Re: First learning experience. [7:27653]

[c.h.ip]

Ryan Ngai Hon Kong wrote:

 Hi all,
 
 Just want to tell you all that I finally attempted my first lab on 28/11.
 What an experience for 2 years in networking line (newbies) after
completing
 
 all my NA/NP certification and finally now turning to the lab. I knew I
 didn't 
 do a good job  there though the result have not been released yet (which
 took 
 a couple of days), it's my first learning experience. 
 

finally, did you take the lab exam in Hong Kong?  I have thought that I
need to travel to BeiJiang or Singpoare to take the lab test..

Regards,
c.h.Ip




(for me, it still a long way to go.  I think i can make my first lab
attmept in 18 or 24 months, as now on the way of NP  DP exams, and
seeking study parther...)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27656t=27653
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Slimline 2 [7:27365]

[Anthony Toh]

Hi, is this Slimline 2 ISDN simulator a software ?
If it is, can you send one copy to me ?

[EMAIL PROTECTED]


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27657t=27365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

network simulator [7:27658]

[Anthony Toh]

Is there any router simulation software that I can configure to run in a
Frame Relay and ISDN network ?
Appreciate if anyone who knows can send me one.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27658t=27658
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Q.921 and Q.931 [7:27568]

[Peter Whittle]

I sent this to Priscilla on the topic and she suggested that the group
might benefit from my response, so here it is.

Priscilla,

I think that you may find it helpful to separate end - to - end data
transfer from signalling.

Very few L2 protocols offer error correction. The modern approach is to
require the L1 transmission to provide intrinsically reliable
communication and hence it is a waste of bandwidth to implement error
correction both on hop by hop and end to end basis as per X.25.
Modern WAN digital transmission systems are designed to offer
transmission error rates of fewer than 1 bit error in 10^9 bits.

On Telco Wan links it is common on this side of the pond to require
transmission media to offer error rates better than 1 in 10^9 and often
1 in 10^11. Indeed the commissioning tests call for fewer than 1 error
in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error
in 24 hours on International links prior to acceptance from Transmission
into Networks for operational trunks. That is not to say that links may
not degrade but if the error rates became worse than 1 in 10^9 it would
be time for Network operations to call 'holes  poles' (Transmission) to
fix it.

The fundamental assumptions in both Frame Relay and ATM is that they are
running over intrinsically reliable transmission media. The low error
rates being achieved either by correctly engineered transmission paths
or by the use of significant forward error correction built in to the
transmission equipment.

ATM, and Frame Relay, implement error correction, or more precisely re-
transmission in the interface to the signalling protocols. ISDN relies
on the hop by hop error correction offered by LAPD.  However, they tend
to leave the issue of payload error correction to any high level end-to-
end protocols being run on top of these L2 Datalinks.

ATM offers no direct protection of payload content, the HEC only
protects the ATM header. However, some AALs do offer protection if not
correction of the payload. Even AAL5 - most common for IP has a check
polynomial (CRC32) to protect the CS PDU. It performs error detection
but not correction. In the case of Q.2931, SAAL (version of AAL5 to
carry signalling) will detect faulty PDUs.  If you want to look at ATM
signalling take a look at Q.2931 essentially an enhanced and extended
version of narrow band ISDN Q.931 signalling.  Take a look at the ATM
forum website. www.atmforum.org


Frame Relay has Frame Check Sequence that again will detect faulty
frames. (Incidentally Carrier Switches tend to drop frames with a faulty
FCS). Incidentally Frame Relay is sometimes known as LAPF. Take a look
at the frame relay forum web site. www.frforum.org there are some good
white papers and the frf's recommendations that you can download.


ISDN B channel - is a 64 Kbit clear channel and the network makes no
assumptions about the contents. It could be any number of data formats
or indeed it could be 64 K G.711 PCM voice. The most ubiquitous use of
data over ISDN is to encapsulate it in PPP which is intrinsically multi-
protocol. However, it is also possible to use HDLC, X.25, Frame Relay,
or any number of specialist protocols. D channel usage is somewhat
different. L2 on D channel is Q.921 (as you say also known as LAPD). It
is perhaps worth pointing out the ISDN signalling is NOT an end to end
protocol! ISDN signalling only traverses the single hop to the
signalling processor on the nearest switch.  This signalling processor
then signals to the signalling processor of the next switch and finally
the signalling processor on the last switch communicates with the far
end CPE. In Public Carrier Networks the signalling between switches is
normally SS7 or C7 as it is sometimes known.  The D channel is normally
used for signalling but in the case of Basic Rate may also be used for
permanently on low speed data services such as X.31 (9k6 X.25 in D
channel, which uses LAPD for L2 and normal X.25 L3)

Q.931 is used on public networks to communicate with the Carrier's CO
switch and is fairly primitive in its feature set. QSIG is essentially a
superset of Q.931 used on private telephony networks to signal between
PABXs and offers an enhanced set of features such as 'camp on
extension', 'ring back when free', redirect calls etc.


X.25 has hop by hop error detection and correction in L2 - LAPB and also
end to end in the L3. Sometimes known as 'belt and braces' or 'The Pony
Express' of data communications. 'We get the data through, eventually,
no matter how crummy the analogue link is!'

Not being of IBM extraction I am not in a position to comment on SDLC or
Bisync.

I hope that this helps

Peter

-- 
Peter Whittle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27659t=27568
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Serial Numbers for Cisco 7206 [7:27531]

[[EMAIL PROTECTED]]

show hardware


H.T.H.

Dom Stocqueler



   

Tay
Chee
YongTo:
[EMAIL PROTECTED]
  Subject: Serial Numbers for Cisco 7206
[7:27531]
Sent
by:
   
nobody@groups
   
tudy.com
   

   

   
28/11/2001
   
10:10
   
Please
respond
to
Tay
Chee
   
Yong
   

   





Hi all,

May I know how can I obtain the serial number for the NPE for Cisco 7206??

The show c7200 command says that its displaying the CPU EEPROM serial
number. Is it also referring to the serial number of the NPE?

Please advise.

Regards,
Cheeyong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27660t=27531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP telephony [7:27533]

[Patrick Donlon]

As Matthew said looks like you've got every thing already, all you have to
do is set up the call routing, simple

Cheers

Anil Kumar  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi All,

 For a customer i have implemented an Voip and Ip telephony
 between two office with Cisco Call Manager 3.0. I need to
 intergrate the CCM with Normal PBX phones, so that users
 can dail to the normal telephone to Ip telephone.

 For the Voip i am using Cisco 3640 and 3660 Routers with
 NM-HDV cards and both the HDV cards are connected to Nortel
 PBX.

 Need help/sugesstion on this.

 Thanks in Advance.

 Regards.. Anil


 =
 Thanks  Regards

 V Anil Kumar

 __
 Do You Yahoo!?
 Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
 http://geocities.yahoo.com/ps/info1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27661t=27533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Damian Rizzo Eats Poo [7:27662]

[Lee James]

Damian Rizzo have you passed your ccnp yet. 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27662t=27662
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco ACS/Telnet config [7:27648]

[Tunji Suleiman]

Hi Richard,

The aaa-new model command, once enabled always asks you for a 
username/password combination for any login type. Looking at your config I 
expect you to get a username/password prompt and failed logins for both con 
and vty unless if authenticated by tacacs and am surprised you are able to 
login by console.

To get around it,
a. Creat a local username/password on the AS ie
  username anything password anyotherthing
b. Add the command
  aaa authentication login no_tacacs local
c. Add the command:
  login authentication no_tacacs
   to your con and vty lines to reference b. above

I once experienced a similar thing and resolved it as above, except you want 
to authenticate all logins by tacacs.

I am open to corrections.

Tunji




_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27663t=27648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: First learning experience. [7:27653]

[Dennis]

Thanks for sharing your experience!  Keep you head up, study hard, and
you'll get it next time.  I'll be taking the lab for the first time in
Jan...

--

-=Repy to group only... no personal=-

Ryan Ngai Hon Kong  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all,

 Just want to tell you all that I finally attempted my first lab on 28/11.
 What an experience for 2 years in networking line (newbies) after
completing

 all my NA/NP certification and finally now turning to the lab. I knew I
 didn't
 do a good job  there though the result have not been released yet (which
 took
 a couple of days), it's my first learning experience.

 I found that this is the complete lab I'd ever put my hands on, all the
 while
 I only had 4-5 routers at home to practice. Lots of practice needed to get
 me more prepare for the next round, which might be 1/2 years ahead. I was
 inspired by Chuck's story line before I had my exam the other night, and
 now it's all over. Time is not something we ask for, knowledge keep you
 going. You got to know what to do when you face a problem, you don't
really
 have a choice. For the last 15 mins before it's over, I knew I will not
 finish them on time so I'll just stop and review all the question and keep
 them in mind. They are my first lesson and it'll be more tougher the next
 attempt. I didn't regret for the result later, I'm just happy that quality
 of the exam really worth for everyone here to work after. They'll sure
 pay off one day.

 One day lab is a monster, with little trouble in mind memorizing the
 ip address, distribution and routing table, you will soon overcome
 them. Once the frame relay works, routing come into picture. You have
 no idea how and what the end of this lab are trying to achieve, putting
 tons of assumption into the answer though they never work.. you got no
 time to browse the documentation cd, you can't wait a sec to save your
 configuration and you can't affort to show run your configuration at
 all time. Memorizing and organizing every single information is crucial
 to keep you on time. Luckily troubleshooting is removed from the lab.
 Thanks to Jeff for putting off my nervous on my first attempt, I'm sure
 I'll see you again next round.

 On my way home riding on a bus, the question still dazzle on my mind.
 The movie played on the journey home, Pearl Harbour even inspire me
 that getting train to fly a dangerous mission even harder getting the
 CCIE status. I promise myself that I'll work even harder for my next
 lab attempt.

 To all the others coming up with your lab attempt this year, good luck
 to you all. Never doubt on your first attempt, take it as part of your
 first learning experience. My mind is empty when I had it also.

 Have a nice day.
 Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27664t=27653
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help on VLSM [7:27665]

[Tel Khan]

Hi folks, 

I dont fully undertand VLSM i have read this in the Sybex book and i'm still
at a loss, I would be grateful for some guideness.

Sorry for beeing thick! 

Regards 
Tel 





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27665t=27665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: First learning experience. [7:27653]

[Gary Wong]

There are 4 places to go for the R/S lab in AP for guys like us in HK:
Tokyo, Beijing, Singapore and Sydney.
The backlog in BJ is pretty long, you might think about SG or Tokyo.
Though I took mine at Sydney, for twice.

Gary
CCIE#8256

c.h.ip  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Ryan Ngai Hon Kong wrote:

  Hi all,
 
  Just want to tell you all that I finally attempted my first lab on
28/11.
  What an experience for 2 years in networking line (newbies) after
 completing
 
  all my NA/NP certification and finally now turning to the lab. I knew I
  didn't
  do a good job  there though the result have not been released yet (which
  took
  a couple of days), it's my first learning experience.
 

 finally, did you take the lab exam in Hong Kong?  I have thought that I
 need to travel to BeiJiang or Singpoare to take the lab test..

 Regards,
 c.h.Ip

 (for me, it still a long way to go.  I think i can make my first lab
 attmept in 18 or 24 months, as now on the way of NP  DP exams, and
 seeking study parther...)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27666t=27653
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Split Horizon and Frame [7:27668]

[McCallum, Robert]

Folks,

Quick question just to make sure I have things correct in my head.  Please
correct me if I'm wrong.

O.k.

FOR IPX every frame interface (physical, point, multipoint) split horizon is
enabled by default.

FOR IP physical frame interface split horizon is disabled and for point and
multipoint split horizon is enabled by default.

The above on ATM interfaces is it the same rules??

Cheers

Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27668t=27668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Send BREAK to console thru term server [7:27572]

[Logan, Harold]

It can be done, but your telnet program has to support the break
sequence. The telnet program that ships with win98 won't do it, but if
you use hyperterm as your telnet client, that does work, depending on
the OS. The version of hyperterm that ships with win98 supports the
break sequence, but the one that ships with Windows NT doesn't. Those
are the only ones I've messed with to see if the password recovery works
or not. Here's my setup:

Using hyperterm, I telnet into a 2509 router, that has an octal cable
plugging into several other routers' console ports. From there, if I or
one of my students want to do the password recovery procedure just for
practice, that's no problem. I console into the router from the 2509,
and I enable, type reload, and as the router reboots, I hit Ctrl-break.
No problem. Where you run into problems is if you actually need to do a
password recovery because you don't know the enable password. Either you
need to call someone on site and ask them to reboot the router, or there
are products by APC (and others I'm sure) that will let you remotely
power-cycle a router.

hth,
Hal Logan
Network Specialist / Adjunct Faculty
Computing and Engineering Technology
Manatee Community College


 -Original Message-
 From: Sean Wu [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, November 28, 2001 4:01 PM
 To: [EMAIL PROTECTED]
 Subject: Send BREAK to console thru term server [7:27572]
 
 
 How can we send a BREAK signal via telnet session?
 
 I access some device via terminal server, the only thing I am 
 wondering is
 how to send a BREAK so that I can do password recovery.
 
 thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27669t=27572
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Split Horizon and Frame [7:27668]

[Dennis]

My understanding is...

IPX and IP

Split horizon is disabled by default on physical interfaces and enabled by
default on sub-interfaces...



--

-=Repy to group only... no personal=-

McCallum, Robert  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Folks,

 Quick question just to make sure I have things correct in my head.  Please
 correct me if I'm wrong.

 O.k.

 FOR IPX every frame interface (physical, point, multipoint) split horizon
is
 enabled by default.

 FOR IP physical frame interface split horizon is disabled and for point
and
 multipoint split horizon is enabled by default.

 The above on ATM interfaces is it the same rules??

 Cheers

 Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27670t=27668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help on VLSM [7:27665]

[Carroll Kong]

At 07:35 AM 11/29/01 -0500, Tel Khan wrote:
Hi folks,

I dont fully undertand VLSM i have read this in the Sybex book and i'm still
at a loss, I would be grateful for some guideness.

Sorry for beeing thick!

Regards
Tel
VLSM means you can variable length subnet masks.

192.168.0.0/24 is normally a classic class C block.  Let us say you want 
to break it up into two subnets, normally you would do

192.168.0.0/25
192.168.0.128/25

What VLSM lets you do is have this scenario.  Say I want 3 subnets!

192.168.0.0/25
192.168.0.128/26
192.168.0.192/26

Notice, now I have Variable Length Subnet Masks!

Normally, since subnet info is not passed into certain routing protocols at 
all, they trust on the subnet mask assigned on the router's 
interface.  Obviously, with just that method, you can ONLY break them into 
the same subnet masks across all subnets.  In the VLSM case, I can break 
them up dynamically into smaller and smaller pieces.  You can expand this 
example to make tiny /30 networks too.  Ultimately, it is not that 
magical.  It just means you can pass these routes into one router's 
interface without getting it confused because the routing protocols that 
support VLSM carry the subnet mask information within the routing packets.



-Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27671t=27665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Split Horizon and Frame [7:27668]

[James Haynes]

I believe Split Horizon must be enabled for IPX RIP and is enabled by
default on Frame Relay interfaces running IPX.

--
James Haynes
Network Architect
Cendant IT
A+,MCSE,CCNA,CCDA,CCNP,CCDP,
CQS-SNA/IPSS

Dennis  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 My understanding is...

 IPX and IP

 Split horizon is disabled by default on physical interfaces and enabled by
 default on sub-interfaces...



 --

 -=Repy to group only... no personal=-

 McCallum, Robert  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Folks,
 
  Quick question just to make sure I have things correct in my head.
Please
  correct me if I'm wrong.
 
  O.k.
 
  FOR IPX every frame interface (physical, point, multipoint) split
horizon
 is
  enabled by default.
 
  FOR IP physical frame interface split horizon is disabled and for point
 and
  multipoint split horizon is enabled by default.
 
  The above on ATM interfaces is it the same rules??
 
  Cheers
 
  Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27672t=27668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

MTU size increase`s bandwidth ???? [7:27673]

[steve skinner]

Chaps,


i came across this recently and was wondering if anyone had seen this 
before..

we currently have 2 10meg smds(multicast)curcuits spanning the uk

each curcuit is terminated at 2 different point`s (seperate HSSI router 
int`s) in 2 seperate HO`s in the UK
the HO`s are linked by gig ether-fibre link across the UK.
OSPF is the only protocol bieng used (apart from some statics for Backup)

after consulting the Cisco Documnetation about  HSSI MTU over AAL3 we were 
advised that an MTU of 4470-9120 compared to the standard of 1500 would 
greatly increase the performance of our links

the orignal network desinger set them to this

over the last month or so ..these links have been running at 120%..(no 
good)...so as an experiment the MTU were changed to 1500 for the HSSI int`s 
and now since then the traffic has decreased to 80%..

anyone seen this before ...and why would the decrease in  MTU size cuase 
less bandwidth to be used ..


anyone

TIA

steve

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27673t=27673
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Split Horizon and Frame [7:27675]

[Lopez, James]

Robert,

For IPX RIP, it is my understanding that you can not turn off split horizon.

For IP on frame interfaces, split horizon is turned on automatically for
point to point interfaces but off by default for the physical and
multi-point interfaces.

some one please correct me if I am incorrect.


JL

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 8:03 AM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell;
graham; john bermingham; jolash; kash; martin; nigel; paul frost; peter
norberg; phil
Subject: Split Horizon and Frame


Folks,

Quick question just to make sure I have things correct in my head.  Please
correct me if I'm wrong.

O.k.

FOR IPX every frame interface (physical, point, multipoint) split horizon is
enabled by default.

FOR IP physical frame interface split horizon is disabled and for point and
multipoint split horizon is enabled by default.

The above on ATM interfaces is it the same rules??

Cheers

Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27675t=27675
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP telephony [7:27533]

[Anil Kumar]

This is the Voice network  i am implementing.
Voip on this network is working.

Analog PhoneAnalog Phone  
  |  |
  |  | 
  |  |
 
IPtelphone-CCM3.0-3660 Router--3640 Router--IPtelephone
   With NM-HDVWith NM-HDV
  (Main Office)  (Remote Office)



The problem which i am facing is the call routing between
the IP telephone  the Analog phones to both locations.
I am bit confused, and not sure to use which type of
Gateway Types ( MGCP, or H.323) for the 3660 Routers.
I read that MGCP is being used for mainly FXS/ FXO ports.

I am using an R2 Digital Signalling for the NM-HDV card.
I have enclosed the config of the main location, the same
carries for the remote location too.

Request your sugesstion / Comments on this.

Regards.. Anil 



Current configuration:
!
version 12.1
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
service udp-small-servers max-servers no-limit
!

!
enable secret 5 $1$QdNt$.YqZyaiFoHfFW.ZP1yHzG/

!
!
!
!
!
memory-size iomem 10
voice-card 2
!
ip subnet-zero
ip dhcp ping timeout 2000
ip dhcp relay information option
!
ip dhcp-server 179.65.51.20
lane client flush
isdn switch-type primary-net5
cns event-service server
!
!
voice class permanent 10
signal pattern idle transmit 0001
signal pattern idle receive 0001
!
!
!
!
!
!
controller E1 1/0
 framing NO-CRC4
 clock source internal
 channel-group 1 timeslots 1-31
 description connected to Branch
!
controller E1 2/0
 framing NO-CRC4
 clock source internal
 ds0-group 0 timeslots 1-15,17-31 type r2-digital dtmf dnis
 description CONNECTED TO NORTEL EPABX
!
!
!
interface Multilink1
 ip address 192.168.0.2 255.255.255.252
 ip helper-address 179.65.51.20
 ip directed-broadcast
 ip tcp header-compression iphc-format
 no ip mroute-cache
 fair-queue 2048 2048 1000
 no cdp enable
 ppp multilink
 ppp multilink fragment-delay 20
 ppp multilink interleave
 multilink-group 1
 ip rtp header-compression iphc-format
 ip rtp priority 16384 16383 1488
!
interface FastEthernet0/0
 ip address 179.65.51.1 255.255.0.0
 ip helper-address 179.65.51.20
 ip directed-broadcast
 no ip mroute-cache
 speed auto
 half-duplex
 no cdp enable
!
interface Serial1/0:1
 no ip address
 ip helper-address 179.65.51.20
 ip directed-broadcast
 encapsulation ppp
 ip mroute-cache
 no fair-queue
 ppp multilink
 multilink-group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp advertise-v2
!
snmp-server engineID local 000902024B24BF30
snmp-server community public RO
snmp-server packetsize 2048
!
voice-port 2/0:0
 no modem passthrough
 cptone GB
!
dial-peer voice 100 voip
 destination-pattern 125T
 session target ipv4:192.168.0.1
 codec g711alaw
 ip precedence 5
!
dial-peer voice 10 pots
 destination-pattern 116T
 port 2/0:0
 forward-digits all
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 exec-timeout 20 0
 login
!
end

HO#


__
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27676t=27533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP telephony [7:27533]

[Anil Kumar]

This is the Voice network  i am implementing.
Voip on this network is working.

Analog PhoneAnalog Phone  
  |  |
  |  | 
  |  |
 
IPtelphone-CCM3.0-3660 Router--3640 Router--IPtelephone
   With NM-HDVWith NM-HDV
  (Main Office)  (Remote Office)



The problem which i am facing is the call routing between
the IP telephone  the Analog phones to both locations.
I am bit confused, and not sure to use which type of
Gateway Types ( MGCP, or H.323) for the 3660 Routers.
I read that MGCP is being used for mainly FXS/ FXO ports.

I am using an R2 Digital Signalling for the NM-HDV card.
I have enclosed the config of the main location, the same
carries for the remote location too.

Request your sugesstion / Comments on this.

Regards.. Anil 



Current configuration:
!
version 12.1
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
service udp-small-servers max-servers no-limit
!

!
enable secret 5 $1$QdNt$.YqZyaiFoHfFW.ZP1yHzG/

!
!
!
!
!
memory-size iomem 10
voice-card 2
!
ip subnet-zero
ip dhcp ping timeout 2000
ip dhcp relay information option
!
ip dhcp-server 179.65.51.20
lane client flush
isdn switch-type primary-net5
cns event-service server
!
!
voice class permanent 10
signal pattern idle transmit 0001
signal pattern idle receive 0001
!
!
!
!
!
!
controller E1 1/0
 framing NO-CRC4
 clock source internal
 channel-group 1 timeslots 1-31
 description connected to Branch
!
controller E1 2/0
 framing NO-CRC4
 clock source internal
 ds0-group 0 timeslots 1-15,17-31 type r2-digital dtmf dnis
 description CONNECTED TO NORTEL EPABX
!
!
!
interface Multilink1
 ip address 192.168.0.2 255.255.255.252
 ip helper-address 179.65.51.20
 ip directed-broadcast
 ip tcp header-compression iphc-format
 no ip mroute-cache
 fair-queue 2048 2048 1000
 no cdp enable
 ppp multilink
 ppp multilink fragment-delay 20
 ppp multilink interleave
 multilink-group 1
 ip rtp header-compression iphc-format
 ip rtp priority 16384 16383 1488
!
interface FastEthernet0/0
 ip address 179.65.51.1 255.255.0.0
 ip helper-address 179.65.51.20
 ip directed-broadcast
 no ip mroute-cache
 speed auto
 half-duplex
 no cdp enable
!
interface Serial1/0:1
 no ip address
 ip helper-address 179.65.51.20
 ip directed-broadcast
 encapsulation ppp
 ip mroute-cache
 no fair-queue
 ppp multilink
 multilink-group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp advertise-v2
!
snmp-server engineID local 000902024B24BF30
snmp-server community public RO
snmp-server packetsize 2048
!
voice-port 2/0:0
 no modem passthrough
 cptone GB
!
dial-peer voice 100 voip
 destination-pattern 125T
 session target ipv4:192.168.0.1
 codec g711alaw
 ip precedence 5
!
dial-peer voice 10 pots
 destination-pattern 116T
 port 2/0:0
 forward-digits all
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 exec-timeout 20 0
 login
!
end

HO#


__
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27677t=27533
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco ACS/Telnet config [7:27648]

[Paul Borghese]

The reason you can not telnet into the router is because you have the
default login method pointing to a tacacs server.  But you have not defined
the tacacs server in the configuration.

Because you do not give it a backup method when the tacacs server is down,
you are denied.

Try the following modification:

username backup password bosco
aaa authentication login default tacacs+ local


This way, when the tacacs server is down you will be prompted for the local
username and password wich is:
username: backup
password: bosco


Paul Borghese


- Original Message -
From: Richard 
To: 
Sent: Thursday, November 29, 2001 12:20 AM
Subject: Cisco ACS/Telnet config [7:27648]


 Looking at the config below,  can anyone tell me where I might go wrong
that
 prevent me from telneting to this router?  I am able to use the same
account
 from Cisco ACS 2.6 to log onto the console, but not through telnet.

 Thanks in advance for your help



 Current configuration:
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 no service password-encryption
 !
 hostname Router
 !
 aaa new-model
 aaa authentication login default tacacs+
 aaa authentication login no_tacacs enable
 aaa authentication enable default tacacs+
 aaa authentication ppp default tacacs+
 aaa authorization exec default tacacs+
 aaa authorization exec no_tacacs local
 aaa authorization network default tacacs+
 aaa authorization network no_tacacs local
 aaa accounting exec default start-stop tacacs+
 aaa accounting network default start-stop tacacs+
 enable password enable
 !
 ip subnet-zero
 !
 !
 !
 interface Ethernet0
  ip address 5.1.1.4 255.255.255.0
  no ip directed-broadcast
 !
 interface Serial0
  no ip address
  no ip directed-broadcast
  no ip mroute-cache
  shutdown
  no fair-queue
 !
 interface Serial1
  no ip address
  no ip directed-broadcast
  shutdown
 !
 ip classless
 !
 tacacs-server host 5.1.1.1 single-connection
 tacacs-server key cisco
 !
 line con 0
  transport input none
 line aux 0
 line vty 0 4
  password line
 !
 end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27674t=27648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Split Horizon and Frame [7:27679]

[Jim Brown]

The real kicker is you must disable EIGRP split horizon on the interface of
an NBMA network. If you disable it on the interface this will not work. You
must use the no ipx split-horizon EIGRP  command. The no ipx
split horizon command doesn't mean squat to EIGRP.

In an NBMA network, you should use EIGRP or create tunnels for RIP. Without
the ability to disable split-horizon for RIP you will never pass all the
routing information out to the spokes.

Of course all the rule about subinterfaces and such apply to split horizon.
Just keep the NBMA thing in mind when using physical or multipoint
interfaces.

-Original Message-
From: Lopez, James [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 29, 2001 7:36 AM
To: 'McCallum, Robert'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail);
a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul
frost; peter norberg; phil
Subject: RE: Split Horizon and Frame


Robert,

For IPX RIP, it is my understanding that you can not turn off split horizon.

For IP on frame interfaces, split horizon is turned on automatically for
point to point interfaces but off by default for the physical and
multi-point interfaces.

some one please correct me if I am incorrect.


JL

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 8:03 AM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham;
john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg;
phil
Subject: Split Horizon and Frame


Folks,

Quick question just to make sure I have things correct in my head.  Please
correct me if I'm wrong.

O.k.

FOR IPX every frame interface (physical, point, multipoint) split horizon is
enabled by default.

FOR IP physical frame interface split horizon is disabled and for point and
multipoint split horizon is enabled by default.

The above on ATM interfaces is it the same rules??

Cheers

Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27679t=27679
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: upgrade 1605 IOS through console [7:27613]

[Jay Creasy]

Hi Jim,

   Yes the 1605 will support 115200 baud on the console port for xmodem.
As far as the error message you are receiving, Ive never heard of that
one. First thing I would look at is your config register settings. More
than likely its an error coming from the ROM operating software
complaining about the modem. Could be that the modem is configured in
such a way that the when you start your xmodem the router is unable to
proceed. If all else fails load a tftp server on-site and tftpdnld.

-
Hello,

I have a 1605 in Europe that I can dial into its
console. I was trying to load IOS but failed several
times with error message limit error exceeded. I was
using Hypertermial. Anyone knows what's wrong?

Also, I'd like to change speed to 115K, does 1605
support it? 

Thanks in advance.

Jim

__
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27680t=27613
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPX sap-max-packetsize [7:27681]

[John Neiberger]

I left EtherPeek running on my workstation all night to get a feel for
the amount of broadcast traffic in our network.  In 15 hours we had over
72,000 SAP replies, most of which were from our router.  I then noticed
that it was using 480-byte packets which seems really inefficient.

Would I be asking for some unforeseen trouble if I were to configure
ipx sap-max-packetsize 1440 to triple the number of servers advertised
per packet?  This alone would dramatically reduce the number of
broadcast packets on our network.  However, it would be just my luck if
there were some consequences to this that I wasn't aware of.

Any thoughts?

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27681t=27681
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX stands for- PIX Private Internet Exchange [7:27647]

[AMR]

Wrong.

PIX stands for Private Internet Exchange.  You are thinking of IPXchange.
Cisco briefly had a box that it bought that converted IPX to IP for internet
connectivity.

mlh  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 IPX stands for -
 PIX Private Internet Exchange (Cisco)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27682t=27647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re:Microsoft IAS and AS5300 and Cisco Routers [7:27683]

[Attard Kenneth at MITTS]

We have managed to make IAS work with Cisco Devices. The login and password
are
being validated from the Active Directory

Sample configs

PIX
aaa-server RADIUS protocol RADIUS
aaa-server RADOIS (inside) host 192.168.13.34 radiuskey timeout 10
aaa authentication include http inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 RADIUS


AS5300
aaa new-model
aaa authentication login default group radius local
aaa authentication ppp default group radius local
aaa accounting update newinfo
aaa accounting network default start-stop group radius

radius-server host 192.168.13.34 auth-port 1645 acct-port 1646 key radiuskey
radius-server retransmit 3
radius-server timeout 10
radius-server key radiuskey


From the IAS
don't tick 'Client must always send the signature attribute in the request'
Client Vendor must be Cisco

In the remote access policies

Click Edit Profile

In the encryption tab make sure that 'no encryption' only is allowed
and in the advanced tab there should be

framed-protocol  Radius Standard PPP
service-type   Radius Standard Framed

Also checkout the ports from the properties of IAS (Right click on Internet
Authentication Service) and select the radius tab

our are 1645,1812 (authentication)
and 1646,1813 (accounting)

these should match the auth-port and acct-port in the radius-server command


Regards
Kenneth


Eric Hauptman wrote:

 Does anyone have any pointers on getting a Cisco router talking
 to IAS
 running
 on a Windows 2000 server.  I think I have everything configured
 correctly and it is still not working.  Thanks

 Eric Hauptman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27683t=27683
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: serial up/up w/o cable [7:27604]

[MADMAN]

Tell you what, I got it to work just fine:

interface Serial4/1/3
 no ip address
 no ip directed-broadcast
 ip route-cache distributed
 loopback
 no keepalive
 no cdp enable

C7507MIX#sh int ser 4/1/3
Serial4/1/3 is up, line protocol is up
  Hardware is cyBus Serial
  MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255
  Encapsulation HDLC, crc 16, loopback set
  Keepalive not set
  Last input never, output never, output hang never
  Last clearing of show interface counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/0/256 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 2 interface resets
 0 output buffer failures, 0 output buffers swapped out
 3 carrier transitions
 RTS up, CTS up, DTR up, DCD up, DSR up

 Dave

Stefan Dozier wrote:
 
 I don't think it will Priscilla! Even with the encap HDLC,
 the DCD (carrier detect) control lead must be high in order
 for the interface status to be in an up condition. The
 only way I know to accomplish that is with a cable inserted
 or some type of serial loopback plug, if there's such an
 animal.
 
 And obviously you can't have line protocol in an up state
 if the interface status isn't in an up state!
 
 Stefan
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Priscilla Oppenheimer
 Sent: Wednesday, November 28, 2001 7:55 PM
 To: [EMAIL PROTECTED]
 Subject: Re: serial up/up w/o cable [7:27604]
 
 At 06:52 PM 11/28/01, Tom E wrote:
 How can you get a serial interface to go up/up without a cable connected?
 I
 have tried loop and no keep.
 
 What's the encap? I thought this would work if you used HDLC.
 
 Priscilla
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27684t=27604
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT6500 running on second Supervisor Engine card [7:27544]

[MADMAN]

There is no slot specific sup card except for they mudt go in either
slot 1 or 2

  Dave

Thomas wrote:
 
 Thanks All for the reply!  When I look at that manufacturing part number
for
 the supervisor engines, the part number are little bit different between
the
 first and the second sup. engine.  The second supervisor engine has a /2
 or something like that at the end of the part number.  Does that mean this
 card is only working on the second slot of the chassis?  Is it
 interchangable between slot 1 and slot 2 with the same supervisor engine
 card?  Again Thanks!
 
 MADMAN  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Yes you can do that no problemo.  Even if the current 6506 is in
  production you can pull the inactive sup and shouldn't drop a packet
  assuming your don't have HSRP running with active interfaces on the
  second MSFC.
 
Dave
 
  Thomas wrote:
  
   Hi All,
  
   I have a CAT 6506 with dual supervisor engines and dual MSFCs.  I also
 have
   another 6506 chassis with power supplies.  I wonder if I could steal
the
   second supervisor engine (second slot) w/ its MSFC and put it on the
 second
   6506 chassis?  Will the second 6506 chassis be working with second
   supervisor engine and MSFC card?  Thanks!
  
   Thomas N.
  --
  David Madland
  Sr. Network Engineer
  CCIE# 2016
  Qwest Communications Int. Inc.
  [EMAIL PROTECTED]
  612-664-3367
 
  Emotion should reflect reason not guide it
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27685t=27544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Xyplex/iTouch term servers Cat switches [7:27686]

[Berry Mobley]

Has anyone made a Xyplex/iTouch Maxserver terminal server work as a reverse 
telnet termserver for console ports on a catalyst 2900 or 3500 switch?  It 
works fine on router console ports but I can't get it to do anything on the 
catalysts.

Thanks for any help.

Berry Mobley




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27686t=27686
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need AS5350 with 2 PRI's and DFC (Dial Feature Card) [7:27687]

[Edward Buckner]

Anyone,

Looking for AS5350 with at least 2 PRI's and DFC card installed. If anyone
has one for sell, please contact me ASAP.

Thanks
Edward Buckner
VocalData Application Field Engineer
CCNP, CCNP VoIP, CCNP ATM, CCDP
E-mail: [EMAIL PROTECTED]
Office: 972-354-2113




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27687t=27687
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Bootcamp of Heinz Ulm [7:27688]

[[EMAIL PROTECTED]]

Hi All,

Did any one of you toke the CCIE Bootcamp of Heinz Ulm? Any comments?

Regards,

Tarry

-- 
Sent through GMX FreeMail - http://www.gmx.net




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27688t=27688
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco 700 series in Remote Access exam (640-50 [7:26975]

[Allen May]

Well it has a configuration builder but I hated it ;)  The only use I had
for it was resetting the internal IP address so I could telnet into it when
I bought it (without the weird female-male serial cable for the console).
;)

And yes...SPIDS would be a problem in Japan..rofl.

Allen
- Original Message -
From: anil 
To: Allen May ; 
Sent: Saturday, November 24, 2001 12:52 PM
Subject: RE: Cisco 700 series in Remote Access exam (640-50 [7:26975]


 It took me 6 weeks :-)
 Honest!
 I was in Japan and they sent me the US version of ISDN which set me back a
 week or 2(No SPIDS in Japan). But it still took me a while. My CCIE
collegue
 was not able to help me, and that is how I found out about the IOS (or
 lack of it).
 -Anil


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Allen May
 Sent: Saturday, November 24, 2001 4:10 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Cisco 700 series in Remote Access exam (640-50 [7:26975]


 I have a 776 and it's definitely NOT IOS.  However the manuals are all
still
 available for free on cisco.com.  It's very limited on commands so you
could
 learn it in a day just from looking at docs  config examples.  I set mine
 up in about 30 minutes with no experience in it whatsoever.

 Here is my config (slightly altered) with a copy of the commands available
 with the help menu (?).

 amay128 upload
 CD
 SET SCREENLENGTH 20
 SET COUNTRYGROUP 1
 SET LAN MODE ANY
 SET WAN MODE ONLY
 SET AGE OFF
 SET MULTIDESTINATION OFF
 SET SWITCH NI-1
 SET 1 SPID 51255512120101
 SET 1 DIRECTORYNUMBER 5125551212
 SET PHONE1 = 5125551212
 SET 2 SPID 51255512120101
 SET 2 DIRECTORYNUMBER 5125551212
 SET PHONE2 = 5125551212
 SET AUTODETECTION  OFF
 SET CONFERENCE 60
 SET TRANSFER 61
 SET 1 DELAY 30
 SET 2 DELAY 30
 SET BRIDGING ON
 SET LEARN ON
 SET PASSTHRU OFF
 SET SPEED 64K
 SET PLAN NORMAL
 SET D   AUTO OFF
 SET 1 AUTO ON
 SET 2 AUTO ON
 SET 1 NUMBER
 SET 2 NUMBER
 SET AODI OFF
 SET 1 BACKUPNUMBER
 SET 2 BACKUPNUMBER
 SET 1 RINGBACK
 SET 2 RINGBACK
 SET 1 CLIVALIDATENUMBER
 SET 2 CLIVALIDATENUMBER
 SET CLICALLBACK OFF
 SET CLIAUTHENTICATION OFF
 SET SYSTEMNAME amay128
 LOG CALLS  VERBOSE
 LOG ERRORS  VERBOSE
 SET UNICASTFILTER OFF
 DEMAND D THRESHOLD 0
 DEMAND 1 THRESHOLD 0
 DEMAND 2 THRESHOLD 60
 DEMAND D DURATION 1
 DEMAND 1 DURATION 1
 DEMAND 2 DURATION 4
 DEMAND D SOURCE LAN
 DEMAND 1 SOURCE LAN
 DEMAND 2 SOURCE BOTH
 TIMEOUT D THRESHOLD 0
 TIMEOUT 1 THRESHOLD 0
 TIMEOUT 2 THRESHOLD 48
 TIMEOUT D DURATION 0
 TIMEOUT 1 DURATION 0
 TIMEOUT 2 DURATION 120
 TIMEOUT D SOURCE LAN
 TIMEOUT 1 SOURCE LAN
 TIMEOUT 2 SOURCE BOTH
 SET PASSWORD SYSTEM ENCRYPTED ***
 SET REMOTEACCESS PROTECTED
 SET LOCALACCESS ON
 SET LOGOUT 60
 SET CALLERID ON
 SET PPP AUTHENTICATION IN CHAP  PAP
 SET PPP CHAPREFUSE NONE
 SET PPP CHAPALLOW MULTIHOST OFF
 SET PPP MAGICNUMBERCHECK ON
 SET PPP AUTHENTICATION OUT NONE
 SET PPP AUTHENTICATION ACCEPT EITHER
 SET PPP TAS CLIENT 0.0.0.0
 SET PPP TAS CHAPSECRET LOCAL ON
 SET PPP PASSWORD CLIENT ENCRYPTED **
 SET PPP SECRET CLIENT ENCRYPTED ***
 SET PPP CALLBACK REQUEST OFF
 SET PPP CALLBACK REPLY OFF
 SET PPP NEGOTIATION INTEGRITY 10
 SET PPP NEGOTIATION COUNT 10
 SET PPP NEGOTIATION RETRY  3000
 SET PPP TERMREQ COUNT 2
 SET PPP MULTILINK ON
 SET PPP MULTILINK PPPHEADER ON
 SET COMPRESSION STAC
 SET PPP BACP ON
 SET PPP ADDRESS NEGOTIATION LOCAL OFF
 SET PPP IP NETMASK LOCAL OFF
 SET IP PAT UDPTIMEOUT 5
 SET IP PAT TCPTIMEOUT 30
 SET IP RIP TIME 30
 SET X25 LIC 0
 SET X25 HIC 0
 SET X25 LTC 0
 SET X25 HTC 0
 SET X25 LOC 1024
 SET X25 HOC 1024
 SET CALLDURATION 0
 SET SNMP CONTACT Allen May
 SET SNMP LOCATION AMay128 - Home
 SET SNMP TRAP COLDSTART OFF
 SET SNMP TRAP WARMSTART OFF
 SET SNMP TRAP LINKDOWN OFF
 SET SNMP TRAP LINKUP OFF
 SET SNMP TRAP AUTHENTICATIONFAIL OFF
 SET DHCP OFF
 SET DHCP DOMAIN
 SET DHCP NETBIOS_SCOPE
 SET TPAD PARITY NONE
 SET X25D TEI 0
 SET X25D X121HOST
 SET VOICEPRIORITY INCOMING INTERFACE PHONE1 CONDITIONAL
 SET VOICEPRIORITY OUTGOING INTERFACE PHONE1 CONDITIONAL
 SET CALLWAITING INTERFACE PHONE1 ON
 SET VOICEPRIORITY INCOMING INTERFACE PHONE2 ALWAYS
 SET VOICEPRIORITY OUTGOING INTERFACE PHONE2 ALWAYS
 SET CALLWAITING INTERFACE PHONE2 ON
 SET CALLTIME VOICE INCOMING OFF
 SET CALLTIME VOICE OUTGOING OFF
 SET CALLTIME DATA INCOMING OFF
 SET CALLTIME DATA OUTGOING OFF
 SET USER LAN
 SET IP ROUTING ON
 SET IP ADDRESS 207.x.y.z
 SET IP NETMASK 255.255.255.248
 SET IP FRAMING ETHERNET_II
 SET IP PROPAGATE ON
 SET IP COST 1
 SET IP RIP RECEIVE BO
 SET IP RIP UPDATE OFF
 SET IP RIP VERSION BOTH
 SET USER Internal
 SET IP FRAMING ETHERNET_II
 SET IP RIP RECEIVE BO
 SET IP RIP VERSION BOTH
 SET USER Standard
 SET PROFILE ID 
 SET PROFILE POWERUP ACTIVATE
 SET PROFILE DISCONNECT KEEP
 SET IP ROUTING ON
 SET IP ADDRESS 0.0.0.0
 SET IP NETMASK 0.0.0.0
 SET IP FRAMING NONE
 SET IP RIP RECEIVE V1
 SET IP RIP UPDATE OFF
 SET IP RIP VERSION 1
 SET NETBIOS FILTER ON
 SET 

Re: network simulator [7:27658]

[EA Louie]

 Is there any router simulation software that I can configure to run in a
 Frame Relay and ISDN network ?

cisco routers have the ability to simulate Frame Relay switches.  The
archives are full of examples, but www.cisco.com also has the configurations
in a number of places.  try searching for frame relay switch

ISDN is a little different.  There are a few different solutions.  One
solution is a device that has 2 ISDN BRI ports.  This is known as an ISDN
Simulator, or ISDN Emulator.  These usually have S/T and U interfaces, and
the cost is typically $1500, less if you shop around.  Others have had
success in using a PBX with ISDN interfaces.  The 2600/3600 series cisco
routers running 12.1 code has the ability to simulate ISDN BRI switching -
note that this is a more expensive solution than the ISDN Simulator
solution.  see
http://groups.google.com/groups?q=john+paul+morrisonhl=enrnum=8selm=0ZEk7
.131740%24B37.2967002%40news1.rdc1.bc.home.com (watch the URL wrap)

Depending on where you live, it may also be economical for you to just order
two ISDN lines for the time that you need to study ISDN.

good luck in your studies
-e-
That which does not kill us only makes us stronger - Nietzsche


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27689t=27658
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Dual Homing Novell Servers to 2 Cat 6500's [7:27690]

[Bill Carter]

We are installing 2 6500's in the core.  We want the Novell servers to have
Gig connections to each 6500.  How is this configured on the server end.  I
assume each card has unique IP's?  Will the server get confused with 2 IP's
on the same subnet?  The 6500's have the MSFC2 card and is running HSRP.

What are your experiences with dual homing like this?

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
Bill Carter
CCIE 5022
To accomplish great things, we must not only act,
but also dream; not only plan, but also believe.
-Anatole France
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27690t=27690
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX stands for- PIX Private Internet Exchange [7:27647]

[Patrick Ramsey]

heh  what?

ipx is a protocol

 mlh  11/29/01 12:19AM 
IPX stands for -
PIX Private Internet Exchange (Cisco)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27691t=27647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Rouitng setup and config [7:27692]

[Bob Perez]

I have an issue with 2 csc 2600 rtr's.  When the s0/0 goes down and the
backup ISDN kicks in, from within the router I can ping the ISDN int on the
other side but not the local routers ISDN int?  I also cannot ping the other
side from the network internally only pingable from the router CLI?  Now
even though I can ping the other BRI int, it will not ping anything else or
route any traffic.  Same thing the other way.  Nothing gets routed beyong
the BRI int.  What kind of entries should be setup for the routing to take
place.  For instance,

Router 1 s0/0 128.121.22.193/29
Router 1 BRI0/0 128.121.22.189/30

Router 2 s0/0  128.121.22.186/30
Router 2 BRI0/0 128.121.22.190/30
Also s0/0 is ip unnumbered using the Eth0/0 on both ends
BRI's are on the same segment and serials are different segments

I have statics setup to route on the S0/0's but no BRI as well as an ip
route 0.0.0.0 0.0.0.0 ser0/0
I want the traffic to use the BRI's when there is no S0/0?  What do I do?

THANKS..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27692t=27692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: First learning experience. [7:27653]

[Chan Warren]

l agreed with you though this is an expansive one. l am preparing for it too
but l will not be ready until the end of 2002.

Currently l have enough number of routers and switches but just a matter of
finding the time.

Ryan, can you tell me the job market for CCIE in HK. Well l live in Canada
but l am also a HK citizen.

Chan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27693t=27653
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Q.921 and Q.931 [7:27568]

[VoIP Guy]

I was wrong.

I looked it up last night and there is a seq. number in the control field of
LAPB, HDLC, and LABD.  Both, the sending and receiving stations must keep
the same seq. numbers when transmitting, but I cannot find anything on
retransmission at that layer.  But I asked an old IBM guy I used to work
with and he said that SDLC and all the related layer two protocols do
require retrans when bad packets are found or missing.  So I would assume
that LAPD layer two is reliable.  And as everyone else said, the SS7
signalling (Q.931) is just control and status messages over D channel.

And B channel is a different retrans technique, based upon the higher layer
protocols it carries.  If an ISDN frame gets corrupt, both channels will be
retransmitted, but by differnt methods.  So ISDN D channel is inherently
reliable at layer two and B channel is reliable only if that higher layer
protocol is.


Peter Whittle  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I sent this to Priscilla on the topic and she suggested that the group
 might benefit from my response, so here it is.

 Priscilla,

 I think that you may find it helpful to separate end - to - end data
 transfer from signalling.

 Very few L2 protocols offer error correction. The modern approach is to
 require the L1 transmission to provide intrinsically reliable
 communication and hence it is a waste of bandwidth to implement error
 correction both on hop by hop and end to end basis as per X.25.
 Modern WAN digital transmission systems are designed to offer
 transmission error rates of fewer than 1 bit error in 10^9 bits.

 On Telco Wan links it is common on this side of the pond to require
 transmission media to offer error rates better than 1 in 10^9 and often
 1 in 10^11. Indeed the commissioning tests call for fewer than 1 error
 in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error
 in 24 hours on International links prior to acceptance from Transmission
 into Networks for operational trunks. That is not to say that links may
 not degrade but if the error rates became worse than 1 in 10^9 it would
 be time for Network operations to call 'holes  poles' (Transmission) to
 fix it.

 The fundamental assumptions in both Frame Relay and ATM is that they are
 running over intrinsically reliable transmission media. The low error
 rates being achieved either by correctly engineered transmission paths
 or by the use of significant forward error correction built in to the
 transmission equipment.

 ATM, and Frame Relay, implement error correction, or more precisely re-
 transmission in the interface to the signalling protocols. ISDN relies
 on the hop by hop error correction offered by LAPD.  However, they tend
 to leave the issue of payload error correction to any high level end-to-
 end protocols being run on top of these L2 Datalinks.

 ATM offers no direct protection of payload content, the HEC only
 protects the ATM header. However, some AALs do offer protection if not
 correction of the payload. Even AAL5 - most common for IP has a check
 polynomial (CRC32) to protect the CS PDU. It performs error detection
 but not correction. In the case of Q.2931, SAAL (version of AAL5 to
 carry signalling) will detect faulty PDUs.  If you want to look at ATM
 signalling take a look at Q.2931 essentially an enhanced and extended
 version of narrow band ISDN Q.931 signalling.  Take a look at the ATM
 forum website. www.atmforum.org


 Frame Relay has Frame Check Sequence that again will detect faulty
 frames. (Incidentally Carrier Switches tend to drop frames with a faulty
 FCS). Incidentally Frame Relay is sometimes known as LAPF. Take a look
 at the frame relay forum web site. www.frforum.org there are some good
 white papers and the frf's recommendations that you can download.


 ISDN B channel - is a 64 Kbit clear channel and the network makes no
 assumptions about the contents. It could be any number of data formats
 or indeed it could be 64 K G.711 PCM voice. The most ubiquitous use of
 data over ISDN is to encapsulate it in PPP which is intrinsically multi-
 protocol. However, it is also possible to use HDLC, X.25, Frame Relay,
 or any number of specialist protocols. D channel usage is somewhat
 different. L2 on D channel is Q.921 (as you say also known as LAPD). It
 is perhaps worth pointing out the ISDN signalling is NOT an end to end
 protocol! ISDN signalling only traverses the single hop to the
 signalling processor on the nearest switch.  This signalling processor
 then signals to the signalling processor of the next switch and finally
 the signalling processor on the last switch communicates with the far
 end CPE. In Public Carrier Networks the signalling between switches is
 normally SS7 or C7 as it is sometimes known.  The D channel is normally
 used for signalling but in the case of Basic Rate may also be used for
 permanently on low speed data services such as X.31 (9k6 X.25 in D
 channel, which uses LAPD for L2 

2500 Router problem [7:27695]

[James gruggett]

I have a lab setup as follows: 2 2500 series routers connected to a 2900
switch.

Router1 E0 192.168.1.1 255.255.255.0
Router 2 E0 192.168.2.1 255.255.255.0
SwitchIP 192.168.1.3 255.255.255.0

I can ping and telnet to Router 1 and the switch. I can not ping
Router2. When I telnet I receive this error message(Cam't open
connection to host on port 23, a socket operation was attempted to an
unreachable host)

I console into Router 2 and E0 looks fine with ip ans it states it is
administrately up.

Any suggestions?

Thanks,

James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27695t=27695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2500 Router problem [7:27695]

[Alex Lei]

Hello James,

Since your router 2 IP is on a different subnet you need to have either
routes set up; or run some kind of routing protocol.

Alex


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27696t=27695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dual Homing Novell Servers to 2 Cat 6500's [7:27690]

[Ken Diliberto]

Hello, Bill.

In my experience, when you try to bind the second address, NetWare will
complain that they are on the same subnet as another interface.  It's been a
while since I have tried this, so I may be using dynamic RAM without a
refresh.  :-)

Consider putting each interface on a different subnet.  I would turn off
routing on the server to reduce the server load.

Just my $0.02, which means I loose money after taxes.  :-)

Ken

 Bill Carter  11/29/01 11:17AM 
We are installing 2 6500's in the core.  We want the Novell servers to have
Gig connections to each 6500.  How is this configured on the server end.  I
assume each card has unique IP's?  Will the server get confused with 2 IP's
on the same subnet?  The 6500's have the MSFC2 card and is running HSRP.

What are your experiences with dual homing like this?

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
Bill Carter
CCIE 5022
To accomplish great things, we must not only act,
but also dream; not only plan, but also believe.
-Anatole France
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27697t=27690
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help on VLSM [7:27665]

[EA Louie]

 I dont fully undertand VLSM i have read this in the Sybex book and i'm
still
 at a loss, I would be grateful for some guideness.


What precisely is baffling you about variable length subnet masking?  If you
can be more specific, we might be of more help to you.





_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27699t=27665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCO CD's [7:27701]

[VoIP Guy]

Here's question that I have never got answered.

How in te world do I get those CCO CD's to work?  I always install them and
try to open up the page and get a blank page.   I can browse the CD and get
to the home page that way, but as soon as I click on a link, it looks almost
like it's encrypted.

I have tried IE, netscape, installing all the apps on the CD.
What am I doing wrong?

Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27701t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2500 Router problem [7:27695]

[John Neiberger]

The ethernet IP addresses on your routers must be in the same subnet. 
Remember that it's generally a good idea to have all devices that are on
the same shared medium in the same subnet.

From the looks of it, you should probably change the IP address of R2
to 192.168.1.2/24.

Or, alternately, you could change the subnet mask on all three devices
to 255.255.0.0, which would work but probably isn't the best solution.

HTH,
John

 James gruggett  11/29/01 10:53:54 AM

I have a lab setup as follows: 2 2500 series routers connected to a
2900
switch.

Router1 E0 192.168.1.1 255.255.255.0
Router 2 E0 192.168.2.1 255.255.255.0
SwitchIP 192.168.1.3 255.255.255.0

I can ping and telnet to Router 1 and the switch. I can not ping
Router2. When I telnet I receive this error message(Cam't open
connection to host on port 23, a socket operation was attempted to an
unreachable host)

I console into Router 2 and E0 looks fine with ip ans it states it is
administrately up.

Any suggestions?

Thanks,

James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27700t=27695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

dial in [7:27703]

[416South]

thanks for your patience but i'm attempting this again until another fire
jumps at me.

I'm able to get this modem to dial into the router just fine. Problem is
still driving me nuts is that all the characters are showing up as garbage
(ø~rj45-rollover cable-modem)
   |
   |
  (modem rj45-rollover cable-aux of router)

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27703t=27703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MTU size increase`s bandwidth ???? [7:27673]

[Priscilla Oppenheimer]

Bandwidth is how much capacity a link has. It can't be increased without 
asking for more bandwidth from a provider or moving to a different 
technology. (Just a comment on the subject of your message.)

The amount of bandwidth usable by applications could increase if you 
reduced the overhead. Overhead includes packet headers, packet ACKs, 
interframe gaps, etc. Increasing packet sizes can reduce the percentage of 
bandwidth used by those overhead functions, thus leaving more for 
application-layer data.

You said that you are using 120% of bandwidth. That's not possible. 
Remember bandwidth just means capacity. You can't use more than is there. 
The offered load to the network could be more than the capacity. But the 
network itself can't carry more than its capacity. I'm wondering what is 
telling you that you are using 120%?

Since you are paying for bandwidth, in one way or another, you want to use 
as much as possible, while leaving head room for bursty traffic.

Those were just terminology things.

On to your question: I could see bandwidth usage going down when you 
decrease the frame size. There's an interframe gap (silence) between every 
frame. That may explain it.

Also perhaps you are benefiting from more efficient segmentation and 
reassembly. (I think you said you are using SMDS which is cell-based?) 
Perhaps it works more efficiently if you give it smaller chunks to work on.

On the other hand, what are the applications? Most applications don't send 
large frames, although they could be configured to do so. But a typical 
TCP/IP application that grew up on Ethernet and Internet technologies 
wouldn't send packets bigger than 1500 bytes. And packets can't grow in 
size. I don't know of any technology that puts packets together just 
because the interface MTU is larger than received packets. So I'm wondering 
what the 4470 MTU you mentioned was really doing (as are you! ;-)

Need more caffeine ;-)

Priscilla



At 09:30 AM 11/29/01, steve skinner wrote:
Chaps,


i came across this recently and was wondering if anyone had seen this
before..

we currently have 2 10meg smds(multicast)curcuits spanning the uk

each curcuit is terminated at 2 different point`s (seperate HSSI router
int`s) in 2 seperate HO`s in the UK
the HO`s are linked by gig ether-fibre link across the UK.
OSPF is the only protocol bieng used (apart from some statics for Backup)

after consulting the Cisco Documnetation about  HSSI MTU over AAL3 we were
advised that an MTU of 4470-9120 compared to the standard of 1500 would
greatly increase the performance of our links

the orignal network desinger set them to this

over the last month or so ..these links have been running at 120%..(no
good)...so as an experiment the MTU were changed to 1500 for the HSSI int`s
and now since then the traffic has decreased to 80%..

anyone seen this before ...and why would the decrease in  MTU size cuase
less bandwidth to be used ..


anyone

TIA

steve

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27702t=27673
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO CD's [7:27701]

[juno vtv]

I also ran into the same problem.  you have to change the address to
http://127.0.0.1:8080

-junovtv


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27704t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Network Time [7:27705]

[Mcfadden, Chuck]

Does anyone know the polling interval for NTP on Cisco routers and switches?
Is it adjustable?
ccie1ab




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27705t=27705
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO CD's [7:27701]

[juno vtv]

Sorry about that it's http://127.0.0.1:8080/home/home.htm

-junovtv


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27706t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Time [7:27705]

[Scott Nawalaniec]

Hi Chuck,

Check this link out at Cisco. It will answer all you questions. 

http://www.cisco.com/warp/public/620/ntpassoc.html

Scott
-Original Message-
From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 10:39 AM
To: [EMAIL PROTECTED]
Subject: Network Time [7:27705]


Does anyone know the polling interval for NTP on Cisco routers and switches?
Is it adjustable?
ccie1ab




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27707t=27705
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN Q.921 and Q.931 [7:27568]

[Priscilla Oppenheimer]

VoIP Guy,

You weren't wrong! You said that Q.931 doesn't have sequence numbers, which 
is true. Q.931 is not LAPD, however

LAPD (Q.921) does have sequence numbers. It looks just like LAPB, LLC2, 
SDLC, etc. Each side has its own sequencing. They don't have to agree. Each 
side also tells the other side which frame number it expects next.

Check this out:

Boston#debug isdn q921
2656.612 TX -  IDREQ  ri = 14613  ai = 127
2656.648 RX   SABMEp  sapi = 0  tei = 64
2656.676 RX   RRr  sapi = 0  tei = 64  nr = 1
2658.372 TX -  INFOc  sapi = 0  tei = 64  ns = 0  nr = 1

It's the NR and NS that you should look at. Each side sequences its frames 
with the NS number. (I call it the Now Sending number.) Each side also 
specifies the frame number it expects to receive next from the other side 
with the NR. (I call this the Next Receive NR number.)

A station retransmits if the other side gets behind. There's also a REJ and 
FRREJ for reporting errors. I don't know for sure that LAPD uses these the 
same way that LLC2 does, but IEEE 802.2 says this about them:

1 Reject (REJ) -- A station sends a REJ when it receives an unexpected 
sequence number.
2 Frame Reject (FRMR) -- A station sends an FRMR when it receives an 
invalid frame or sequence number.

There's also flow control with Receiver Ready (RR) and RNR (Receiver not 
Ready).

Howard could tell you more because he knows LAPB in gory detail! ;-)

Priscilla

At 12:44 PM 11/29/01, VoIP Guy wrote:
I was wrong.

I looked it up last night and there is a seq. number in the control field of
LAPB, HDLC, and LABD.  Both, the sending and receiving stations must keep
the same seq. numbers when transmitting, but I cannot find anything on
retransmission at that layer.  But I asked an old IBM guy I used to work
with and he said that SDLC and all the related layer two protocols do
require retrans when bad packets are found or missing.  So I would assume
that LAPD layer two is reliable.  And as everyone else said, the SS7
signalling (Q.931) is just control and status messages over D channel.

And B channel is a different retrans technique, based upon the higher layer
protocols it carries.  If an ISDN frame gets corrupt, both channels will be
retransmitted, but by differnt methods.  So ISDN D channel is inherently
reliable at layer two and B channel is reliable only if that higher layer
protocol is.


Peter Whittle  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I sent this to Priscilla on the topic and she suggested that the group
  might benefit from my response, so here it is.
 
  Priscilla,
 
  I think that you may find it helpful to separate end - to - end data
  transfer from signalling.
 
  Very few L2 protocols offer error correction. The modern approach is to
  require the L1 transmission to provide intrinsically reliable
  communication and hence it is a waste of bandwidth to implement error
  correction both on hop by hop and end to end basis as per X.25.
  Modern WAN digital transmission systems are designed to offer
  transmission error rates of fewer than 1 bit error in 10^9 bits.
 
  On Telco Wan links it is common on this side of the pond to require
  transmission media to offer error rates better than 1 in 10^9 and often
  1 in 10^11. Indeed the commissioning tests call for fewer than 1 error
  in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error
  in 24 hours on International links prior to acceptance from Transmission
  into Networks for operational trunks. That is not to say that links may
  not degrade but if the error rates became worse than 1 in 10^9 it would
  be time for Network operations to call 'holes  poles' (Transmission) to
  fix it.
 
  The fundamental assumptions in both Frame Relay and ATM is that they are
  running over intrinsically reliable transmission media. The low error
  rates being achieved either by correctly engineered transmission paths
  or by the use of significant forward error correction built in to the
  transmission equipment.
 
  ATM, and Frame Relay, implement error correction, or more precisely re-
  transmission in the interface to the signalling protocols. ISDN relies
  on the hop by hop error correction offered by LAPD.  However, they tend
  to leave the issue of payload error correction to any high level end-to-
  end protocols being run on top of these L2 Datalinks.
 
  ATM offers no direct protection of payload content, the HEC only
  protects the ATM header. However, some AALs do offer protection if not
  correction of the payload. Even AAL5 - most common for IP has a check
  polynomial (CRC32) to protect the CS PDU. It performs error detection
  but not correction. In the case of Q.2931, SAAL (version of AAL5 to
  carry signalling) will detect faulty PDUs.  If you want to look at ATM
  signalling take a look at Q.2931 essentially an enhanced and extended
  version of narrow band ISDN Q.931 signalling.  Take a look at the ATM
  forum website. www.atmforum.org
 
 
  Frame Relay has 

RE: IPX stands for- PIX Private Internet Exchange [7:27647]

[Bullock, Jason]

Novell Internet Packet Exchange (IPX) 


-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 12:32 PM
To: [EMAIL PROTECTED]
Subject: Re: IPX stands for- PIX Private Internet Exchange [7:27647]


heh  what?

ipx is a protocol

 mlh  11/29/01 12:19AM 
IPX stands for -
PIX Private Internet Exchange (Cisco)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27709t=27647
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dial in [7:27703]

[Scott Nawalaniec]

Hi,

Sounds like you have all the right hardware. You might want to check
baudrate settings and make sure they all match. I has seen mismatched
baudrate settings producing garbage characters. 

HTH,
Scott

-Original Message-
From: 416South [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 10:32 AM
To: [EMAIL PROTECTED]
Subject: dial in [7:27703]


thanks for your patience but i'm attempting this again until another fire
jumps at me.

I'm able to get this modem to dial into the router just fine. Problem is
still driving me nuts is that all the characters are showing up as garbage
(x~rj45-rollover cable-modem)
   |
   |
  (modem rj45-rollover cable-aux of router)

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27710t=27703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCO CD's [7:27701]

[VoIP Guy]

Does it set up a web server on my machine?


juno vtv  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Sorry about that it's http://127.0.0.1:8080/home/home.htm

 -junovtv




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27712t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dial in [7:27703]

[416South]

That seems to be what my experience has been but this one is puzzeling me.
Buad on the AUX is 9600 modems 9600.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27711t=27703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Practice lab survey idea [7:27638]

[Paul Borghese]

Yea I was trying to make the point that nobody is using the GroupStudy
reviews - after also two years of being available there was not a single
review.  Once I posted the link, someone wrote a review.  But it was for the
wrong product!

At least we have a review :-)

Paul
- Original Message -
From: Howard C. Berkowitz 
Newsgroups: groupstudy.cisco
Sent: Wednesday, November 28, 2001 11:18 PM
Subject: Re: Practice lab survey idea [7:27638]


 It's rather puzzling, if I'm looking at the right link, which doesn't
 actually say anything about CertZone, but about Global Knowledge.


 Your suppose to rate and comment the products from each vendor.  Here are
 all of the comments from certificationzone.com:
 
 http://www.groupstudy.com/links/reviews/review_show.php?linkID=106
 
 Notice you can write reviews and give a score for the product.  But
nobody
 uses it so I dropped work on it.
 
 Take care,
 
 Paul
 - Original Message -
 From: fwells12
 To: Paul Borghese ;
 Sent: Wednesday, November 28, 2001 7:15 PM
 Subject: Re: Practice lab survey idea
 
 
   Was it geared to rate the Groupstudy site, or could it/was it tailored
   toward rating lab scenarios?
 
 
   - Original Message -
   From: Paul Borghese
   To: fwells12 ;
   Sent: Wednesday, November 28, 2001 4:07 PM
   Subject: Re: Practice lab survey idea
 
 
We have that at GroupStudy.  Under the links you can write a review
of
 the
site/service.  I has been available for over a year.
   
But nobody uses it so I dropped it.
   
Paul
- Original Message -
From: fwells12
To:
Sent: Wednesday, November 28, 2001 6:50 PM
Subject: Practice lab survey idea
   
   
 Every time complete a lab I end up writing a rating on it in case
I
   decide
(or
 not) to do it again later etc.  It would be useful to know what
other
people
 thought about them too.

 There are quite a few labs if you account for the
 Fatkid/Bootcamp/Books
plus
 others that are around.  I have done most and found a lot of them
to
 be
   a
 waste of time or just duplicates of others with a little
difference
 etc.

 Wouldn't it be great if I we could go to a website and see every
lab
scenario
 listed by its name and a rating (scale of 1-10 etc) next to it.
It
   would
be
 even better if there was also a place to say something about it
(like
Amazon
 book reviews) too, but that may be getting a little complicated.
I
 see
those
 polling applets all over the place these days...

 Is this a good idea?

 To any web-masters reading, how ambitious of a web would this be?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27713t=27638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: serial up/up w/o cable [7:27604]

[MADMAN]

To be honest I have never tried such a thing but I thought it made
sense that if I enabled loopback the interface should come up.  I now
tried reenabling keepalives and the interface is still up but it shows
itself to be in the looped state:

C7507MIX#sh int ser 4/1/3
Serial4/1/3 is up, line protocol is up (looped)

 Which makes sense as it's seeing it's own keepalive packets come back
via the loop.

  I can't do this on a 2500 either but I can't tell you why, any Cisco
hardware engineers out there??

  oh well it's pretty much acedemic anyway, cableless serial interfaces
are about as useful as a three legged horse.

  Dave

Stefan Dozier wrote:
 
 Dave
 
 If there's no cable installed in Serial4/1/3, obviously I (atleast)
 need to broaden my level of research on why you do can accomplish
 that feat on 7500 series routers but not on 2500 series routers!
 
 It's just not happening here!
 
 But heythat's not a problem, don't mind expanding my horizons and
 if and when I find an answer, I 'll post some feedback here.
 
 Thanks for the info Dave
 
 Priscillamy apologies!
 
 Off I goto CCO!
 
 Stefan
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 MADMAN
 Sent: Thursday, November 29, 2001 11:13 AM
 To: [EMAIL PROTECTED]
 Subject: Re: serial up/up w/o cable [7:27604]
 
 Tell you what, I got it to work just fine:
 
 interface Serial4/1/3
  no ip address
  no ip directed-broadcast
  ip route-cache distributed
  loopback
  no keepalive
  no cdp enable
 
 C7507MIX#sh int ser 4/1/3
 Serial4/1/3 is up, line protocol is up
   Hardware is cyBus Serial
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255
   Encapsulation HDLC, crc 16, loopback set
   Keepalive not set
   Last input never, output never, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/0/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  0 packets output, 0 bytes, 0 underruns
  0 output errors, 0 collisions, 2 interface resets
  0 output buffer failures, 0 output buffers swapped out
  3 carrier transitions
  RTS up, CTS up, DTR up, DCD up, DSR up
 
  Dave
 
 Stefan Dozier wrote:
 
  I don't think it will Priscilla! Even with the encap HDLC,
  the DCD (carrier detect) control lead must be high in order
  for the interface status to be in an up condition. The
  only way I know to accomplish that is with a cable inserted
  or some type of serial loopback plug, if there's such an
  animal.
 
  And obviously you can't have line protocol in an up state
  if the interface status isn't in an up state!
 
  Stefan
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  Priscilla Oppenheimer
  Sent: Wednesday, November 28, 2001 7:55 PM
  To: [EMAIL PROTECTED]
  Subject: Re: serial up/up w/o cable [7:27604]
 
  At 06:52 PM 11/28/01, Tom E wrote:
  How can you get a serial interface to go up/up without a cable
connected?
  I
  have tried loop and no keep.
 
  What's the encap? I thought this would work if you used HDLC.
 
  Priscilla
 --
 David Madland
 Sr. Network Engineer
 CCIE# 2016
 Qwest Communications Int. Inc.
 [EMAIL PROTECTED]
 612-664-3367
 
 Emotion should reflect reason not guide it
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27714t=27604
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO CD's [7:27701]

[[EMAIL PROTECTED]]

Why it doesn't work with IExplorer? If in the 1st time I launch
Netscape, the
http://127.0.0.1:8080/home/home.htm works fine.

Close NS and launch IExplorer and it works...

netstat -a before launching NS, there is no 8080 port listening.

Launch AUTORUN.EXE from CD-ROM, press Launch Docimentation ..., NS
is started at URL
http://127.0.0.1:8080/home/home.htm, netstat -a there is the 8080
port.

Close NS, start IExplorer, paste the URL, and it works...

It seems that the AUTORUN.EXE starts another application that listens
on tcp/8080.



-Original Message-
From: juno vtv [mailto:[EMAIL PROTECTED]]
Sent: quinta-feira, 29 de novembro de 2001 16:43
To: [EMAIL PROTECTED]
Subject: RE: CCO CD's [7:27701]


Sorry about that it's http://127.0.0.1:8080/home/home.htm

-junovtv




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27715t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re[2]: Sniffer Question [7:25549]

[SentinuS]

Yes you can disable ICMP or ECHO on the router. If you use extended
access list or Reflexive Access List you can disable that protocols and more.
For more information :
Extended Access List :
http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/4108.htm
Reflexive Access List :
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt3/srdreflx.htm

Thursday, November 08, 2001, 12:34:43 AM, you wrote:

MC ICMP TTL or ECHO disabled in the router?
MC ccie1ab

MC -Original Message-
MC From: Wright, Jeremy [mailto:[EMAIL PROTECTED]]
MC Sent: Wednesday, November 07, 2001 9:36 AM
MC To: [EMAIL PROTECTED]
MC Subject: Sniffer Question [7:25549]


MC I am tracing on a specific user and in the expert (station layer) I am
MC getting a bunch of ICMP port unreachables. The user is using email, the
web,
MC and connecting to network drives but no pinging. Anybody have any
experience
MC with this same problem? Thanks
-- 
Best regards,
 SentinuS
mailto:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27716t=25549
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T-1 Encap Preference [7:27637]

[Howard C. Berkowitz]

Howard,

Correct me if am wrong but, the HDLC advantage over PPP is the MTU size.
PPP supports 1500 while HDLC 4xxx (can't remember the exact number),
this might be helpful in situations where DF bit is set.

Nabil

I'd have to research this -- I don't offhand remember PPP (as the 
protocol) having a MTU limit that small.  It would surprise me, given 
the interest in POS.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27719t=27637
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re[2]: Bandwidth Management [7:27408]

[SentinuS]

What do you want to do? DO you want to monitor your bandwidth, if yes
you can use MRTG
(http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html)

But if you wanna make some restirictions on your bandwidth use this
link :
http://www.cisco.com/univercd/cc/td/doc/product/software/ios111/cc111/car.htm

Tuesday, November 27, 2001, 6:06:22 PM, you wrote:

AC Check out dummynet (man dummynet) - I know it comes standard with
FreeBSD,
AC and probably other *nix.

AC Andrew

AC Ken Diliberto  wrote in message
AC [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Mark,

 I've used MRTG for years.  Unless they have made some serious changes to
AC it,
 it's still a monitoring tool, not management.

 Thanks.

 Ken

  Mark Paterson  11/26/01 11:10PM 
 mrtg

 http://mrtg.orgKen Diliberto wrote:
 
  Does anyone know of any free bandwidth management software?
  Maybe something for a flavor of Unix?
 
  Thanks
 
  Ken
-- 
Best regards,
 SentinuS
mailto:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27720t=27408
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP regular expressions [7:27721]

[Howard C. Berkowitz]

Thanks for your reply Nigel.  After all my unsuccessful variations of
regular expressions, I came to the same conclusion.  I did however get a
reply from a guy that said he knew how to do it!!  I am waiting for his
response as we speak.

I know you gave some examples, but what is the behavior you are 
trying to cause?  What is the desired effect of removing AS200 from 
the path?

I suppose I'm wondering if there's a different way to solve the 
problem, and I don't yet really understand the problem.  By 
understanding the problem, I mean what the reason is you want to 
remove an AS.

Actually, there may be some ways to do it with AS-SET aggregation, 
but these tend to be ugly.



- Original Message -
From: Nigel Roy 
To: 
Cc: fwells12 
Sent: Thursday, November 29, 2001 7:33 AM
Subject: Re: BGP regular expressions


  I haven't seen anyone else answer so I thought I would put you out of
your
  misery.

  In short no you can't.  You can identify any individual part of your AS
path
  with all sorts of wonderful regular expressions but the only thing IOS
  allows you to do to change an AS path is to add or prepend AS numbers
to
  it.  It would be potentially dangerous to remove AS numbers from the path
as
  the AS path is used in loop prevention.

  Nigel RoyCCIE #1405

  - Original Message -
  From: fwells12 
  To: 
  Sent: Wednesday, November 28, 2001 9:46 PM
  Subject: BGP regular expressions


   I have been playing with regular expressions but I have not found one
that
   will do this yet -if there is one...
  
   I want to take a particular AS OUT of an as path?   Lets say you have
some
   routes that traverse the ASs' 100 200 300 400 500 on their way to a BGP
   speaker.  I would like to be able to use one of the routers in that
path
  to
   take its own AS out of the path.  For example, using the above AS path,
  can I
   make Router200 take its own AS (200) out of path it advertises to
  downstream
   BGP speakers.
  
   The result I want is that Router500 (furthest downstream bgp speaker)
  see's
   networks on Router100 with the following AS path: 100 300 400 500.  Can
  this
   be done, even though AS 200 is actally part of the physical route?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27721t=27721
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco ACS/Telnet config [7:27648]

[[EMAIL PROTECTED]]

Hi Richard,

You did nothing wrong, you only left something undone, amend your configs as
thus and you would be through:
1. Change the command
aaa authentication login default tacacs+
To read
  aaa authentication login default tacacs+  local

2. Create a CLI authenticated account eg
   username x password n

And you would be through.
This is a common problem when configuring aaa on a routers, many times you
get locked out by your own router/AS thats if you are not very careful.

Good luck

Regards.
Oletu
- Original Message -
From: Jim Bond 
To: 
Sent: Wednesday, November 28, 2001 10:46 PM
Subject: Re: Cisco ACS/Telnet config [7:27648]


 Maybe add ip tac source e0; password in vty is not
 necessary.

 Run debug aaa authen and debug aaa author may help
 too.

 HTH.

 Jim

 --- Richard  wrote:
  Looking at the config below,  can anyone tell me
  where I might go wrong that
  prevent me from telneting to this router?  I am able
  to use the same account
  from Cisco ACS 2.6 to log onto the console, but not
  through telnet.
 
  Thanks in advance for your help
 
 
 
  Current configuration:
  !
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname Router
  !
  aaa new-model
  aaa authentication login default tacacs+
  aaa authentication login no_tacacs enable
  aaa authentication enable default tacacs+
  aaa authentication ppp default tacacs+
  aaa authorization exec default tacacs+
  aaa authorization exec no_tacacs local
  aaa authorization network default tacacs+
  aaa authorization network no_tacacs local
  aaa accounting exec default start-stop tacacs+
  aaa accounting network default start-stop tacacs+
  enable password enable
  !
  ip subnet-zero
  !
  !
  !
  interface Ethernet0
   ip address 5.1.1.4 255.255.255.0
   no ip directed-broadcast
  !
  interface Serial0
   no ip address
   no ip directed-broadcast
   no ip mroute-cache
   shutdown
   no fair-queue
  !
  interface Serial1
   no ip address
   no ip directed-broadcast
   shutdown
  !
  ip classless
  !
  tacacs-server host 5.1.1.1 single-connection
  tacacs-server key cisco
  !
  line con 0
   transport input none
  line aux 0
  line vty 0 4
   password line
  !
  end
 [EMAIL PROTECTED]


 __
 Do You Yahoo!?
 Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
 http://geocities.yahoo.com/ps/info1
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27722t=27648
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Configuration of Channelized E1 with IP address mappings [7:27723]

[SentinuS]

Saturday, November 24, 2001, 3:56:25 PM, you wrote:

VJ Hello All ,

VJ If anyone one has implememented do let me know.
VJ Pls help me out with the configuration(complete configuration) of
VJ channelized E1 terminating on a Cisco PRI E1 controller card.

VJ 1) How to configure the timeslots on the channelized E1 ,
VJ 2) How to alot different IP addresses(30 or 31) for each timeslot.

VJ Hope that my question has clarity.if  any further deatils are needed
do
VJ let me know.

VJ Thanks a lot ,
VJ Vijendra.
-- 
Best regards,
 SentinuS
mailto:[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27723t=27723
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN is a Backdoor !!! [7:27725]

[SentinuS]

Hi Guys;

I wonder that VPN is a Backdoor? I really need answers. Please do it.

thanks

SentinuS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27725t=27725
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO CD's [7:27701]

[Wes]

There was a bug on some CD's that affected advanced users.

If you choose a custom install, you need to have a check-mark in all
boxes.  (ie. you need to choose to install everything on the CD)
Once the install process begins, you can cancel out of installing
any product you don't want.  However, if those boxes aren't all
checked, you get blank or garbled screens when you try to use the
CD.

I never knew why, and it seems to me this only occured on NT and
2000 machines, but it happened like clockwork to guys who didn't
click every box.  Checking them all fixed things every time I saw.

Good luck, and if all else fails, and if you haven't broken your
router too badly, connect to CCO instead.

--Wes


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27724t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dial in [7:27703]

[Wes]

You've probably gone through all this step by step right?

http://www.cisco.com/warp/public/471/mod-aux-exec.html

It's the best help I've got...
--Wes


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27726t=27703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T-1 Encap Preference [7:27637]

[Priscilla Oppenheimer]

Found this in RFC 1661 which documents PPP:

The maximum length for the Information field, including Padding, but not 
including the Protocol field, is termed the Maximum Receive Unit (MRU), 
which defaults to 1500 octets. By negotiation, consenting PPP 
implementations may use other values for the MRU.

P.

At 03:05 PM 11/29/01, Howard C. Berkowitz wrote:
 Howard,
 
 Correct me if am wrong but, the HDLC advantage over PPP is the MTU size.
 PPP supports 1500 while HDLC 4xxx (can't remember the exact number),
 this might be helpful in situations where DF bit is set.
 
 Nabil

I'd have to research this -- I don't offhand remember PPP (as the
protocol) having a MTU limit that small.  It would surprise me, given
the interest in POS.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27728t=27637
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCO CD's [7:27701]

[Alex Lee]

It should be somewhere in the archives. Let me recap a group-member's
recommendation :-

Quote
open the 'search.ini' file under CiscoCD directory, locate this line

  Browser=C:\Program~1\intern~1\iexplorer.exe

change it to

 Browser=

then save on exit.
Unquote


VoIP Guy  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Here's question that I have never got answered.

 How in te world do I get those CCO CD's to work?  I always install them
and
 try to open up the page and get a blank page.   I can browse the CD and
get
 to the home page that way, but as soon as I click on a link, it looks
almost
 like it's encrypted.

 I have tried IE, netscape, installing all the apps on the CD.
 What am I doing wrong?

 Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27727t=27701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN is a Backdoor !!! [7:27725]

[Gibb, Jake]

VPN could be considered a backdoor. If Joe User has a broadband
connection at home with no firewall or local client firewall installed
then when he/she connects to your VPN that is essentially a conduit for
attackers to potentially compromise. This is an issue that I am dealing
with now. Ciscos VPN client and Concentrator has a new feature that will
push a policy on the client requiring they have a firewall installed
like BlackIce etc.. If they don't it will enforce it's own basic
firewall on the client while connected. I am working on the scripted
install for my company now. 

-Jake

-Original Message-
From: SentinuS [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 29, 2001 2:37 PM
To: [EMAIL PROTECTED]
Subject: VPN is a Backdoor !!! [7:27725]


Hi Guys;

I wonder that VPN is a Backdoor? I really need answers. Please do it.

thanks

SentinuS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27729t=27725
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Absolute Must-See Cisco-related website [7:27490]

[Hire, Ejay]

For the more technically challenged, that's cisco.com, ietf.org and
ieee.org.

Great stuff, a very non-subtle way to get the point across.

-Original Message-
From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 28, 2001 2:56 PM
To: [EMAIL PROTECTED]
Subject: RE: Absolute Must-See Cisco-related website [7:27490]


Works great in Opera however...


-Original Message-
From:   Dennis [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, November 27, 2001 6:36 PM
To: [EMAIL PROTECTED]
Subject:Re: Absolute Must-See Cisco-related website [7:27490]

For some reason this url obfuscation doesn't work in IE6...



--

-=Repy to group only... no personal=-

Logan, Harold  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Yah that site's great'n all, but here are some that REALLY have all the
 answers:

 http://3330661145

 http://68265990

 http://2355282214


 Hal  -Original Message-
  From: TALBOT, WILLIAM P (SWBT) [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, November 27, 2001 2:06 PM
  To: [EMAIL PROTECTED]
  Subject: RE: Absolute Must-See Cisco-related website [7:27490]
 
 
  I have heard of that site (from somewhere...) but I don't
  have the time
  to do all that typing into the web browser and then all that
  typing into
  the search windows and sifting through the results and then
  reading and
  trying to understand what the pages say...it's all just too
  time consuming!
  I would much rather have someone just hold my hand and
  explain it all to
  me without having to do all of that other stuff on my
  own...and I do really
  appreciate how much effort I avoid by doing it that way.
 
  Thanks,
 
  Pat  ;-)
 
  -Original Message-
  From: John Neiberger [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, November 27, 2001 11:42 AM
  To: [EMAIL PROTECTED]
  Subject: Absolute Must-See Cisco-related website [7:27490]
 
 
  Check this out.  I found it recently and I have never run
  across a more
  useful site with more information regarding networking technologies,
  Cisco-related products and capabilities, configuration
  guides, you name
  it!  The URL is:
 
  www.cisco.com
 
 
  Regards,
  John (who apparently needs some more coffee this morning  )




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27730t=27490
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN is a Backdoor !!! [7:27725]

[Patrick Ramsey]

Even then though, you're not secure.  If the box is compromised before you
connect then even when the firewall is enforced, malicious activity could
still take a place...the attacker would not be able to connect to the
machine but could leave dastardly code behind to do his job for him.

I am working on this scenario now as well.  I am attempting to come up with
a best practice for cleaning a machine, installing a firewall, etc for
any vpn client.  Let me know how yours goes!

-Patrick

 Gibb, Jake  11/29/01 03:53PM 
VPN could be considered a backdoor. If Joe User has a broadband
connection at home with no firewall or local client firewall installed
then when he/she connects to your VPN that is essentially a conduit for
attackers to potentially compromise. This is an issue that I am dealing
with now. Ciscos VPN client and Concentrator has a new feature that will
push a policy on the client requiring they have a firewall installed
like BlackIce etc.. If they don't it will enforce it's own basic
firewall on the client while connected. I am working on the scripted
install for my company now. 

-Jake

-Original Message-
From: SentinuS [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 29, 2001 2:37 PM
To: [EMAIL PROTECTED] 
Subject: VPN is a Backdoor !!! [7:27725]


Hi Guys;

I wonder that VPN is a Backdoor? I really need answers. Please do it.

thanks

SentinuS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27731t=27725
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dial in [7:27703]

[416South]

YUP thanks though.

Anyone successfull with this using Win2000 and Hyperterm?  
If so what type of modem are you using? this might just be the answer to my
prayers

Thanks


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27732t=27703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T-1 Encap Preference [7:27637]

[[EMAIL PROTECTED]]

Howard,

Correct me if am wrong but, the HDLC advantage over PPP is the MTU size.
PPP supports 1500 while HDLC 4xxx (can't remember the exact number),
this might be helpful in situations where DF bit is set.

Nabil



   
  
Howard
C.
Berkowitz   To:
[EMAIL PROTECTED]
   Subject: Re: T-1 Encap Preference
[7:27637]
Sent
by:
   
nobody@groups
   
tudy.com
   
  
   
  
   
11/28/2001
11:14
PM
   
Please
respond
to
Howard
C.
   
Berkowitz
   
  
   
  




   HDLC is a Cisco-proprietary protocol.

Not to nitpick, but HDLC itself is not proprietary; Cisco's
implementation is...  HDLC was developed by the International
Organization for Standardization (ISO). It falls under the ISO
standards ISO 3309 and ISO 4335.

Like others have pointed out, PPP is the way to go when mixing
vendors, since it is an Internet standard.

There may be one exception, however, but I cannot confirm it 100%...
I was out at one of my customers a few weeks ago, and they were
changing ISPs.  I asked the new ISP whether we ought to be using PPP
or HDLC, and he said HDLC.  I commented on their use of Cisco
equipment, and he told me that the head-end router was actually a
Juniper box.

Now, it seems reasonable to me that the new kid on the block, so to
speak, would attempt to seemlessly interoperate with the most widely
used routers, but I cannot say for sure.  Can anyone confirm this?

It would be most correct to say Cisco uses an HDLC-framed proprietary
protocol.  HDLC itself is really meant to be subsetted.  LAP, LAP-B,
LAP-D, and LAP-F are all proper subsets.

Juniper may have Cisco HDLC as an option.  I know BSDI UNIX does.

But HDLC has no real advantages over PPP for router-to-router
communications, so it's not something I worry about -- if there's any
question, I use PPP.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27718t=27637
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN back door [7:27734]

[Nat Heidler]

I recently installed a VPN at work (city goverment). You would be much
better off disabling split-tunneling at the concentrator level rather
than trying to push it out to each client. That will stop your
back doors. And yes, it even cuts out all connections on a local network. I
have
4 machines in a workgroup at home, with a shared music drive. When I VPN
into work, that 
share are no longer available to other clients.

Nat
Somewhere in Kansas, USA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27734t=27734
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: serial up/up w/o cable [7:27604]

[John Neiberger]

A cable-less serial interface?  It's called a loopback interface.  ;-) 
Which makes me wonder why the original poster was attempting this in the
first place.

Is there some functionality that he/she desires to get from a serial
interface that is up/up without a cable that he/she couldn't get from a
loopback interface?

 MADMAN  11/29/01 12:39:00 PM 
To be honest I have never tried such a thing but I thought it made
sense that if I enabled loopback the interface should come up.  I now
tried reenabling keepalives and the interface is still up but it shows
itself to be in the looped state:

C7507MIX#sh int ser 4/1/3
Serial4/1/3 is up, line protocol is up (looped)

 Which makes sense as it's seeing it's own keepalive packets come back
via the loop.

  I can't do this on a 2500 either but I can't tell you why, any Cisco
hardware engineers out there??

  oh well it's pretty much acedemic anyway, cableless serial
interfaces
are about as useful as a three legged horse.

  Dave

Stefan Dozier wrote:
 
 Dave
 
 If there's no cable installed in Serial4/1/3, obviously I (atleast)
 need to broaden my level of research on why you do can accomplish
 that feat on 7500 series routers but not on 2500 series routers!
 
 It's just not happening here!
 
 But heythat's not a problem, don't mind expanding my horizons
and
 if and when I find an answer, I 'll post some feedback here.
 
 Thanks for the info Dave
 
 Priscillamy apologies!
 
 Off I goto CCO!
 
 Stefan
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
 MADMAN
 Sent: Thursday, November 29, 2001 11:13 AM
 To: [EMAIL PROTECTED] 
 Subject: Re: serial up/up w/o cable [7:27604]
 
 Tell you what, I got it to work just fine:
 
 interface Serial4/1/3
  no ip address
  no ip directed-broadcast
  ip route-cache distributed
  loopback
  no keepalive
  no cdp enable
 
 C7507MIX#sh int ser 4/1/3
 Serial4/1/3 is up, line protocol is up
   Hardware is cyBus Serial
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load
1/255
   Encapsulation HDLC, crc 16, loopback set
   Keepalive not set
   Last input never, output never, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/0/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  0 packets output, 0 bytes, 0 underruns
  0 output errors, 0 collisions, 2 interface resets
  0 output buffer failures, 0 output buffers swapped out
  3 carrier transitions
  RTS up, CTS up, DTR up, DCD up, DSR up
 
  Dave
 
 Stefan Dozier wrote:
 
  I don't think it will Priscilla! Even with the encap HDLC,
  the DCD (carrier detect) control lead must be high in order
  for the interface status to be in an up condition. The
  only way I know to accomplish that is with a cable inserted
  or some type of serial loopback plug, if there's such an
  animal.
 
  And obviously you can't have line protocol in an up state
  if the interface status isn't in an up state!
 
  Stefan
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
  Priscilla Oppenheimer
  Sent: Wednesday, November 28, 2001 7:55 PM
  To: [EMAIL PROTECTED] 
  Subject: Re: serial up/up w/o cable [7:27604]
 
  At 06:52 PM 11/28/01, Tom E wrote:
  How can you get a serial interface to go up/up without a cable
connected?
  I
  have tried loop and no keep.
 
  What's the encap? I thought this would work if you used HDLC.
 
  Priscilla
 --
 David Madland
 Sr. Network Engineer
 CCIE# 2016
 Qwest Communications Int. Inc.
 [EMAIL PROTECTED] 
 612-664-3367
 
 Emotion should reflect reason not guide it
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED] 
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27733t=27604
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN back door [7:27736]

[Gibb, Jake]

The new version 3.5 of Cisco VPN Client allows local LAN browsing access
with split tunneling. I know there is a big debate over sending all of
your traffic over the VPN just to get to a website that's up the street.
We have multiple PIX firewalls in failover configuration at our head
office and that is certainly more secure esp. if the client does not
have any firewall protection whatsover. The new client 3.5 and
concentrator IOS 3.4 is supposed to add the firewall option/mandatory to
the client. I'll be testing it this month. 

-Jake

-Original Message-
From: Nat Heidler [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 29, 2001 3:46 PM
To: '[EMAIL PROTECTED]'
Cc: Gibb, Jake
Subject: RE: VPN back door


I recently installed a VPN at work (city goverment). You would be much
better off disabling split-tunneling at the concentrator level rather
than trying to push it out to each client. That will stop your back
doors. And yes, it even cuts out all connections on a local network. I
have 4 machines in a workgroup at home, with a shared music drive. When
I VPN into work, that 
share are no longer available to other clients.

Nat
Somewhere in Kansas, USA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27736t=27736
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Retrieve Cisco config (via SNMP) [7:27735]

[anil]

Using the MIB .1.3.6.1.4.1.9.2.1.55 you can write the config to a tftp
server on your network.

to write the configuration of a Cisco router to tftp server the command
would be:
snmpset -c   .1.3.6.1.4.1.9.2.1.55.  octetstring 

Does anyone happen to know what the *OCTECTSTRING* is?
I presume the filename is the name of the file to be saved on the TFTP
server.
Has anyone aactually tried this command?


Thanks
-Anil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27735t=27735
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX conduit access lists [7:26684]

[Steve Alston]

Thanks again Allen,
  Does that mean the responses to my outbound requests are allowed in by
default?  For example, my request for a web page is allowed through the
firewall. Would the page in response of that request be allowed through the
firewall?

Steve

Allen May  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 NAT or internal servers with real IP addresses using NAT 0 can access
 anything until you block it.  Outbound requests (such as http, ftp, etc)
are
 all enabled by default.  Users outside the firewall cannot access internal
 IPs without access-list or conduit statements.

 In short, all outbound enabled and all inbound disabled by default.

 For your conduit permit icmp any any I would enable echo reply only rather
 than full icmp.  Echo reply only allows replies back to the person pinging
 or tracerouting.  Full icmp can be exploited in DOS attacks.
 example:
 access-list 10 permit icmp any any echo-reply
 access-group 10 interface outside
 (apply one to interface inside for outbound)

 Allen

 - Original Message -
 From: Steve Alston
 To:
 Sent: Wednesday, November 28, 2001 4:08 PM
 Subject: Re: PIX conduit  access lists [7:26684]


  Patrick  Allen,
Thanks for the responses -- helps loads.  I'm still slightly confused.
 
  I did a clear conduit expecting to block all incoming traffic.
Following
  the clear conduit, I did a show  conduit  to  verify   there were not
any
  conduits  in operation.  At that time, I was still able to receive web
  traffic at my workstation.  For that matter, the conduit statements only
  applied to specific servers so why am I able to receive http at my
  workstation?  I did try to PING an IP address which failed  when I
removed
  the conduits and  worked when I restored conduit permit icmp any
any --
  that behaved as expected.
 
 
  Thanks,
  Steve
 
  Allen May  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Very true and a good point, but the original question was about
conduits
   which only apply to lower-higher.  Higher-lower requires NAT.  I
   accidentally typed access-list below but meant conduit. ;)  *slap self

  get
   more coffee*.  It still applies but wasn't what I meant to say.
  
   Thanks for pointing that out though.
  
  
   - Original Message -
   From: Patrick W. Bass
   To:
   Sent: Sunday, November 25, 2001 10:14 PM
   Subject: Re: PIX conduit  access lists [7:26684]
  
  
Allen May  wrote in message
news:[EMAIL PROTECTED]...
 I'm not sure if this was answered or not, but a firewall always
  assumes
   a
 deny all at the end of the access-list for inbound.  Outbound is
   different
 since it allows all by default.

   
Remeber this:  Higher security level to lower security level,
 implicitly
allowed.  Lower security level to higher security level, implicitly
   denied.
Otherwise it gets tricky once you start messing with multipile DMZs.
   
 Also, access-lists are the way to go since conduits will be phased
 out
   in
 the near future.

 Allen

 - Original Message -
 From: Steve Alston
 To:
 Sent: Monday, November 19, 2001 9:25 AM
 Subject: Re: PIX conduit  access lists [7:26684]


  Carroll,
Thanks for the reply.  I'm using conduits now, but will switch
 to
access
  lists in the future.  (I'd like to fully understand the
  configuration
   I
  inherited before I start making changes)  Are implicit denys
  inserted
 behind
  each conduit as well?
 
 
  Carroll Kong  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Implicit denys behind every access-list are inserted.  Are you
   mixing conduits and access-lists?  You really should not.  Use
 ALL
  conduits
   or ALL access-lists.  If both are used, conduits take priority
 and
  override
   your access-lists.  Access-lists are first match, conduits are
 any
 match.
  
   At 09:24 AM 11/19/01 -0500, Steve Alston wrote:
   Does the PIX 506 require an explicit deny statement after
 setting
   up
a
   permit conduit or access list.
   
   I appear to be receiving more traffic (e.g. NTP) than my
 conduit
  statements
   allow.
   
   Thanks much,
   Steve
   -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27737t=26684
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPX sap-max-packetsize [7:27681]

[[EMAIL PROTECTED]]

John,
We use sap-max-packetsize 1376 on our WAN links (lots or SAPs), and it
never seems to have caused problems.  It might depend on what else you are
running though - if links are also being used for video or anything else
that doesn't like to be held up behind large packets, it might not be such
a good idea (yeah, you might be able to do fragmentation again, but what's
the point?)

JMcL
- Forwarded by Jenny Mcleod/NSO/CSDA on 30/11/2001 09:00 am -
   

John
Neiberger
  
cc:
Sent by: Subject: IPX
sap-max-packetsize [7:27681]
   
[EMAIL PROTECTED]
   

   

30/11/2001 02:57
am
Please respond
to
John
Neiberger
   

   





I left EtherPeek running on my workstation all night to get a feel for
the amount of broadcast traffic in our network.  In 15 hours we had over
72,000 SAP replies, most of which were from our router.  I then noticed
that it was using 480-byte packets which seems really inefficient.

Would I be asking for some unforeseen trouble if I were to configure
ipx sap-max-packetsize 1440 to triple the number of servers advertised
per packet?  This alone would dramatically reduce the number of
broadcast packets on our network.  However, it would be just my luck if
there were some consequences to this that I wasn't aware of.

Any thoughts?

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27738t=27681
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: serial up/up w/o cable [7:27604]

[Stefan Dozier]

Dave

If there's no cable installed in Serial4/1/3, obviously I (atleast)
need to broaden my level of research on why you do can accomplish
that feat on 7500 series routers but not on 2500 series routers!

It's just not happening here!

But heythat's not a problem, don't mind expanding my horizons and
if and when I find an answer, I 'll post some feedback here.

Thanks for the info Dave

Priscillamy apologies!

Off I goto CCO!

Stefan


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
MADMAN
Sent: Thursday, November 29, 2001 11:13 AM
To: [EMAIL PROTECTED]
Subject: Re: serial up/up w/o cable [7:27604]


Tell you what, I got it to work just fine:

interface Serial4/1/3
 no ip address
 no ip directed-broadcast
 ip route-cache distributed
 loopback
 no keepalive
 no cdp enable

C7507MIX#sh int ser 4/1/3
Serial4/1/3 is up, line protocol is up
  Hardware is cyBus Serial
  MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255
  Encapsulation HDLC, crc 16, loopback set
  Keepalive not set
  Last input never, output never, output hang never
  Last clearing of show interface counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/0/256 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 2 interface resets
 0 output buffer failures, 0 output buffers swapped out
 3 carrier transitions
 RTS up, CTS up, DTR up, DCD up, DSR up

 Dave

Stefan Dozier wrote:

 I don't think it will Priscilla! Even with the encap HDLC,
 the DCD (carrier detect) control lead must be high in order
 for the interface status to be in an up condition. The
 only way I know to accomplish that is with a cable inserted
 or some type of serial loopback plug, if there's such an
 animal.

 And obviously you can't have line protocol in an up state
 if the interface status isn't in an up state!

 Stefan

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Priscilla Oppenheimer
 Sent: Wednesday, November 28, 2001 7:55 PM
 To: [EMAIL PROTECTED]
 Subject: Re: serial up/up w/o cable [7:27604]

 At 06:52 PM 11/28/01, Tom E wrote:
 How can you get a serial interface to go up/up without a cable connected?
 I
 have tried loop and no keep.

 What's the encap? I thought this would work if you used HDLC.

 Priscilla
--
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27739t=27604
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNA: 0x0C0D versus 0x0D0D [7:27740]

[Howard C. Berkowitz]

Has anybody seen any good examples of this and/or what the hex numbers
mean in English relative to SNA.


In a culture that routinely uses Arabic numerals, what is non-English 
about ordinary hexadecimal as used by IBM? Hint:  for even the most 
minimal levels of certification, proficiency in binary and hex are 
necessary. CCNA still includes IPX, which uses hex.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27740t=27740
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T-1 Encap Preference [7:27637]

[Howard C. Berkowitz]

Found this in RFC 1661 which documents PPP:

The maximum length for the Information field, including Padding, but not
including the Protocol field, is termed the Maximum Receive Unit (MRU),
which defaults to 1500 octets. By negotiation, consenting PPP
implementations may use other values for the MRU.

P.

Hmmm...I definitely am aware of providers using 4470 on POS links, 
and a general trend in the gigabit-plus world to use larger MTUs. Is 
this simply industry practice, I wonder, or are there some overriding 
IEEE or IETF documents?  Perhaps in the sub-IP area, such as IP over 
Optical?


At 03:05 PM 11/29/01, Howard C. Berkowitz wrote:
  Howard,
  
  Correct me if am wrong but, the HDLC advantage over PPP is the MTU size.
  PPP supports 1500 while HDLC 4xxx (can't remember the exact number),
  this might be helpful in situations where DF bit is set.
  
  Nabil

I'd have to research this -- I don't offhand remember PPP (as the
protocol) having a MTU limit that small.  It would surprise me, given
the interest in POS.


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27741t=27637
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

/31 subnet. [7:27742]

[Nicolas FEVRIER]

Hi group,

I'm puzzled by the use of /31 subnets...
Anybody can explain me the benefits of such a subnet on an interface ?

Thanxx.

Nicolas.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27742t=27742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2500 Router problem [7:27695]

[anil]

The IP adress of router 2 needs to be changed.
Try 192.168.1.4 255.255.255.0
Thats what I would do..
This wuld put it on the same subnet.
-Anil





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
James gruggett
Sent: Thursday, November 29, 2001 5:54 PM
To: [EMAIL PROTECTED]
Subject: 2500 Router problem [7:27695]


I have a lab setup as follows: 2 2500 series routers connected to a 2900
switch.

Router1 E0 192.168.1.1 255.255.255.0
Router 2 E0 192.168.2.1 255.255.255.0
SwitchIP 192.168.1.3 255.255.255.0

I can ping and telnet to Router 1 and the switch. I can not ping
Router2. When I telnet I receive this error message(Cam't open
connection to host on port 23, a socket operation was attempted to an
unreachable host)

I console into Router 2 and E0 looks fine with ip ans it states it is
administrately up.

Any suggestions?

Thanks,

James




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27744t=27695
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: /31 subnet. [7:27742]

[MADMAN]

Point to point connections, with a /30 you waste 50% of the
avaivalable addresses.

  Dave

Nicolas FEVRIER wrote:
 
 Hi group,
 
 I'm puzzled by the use of /31 subnets...
 Anybody can explain me the benefits of such a subnet on an interface ?
 
 Thanxx.
 
 Nicolas.
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27745t=27742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: SNA: 0x0C0D versus 0x0D0D [7:27740]

[Jeff Lester]

Try the following web page.  It provides a good explanation of SAP's and how
to apply filters.

http://www.cisco.com/warp/customer/698/acl200.html

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Thursday, November 29, 2001 5:25 PM
To: [EMAIL PROTECTED]
Subject: RE: SNA: 0x0C0D versus 0x0D0D [7:27740]


Has anybody seen any good examples of this and/or what the hex numbers
mean in English relative to SNA.


In a culture that routinely uses Arabic numerals, what is non-English
about ordinary hexadecimal as used by IBM? Hint:  for even the most
minimal levels of certification, proficiency in binary and hex are
necessary. CCNA still includes IPX, which uses hex.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27746t=27740
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: serial up/up w/o cable [7:27604]

[Stefan Dozier]

Now that's a really good question!

Stefan


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Thursday, November 29, 2001 4:45 PM
To: [EMAIL PROTECTED]
Subject: Re: serial up/up w/o cable [7:27604]


A cable-less serial interface?  It's called a loopback interface.  ;-)
Which makes me wonder why the original poster was attempting this in the
first place.

Is there some functionality that he/she desires to get from a serial
interface that is up/up without a cable that he/she couldn't get from a
loopback interface?

 MADMAN  11/29/01 12:39:00 PM 
To be honest I have never tried such a thing but I thought it made
sense that if I enabled loopback the interface should come up.  I now
tried reenabling keepalives and the interface is still up but it shows
itself to be in the looped state:

C7507MIX#sh int ser 4/1/3
Serial4/1/3 is up, line protocol is up (looped)

 Which makes sense as it's seeing it's own keepalive packets come back
via the loop.

  I can't do this on a 2500 either but I can't tell you why, any Cisco
hardware engineers out there??

  oh well it's pretty much acedemic anyway, cableless serial
interfaces
are about as useful as a three legged horse.

  Dave

Stefan Dozier wrote:

 Dave

 If there's no cable installed in Serial4/1/3, obviously I (atleast)
 need to broaden my level of research on why you do can accomplish
 that feat on 7500 series routers but not on 2500 series routers!

 It's just not happening here!

 But heythat's not a problem, don't mind expanding my horizons
and
 if and when I find an answer, I 'll post some feedback here.

 Thanks for the info Dave

 Priscillamy apologies!

 Off I goto CCO!

 Stefan

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
 MADMAN
 Sent: Thursday, November 29, 2001 11:13 AM
 To: [EMAIL PROTECTED]
 Subject: Re: serial up/up w/o cable [7:27604]

 Tell you what, I got it to work just fine:

 interface Serial4/1/3
  no ip address
  no ip directed-broadcast
  ip route-cache distributed
  loopback
  no keepalive
  no cdp enable

 C7507MIX#sh int ser 4/1/3
 Serial4/1/3 is up, line protocol is up
   Hardware is cyBus Serial
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load
1/255
   Encapsulation HDLC, crc 16, loopback set
   Keepalive not set
   Last input never, output never, output hang never
   Last clearing of show interface counters never
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
   Queueing strategy: weighted fair
   Output queue: 0/1000/64/0 (size/max total/threshold/drops)
  Conversations  0/0/256 (active/max active/max total)
  Reserved Conversations 0/0 (allocated/max allocated)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
  0 packets output, 0 bytes, 0 underruns
  0 output errors, 0 collisions, 2 interface resets
  0 output buffer failures, 0 output buffers swapped out
  3 carrier transitions
  RTS up, CTS up, DTR up, DCD up, DSR up

  Dave

 Stefan Dozier wrote:
 
  I don't think it will Priscilla! Even with the encap HDLC,
  the DCD (carrier detect) control lead must be high in order
  for the interface status to be in an up condition. The
  only way I know to accomplish that is with a cable inserted
  or some type of serial loopback plug, if there's such an
  animal.
 
  And obviously you can't have line protocol in an up state
  if the interface status isn't in an up state!
 
  Stefan
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
  Priscilla Oppenheimer
  Sent: Wednesday, November 28, 2001 7:55 PM
  To: [EMAIL PROTECTED]
  Subject: Re: serial up/up w/o cable [7:27604]
 
  At 06:52 PM 11/28/01, Tom E wrote:
  How can you get a serial interface to go up/up without a cable
connected?
  I
  have tried loop and no keep.
 
  What's the encap? I thought this would work if you used HDLC.
 
  Priscilla
 --
 David Madland
 Sr. Network Engineer
 CCIE# 2016
 Qwest Communications Int. Inc.
 [EMAIL PROTECTED]
 612-664-3367

 Emotion should reflect reason not guide it
--
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27747t=27604
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re[2]: VPN is a Backdoor !!! [7:27725]

[SentinuS]

But I think VPN is not Backdoor if you use right Security Policy and
right configuration. There is one issue : Client. If you can secure
your client, there is no weakness.


Thursday, November 29, 2001, 11:47:08 PM, you wrote:
PR Even then though, you're not secure.  If the box is compromised before
you
PR connect then even when the firewall is enforced, malicious activity could
PR still take a place...the attacker would not be able to connect to the
PR machine but could leave dastardly code behind to do his job for him.

PR I am working on this scenario now as well.  I am attempting to come up
with
PR a best practice for cleaning a machine, installing a firewall, etc
for
PR any vpn client.  Let me know how yours goes!

PR -Patrick

---cut---

SentinuS
Best Regards
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27748t=27725
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

2511 Async [7:27749]

[Dave Luancing]

I am getting a 2500 Async router with the built in 
Async ports (RJ45). Does anyone know, do I use a
straight thru cable or cisco rolled cable to speak to
other cisco routers?  I have previously only worked
with the Octel cables.

I also will be configuring this to speak to a modem
bank, has anyone had experience with this... Is there
configuration that needs to be done on the modem bank
side. The router will be configured to support remote
nodes.

- Dave

__
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27749t=27749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2511 Async [7:27749]

[Daniel Cotts]

It uses rolled cables. New ones ship with green colored flat cables. The
great part is that you can easily create your own custom length cables.

 -Original Message-
 From: Dave Luancing [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 29, 2001 5:48 PM
 To: [EMAIL PROTECTED]
 Subject: 2511 Async [7:27749]
 
 
 I am getting a 2500 Async router with the built in 
 Async ports (RJ45). Does anyone know, do I use a
 straight thru cable or cisco rolled cable to speak to
 other cisco routers?  I have previously only worked
 with the Octel cables.
 
 I also will be configuring this to speak to a modem
 bank, has anyone had experience with this... Is there
 configuration that needs to be done on the modem bank
 side. The router will be configured to support remote
 nodes.
 
 - Dave
 
 __
 Do You Yahoo!?
 Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
 http://geocities.yahoo.com/ps/info1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27750t=27749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CBAC question [7:27751]

[Hunt Lee]

I have read the MCNS (Cisco Press) book several times, expecially on Chapter
8, however, I'm still very confused about the following question:

The book states that when configuring CBAC on an external interface,

1)The Outbound Access-List can be standard or extended
2)The Inbound Access-List MUST be extended

And when configuring CBAC on an external interface,

1)The Inbound Access-List at the internal interface or Outbound
Access-List can be either standard or extended
2)The Outbound Access-List at internal interface or Inbound Access-List
at external interface MUST be extended.

It also states that for CBAC to create a temporary opening in an
access-list, the access-list Must be extended?


Any help is greatly appreciated.

Best Regards,
Hunt Lee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27751t=27751
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: T-1 Encap Preference [7:27637]

[Priscilla Oppenheimer]

Well, the RFC does say that consenting PPPs can use other values. Is that 
like consenting adults?

I've been wondering about larger MTUs though. I mentioned this issue in 
another message today. A lot of novices think that having a large interface 
MTU is going to make a big difference, but I'm not convinced. The interface 
isn't going to combine packets it receives into larger packets just because 
of the larger MTU. Packets can't grow!?

The applications would have to be reconfigured to use larger packets sizes 
too. They may use MTU discovery, but I bet a lot of applications that have 
a legacy of running on Ethernet and the Internet either don't do MTU 
discovery or don't even attempt a very large packet size.

I'll have to look into this. Thoughts? Comments?

Priscilla

At 05:26 PM 11/29/01, Howard C. Berkowitz wrote:
 Found this in RFC 1661 which documents PPP:
 
 The maximum length for the Information field, including Padding, but not
 including the Protocol field, is termed the Maximum Receive Unit (MRU),
 which defaults to 1500 octets. By negotiation, consenting PPP
 implementations may use other values for the MRU.
 
 P.

Hmmm...I definitely am aware of providers using 4470 on POS links,
and a general trend in the gigabit-plus world to use larger MTUs. Is
this simply industry practice, I wonder, or are there some overriding
IEEE or IETF documents?  Perhaps in the sub-IP area, such as IP over
Optical?

 
 At 03:05 PM 11/29/01, Howard C. Berkowitz wrote:
   Howard,
   
   Correct me if am wrong but, the HDLC advantage over PPP is the MTU
size.
   PPP supports 1500 while HDLC 4xxx (can't remember the exact number),
   this might be helpful in situations where DF bit is set.
   
   Nabil
 
 I'd have to research this -- I don't offhand remember PPP (as the
 protocol) having a MTU limit that small.  It would surprise me, given
 the interest in POS.
 
 
 Priscilla Oppenheimer
 http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27754t=27637
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Help on VLSM [7:27665]

[[EMAIL PROTECTED]]

This is the ability to severaly subnet your intial block of IP addresses to
smaller usage networks)subnets). This is don by borrowing subnet bits from
the host part of the IP address block. It is mostly required if you have
many serial/WAN connections or better still you want to properly seperate
your network for precise management/troubleshooting purposes.
eg for a block of IP address as this
216.72.67.0 255.255.255.0

If you have a router with say two interfaces and circumtances require that
we give each interface a global IP address. Without VLSM =Variable Length
Subnet Mask, you would not be able to achieve this from the above given IP
address block. VLSM saves you the problem of requesting for another IP
address block. Now to be able to name my roouter interfaces(2), I will have
to borrow 6 bits from the host part , that would give (128+64+32+16+8+4=252)
ie (256-252=4 IP addresses per subnet, only 2 usable, the 1st is network
address(unusable) and the other is broadcast address (unusable)).

Your two interfaces could then be named as:
inf1=216.72.67.1 255.255.255.252 to 216.72.67.3 255.255.255.252
inf2=216.72.67.5 255.255.255.252 to 216.72.67.7 255.255.255.252

Coninue in steps of 4 to name other networks, however if you no longer have
other networks you can revert back to something like:

216.72.67.9 255.255.255.0
216.72.67.10 255.255.255.0
216.72.67.11 255.255.255.0 etc for host addresses

Rememebr only routing protocols that supports CIDR would be able to rout
your networks.

Go to www.cisco.com to learn more.

Regards.
Oletu
- Original Message -
From: Tel Khan 
To: 
Sent: Thursday, November 29, 2001 4:35 AM
Subject: Help on VLSM [7:27665]


 Hi folks,

 I dont fully undertand VLSM i have read this in the Sybex book and i'm
still
 at a loss, I would be grateful for some guideness.

 Sorry for beeing thick!

 Regards
 Tel
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27753t=27665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: serial up/up w/o cable [7:27604]

[Priscilla Oppenheimer]

It's for testing purposes. There are lots of testing situations when you 
want an interface to act like it's up even if it's not sending any packets.

This isn't a case where we can do our normal thing of treating people who 
ask questions like they are dumb butts. Sorry, long day.

Check this out!

charlotte#config t
Enter configuration commands, one per line.  End with CNTL/Z.
charlotte(config)#int s0
charlotte(config-if)#no keep
charlotte(config-if)#loopback
charlotte(config-if)#end
charlotte#
%SYS-5-CONFIG_I: Configured from console by console
charlotte#
charlotte#
charlotte#show int s0
Serial0 is up, line protocol is up
   Hardware is MCI Serial
   Internet address is 192.168.40.2 255.255.255.0
   MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255
   Encapsulation FRAME-RELAY, loopback set, keepalive not set
   Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 29
   Last input 0:00:06, output 0:00:05, output hang never
   Last clearing of show interface counters never
   Output queue 0/40, 0 drops; input queue 0/75, 0 drops
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  69 packets input, 3077 bytes, 0 no buffer
  Received 2 broadcasts, 0 runts, 0 giants
  3 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 3 abort
  74 packets output, 3708 bytes, 0 underruns
  0 output errors, 0 collisions, 6 interface resets, 0 restarts
  0 output buffer failures, 0 output buffers swapped out
  9 carrier transitions

Of course, I doubt that my lab of MGS routers resembles anything in the 
real world! ;-)

Priscilla

At 06:32 PM 11/29/01, Stefan Dozier wrote:
Now that's a really good question!

Stefan


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Thursday, November 29, 2001 4:45 PM
To: [EMAIL PROTECTED]
Subject: Re: serial up/up w/o cable [7:27604]


A cable-less serial interface?  It's called a loopback interface.  ;-)
Which makes me wonder why the original poster was attempting this in the
first place.

Is there some functionality that he/she desires to get from a serial
interface that is up/up without a cable that he/she couldn't get from a
loopback interface?

  MADMAN  11/29/01 12:39:00 PM 
To be honest I have never tried such a thing but I thought it made
sense that if I enabled loopback the interface should come up.  I now
tried reenabling keepalives and the interface is still up but it shows
itself to be in the looped state:

C7507MIX#sh int ser 4/1/3
Serial4/1/3 is up, line protocol is up (looped)

  Which makes sense as it's seeing it's own keepalive packets come back
via the loop.

   I can't do this on a 2500 either but I can't tell you why, any Cisco
hardware engineers out there??

   oh well it's pretty much acedemic anyway, cableless serial
interfaces
are about as useful as a three legged horse.

   Dave

Stefan Dozier wrote:
 
  Dave
 
  If there's no cable installed in Serial4/1/3, obviously I (atleast)
  need to broaden my level of research on why you do can accomplish
  that feat on 7500 series routers but not on 2500 series routers!
 
  It's just not happening here!
 
  But heythat's not a problem, don't mind expanding my horizons
and
  if and when I find an answer, I 'll post some feedback here.
 
  Thanks for the info Dave
 
  Priscillamy apologies!
 
  Off I goto CCO!
 
  Stefan
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
  MADMAN
  Sent: Thursday, November 29, 2001 11:13 AM
  To: [EMAIL PROTECTED]
  Subject: Re: serial up/up w/o cable [7:27604]
 
  Tell you what, I got it to work just fine:
 
  interface Serial4/1/3
   no ip address
   no ip directed-broadcast
   ip route-cache distributed
   loopback
   no keepalive
   no cdp enable
 
  C7507MIX#sh int ser 4/1/3
  Serial4/1/3 is up, line protocol is up
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load
1/255
Encapsulation HDLC, crc 16, loopback set
Keepalive not set
Last input never, output never, output hang never
Last clearing of show interface counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
   Conversations  0/0/256 (active/max active/max total)
   Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
   0 packets input, 0 bytes, 0 no buffer
   Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
   0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
   0 packets output, 0 bytes, 0 underruns
   0 output errors, 0 collisions, 2 interface resets
   0 output buffer failures, 0 output buffers swapped out
   3 carrier transitions
   

Re: ISDN Q.921 and Q.931 [7:27568]

[Howard C. Berkowitz]

VoIP Guy   wrote, I was wrong.

I looked it up last night and there is a seq. number in the control field of
LAPB, HDLC, and LABD.

No problem with LAPB and LAPD, which are proper subsets of full HDLC. 
Again, full HDLC is more of an architecture -- I've never known 
ANYONE to implement ever feature of it.

Both, the sending and receiving stations must keep
the same seq. numbers when transmitting, but I cannot find anything on
retransmission at that layer.  But I asked an old IBM guy I used to work
with and he said that SDLC and all the related layer two protocols do
require retrans when bad packets are found or missing.  So I would assume
that LAPD layer two is reliable.



And as everyone else said, the SS7
signalling (Q.931) is just control and status messages over D channel.

SS7 doesn't use Q.931, but SSCOP (don't ask me what the ITU number 
is). SSCOP is meant as the ultimately reliable protocol -- it allows 
multilink operation, so retransmission requests are made only if no 
frame with a correct CRC arrives on any link.


And B channel is a different retrans technique, based upon the higher layer
protocols it carries.  If an ISDN frame gets corrupt, both channels will be
retransmitted, but by differnt methods.  So ISDN D channel is inherently
reliable at layer two and B channel is reliable only if that higher layer
protocol is.


See a few comments below



Peter Whittle  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I sent this to Priscilla on the topic and she suggested that the group
  might benefit from my response, so here it is.

  Priscilla,

  I think that you may find it helpful to separate end - to - end data
  transfer from signalling.

  Very few L2 protocols offer error correction. The modern approach is to
  require the L1 transmission to provide intrinsically reliable
  communication and hence it is a waste of bandwidth to implement error
  correction both on hop by hop and end to end basis as per X.25.
  Modern WAN digital transmission systems are designed to offer
  transmission error rates of fewer than 1 bit error in 10^9 bits.

  On Telco Wan links it is common on this side of the pond to require
  transmission media to offer error rates better than 1 in 10^9 and often
  1 in 10^11. Indeed the commissioning tests call for fewer than 1 error
  in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error
  in 24 hours on International links prior to acceptance from Transmission
  into Networks for operational trunks. That is not to say that links may
  not degrade but if the error rates became worse than 1 in 10^9 it would
  be time for Network operations to call 'holes  poles' (Transmission) to
  fix it.

  The fundamental assumptions in both Frame Relay and ATM is that they are
  running over intrinsically reliable transmission media. The low error
  rates being achieved either by correctly engineered transmission paths
  or by the use of significant forward error correction built in to the
  transmission equipment.

  ATM, and Frame Relay, implement error correction, or more precisely re-
  transmission in the interface to the signalling protocols. ISDN relies
  on the hop by hop error correction offered by LAPD.  However, they tend
  to leave the issue of payload error correction to any high level end-to-
  end protocols being run on top of these L2 Datalinks.

  ATM offers no direct protection of payload content, the HEC only
  protects the ATM header. However, some AALs do offer protection if not
  correction of the payload. Even AAL5 - most common for IP has a check
  polynomial (CRC32) to protect the CS PDU. It performs error detection
  but not correction. In the case of Q.2931, SAAL (version of AAL5 to
  carry signalling) will detect faulty PDUs.  If you want to look at ATM
  signalling take a look at Q.2931 essentially an enhanced and extended
  version of narrow band ISDN Q.931 signalling.  Take a look at the ATM
   forum website. www.atmforum.org


  Frame Relay has Frame Check Sequence that again will detect faulty
  frames. (Incidentally Carrier Switches tend to drop frames with a faulty
  FCS). Incidentally Frame Relay is sometimes known as LAPF. Take a look
  at the frame relay forum web site. www.frforum.org there are some good
  white papers and the frf's recommendations that you can download.


  ISDN B channel - is a 64 Kbit clear channel and the network makes no
  assumptions about the contents. It could be any number of data formats
  or indeed it could be 64 K G.711 PCM voice. The most ubiquitous use of
  data over ISDN is to encapsulate it in PPP which is intrinsically multi-
  protocol. However, it is also possible to use HDLC, X.25, Frame Relay,
  or any number of specialist protocols. D channel usage is somewhat
  different. L2 on D channel is Q.921 (as you say also known as LAPD). It
  is perhaps worth pointing out the ISDN signalling is NOT an end to end
  protocol! ISDN signalling only traverses the single hop to the
  

cisco Study group in Dubai [7:27758]

[Naveen]

Dear friends,

Please contact me for forming study group in Dubai, UAE.

Kind regards
Naveen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27758t=27758
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CISCOWORKS USER GUIDE RWAN LMS [7:27743]

[anil]

from Amazon.com:
What is RWAN, LMS?
Thanks
-Anil

--
CISCO CISCOWORKS USER GUIDE RWAN LMS
No photo available
Price:  $68.87 sh fee $8.00
Description:  CISCOWORKS USER GUIDE RWAN LMS

Note: This merchant will not ship this item outside of United States.
Merchant:  microtechonline zShop   (9)
Seller: microtechonline zShop


Details:

CISCOWORKS USER GUIDE RWAN LMS

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Circusnuts
Sent: Thursday, November 29, 2001 4:47 AM
To: [EMAIL PROTECTED]
Subject: Re: CiscoWorks, Cisco Secure [7:27563]


Nope- I had to purchase the courseware and a documentation kit off of Ebay.
Cisco does offer a CBT for $10 + shipping.  There is always the Global
Knowledge bootcamp for $5,000 :o)

All the best !!!
Phil

- Original Message -
From: D sam
To:
Sent: Wednesday, November 28, 2001 3:35 PM
Subject: CiscoWorks, Cisco Secure [7:27563]


 does any one know if there are any books for cisco works and Cisco secure
 that can be purchased by the public.

 rick

 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27743t=27743
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reset Cisco Cat 2800 switch [7:27756]

[Jacky]

Dear All,

I have get my first switch from ebay but there is password protected. I
have try to reset password with the following web page
http://www.cisco.com/warp/public/474/pswdrec_2800.shtml still failed.

When the switch at system engineering mode, it still have password
protected.

Have any idea to reset password. Thanks you for all your helpping!!

Jacky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27756t=27756
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Restrict remote users access to corporate network [7:27759]

[David Tran]

Hi Everyone,

Perhaps someone in the group can help me with this problem.
I have Cisco Pix515-UR (128MB RAM/16MB Flash) running PIX
code 6.1(1) with Pix Device Manager (PDM) version 1.1(2).  This
PIX is connected to my cable modem with STATIC IP address
129.174.1.13 on the outside interface.  The inside interface
(which is my internal network) has an IP of 192.168.1.1
with a netmask of 255.255.255.0.  On the internal network, I have
a BSD box (IP 192.168.1.10), a Linux box (192.168.1.20), a
Solarisx86 (IP 192.168.1.30) and a SCO Unix with IP 192.168.1.40

I have successfully implemented VPN connection for remote users
using Cisco VPN client 3.1.1 running on Win98, NT, 2000 and Linux
to connect to the internal network.  Once these remote users are
successfully connected, they can access all the devices on the
internal network.

I have 2 questions:

1) Let say that I just want remote users to access just the BSD box
and the Linux box but not the Solaris and SCO, how can I make this
happen?  I know how to do that with Checkpoint Secure Remote
(Checkpoint use Encryption domain which specify which devices
remote user is allowed to access).  How can I accomplish this
in PIX?  For example, I just want remote users to ping the BSD
and Linux boxes but not Solaris and SCO boxes.

2) I have 4 different remote users who connect to the internal network
via VPN IPSec connection.  All of these users are using the same account
(vpn3000) to connect back to the network.  From a Security stand point, this
is
bad practices.  How can I assign each of these users different account in
the configuration?  Again, I know how to do this with Checkpoint; however,
I don't know how to get it done in PIX.

Below is the configuration.  Please help.  thanks.

PIX Version 6.1(1)
 nameif ethernet0 outside security0
 nameif ethernet1 inside security100
 enable password OnTrBUG1Tp0edmkr encrypted
 passwd 2KFQnbNIdI.2KYOU encrypted
 hostname goss-d3-pix515b
 domain-name micronetsolution.com
 fixup protocol ftp 21
 fixup protocol http 80
 fixup protocol h323 1720
 fixup protocol rsh 514
 fixup protocol smtp 25
 fixup protocol sqlnet 1521
 fixup protocol sip 5060
 fixup protocol skinny 2000
 names
 !
 !--- Access-list to avoid Network Address Translation (NAT) on the IPSec
packets
 access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0
255.255.255.0
 pager lines 24
 interface ethernet0 auto
 interface ethernet1 auto
 mtu outside 1500
 mtu inside 1500
 !
 !--- IP addresses on the interfaces
 ip address outside 129.174.1.13 255.255.240.0
 ip address inside 192.168.1.1 255.255.255.0
 ip audit info action alarm
 ip audit attack action alarm
 ip local pool ippool 192.168.2.1-192.168.2.254
 no failover
 failover timeout 0:00:00
 failover poll 15
 failover ip address outside 0.0.0.0
 failover ip address inside 0.0.0.0
 pdm history enable
 arp timeout 14400
 !
 !--- Binding ACL 101 to the NAT statement to avoid NAT on the IPSec packets
 nat (inside) 0 access-list 101
 !
 !--- Default route to the Internet
 route outside 0.0.0.0 0.0.0.0 129.174.1.1 1
 timeout xlate 3:00:00
 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
 timeout uauth 0:05:00 absolute
 aaa-server TACACS+ protocol tacacs+
 aaa-server RADIUS protocol radius
 http server enable
 http 192.168.1.0 255.255.255.0 inside
 no snmp-server location
 no snmp-server contact
 snmp-server community public
 no snmp-server enable traps
 floodguard enable
 !
 !--- The sysopt command avoids conduit on the IPSec encrypted traffic
 sysopt connection permit-ipsec
 no sysopt route dnat
 !
 !--- Phase 2 encryption type
 crypto ipsec transform-set myset esp-des esp-md5-hmac
 crypto dynamic-map dynmap 10 set transform-set myset
 crypto map mymap 10 ipsec-isakmp dynamic dynmap
 !
 !--- Binding the IPSec engine on the outside interface
 crypto map mymap interface outside
 !
 !--- Enabling ISAKMP key-exchange
 isakmp enable outside
 isakmp identity address
 !
 !--- ISAKMP Policy for 3000 VPN client running 3.0 or higher code
 isakmp policy 10 authentication pre-share
 isakmp policy 10 encryption des
 isakmp policy 10 hash md5
 isakmp policy 10 group 2
 isakmp policy 10 lifetime 86400
 !
  !--- IPSec group configuration for either VPN client
 vpngroup vpn3000 address-pool ippool
 vpngroup vpn3000 dns-server 192.168.1.10
 vpngroup vpn3000 default-domain micronetsolution.com
 vpngroup vpn3000 idle-time 1800
 vpngroup vpn3000 password 
 telnet timeout 5
 ssh timeout 5
 terminal width 80




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27759t=27759
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]