RE: Suggestions CCIP Or CQS Security ? [7:27765]
IMHO- I would pursue the CSS1... only because you can never go wrong with a strong Internetwork Security qualification. They seem to be in rare form in my opinion, and I think that is why Cisco, Network Associates, Checkpoint, etc. are really pushing their security products/certifications... They know how much everyone is running their networks with sloppy security, and are either just capitalizing on it, or trying to emphasize the importance of it - or maybe both. Like I said, IMHO, with firm Security understanding and certification, you can't go wrong. (Thinking Long-term) Mark Odette II StellarConnection Services -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of G.E. Murphy Sent: Thursday, November 29, 2001 11:59 PM To: [EMAIL PROTECTED] Subject: Suggestions CCIP Or CQS Security ? [7:27765] Hello fellow professionals. I hope your quests for Cisco certifications are going well. I have a question and am curious of your opinions. I have CCNP and CCDP and am interested in either CCIP or CQS Security (CSS1). I am not at this time pursuing CCIE as it does not fit into my career at this time. I have a full time job (40 hours) as a network engineer providing support/implementation/design of an enterprise. We are rolling out new backbone structures and a redundant data center soon (CCIP would be good training especially metro). I also work about 10 hours on the side consulting on mostly small business projects, VPNs, security tightening etc and really like and it puts some nice extra change in the pocket (Cisco Security would be a nice tag to have here) so to you out there does CCIP just seem like another "P" and too similar or would it be better to the three "P"s or does CCNP, CCDP, CSS1 have a better overall ring to it ? I am just trying to get the most bang for the cert buck as I like the way things are now as far as overall pay goes and like being popular in the consulting arena... Thanks for any opinions/suggestions Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27778&t=27765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP [7:27651]
Chinh Pham-Tuong wrote: > > Dear all, > > I am repair to take CCNP examination , please help me > the `web site` that includes `question and answer` > about CCNP > Thanks a lot > PTC www.selftest.com --> Great, very similar to REAL exam www.boson.com --> Good , but harder than real Cisco exam. In addition, many quesion in BOSON tests ask users to enter exact IOS commands. This is not the case in the real exam. Bye the way, ... YOU ARE PREPAIRING to take CCNP exams, but not ... REPAIR bicycle, hi` hi` :-)) Just kidding, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27779&t=27651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACL on Port-channel interface [7:27780]
Hi! Everyone! I have a question. Is it possible to apply acl on port-channel interface or port-channel sub-interface? According to my experience, Router print out following message; 'Acl is not supported on port-channel interface' Well then, Isn't there the other method to solve this problem? Any answer would be appreciated!! Regards... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27780&t=27780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP telephony [7:27533]
Anil First thing, are you connecting you PBX to the routers via fxs/fxo ports? are they already in place? As for MGCP and H323, I don't know too much about MGCP and I think it's used for controlling gateways and higher layers features than H323 ( anyone please feel free to comment), so go for H323 as you just want to originate and terminate H323 traffic between your routers and CMs. Have a look at this url on the cco for config's http://www.cisco.com/univercd/cc/td/doc/product/access/nubuvoip/voip5300/ind ex.htm it's mainly about AS5300s but the platform doesn't really matter once the interfaces are configured. Let me know if you need more info, cheers Pat ""Anil Kumar"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This is the Voice network i am implementing. > Voip on this network is working. > > Analog PhoneAnalog Phone > | | > | | > | | > > IPtelphone->CCM3.0->3660 Router-->3640 Router-->IPtelephone >With NM-HDVWith NM-HDV > (Main Office) (Remote Office) > > > > The problem which i am facing is the call routing between > the IP telephone & the Analog phones to both locations. > I am bit confused, and not sure to use which type of > Gateway Types ( MGCP, or H.323) for the 3660 Routers. > I read that MGCP is being used for mainly FXS/ FXO ports. > > I am using an R2 Digital Signalling for the NM-HDV card. > I have enclosed the config of the main location, the same > carries for the remote location too. > > Request your sugesstion / Comments on this. > > Regards.. Anil > > > > Current configuration: > ! > version 12.1 > service timestamps debug datetime msec > service timestamps log uptime > no service password-encryption > service udp-small-servers max-servers no-limit > ! > > ! > enable secret 5 $1$QdNt$.YqZyaiFoHfFW.ZP1yHzG/ > > ! > ! > ! > ! > ! > memory-size iomem 10 > voice-card 2 > ! > ip subnet-zero > ip dhcp ping timeout 2000 > ip dhcp relay information option > ! > ip dhcp-server 179.65.51.20 > lane client flush > isdn switch-type primary-net5 > cns event-service server > ! > ! > voice class permanent 10 > signal pattern idle transmit 0001 > signal pattern idle receive 0001 > ! > ! > ! > ! > ! > ! > controller E1 1/0 > framing NO-CRC4 > clock source internal > channel-group 1 timeslots 1-31 > description connected to Branch > ! > controller E1 2/0 > framing NO-CRC4 > clock source internal > ds0-group 0 timeslots 1-15,17-31 type r2-digital dtmf dnis > description CONNECTED TO NORTEL EPABX > ! > ! > ! > interface Multilink1 > ip address 192.168.0.2 255.255.255.252 > ip helper-address 179.65.51.20 > ip directed-broadcast > ip tcp header-compression iphc-format > no ip mroute-cache > fair-queue 2048 2048 1000 > no cdp enable > ppp multilink > ppp multilink fragment-delay 20 > ppp multilink interleave > multilink-group 1 > ip rtp header-compression iphc-format > ip rtp priority 16384 16383 1488 > ! > interface FastEthernet0/0 > ip address 179.65.51.1 255.255.0.0 > ip helper-address 179.65.51.20 > ip directed-broadcast > no ip mroute-cache > speed auto > half-duplex > no cdp enable > ! > interface Serial1/0:1 > no ip address > ip helper-address 179.65.51.20 > ip directed-broadcast > encapsulation ppp > ip mroute-cache > no fair-queue > ppp multilink > multilink-group 1 > ! > ip classless > ip route 0.0.0.0 0.0.0.0 192.168.0.1 > no ip http server > ! > dialer-list 1 protocol ip permit > dialer-list 1 protocol ipx permit > no cdp advertise-v2 > ! > snmp-server engineID local 000902024B24BF30 > snmp-server community public RO > snmp-server packetsize 2048 > ! > voice-port 2/0:0 > no modem passthrough > cptone GB > ! > dial-peer voice 100 voip > destination-pattern 125T > session target ipv4:192.168.0.1 > codec g711alaw > ip precedence 5 > ! > dial-peer voice 10 pots > destination-pattern 116T > port 2/0:0 > forward-digits all > ! > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > exec-timeout 20 0 > login > ! > end > > HO# > > > __ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27781&t=27533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccprep.com [7:27782]
Hi all, Is anyone who has tried the lab. exercise offered by ccprep.com? Is it good for ccie lab. preparation? If so, I will buy it. Thx. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27782&t=27782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Sincerely do not know, when you find out let me know. To me using /31 is against all subnet rules, /31 gives you a subnet mask of 255.255.255.254, with two host addresses each, but these addresses are not usable. The most I have used and seen people use is /30 (255.255.255.252), for WAN interface IP address allocations. Regards. Oletu - Original Message - From: Nicolas FEVRIER To: Sent: Thursday, November 29, 2001 2:39 PM Subject: /31 subnet. [7:27742] > Hi group, > > I'm puzzled by the use of /31 subnets... > Anybody can explain me the benefits of such a subnet on an interface ? > > Thanxx. > > Nicolas. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27783&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 Router problem [7:27695]
Hi, You can see that Router 2 is on a different subnet other than Router 1 and I also guess you do not have a route defined from one Router to the other. Either give Router 2 an IP address on network 192.168.1.n (or give Router 1 an IP address on network 192.168.2.n---both interfaces must be on the same Network) or better still, defiine a default route or a static route from each Router pointing to the other and you will be done. Regards. Oletu - Original Message - From: James gruggett To: Sent: Thursday, November 29, 2001 9:53 AM Subject: 2500 Router problem [7:27695] > I have a lab setup as follows: 2 2500 series routers connected to a 2900 > switch. > > Router1 E0 192.168.1.1 255.255.255.0 > Router 2 E0 192.168.2.1 255.255.255.0 > SwitchIP 192.168.1.3 255.255.255.0 > > I can ping and telnet to Router 1 and the switch. I can not ping > Router2. When I telnet I receive this error message(Cam't open > connection to host on port 23, a socket operation was attempted to an > unreachable host) > > I console into Router 2 and E0 looks fine with ip ans it states it is > administrately up. > > Any suggestions? > > Thanks, > > James _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27784&t=27695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN between Checkpoint and Pix [7:27787]
Hi guys, Is there any site which give details(Configuration,specs)abt VPN between Pix firewall and checkpt firewall using IPSec. TIA Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27787&t=27787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Home lab - 2523 [7:27788]
hi folks, Joust wanted to know if the 2523 was a good buy to act as a frame relay/x.25 switch in a home lab Many thanks Ham __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27788&t=27788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Home lab - 2523 [7:27788]
yes, of course, 2522 and 2523 both are good buy but expensiveHam web wrote: > > hi folks, > > Joust wanted to know if the 2523 was a good buy to act > as a frame relay/x.25 switch in a home lab > > Many thanks > > Ham > > __ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just > $8.95/month. > http://geocities.yahoo.com/ps/info1 > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27789&t=27788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
i could not deleted this config !!! [7:27790]
ip nat translation timeout never ip nat translation tcp-timeout never ip nat translation udp-timeout never ip nat translation finrst-timeout never ip nat translation syn-timeout never ip nat translation dns-timeout never ip nat translation icmp-timeout never ip classless i did anything i can do, even erase the nvram could not worked, :( Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27790&t=27790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re: Retrieve Cisco config (via SNMP) [7:27791]
Hope someone can help: Is it possible to upgrade my c1603 to IOS 12.x using the existing hardware? Do I need to upgrade the RAM? Thanks -Anil -- rustyb#sh ver Cisco Internetwork Operating System Software IOS (tm) 1600 Software (C1600-Y-L), Version 11.1(12)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Mon 09-Jun-97 14:20 by krunyan Image text-base: 0x0801A214, data-base: 0x02005000 ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc 1) ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) rustyb uptime is 1 day, 21 minutes System restarted by power-on System image file is "flash:c1600-y-l.111-12.AA", booted via flash cisco 1603 (68360) processor (revision C) with 17920K/512K bytes of memory. Processor board ID 11324937 Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. Basic Rate ISDN software, Version 1.0. 1 Ethernet/IEEE 802.3 interface. 1 ISDN Basic Rate interface. System/IO memory with parity disabled 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM System running from FLASH 8K bytes of non-volatile configuration memory. 4096K bytes of processor board PCMCIA flash (Read ONLY) Configuration register is 0x2102 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27791&t=27791 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Retrieve Cisco config (via SNMP) [7:27792]
Using the MIB .1.3.6.1.4.1.9.2.1.55 you can write the config to a tftp server on your network. "to write the configuration of a Cisco router to tftp server the command would be: snmpset -c .1.3.6.1.4.1.9.2.1.55. octetstring " Does anyone happen to know what the *OCTECTSTRING* is? I presume the filename is the name of the file to be saved on the TFTP server. Has anyone aactually tried this command? Thanks -Anil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27792&t=27792 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Using TFTP and Notepad for CCIE Lab [7:27793]
I read about a lot of people using a text editor and tftp to create and manipulate their configurations to save time on the CCIE Lab exam. I understand the benefits of using this technique, but sometimes it seems as if it takes quite a while for me to set up the required routing to reach all of my routers via tftp. My real question concerns the use of a terminal server in this situation. I do not have a terminal server, but my understanding is that you telnet to the terminal server, which in turn has reverse telnet connections to each routers console port. If I was connected to the terminal server via a PC that had tftp server software installed, is there an easy way to use the reverse telnet connection to each router for the tftp file transfer? If not, would I have to have a tftp server connected to one router's Ethernet, and then set up routing to that ethernet's subnet on each router? I am trying to invision how this technique would save time in the lab if a tftp server is not readily available on a subnet common to all devices in the rack. I know a router can be configured as a tftp server, but I believe that it can only answer requests and can not be copied to. Any help would be greatly appreciated as I sit the lab on Feb 1 and I would like to develop some solid time-saving techniques. Thank you! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27793&t=27793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Using TFTP and Notepad for CCIE Lab [7:27793]
I guess you can do two things: 1) Build a text file with all the alias command you want to use and keep it handy; 2) Use Notepad (or vi ;-) on your PC to build all the configuration needed for the router. When you are connected to the router (with a terminal emulation program, eg. Hyperterminal), just copy & paste your command from Notepad to the router prompt. You can do the same with the alias commands. No tftp or any configuration is needed to do this. my .2 cents ;-) Maurizio -Original Message- From: Wilson, Christian [mailto:[EMAIL PROTECTED]] Sent: 30 November 2001 13:50 To: [EMAIL PROTECTED] Subject: Using TFTP and Notepad for CCIE Lab [7:27793] I read about a lot of people using a text editor and tftp to create and manipulate their configurations to save time on the CCIE Lab exam. I understand the benefits of using this technique, but sometimes it seems as if it takes quite a while for me to set up the required routing to reach all of my routers via tftp. My real question concerns the use of a terminal server in this situation. I do not have a terminal server, but my understanding is that you telnet to the terminal server, which in turn has reverse telnet connections to each routers console port. If I was connected to the terminal server via a PC that had tftp server software installed, is there an easy way to use the reverse telnet connection to each router for the tftp file transfer? If not, would I have to have a tftp server connected to one router's Ethernet, and then set up routing to that ethernet's subnet on each router? I am trying to invision how this technique would save time in the lab if a tftp server is not readily available on a subnet common to all devices in the rack. I know a router can be configured as a tftp server, but I believe that it can only answer requests and can not be copied to. Any help would be greatly appreciated as I sit the lab on Feb 1 and I would like to develop some solid time-saving techniques. Thank you! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27794&t=27793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCO CD's [7:27701]
Thanks guys. I tried one last night and it worked. Steve ""Alex Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It should be somewhere in the archives. Let me recap a group-member's > recommendation :- > > Quote > open the 'search.ini' file under CiscoCD directory, locate this line > > Browser=C:\Program~1\intern~1\iexplorer.exe > > change it to > > Browser= > > then save on exit. > Unquote > > > ""VoIP Guy"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Here's question that I have never got answered. > > > > How in te world do I get those CCO CD's to work? I always install them > and > > try to open up the page and get a blank page. I can browse the CD and > get > > to the home page that way, but as soon as I click on a link, it looks > almost > > like it's encrypted. > > > > I have tried IE, netscape, installing all the apps on the CD. > > What am I doing wrong? > > > > Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27796&t=27701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Maybe I'm missing something, but there are only 2 useable addresses in a /30, and only 2 interfaces participating in a point-to-point link, so how are there 50% of the addresses wasted. Steve ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Point to point connections, with a /30 you waste 50% of the > avaivalable addresses. > > Dave > > Nicolas FEVRIER wrote: > > > > Hi group, > > > > I'm puzzled by the use of /31 subnets... > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > Thanxx. > > > > Nicolas. > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27795&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN between Checkpoint and Pix [7:27787]
do a search on the cco and this comes up. http://www.cisco.com/warp/public/707/cp-r.shtml jason -Original Message- From: Ramesh c [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 05:04 AM To: [EMAIL PROTECTED] Subject: VPN between Checkpoint and Pix [7:27787] Hi guys, Is there any site which give details(Configuration,specs)abt VPN between Pix firewall and checkpt firewall using IPSec. TIA Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27798&t=27787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: i could not deleted this config !!! [7:27790]
These are default statements, I believe. Thanx, Mark > ip nat translation timeout never > ip nat translation tcp-timeout never > ip nat translation udp-timeout never > ip nat translation finrst-timeout never > ip nat translation syn-timeout never > ip nat translation dns-timeout never > ip nat translation icmp-timeout never > ip classless > > > i did anything i can do, even erase the nvram could not worked, :( Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27799&t=27790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VIRUS - RE: RE: Security Exams Textbooks Required [7:27800]
It seems a virus... -Original Message- From: Derek Gaff [ mailto:[EMAIL PROTECTED]] Sent: sexta-feira, 30 de novembro de 2001 11:56 To: Hugo Caye Subject: Re: RE: Security Exams Textbooks Required [7:27321]=20 [GroupStudy.com removed an attachment of type image/bmp which had a name of Outlook.bmp] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27800&t=27800 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Laptop keeps same gateway even when on different r [7:27801]
Just a quick note. That product is no longer available. You need the Corporate Edition for W2K Regards, -- A. Dominick Marino Quality Networking Inc. 516-480-2973 ""Dave Nachman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Jerry - On my laptop I am always switching around my network configs, > someplaces I go to require a static IP, others DHCP, some require a domain > login other don't. Not to mention the different server names and printers I > have to connect to. > > My solution, Mobile Essentials from Symantec. I got a free personal edition > software right off their web site. Now all I have to do is configure a > profile for each network I use, and select that when I login to my laptop, > it will make all the adjustments and provide me with a complete connection > anywhere. > > Dave Nachman > www.davenetworks.com > > Jerry Deer wrote: > > > > > Hello all, I am having a problem that i am hoping someone > > who has had > > > same experience can shed some light on. I have a laptop that > > i use at my > > > office and at home through frame relay network to my office ( > > using dhcp ) > > > The problem i am having is the laptop keeps the default > > gateway of the > > > office ( i discovered this using a routeprint at dos prompt) > > so i can > > > connect to any thing at home or office but no other frame > > relay networks > > > that are also connected to our office. I have ruled out > > router as problem > > > because i can ping all subnets from the router but it is just > > from the pc > > > . Getting frustrated and hoping some kind soul will put me in > > right > > > direction! > > > thanks > > > JD Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27801&t=27801 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet (now with info link) [7:27802]
With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You save addresses with a /31. Here's a link with more info: http://www.ietf.org/rfc/rfc3021.txt?number=3021 Thanks, Craig At 08:32 AM 11/30/2001 -0500, you wrote: >Maybe I'm missing something, but there are only 2 useable addresses in a >/30, and only 2 interfaces participating in a point-to-point link, so how >are there 50% of the addresses wasted. > >Steve > > >""MADMAN"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Point to point connections, with a /30 you waste 50% of the > > avaivalable addresses. > > > > Dave > > > > Nicolas FEVRIER wrote: > > > > > > Hi group, > > > > > > I'm puzzled by the use of /31 subnets... > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > Thanxx. > > > > > > Nicolas. > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27802&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet (now with info link) [7:27802]
I know that, but the network and broadcast addresses are unusable. Thus the two good addresses for hosts. ""Craig Columbus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You save > addresses with a /31. > Here's a link with more info: > > http://www.ietf.org/rfc/rfc3021.txt?number=3021 > > Thanks, > Craig > > At 08:32 AM 11/30/2001 -0500, you wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27803&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dial in [7:27703]
Anyone successfull with this using Win2000 and Hyperterm? If so what type of modem are you using? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27804&t=27703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Subnetting [7:27808]
Can anyone help ! I have been assigned by our Head Office a Class B address (Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 which gives me 254 hosts available. However i have to split this between 3 locations like so : Loc A : Minimum Addresses Required 160 (HQ) Loc B : Minumum Addresses Required 16 Loc C : Minumum Addresses Required 48 Loc B & C will each have a router that connects to a router at Loc A. Any ideas on how this can done ? Thanks Andy Hutchinson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27808&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet (now with info link) [7:27802]
I read the RFC, so I guess it can be used. My bad. AM I correct in saying that one interface will be assigned the all zero subnet as it's IP and the other will be assigned the broadcast IP address for that subnet? Steve ""VoIP Guy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I know that, but the network and broadcast addresses are unusable. Thus the > two good addresses for hosts. > ""Craig Columbus"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You > save > > addresses with a /31. > > Here's a link with more info: > > > > http://www.ietf.org/rfc/rfc3021.txt?number=3021 > > > > Thanks, > > Craig > > > > At 08:32 AM 11/30/2001 -0500, you wrote: > > >Maybe I'm missing something, but there are only 2 useable addresses in a > > >/30, and only 2 interfaces participating in a point-to-point link, so how > > >are there 50% of the addresses wasted. > > > > > >Steve > > > > > > > > >""MADMAN"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Point to point connections, with a /30 you waste 50% of the > > > > avaivalable addresses. > > > > > > > > Dave > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > Hi group, > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > Anybody can explain me the benefits of such a subnet on an interface > ? > > > > > > > > > > Thanxx. > > > > > > > > > > Nicolas. > > > > -- > > > > David Madland > > > > Sr. Network Engineer > > > > CCIE# 2016 > > > > Qwest Communications Int. Inc. > > > > [EMAIL PROTECTED] > > > > 612-664-3367 > > > > > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27806&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet. [7:27742]
I think this can sum it up. http://www.faqs.org/rfcs/rfc3021.html -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 7:33 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] Maybe I'm missing something, but there are only 2 useable addresses in a /30, and only 2 interfaces participating in a point-to-point link, so how are there 50% of the addresses wasted. Steve ""MADMAN"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Point to point connections, with a /30 you waste 50% of the > avaivalable addresses. > > Dave > > Nicolas FEVRIER wrote: > > > > Hi group, > > > > I'm puzzled by the use of /31 subnets... > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > Thanxx. > > > > Nicolas. > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27809&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet (now with info link) [7:27802]
Just tried it and the router dosen't even allow an interface to use a /31 mask, even with ip subnet-zero enabled. ""VoIP Guy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I read the RFC, so I guess it can be used. My bad. > > AM I correct in saying that one interface will be assigned the all zero > subnet as it's IP and the other will be assigned the broadcast IP address > for that subnet? > > Steve > > > > ""VoIP Guy"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I know that, but the network and broadcast addresses are unusable. Thus > the > > two good addresses for hosts. > > ""Craig Columbus"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You > > save > > > addresses with a /31. > > > Here's a link with more info: > > > > > > http://www.ietf.org/rfc/rfc3021.txt?number=3021 > > > > > > Thanks, > > > Craig > > > > > > At 08:32 AM 11/30/2001 -0500, you wrote: > > > >Maybe I'm missing something, but there are only 2 useable addresses in > a > > > >/30, and only 2 interfaces participating in a point-to-point link, so > how > > > >are there 50% of the addresses wasted. > > > > > > > >Steve > > > > > > > > > > > >""MADMAN"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Point to point connections, with a /30 you waste 50% of the > > > > > avaivalable addresses. > > > > > > > > > > Dave > > > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > > > Hi group, > > > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > > Anybody can explain me the benefits of such a subnet on an > interface > > ? > > > > > > > > > > > > Thanxx. > > > > > > > > > > > > Nicolas. > > > > > -- > > > > > David Madland > > > > > Sr. Network Engineer > > > > > CCIE# 2016 > > > > > Qwest Communications Int. Inc. > > > > > [EMAIL PROTECTED] > > > > > 612-664-3367 > > > > > > > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27807&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Law of subnets is a tradeoff. Bigger subnets, have higher efficiency, at the cost of bigger broadcast domains. Smaller subnets have abysmal efficiency, at the benefit of smaller broadcast domains. /31 is a new RFC proposed rule which eliminates the loss of effiency of 50% to.. 0%. /30 has 2 usable addresses but loses 2 for broadcast and network. So, you need 4 ips to make the subnet, but you only can use 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore the broadcast and network need. This is ideal for point to point. At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: >Maybe I'm missing something, but there are only 2 useable addresses in a >/30, and only 2 interfaces participating in a point-to-point link, so how >are there 50% of the addresses wasted. > >Steve > > >""MADMAN"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Point to point connections, with a /30 you waste 50% of the > > avaivalable addresses. > > > > Dave > > > > Nicolas FEVRIER wrote: > > > > > > Hi group, > > > > > > I'm puzzled by the use of /31 subnets... > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > Thanxx. > > > > > > Nicolas. > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27810&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
It doesn't work in Cisco routers. ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Law of subnets is a tradeoff. Bigger subnets, have higher > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > abysmal efficiency, at the benefit of smaller broadcast domains. > /31 is a new RFC proposed rule which eliminates the loss of > effiency of 50% to.. 0%. > /30 has 2 usable addresses but loses 2 for broadcast and > network. So, you need 4 ips to make the subnet, but you only can use > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > the broadcast and network need. This is ideal for point to point. > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27811&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnetting [7:27808]
If you really got a class B, it would be 255.255.0.0, where you could just create 254 Class C networks. If you got a class C network, you can't do it without more VLANs. ""Andy Hutchinson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can anyone help ! > I have been assigned by our Head Office a Class B address > (Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 > which gives me 254 hosts available. > However i have to split this between 3 locations > like so : > > Loc A : Minimum Addresses Required 160 (HQ) > Loc B : Minumum Addresses Required 16 > Loc C : Minumum Addresses Required 48 > > Loc B & C will each have a router that connects to a router at Loc A. > > Any ideas on how this can done ? > > Thanks > > Andy Hutchinson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27812&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re: Retrieve Cisco config (via SNMP) [7:27791]
Yes You can; I have done the same thing on C1601 - put IOS 12.1.11 which is allready compressed. Routers are working fine Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27814&t=27791 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
ctrl-shift-F6. -Original Message- From: Hollis [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 10:19 PM To: [EMAIL PROTECTED] Subject: escape sequence other than Ctl-Shift-6(x) [7:27760] Does anyone know an escape sequence other than Ctl-Shift-6(x) to use while within a Term server session. Say I need to stop an unsuccessful traceroute... but when I do Ctl-Shift-6(x) it takes me back to my Term server. Thanks. kk/USN Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27815&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Actually, it does work with the correct platform and IOS version. Here's the link. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft31addr.htm Craig At 09:44 AM 11/30/2001 -0500, you wrote: >It doesn't work in Cisco routers. > >""Carroll Kong"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Law of subnets is a tradeoff. Bigger subnets, have higher > > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > > abysmal efficiency, at the benefit of smaller broadcast domains. > > /31 is a new RFC proposed rule which eliminates the loss of > > effiency of 50% to.. 0%. > > /30 has 2 usable addresses but loses 2 for broadcast and > > network. So, you need 4 ips to make the subnet, but you only can use > > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > > the broadcast and network need. This is ideal for point to point. > > > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > > >Maybe I'm missing something, but there are only 2 useable addresses in a > > >/30, and only 2 interfaces participating in a point-to-point link, so how > > >are there 50% of the addresses wasted. > > > > > >Steve > > > > > > > > >""MADMAN"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Point to point connections, with a /30 you waste 50% of the > > > > avaivalable addresses. > > > > > > > > Dave > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > Hi group, > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > Anybody can explain me the benefits of such a subnet on an interface >? > > > > > > > > > > Thanxx. > > > > > > > > > > Nicolas. > > > > -- > > > > David Madland > > > > Sr. Network Engineer > > > > CCIE# 2016 > > > > Qwest Communications Int. Inc. > > > > [EMAIL PROTECTED] > > > > 612-664-3367 > > > > > > > > "Emotion should reflect reason not guide it" > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27816&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
It does work with Cisco routers, but it's a new feature in 12.2. Hmm...it may even be 12.2T, not 12.2, but it is definitely available now. >>> "VoIP Guy" 11/30/01 7:44:28 AM >>> It doesn't work in Cisco routers. ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Law of subnets is a tradeoff. Bigger subnets, have higher > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > abysmal efficiency, at the benefit of smaller broadcast domains. > /31 is a new RFC proposed rule which eliminates the loss of > effiency of 50% to.. 0%. > /30 has 2 usable addresses but loses 2 for broadcast and > network. So, you need 4 ips to make the subnet, but you only can use > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > the broadcast and network need. This is ideal for point to point. > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27817&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet (now with info link) [7:27802]
It's wasn't supported until 12.2(4)T. Check it out. This is from a 1750 running 12.2(4)T: > interface Loopback9 > ip address 111.11.1.1 255.255.255.254 It works! -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:34 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet (now with info link) [7:27802] Just tried it and the router dosen't even allow an interface to use a /31 mask, even with ip subnet-zero enabled. ""VoIP Guy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I read the RFC, so I guess it can be used. My bad. > > AM I correct in saying that one interface will be assigned the all zero > subnet as it's IP and the other will be assigned the broadcast IP address > for that subnet? > > Steve > > > > ""VoIP Guy"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I know that, but the network and broadcast addresses are unusable. Thus > the > > two good addresses for hosts. > > ""Craig Columbus"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You > > save > > > addresses with a /31. > > > Here's a link with more info: > > > > > > http://www.ietf.org/rfc/rfc3021.txt?number=3021 > > > > > > Thanks, > > > Craig > > > > > > At 08:32 AM 11/30/2001 -0500, you wrote: > > > >Maybe I'm missing something, but there are only 2 useable addresses in > a > > > >/30, and only 2 interfaces participating in a point-to-point link, so > how > > > >are there 50% of the addresses wasted. > > > > > > > >Steve > > > > > > > > > > > >""MADMAN"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Point to point connections, with a /30 you waste 50% of the > > > > > avaivalable addresses. > > > > > > > > > > Dave > > > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > > > Hi group, > > > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > > Anybody can explain me the benefits of such a subnet on an > interface > > ? > > > > > > > > > > > > Thanxx. > > > > > > > > > > > > Nicolas. > > > > > -- > > > > > David Madland > > > > > Sr. Network Engineer > > > > > CCIE# 2016 > > > > > Qwest Communications Int. Inc. > > > > > [EMAIL PROTECTED] > > > > > 612-664-3367 > > > > > > > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27818&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet (now with info link) [7:27802]
I jusr dl'd that image from Cisco and it does work! I learn something new every day in thhis field. (Actually more like 10 new things everyday). Steve ""Lange, Eric"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It's wasn't supported until 12.2(4)T. > > Check it out. This is from a 1750 running 12.2(4)T: > > > interface Loopback9 > > ip address 111.11.1.1 255.255.255.254 > > It works! > > -Eric > > -Original Message- > From: VoIP Guy [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 30, 2001 8:34 AM > To: [EMAIL PROTECTED] > Subject: Re: /31 subnet (now with info link) [7:27802] > > > Just tried it and the router dosen't even allow an interface to use a /31 > mask, even with ip subnet-zero enabled. > > > ""VoIP Guy"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I read the RFC, so I guess it can be used. My bad. > > > > AM I correct in saying that one interface will be assigned the all zero > > subnet as it's IP and the other will be assigned the broadcast IP address > > for that subnet? > > > > Steve > > > > > > > > ""VoIP Guy"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I know that, but the network and broadcast addresses are unusable. Thus > > the > > > two good addresses for hosts. > > > ""Craig Columbus"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You > > > save > > > > addresses with a /31. > > > > Here's a link with more info: > > > > > > > > http://www.ietf.org/rfc/rfc3021.txt?number=3021 > > > > > > > > Thanks, > > > > Craig > > > > > > > > At 08:32 AM 11/30/2001 -0500, you wrote: > > > > >Maybe I'm missing something, but there are only 2 useable addresses > in > > a > > > > >/30, and only 2 interfaces participating in a point-to-point link, so > > how > > > > >are there 50% of the addresses wasted. > > > > > > > > > >Steve > > > > > > > > > > > > > > >""MADMAN"" wrote in message > > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > Point to point connections, with a /30 you waste 50% of the > > > > > > avaivalable addresses. > > > > > > > > > > > > Dave > > > > > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > > > > > Hi group, > > > > > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > > > Anybody can explain me the benefits of such a subnet on an > > interface > > > ? > > > > > > > > > > > > > > Thanxx. > > > > > > > > > > > > > > Nicolas. > > > > > > -- > > > > > > David Madland > > > > > > Sr. Network Engineer > > > > > > CCIE# 2016 > > > > > > Qwest Communications Int. Inc. > > > > > > [EMAIL PROTECTED] > > > > > > 612-664-3367 > > > > > > > > > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27819&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet. [7:27742]
Sorry. Looks like 12.2(2)T. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122 t/122t2/ft31addr.htm#xtocid104191 -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:44 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] It doesn't work in Cisco routers. ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Law of subnets is a tradeoff. Bigger subnets, have higher > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > abysmal efficiency, at the benefit of smaller broadcast domains. > /31 is a new RFC proposed rule which eliminates the loss of > effiency of 50% to.. 0%. > /30 has 2 usable addresses but loses 2 for broadcast and > network. So, you need 4 ips to make the subnet, but you only can use > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > the broadcast and network need. This is ideal for point to point. > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27820&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
En riponse ` VoIP Guy : > It doesn't work in Cisco routers. Actually, Cisco supports this 3021... http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/12 2t2/ft31addr.htm My apologies, I didn't know this url before posting... Nicolas. > > ""Carroll Kong"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Law of subnets is a tradeoff. Bigger subnets, have higher > > efficiency, at the cost of bigger broadcast domains. Smaller subnets > have > > abysmal efficiency, at the benefit of smaller broadcast domains. > > /31 is a new RFC proposed rule which eliminates the loss of > > effiency of 50% to.. 0%. > > /30 has 2 usable addresses but loses 2 for broadcast and > > network. So, you need 4 ips to make the subnet, but you only can > use > > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and > ignore > > the broadcast and network need. This is ideal for point to point. > > > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > > >Maybe I'm missing something, but there are only 2 useable addresses > in a > > >/30, and only 2 interfaces participating in a point-to-point link, so > how > > >are there 50% of the addresses wasted. > > > > > >Steve > > > > > > > > >""MADMAN"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Point to point connections, with a /30 you waste 50% of the > > > > avaivalable addresses. > > > > > > > > Dave > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > Hi group, > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > Anybody can explain me the benefits of such a subnet on an > interface > ? > > > > > > > > > > Thanxx. > > > > > > > > > > Nicolas. > > > > -- > > > > David Madland > > > > Sr. Network Engineer > > > > CCIE# 2016 > > > > Qwest Communications Int. Inc. > > > > [EMAIL PROTECTED] > > > > 612-664-3367 > > > > > > > > "Emotion should reflect reason not guide it" > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27821&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Aggregate Route feeding back. [7:27822]
>Hello Group, > >I got a problem with BGP aggregate route being advertised out to another AS, >and then readvertised back to the original AS through another entry router. > >R5_R6 >| > R7 > >Basically an ethernet segment R5, R6, R7 on the same subnet. R5 & R6 in >AS600, and R7 in AS500. R5 sends out an aggregate of 172.16.0.0/16 to R7, >and then somehow R6 learns this aggregate route also. Several observations. I would advise against using no sync. As Peter van Oene has pointed out, it does't give a signficant performance benefit in modern AS topologies, and Juniper consciously doesn't even have a knob for it. Next, I'm still confused what is being relearned, and how this creates a problem. Are you saying your routing policy is such that only the aggregating router should know about the aggregate? You want something like a NO-ADVERTISE policy on iBGP but _not_ a NO-EXPORT policy on eBGP? Why, if so? Again, I'm not seeing what problem is being caused, but could a blackhole local route for the aggregate, on R6, solve it? > >Configs: > >R5# >router bgp 620 > no synchronization > bgp router-id 10.10.10.5 > bgp log-neighbor-changes > bgp confederation identifier 600 > aggregate-address 172.16.0.0 255.255.0.0 as-set suppress-map sup_map > neighbor 10.10.10.4 remote-as 620 > neighbor 10.10.10.4 update-source Loopback0 > neighbor 10.10.10.7 remote-as 500 > neighbor 10.10.10.7 ebgp-multihop 2 > neighbor 10.10.10.7 update-source Loopback0 > neighbor 10.10.10.7 route-map set_med out > no auto-summary >! > >BGP table version is 16, local router ID is 10.10.10.5 >Status codes: s suppressed, d damped, h history, * valid, > best, i - >internal >Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path >*> 172.16.0.0 0.0.0.0 100 32768 (610) i >s>i172.16.1.0/24216.30.30.2 0100 0 (610) i >s>i172.16.2.0/24216.30.30.2 0100 0 (610) i >s>i172.16.3.0/24216.30.30.2 0100 0 (610) i >*>i172.16.4.0/24216.30.30.2 0100 0 (610) i >*> 192.168.22.0 10.10.10.7 0 500 400 i >R5# > > >R6# >router bgp 620 > no synchronization > bgp router-id 10.10.10.6 > bgp log-neighbor-changes > bgp confederation identifier 600 > neighbor 10.10.10.4 remote-as 620 > neighbor 10.10.10.4 update-source Loopback0 > neighbor 10.10.10.7 remote-as 500 > neighbor 10.10.10.7 ebgp-multihop 2 > neighbor 10.10.10.7 update-source Loopback0 > neighbor 10.10.10.7 route-map set_med out > no auto-summary >! > >BGP table version is 24, local router ID is 10.10.10.6 >Status codes: s suppressed, d damped, h history, * valid, > best, i - >internal >Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path >*>i172.16.0.0 10.10.10.5100 0 (610) i >*>i172.16.1.0/24216.30.30.2 0100 0 (610) i >*>i172.16.2.0/24216.30.30.2 0100 0 (610) i >*>i172.16.3.0/24216.30.30.2 0100 0 (610) i >*>i172.16.4.0/24216.30.30.2 0100 0 (610) i >* i192.168.22.0 10.10.10.7100 0 500 400 i >*> 10.10.10.7 0 500 400 i >R6# > >R7# >router bgp 500 > bgp router-id 10.10.10.7 > bgp log-neighbor-changes > neighbor 10.10.10.5 remote-as 600 > neighbor 10.10.10.5 ebgp-multihop 2 > neighbor 10.10.10.5 update-source Loopback0 > neighbor 10.10.10.6 remote-as 600 > neighbor 10.10.10.6 ebgp-multihop 2 > neighbor 10.10.10.6 update-source Loopback0 > neighbor 10.10.10.6 route-map change_weight in > neighbor 10.10.10.8 remote-as 400 > neighbor 10.10.10.8 ebgp-multihop 2 > neighbor 10.10.10.8 update-source Loopback0 > maximum-paths 2 > no auto-summary >! > >BGP table version is 9, local router ID is 10.10.10.7 >Status codes: s suppressed, d damped, h history, * valid, > best, i - >internal >Origin codes: i - IGP, e - EGP, ? - incomplete > >Network Next HopMetric LocPrf Weight Path >*> 172.16.0.0 10.10.10.5 0 600 i Sent out to R7 >* 10.10.10.5 0 600 i Some how learnt it twice >*> 172.16.1.0/2410.10.10.6 150 600 i >*> 172.16.2.0/2410.10.10.6 0 600 i >*> 172.16.3.0/2410.10.10.6 0 600 i >*> 172.16.4.0/2410.10.10.5 50 0 600 i >* 10.10.10.6 100 0 600 i >*> 192.168.22.0 10.10.10.8 0 0 400 i >R7# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27822&t=27822 -- FAQ, list archives, and subscription info: http://www
Re: /31 subnet. [7:27742]
>Maybe I'm missing something, but there are only 2 useable addresses in a >/30, and only 2 interfaces participating in a point-to-point link, so how >are there 50% of the addresses wasted. > >Steve But there are 4 actual addresses in a /30. Two are not usable. All the addresses in a /31 are both actual and usable. > >""MADMAN"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Point to point connections, with a /30 you waste 50% of the >> avaivalable addresses. >> >>Dave >> >> Nicolas FEVRIER wrote: >> > >> > Hi group, >> > >> > I'm puzzled by the use of /31 subnets... >> > Anybody can explain me the benefits of such a subnet on an interface ? >> > >> > Thanxx. >> > >> > Nicolas. >> -- >> David Madland >> Sr. Network Engineer >> CCIE# 2016 >> Qwest Communications Int. Inc. >> [EMAIL PROTECTED] >> 612-664-3367 >> >> "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27824&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet (now with info link) [7:27802]
>I read the RFC, so I guess it can be used. My bad. > >AM I correct in saying that one interface will be assigned the all zero >subnet as it's IP and the other will be assigned the broadcast IP address >for that subnet? > >Steve Yes. It's a controlled violation of that addressing rule. > > > >""VoIP Guy"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> I know that, but the network and broadcast addresses are unusable. Thus >the >> two good addresses for hosts. >> ""Craig Columbus"" wrote in message >> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > With a /30 you use 4 IP addresses (network, 2 node, 1 broadcast). You >> save >> > addresses with a /31. >> > Here's a link with more info: >> > >> > http://www.ietf.org/rfc/rfc3021.txt?number=3021 >> > >> > Thanks, >> > Craig >> > >> > At 08:32 AM 11/30/2001 -0500, you wrote: >> > >Maybe I'm missing something, but there are only 2 useable addresses in >a >> > >/30, and only 2 interfaces participating in a point-to-point link, so >how >> > >are there 50% of the addresses wasted. >> > > >> > >Steve >> > > >> > > >> > >""MADMAN"" wrote in message >> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > > > Point to point connections, with a /30 you waste 50% of the >> > > > avaivalable addresses. >> > > > >> > > > Dave >> > > > >> > > > Nicolas FEVRIER wrote: >> > > > > >> > > > > Hi group, >> > > > > >> > > > > I'm puzzled by the use of /31 subnets... >> > > > > Anybody can explain me the benefits of such a subnet on an >interface >> ? >> > > > > >> > > > > Thanxx. >> > > > > >> > > > > Nicolas. >> > > > -- >> > > > David Madland >> > > > Sr. Network Engineer >> > > > CCIE# 2016 >> > > > Qwest Communications Int. Inc. >> > > > [EMAIL PROTECTED] >> > > > 612-664-3367 >> > > > >> > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27823&t=27802 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
>It doesn't work in Cisco routers. Only in quite recent releases, and I can't tell you numbers offhand. Might need to be an ISP release train. > >""Carroll Kong"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Law of subnets is a tradeoff. Bigger subnets, have higher >> efficiency, at the cost of bigger broadcast domains. Smaller subnets have >> abysmal efficiency, at the benefit of smaller broadcast domains. >> /31 is a new RFC proposed rule which eliminates the loss of >> effiency of 50% to.. 0%. >> /30 has 2 usable addresses but loses 2 for broadcast and >> network. So, you need 4 ips to make the subnet, but you only can use >> 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore >> the broadcast and network need. This is ideal for point to point. >> >> At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: >> >Maybe I'm missing something, but there are only 2 useable addresses in a >> >/30, and only 2 interfaces participating in a point-to-point link, so how >> >are there 50% of the addresses wasted. >> > >> >Steve >> > >> > >> >""MADMAN"" wrote in message >> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > > Point to point connections, with a /30 you waste 50% of the >> > > avaivalable addresses. >> > > >> > > Dave >> > > >> > > Nicolas FEVRIER wrote: >> > > > >> > > > Hi group, >> > > > >> > > > I'm puzzled by the use of /31 subnets... >> > > > Anybody can explain me the benefits of such a subnet on an interface >? >> > > > >> > > > Thanxx. >> > > > >> > > > Nicolas. >> > > -- >> > > David Madland >> > > Sr. Network Engineer >> > > CCIE# 2016 >> > > Qwest Communications Int. Inc. >> > > [EMAIL PROTECTED] >> > > 612-664-3367 >> > > >> > > "Emotion should reflect reason not guide it" >> -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27826&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnetting [7:27808]
>Can anyone help ! >I have been assigned by our Head Office a Class B address >(Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 >which gives me 254 hosts available. >However i have to split this between 3 locations >like so : > >Loc A : Minimum Addresses Required 160 (HQ) >Loc B : Minumum Addresses Required 16 >Loc C : Minumum Addresses Required 48 > >Loc B & C will each have a router that connects to a router at Loc A. > >Any ideas on how this can done ? > VLSM and a classless routing protocol. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27825&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Restrict remote users access to corporate netw [7:27759]
Hello David You'll need to make use AAA in your configuration. Refer to http://www.cisco.com/warp/customer/707/index.shtml ( CCO login required ) ./bosire -- ___ +$;%+$;'+$;%+$;'+$;%+$;'+$;%+$;'+$;%+$;'+$;%+$ richard bosire ccn[ap], ccd[ap], ccs[ae] David Tran wrote: > Hi Everyone, > > Perhaps someone in the group can help me with this problem. > I have Cisco Pix515-UR (128MB RAM/16MB Flash) running PIX > code 6.1(1) with Pix Device Manager (PDM) version 1.1(2). This > PIX is connected to my cable modem with STATIC IP address > 129.174.1.13 on the outside interface. The inside interface > (which is my internal network) has an IP of 192.168.1.1 > with a netmask of 255.255.255.0. On the internal network, I have > a BSD box (IP 192.168.1.10), a Linux box (192.168.1.20), a > Solarisx86 (IP 192.168.1.30) and a SCO Unix with IP 192.168.1.40 > > I have successfully implemented VPN connection for remote users > using Cisco VPN client 3.1.1 running on Win98, NT, 2000 and Linux > to connect to the internal network. Once these remote users are > successfully connected, they can access all the devices on the > internal network. > > I have 2 questions: > > 1) Let say that I just want remote users to access just the BSD box > and the Linux box but not the Solaris and SCO, how can I make this > happen? I know how to do that with Checkpoint Secure Remote > (Checkpoint use Encryption domain which specify which devices > remote user is allowed to access). How can I accomplish this > in PIX? For example, I just want remote users to ping the BSD > and Linux boxes but not Solaris and SCO boxes. > > 2) I have 4 different remote users who connect to the internal network > via VPN IPSec connection. All of these users are using the same account > (vpn3000) to connect back to the network. From a Security stand point, this > is > bad practices. How can I assign each of these users different account in > the configuration? Again, I know how to do this with Checkpoint; however, > I don't know how to get it done in PIX. > > Below is the configuration. Please help. thanks. > > PIX Version 6.1(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > enable password OnTrBUG1Tp0edmkr encrypted > passwd 2KFQnbNIdI.2KYOU encrypted > hostname goss-d3-pix515b > domain-name micronetsolution.com > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > ! > !--- Access-list to avoid Network Address Translation (NAT) on the IPSec > packets > access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 > 255.255.255.0 > pager lines 24 > interface ethernet0 auto > interface ethernet1 auto > mtu outside 1500 > mtu inside 1500 > ! > !--- IP addresses on the interfaces > ip address outside 129.174.1.13 255.255.240.0 > ip address inside 192.168.1.1 255.255.255.0 > ip audit info action alarm > ip audit attack action alarm > ip local pool ippool 192.168.2.1-192.168.2.254 > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > pdm history enable > arp timeout 14400 > ! > !--- Binding ACL 101 to the NAT statement to avoid NAT on the IPSec packets > nat (inside) 0 access-list 101 > ! > !--- Default route to the Internet > route outside 0.0.0.0 0.0.0.0 129.174.1.1 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > http server enable > http 192.168.1.0 255.255.255.0 inside > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > ! > !--- The sysopt command avoids conduit on the IPSec encrypted traffic > sysopt connection permit-ipsec > no sysopt route dnat > ! > !--- Phase 2 encryption type > crypto ipsec transform-set myset esp-des esp-md5-hmac > crypto dynamic-map dynmap 10 set transform-set myset > crypto map mymap 10 ipsec-isakmp dynamic dynmap > ! > !--- Binding the IPSec engine on the outside interface > crypto map mymap interface outside > ! > !--- Enabling ISAKMP key-exchange > isakmp enable outside > isakmp identity address > ! > !--- ISAKMP Policy for 3000 VPN client running 3.0 or higher code > isakmp policy 10 authentication pre-share > isakmp policy 10 encryption des > isakmp policy 10 hash md5 > isakmp policy 10 group 2 > isakmp policy 10 lifetime 86400 > ! > !--- IPSec group configuration for either VPN client > vpngroup vpn3000 address-pool ippool > vpngroup vpn3000 dns-server 192.168.1.10 > vpngroup vpn3000 default-domain micronetsolution.com > vpngroup vpn300
Re: Using TFTP and Notepad for CCIE Lab [7:27793]
I would dump the tftp server worries and just use a text editor you are comfortable with. Don - Original Message - From: "Wilson, Christian" To: Sent: Friday, November 30, 2001 4:50 AM Subject: Using TFTP and Notepad for CCIE Lab [7:27793] > I read about a lot of people using a text editor and tftp to create and > manipulate their configurations to save time on the CCIE Lab exam. I > understand the benefits of using this technique, but sometimes it seems as > if it takes quite a while for me to set up the required routing to reach all > of my routers via tftp. My real question concerns the use of a terminal > server in this situation. I do not have a terminal server, but my > understanding is that you telnet to the terminal server, which in turn has > reverse telnet connections to each routers console port. If I was connected > to the terminal server via a PC that had tftp server software installed, is > there an easy way to use the reverse telnet connection to each router for > the tftp file transfer? If not, would I have to have a tftp server > connected to one router's Ethernet, and then set up routing to that > ethernet's subnet on each router? I am trying to invision how this > technique would save time in the lab if a tftp server is not readily > available on a subnet common to all devices in the rack. I know a router > can be configured as a tftp server, but I believe that it can only answer > requests and can not be copied to. Any help would be greatly appreciated as > I sit the lab on Feb 1 and I would like to develop some solid time-saving > techniques. Thank you! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27805&t=27793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Little OT: Re: 2511 Async [7:27749]
Another work around for short octal cables is. Ethernet line extenders and a straight through cat5. I used to have my lab stacked on top of each other now it is spread out nice. Don - Original Message - From: "Daniel Cotts" To: Sent: Thursday, November 29, 2001 4:37 PM Subject: RE: 2511 Async [7:27749] > It uses rolled cables. New ones ship with green colored flat cables. The > great part is that you can easily create your own custom length cables. > > > -Original Message- > > From: Dave Luancing [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, November 29, 2001 5:48 PM > > To: [EMAIL PROTECTED] > > Subject: 2511 Async [7:27749] > > > > > > I am getting a 2500 Async router with the built in > > Async ports (RJ45). Does anyone know, do I use a > > straight thru cable or cisco rolled cable to speak to > > other cisco routers? I have previously only worked > > with the Octel cables. > > > > I also will be configuring this to speak to a modem > > bank, has anyone had experience with this... Is there > > configuration that needs to be done on the modem bank > > side. The router will be configured to support remote > > nodes. > > > > - Dave > > > > __ > > Do You Yahoo!? > > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > > http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27797&t=27749 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Network and broadcast address not needed on p-to-p links. - Original Message - From: "VoIP Guy" To: Sent: Friday, November 30, 2001 5:32 AM Subject: Re: /31 subnet. [7:27742] > Maybe I'm missing something, but there are only 2 useable addresses in a > /30, and only 2 interfaces participating in a point-to-point link, so how > are there 50% of the addresses wasted. > > Steve > > > ""MADMAN"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Point to point connections, with a /30 you waste 50% of the > > avaivalable addresses. > > > > Dave > > > > Nicolas FEVRIER wrote: > > > > > > Hi group, > > > > > > I'm puzzled by the use of /31 subnets... > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > Thanxx. > > > > > > Nicolas. > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27813&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Typical Access Server setting [7:27437]
Marc, Many Thanks for your reply. Can you please guide me further how to get this done?? Tom >From: "Marc Russell" >Reply-To: "Marc Russell" >To: [EMAIL PROTECTED] >Subject: Re: Typical Access Server setting [7:27437] >Date: Tue, 27 Nov 2001 23:08:23 -0500 > >You can do what you want by setting the privilege on the users and the >commands you desire. No external server required. > >Marc Russell >www.ccbootcamp.com > > >""IT Guy"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi guys, > > > > Need your help to setup my Access server. > > I need to setup My Access server router(16 ports) such that two >different > > users can get different access rights when access the Rack routers > > (different routers)thorugh these Access server. > > For example I want User-A to give access to only Basic mode and restric >him > > by using enable mode or seeeing any configurations in Access server. > > On the other hand, I want other user to have full access.. > > > > Any idea how to setup this?? > > > > Thanks for help > > > > Tom > > > > _ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27774&t=27437 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Security: Microsoft RADIUS and Cisco [7:27554]
Which Radius server are you using? Is it listening for authentication requests on port 1812 or 1645? Looks like a radius server problem to me. Ensure it is indeed authenticating. Most radius servers have inbuilt facilities to test functionality. Tunji >From: "Pierre-Alex J. Guanel" >Reply-To: "Pierre-Alex J. Guanel" >To: [EMAIL PROTECTED] >Subject: Security: Microsoft RADIUS and Cisco [7:27554] >Date: Wed, 28 Nov 2001 14:50:55 -0500 > >I have the following configuration on my router: > >radius-server host auth-port 1812 acct-port 1813 >radius-server retransmit 3 >radius-server timeout 20 >radius-server key >! > >I have configured IAS with my router as the client and the Client-Vendor as >Cisco > >The shared secret is the same as the radius-server > >When I telnet to the router, after having entered a valid username and >password, > >I get the message "%authentication failed". > >I have turned on radius debugging on the router but I don't see anything. > >Did I miss something obvious? > >Pierre-Alex _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27827&t=27554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
CRTL-SHIFT-6 works for me -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Smith Sent: Friday, November 30, 2001 8:58 AM To: [EMAIL PROTECTED] Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] ctrl-shift-F6. -Original Message- From: Hollis [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 10:19 PM To: [EMAIL PROTECTED] Subject: escape sequence other than Ctl-Shift-6(x) [7:27760] Does anyone know an escape sequence other than Ctl-Shift-6(x) to use while within a Term server session. Say I need to stop an unsuccessful traceroute... but when I do Ctl-Shift-6(x) it takes me back to my Term server. Thanks. kk/USN Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27833&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
CTRL-SHIFT-6 (twice) works for me -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Smith Sent: Friday, November 30, 2001 8:58 AM To: [EMAIL PROTECTED] Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] ctrl-shift-F6. -Original Message- From: Hollis [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 10:19 PM To: [EMAIL PROTECTED] Subject: escape sequence other than Ctl-Shift-6(x) [7:27760] Does anyone know an escape sequence other than Ctl-Shift-6(x) to use while within a Term server session. Say I need to stop an unsuccessful traceroute... but when I do Ctl-Shift-6(x) it takes me back to my Term server. Thanks. kk/USN Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27834&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
That means changing the escape character of the device being controlled by the termserv. What if you have several devices on the termserv. It is better to change the escape character of the termserv itself and leave everything else as default. Try this on your termserv: line con 0 escape-character 92 line vty 0 4 escape-character 92 Then you would press "\x" to go back to your termserv. Everything else is still Ctrl-Shift-6. If you want to use different escape-character check the link below http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr/1rb ook/1rascii.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stefan Dozier Sent: Thursday, November 29, 2001 10:54 PM To: [EMAIL PROTECTED] Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] Try this "On line console 0 add "escape 27"; when you have a ping or traceroute or something you want to break out of, press the [ESCAPE] key." BTW: I found this while perusing through the archives! Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hollis Sent: Thursday, November 29, 2001 11:19 PM To: [EMAIL PROTECTED] Subject: escape sequence other than Ctl-Shift-6(x) [7:27760] Does anyone know an escape sequence other than Ctl-Shift-6(x) to use while within a Term server session. Say I need to stop an unsuccessful traceroute... but when I do Ctl-Shift-6(x) it takes me back to my Term server. Thanks. kk/USN Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27835&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
Although intf's won't combine packets, I usually set higher MTU's so that larger packets with the DF flag on will be allowed through. Brent On 29/11/01 21:16 -0500, Priscilla Oppenheimer wrote: : [...] A lot of novices think that having a large interface :MTU is going to make a big difference, but I'm not convinced. The interface :isn't going to combine packets it receives into larger packets just because :of the larger MTU. Packets can't grow!? [...] : :I'll have to look into this. Thoughts? Comments? : :Priscilla : :At 05:26 PM 11/29/01, Howard C. Berkowitz wrote: :> >Found this in RFC 1661 which documents PPP: :> > :> >The maximum length for the Information field, including Padding, but not :> >including the Protocol field, is termed the Maximum Receive Unit (MRU), :> >which defaults to 1500 octets. By negotiation, consenting PPP :> >implementations may use other values for the MRU. :> > :> >P. :> :>Hmmm...I definitely am aware of providers using 4470 on POS links, :>and a general trend in the gigabit-plus world to use larger MTUs. Is :>this simply industry practice, I wonder, or are there some overriding :>IEEE or IETF documents? Perhaps in the sub-IP area, such as IP over :>Optical? :> :> > :> >At 03:05 PM 11/29/01, Howard C. Berkowitz wrote: :> >> >Howard, :> >> > :> >> >Correct me if am wrong but, the HDLC advantage over PPP is the MTU :size. :> >> >PPP supports 1500 while HDLC 4xxx (can't remember the exact number), :> >> >this might be helpful in situations where DF bit is set. :> >> > :> >> >Nabil :> >> :> >>I'd have to research this -- I don't offhand remember PPP (as the :> >>protocol) having a MTU limit that small. It would surprise me, given :> >>the interest in POS. :> > :> > :> >Priscilla Oppenheimer :> >http://www.priscilla.com : : :Priscilla Oppenheimer :http://www.priscilla.com : : : : Brent Wrisley 2FB6 85AD 7084 80A0 8381 C116 CDE5 78B5 E959 C536 PGP Key ID: 0xE959C536 (us.pgp.net) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27828&t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2500 Router problem [7:27695]
What routing protocol are you using? What does the "sh ip rou" command display for you? ccie1ab -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James gruggett Sent: Thursday, November 29, 2001 5:54 PM To: [EMAIL PROTECTED] Subject: 2500 Router problem [7:27695] I have a lab setup as follows: 2 2500 series routers connected to a 2900 switch. Router1 E0 192.168.1.1 255.255.255.0 Router 2 E0 192.168.2.1 255.255.255.0 SwitchIP 192.168.1.3 255.255.255.0 I can ping and telnet to Router 1 and the switch. I can not ping Router2. When I telnet I receive this error message(Cam't open connection to host on port 23, a socket operation was attempted to an unreachable host) I console into Router 2 and E0 looks fine with ip ans it states it is administrately up. Any suggestions? Thanks, James Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27830&t=27695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[2]: VPN is a Backdoor !!! [7:27725]
Your right, but it is nearly impossible to secure the client. The problem is that no matter how much education you give users, most will still do the "wrong" thing given the right circumstances. For example, if they are in a chat room and someone they are communicating with sends them a file, most will open it, no matter how many times you tell them not to. If it is a virus or a trojan, their entire machine can become compromised and no amount of firewall software and strong authentication can completely fix that. When prompted about a new app trying to reach the Internet, they may just answer 'yes'. If there's no prompt and the software doesn't work, they may just disable their firewall. (yes, it does happen) The problem is worse if users use their home machines for VPN access. If they use company assigned laptops with WinNT or 2K, you can fix some of this by not giving them admin access to their own machines. This will severely limit their ability to install new software and offer some protection, but its not a guarantee. I can see someone breaking into their machine to install the hot new game they just got sent from a "friend" they met on yahoo chat who's only too happy to help them get the software installed. The weakest link in the security chain is almost always human factors. In the end, there's no silver bullet for this problem. Policies and user education help, but there's always a risk involved once you rely on users for security, which is what you must do when you allow users remote access to the corporate goodies. Creating a secure link is easy, it's the endpoints that tend to bite you. ;-) Good luck, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SentinuS Sent: Thursday, November 29, 2001 3:35 PM To: [EMAIL PROTECTED] Subject: Re[2]: VPN is a Backdoor !!! [7:27725] But I think VPN is not Backdoor if you use right Security Policy and right configuration. There is one issue : Client. If you can secure your client, there is no weakness. Thursday, November 29, 2001, 11:47:08 PM, you wrote: PR> Even then though, you're not secure. If the box is compromised before you PR> connect then even when the firewall is enforced, malicious activity could PR> still take a place...the attacker would not be able to connect to the PR> machine but could leave dastardly code behind to do his job for him. PR> I am working on this scenario now as well. I am attempting to come up with PR> a best practice for cleaning a machine, installing a firewall, etc for PR> any vpn client. Let me know how yours goes! PR> -Patrick ---cut--- SentinuS Best Regards [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27832&t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: network simulator [7:27658]
Anthony, Check out www.shunra.com they have a simulator called the 'Storm' that is awesome! It allows you to manipulate latency, jitter and packet loss. Its a hardware solution however I have seen a freeware version of this out on certain linux centrix sites. It works great though, I used it on a VoIP gig in order to perform proof of concept tasks. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Anthony Toh Sent: Thursday, November 29, 2001 2:23 AM To: [EMAIL PROTECTED] Subject: network simulator [7:27658] Is there any router simulation software that I can configure to run in a Frame Relay and ISDN network ? Appreciate if anyone who knows can send me one. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27829&t=27658 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
CTRL+ALT-SUPR works for me :) >From: "Andy Hoang" >Reply-To: "Andy Hoang" >To: [EMAIL PROTECTED] >Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] >Date: Fri, 30 Nov 2001 11:13:12 -0500 > >That means changing the escape character of the device being controlled by >the termserv. What if you have several devices on the termserv. > >It is better to change the escape character of the termserv itself and leave >everything else as default. > >Try this on your termserv: > >line con 0 > escape-character 92 >line vty 0 4 > escape-character 92 > >Then you would press "\x" to go back to your termserv. Everything else is >still Ctrl-Shift-6. > >If you want to use different escape-character check the link below > >http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr/1rb >ook/1rascii.htm > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Stefan Dozier >Sent: Thursday, November 29, 2001 10:54 PM >To: [EMAIL PROTECTED] >Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] > > >Try this > >"On line console 0 add "escape 27"; when you have a ping or traceroute or >something you want to break out of, press the [ESCAPE] key." > >BTW: I found this while perusing through the archives! > >Stefan > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Hollis >Sent: Thursday, November 29, 2001 11:19 PM >To: [EMAIL PROTECTED] >Subject: escape sequence other than Ctl-Shift-6(x) [7:27760] > > >Does anyone know an escape sequence other than Ctl-Shift-6(x) to use while >within a Term server session. > >Say I need to stop an unsuccessful traceroute... but when I do >Ctl-Shift-6(x) it takes me back to my Term server. > >Thanks. > >kk/USN > > > > >Message Posted at: >http://www.groupstudy.com/form/read.php?f=7&i=27835&t=27760 >-- >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27836&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: /31 subnet. [7:27742]
Sure, but then what are your network and broadcast addresses? ccie1ab -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 6:22 PM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] Point to point connections, with a /30 you waste 50% of the avaivalable addresses. Dave Nicolas FEVRIER wrote: > > Hi group, > > I'm puzzled by the use of /31 subnets... > Anybody can explain me the benefits of such a subnet on an interface ? > > Thanxx. > > Nicolas. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27838&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE training [7:27776]
reply. Bruce Caslow is working at NetMasterClass LLC. He and Val Pavlichenko are teaching new CCIE Lab Preparation courses - RS-NMC-1 and RS-NMC-2. There is a class being held this week in Reston, Virginia. Details, schedules, and outlines of the courses and an e-mail address can be found at http://www.netmasterclass.net. Note - I am affiliated with NMC. Cheers, Fred. Gus Hussein wrote: > > Does any bosy know where Bruce Caslow works now? > or any one knows his e-mail. > Thanks > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27837&t=27776 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
I participated in the Cisco LAN Technologies seminar and the Cisco guy said it was recently added in their support. I have been searching around and so far have not found anything. Debbie Westall --- VoIP Guy wrote: > It doesn't work in Cisco routers. > > ""Carroll Kong"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Law of subnets is a tradeoff. Bigger subnets, > have higher > > efficiency, at the cost of bigger broadcast > domains. Smaller subnets have > > abysmal efficiency, at the benefit of smaller > broadcast domains. > > /31 is a new RFC proposed rule which > eliminates the loss of > > effiency of 50% to.. 0%. > > /30 has 2 usable addresses but loses 2 > for broadcast and > > network. So, you need 4 ips to make the subnet, > but you only can use > > 2. 50% efficiency. /31 is going to let you take > 2, and use 2, and ignore > > the broadcast and network need. This is ideal for > point to point. > > > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > > >Maybe I'm missing something, but there are only 2 > useable addresses in a > > >/30, and only 2 interfaces participating in a > point-to-point link, so how > > >are there 50% of the addresses wasted. > > > > > >Steve > > > > > > > > >""MADMAN"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Point to point connections, with a /30 you > waste 50% of the > > > > avaivalable addresses. > > > > > > > > Dave > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > Hi group, > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > Anybody can explain me the benefits of such > a subnet on an interface > ? > > > > > > > > > > Thanxx. > > > > > > > > > > Nicolas. > > > > -- > > > > David Madland > > > > Sr. Network Engineer > > > > CCIE# 2016 > > > > Qwest Communications Int. Inc. > > > > [EMAIL PROTECTED] > > > > 612-664-3367 > > > > > > > > "Emotion should reflect reason not guide it" > > -Carroll Kong [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27839&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question about affordable training classes [7:27840]
Hello, I am a Cisco Instructor and have been toying with the idea of running very low-cost classes that would be affordable for those not sponsored by a corporation or rich enough to pay $2000 or more per class. I was considering about maybe $200 to cover costs and equipment. (If someone could not afford even that we could work something out...) While I got my CCSI at Mentor (formerly Chesapeake) and recently have been doing contract training at places like Sprint and Verizon, I can still remember trying to get started, to get training, and to get that proverbial "foot in the door". I'd like to use some of my "off" weeks when I'm not doing corporate training to help other people get their Cisco certifications and a good start in this career. Classes would be held at my house, which is located just south of Washington, DC. in beautiful Fort Washington, Maryland. Please let me know if you think that such classes would be useful and of interest. Yours Truly - Bruce Evry [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27840&t=27840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN + 1720 [7:27841]
Maby i am asking to much ;) anyway, here goes 'nothing'; Can anyone show me a sample config(or a url) for a VPN on a router 1720?( assuming it connects through a frame-relay cloud) thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27841&t=27841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
You gotta have the right code. - Original Message - From: "VoIP Guy" To: Sent: Friday, November 30, 2001 6:44 AM Subject: Re: /31 subnet. [7:27742] > It doesn't work in Cisco routers. > > ""Carroll Kong"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Law of subnets is a tradeoff. Bigger subnets, have higher > > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > > abysmal efficiency, at the benefit of smaller broadcast domains. > > /31 is a new RFC proposed rule which eliminates the loss of > > effiency of 50% to.. 0%. > > /30 has 2 usable addresses but loses 2 for broadcast and > > network. So, you need 4 ips to make the subnet, but you only can use > > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > > the broadcast and network need. This is ideal for point to point. > > > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > > >Maybe I'm missing something, but there are only 2 useable addresses in a > > >/30, and only 2 interfaces participating in a point-to-point link, so how > > >are there 50% of the addresses wasted. > > > > > >Steve > > > > > > > > >""MADMAN"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Point to point connections, with a /30 you waste 50% of the > > > > avaivalable addresses. > > > > > > > > Dave > > > > > > > > Nicolas FEVRIER wrote: > > > > > > > > > > Hi group, > > > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > > Anybody can explain me the benefits of such a subnet on an interface > ? > > > > > > > > > > Thanxx. > > > > > > > > > > Nicolas. > > > > -- > > > > David Madland > > > > Sr. Network Engineer > > > > CCIE# 2016 > > > > Qwest Communications Int. Inc. > > > > [EMAIL PROTECTED] > > > > 612-664-3367 > > > > > > > > "Emotion should reflect reason not guide it" > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27831&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN + 1720 [7:27841]
Here's one I did a few months ago. The only thing I wasn't comfortable with was the access list that has to let the internal IPSec addresses back in, but I couldn't do it any other way. Does anyone have a better idea? Maybe it's the only way it can be done. Steve Current configuration : 4387 bytes ! version 12.2 no parser cache no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Chaston ! logging buffered 4096 debugging logging rate-limit console 10 except errors no logging console enable secret 5 ! memory-size iomem 15 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ! ! no ip domain-lookup ! no ip bootp server ip inspect name STOP smtp ip inspect name STOP tcp ip inspect name STOP udp ip inspect name STOP cuseeme ip inspect name STOP ftp ip inspect name STOP h323 ip inspect name STOP rcmd ip inspect name STOP realaudio ip inspect name STOP streamworks ip inspect name STOP vdolive ip inspect name STOP sqlnet ip inspect name STOP tftp ip inspect name GO smtp ip inspect name GO tcp ip inspect name GO udp ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 no ip dhcp-client network-discovery ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key xx160500 address 0.0.0.0 0.0.0.0 crypto isakmp client configuration address-pool local VPNpool ! ! crypto ipsec transform-set Strong esp-des esp-md5-hmac crypto mib ipsec flowmib history tunnel size 200 crypto mib ipsec flowmib history failure size 200 ! crypto dynamic-map dynVPNmap 10 set transform-set Strong ! ! ! crypto map modecfg client configuration address initiate crypto map modecfg client configuration address respond crypto map modecfg 10 ipsec-isakmp dynamic dynVPNmap ! ! ! ! interface Ethernet0 ip address 255.255.255.252 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside no ip route-cache no ip mroute-cache half-duplex no cdp enable crypto map modecfg ip policy route-map nonat ! interface FastEthernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip inspect GO out ip inspect STOP in speed auto no cdp enable ! ip local pool VPNpool 192.168.100.50 192.168.100.55 ip default-gateway xxx ip nat pool IntNATpool x xx netmask 255.255.255.252 ip nat inside source route-map rmap pool IntNATpool overload ip nat inside source static tcp 192.168.1.100 110 110 extendable ip nat inside source static tcp 192.168.1.100 25 xx 25 extendable ip classless ip route 0.0.0.0 0.0.0.0 no ip http server ! access-list 101 permit tcp any any established access-list 101 permit tcp any host xxx eq telnet access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any traceroute access-list 101 permit ahp any any access-list 101 permit esp any any access-list 101 permit udp any any eq isakmp access-list 101 permit tcp any host xxx eq pop3 access-list 101 permit tcp any host eq smtp access-list 101 permit ip host 192.168.100.50 any access-list 101 permit ip host 192.168.100.51 any access-list 101 permit ip host 192.168.100.52 any access-list 101 permit ip host 192.168.100.53 any access-list 101 permit ip host 192.168.100.54 any access-list 101 permit ip host 192.168.100.55 any access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 110 permit ip 192.168.1.0 0.0.0.255 any access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255 no cdp run route-map rmap permit 10 match ip address 110 ! route-map nonat permit 10 match ip address 120 ! route-map nonat permit 20 ! ! banner motd ^CC *** NOTICE TO USERS This is a private computer system and is the property of Chaston Associates. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site, and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site or Department of Energy personnel. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to
ISDN BRI [7:27843]
Hello, I have found you address while going through some archives, I was wondering if you could personally help me with a problem, I am configuring a router a 2600 series with IOS 12.0 for ISDN connectivity to an ISP access server cisco AS5300, the configuration i have used has been tested by me on Cisco 1603, 2501, 2503, with little changes, the problem here is that the router connects and the after ten seconds disconnects and on sensing out going traffic reconnects and then disconnects again, i start a ping it stays connected and then disconnects. All other routers that i worked with are working ok except this one, I am searching for the solution that when i found you. Hoping for a reply. Regards Shakeel Shammsi Here is the configuration that i have put in. router#sh conf Using 1811 out of 32762 bytes ! ! Last configuration change at 17:10:09 UTC Wed Mar 28 2001 ! NVRAM config last updated at 17:10:12 UTC Wed Mar 28 2001 ! version 12.0 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service udp-small-servers service tcp-small-servers ! hostname router ! enable secret 5 $1$UScn$gtVSLClesbMr2G1CpNwkK/ enable password cisco123 ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ip name-server x.x.x.x ip name-server x.x.x.x isdn switch-type basic-net3 ! ! ! interface Ethernet0 ip address x.x.x.x x.x.x.x no ip directed-broadcast ip nat inside no cdp enable ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast shutdown no cdp enable ! interface BRI0 no ip address no ip directed-broadcast ip nat outside encapsulation ppp dialer rotary-group 0 isdn switch-type basic-net3 no fair-queue no cdp enable ! interface Dialer0 ip address x.x.x.x x.x.x.x no ip directed-broadcast ip nat outside encapsulation ppp dialer in-band dialer idle-timeout 300 dialer string 13111666 class 56k dialer hold-queue 10 dialer load-threshold 200 either Rem (if no multi link support is off) dialer-group 1 no fair-queue no cdp enable ppp authentication pap callin ppp pap sent-username test password 7 141113180F0B27 ppp multilink ! ip nat translation timeout 1800 ip nat inside source list 1 interface Dialer0 overload ip http server ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! map-class dialer 56 dialer isdn speed 56 access-list 1 permit x.x.x.x x.x.x.x dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 password cisco login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27843&t=27843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN BRI [7:27844]
Hello, I am configuring a router a 2600 series with IOS 12.0 for ISDN connectivity to an ISP access server cisco AS5300, the configuration i have used has been tested by me on Cisco 1603, 2501, 2503, with little changes, the problem here is that the router connects and the after ten seconds disconnects and on sensing out going traffic reconnects and then disconnects again, i start a ping it stays connected and then disconnects. All other routers that i worked with are working ok except this one, I am searching for the solution that when i found you. Hoping for a reply. Regards Shakeel Shammsi Here is the configuration that i have put in. router#sh conf Using 1811 out of 32762 bytes ! ! Last configuration change at 17:10:09 UTC Wed Mar 28 2001 ! NVRAM config last updated at 17:10:12 UTC Wed Mar 28 2001 ! version 12.0 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service udp-small-servers service tcp-small-servers ! hostname router ! enable secret 5 $1$UScn$gtVSLClesbMr2G1CpNwkK/ enable password cisco123 ! ip subnet-zero no ip domain-lookup ip name-server x.x.x.x ip name-server x.x.x.x ip name-server x.x.x.x isdn switch-type basic-net3 ! ! ! interface Ethernet0 ip address x.x.x.x x.x.x.x no ip directed-broadcast ip nat inside no cdp enable ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast shutdown no cdp enable ! interface BRI0 no ip address no ip directed-broadcast ip nat outside encapsulation ppp dialer rotary-group 0 isdn switch-type basic-net3 no fair-queue no cdp enable ! interface Dialer0 ip address x.x.x.x x.x.x.x no ip directed-broadcast ip nat outside encapsulation ppp dialer in-band dialer idle-timeout 300 dialer string 13111666 class 56k dialer hold-queue 10 dialer load-threshold 200 either Rem (if no multi link support is off) dialer-group 1 no fair-queue no cdp enable ppp authentication pap callin ppp pap sent-username test password 7 141113180F0B27 ppp multilink ! ip nat translation timeout 1800 ip nat inside source list 1 interface Dialer0 overload ip http server ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! map-class dialer 56 dialer isdn speed 56 access-list 1 permit x.x.x.x x.x.x.x dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 password cisco login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27844&t=27844 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about affordable training classes [7:27840]
I'm glad you posted this. I'm considering doing the exact same thing at my home. It seems that given the high cost of formal training, some sort of low-cost classes or mentoring would be quite useful. John >>> "Bruce Evry" 11/30/01 10:06:45 AM >>> Hello, I am a Cisco Instructor and have been toying with the idea of running very low-cost classes that would be affordable for those not sponsored by a corporation or rich enough to pay $2000 or more per class. I was considering about maybe $200 to cover costs and equipment. (If someone could not afford even that we could work something out...) While I got my CCSI at Mentor (formerly Chesapeake) and recently have been doing contract training at places like Sprint and Verizon, I can still remember trying to get started, to get training, and to get that proverbial "foot in the door". I'd like to use some of my "off" weeks when I'm not doing corporate training to help other people get their Cisco certifications and a good start in this career. Classes would be held at my house, which is located just south of Washington, DC. in beautiful Fort Washington, Maryland. Please let me know if you think that such classes would be useful and of interest. Yours Truly - Bruce Evry [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27845&t=27840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnetting [7:27808]
Well, let me start by saying that with only a class C and the amount of hosts you specified, you are really pushing it, get more address space. This way you will have to put a bunch of secondarys on the routers ethernet interfaces, but it will work. This is assuming that the point to point circuits in each office will be numbered out of another block, or will use IP unnumbered, and that the numbers that you gave are for hosts, and that for the gateway address we would add one to the number given. The only thing I couldn't work out was location C, could only come up with 47 addresses for hosts there. Hope this helps, ugly as it may be. There are other ways to do this, none of them are very nice. 172.133.205.0/25 location A 126 host addresses, 125 excluding gateway 172.133.205.128/27location A 30 host addresses, 29 excluding gateway 172.133.205.160/29location A 6 host addresses, 5 excluding gateway 172.133.205.168/30location A 2 host addresses, 1 excluding gateway 172.133.205.172/30location B 2 host addresses, 1 excluding gateway 172.133.205.176/28location B 14 host addresses, 13 excluding gateway 172.133.205.192/29location B 6 host addresses, 5 excluding gateway 172.133.205.200/29location C 6 host addresses, 5 excluding gateway 172.133.205.208/28location C 14 host addresses, 13 excluding gateway 172.133.205.224/27location C 30 host addresses, 29 excluding gateway -Original Message- From: Andy Hutchinson To: [EMAIL PROTECTED] Sent: 11/30/2001 9:37 AM Subject: Subnetting [7:27808] Can anyone help ! I have been assigned by our Head Office a Class B address (Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 which gives me 254 hosts available. However i have to split this between 3 locations like so : Loc A : Minimum Addresses Required 160 (HQ) Loc B : Minumum Addresses Required 16 Loc C : Minumum Addresses Required 48 Loc B & C will each have a router that connects to a router at Loc A. Any ideas on how this can done ? Thanks Andy Hutchinson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27847&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN + 1720 [7:27841]
Good timing Paul, I just installed a VPN module in a 1720 last week. I have configured the router (after updating the IOS) to establish a tunnel as a simple router to router "peer" over the internet, but it is not complete because the other side is not completely installed yet. Here are the links I used to get tips. Scroll down to about 1/2 of the page and you will see examples for several scenarios. They are pretty handy and should save you some time. There is even a link to enable SSH on the routerGood Luck! http://www.cisco.com/warp/public/707/index.shtml paul wrote: >Maby i am asking to much ;) >anyway, here goes 'nothing'; > >Can anyone show me a sample config(or a url) for a VPN on a router 1720?( >assuming it connects through a frame-relay cloud) >thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27846&t=27841 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dual Homing Novell Servers to 2 Cat 6500's [7:27690]
Bill, If there is two cards installed in the server and it is on the same IP subnet,then each card can have an IP in the same subnet range. For examp NIC1 can be 192.168.0.1 and NIC2 can be 192.168.0.2. The server will be able to differentiate the cards. If for instance the Cat6000's are going to be on different subnets then you will have to assign a different IP subnet on each card. For example, NIC1 can be 192.168.10.1 and NIC2 can be 192.168.20.1. I'm pretty experienced with this setup, so please let me know if you need any more help. Thanks! -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27848&t=27690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
See comments inline... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Hoang Sent: Friday, November 30, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] >That means changing the escape character of the device being controlled by >the termserv. What if you have several devices on the termserv. Nothing a little foresight and a couple of cut & paste keystrokes or mouse clicks couldn't cure... >It is better to change the escape character of the termserv itself and leave >everything else as default. I won't argue that point, as I'm sure you could do it several different ways! Stefan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27849&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EBGP multihop over MPLS [7:27850]
Hello, Can anyone help? ! interface FastEthernet0/0.1 encapsulation isl 1 ip address 80.74.33.131 255.255.255.248 no ip redirects ! router bgp 1 no synchronization bgp log-neighbor-changes redistribute connected neighbor 80.74.33.134 remote-as 3 neighbor 80.74.33.134 ebgp-multihop 255 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 80.74.33.129 I have the above configuration on my router with this results shown below. BGP do not establish TCP session with opposite router. When I do EBGP multihop over normal network everything works fine. The opposite router has just a reverse configuration. Does anyone know what I miss in my configuration? Thank Petr router#ping 80.74.33.134 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 80.74.33.134, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms router#sh ip bgp nei BGP neighbor is 80.74.33.134, remote AS 3, external link BGP version 4, remote router ID 0.0.0.0 BGP state = Active Last read 1d03h, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 4, neighbor version 0 Index 1, Offset 0, Mask 0x2 Route refresh request: received 0, sent 0 0 accepted prefixes consume 0 bytes Prefix advertised 0, suppressed 0, withdrawn 0 Connections established 0; dropped 0 Last reset never External BGP neighbor may be up to 255 hops away. No active TCP connection Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27850&t=27850 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dual Homing Novell Servers to 2 Cat 6500's [7:27690]
Here's a sample of the config for the server. load ce1000 slot=1 frame=ethernet_ii name=nic1 load ce1000 slot=2 frame=ethernet_ii name=nic2 bind ip nic1 addr=192.168.0.1 ma=255.255.0.0 bind ip nic2 addr=192.168.0.2 ma=255.255.0.0 ce1000 is the driver, so you have change it to the lan driver that you're using. Hope this helps. -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27851&t=27690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: escape sequence other than Ctl-Shift-6(x) [7:27760]
cut and past would work, but with hundreds of devices, I'm sure you would see the point I'm trying to make. -Original Message- From: Stefan Dozier [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 9:42 AM To: Andy Hoang; [EMAIL PROTECTED] Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] See comments inline... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Hoang Sent: Friday, November 30, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: RE: escape sequence other than Ctl-Shift-6(x) [7:27760] >That means changing the escape character of the device being controlled by >the termserv. What if you have several devices on the termserv. Nothing a little foresight and a couple of cut & paste keystrokes or mouse clicks couldn't cure... >It is better to change the escape character of the termserv itself and leave >everything else as default. I won't argue that point, as I'm sure you could do it several different ways! Stefan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27853&t=27760 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about affordable training classes [7:27840]
Any chance you can come out west? :-) -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27854&t=27840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VXR [7:27855]
Anybody know what VXR stands for? As in Cisco 7200 VXR. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27855&t=27855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Yes, but why are all zeros and all ones in the host field disallowed? Because they seem to be broadcasts or refer to the entire subnet. On a point-to-point WAN, so what if you send to broadcast? There's only one station on the other end anyway! So IF devices support /31, you can use it. The only advantage would be it wastes fewer addresses, though. Priscilla At 04:03 AM 11/30/01, [EMAIL PROTECTED] wrote: >Sincerely do not know, when you find out let me know. To me using /31 is >against all subnet rules, /31 gives you a subnet mask of 255.255.255.254, >with two host addresses each, but these addresses are not usable. > >The most I have used and seen people use is /30 (255.255.255.252), for WAN >interface IP address allocations. > >Regards. >Oletu > >- Original Message - >From: Nicolas FEVRIER >To: >Sent: Thursday, November 29, 2001 2:39 PM >Subject: /31 subnet. [7:27742] > > > > Hi group, > > > > I'm puzzled by the use of /31 subnets... > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > Thanxx. > > > > Nicolas. >_ >Do You Yahoo!? >Get your free @yahoo.com address at http://mail.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27856&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnetting [7:27808]
If the addresses you were assigned must be used for host addresses then VLSM is the method. 160 addresses would require a block of 128 and a block of 32 addresses. The 48 requirement could be met with a block of 64. The 16 by 16. The remainder could be used for serial links. Not all addresses could be used for hosts as there is a need for subnet and broadcast addresses for each block. The router interface will use an address from each block. If it were necessary to put the 160 addresses on one interface then one block could be assigned as a secondary ip address. Another possibility would be to use RFC1918 addresses for the hosts and use NAT to talk to the rest of the world. > -Original Message- > From: Andy Hutchinson [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 30, 2001 8:38 AM > To: [EMAIL PROTECTED] > Subject: Subnetting [7:27808] > > > Can anyone help ! > I have been assigned by our Head Office a Class B address > (Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 > which gives me 254 hosts available. > However i have to split this between 3 locations > like so : > > Loc A : Minimum Addresses Required 160 (HQ) > Loc B : Minumum Addresses Required 16 > Loc C : Minumum Addresses Required 48 > > Loc B & C will each have a router that connects to a router at Loc A. > > Any ideas on how this can done ? > > Thanks > > Andy Hutchinson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27857&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[2]: VPN is a Backdoor !!! [7:27725]
The problem is usually between the keyboard and chair. ;-) Priscilla At 11:07 AM 11/30/01, Kent Hundley wrote: >Your right, but it is nearly impossible to secure the client. The problem >is that no matter how much education you give users, most will still do the >"wrong" thing given the right circumstances. For example, if they are in a >chat room and someone they are communicating with sends them a file, most >will open it, no matter how many times you tell them not to. > >If it is a virus or a trojan, their entire machine can become compromised >and no amount of firewall software and strong authentication can completely >fix that. When prompted about a new app trying to reach the Internet, they >may just answer 'yes'. If there's no prompt and the software doesn't work, >they may just disable their firewall. (yes, it does happen) The problem is >worse if users use their home machines for VPN access. If they use company >assigned laptops with WinNT or 2K, you can fix some of this by not giving >them admin access to their own machines. This will severely limit their >ability to install new software and offer some protection, but its not a >guarantee. I can see someone breaking into their machine to install the hot >new game they just got sent from a "friend" they met on yahoo chat who's >only too happy to help them get the software installed. > >The weakest link in the security chain is almost always human factors. In >the end, there's no silver bullet for this problem. Policies and user >education help, but there's always a risk involved once you rely on users >for security, which is what you must do when you allow users remote access >to the corporate goodies. Creating a secure link is easy, it's the >endpoints that tend to bite you. ;-) > >Good luck, >Kent > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >SentinuS >Sent: Thursday, November 29, 2001 3:35 PM >To: [EMAIL PROTECTED] >Subject: Re[2]: VPN is a Backdoor !!! [7:27725] > > >But I think VPN is not Backdoor if you use right Security Policy and >right configuration. There is one issue : Client. If you can secure >your client, there is no weakness. > > >Thursday, November 29, 2001, 11:47:08 PM, you wrote: >PR> Even then though, you're not secure. If the box is compromised before >you >PR> connect then even when the firewall is enforced, malicious activity >could >PR> still take a place...the attacker would not be able to connect to the >PR> machine but could leave dastardly code behind to do his job for him. > >PR> I am working on this scenario now as well. I am attempting to come up >with >PR> a best practice for cleaning a machine, installing a firewall, etc >for >PR> any vpn client. Let me know how yours goes! > >PR> -Patrick > >---cut--- > >SentinuS >Best Regards >[EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27859&t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VXR [7:27855]
Very eXhilirating Router? ;-) How about Very eXhorbitant Retail price? >>> "Patrick Bass" 11/30/01 11:05:40 AM >>> Anybody know what VXR stands for? As in Cisco 7200 VXR. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27860&t=27855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN + 1720 [7:27858]
Just want to say thankx to Murphy and Steve for helping out. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27858&t=27858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VXR [7:27855]
Thank you John. Now I know that it is not "Very Excellent Router" ... ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Very eXhilirating Router? ;-) > > How about Very eXhorbitant Retail price? > > >>> "Patrick Bass" 11/30/01 11:05:40 AM >>> > Anybody know what VXR stands for? As in Cisco 7200 VXR. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27862&t=27855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[2]: VPN is a Backdoor !!! [7:27725]
Does anyone have a best practice written up concerning this? (I thought mooching a lot of the content would keep me from typing a lot!) : ) -Patrick >>> "Priscilla Oppenheimer" 11/30/01 01:19PM >>> The problem is usually between the keyboard and chair. ;-) Priscilla At 11:07 AM 11/30/01, Kent Hundley wrote: >Your right, but it is nearly impossible to secure the client. The problem >is that no matter how much education you give users, most will still do the >"wrong" thing given the right circumstances. For example, if they are in a >chat room and someone they are communicating with sends them a file, most >will open it, no matter how many times you tell them not to. > >If it is a virus or a trojan, their entire machine can become compromised >and no amount of firewall software and strong authentication can completely >fix that. When prompted about a new app trying to reach the Internet, they >may just answer 'yes'. If there's no prompt and the software doesn't work, >they may just disable their firewall. (yes, it does happen) The problem is >worse if users use their home machines for VPN access. If they use company >assigned laptops with WinNT or 2K, you can fix some of this by not giving >them admin access to their own machines. This will severely limit their >ability to install new software and offer some protection, but its not a >guarantee. I can see someone breaking into their machine to install the hot >new game they just got sent from a "friend" they met on yahoo chat who's >only too happy to help them get the software installed. > >The weakest link in the security chain is almost always human factors. In >the end, there's no silver bullet for this problem. Policies and user >education help, but there's always a risk involved once you rely on users >for security, which is what you must do when you allow users remote access >to the corporate goodies. Creating a secure link is easy, it's the >endpoints that tend to bite you. ;-) > >Good luck, >Kent > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >SentinuS >Sent: Thursday, November 29, 2001 3:35 PM >To: [EMAIL PROTECTED] >Subject: Re[2]: VPN is a Backdoor !!! [7:27725] > > >But I think VPN is not Backdoor if you use right Security Policy and >right configuration. There is one issue : Client. If you can secure >your client, there is no weakness. > > >Thursday, November 29, 2001, 11:47:08 PM, you wrote: >PR> Even then though, you're not secure. If the box is compromised before >you >PR> connect then even when the firewall is enforced, malicious activity >could >PR> still take a place...the attacker would not be able to connect to the >PR> machine but could leave dastardly code behind to do his job for him. > >PR> I am working on this scenario now as well. I am attempting to come up >with >PR> a best practice for cleaning a machine, installing a firewall, etc >for >PR> any vpn client. Let me know how yours goes! > >PR> -Patrick > >---cut--- > >SentinuS >Best Regards >[EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27861&t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T-1 Encap Preference [7:27637]
At 10:59 AM 11/30/01, Brent Wrisley wrote: >Although intf's won't combine packets, I usually set higher MTU's so that >larger packets with the DF flag on will be allowed through. Although applications may set the DF bit (usually as part of the MTU discovery process but for other reasons too), they still don't tend to send very large packets. Even once you add some slop for extra encapsulations, tunneling, VPNs, VLANs, etc. you don't need the MTU to be much larger than the Ethernet MTU because end-user applications and configurations don't tend to send packets that are larger than the Ethernet MTU. This may change with time (and I'm sure there are some applications that do send larger frames), but typical ones don't. In fact, it's a good thing that they don't, as realtime (such as voice) packets get delayed when a (slow) interface takes a long time to serially output bits in a very large frame. I don't want to beat a dead horse, but it seemed like maybe you missed my point ;-} Priscilla >Brent > >On 29/11/01 21:16 -0500, Priscilla Oppenheimer wrote: > >: >[...] > A lot of novices think that having a large interface >:MTU is going to make a big difference, but I'm not convinced. The interface >:isn't going to combine packets it receives into larger packets just because >:of the larger MTU. Packets can't grow!? >[...] >: >:I'll have to look into this. Thoughts? Comments? >: >:Priscilla >: >:At 05:26 PM 11/29/01, Howard C. Berkowitz wrote: >:> >Found this in RFC 1661 which documents PPP: >:> > >:> >The maximum length for the Information field, including Padding, but not >:> >including the Protocol field, is termed the Maximum Receive Unit (MRU), >:> >which defaults to 1500 octets. By negotiation, consenting PPP >:> >implementations may use other values for the MRU. >:> > >:> >P. >:> >:>Hmmm...I definitely am aware of providers using 4470 on POS links, >:>and a general trend in the gigabit-plus world to use larger MTUs. Is >:>this simply industry practice, I wonder, or are there some overriding >:>IEEE or IETF documents? Perhaps in the sub-IP area, such as IP over >:>Optical? >:> >:> > >:> >At 03:05 PM 11/29/01, Howard C. Berkowitz wrote: >:> >> >Howard, >:> >> > >:> >> >Correct me if am wrong but, the HDLC advantage over PPP is the MTU >:size. >:> >> >PPP supports 1500 while HDLC 4xxx (can't remember the exact number), >:> >> >this might be helpful in situations where DF bit is set. >:> >> > >:> >> >Nabil >:> >> >:> >>I'd have to research this -- I don't offhand remember PPP (as the >:> >>protocol) having a MTU limit that small. It would surprise me, given >:> >>the interest in POS. >:> > >:> > >:> >Priscilla Oppenheimer >:> >http://www.priscilla.com >: >: >:Priscilla Oppenheimer >:http://www.priscilla.com >: >: >: >: >Brent Wrisley > >2FB6 85AD 7084 80A0 8381 C116 CDE5 78B5 E959 C536 >PGP Key ID: 0xE959C536 (us.pgp.net) Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27863&t=27637 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about affordable training classes [7:27840]
Bruce, I really wish you lived in the S.F. Bay Area!! And I hope that other CCSIs follow your lead. (BTW, my husband's gearing up to do something similar to this but in PC tech.) >>> "Bruce Evry" 11/30/01 10:06:45 AM >>> Hello, I am a Cisco Instructor and have been toying with the idea of running very low-cost classes that would be affordable for those not sponsored by a corporation or rich enough to pay $2000 or more per class. I was considering about maybe $200 to cover costs and equipment. (If someone could not afford even that we could work something out...) While I got my CCSI at Mentor (formerly Chesapeake) and recently have been doing contract training at places like Sprint and Verizon, I can still remember trying to get started, to get training, and to get that proverbial "foot in the door". I'd like to use some of my "off" weeks when I'm not doing corporate training to help other people get their Cisco certifications and a good start in this career. Classes would be held at my house, which is located just south of Washington, DC. in beautiful Fort Washington, Maryland. Please let me know if you think that such classes would be useful and of interest. Yours Truly - Bruce Evry [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27865&t=27840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VXR [7:27855]
FYI... I found out it means "Voice Exchange Router" ""Patrick Bass"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thank you John. Now I know that it is not "Very Excellent Router" ... > > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Very eXhilirating Router? ;-) > > > > How about Very eXhorbitant Retail price? > > > > >>> "Patrick Bass" 11/30/01 11:05:40 AM >>> > > Anybody know what VXR stands for? As in Cisco 7200 VXR. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27867&t=27855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN BRI [7:27843]
Hi Mohammed , Just put ppp chap refuse in the global config mode and it will run fine , I had the same problem with my ISDN as well and unfortunately even most of the engineers at TAC could not solve my problem for 3 to 4 months till I met an experienced engineer at TAC MrVadim Zakahri. Do refer to this document at and compare ur debugs with it : http://www.cisco.com/warp/public/112/chapter17.htm -- Navin Parwal MCSE ,CIW , CCNP, CCDP / The person who knows "how" will always have a job . The person who knows "why" will always be his boss. / ""Muhammad Shakeel Shamsi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > I have found you address while going through some archives, I was > wondering if you could personally help me with a problem, I am configuring a > router a 2600 series with IOS 12.0 for ISDN connectivity to an ISP access > server cisco AS5300, the configuration i have used has been tested by me on > Cisco 1603, 2501, 2503, with little changes, the problem here is that the > router connects and the after ten seconds disconnects and on sensing out > going traffic reconnects and then disconnects again, i start a ping it stays > connected and then disconnects. All other routers that i worked with are > working ok except this one, I am searching for the solution that when i > found you. Hoping for a reply. > > Regards > > Shakeel Shammsi > > Here is the configuration that i have put in. > > > > router#sh conf > Using 1811 out of 32762 bytes > ! > ! Last configuration change at 17:10:09 UTC Wed Mar 28 2001 > ! NVRAM config last updated at 17:10:12 UTC Wed Mar 28 2001 > ! > version 12.0 > service config > service timestamps debug datetime msec > service timestamps log datetime msec > no service password-encryption > service udp-small-servers > service tcp-small-servers > ! > hostname router > ! > enable secret 5 $1$UScn$gtVSLClesbMr2G1CpNwkK/ > enable password cisco123 > ! > ip subnet-zero > no ip domain-lookup > ip name-server x.x.x.x > ip name-server x.x.x.x > ip name-server x.x.x.x > isdn switch-type basic-net3 > ! > ! > ! > interface Ethernet0 > ip address x.x.x.x x.x.x.x > no ip directed-broadcast > ip nat inside > no cdp enable > ! > interface Serial0 > no ip address > no ip directed-broadcast > no ip mroute-cache > shutdown > ! > interface Serial1 > no ip address > no ip directed-broadcast > shutdown > no cdp enable > ! > interface BRI0 > no ip address > no ip directed-broadcast > ip nat outside > encapsulation ppp > dialer rotary-group 0 > isdn switch-type basic-net3 > no fair-queue > no cdp enable > ! > interface Dialer0 > ip address x.x.x.x x.x.x.x > no ip directed-broadcast > ip nat outside > encapsulation ppp > dialer in-band > dialer idle-timeout 300 > dialer string 13111666 class 56k > dialer hold-queue 10 > dialer load-threshold 200 either Rem (if no multi link support is off) > dialer-group 1 > no fair-queue > no cdp enable > ppp authentication pap callin > ppp pap sent-username test password 7 141113180F0B27 > ppp multilink > ! > ip nat translation timeout 1800 > ip nat inside source list 1 interface Dialer0 overload > ip http server > ip classless > ip route 0.0.0.0 0.0.0.0 Dialer0 > ! > ! > map-class dialer 56 > dialer isdn speed 56 > access-list 1 permit x.x.x.x x.x.x.x > dialer-list 1 protocol ip permit > ! > line con 0 > exec-timeout 0 0 > logging synchronous > transport input none > line aux 0 > line vty 0 4 > password cisco > login > ! > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27866&t=27843 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnetting [7:27808]
Well, given your minimum host requirements, this will be difficult. Location A will need at least 2 subnets, as the need for 160 hosts in one block can only be met by a /24 or shorter mask and you only have a /24 allocation. If you give Loc. A a /25 and a /27, that would only be 126+30=156 hosts, so it would have to use a /25 and /26 for 126+62=188 hosts. Loc. B would have to use a /27 for 30 hosts (a /28 would only give 14 hosts). That leaves Loc. C, which needs 48 hosts. Given the above netmasks, all we have left is a /27 for 30 hosts. If the numbers you list below are for actual hosts (not netblocks including net address and broadcast address), you cannot do it with your class C. Even if you do more VLSM on the /26 for Loc. A, it will still fall short. Also, even if you hedge your numbers and make it fit into the one /24, you will basically have zero room for growth. I would suggest either obtaining another /24+ allocation or *groan* bridging. Alternatively, you could explore NAT, either at Loc. A for all 3 sites, or individually at Loc. B + C. Andrew ""Howard C. Berkowitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >Can anyone help ! > >I have been assigned by our Head Office a Class B address > >(Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 > >which gives me 254 hosts available. > > > > >However i have to split this between 3 locations > >like so : > > > >Loc A : Minimum Addresses Required 160 (HQ) > >Loc B : Minumum Addresses Required 16 > >Loc C : Minumum Addresses Required 48 > > > >Loc B & C will each have a router that connects to a router at Loc A. > > > >Any ideas on how this can done ? > > > VLSM and a classless routing protocol. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27868&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: /31 subnet. [7:27742]
I thought I sent this out earlier. I may be mistaken. -Eric -Original Message- From: Lange, Eric Sent: Friday, November 30, 2001 9:27 AM To: [EMAIL PROTECTED] Subject: RE: /31 subnet. [7:27742] Sorry. Looks like 12.2(2)T. -Eric -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:44 AM To: [EMAIL PROTECTED] Subject: Re: /31 subnet. [7:27742] It doesn't work in Cisco routers. ""Carroll Kong"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Law of subnets is a tradeoff. Bigger subnets, have higher > efficiency, at the cost of bigger broadcast domains. Smaller subnets have > abysmal efficiency, at the benefit of smaller broadcast domains. > /31 is a new RFC proposed rule which eliminates the loss of > effiency of 50% to.. 0%. > /30 has 2 usable addresses but loses 2 for broadcast and > network. So, you need 4 ips to make the subnet, but you only can use > 2. 50% efficiency. /31 is going to let you take 2, and use 2, and ignore > the broadcast and network need. This is ideal for point to point. > > At 08:32 AM 11/30/01 -0500, VoIP Guy wrote: > >Maybe I'm missing something, but there are only 2 useable addresses in a > >/30, and only 2 interfaces participating in a point-to-point link, so how > >are there 50% of the addresses wasted. > > > >Steve > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Point to point connections, with a /30 you waste 50% of the > > > avaivalable addresses. > > > > > > Dave > > > > > > Nicolas FEVRIER wrote: > > > > > > > > Hi group, > > > > > > > > I'm puzzled by the use of /31 subnets... > > > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > > > > > Thanxx. > > > > > > > > Nicolas. > > > -- > > > David Madland > > > Sr. Network Engineer > > > CCIE# 2016 > > > Qwest Communications Int. Inc. > > > [EMAIL PROTECTED] > > > 612-664-3367 > > > > > > "Emotion should reflect reason not guide it" > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27869&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN client, PIX, internet access [7:27870]
Is there a way to configure a cisco PIX so that a user with a VPN client connects to the internal network and can also connects to the internet without doing a split tunnel on a windows 2000 professional? This would in essence make the remote workstation part of the internal network. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27870&t=27870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnetting [7:27808]
How about placing NAT on the external router and running a private address on the internal networks. ccie1ab -Original Message- From: VoIP Guy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 9:45 AM To: [EMAIL PROTECTED] Subject: Re: Subnetting [7:27808] If you really got a class B, it would be 255.255.0.0, where you could just create 254 Class C networks. If you got a class C network, you can't do it without more VLANs. ""Andy Hutchinson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can anyone help ! > I have been assigned by our Head Office a Class B address > (Let's say 172.133.205.0) with a subnet mask of 255.255.255.0 > which gives me 254 hosts available. > However i have to split this between 3 locations > like so : > > Loc A : Minimum Addresses Required 160 (HQ) > Loc B : Minumum Addresses Required 16 > Loc C : Minumum Addresses Required 48 > > Loc B & C will each have a router that connects to a router at Loc A. > > Any ideas on how this can done ? > > Thanks > > Andy Hutchinson Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27871&t=27808 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN client, PIX, internet access [7:27870]
Don't enable split tunneling on the concentrator for that grop when using the Cisco VPN client or simply route all traffic through the VPN tunnel. -Jake -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:29 PM To: [EMAIL PROTECTED] Subject: VPN client, PIX, internet access [7:27870] Is there a way to configure a cisco PIX so that a user with a VPN client connects to the internal network and can also connects to the internet without doing a split tunnel on a windows 2000 professional? This would in essence make the remote workstation part of the internal network. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27872&t=27870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CISCOWORKS USER GUIDE RWAN LMS [7:27743]
RWAN = Cisco Works - Routed WAN version LMS = Cisco Works - Lana Management Solution -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of anil Sent: Thursday, November 29, 2001 7:59 PM To: [EMAIL PROTECTED] Subject: CISCOWORKS USER GUIDE RWAN LMS [7:27743] from Amazon.com: What is "RWAN, LMS"? Thanks -Anil -- CISCO CISCOWORKS USER GUIDE RWAN LMS No photo available Price: $68.87 s&h fee $8.00 Description: CISCOWORKS USER GUIDE RWAN LMS Note: This merchant will not ship this item outside of United States. Merchant: microtechonline zShop (9) Seller: microtechonline zShop Details: CISCOWORKS USER GUIDE RWAN LMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Circusnuts Sent: Thursday, November 29, 2001 4:47 AM To: [EMAIL PROTECTED] Subject: Re: CiscoWorks, Cisco Secure [7:27563] Nope- I had to purchase the courseware and a documentation kit off of Ebay. Cisco does offer a CBT for $10 + shipping. There is always the Global Knowledge bootcamp for $5,000 :o)> All the best !!! Phil - Original Message - From: "D sam" To: Sent: Wednesday, November 28, 2001 3:35 PM Subject: CiscoWorks, Cisco Secure [7:27563] > does any one know if there are any books for cisco works and Cisco secure > that can be purchased by the public. > > rick > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27864&t=27743 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: /31 subnet. [7:27742]
Chuck what is the benefit of a broadcast on a p-to-p link. all stations are gonna answer anyway. i.e. the station on the other side of the p-to-p link. - Original Message - From: "Mcfadden, Chuck" To: Sent: Friday, November 30, 2001 8:44 AM Subject: RE: /31 subnet. [7:27742] > Sure, but then what are your network and broadcast addresses? > ccie1ab > > -Original Message- > From: MADMAN [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 29, 2001 6:22 PM > To: [EMAIL PROTECTED] > Subject: Re: /31 subnet. [7:27742] > > > Point to point connections, with a /30 you waste 50% of the > avaivalable addresses. > > Dave > > Nicolas FEVRIER wrote: > > > > Hi group, > > > > I'm puzzled by the use of /31 subnets... > > Anybody can explain me the benefits of such a subnet on an interface ? > > > > Thanxx. > > > > Nicolas. > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27852&t=27742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN client, PIX, internet access [7:27870]
I know but how do you make it so that the client using the VPN client can access the internet with netscape or whatever without doing a split tunnel. At 01:48 PM 11/30/2001 -0600, Gibb, Jake wrote: >Don't enable split tunneling on the concentrator for that grop when >using the Cisco VPN client or simply route all traffic through the VPN >tunnel. > >-Jake > >-Original Message- >From: John Chang [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 30, 2001 1:29 PM >To: [EMAIL PROTECTED] >Subject: VPN client, PIX, internet access [7:27870] > > >Is there a way to configure a cisco PIX so that a user with a VPN client > >connects to the internal network and can also connects to the internet >without doing a split tunnel on a windows 2000 professional? This would >in >essence make the remote workstation part of the internal network. Thank >you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27873&t=27870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VoIP MC-3810 [7:27874]
Just to confirm. Can a MC-3810 do VoIP or only VoFR? Thanks, Hugo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27874&t=27874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN client, PIX, internet access [7:27870]
Without split tunneling they will send all traffic back to your local network. It is up to you to setup DNS settings to be pushed to the client that they will use for resolution. These can be internal dns servers set to forward unknown requests or external dns servers. We use split tunneling to take advantage of the clients local ISP connection for unknown IP requests that are not in our split tunneling list. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:56 PM To: Gibb, Jake; [EMAIL PROTECTED] Subject: RE: VPN client, PIX, internet access [7:27870] I know but how do you make it so that the client using the VPN client can access the internet with netscape or whatever without doing a split tunnel. At 01:48 PM 11/30/2001 -0600, Gibb, Jake wrote: >Don't enable split tunneling on the concentrator for that grop when >using the Cisco VPN client or simply route all traffic through the VPN >tunnel. > >-Jake > >-Original Message- >From: John Chang [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 30, 2001 1:29 PM >To: [EMAIL PROTECTED] >Subject: VPN client, PIX, internet access [7:27870] > > >Is there a way to configure a cisco PIX so that a user with a VPN >client > >connects to the internal network and can also connects to the internet >without doing a split tunnel on a windows 2000 professional? This >would in essence make the remote workstation part of the internal >network. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27875&t=27870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Simulator [7:27876]
I am looking for an ISDN simulator (BRI). Anyone know of a good, inexpensive device I can put into my home lab? ccie1ab Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27876&t=27876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN client, PIX, internet access [7:27870]
Do I have to do anything fancy to the PIX box to allow the client to do e-mail, netscape, ftp, or whatever on the internet? What do you mean about DNS settings on the client? The DNS server will be on the outside. We are not using a VPN concentrator. At 01:55 PM 11/30/2001 -0600, Gibb, Jake wrote: >Without split tunneling they will send all traffic back to your local >network. It is up to you to setup DNS settings to be pushed to the >client that they will use for resolution. These can be internal dns >servers set to forward unknown requests or external dns servers. We use >split tunneling to take advantage of the clients local ISP connection >for unknown IP requests that are not in our split tunneling list. > >-Original Message- >From: John Chang [mailto:[EMAIL PROTECTED]] >Sent: Friday, November 30, 2001 1:56 PM >To: Gibb, Jake; [EMAIL PROTECTED] >Subject: RE: VPN client, PIX, internet access [7:27870] > > >I know but how do you make it so that the client using the VPN client >can >access the internet with netscape or whatever without doing a split >tunnel. > >At 01:48 PM 11/30/2001 -0600, Gibb, Jake wrote: > >Don't enable split tunneling on the concentrator for that grop when > >using the Cisco VPN client or simply route all traffic through the VPN > >tunnel. > > > >-Jake > > > >-Original Message- > >From: John Chang [mailto:[EMAIL PROTECTED]] > >Sent: Friday, November 30, 2001 1:29 PM > >To: [EMAIL PROTECTED] > >Subject: VPN client, PIX, internet access [7:27870] > > > > > >Is there a way to configure a cisco PIX so that a user with a VPN > >client > > > >connects to the internal network and can also connects to the internet > >without doing a split tunnel on a windows 2000 professional? This > >would in essence make the remote workstation part of the internal > >network. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27877&t=27870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
