressed. It may contain privileged or > confidential information. If you have received this message in error, > please notify the originator immediately. > > If you are not the intended recipient, you should not use, copy, alter, or > disclose the contents of this message. All information or opinions > expressed in this message and/or any attachments are those of the author and > are not necessarily those of Karl or Pauline HUTCHINSON. > Karl & Pauline HUTCHINSON accepts no responsibility > for loss or damage arising from its use, including damage from virus. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24719&t=24693 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multilayer Switching [7:24595]
Sorry, the command is . ""Thomas N."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone have any problem turning on VLAN interfaces that are running on NAT > protocol? I couldn't turn VLAN on my 6509 that has "ip nat inside" > statement. Thanks! > > Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24720&t=24595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP - hows it work [7:24721]
If you setup HSRP on a two router and one is set to prempt. Router A has a higher priority tah router B and is currenlty the active router. Router A then fails and router B is now active. If Router A comes back online will it again become the active router or would you need to fail-over router B? Is the HSRP address the mac of the active nic or is it a virtual or software mac address? Thanks for any help! __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24721&t=24721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multilayer Switching [7:24595]
Sorry Thomas the command is "sh mls en". ""Thomas N."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone have any problem turning on VLAN interfaces that are running on NAT > protocol? I couldn't turn VLAN on my 6509 that has "ip nat inside" > statement. Thanks! > > Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24722&t=24595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP addressing Subnetting [7:24712]
Answering early to increase the chance of humiliation if I make mistakes In this case, the 1st and 4th octets are not subnets of all zero's/all one's, because you are using a Class A address. Your 4 little 26 bit subnets are right in the middle(ish) of a very large Class A network (10.0.0.0 - 10.255.255.255). The illegal subnets if using 26 bit subnets throughout would be 10.0.0.0/26 and 10.255.255.192/26. No you can't use 10.60.0.63 as a host address because it is the broadcast address. Interesting to see exactly what happened if you did (I would imagine chaos). I would think that the only situation that a broadcast address can be used is using a 31 bit mask. I know that this can be done (One device uses the network address and one uses the broadcast), but I don't know whether that is just for serial connections or whether this can be used on an ethernet with just two devices. Open to correction from all-comers as usual, and especially open to comments on the 31 bit mask thing. Regards, Gareth ""Tribavan Raina"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi.. > > I was going through some subnetting scenarios and came across this stuf > which is confusing for me.We have been given a network range of > > 10.60.0.0/24. > We have 3 routers which are connected back to back and they all have 3 > ethernet ports for 3 ethernet networks.Each subnet will have max. hosts 60 > and we also need to design IP addressing for serial links with max.2 IP > addresses to conserve IP addresses. > In the solution it says, > For > 60 hosts we need minimum 6 bits ,2^6-2=62 hosts per subnet. > By subnetting 10.60.0.0/24 > we get 4 subnets with 26 bit mask. > 10.60.0.0/26 > 10.60.0.64/26 > 10.60.0.128/26 > 10.60.0.192/26 > NOw my question is that can we use 1st and 4th subnet as the rule says that > u cant use subnet with all 0's and all 1's. > Same way for the network > 10.60.0.0/26 the first host would be > 10.60.0.1/26 and the broadcast address would be > 10.60.0.63/26 > Can I use 10.60.0.63 as an IP address ,and If not what will happen if I ping > this broadcast address. > I tried this on Win2k and it allows me to use broadcast ip for a network > interface > .What is the effect of using broadcast IP as a IP address on a network card? > > Thanks in advance > > > Tribavan Raina Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24723&t=24712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX RIP [7:24621]
Thanks Priscilla. I thought that would be the case. In fact, digging around a bit more, I'm not even sure if a triggered update would be sent. 'clear ipx route *' causes RIP/SAP general requests on all IPX interfaces, according to the command reference. But I think that would just cause RT2 to send its routes (and SAPs) to RT1 - I assume RT2 wouldn't also send them to RT3, and RT1 wouldn't send out an update saying it's lost all it's routes?! I haven't found any doco that goes into IPX RIP in such gory detail, though! All the stuff I've seen barely even mentions the existence of triggered updates, let alone the details of exactly when they are sent :-( JMcL Priscilla Oppenheimer wrote: > > Triggered updates on IPX RIP are stupid compared to something > like EIGRP. > They just get sent out by a router that brings a route up or > notices that > one goes down. They don't get propagated. More than one router > might decide > a route is up or down, but not necessarily, depending on timing. > > As you know I'm sure, IPX routes are marked invalid if no > routing updates > are heard within three times the value of the update interval > and are > advertised with a metric of infinity. IPX routes are removed > from the > routing table if no routing updates are heard within four times > the value > of the update interval. > > I think RT2 in your case would wait 15 minutes to mark a route > from RT1 > invalid. In the meantime, RT2 is still sending RIPs every 60 > seconds out to > RT3 with the routes from RT1 still valid. So, I would say that > the > triggered update from RT1 would not cause any extra traffic on > the > RT2---RT3 link or on the RT3---RT4 link. > > You can configure the interval at which a network RIP entry > ages out, by > the way, with the ipx rip-multiplier command. That could > confuse matters > > Sorry I don't have any more experience to share. Good luck. I'm > sorry > you're having a bad week. We're learning from your experiences > too, if that > helps at all. ;-] > > Priscilla > > At 01:36 AM 10/30/01, [EMAIL PROTECTED] wrote: > >OK, I'm asking a few more questions than I'm answering lately. > > > >Question about IPX RIP (not IP RIP - although they may work > the same way in > >this instance). > > > >Say I have the following setup... > > > >RT1---RT2---RT3---RT4 > > > >The RT2 to RT3 link is ethernet, the others are serial, > although I'm not > >sure that that makes a difference. The IPX RIP update time is > set to five > >minutes on the RT1 to RT2 link, and defaults (to 60 seconds) > on the other > >two links - again, I'm not sure that this makes a difference. > There are no > >relevant filters in this scenario. > > > >If the IPX routes are cleared on RT1 (clear ipx route *), how > far will > >triggered RIP updates/changes be propagated? Will any extra > traffic (above > >normal RIP updates) be created from RT3 to RT4? > > > >Thanks, > >JMcL > > > Priscilla Oppenheimer > http://www.priscilla.com > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24724&t=24621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Has anyone seen anything from Cisco in reference to this? [7:24725]
The URL below shows almost exactly what was reported (in field notices): http://www.cisco.com/warp/public/770/52.html We've had a few with the problems mentioned, notably a failover bundle which an engineer flew out to Iberia to install. Must nip back and sort it out. Gareth ""Elijah Savage"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hardware flaws hang some Cisco firewalls > Failures don't threaten security, but could cause network availability > headaches > > > Stephen Lawson, SAN FRANCISCO > Hardware flaws in some Cisco Systems firewalls for corporate central and > branch offices have caused the systems to hang or shut themselves down > and forced Cisco to replace the affected boxes. > > Some Cisco Pix 515, 515-DC and 506 Firewalls have suffered system hangs > when traffic on the network becomes too heavy, requiring IS staff to > manually restart the firewall, Cisco reported in an October 18 field > notice on its website. Cisco expects the problem to occur most often in > the 515 models, which are designed for corporate central offices, but > said it may also happen in 506 units in some cases. The 506 is designed > for branch offices, which tend to experience lower traffic levels. > > The firewalls typically are installed between a company's internal > network and the internet to guard against intrusion. The flaws can cut > off an internet connection that runs through a firewall but will not > cause a connection to become insecure, Cisco said on its website. > Officials at the company weren't available to comment in detail about > the problem. > > While the failures don't pose a security issue, they could cause network > availability headaches for a number of large corporations. Cisco holds > about one quarter of the overall firewall market, according to Richard > Stiennon, a Gartner analyst in Detroit. A serious hardware flaw in such > a widely sold firewall device is probably unprecedented, Stiennon says. > > Cisco has traced the source of the problem to a component that the > networking giant began buying from a new supplier in May. The > component's timing is slightly different from that on previous units, > and the difference makes the system unstable, according to the field > notice. Units made after October 2 don't have the flaw. > > Cisco is replacing the firewalls for registered customers, free of > charge. However, because the replacement units need to come from the > company's manufacturing facilities in California instead of stock in > local service centres, service agreements for overnight replacement > can't necessarily be met, especially outside the US. > > The only workaround Cisco offers is to reduce the traffic load by > hard-coding all the firewall's interfaces to 10Mbit/s, or making a > change elsewhere in the network that reduces traffic to that level. The > units most often hang when traffic exceeds 15Mbit/s, though the > threshold varies, according to Cisco. The devices are available with > 10Mbit/s, 100Mbit/s, or 1Gbit/s interfaces. > > Few enterprises are equipped to deal with a workaround that would > throttle down a critical network connection so dramatically, Gartner's > Stiennon says. On the bright side, only a small percentage have internet > connections of more than 10Mbit/s, he adds. > > Cisco also reported on October 18 a flaw in the way power supplies are > attached to motherboards in some Pix 506 Firewalls. Over time, friction > and vibration can work the power connection loose, causing the firewall > to freeze or reboot, according to the field notice. A cable tie-down was > introduced on October 2 that will keep the power supply attached. > > Cisco is replacing the affected 506 units for registered customers, free > of charge. As a workaround, Cisco provides instructions on its website > for opening the firewall and reinserting the power connector in the > motherboard. > > The failures and possible long waits for replacements put the spotlight > on one problem with integrated hardware-software "appliances" such as > the Pix Firewalls, Stiennon says. If hardware problems befall a software > firewall, such as one from Check Point Software Technologies, most users > can solve them easily and quickly by replacing the Intel-based PC on > which the software runs. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24725&t=24725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CPA-2509 ios problem.. [7:24635]
CPA indicates that it is a white CiscoPro model. You must "Cisco-ize" it before it will accept standard IOS images. If you have access to the Software Center of CCO you can download a utility that accomplishes that. It's called the cookie upgrade image file. http://www.cisco.com/cgi-bin/Software/Tablebuild/tablebuild.pl/rsl BTW Most likely you have 4MB of Flash. Consider upgrading that to 8 or 16MB. There are folks on this list who will sell it to you at a reasonable price. eBay prices also seem good. Lesson learned is to always copy an old image to your tftp server before erasing it. > -Original Message- > From: Atakan VZDEMIR [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 30, 2001 4:29 AM > To: [EMAIL PROTECTED] > Subject: CPA-2509 ios problem.. [7:24635] > > > I have a problem with this hardware `cause I erased old ios > while I was > trying to update it. > and Now I couldn`t find any ios compatible with this device. > I can boot it > only boostrap ios. > Can anyone help me which ios compatable with this device? > > Best Regards > > Cisco Internetwork Operating System Software > IOS (tm) 3000 Bootstrap Software (IGS-RXBOOT), Version > 10.2(8a), RELEASE > SOFTWARE (fc1) > Copyright (c) 1986-1995 by cisco Systems, Inc. > Compiled Tue 24-Oct-95 15:46 by mkamson > Image text-base: 0x0102, data-base: 0x1000 > > ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE > > Router_L uptime is 18 minutes > System restarted by power-on > Running default software > > > cisco CPA2509 (68030) processor (revision D) with > 16380K/2048K bytes of > memory. > Processor board serial number 04603591 with hardware revision > X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. > Authorized for CiscoPro software set only. (0x80) > 1 Ethernet/IEEE 802.3 interface. > 2 Serial network interfaces. > 8 terminal lines. > 32K bytes of non-volatile configuration memory. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24663&t=24635 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FTP Server [7:24525]
Thank you, Michael. I have another question. Can I use the same access list group number for another IP address? For example, I want to all the users to access 192.3.11.100 and only allow ftp for 192.3.10.10. access-list 110 permit ip any host 192.3.11.100 access-list 110 permit tcp any host 192.3.10.10 eq ftp Thanks. Jill ""Michael Williams"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > That would work, although you don't need the "deny ip any any" as there is > always an implied "deny all" at the end of the access list. > > However, to protect yourself from unwanted traffic/attacks, you can changed > your access list to only allow traffic incoming on port 21 (eq ftp): > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > That should do it for ya. > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24682&t=24525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - good auction seller [7:24468]
Good to hear that UK service is good. I've been meaning to order X21 crossover cables from him for a while. Always a little more dubious overseas, although they do seem good value. Best I've found yet anyway. If he'll send them to me that is - I think I may have confused his gender in a previous e-mail. I think Kelly may be used more in the male form in US - oops. Gareth ""Symon Thurlow"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have bought ram and flash many times from Kelly. The first time his > communication was very average, but every other time after that he has > been first rate, and well priced. I live in London, UK and after placing > the order I see the goods within days. > > I will certainly buy from him again. > > Symon > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Christopher Kolp > Sent: 29 October 2001 21:11 > To: [EMAIL PROTECTED] > Subject: Re: Off Topic - good auction seller [7:24468] > > > What is his ebay seller name? > > And does anyone have any experience with KG2 or KG2.com? > > > > > On Monday, October 29, 2001, at 12:26 AM, Chuck Larrieu wrote: > > > After some of the recent negative discussion about a particular > auction > > seller ( and thanks - it helped me avoid bidding on certain products ) > I > > thought some folks might be interested in my recent positive > experience. > > > > Pat McKool of Market Network Solutions, was a pleasure to deal with. > > > > If anyone is in the market for used equipment, you might want to keep > > an eye > > out for this guy on That Auction Site. > > > > NOTE: past performance is no guarantee of future results ;-> > > > > Chuck > -ck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24640&t=24468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF across PIX [7:24608]
Can you set up a network address translation both ways so that the routers think they're talking to a router on the same subnet? Big guessing going on here (on my part). Gareth ""pat"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks for your repply. > > When I try to specify outside router as neighbor using > neighbor command > I get "OSPF: Neighbor address does not map to an > interface". How do I resolve > this issue ? > > What do you mean by "If you are doing NAT then a > global and > nat combination need to represent the internal IP > addresses > to the outside network"...? Can you give can example? > > I am doing NAT on firewall. > > The Ip address are as follows > > Inside router Ethernet 10.10.2.1 > Firewall inside 10.10.2.1 > Firewall outside 138.12.48.2 > Outside Router ethernet 138.12.48.1 > > > Thanks a lot for everybody's response. > > > > --- "Engelhard M. Labiro" > wrote: > > Sorry, replying my own message. > > The access-list below assumes that you are able to > > use nat 0 command (no NAT translation will occur > > for the internal IP addressess to be seen from > > outside > > network). If you are doing NAT then a global and > > nat combination need to represent the internal IP > > addresses > > to the outside network, before applying the > > access-list below. > > > > Hope you get the idea. > > > > > Since OSPF uses IP protocol 89, permit this > > protocol between > > > the two OSPF routers with access-list applied at > > outside and inside > > > PIX interfaces, something like this: > > > access-list 101 permit 89 host 1.1.1.1 host > > 2.2.2.2 > > > access-list 102 permit 89 host 2.2.2.2 host > > 1.1.1.1 > > > access-group 101 interface inside > > > access-group 102 interface outside > > > > > > At the OSPF routers, put neighbour command, so > > they can speak > > > each other directly without multicasting the hello > > packets. > > > > > > Hope you get the idea. > > > > > > - Original Message - > > > From: "pat" > > > To: > > > Sent: Tuesday, October 30, 2001 1:01 PM > > > Subject: OSPF across PIX [7:24608] > > > > > > > > > > Does anybody has any ideas on how to run OSPF > > across > > > > firewall. What ports to be open & how to make > > router > > > > esablish nighbour relations across firewall. > > > > > > > > Any thought on this will be greatly appriciated. > > > > > > > > Thanks, > > > > patterson. > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Make a great connection at Yahoo! Personals. > > > > http://personals.yahoo.com > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24726&t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPM for IDS [7:24727]
Hello, I'm trying to setup CSMP. On Netranger side, I got "sync NOT received" error. Network connection is good. What might be the problem? Thanks a lot. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24727&t=24727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Second opinion on Regular Expression [7:24460]
sorry to take so long to get back to you. DOH! you are correct. I was looking only at the first part of the path, and so I was not filtering what I thought I was filtering. the ip as-path access-list deny ^_.* will deny any AS Path that begins with , no matter what follows. ip as-path access-list deny ^_ appears to filter nothing because my AS paths contain more than just the one AS/ Appreciate the review. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 28, 2001 11:40 PM To: [EMAIL PROTECTED] Subject: Re: Second opinion on Regular Expression [7:24460] Chuck, You need to make the deny '^ .*'. Assuming you are putting this on an EBGP router peering with AS. "ip as-path access-list 55 deny ^ .*" The '^' is an anchor in regex and forces a match at the beginning of the input string you are comparing. IE: Whatever is after the '^' must start at the beginning of the string being compared to match and make the epxression true. To see if you are getting anything from AS try: "show ip bgp regexp ^ .*" Good way to test your regexp as well. -Julian ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > for an as-path filter, here is what I want to accomplish: > > from one particular router to another particular router I want to filter any > AS path whose most recent AS was > > so if the BGP route has a path in the BGP table as ? or > ? etc > then I want that route to be filtered to a particular neighbor > > routes such as ? or , for example are OK to > pass > > my access-list is: > > ip as-path access-list 55 deny ^_ > ip as-path access-list 55 permit .* > ! > and my neighbor statement is neighbor a.b.c.d filter-list 55 out > > does the ^ character really mean what I think it is supposed to mean? I.e > does it filter any AS path that BEGINS with , or is it doing something > unexpected? > > I have a complex mesh ( mess too ;-> ) of BGP neighbors, and it is a bit > hard to tell if I am accomplishing what I think I am accomplishing. > > thanks. > > Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24728&t=24460 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Definitive source for info on T1 and FT1? [7:24729]
Have a project coming up that involves a lot of the various flavors of T1 WANs, data only, in multiple cities with multiple providers using 2600s. Suggestions as this is only touched on in a lot of texts and Ive got to come up to speed quickly. TIA Dan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24729&t=24729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF across PIX [7:24608]
OK maybe...but wouldn't that be translating an IP address of the neighboring router to something it really isn't & botch up the OSPF table on the remote router? Or are you suggesting something different than what I'm thinking? My first impression is that this probably can't be done but I'm always open to finding ways to do the impossible ;) - Original Message - From: "Gareth Hinton" To: Sent: Tuesday, October 30, 2001 6:35 PM Subject: Re: OSPF across PIX [7:24608] > Can you set up a network address translation both ways so that the routers > think they're talking to a router on the same subnet? > > Big guessing going on here (on my part). > > > Gareth > > > ""pat"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thanks for your repply. > > > > When I try to specify outside router as neighbor using > > neighbor command > > I get "OSPF: Neighbor address does not map to an > > interface". How do I resolve > > this issue ? > > > > What do you mean by "If you are doing NAT then a > > global and > > nat combination need to represent the internal IP > > addresses > > to the outside network"...? Can you give can example? > > > > I am doing NAT on firewall. > > > > The Ip address are as follows > > > > Inside router Ethernet 10.10.2.1 > > Firewall inside 10.10.2.1 > > Firewall outside 138.12.48.2 > > Outside Router ethernet 138.12.48.1 > > > > > > Thanks a lot for everybody's response. > > > > > > > > --- "Engelhard M. Labiro" > > wrote: > > > Sorry, replying my own message. > > > The access-list below assumes that you are able to > > > use nat 0 command (no NAT translation will occur > > > for the internal IP addressess to be seen from > > > outside > > > network). If you are doing NAT then a global and > > > nat combination need to represent the internal IP > > > addresses > > > to the outside network, before applying the > > > access-list below. > > > > > > Hope you get the idea. > > > > > > > Since OSPF uses IP protocol 89, permit this > > > protocol between > > > > the two OSPF routers with access-list applied at > > > outside and inside > > > > PIX interfaces, something like this: > > > > access-list 101 permit 89 host 1.1.1.1 host > > > 2.2.2.2 > > > > access-list 102 permit 89 host 2.2.2.2 host > > > 1.1.1.1 > > > > access-group 101 interface inside > > > > access-group 102 interface outside > > > > > > > > At the OSPF routers, put neighbour command, so > > > they can speak > > > > each other directly without multicasting the hello > > > packets. > > > > > > > > Hope you get the idea. > > > > > > > > - Original Message - > > > > From: "pat" > > > > To: > > > > Sent: Tuesday, October 30, 2001 1:01 PM > > > > Subject: OSPF across PIX [7:24608] > > > > > > > > > > > > > Does anybody has any ideas on how to run OSPF > > > across > > > > > firewall. What ports to be open & how to make > > > router > > > > > esablish nighbour relations across firewall. > > > > > > > > > > Any thought on this will be greatly appriciated. > > > > > > > > > > Thanks, > > > > > patterson. > > > > > > > > > > > > > __ > > > > > Do You Yahoo!? > > > > > Make a great connection at Yahoo! Personals. > > > > > http://personals.yahoo.com > > [EMAIL PROTECTED] > > > > > > __ > > Do You Yahoo!? > > Make a great connection at Yahoo! Personals. > > http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24730&t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Employment Opportunity [7:24699]
I am however working in Singapore will I qualify? regards, suaveguru --- Sandy Thielamay wrote: > Hello All, > > > > We are looking for two Senior Network Engineer in > my company. Very > > interesting environment to work , good pay and > lots of Cisco gear to play > > with. Please send me an email with your resume > attached and a phone > number > > to contact you back. > > > > > > > > > > > Cheers, > > > > Sandy Thielamay > > CCIE#6937 [EMAIL PROTECTED] __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24731&t=24699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
