Re: First learning experience. [7:27653]
Ryan Ngai Hon Kong wrote: Hi all, Just want to tell you all that I finally attempted my first lab on 28/11. What an experience for 2 years in networking line (newbies) after completing all my NA/NP certification and finally now turning to the lab. I knew I didn't do a good job there though the result have not been released yet (which took a couple of days), it's my first learning experience. finally, did you take the lab exam in Hong Kong? I have thought that I need to travel to BeiJiang or Singpoare to take the lab test.. Regards, c.h.Ip (for me, it still a long way to go. I think i can make my first lab attmept in 18 or 24 months, as now on the way of NP DP exams, and seeking study parther...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27656t=27653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Slimline 2 [7:27365]
Hi, is this Slimline 2 ISDN simulator a software ? If it is, can you send one copy to me ? [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27657t=27365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network simulator [7:27658]
Is there any router simulation software that I can configure to run in a Frame Relay and ISDN network ? Appreciate if anyone who knows can send me one. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27658t=27658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Q.921 and Q.931 [7:27568]
I sent this to Priscilla on the topic and she suggested that the group might benefit from my response, so here it is. Priscilla, I think that you may find it helpful to separate end - to - end data transfer from signalling. Very few L2 protocols offer error correction. The modern approach is to require the L1 transmission to provide intrinsically reliable communication and hence it is a waste of bandwidth to implement error correction both on hop by hop and end to end basis as per X.25. Modern WAN digital transmission systems are designed to offer transmission error rates of fewer than 1 bit error in 10^9 bits. On Telco Wan links it is common on this side of the pond to require transmission media to offer error rates better than 1 in 10^9 and often 1 in 10^11. Indeed the commissioning tests call for fewer than 1 error in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error in 24 hours on International links prior to acceptance from Transmission into Networks for operational trunks. That is not to say that links may not degrade but if the error rates became worse than 1 in 10^9 it would be time for Network operations to call 'holes poles' (Transmission) to fix it. The fundamental assumptions in both Frame Relay and ATM is that they are running over intrinsically reliable transmission media. The low error rates being achieved either by correctly engineered transmission paths or by the use of significant forward error correction built in to the transmission equipment. ATM, and Frame Relay, implement error correction, or more precisely re- transmission in the interface to the signalling protocols. ISDN relies on the hop by hop error correction offered by LAPD. However, they tend to leave the issue of payload error correction to any high level end-to- end protocols being run on top of these L2 Datalinks. ATM offers no direct protection of payload content, the HEC only protects the ATM header. However, some AALs do offer protection if not correction of the payload. Even AAL5 - most common for IP has a check polynomial (CRC32) to protect the CS PDU. It performs error detection but not correction. In the case of Q.2931, SAAL (version of AAL5 to carry signalling) will detect faulty PDUs. If you want to look at ATM signalling take a look at Q.2931 essentially an enhanced and extended version of narrow band ISDN Q.931 signalling. Take a look at the ATM forum website. www.atmforum.org Frame Relay has Frame Check Sequence that again will detect faulty frames. (Incidentally Carrier Switches tend to drop frames with a faulty FCS). Incidentally Frame Relay is sometimes known as LAPF. Take a look at the frame relay forum web site. www.frforum.org there are some good white papers and the frf's recommendations that you can download. ISDN B channel - is a 64 Kbit clear channel and the network makes no assumptions about the contents. It could be any number of data formats or indeed it could be 64 K G.711 PCM voice. The most ubiquitous use of data over ISDN is to encapsulate it in PPP which is intrinsically multi- protocol. However, it is also possible to use HDLC, X.25, Frame Relay, or any number of specialist protocols. D channel usage is somewhat different. L2 on D channel is Q.921 (as you say also known as LAPD). It is perhaps worth pointing out the ISDN signalling is NOT an end to end protocol! ISDN signalling only traverses the single hop to the signalling processor on the nearest switch. This signalling processor then signals to the signalling processor of the next switch and finally the signalling processor on the last switch communicates with the far end CPE. In Public Carrier Networks the signalling between switches is normally SS7 or C7 as it is sometimes known. The D channel is normally used for signalling but in the case of Basic Rate may also be used for permanently on low speed data services such as X.31 (9k6 X.25 in D channel, which uses LAPD for L2 and normal X.25 L3) Q.931 is used on public networks to communicate with the Carrier's CO switch and is fairly primitive in its feature set. QSIG is essentially a superset of Q.931 used on private telephony networks to signal between PABXs and offers an enhanced set of features such as 'camp on extension', 'ring back when free', redirect calls etc. X.25 has hop by hop error detection and correction in L2 - LAPB and also end to end in the L3. Sometimes known as 'belt and braces' or 'The Pony Express' of data communications. 'We get the data through, eventually, no matter how crummy the analogue link is!' Not being of IBM extraction I am not in a position to comment on SDLC or Bisync. I hope that this helps Peter -- Peter Whittle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27659t=27568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Numbers for Cisco 7206 [7:27531]
show hardware H.T.H. Dom Stocqueler Tay Chee YongTo: [EMAIL PROTECTED] Subject: Serial Numbers for Cisco 7206 [7:27531] Sent by: nobody@groups tudy.com 28/11/2001 10:10 Please respond to Tay Chee Yong Hi all, May I know how can I obtain the serial number for the NPE for Cisco 7206?? The show c7200 command says that its displaying the CPU EEPROM serial number. Is it also referring to the serial number of the NPE? Please advise. Regards, Cheeyong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27660t=27531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP telephony [7:27533]
As Matthew said looks like you've got every thing already, all you have to do is set up the call routing, simple Cheers Anil Kumar wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, For a customer i have implemented an Voip and Ip telephony between two office with Cisco Call Manager 3.0. I need to intergrate the CCM with Normal PBX phones, so that users can dail to the normal telephone to Ip telephone. For the Voip i am using Cisco 3640 and 3660 Routers with NM-HDV cards and both the HDV cards are connected to Nortel PBX. Need help/sugesstion on this. Thanks in Advance. Regards.. Anil = Thanks Regards V Anil Kumar __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27661t=27533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Damian Rizzo Eats Poo [7:27662]
Damian Rizzo have you passed your ccnp yet. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27662t=27662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS/Telnet config [7:27648]
Hi Richard, The aaa-new model command, once enabled always asks you for a username/password combination for any login type. Looking at your config I expect you to get a username/password prompt and failed logins for both con and vty unless if authenticated by tacacs and am surprised you are able to login by console. To get around it, a. Creat a local username/password on the AS ie username anything password anyotherthing b. Add the command aaa authentication login no_tacacs local c. Add the command: login authentication no_tacacs to your con and vty lines to reference b. above I once experienced a similar thing and resolved it as above, except you want to authenticate all logins by tacacs. I am open to corrections. Tunji _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27663t=27648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: First learning experience. [7:27653]
Thanks for sharing your experience! Keep you head up, study hard, and you'll get it next time. I'll be taking the lab for the first time in Jan... -- -=Repy to group only... no personal=- Ryan Ngai Hon Kong wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Just want to tell you all that I finally attempted my first lab on 28/11. What an experience for 2 years in networking line (newbies) after completing all my NA/NP certification and finally now turning to the lab. I knew I didn't do a good job there though the result have not been released yet (which took a couple of days), it's my first learning experience. I found that this is the complete lab I'd ever put my hands on, all the while I only had 4-5 routers at home to practice. Lots of practice needed to get me more prepare for the next round, which might be 1/2 years ahead. I was inspired by Chuck's story line before I had my exam the other night, and now it's all over. Time is not something we ask for, knowledge keep you going. You got to know what to do when you face a problem, you don't really have a choice. For the last 15 mins before it's over, I knew I will not finish them on time so I'll just stop and review all the question and keep them in mind. They are my first lesson and it'll be more tougher the next attempt. I didn't regret for the result later, I'm just happy that quality of the exam really worth for everyone here to work after. They'll sure pay off one day. One day lab is a monster, with little trouble in mind memorizing the ip address, distribution and routing table, you will soon overcome them. Once the frame relay works, routing come into picture. You have no idea how and what the end of this lab are trying to achieve, putting tons of assumption into the answer though they never work.. you got no time to browse the documentation cd, you can't wait a sec to save your configuration and you can't affort to show run your configuration at all time. Memorizing and organizing every single information is crucial to keep you on time. Luckily troubleshooting is removed from the lab. Thanks to Jeff for putting off my nervous on my first attempt, I'm sure I'll see you again next round. On my way home riding on a bus, the question still dazzle on my mind. The movie played on the journey home, Pearl Harbour even inspire me that getting train to fly a dangerous mission even harder getting the CCIE status. I promise myself that I'll work even harder for my next lab attempt. To all the others coming up with your lab attempt this year, good luck to you all. Never doubt on your first attempt, take it as part of your first learning experience. My mind is empty when I had it also. Have a nice day. Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27664t=27653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help on VLSM [7:27665]
Hi folks, I dont fully undertand VLSM i have read this in the Sybex book and i'm still at a loss, I would be grateful for some guideness. Sorry for beeing thick! Regards Tel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27665t=27665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: First learning experience. [7:27653]
There are 4 places to go for the R/S lab in AP for guys like us in HK: Tokyo, Beijing, Singapore and Sydney. The backlog in BJ is pretty long, you might think about SG or Tokyo. Though I took mine at Sydney, for twice. Gary CCIE#8256 c.h.ip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ryan Ngai Hon Kong wrote: Hi all, Just want to tell you all that I finally attempted my first lab on 28/11. What an experience for 2 years in networking line (newbies) after completing all my NA/NP certification and finally now turning to the lab. I knew I didn't do a good job there though the result have not been released yet (which took a couple of days), it's my first learning experience. finally, did you take the lab exam in Hong Kong? I have thought that I need to travel to BeiJiang or Singpoare to take the lab test.. Regards, c.h.Ip (for me, it still a long way to go. I think i can make my first lab attmept in 18 or 24 months, as now on the way of NP DP exams, and seeking study parther...) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27666t=27653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Split Horizon and Frame [7:27668]
Folks, Quick question just to make sure I have things correct in my head. Please correct me if I'm wrong. O.k. FOR IPX every frame interface (physical, point, multipoint) split horizon is enabled by default. FOR IP physical frame interface split horizon is disabled and for point and multipoint split horizon is enabled by default. The above on ATM interfaces is it the same rules?? Cheers Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27668t=27668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Send BREAK to console thru term server [7:27572]
It can be done, but your telnet program has to support the break sequence. The telnet program that ships with win98 won't do it, but if you use hyperterm as your telnet client, that does work, depending on the OS. The version of hyperterm that ships with win98 supports the break sequence, but the one that ships with Windows NT doesn't. Those are the only ones I've messed with to see if the password recovery works or not. Here's my setup: Using hyperterm, I telnet into a 2509 router, that has an octal cable plugging into several other routers' console ports. From there, if I or one of my students want to do the password recovery procedure just for practice, that's no problem. I console into the router from the 2509, and I enable, type reload, and as the router reboots, I hit Ctrl-break. No problem. Where you run into problems is if you actually need to do a password recovery because you don't know the enable password. Either you need to call someone on site and ask them to reboot the router, or there are products by APC (and others I'm sure) that will let you remotely power-cycle a router. hth, Hal Logan Network Specialist / Adjunct Faculty Computing and Engineering Technology Manatee Community College -Original Message- From: Sean Wu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 4:01 PM To: [EMAIL PROTECTED] Subject: Send BREAK to console thru term server [7:27572] How can we send a BREAK signal via telnet session? I access some device via terminal server, the only thing I am wondering is how to send a BREAK so that I can do password recovery. thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27669t=27572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Split Horizon and Frame [7:27668]
My understanding is... IPX and IP Split horizon is disabled by default on physical interfaces and enabled by default on sub-interfaces... -- -=Repy to group only... no personal=- McCallum, Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, Quick question just to make sure I have things correct in my head. Please correct me if I'm wrong. O.k. FOR IPX every frame interface (physical, point, multipoint) split horizon is enabled by default. FOR IP physical frame interface split horizon is disabled and for point and multipoint split horizon is enabled by default. The above on ATM interfaces is it the same rules?? Cheers Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27670t=27668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help on VLSM [7:27665]
At 07:35 AM 11/29/01 -0500, Tel Khan wrote: Hi folks, I dont fully undertand VLSM i have read this in the Sybex book and i'm still at a loss, I would be grateful for some guideness. Sorry for beeing thick! Regards Tel VLSM means you can variable length subnet masks. 192.168.0.0/24 is normally a classic class C block. Let us say you want to break it up into two subnets, normally you would do 192.168.0.0/25 192.168.0.128/25 What VLSM lets you do is have this scenario. Say I want 3 subnets! 192.168.0.0/25 192.168.0.128/26 192.168.0.192/26 Notice, now I have Variable Length Subnet Masks! Normally, since subnet info is not passed into certain routing protocols at all, they trust on the subnet mask assigned on the router's interface. Obviously, with just that method, you can ONLY break them into the same subnet masks across all subnets. In the VLSM case, I can break them up dynamically into smaller and smaller pieces. You can expand this example to make tiny /30 networks too. Ultimately, it is not that magical. It just means you can pass these routes into one router's interface without getting it confused because the routing protocols that support VLSM carry the subnet mask information within the routing packets. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27671t=27665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Split Horizon and Frame [7:27668]
I believe Split Horizon must be enabled for IPX RIP and is enabled by default on Frame Relay interfaces running IPX. -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IPSS Dennis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My understanding is... IPX and IP Split horizon is disabled by default on physical interfaces and enabled by default on sub-interfaces... -- -=Repy to group only... no personal=- McCallum, Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, Quick question just to make sure I have things correct in my head. Please correct me if I'm wrong. O.k. FOR IPX every frame interface (physical, point, multipoint) split horizon is enabled by default. FOR IP physical frame interface split horizon is disabled and for point and multipoint split horizon is enabled by default. The above on ATM interfaces is it the same rules?? Cheers Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27672t=27668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MTU size increase`s bandwidth ???? [7:27673]
Chaps, i came across this recently and was wondering if anyone had seen this before.. we currently have 2 10meg smds(multicast)curcuits spanning the uk each curcuit is terminated at 2 different point`s (seperate HSSI router int`s) in 2 seperate HO`s in the UK the HO`s are linked by gig ether-fibre link across the UK. OSPF is the only protocol bieng used (apart from some statics for Backup) after consulting the Cisco Documnetation about HSSI MTU over AAL3 we were advised that an MTU of 4470-9120 compared to the standard of 1500 would greatly increase the performance of our links the orignal network desinger set them to this over the last month or so ..these links have been running at 120%..(no good)...so as an experiment the MTU were changed to 1500 for the HSSI int`s and now since then the traffic has decreased to 80%.. anyone seen this before ...and why would the decrease in MTU size cuase less bandwidth to be used .. anyone TIA steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27673t=27673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Split Horizon and Frame [7:27675]
Robert, For IPX RIP, it is my understanding that you can not turn off split horizon. For IP on frame interfaces, split horizon is turned on automatically for point to point interfaces but off by default for the physical and multi-point interfaces. some one please correct me if I am incorrect. JL -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 8:03 AM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg; phil Subject: Split Horizon and Frame Folks, Quick question just to make sure I have things correct in my head. Please correct me if I'm wrong. O.k. FOR IPX every frame interface (physical, point, multipoint) split horizon is enabled by default. FOR IP physical frame interface split horizon is disabled and for point and multipoint split horizon is enabled by default. The above on ATM interfaces is it the same rules?? Cheers Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27675t=27675 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP telephony [7:27533]
This is the Voice network i am implementing. Voip on this network is working. Analog PhoneAnalog Phone | | | | | | IPtelphone-CCM3.0-3660 Router--3640 Router--IPtelephone With NM-HDVWith NM-HDV (Main Office) (Remote Office) The problem which i am facing is the call routing between the IP telephone the Analog phones to both locations. I am bit confused, and not sure to use which type of Gateway Types ( MGCP, or H.323) for the 3660 Routers. I read that MGCP is being used for mainly FXS/ FXO ports. I am using an R2 Digital Signalling for the NM-HDV card. I have enclosed the config of the main location, the same carries for the remote location too. Request your sugesstion / Comments on this. Regards.. Anil Current configuration: ! version 12.1 service timestamps debug datetime msec service timestamps log uptime no service password-encryption service udp-small-servers max-servers no-limit ! ! enable secret 5 $1$QdNt$.YqZyaiFoHfFW.ZP1yHzG/ ! ! ! ! ! memory-size iomem 10 voice-card 2 ! ip subnet-zero ip dhcp ping timeout 2000 ip dhcp relay information option ! ip dhcp-server 179.65.51.20 lane client flush isdn switch-type primary-net5 cns event-service server ! ! voice class permanent 10 signal pattern idle transmit 0001 signal pattern idle receive 0001 ! ! ! ! ! ! controller E1 1/0 framing NO-CRC4 clock source internal channel-group 1 timeslots 1-31 description connected to Branch ! controller E1 2/0 framing NO-CRC4 clock source internal ds0-group 0 timeslots 1-15,17-31 type r2-digital dtmf dnis description CONNECTED TO NORTEL EPABX ! ! ! interface Multilink1 ip address 192.168.0.2 255.255.255.252 ip helper-address 179.65.51.20 ip directed-broadcast ip tcp header-compression iphc-format no ip mroute-cache fair-queue 2048 2048 1000 no cdp enable ppp multilink ppp multilink fragment-delay 20 ppp multilink interleave multilink-group 1 ip rtp header-compression iphc-format ip rtp priority 16384 16383 1488 ! interface FastEthernet0/0 ip address 179.65.51.1 255.255.0.0 ip helper-address 179.65.51.20 ip directed-broadcast no ip mroute-cache speed auto half-duplex no cdp enable ! interface Serial1/0:1 no ip address ip helper-address 179.65.51.20 ip directed-broadcast encapsulation ppp ip mroute-cache no fair-queue ppp multilink multilink-group 1 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 no ip http server ! dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp advertise-v2 ! snmp-server engineID local 000902024B24BF30 snmp-server community public RO snmp-server packetsize 2048 ! voice-port 2/0:0 no modem passthrough cptone GB ! dial-peer voice 100 voip destination-pattern 125T session target ipv4:192.168.0.1 codec g711alaw ip precedence 5 ! dial-peer voice 10 pots destination-pattern 116T port 2/0:0 forward-digits all ! ! line con 0 transport input none line aux 0 line vty 0 4 exec-timeout 20 0 login ! end HO# __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27676t=27533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP telephony [7:27533]
This is the Voice network i am implementing. Voip on this network is working. Analog PhoneAnalog Phone | | | | | | IPtelphone-CCM3.0-3660 Router--3640 Router--IPtelephone With NM-HDVWith NM-HDV (Main Office) (Remote Office) The problem which i am facing is the call routing between the IP telephone the Analog phones to both locations. I am bit confused, and not sure to use which type of Gateway Types ( MGCP, or H.323) for the 3660 Routers. I read that MGCP is being used for mainly FXS/ FXO ports. I am using an R2 Digital Signalling for the NM-HDV card. I have enclosed the config of the main location, the same carries for the remote location too. Request your sugesstion / Comments on this. Regards.. Anil Current configuration: ! version 12.1 service timestamps debug datetime msec service timestamps log uptime no service password-encryption service udp-small-servers max-servers no-limit ! ! enable secret 5 $1$QdNt$.YqZyaiFoHfFW.ZP1yHzG/ ! ! ! ! ! memory-size iomem 10 voice-card 2 ! ip subnet-zero ip dhcp ping timeout 2000 ip dhcp relay information option ! ip dhcp-server 179.65.51.20 lane client flush isdn switch-type primary-net5 cns event-service server ! ! voice class permanent 10 signal pattern idle transmit 0001 signal pattern idle receive 0001 ! ! ! ! ! ! controller E1 1/0 framing NO-CRC4 clock source internal channel-group 1 timeslots 1-31 description connected to Branch ! controller E1 2/0 framing NO-CRC4 clock source internal ds0-group 0 timeslots 1-15,17-31 type r2-digital dtmf dnis description CONNECTED TO NORTEL EPABX ! ! ! interface Multilink1 ip address 192.168.0.2 255.255.255.252 ip helper-address 179.65.51.20 ip directed-broadcast ip tcp header-compression iphc-format no ip mroute-cache fair-queue 2048 2048 1000 no cdp enable ppp multilink ppp multilink fragment-delay 20 ppp multilink interleave multilink-group 1 ip rtp header-compression iphc-format ip rtp priority 16384 16383 1488 ! interface FastEthernet0/0 ip address 179.65.51.1 255.255.0.0 ip helper-address 179.65.51.20 ip directed-broadcast no ip mroute-cache speed auto half-duplex no cdp enable ! interface Serial1/0:1 no ip address ip helper-address 179.65.51.20 ip directed-broadcast encapsulation ppp ip mroute-cache no fair-queue ppp multilink multilink-group 1 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 no ip http server ! dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp advertise-v2 ! snmp-server engineID local 000902024B24BF30 snmp-server community public RO snmp-server packetsize 2048 ! voice-port 2/0:0 no modem passthrough cptone GB ! dial-peer voice 100 voip destination-pattern 125T session target ipv4:192.168.0.1 codec g711alaw ip precedence 5 ! dial-peer voice 10 pots destination-pattern 116T port 2/0:0 forward-digits all ! ! line con 0 transport input none line aux 0 line vty 0 4 exec-timeout 20 0 login ! end HO# __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27677t=27533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS/Telnet config [7:27648]
The reason you can not telnet into the router is because you have the default login method pointing to a tacacs server. But you have not defined the tacacs server in the configuration. Because you do not give it a backup method when the tacacs server is down, you are denied. Try the following modification: username backup password bosco aaa authentication login default tacacs+ local This way, when the tacacs server is down you will be prompted for the local username and password wich is: username: backup password: bosco Paul Borghese - Original Message - From: Richard To: Sent: Thursday, November 29, 2001 12:20 AM Subject: Cisco ACS/Telnet config [7:27648] Looking at the config below, can anyone tell me where I might go wrong that prevent me from telneting to this router? I am able to use the same account from Cisco ACS 2.6 to log onto the console, but not through telnet. Thanks in advance for your help Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! aaa new-model aaa authentication login default tacacs+ aaa authentication login no_tacacs enable aaa authentication enable default tacacs+ aaa authentication ppp default tacacs+ aaa authorization exec default tacacs+ aaa authorization exec no_tacacs local aaa authorization network default tacacs+ aaa authorization network no_tacacs local aaa accounting exec default start-stop tacacs+ aaa accounting network default start-stop tacacs+ enable password enable ! ip subnet-zero ! ! ! interface Ethernet0 ip address 5.1.1.4 255.255.255.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! ip classless ! tacacs-server host 5.1.1.1 single-connection tacacs-server key cisco ! line con 0 transport input none line aux 0 line vty 0 4 password line ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27674t=27648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Split Horizon and Frame [7:27679]
The real kicker is you must disable EIGRP split horizon on the interface of an NBMA network. If you disable it on the interface this will not work. You must use the no ipx split-horizon EIGRP command. The no ipx split horizon command doesn't mean squat to EIGRP. In an NBMA network, you should use EIGRP or create tunnels for RIP. Without the ability to disable split-horizon for RIP you will never pass all the routing information out to the spokes. Of course all the rule about subinterfaces and such apply to split horizon. Just keep the NBMA thing in mind when using physical or multipoint interfaces. -Original Message- From: Lopez, James [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 7:36 AM To: 'McCallum, Robert'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg; phil Subject: RE: Split Horizon and Frame Robert, For IPX RIP, it is my understanding that you can not turn off split horizon. For IP on frame interfaces, split horizon is turned on automatically for point to point interfaces but off by default for the physical and multi-point interfaces. some one please correct me if I am incorrect. JL -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 8:03 AM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg; phil Subject: Split Horizon and Frame Folks, Quick question just to make sure I have things correct in my head. Please correct me if I'm wrong. O.k. FOR IPX every frame interface (physical, point, multipoint) split horizon is enabled by default. FOR IP physical frame interface split horizon is disabled and for point and multipoint split horizon is enabled by default. The above on ATM interfaces is it the same rules?? Cheers Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27679t=27679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: upgrade 1605 IOS through console [7:27613]
Hi Jim, Yes the 1605 will support 115200 baud on the console port for xmodem. As far as the error message you are receiving, Ive never heard of that one. First thing I would look at is your config register settings. More than likely its an error coming from the ROM operating software complaining about the modem. Could be that the modem is configured in such a way that the when you start your xmodem the router is unable to proceed. If all else fails load a tftp server on-site and tftpdnld. - Hello, I have a 1605 in Europe that I can dial into its console. I was trying to load IOS but failed several times with error message limit error exceeded. I was using Hypertermial. Anyone knows what's wrong? Also, I'd like to change speed to 115K, does 1605 support it? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27680t=27613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX sap-max-packetsize [7:27681]
I left EtherPeek running on my workstation all night to get a feel for the amount of broadcast traffic in our network. In 15 hours we had over 72,000 SAP replies, most of which were from our router. I then noticed that it was using 480-byte packets which seems really inefficient. Would I be asking for some unforeseen trouble if I were to configure ipx sap-max-packetsize 1440 to triple the number of servers advertised per packet? This alone would dramatically reduce the number of broadcast packets on our network. However, it would be just my luck if there were some consequences to this that I wasn't aware of. Any thoughts? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27681t=27681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX stands for- PIX Private Internet Exchange [7:27647]
Wrong. PIX stands for Private Internet Exchange. You are thinking of IPXchange. Cisco briefly had a box that it bought that converted IPX to IP for internet connectivity. mlh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... IPX stands for - PIX Private Internet Exchange (Cisco) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27682t=27647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re:Microsoft IAS and AS5300 and Cisco Routers [7:27683]
We have managed to make IAS work with Cisco Devices. The login and password are being validated from the Active Directory Sample configs PIX aaa-server RADIUS protocol RADIUS aaa-server RADOIS (inside) host 192.168.13.34 radiuskey timeout 10 aaa authentication include http inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 RADIUS AS5300 aaa new-model aaa authentication login default group radius local aaa authentication ppp default group radius local aaa accounting update newinfo aaa accounting network default start-stop group radius radius-server host 192.168.13.34 auth-port 1645 acct-port 1646 key radiuskey radius-server retransmit 3 radius-server timeout 10 radius-server key radiuskey From the IAS don't tick 'Client must always send the signature attribute in the request' Client Vendor must be Cisco In the remote access policies Click Edit Profile In the encryption tab make sure that 'no encryption' only is allowed and in the advanced tab there should be framed-protocol Radius Standard PPP service-type Radius Standard Framed Also checkout the ports from the properties of IAS (Right click on Internet Authentication Service) and select the radius tab our are 1645,1812 (authentication) and 1646,1813 (accounting) these should match the auth-port and acct-port in the radius-server command Regards Kenneth Eric Hauptman wrote: Does anyone have any pointers on getting a Cisco router talking to IAS running on a Windows 2000 server. I think I have everything configured correctly and it is still not working. Thanks Eric Hauptman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27683t=27683 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial up/up w/o cable [7:27604]
Tell you what, I got it to work just fine: interface Serial4/1/3 no ip address no ip directed-broadcast ip route-cache distributed loopback no keepalive no cdp enable C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up Hardware is cyBus Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation HDLC, crc 16, loopback set Keepalive not set Last input never, output never, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions RTS up, CTS up, DTR up, DCD up, DSR up Dave Stefan Dozier wrote: I don't think it will Priscilla! Even with the encap HDLC, the DCD (carrier detect) control lead must be high in order for the interface status to be in an up condition. The only way I know to accomplish that is with a cable inserted or some type of serial loopback plug, if there's such an animal. And obviously you can't have line protocol in an up state if the interface status isn't in an up state! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Wednesday, November 28, 2001 7:55 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] At 06:52 PM 11/28/01, Tom E wrote: How can you get a serial interface to go up/up without a cable connected? I have tried loop and no keep. What's the encap? I thought this would work if you used HDLC. Priscilla -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27684t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAT6500 running on second Supervisor Engine card [7:27544]
There is no slot specific sup card except for they mudt go in either slot 1 or 2 Dave Thomas wrote: Thanks All for the reply! When I look at that manufacturing part number for the supervisor engines, the part number are little bit different between the first and the second sup. engine. The second supervisor engine has a /2 or something like that at the end of the part number. Does that mean this card is only working on the second slot of the chassis? Is it interchangable between slot 1 and slot 2 with the same supervisor engine card? Again Thanks! MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes you can do that no problemo. Even if the current 6506 is in production you can pull the inactive sup and shouldn't drop a packet assuming your don't have HSRP running with active interfaces on the second MSFC. Dave Thomas wrote: Hi All, I have a CAT 6506 with dual supervisor engines and dual MSFCs. I also have another 6506 chassis with power supplies. I wonder if I could steal the second supervisor engine (second slot) w/ its MSFC and put it on the second 6506 chassis? Will the second 6506 chassis be working with second supervisor engine and MSFC card? Thanks! Thomas N. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27685t=27544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Xyplex/iTouch term servers Cat switches [7:27686]
Has anyone made a Xyplex/iTouch Maxserver terminal server work as a reverse telnet termserver for console ports on a catalyst 2900 or 3500 switch? It works fine on router console ports but I can't get it to do anything on the catalysts. Thanks for any help. Berry Mobley Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27686t=27686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Need AS5350 with 2 PRI's and DFC (Dial Feature Card) [7:27687]
Anyone, Looking for AS5350 with at least 2 PRI's and DFC card installed. If anyone has one for sell, please contact me ASAP. Thanks Edward Buckner VocalData Application Field Engineer CCNP, CCNP VoIP, CCNP ATM, CCDP E-mail: [EMAIL PROTECTED] Office: 972-354-2113 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27687t=27687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Bootcamp of Heinz Ulm [7:27688]
Hi All, Did any one of you toke the CCIE Bootcamp of Heinz Ulm? Any comments? Regards, Tarry -- Sent through GMX FreeMail - http://www.gmx.net Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27688t=27688 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 700 series in Remote Access exam (640-50 [7:26975]
Well it has a configuration builder but I hated it ;) The only use I had for it was resetting the internal IP address so I could telnet into it when I bought it (without the weird female-male serial cable for the console). ;) And yes...SPIDS would be a problem in Japan..rofl. Allen - Original Message - From: anil To: Allen May ; Sent: Saturday, November 24, 2001 12:52 PM Subject: RE: Cisco 700 series in Remote Access exam (640-50 [7:26975] It took me 6 weeks :-) Honest! I was in Japan and they sent me the US version of ISDN which set me back a week or 2(No SPIDS in Japan). But it still took me a while. My CCIE collegue was not able to help me, and that is how I found out about the IOS (or lack of it). -Anil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allen May Sent: Saturday, November 24, 2001 4:10 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 700 series in Remote Access exam (640-50 [7:26975] I have a 776 and it's definitely NOT IOS. However the manuals are all still available for free on cisco.com. It's very limited on commands so you could learn it in a day just from looking at docs config examples. I set mine up in about 30 minutes with no experience in it whatsoever. Here is my config (slightly altered) with a copy of the commands available with the help menu (?). amay128 upload CD SET SCREENLENGTH 20 SET COUNTRYGROUP 1 SET LAN MODE ANY SET WAN MODE ONLY SET AGE OFF SET MULTIDESTINATION OFF SET SWITCH NI-1 SET 1 SPID 51255512120101 SET 1 DIRECTORYNUMBER 5125551212 SET PHONE1 = 5125551212 SET 2 SPID 51255512120101 SET 2 DIRECTORYNUMBER 5125551212 SET PHONE2 = 5125551212 SET AUTODETECTION OFF SET CONFERENCE 60 SET TRANSFER 61 SET 1 DELAY 30 SET 2 DELAY 30 SET BRIDGING ON SET LEARN ON SET PASSTHRU OFF SET SPEED 64K SET PLAN NORMAL SET D AUTO OFF SET 1 AUTO ON SET 2 AUTO ON SET 1 NUMBER SET 2 NUMBER SET AODI OFF SET 1 BACKUPNUMBER SET 2 BACKUPNUMBER SET 1 RINGBACK SET 2 RINGBACK SET 1 CLIVALIDATENUMBER SET 2 CLIVALIDATENUMBER SET CLICALLBACK OFF SET CLIAUTHENTICATION OFF SET SYSTEMNAME amay128 LOG CALLS VERBOSE LOG ERRORS VERBOSE SET UNICASTFILTER OFF DEMAND D THRESHOLD 0 DEMAND 1 THRESHOLD 0 DEMAND 2 THRESHOLD 60 DEMAND D DURATION 1 DEMAND 1 DURATION 1 DEMAND 2 DURATION 4 DEMAND D SOURCE LAN DEMAND 1 SOURCE LAN DEMAND 2 SOURCE BOTH TIMEOUT D THRESHOLD 0 TIMEOUT 1 THRESHOLD 0 TIMEOUT 2 THRESHOLD 48 TIMEOUT D DURATION 0 TIMEOUT 1 DURATION 0 TIMEOUT 2 DURATION 120 TIMEOUT D SOURCE LAN TIMEOUT 1 SOURCE LAN TIMEOUT 2 SOURCE BOTH SET PASSWORD SYSTEM ENCRYPTED *** SET REMOTEACCESS PROTECTED SET LOCALACCESS ON SET LOGOUT 60 SET CALLERID ON SET PPP AUTHENTICATION IN CHAP PAP SET PPP CHAPREFUSE NONE SET PPP CHAPALLOW MULTIHOST OFF SET PPP MAGICNUMBERCHECK ON SET PPP AUTHENTICATION OUT NONE SET PPP AUTHENTICATION ACCEPT EITHER SET PPP TAS CLIENT 0.0.0.0 SET PPP TAS CHAPSECRET LOCAL ON SET PPP PASSWORD CLIENT ENCRYPTED ** SET PPP SECRET CLIENT ENCRYPTED *** SET PPP CALLBACK REQUEST OFF SET PPP CALLBACK REPLY OFF SET PPP NEGOTIATION INTEGRITY 10 SET PPP NEGOTIATION COUNT 10 SET PPP NEGOTIATION RETRY 3000 SET PPP TERMREQ COUNT 2 SET PPP MULTILINK ON SET PPP MULTILINK PPPHEADER ON SET COMPRESSION STAC SET PPP BACP ON SET PPP ADDRESS NEGOTIATION LOCAL OFF SET PPP IP NETMASK LOCAL OFF SET IP PAT UDPTIMEOUT 5 SET IP PAT TCPTIMEOUT 30 SET IP RIP TIME 30 SET X25 LIC 0 SET X25 HIC 0 SET X25 LTC 0 SET X25 HTC 0 SET X25 LOC 1024 SET X25 HOC 1024 SET CALLDURATION 0 SET SNMP CONTACT Allen May SET SNMP LOCATION AMay128 - Home SET SNMP TRAP COLDSTART OFF SET SNMP TRAP WARMSTART OFF SET SNMP TRAP LINKDOWN OFF SET SNMP TRAP LINKUP OFF SET SNMP TRAP AUTHENTICATIONFAIL OFF SET DHCP OFF SET DHCP DOMAIN SET DHCP NETBIOS_SCOPE SET TPAD PARITY NONE SET X25D TEI 0 SET X25D X121HOST SET VOICEPRIORITY INCOMING INTERFACE PHONE1 CONDITIONAL SET VOICEPRIORITY OUTGOING INTERFACE PHONE1 CONDITIONAL SET CALLWAITING INTERFACE PHONE1 ON SET VOICEPRIORITY INCOMING INTERFACE PHONE2 ALWAYS SET VOICEPRIORITY OUTGOING INTERFACE PHONE2 ALWAYS SET CALLWAITING INTERFACE PHONE2 ON SET CALLTIME VOICE INCOMING OFF SET CALLTIME VOICE OUTGOING OFF SET CALLTIME DATA INCOMING OFF SET CALLTIME DATA OUTGOING OFF SET USER LAN SET IP ROUTING ON SET IP ADDRESS 207.x.y.z SET IP NETMASK 255.255.255.248 SET IP FRAMING ETHERNET_II SET IP PROPAGATE ON SET IP COST 1 SET IP RIP RECEIVE BO SET IP RIP UPDATE OFF SET IP RIP VERSION BOTH SET USER Internal SET IP FRAMING ETHERNET_II SET IP RIP RECEIVE BO SET IP RIP VERSION BOTH SET USER Standard SET PROFILE ID SET PROFILE POWERUP ACTIVATE SET PROFILE DISCONNECT KEEP SET IP ROUTING ON SET IP ADDRESS 0.0.0.0 SET IP NETMASK 0.0.0.0 SET IP FRAMING NONE SET IP RIP RECEIVE V1 SET IP RIP UPDATE OFF SET IP RIP VERSION 1 SET NETBIOS FILTER ON SET
Re: network simulator [7:27658]
Is there any router simulation software that I can configure to run in a Frame Relay and ISDN network ? cisco routers have the ability to simulate Frame Relay switches. The archives are full of examples, but www.cisco.com also has the configurations in a number of places. try searching for frame relay switch ISDN is a little different. There are a few different solutions. One solution is a device that has 2 ISDN BRI ports. This is known as an ISDN Simulator, or ISDN Emulator. These usually have S/T and U interfaces, and the cost is typically $1500, less if you shop around. Others have had success in using a PBX with ISDN interfaces. The 2600/3600 series cisco routers running 12.1 code has the ability to simulate ISDN BRI switching - note that this is a more expensive solution than the ISDN Simulator solution. see http://groups.google.com/groups?q=john+paul+morrisonhl=enrnum=8selm=0ZEk7 .131740%24B37.2967002%40news1.rdc1.bc.home.com (watch the URL wrap) Depending on where you live, it may also be economical for you to just order two ISDN lines for the time that you need to study ISDN. good luck in your studies -e- That which does not kill us only makes us stronger - Nietzsche _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27689t=27658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dual Homing Novell Servers to 2 Cat 6500's [7:27690]
We are installing 2 6500's in the core. We want the Novell servers to have Gig connections to each 6500. How is this configured on the server end. I assume each card has unique IP's? Will the server get confused with 2 IP's on the same subnet? The 6500's have the MSFC2 card and is running HSRP. What are your experiences with dual homing like this? ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Bill Carter CCIE 5022 To accomplish great things, we must not only act, but also dream; not only plan, but also believe. -Anatole France ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27690t=27690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX stands for- PIX Private Internet Exchange [7:27647]
heh what? ipx is a protocol mlh 11/29/01 12:19AM IPX stands for - PIX Private Internet Exchange (Cisco) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27691t=27647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Rouitng setup and config [7:27692]
I have an issue with 2 csc 2600 rtr's. When the s0/0 goes down and the backup ISDN kicks in, from within the router I can ping the ISDN int on the other side but not the local routers ISDN int? I also cannot ping the other side from the network internally only pingable from the router CLI? Now even though I can ping the other BRI int, it will not ping anything else or route any traffic. Same thing the other way. Nothing gets routed beyong the BRI int. What kind of entries should be setup for the routing to take place. For instance, Router 1 s0/0 128.121.22.193/29 Router 1 BRI0/0 128.121.22.189/30 Router 2 s0/0 128.121.22.186/30 Router 2 BRI0/0 128.121.22.190/30 Also s0/0 is ip unnumbered using the Eth0/0 on both ends BRI's are on the same segment and serials are different segments I have statics setup to route on the S0/0's but no BRI as well as an ip route 0.0.0.0 0.0.0.0 ser0/0 I want the traffic to use the BRI's when there is no S0/0? What do I do? THANKS.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27692t=27692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: First learning experience. [7:27653]
l agreed with you though this is an expansive one. l am preparing for it too but l will not be ready until the end of 2002. Currently l have enough number of routers and switches but just a matter of finding the time. Ryan, can you tell me the job market for CCIE in HK. Well l live in Canada but l am also a HK citizen. Chan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27693t=27653 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Q.921 and Q.931 [7:27568]
I was wrong. I looked it up last night and there is a seq. number in the control field of LAPB, HDLC, and LABD. Both, the sending and receiving stations must keep the same seq. numbers when transmitting, but I cannot find anything on retransmission at that layer. But I asked an old IBM guy I used to work with and he said that SDLC and all the related layer two protocols do require retrans when bad packets are found or missing. So I would assume that LAPD layer two is reliable. And as everyone else said, the SS7 signalling (Q.931) is just control and status messages over D channel. And B channel is a different retrans technique, based upon the higher layer protocols it carries. If an ISDN frame gets corrupt, both channels will be retransmitted, but by differnt methods. So ISDN D channel is inherently reliable at layer two and B channel is reliable only if that higher layer protocol is. Peter Whittle wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I sent this to Priscilla on the topic and she suggested that the group might benefit from my response, so here it is. Priscilla, I think that you may find it helpful to separate end - to - end data transfer from signalling. Very few L2 protocols offer error correction. The modern approach is to require the L1 transmission to provide intrinsically reliable communication and hence it is a waste of bandwidth to implement error correction both on hop by hop and end to end basis as per X.25. Modern WAN digital transmission systems are designed to offer transmission error rates of fewer than 1 bit error in 10^9 bits. On Telco Wan links it is common on this side of the pond to require transmission media to offer error rates better than 1 in 10^9 and often 1 in 10^11. Indeed the commissioning tests call for fewer than 1 error in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error in 24 hours on International links prior to acceptance from Transmission into Networks for operational trunks. That is not to say that links may not degrade but if the error rates became worse than 1 in 10^9 it would be time for Network operations to call 'holes poles' (Transmission) to fix it. The fundamental assumptions in both Frame Relay and ATM is that they are running over intrinsically reliable transmission media. The low error rates being achieved either by correctly engineered transmission paths or by the use of significant forward error correction built in to the transmission equipment. ATM, and Frame Relay, implement error correction, or more precisely re- transmission in the interface to the signalling protocols. ISDN relies on the hop by hop error correction offered by LAPD. However, they tend to leave the issue of payload error correction to any high level end-to- end protocols being run on top of these L2 Datalinks. ATM offers no direct protection of payload content, the HEC only protects the ATM header. However, some AALs do offer protection if not correction of the payload. Even AAL5 - most common for IP has a check polynomial (CRC32) to protect the CS PDU. It performs error detection but not correction. In the case of Q.2931, SAAL (version of AAL5 to carry signalling) will detect faulty PDUs. If you want to look at ATM signalling take a look at Q.2931 essentially an enhanced and extended version of narrow band ISDN Q.931 signalling. Take a look at the ATM forum website. www.atmforum.org Frame Relay has Frame Check Sequence that again will detect faulty frames. (Incidentally Carrier Switches tend to drop frames with a faulty FCS). Incidentally Frame Relay is sometimes known as LAPF. Take a look at the frame relay forum web site. www.frforum.org there are some good white papers and the frf's recommendations that you can download. ISDN B channel - is a 64 Kbit clear channel and the network makes no assumptions about the contents. It could be any number of data formats or indeed it could be 64 K G.711 PCM voice. The most ubiquitous use of data over ISDN is to encapsulate it in PPP which is intrinsically multi- protocol. However, it is also possible to use HDLC, X.25, Frame Relay, or any number of specialist protocols. D channel usage is somewhat different. L2 on D channel is Q.921 (as you say also known as LAPD). It is perhaps worth pointing out the ISDN signalling is NOT an end to end protocol! ISDN signalling only traverses the single hop to the signalling processor on the nearest switch. This signalling processor then signals to the signalling processor of the next switch and finally the signalling processor on the last switch communicates with the far end CPE. In Public Carrier Networks the signalling between switches is normally SS7 or C7 as it is sometimes known. The D channel is normally used for signalling but in the case of Basic Rate may also be used for permanently on low speed data services such as X.31 (9k6 X.25 in D channel, which uses LAPD for L2
2500 Router problem [7:27695]
I have a lab setup as follows: 2 2500 series routers connected to a 2900 switch. Router1 E0 192.168.1.1 255.255.255.0 Router 2 E0 192.168.2.1 255.255.255.0 SwitchIP 192.168.1.3 255.255.255.0 I can ping and telnet to Router 1 and the switch. I can not ping Router2. When I telnet I receive this error message(Cam't open connection to host on port 23, a socket operation was attempted to an unreachable host) I console into Router 2 and E0 looks fine with ip ans it states it is administrately up. Any suggestions? Thanks, James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27695t=27695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2500 Router problem [7:27695]
Hello James, Since your router 2 IP is on a different subnet you need to have either routes set up; or run some kind of routing protocol. Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27696t=27695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dual Homing Novell Servers to 2 Cat 6500's [7:27690]
Hello, Bill. In my experience, when you try to bind the second address, NetWare will complain that they are on the same subnet as another interface. It's been a while since I have tried this, so I may be using dynamic RAM without a refresh. :-) Consider putting each interface on a different subnet. I would turn off routing on the server to reduce the server load. Just my $0.02, which means I loose money after taxes. :-) Ken Bill Carter 11/29/01 11:17AM We are installing 2 6500's in the core. We want the Novell servers to have Gig connections to each 6500. How is this configured on the server end. I assume each card has unique IP's? Will the server get confused with 2 IP's on the same subnet? The 6500's have the MSFC2 card and is running HSRP. What are your experiences with dual homing like this? ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Bill Carter CCIE 5022 To accomplish great things, we must not only act, but also dream; not only plan, but also believe. -Anatole France ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27697t=27690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help on VLSM [7:27665]
I dont fully undertand VLSM i have read this in the Sybex book and i'm still at a loss, I would be grateful for some guideness. What precisely is baffling you about variable length subnet masking? If you can be more specific, we might be of more help to you. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27699t=27665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCO CD's [7:27701]
Here's question that I have never got answered. How in te world do I get those CCO CD's to work? I always install them and try to open up the page and get a blank page. I can browse the CD and get to the home page that way, but as soon as I click on a link, it looks almost like it's encrypted. I have tried IE, netscape, installing all the apps on the CD. What am I doing wrong? Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27701t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 Router problem [7:27695]
The ethernet IP addresses on your routers must be in the same subnet. Remember that it's generally a good idea to have all devices that are on the same shared medium in the same subnet. From the looks of it, you should probably change the IP address of R2 to 192.168.1.2/24. Or, alternately, you could change the subnet mask on all three devices to 255.255.0.0, which would work but probably isn't the best solution. HTH, John James gruggett 11/29/01 10:53:54 AM I have a lab setup as follows: 2 2500 series routers connected to a 2900 switch. Router1 E0 192.168.1.1 255.255.255.0 Router 2 E0 192.168.2.1 255.255.255.0 SwitchIP 192.168.1.3 255.255.255.0 I can ping and telnet to Router 1 and the switch. I can not ping Router2. When I telnet I receive this error message(Cam't open connection to host on port 23, a socket operation was attempted to an unreachable host) I console into Router 2 and E0 looks fine with ip ans it states it is administrately up. Any suggestions? Thanks, James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27700t=27695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dial in [7:27703]
thanks for your patience but i'm attempting this again until another fire jumps at me. I'm able to get this modem to dial into the router just fine. Problem is still driving me nuts is that all the characters are showing up as garbage (ø~rj45-rollover cable-modem) | | (modem rj45-rollover cable-aux of router) Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27703t=27703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MTU size increase`s bandwidth ???? [7:27673]
Bandwidth is how much capacity a link has. It can't be increased without asking for more bandwidth from a provider or moving to a different technology. (Just a comment on the subject of your message.) The amount of bandwidth usable by applications could increase if you reduced the overhead. Overhead includes packet headers, packet ACKs, interframe gaps, etc. Increasing packet sizes can reduce the percentage of bandwidth used by those overhead functions, thus leaving more for application-layer data. You said that you are using 120% of bandwidth. That's not possible. Remember bandwidth just means capacity. You can't use more than is there. The offered load to the network could be more than the capacity. But the network itself can't carry more than its capacity. I'm wondering what is telling you that you are using 120%? Since you are paying for bandwidth, in one way or another, you want to use as much as possible, while leaving head room for bursty traffic. Those were just terminology things. On to your question: I could see bandwidth usage going down when you decrease the frame size. There's an interframe gap (silence) between every frame. That may explain it. Also perhaps you are benefiting from more efficient segmentation and reassembly. (I think you said you are using SMDS which is cell-based?) Perhaps it works more efficiently if you give it smaller chunks to work on. On the other hand, what are the applications? Most applications don't send large frames, although they could be configured to do so. But a typical TCP/IP application that grew up on Ethernet and Internet technologies wouldn't send packets bigger than 1500 bytes. And packets can't grow in size. I don't know of any technology that puts packets together just because the interface MTU is larger than received packets. So I'm wondering what the 4470 MTU you mentioned was really doing (as are you! ;-) Need more caffeine ;-) Priscilla At 09:30 AM 11/29/01, steve skinner wrote: Chaps, i came across this recently and was wondering if anyone had seen this before.. we currently have 2 10meg smds(multicast)curcuits spanning the uk each curcuit is terminated at 2 different point`s (seperate HSSI router int`s) in 2 seperate HO`s in the UK the HO`s are linked by gig ether-fibre link across the UK. OSPF is the only protocol bieng used (apart from some statics for Backup) after consulting the Cisco Documnetation about HSSI MTU over AAL3 we were advised that an MTU of 4470-9120 compared to the standard of 1500 would greatly increase the performance of our links the orignal network desinger set them to this over the last month or so ..these links have been running at 120%..(no good)...so as an experiment the MTU were changed to 1500 for the HSSI int`s and now since then the traffic has decreased to 80%.. anyone seen this before ...and why would the decrease in MTU size cuase less bandwidth to be used .. anyone TIA steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27702t=27673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCO CD's [7:27701]
I also ran into the same problem. you have to change the address to http://127.0.0.1:8080 -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27704t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Time [7:27705]
Does anyone know the polling interval for NTP on Cisco routers and switches? Is it adjustable? ccie1ab Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27705t=27705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCO CD's [7:27701]
Sorry about that it's http://127.0.0.1:8080/home/home.htm -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27706t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Time [7:27705]
Hi Chuck, Check this link out at Cisco. It will answer all you questions. http://www.cisco.com/warp/public/620/ntpassoc.html Scott -Original Message- From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 10:39 AM To: [EMAIL PROTECTED] Subject: Network Time [7:27705] Does anyone know the polling interval for NTP on Cisco routers and switches? Is it adjustable? ccie1ab Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27707t=27705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN Q.921 and Q.931 [7:27568]
VoIP Guy, You weren't wrong! You said that Q.931 doesn't have sequence numbers, which is true. Q.931 is not LAPD, however LAPD (Q.921) does have sequence numbers. It looks just like LAPB, LLC2, SDLC, etc. Each side has its own sequencing. They don't have to agree. Each side also tells the other side which frame number it expects next. Check this out: Boston#debug isdn q921 2656.612 TX - IDREQ ri = 14613 ai = 127 2656.648 RX SABMEp sapi = 0 tei = 64 2656.676 RX RRr sapi = 0 tei = 64 nr = 1 2658.372 TX - INFOc sapi = 0 tei = 64 ns = 0 nr = 1 It's the NR and NS that you should look at. Each side sequences its frames with the NS number. (I call it the Now Sending number.) Each side also specifies the frame number it expects to receive next from the other side with the NR. (I call this the Next Receive NR number.) A station retransmits if the other side gets behind. There's also a REJ and FRREJ for reporting errors. I don't know for sure that LAPD uses these the same way that LLC2 does, but IEEE 802.2 says this about them: 1 Reject (REJ) -- A station sends a REJ when it receives an unexpected sequence number. 2 Frame Reject (FRMR) -- A station sends an FRMR when it receives an invalid frame or sequence number. There's also flow control with Receiver Ready (RR) and RNR (Receiver not Ready). Howard could tell you more because he knows LAPB in gory detail! ;-) Priscilla At 12:44 PM 11/29/01, VoIP Guy wrote: I was wrong. I looked it up last night and there is a seq. number in the control field of LAPB, HDLC, and LABD. Both, the sending and receiving stations must keep the same seq. numbers when transmitting, but I cannot find anything on retransmission at that layer. But I asked an old IBM guy I used to work with and he said that SDLC and all the related layer two protocols do require retrans when bad packets are found or missing. So I would assume that LAPD layer two is reliable. And as everyone else said, the SS7 signalling (Q.931) is just control and status messages over D channel. And B channel is a different retrans technique, based upon the higher layer protocols it carries. If an ISDN frame gets corrupt, both channels will be retransmitted, but by differnt methods. So ISDN D channel is inherently reliable at layer two and B channel is reliable only if that higher layer protocol is. Peter Whittle wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I sent this to Priscilla on the topic and she suggested that the group might benefit from my response, so here it is. Priscilla, I think that you may find it helpful to separate end - to - end data transfer from signalling. Very few L2 protocols offer error correction. The modern approach is to require the L1 transmission to provide intrinsically reliable communication and hence it is a waste of bandwidth to implement error correction both on hop by hop and end to end basis as per X.25. Modern WAN digital transmission systems are designed to offer transmission error rates of fewer than 1 bit error in 10^9 bits. On Telco Wan links it is common on this side of the pond to require transmission media to offer error rates better than 1 in 10^9 and often 1 in 10^11. Indeed the commissioning tests call for fewer than 1 error in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error in 24 hours on International links prior to acceptance from Transmission into Networks for operational trunks. That is not to say that links may not degrade but if the error rates became worse than 1 in 10^9 it would be time for Network operations to call 'holes poles' (Transmission) to fix it. The fundamental assumptions in both Frame Relay and ATM is that they are running over intrinsically reliable transmission media. The low error rates being achieved either by correctly engineered transmission paths or by the use of significant forward error correction built in to the transmission equipment. ATM, and Frame Relay, implement error correction, or more precisely re- transmission in the interface to the signalling protocols. ISDN relies on the hop by hop error correction offered by LAPD. However, they tend to leave the issue of payload error correction to any high level end-to- end protocols being run on top of these L2 Datalinks. ATM offers no direct protection of payload content, the HEC only protects the ATM header. However, some AALs do offer protection if not correction of the payload. Even AAL5 - most common for IP has a check polynomial (CRC32) to protect the CS PDU. It performs error detection but not correction. In the case of Q.2931, SAAL (version of AAL5 to carry signalling) will detect faulty PDUs. If you want to look at ATM signalling take a look at Q.2931 essentially an enhanced and extended version of narrow band ISDN Q.931 signalling. Take a look at the ATM forum website. www.atmforum.org Frame Relay has
RE: IPX stands for- PIX Private Internet Exchange [7:27647]
Novell Internet Packet Exchange (IPX) -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 12:32 PM To: [EMAIL PROTECTED] Subject: Re: IPX stands for- PIX Private Internet Exchange [7:27647] heh what? ipx is a protocol mlh 11/29/01 12:19AM IPX stands for - PIX Private Internet Exchange (Cisco) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27709t=27647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dial in [7:27703]
Hi, Sounds like you have all the right hardware. You might want to check baudrate settings and make sure they all match. I has seen mismatched baudrate settings producing garbage characters. HTH, Scott -Original Message- From: 416South [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 10:32 AM To: [EMAIL PROTECTED] Subject: dial in [7:27703] thanks for your patience but i'm attempting this again until another fire jumps at me. I'm able to get this modem to dial into the router just fine. Problem is still driving me nuts is that all the characters are showing up as garbage (x~rj45-rollover cable-modem) | | (modem rj45-rollover cable-aux of router) Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27710t=27703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCO CD's [7:27701]
Does it set up a web server on my machine? juno vtv wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sorry about that it's http://127.0.0.1:8080/home/home.htm -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27712t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dial in [7:27703]
That seems to be what my experience has been but this one is puzzeling me. Buad on the AUX is 9600 modems 9600. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27711t=27703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Practice lab survey idea [7:27638]
Yea I was trying to make the point that nobody is using the GroupStudy reviews - after also two years of being available there was not a single review. Once I posted the link, someone wrote a review. But it was for the wrong product! At least we have a review :-) Paul - Original Message - From: Howard C. Berkowitz Newsgroups: groupstudy.cisco Sent: Wednesday, November 28, 2001 11:18 PM Subject: Re: Practice lab survey idea [7:27638] It's rather puzzling, if I'm looking at the right link, which doesn't actually say anything about CertZone, but about Global Knowledge. Your suppose to rate and comment the products from each vendor. Here are all of the comments from certificationzone.com: http://www.groupstudy.com/links/reviews/review_show.php?linkID=106 Notice you can write reviews and give a score for the product. But nobody uses it so I dropped work on it. Take care, Paul - Original Message - From: fwells12 To: Paul Borghese ; Sent: Wednesday, November 28, 2001 7:15 PM Subject: Re: Practice lab survey idea Was it geared to rate the Groupstudy site, or could it/was it tailored toward rating lab scenarios? - Original Message - From: Paul Borghese To: fwells12 ; Sent: Wednesday, November 28, 2001 4:07 PM Subject: Re: Practice lab survey idea We have that at GroupStudy. Under the links you can write a review of the site/service. I has been available for over a year. But nobody uses it so I dropped it. Paul - Original Message - From: fwells12 To: Sent: Wednesday, November 28, 2001 6:50 PM Subject: Practice lab survey idea Every time complete a lab I end up writing a rating on it in case I decide (or not) to do it again later etc. It would be useful to know what other people thought about them too. There are quite a few labs if you account for the Fatkid/Bootcamp/Books plus others that are around. I have done most and found a lot of them to be a waste of time or just duplicates of others with a little difference etc. Wouldn't it be great if I we could go to a website and see every lab scenario listed by its name and a rating (scale of 1-10 etc) next to it. It would be even better if there was also a place to say something about it (like Amazon book reviews) too, but that may be getting a little complicated. I see those polling applets all over the place these days... Is this a good idea? To any web-masters reading, how ambitious of a web would this be? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27713t=27638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial up/up w/o cable [7:27604]
To be honest I have never tried such a thing but I thought it made sense that if I enabled loopback the interface should come up. I now tried reenabling keepalives and the interface is still up but it shows itself to be in the looped state: C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up (looped) Which makes sense as it's seeing it's own keepalive packets come back via the loop. I can't do this on a 2500 either but I can't tell you why, any Cisco hardware engineers out there?? oh well it's pretty much acedemic anyway, cableless serial interfaces are about as useful as a three legged horse. Dave Stefan Dozier wrote: Dave If there's no cable installed in Serial4/1/3, obviously I (atleast) need to broaden my level of research on why you do can accomplish that feat on 7500 series routers but not on 2500 series routers! It's just not happening here! But heythat's not a problem, don't mind expanding my horizons and if and when I find an answer, I 'll post some feedback here. Thanks for the info Dave Priscillamy apologies! Off I goto CCO! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, November 29, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] Tell you what, I got it to work just fine: interface Serial4/1/3 no ip address no ip directed-broadcast ip route-cache distributed loopback no keepalive no cdp enable C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up Hardware is cyBus Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation HDLC, crc 16, loopback set Keepalive not set Last input never, output never, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions RTS up, CTS up, DTR up, DCD up, DSR up Dave Stefan Dozier wrote: I don't think it will Priscilla! Even with the encap HDLC, the DCD (carrier detect) control lead must be high in order for the interface status to be in an up condition. The only way I know to accomplish that is with a cable inserted or some type of serial loopback plug, if there's such an animal. And obviously you can't have line protocol in an up state if the interface status isn't in an up state! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Wednesday, November 28, 2001 7:55 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] At 06:52 PM 11/28/01, Tom E wrote: How can you get a serial interface to go up/up without a cable connected? I have tried loop and no keep. What's the encap? I thought this would work if you used HDLC. Priscilla -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27714t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCO CD's [7:27701]
Why it doesn't work with IExplorer? If in the 1st time I launch Netscape, the http://127.0.0.1:8080/home/home.htm works fine. Close NS and launch IExplorer and it works... netstat -a before launching NS, there is no 8080 port listening. Launch AUTORUN.EXE from CD-ROM, press Launch Docimentation ..., NS is started at URL http://127.0.0.1:8080/home/home.htm, netstat -a there is the 8080 port. Close NS, start IExplorer, paste the URL, and it works... It seems that the AUTORUN.EXE starts another application that listens on tcp/8080. -Original Message- From: juno vtv [mailto:[EMAIL PROTECTED]] Sent: quinta-feira, 29 de novembro de 2001 16:43 To: [EMAIL PROTECTED] Subject: RE: CCO CD's [7:27701] Sorry about that it's http://127.0.0.1:8080/home/home.htm -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27715t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re[2]: Sniffer Question [7:25549]
Yes you can disable ICMP or ECHO on the router. If you use extended access list or Reflexive Access List you can disable that protocols and more. For more information : Extended Access List : http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/4108.htm Reflexive Access List : http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt3/srdreflx.htm Thursday, November 08, 2001, 12:34:43 AM, you wrote: MC ICMP TTL or ECHO disabled in the router? MC ccie1ab MC -Original Message- MC From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] MC Sent: Wednesday, November 07, 2001 9:36 AM MC To: [EMAIL PROTECTED] MC Subject: Sniffer Question [7:25549] MC I am tracing on a specific user and in the expert (station layer) I am MC getting a bunch of ICMP port unreachables. The user is using email, the web, MC and connecting to network drives but no pinging. Anybody have any experience MC with this same problem? Thanks -- Best regards, SentinuS mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27716t=25549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
Howard, Correct me if am wrong but, the HDLC advantage over PPP is the MTU size. PPP supports 1500 while HDLC 4xxx (can't remember the exact number), this might be helpful in situations where DF bit is set. Nabil I'd have to research this -- I don't offhand remember PPP (as the protocol) having a MTU limit that small. It would surprise me, given the interest in POS. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27719t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re[2]: Bandwidth Management [7:27408]
What do you want to do? DO you want to monitor your bandwidth, if yes you can use MRTG (http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html) But if you wanna make some restirictions on your bandwidth use this link : http://www.cisco.com/univercd/cc/td/doc/product/software/ios111/cc111/car.htm Tuesday, November 27, 2001, 6:06:22 PM, you wrote: AC Check out dummynet (man dummynet) - I know it comes standard with FreeBSD, AC and probably other *nix. AC Andrew AC Ken Diliberto wrote in message AC [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mark, I've used MRTG for years. Unless they have made some serious changes to AC it, it's still a monitoring tool, not management. Thanks. Ken Mark Paterson 11/26/01 11:10PM mrtg http://mrtg.orgKen Diliberto wrote: Does anyone know of any free bandwidth management software? Maybe something for a flavor of Unix? Thanks Ken -- Best regards, SentinuS mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27720t=27408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP regular expressions [7:27721]
Thanks for your reply Nigel. After all my unsuccessful variations of regular expressions, I came to the same conclusion. I did however get a reply from a guy that said he knew how to do it!! I am waiting for his response as we speak. I know you gave some examples, but what is the behavior you are trying to cause? What is the desired effect of removing AS200 from the path? I suppose I'm wondering if there's a different way to solve the problem, and I don't yet really understand the problem. By understanding the problem, I mean what the reason is you want to remove an AS. Actually, there may be some ways to do it with AS-SET aggregation, but these tend to be ugly. - Original Message - From: Nigel Roy To: Cc: fwells12 Sent: Thursday, November 29, 2001 7:33 AM Subject: Re: BGP regular expressions I haven't seen anyone else answer so I thought I would put you out of your misery. In short no you can't. You can identify any individual part of your AS path with all sorts of wonderful regular expressions but the only thing IOS allows you to do to change an AS path is to add or prepend AS numbers to it. It would be potentially dangerous to remove AS numbers from the path as the AS path is used in loop prevention. Nigel RoyCCIE #1405 - Original Message - From: fwells12 To: Sent: Wednesday, November 28, 2001 9:46 PM Subject: BGP regular expressions I have been playing with regular expressions but I have not found one that will do this yet -if there is one... I want to take a particular AS OUT of an as path? Lets say you have some routes that traverse the ASs' 100 200 300 400 500 on their way to a BGP speaker. I would like to be able to use one of the routers in that path to take its own AS out of the path. For example, using the above AS path, can I make Router200 take its own AS (200) out of path it advertises to downstream BGP speakers. The result I want is that Router500 (furthest downstream bgp speaker) see's networks on Router100 with the following AS path: 100 300 400 500. Can this be done, even though AS 200 is actally part of the physical route? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27721t=27721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS/Telnet config [7:27648]
Hi Richard, You did nothing wrong, you only left something undone, amend your configs as thus and you would be through: 1. Change the command aaa authentication login default tacacs+ To read aaa authentication login default tacacs+ local 2. Create a CLI authenticated account eg username x password n And you would be through. This is a common problem when configuring aaa on a routers, many times you get locked out by your own router/AS thats if you are not very careful. Good luck Regards. Oletu - Original Message - From: Jim Bond To: Sent: Wednesday, November 28, 2001 10:46 PM Subject: Re: Cisco ACS/Telnet config [7:27648] Maybe add ip tac source e0; password in vty is not necessary. Run debug aaa authen and debug aaa author may help too. HTH. Jim --- Richard wrote: Looking at the config below, can anyone tell me where I might go wrong that prevent me from telneting to this router? I am able to use the same account from Cisco ACS 2.6 to log onto the console, but not through telnet. Thanks in advance for your help Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! aaa new-model aaa authentication login default tacacs+ aaa authentication login no_tacacs enable aaa authentication enable default tacacs+ aaa authentication ppp default tacacs+ aaa authorization exec default tacacs+ aaa authorization exec no_tacacs local aaa authorization network default tacacs+ aaa authorization network no_tacacs local aaa accounting exec default start-stop tacacs+ aaa accounting network default start-stop tacacs+ enable password enable ! ip subnet-zero ! ! ! interface Ethernet0 ip address 5.1.1.4 255.255.255.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! ip classless ! tacacs-server host 5.1.1.1 single-connection tacacs-server key cisco ! line con 0 transport input none line aux 0 line vty 0 4 password line ! end [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27722t=27648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Configuration of Channelized E1 with IP address mappings [7:27723]
Saturday, November 24, 2001, 3:56:25 PM, you wrote: VJ Hello All , VJ If anyone one has implememented do let me know. VJ Pls help me out with the configuration(complete configuration) of VJ channelized E1 terminating on a Cisco PRI E1 controller card. VJ 1) How to configure the timeslots on the channelized E1 , VJ 2) How to alot different IP addresses(30 or 31) for each timeslot. VJ Hope that my question has clarity.if any further deatils are needed do VJ let me know. VJ Thanks a lot , VJ Vijendra. -- Best regards, SentinuS mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27723t=27723 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN is a Backdoor !!! [7:27725]
Hi Guys; I wonder that VPN is a Backdoor? I really need answers. Please do it. thanks SentinuS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27725t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCO CD's [7:27701]
There was a bug on some CD's that affected advanced users. If you choose a custom install, you need to have a check-mark in all boxes. (ie. you need to choose to install everything on the CD) Once the install process begins, you can cancel out of installing any product you don't want. However, if those boxes aren't all checked, you get blank or garbled screens when you try to use the CD. I never knew why, and it seems to me this only occured on NT and 2000 machines, but it happened like clockwork to guys who didn't click every box. Checking them all fixed things every time I saw. Good luck, and if all else fails, and if you haven't broken your router too badly, connect to CCO instead. --Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27724t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dial in [7:27703]
You've probably gone through all this step by step right? http://www.cisco.com/warp/public/471/mod-aux-exec.html It's the best help I've got... --Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27726t=27703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
Found this in RFC 1661 which documents PPP: The maximum length for the Information field, including Padding, but not including the Protocol field, is termed the Maximum Receive Unit (MRU), which defaults to 1500 octets. By negotiation, consenting PPP implementations may use other values for the MRU. P. At 03:05 PM 11/29/01, Howard C. Berkowitz wrote: Howard, Correct me if am wrong but, the HDLC advantage over PPP is the MTU size. PPP supports 1500 while HDLC 4xxx (can't remember the exact number), this might be helpful in situations where DF bit is set. Nabil I'd have to research this -- I don't offhand remember PPP (as the protocol) having a MTU limit that small. It would surprise me, given the interest in POS. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27728t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCO CD's [7:27701]
It should be somewhere in the archives. Let me recap a group-member's recommendation :- Quote open the 'search.ini' file under CiscoCD directory, locate this line Browser=C:\Program~1\intern~1\iexplorer.exe change it to Browser= then save on exit. Unquote VoIP Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here's question that I have never got answered. How in te world do I get those CCO CD's to work? I always install them and try to open up the page and get a blank page. I can browse the CD and get to the home page that way, but as soon as I click on a link, it looks almost like it's encrypted. I have tried IE, netscape, installing all the apps on the CD. What am I doing wrong? Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27727t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN is a Backdoor !!! [7:27725]
VPN could be considered a backdoor. If Joe User has a broadband connection at home with no firewall or local client firewall installed then when he/she connects to your VPN that is essentially a conduit for attackers to potentially compromise. This is an issue that I am dealing with now. Ciscos VPN client and Concentrator has a new feature that will push a policy on the client requiring they have a firewall installed like BlackIce etc.. If they don't it will enforce it's own basic firewall on the client while connected. I am working on the scripted install for my company now. -Jake -Original Message- From: SentinuS [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 2:37 PM To: [EMAIL PROTECTED] Subject: VPN is a Backdoor !!! [7:27725] Hi Guys; I wonder that VPN is a Backdoor? I really need answers. Please do it. thanks SentinuS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27729t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Absolute Must-See Cisco-related website [7:27490]
For the more technically challenged, that's cisco.com, ietf.org and ieee.org. Great stuff, a very non-subtle way to get the point across. -Original Message- From: Jennifer Cribbs [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: RE: Absolute Must-See Cisco-related website [7:27490] Works great in Opera however... -Original Message- From: Dennis [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, November 27, 2001 6:36 PM To: [EMAIL PROTECTED] Subject:Re: Absolute Must-See Cisco-related website [7:27490] For some reason this url obfuscation doesn't work in IE6... -- -=Repy to group only... no personal=- Logan, Harold wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yah that site's great'n all, but here are some that REALLY have all the answers: http://3330661145 http://68265990 http://2355282214 Hal -Original Message- From: TALBOT, WILLIAM P (SWBT) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 27, 2001 2:06 PM To: [EMAIL PROTECTED] Subject: RE: Absolute Must-See Cisco-related website [7:27490] I have heard of that site (from somewhere...) but I don't have the time to do all that typing into the web browser and then all that typing into the search windows and sifting through the results and then reading and trying to understand what the pages say...it's all just too time consuming! I would much rather have someone just hold my hand and explain it all to me without having to do all of that other stuff on my own...and I do really appreciate how much effort I avoid by doing it that way. Thanks, Pat ;-) -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 27, 2001 11:42 AM To: [EMAIL PROTECTED] Subject: Absolute Must-See Cisco-related website [7:27490] Check this out. I found it recently and I have never run across a more useful site with more information regarding networking technologies, Cisco-related products and capabilities, configuration guides, you name it! The URL is: www.cisco.com Regards, John (who apparently needs some more coffee this morning ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27730t=27490 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN is a Backdoor !!! [7:27725]
Even then though, you're not secure. If the box is compromised before you connect then even when the firewall is enforced, malicious activity could still take a place...the attacker would not be able to connect to the machine but could leave dastardly code behind to do his job for him. I am working on this scenario now as well. I am attempting to come up with a best practice for cleaning a machine, installing a firewall, etc for any vpn client. Let me know how yours goes! -Patrick Gibb, Jake 11/29/01 03:53PM VPN could be considered a backdoor. If Joe User has a broadband connection at home with no firewall or local client firewall installed then when he/she connects to your VPN that is essentially a conduit for attackers to potentially compromise. This is an issue that I am dealing with now. Ciscos VPN client and Concentrator has a new feature that will push a policy on the client requiring they have a firewall installed like BlackIce etc.. If they don't it will enforce it's own basic firewall on the client while connected. I am working on the scripted install for my company now. -Jake -Original Message- From: SentinuS [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 2:37 PM To: [EMAIL PROTECTED] Subject: VPN is a Backdoor !!! [7:27725] Hi Guys; I wonder that VPN is a Backdoor? I really need answers. Please do it. thanks SentinuS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27731t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dial in [7:27703]
YUP thanks though. Anyone successfull with this using Win2000 and Hyperterm? If so what type of modem are you using? this might just be the answer to my prayers Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27732t=27703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
Howard, Correct me if am wrong but, the HDLC advantage over PPP is the MTU size. PPP supports 1500 while HDLC 4xxx (can't remember the exact number), this might be helpful in situations where DF bit is set. Nabil Howard C. Berkowitz To: [EMAIL PROTECTED] Subject: Re: T-1 Encap Preference [7:27637] Sent by: nobody@groups tudy.com 11/28/2001 11:14 PM Please respond to Howard C. Berkowitz HDLC is a Cisco-proprietary protocol. Not to nitpick, but HDLC itself is not proprietary; Cisco's implementation is... HDLC was developed by the International Organization for Standardization (ISO). It falls under the ISO standards ISO 3309 and ISO 4335. Like others have pointed out, PPP is the way to go when mixing vendors, since it is an Internet standard. There may be one exception, however, but I cannot confirm it 100%... I was out at one of my customers a few weeks ago, and they were changing ISPs. I asked the new ISP whether we ought to be using PPP or HDLC, and he said HDLC. I commented on their use of Cisco equipment, and he told me that the head-end router was actually a Juniper box. Now, it seems reasonable to me that the new kid on the block, so to speak, would attempt to seemlessly interoperate with the most widely used routers, but I cannot say for sure. Can anyone confirm this? It would be most correct to say Cisco uses an HDLC-framed proprietary protocol. HDLC itself is really meant to be subsetted. LAP, LAP-B, LAP-D, and LAP-F are all proper subsets. Juniper may have Cisco HDLC as an option. I know BSDI UNIX does. But HDLC has no real advantages over PPP for router-to-router communications, so it's not something I worry about -- if there's any question, I use PPP. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27718t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN back door [7:27734]
I recently installed a VPN at work (city goverment). You would be much better off disabling split-tunneling at the concentrator level rather than trying to push it out to each client. That will stop your back doors. And yes, it even cuts out all connections on a local network. I have 4 machines in a workgroup at home, with a shared music drive. When I VPN into work, that share are no longer available to other clients. Nat Somewhere in Kansas, USA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27734t=27734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial up/up w/o cable [7:27604]
A cable-less serial interface? It's called a loopback interface. ;-) Which makes me wonder why the original poster was attempting this in the first place. Is there some functionality that he/she desires to get from a serial interface that is up/up without a cable that he/she couldn't get from a loopback interface? MADMAN 11/29/01 12:39:00 PM To be honest I have never tried such a thing but I thought it made sense that if I enabled loopback the interface should come up. I now tried reenabling keepalives and the interface is still up but it shows itself to be in the looped state: C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up (looped) Which makes sense as it's seeing it's own keepalive packets come back via the loop. I can't do this on a 2500 either but I can't tell you why, any Cisco hardware engineers out there?? oh well it's pretty much acedemic anyway, cableless serial interfaces are about as useful as a three legged horse. Dave Stefan Dozier wrote: Dave If there's no cable installed in Serial4/1/3, obviously I (atleast) need to broaden my level of research on why you do can accomplish that feat on 7500 series routers but not on 2500 series routers! It's just not happening here! But heythat's not a problem, don't mind expanding my horizons and if and when I find an answer, I 'll post some feedback here. Thanks for the info Dave Priscillamy apologies! Off I goto CCO! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, November 29, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] Tell you what, I got it to work just fine: interface Serial4/1/3 no ip address no ip directed-broadcast ip route-cache distributed loopback no keepalive no cdp enable C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up Hardware is cyBus Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation HDLC, crc 16, loopback set Keepalive not set Last input never, output never, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions RTS up, CTS up, DTR up, DCD up, DSR up Dave Stefan Dozier wrote: I don't think it will Priscilla! Even with the encap HDLC, the DCD (carrier detect) control lead must be high in order for the interface status to be in an up condition. The only way I know to accomplish that is with a cable inserted or some type of serial loopback plug, if there's such an animal. And obviously you can't have line protocol in an up state if the interface status isn't in an up state! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Wednesday, November 28, 2001 7:55 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] At 06:52 PM 11/28/01, Tom E wrote: How can you get a serial interface to go up/up without a cable connected? I have tried loop and no keep. What's the encap? I thought this would work if you used HDLC. Priscilla -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27733t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN back door [7:27736]
The new version 3.5 of Cisco VPN Client allows local LAN browsing access with split tunneling. I know there is a big debate over sending all of your traffic over the VPN just to get to a website that's up the street. We have multiple PIX firewalls in failover configuration at our head office and that is certainly more secure esp. if the client does not have any firewall protection whatsover. The new client 3.5 and concentrator IOS 3.4 is supposed to add the firewall option/mandatory to the client. I'll be testing it this month. -Jake -Original Message- From: Nat Heidler [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 3:46 PM To: '[EMAIL PROTECTED]' Cc: Gibb, Jake Subject: RE: VPN back door I recently installed a VPN at work (city goverment). You would be much better off disabling split-tunneling at the concentrator level rather than trying to push it out to each client. That will stop your back doors. And yes, it even cuts out all connections on a local network. I have 4 machines in a workgroup at home, with a shared music drive. When I VPN into work, that share are no longer available to other clients. Nat Somewhere in Kansas, USA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27736t=27736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Retrieve Cisco config (via SNMP) [7:27735]
Using the MIB .1.3.6.1.4.1.9.2.1.55 you can write the config to a tftp server on your network. to write the configuration of a Cisco router to tftp server the command would be: snmpset -c .1.3.6.1.4.1.9.2.1.55. octetstring Does anyone happen to know what the *OCTECTSTRING* is? I presume the filename is the name of the file to be saved on the TFTP server. Has anyone aactually tried this command? Thanks -Anil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27735t=27735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX conduit access lists [7:26684]
Thanks again Allen, Does that mean the responses to my outbound requests are allowed in by default? For example, my request for a web page is allowed through the firewall. Would the page in response of that request be allowed through the firewall? Steve Allen May wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... NAT or internal servers with real IP addresses using NAT 0 can access anything until you block it. Outbound requests (such as http, ftp, etc) are all enabled by default. Users outside the firewall cannot access internal IPs without access-list or conduit statements. In short, all outbound enabled and all inbound disabled by default. For your conduit permit icmp any any I would enable echo reply only rather than full icmp. Echo reply only allows replies back to the person pinging or tracerouting. Full icmp can be exploited in DOS attacks. example: access-list 10 permit icmp any any echo-reply access-group 10 interface outside (apply one to interface inside for outbound) Allen - Original Message - From: Steve Alston To: Sent: Wednesday, November 28, 2001 4:08 PM Subject: Re: PIX conduit access lists [7:26684] Patrick Allen, Thanks for the responses -- helps loads. I'm still slightly confused. I did a clear conduit expecting to block all incoming traffic. Following the clear conduit, I did a show conduit to verify there were not any conduits in operation. At that time, I was still able to receive web traffic at my workstation. For that matter, the conduit statements only applied to specific servers so why am I able to receive http at my workstation? I did try to PING an IP address which failed when I removed the conduits and worked when I restored conduit permit icmp any any -- that behaved as expected. Thanks, Steve Allen May wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Very true and a good point, but the original question was about conduits which only apply to lower-higher. Higher-lower requires NAT. I accidentally typed access-list below but meant conduit. ;) *slap self get more coffee*. It still applies but wasn't what I meant to say. Thanks for pointing that out though. - Original Message - From: Patrick W. Bass To: Sent: Sunday, November 25, 2001 10:14 PM Subject: Re: PIX conduit access lists [7:26684] Allen May wrote in message news:[EMAIL PROTECTED]... I'm not sure if this was answered or not, but a firewall always assumes a deny all at the end of the access-list for inbound. Outbound is different since it allows all by default. Remeber this: Higher security level to lower security level, implicitly allowed. Lower security level to higher security level, implicitly denied. Otherwise it gets tricky once you start messing with multipile DMZs. Also, access-lists are the way to go since conduits will be phased out in the near future. Allen - Original Message - From: Steve Alston To: Sent: Monday, November 19, 2001 9:25 AM Subject: Re: PIX conduit access lists [7:26684] Carroll, Thanks for the reply. I'm using conduits now, but will switch to access lists in the future. (I'd like to fully understand the configuration I inherited before I start making changes) Are implicit denys inserted behind each conduit as well? Carroll Kong wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Implicit denys behind every access-list are inserted. Are you mixing conduits and access-lists? You really should not. Use ALL conduits or ALL access-lists. If both are used, conduits take priority and override your access-lists. Access-lists are first match, conduits are any match. At 09:24 AM 11/19/01 -0500, Steve Alston wrote: Does the PIX 506 require an explicit deny statement after setting up a permit conduit or access list. I appear to be receiving more traffic (e.g. NTP) than my conduit statements allow. Thanks much, Steve -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27737t=26684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX sap-max-packetsize [7:27681]
John, We use sap-max-packetsize 1376 on our WAN links (lots or SAPs), and it never seems to have caused problems. It might depend on what else you are running though - if links are also being used for video or anything else that doesn't like to be held up behind large packets, it might not be such a good idea (yeah, you might be able to do fragmentation again, but what's the point?) JMcL - Forwarded by Jenny Mcleod/NSO/CSDA on 30/11/2001 09:00 am - John Neiberger cc: Sent by: Subject: IPX sap-max-packetsize [7:27681] [EMAIL PROTECTED] 30/11/2001 02:57 am Please respond to John Neiberger I left EtherPeek running on my workstation all night to get a feel for the amount of broadcast traffic in our network. In 15 hours we had over 72,000 SAP replies, most of which were from our router. I then noticed that it was using 480-byte packets which seems really inefficient. Would I be asking for some unforeseen trouble if I were to configure ipx sap-max-packetsize 1440 to triple the number of servers advertised per packet? This alone would dramatically reduce the number of broadcast packets on our network. However, it would be just my luck if there were some consequences to this that I wasn't aware of. Any thoughts? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27738t=27681 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serial up/up w/o cable [7:27604]
Dave If there's no cable installed in Serial4/1/3, obviously I (atleast) need to broaden my level of research on why you do can accomplish that feat on 7500 series routers but not on 2500 series routers! It's just not happening here! But heythat's not a problem, don't mind expanding my horizons and if and when I find an answer, I 'll post some feedback here. Thanks for the info Dave Priscillamy apologies! Off I goto CCO! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, November 29, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] Tell you what, I got it to work just fine: interface Serial4/1/3 no ip address no ip directed-broadcast ip route-cache distributed loopback no keepalive no cdp enable C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up Hardware is cyBus Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation HDLC, crc 16, loopback set Keepalive not set Last input never, output never, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions RTS up, CTS up, DTR up, DCD up, DSR up Dave Stefan Dozier wrote: I don't think it will Priscilla! Even with the encap HDLC, the DCD (carrier detect) control lead must be high in order for the interface status to be in an up condition. The only way I know to accomplish that is with a cable inserted or some type of serial loopback plug, if there's such an animal. And obviously you can't have line protocol in an up state if the interface status isn't in an up state! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Wednesday, November 28, 2001 7:55 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] At 06:52 PM 11/28/01, Tom E wrote: How can you get a serial interface to go up/up without a cable connected? I have tried loop and no keep. What's the encap? I thought this would work if you used HDLC. Priscilla -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27739t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SNA: 0x0C0D versus 0x0D0D [7:27740]
Has anybody seen any good examples of this and/or what the hex numbers mean in English relative to SNA. In a culture that routinely uses Arabic numerals, what is non-English about ordinary hexadecimal as used by IBM? Hint: for even the most minimal levels of certification, proficiency in binary and hex are necessary. CCNA still includes IPX, which uses hex. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27740t=27740 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
Found this in RFC 1661 which documents PPP: The maximum length for the Information field, including Padding, but not including the Protocol field, is termed the Maximum Receive Unit (MRU), which defaults to 1500 octets. By negotiation, consenting PPP implementations may use other values for the MRU. P. Hmmm...I definitely am aware of providers using 4470 on POS links, and a general trend in the gigabit-plus world to use larger MTUs. Is this simply industry practice, I wonder, or are there some overriding IEEE or IETF documents? Perhaps in the sub-IP area, such as IP over Optical? At 03:05 PM 11/29/01, Howard C. Berkowitz wrote: Howard, Correct me if am wrong but, the HDLC advantage over PPP is the MTU size. PPP supports 1500 while HDLC 4xxx (can't remember the exact number), this might be helpful in situations where DF bit is set. Nabil I'd have to research this -- I don't offhand remember PPP (as the protocol) having a MTU limit that small. It would surprise me, given the interest in POS. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27741t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
/31 subnet. [7:27742]
Hi group, I'm puzzled by the use of /31 subnets... Anybody can explain me the benefits of such a subnet on an interface ? Thanxx. Nicolas. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27742t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2500 Router problem [7:27695]
The IP adress of router 2 needs to be changed. Try 192.168.1.4 255.255.255.0 Thats what I would do.. This wuld put it on the same subnet. -Anil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James gruggett Sent: Thursday, November 29, 2001 5:54 PM To: [EMAIL PROTECTED] Subject: 2500 Router problem [7:27695] I have a lab setup as follows: 2 2500 series routers connected to a 2900 switch. Router1 E0 192.168.1.1 255.255.255.0 Router 2 E0 192.168.2.1 255.255.255.0 SwitchIP 192.168.1.3 255.255.255.0 I can ping and telnet to Router 1 and the switch. I can not ping Router2. When I telnet I receive this error message(Cam't open connection to host on port 23, a socket operation was attempted to an unreachable host) I console into Router 2 and E0 looks fine with ip ans it states it is administrately up. Any suggestions? Thanks, James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27744t=27695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Point to point connections, with a /30 you waste 50% of the avaivalable addresses. Dave Nicolas FEVRIER wrote: Hi group, I'm puzzled by the use of /31 subnets... Anybody can explain me the benefits of such a subnet on an interface ? Thanxx. Nicolas. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27745t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SNA: 0x0C0D versus 0x0D0D [7:27740]
Try the following web page. It provides a good explanation of SAP's and how to apply filters. http://www.cisco.com/warp/customer/698/acl200.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Thursday, November 29, 2001 5:25 PM To: [EMAIL PROTECTED] Subject: RE: SNA: 0x0C0D versus 0x0D0D [7:27740] Has anybody seen any good examples of this and/or what the hex numbers mean in English relative to SNA. In a culture that routinely uses Arabic numerals, what is non-English about ordinary hexadecimal as used by IBM? Hint: for even the most minimal levels of certification, proficiency in binary and hex are necessary. CCNA still includes IPX, which uses hex. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27746t=27740 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serial up/up w/o cable [7:27604]
Now that's a really good question! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Thursday, November 29, 2001 4:45 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] A cable-less serial interface? It's called a loopback interface. ;-) Which makes me wonder why the original poster was attempting this in the first place. Is there some functionality that he/she desires to get from a serial interface that is up/up without a cable that he/she couldn't get from a loopback interface? MADMAN 11/29/01 12:39:00 PM To be honest I have never tried such a thing but I thought it made sense that if I enabled loopback the interface should come up. I now tried reenabling keepalives and the interface is still up but it shows itself to be in the looped state: C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up (looped) Which makes sense as it's seeing it's own keepalive packets come back via the loop. I can't do this on a 2500 either but I can't tell you why, any Cisco hardware engineers out there?? oh well it's pretty much acedemic anyway, cableless serial interfaces are about as useful as a three legged horse. Dave Stefan Dozier wrote: Dave If there's no cable installed in Serial4/1/3, obviously I (atleast) need to broaden my level of research on why you do can accomplish that feat on 7500 series routers but not on 2500 series routers! It's just not happening here! But heythat's not a problem, don't mind expanding my horizons and if and when I find an answer, I 'll post some feedback here. Thanks for the info Dave Priscillamy apologies! Off I goto CCO! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, November 29, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] Tell you what, I got it to work just fine: interface Serial4/1/3 no ip address no ip directed-broadcast ip route-cache distributed loopback no keepalive no cdp enable C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up Hardware is cyBus Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation HDLC, crc 16, loopback set Keepalive not set Last input never, output never, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions RTS up, CTS up, DTR up, DCD up, DSR up Dave Stefan Dozier wrote: I don't think it will Priscilla! Even with the encap HDLC, the DCD (carrier detect) control lead must be high in order for the interface status to be in an up condition. The only way I know to accomplish that is with a cable inserted or some type of serial loopback plug, if there's such an animal. And obviously you can't have line protocol in an up state if the interface status isn't in an up state! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Priscilla Oppenheimer Sent: Wednesday, November 28, 2001 7:55 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] At 06:52 PM 11/28/01, Tom E wrote: How can you get a serial interface to go up/up without a cable connected? I have tried loop and no keep. What's the encap? I thought this would work if you used HDLC. Priscilla -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27747t=27604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re[2]: VPN is a Backdoor !!! [7:27725]
But I think VPN is not Backdoor if you use right Security Policy and right configuration. There is one issue : Client. If you can secure your client, there is no weakness. Thursday, November 29, 2001, 11:47:08 PM, you wrote: PR Even then though, you're not secure. If the box is compromised before you PR connect then even when the firewall is enforced, malicious activity could PR still take a place...the attacker would not be able to connect to the PR machine but could leave dastardly code behind to do his job for him. PR I am working on this scenario now as well. I am attempting to come up with PR a best practice for cleaning a machine, installing a firewall, etc for PR any vpn client. Let me know how yours goes! PR -Patrick ---cut--- SentinuS Best Regards [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27748t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2511 Async [7:27749]
I am getting a 2500 Async router with the built in Async ports (RJ45). Does anyone know, do I use a straight thru cable or cisco rolled cable to speak to other cisco routers? I have previously only worked with the Octel cables. I also will be configuring this to speak to a modem bank, has anyone had experience with this... Is there configuration that needs to be done on the modem bank side. The router will be configured to support remote nodes. - Dave __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27749t=27749 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2511 Async [7:27749]
It uses rolled cables. New ones ship with green colored flat cables. The great part is that you can easily create your own custom length cables. -Original Message- From: Dave Luancing [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 5:48 PM To: [EMAIL PROTECTED] Subject: 2511 Async [7:27749] I am getting a 2500 Async router with the built in Async ports (RJ45). Does anyone know, do I use a straight thru cable or cisco rolled cable to speak to other cisco routers? I have previously only worked with the Octel cables. I also will be configuring this to speak to a modem bank, has anyone had experience with this... Is there configuration that needs to be done on the modem bank side. The router will be configured to support remote nodes. - Dave __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27750t=27749 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CBAC question [7:27751]
I have read the MCNS (Cisco Press) book several times, expecially on Chapter 8, however, I'm still very confused about the following question: The book states that when configuring CBAC on an external interface, 1)The Outbound Access-List can be standard or extended 2)The Inbound Access-List MUST be extended And when configuring CBAC on an external interface, 1)The Inbound Access-List at the internal interface or Outbound Access-List can be either standard or extended 2)The Outbound Access-List at internal interface or Inbound Access-List at external interface MUST be extended. It also states that for CBAC to create a temporary opening in an access-list, the access-list Must be extended? Any help is greatly appreciated. Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27751t=27751 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
Well, the RFC does say that consenting PPPs can use other values. Is that like consenting adults? I've been wondering about larger MTUs though. I mentioned this issue in another message today. A lot of novices think that having a large interface MTU is going to make a big difference, but I'm not convinced. The interface isn't going to combine packets it receives into larger packets just because of the larger MTU. Packets can't grow!? The applications would have to be reconfigured to use larger packets sizes too. They may use MTU discovery, but I bet a lot of applications that have a legacy of running on Ethernet and the Internet either don't do MTU discovery or don't even attempt a very large packet size. I'll have to look into this. Thoughts? Comments? Priscilla At 05:26 PM 11/29/01, Howard C. Berkowitz wrote: Found this in RFC 1661 which documents PPP: The maximum length for the Information field, including Padding, but not including the Protocol field, is termed the Maximum Receive Unit (MRU), which defaults to 1500 octets. By negotiation, consenting PPP implementations may use other values for the MRU. P. Hmmm...I definitely am aware of providers using 4470 on POS links, and a general trend in the gigabit-plus world to use larger MTUs. Is this simply industry practice, I wonder, or are there some overriding IEEE or IETF documents? Perhaps in the sub-IP area, such as IP over Optical? At 03:05 PM 11/29/01, Howard C. Berkowitz wrote: Howard, Correct me if am wrong but, the HDLC advantage over PPP is the MTU size. PPP supports 1500 while HDLC 4xxx (can't remember the exact number), this might be helpful in situations where DF bit is set. Nabil I'd have to research this -- I don't offhand remember PPP (as the protocol) having a MTU limit that small. It would surprise me, given the interest in POS. Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27754t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help on VLSM [7:27665]
This is the ability to severaly subnet your intial block of IP addresses to smaller usage networks)subnets). This is don by borrowing subnet bits from the host part of the IP address block. It is mostly required if you have many serial/WAN connections or better still you want to properly seperate your network for precise management/troubleshooting purposes. eg for a block of IP address as this 216.72.67.0 255.255.255.0 If you have a router with say two interfaces and circumtances require that we give each interface a global IP address. Without VLSM =Variable Length Subnet Mask, you would not be able to achieve this from the above given IP address block. VLSM saves you the problem of requesting for another IP address block. Now to be able to name my roouter interfaces(2), I will have to borrow 6 bits from the host part , that would give (128+64+32+16+8+4=252) ie (256-252=4 IP addresses per subnet, only 2 usable, the 1st is network address(unusable) and the other is broadcast address (unusable)). Your two interfaces could then be named as: inf1=216.72.67.1 255.255.255.252 to 216.72.67.3 255.255.255.252 inf2=216.72.67.5 255.255.255.252 to 216.72.67.7 255.255.255.252 Coninue in steps of 4 to name other networks, however if you no longer have other networks you can revert back to something like: 216.72.67.9 255.255.255.0 216.72.67.10 255.255.255.0 216.72.67.11 255.255.255.0 etc for host addresses Rememebr only routing protocols that supports CIDR would be able to rout your networks. Go to www.cisco.com to learn more. Regards. Oletu - Original Message - From: Tel Khan To: Sent: Thursday, November 29, 2001 4:35 AM Subject: Help on VLSM [7:27665] Hi folks, I dont fully undertand VLSM i have read this in the Sybex book and i'm still at a loss, I would be grateful for some guideness. Sorry for beeing thick! Regards Tel _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27753t=27665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: serial up/up w/o cable [7:27604]
It's for testing purposes. There are lots of testing situations when you want an interface to act like it's up even if it's not sending any packets. This isn't a case where we can do our normal thing of treating people who ask questions like they are dumb butts. Sorry, long day. Check this out! charlotte#config t Enter configuration commands, one per line. End with CNTL/Z. charlotte(config)#int s0 charlotte(config-if)#no keep charlotte(config-if)#loopback charlotte(config-if)#end charlotte# %SYS-5-CONFIG_I: Configured from console by console charlotte# charlotte# charlotte#show int s0 Serial0 is up, line protocol is up Hardware is MCI Serial Internet address is 192.168.40.2 255.255.255.0 MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback set, keepalive not set Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 29 Last input 0:00:06, output 0:00:05, output hang never Last clearing of show interface counters never Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 69 packets input, 3077 bytes, 0 no buffer Received 2 broadcasts, 0 runts, 0 giants 3 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 3 abort 74 packets output, 3708 bytes, 0 underruns 0 output errors, 0 collisions, 6 interface resets, 0 restarts 0 output buffer failures, 0 output buffers swapped out 9 carrier transitions Of course, I doubt that my lab of MGS routers resembles anything in the real world! ;-) Priscilla At 06:32 PM 11/29/01, Stefan Dozier wrote: Now that's a really good question! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Neiberger Sent: Thursday, November 29, 2001 4:45 PM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] A cable-less serial interface? It's called a loopback interface. ;-) Which makes me wonder why the original poster was attempting this in the first place. Is there some functionality that he/she desires to get from a serial interface that is up/up without a cable that he/she couldn't get from a loopback interface? MADMAN 11/29/01 12:39:00 PM To be honest I have never tried such a thing but I thought it made sense that if I enabled loopback the interface should come up. I now tried reenabling keepalives and the interface is still up but it shows itself to be in the looped state: C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up (looped) Which makes sense as it's seeing it's own keepalive packets come back via the loop. I can't do this on a 2500 either but I can't tell you why, any Cisco hardware engineers out there?? oh well it's pretty much acedemic anyway, cableless serial interfaces are about as useful as a three legged horse. Dave Stefan Dozier wrote: Dave If there's no cable installed in Serial4/1/3, obviously I (atleast) need to broaden my level of research on why you do can accomplish that feat on 7500 series routers but not on 2500 series routers! It's just not happening here! But heythat's not a problem, don't mind expanding my horizons and if and when I find an answer, I 'll post some feedback here. Thanks for the info Dave Priscillamy apologies! Off I goto CCO! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, November 29, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: serial up/up w/o cable [7:27604] Tell you what, I got it to work just fine: interface Serial4/1/3 no ip address no ip directed-broadcast ip route-cache distributed loopback no keepalive no cdp enable C7507MIX#sh int ser 4/1/3 Serial4/1/3 is up, line protocol is up Hardware is cyBus Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, rely 255/255, load 1/255 Encapsulation HDLC, crc 16, loopback set Keepalive not set Last input never, output never, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions
Re: ISDN Q.921 and Q.931 [7:27568]
VoIP Guy wrote, I was wrong. I looked it up last night and there is a seq. number in the control field of LAPB, HDLC, and LABD. No problem with LAPB and LAPD, which are proper subsets of full HDLC. Again, full HDLC is more of an architecture -- I've never known ANYONE to implement ever feature of it. Both, the sending and receiving stations must keep the same seq. numbers when transmitting, but I cannot find anything on retransmission at that layer. But I asked an old IBM guy I used to work with and he said that SDLC and all the related layer two protocols do require retrans when bad packets are found or missing. So I would assume that LAPD layer two is reliable. And as everyone else said, the SS7 signalling (Q.931) is just control and status messages over D channel. SS7 doesn't use Q.931, but SSCOP (don't ask me what the ITU number is). SSCOP is meant as the ultimately reliable protocol -- it allows multilink operation, so retransmission requests are made only if no frame with a correct CRC arrives on any link. And B channel is a different retrans technique, based upon the higher layer protocols it carries. If an ISDN frame gets corrupt, both channels will be retransmitted, but by differnt methods. So ISDN D channel is inherently reliable at layer two and B channel is reliable only if that higher layer protocol is. See a few comments below Peter Whittle wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I sent this to Priscilla on the topic and she suggested that the group might benefit from my response, so here it is. Priscilla, I think that you may find it helpful to separate end - to - end data transfer from signalling. Very few L2 protocols offer error correction. The modern approach is to require the L1 transmission to provide intrinsically reliable communication and hence it is a waste of bandwidth to implement error correction both on hop by hop and end to end basis as per X.25. Modern WAN digital transmission systems are designed to offer transmission error rates of fewer than 1 bit error in 10^9 bits. On Telco Wan links it is common on this side of the pond to require transmission media to offer error rates better than 1 in 10^9 and often 1 in 10^11. Indeed the commissioning tests call for fewer than 1 error in a 20 minute period on a basic E3 (34 Mb) link and fewer than 1 error in 24 hours on International links prior to acceptance from Transmission into Networks for operational trunks. That is not to say that links may not degrade but if the error rates became worse than 1 in 10^9 it would be time for Network operations to call 'holes poles' (Transmission) to fix it. The fundamental assumptions in both Frame Relay and ATM is that they are running over intrinsically reliable transmission media. The low error rates being achieved either by correctly engineered transmission paths or by the use of significant forward error correction built in to the transmission equipment. ATM, and Frame Relay, implement error correction, or more precisely re- transmission in the interface to the signalling protocols. ISDN relies on the hop by hop error correction offered by LAPD. However, they tend to leave the issue of payload error correction to any high level end-to- end protocols being run on top of these L2 Datalinks. ATM offers no direct protection of payload content, the HEC only protects the ATM header. However, some AALs do offer protection if not correction of the payload. Even AAL5 - most common for IP has a check polynomial (CRC32) to protect the CS PDU. It performs error detection but not correction. In the case of Q.2931, SAAL (version of AAL5 to carry signalling) will detect faulty PDUs. If you want to look at ATM signalling take a look at Q.2931 essentially an enhanced and extended version of narrow band ISDN Q.931 signalling. Take a look at the ATM forum website. www.atmforum.org Frame Relay has Frame Check Sequence that again will detect faulty frames. (Incidentally Carrier Switches tend to drop frames with a faulty FCS). Incidentally Frame Relay is sometimes known as LAPF. Take a look at the frame relay forum web site. www.frforum.org there are some good white papers and the frf's recommendations that you can download. ISDN B channel - is a 64 Kbit clear channel and the network makes no assumptions about the contents. It could be any number of data formats or indeed it could be 64 K G.711 PCM voice. The most ubiquitous use of data over ISDN is to encapsulate it in PPP which is intrinsically multi- protocol. However, it is also possible to use HDLC, X.25, Frame Relay, or any number of specialist protocols. D channel usage is somewhat different. L2 on D channel is Q.921 (as you say also known as LAPD). It is perhaps worth pointing out the ISDN signalling is NOT an end to end protocol! ISDN signalling only traverses the single hop to the
cisco Study group in Dubai [7:27758]
Dear friends, Please contact me for forming study group in Dubai, UAE. Kind regards Naveen Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27758t=27758 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCOWORKS USER GUIDE RWAN LMS [7:27743]
from Amazon.com: What is RWAN, LMS? Thanks -Anil -- CISCO CISCOWORKS USER GUIDE RWAN LMS No photo available Price: $68.87 sh fee $8.00 Description: CISCOWORKS USER GUIDE RWAN LMS Note: This merchant will not ship this item outside of United States. Merchant: microtechonline zShop (9) Seller: microtechonline zShop Details: CISCOWORKS USER GUIDE RWAN LMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Circusnuts Sent: Thursday, November 29, 2001 4:47 AM To: [EMAIL PROTECTED] Subject: Re: CiscoWorks, Cisco Secure [7:27563] Nope- I had to purchase the courseware and a documentation kit off of Ebay. Cisco does offer a CBT for $10 + shipping. There is always the Global Knowledge bootcamp for $5,000 :o) All the best !!! Phil - Original Message - From: D sam To: Sent: Wednesday, November 28, 2001 3:35 PM Subject: CiscoWorks, Cisco Secure [7:27563] does any one know if there are any books for cisco works and Cisco secure that can be purchased by the public. rick _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27743t=27743 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Reset Cisco Cat 2800 switch [7:27756]
Dear All, I have get my first switch from ebay but there is password protected. I have try to reset password with the following web page http://www.cisco.com/warp/public/474/pswdrec_2800.shtml still failed. When the switch at system engineering mode, it still have password protected. Have any idea to reset password. Thanks you for all your helpping!! Jacky Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27756t=27756 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Restrict remote users access to corporate network [7:27759]
Hi Everyone, Perhaps someone in the group can help me with this problem. I have Cisco Pix515-UR (128MB RAM/16MB Flash) running PIX code 6.1(1) with Pix Device Manager (PDM) version 1.1(2). This PIX is connected to my cable modem with STATIC IP address 129.174.1.13 on the outside interface. The inside interface (which is my internal network) has an IP of 192.168.1.1 with a netmask of 255.255.255.0. On the internal network, I have a BSD box (IP 192.168.1.10), a Linux box (192.168.1.20), a Solarisx86 (IP 192.168.1.30) and a SCO Unix with IP 192.168.1.40 I have successfully implemented VPN connection for remote users using Cisco VPN client 3.1.1 running on Win98, NT, 2000 and Linux to connect to the internal network. Once these remote users are successfully connected, they can access all the devices on the internal network. I have 2 questions: 1) Let say that I just want remote users to access just the BSD box and the Linux box but not the Solaris and SCO, how can I make this happen? I know how to do that with Checkpoint Secure Remote (Checkpoint use Encryption domain which specify which devices remote user is allowed to access). How can I accomplish this in PIX? For example, I just want remote users to ping the BSD and Linux boxes but not Solaris and SCO boxes. 2) I have 4 different remote users who connect to the internal network via VPN IPSec connection. All of these users are using the same account (vpn3000) to connect back to the network. From a Security stand point, this is bad practices. How can I assign each of these users different account in the configuration? Again, I know how to do this with Checkpoint; however, I don't know how to get it done in PIX. Below is the configuration. Please help. thanks. PIX Version 6.1(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password OnTrBUG1Tp0edmkr encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname goss-d3-pix515b domain-name micronetsolution.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names ! !--- Access-list to avoid Network Address Translation (NAT) on the IPSec packets access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 pager lines 24 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ! !--- IP addresses on the interfaces ip address outside 129.174.1.13 255.255.240.0 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool ippool 192.168.2.1-192.168.2.254 no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 pdm history enable arp timeout 14400 ! !--- Binding ACL 101 to the NAT statement to avoid NAT on the IPSec packets nat (inside) 0 access-list 101 ! !--- Default route to the Internet route outside 0.0.0.0 0.0.0.0 129.174.1.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable ! !--- The sysopt command avoids conduit on the IPSec encrypted traffic sysopt connection permit-ipsec no sysopt route dnat ! !--- Phase 2 encryption type crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap ! !--- Binding the IPSec engine on the outside interface crypto map mymap interface outside ! !--- Enabling ISAKMP key-exchange isakmp enable outside isakmp identity address ! !--- ISAKMP Policy for 3000 VPN client running 3.0 or higher code isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 ! !--- IPSec group configuration for either VPN client vpngroup vpn3000 address-pool ippool vpngroup vpn3000 dns-server 192.168.1.10 vpngroup vpn3000 default-domain micronetsolution.com vpngroup vpn3000 idle-time 1800 vpngroup vpn3000 password telnet timeout 5 ssh timeout 5 terminal width 80 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27759t=27759 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]