Crypto Map Question [7:27909]
I am very confused with the following Crypto Map question: In the MCNS book (by Cisco Press), it said that if a static crypto map entry sees outbound IP traffic that should be protected and the crypto map specifies the use of IKE, then a Security Assoication is negotiated with the remote peer according to the paramenters included in the crypto map entry ( => I understand this, as that's what IKE is for) However, the book also said that if a dynamic crypto map entry sees outbound traffic that should be protected and NO Security Association exists, then the packet will be dropped - why? I thought the pre-requsitite for dynamic crypto map is to use IKE. And if IKE is used, wouldn't it be able to negotiate a Security Association like the first scenario? Any help will be greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable & Wireless Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27909&t=27909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP MC-3810 [7:27874]
Hugo, Your sh ver looks promising. The definitive way is to look at the BOTTOM and see if they are p.n.: 17-4840 rev 03 or later. I believe that they contain System Bootstrap Version 12.0(6r)T4. By the way the 12.0(6r)T4 is the WBOOT code that you need to support 32 Mb Flash. You will need atleast 16 Mb Flash if you want to run current enterprise feature set. If you can get by with ip plus then you can get by with your existing 8 Mb. Remember, if money is tight and you have upgraded the DRAM to 64 Mb you could always boot the IOS from a TFTP server instead of from flash, just watch out when you do a 'wr erase' to clear out the configs as it will no longer know its ip address and you will end up running the flash IOS. Peter In article , [EMAIL PROTECTED] writes >Peter, > >Thank you for replying. Great info that the IOS image should contain >"v5" feature set. ;-)) > >The box is an MC-3810 (not V or V3) with 32MB DRAM and 8MB flash with >mc3810-is-mz.120-5.XK image. > >ROM: System Bootstrap, Version 12.0(6r)T4, RELEASE SOFTWARE (fc1) >ROM: MC3810 Software (MC3810-WBOOT-M), Version 12.0(6r)T4, RELEASE >SOFTWARE (fc1) > >As fas I understood reading the notes at: > >this box will recognize a 64MB DRAM. > >Am I correct? > >TIA > > >-Original Message- >From: Peter Whittle [mailto:[EMAIL PROTECTED]] >Sent: sexta-feira, 30 de novembro de 2001 21:40 >To: [EMAIL PROTECTED] >Subject: Re: VoIP MC-3810 [7:27874] > > >The MC-3810 supports VoIP if you have a v5 variant of the IOS. > >eg enterprise + voatm + voip would be mc3810-a2jsv5_122-3.bin > >Of course you need a voice module, AVM (analogue), BVM (ISDN Bri), >DVM (ISDN Pri, CAS) and any load will do vofr. > > >However, VoIP loads require 64 Mbytes DRAM. > >If you upgrade an old mc-3810 or mc-3810v you need recent BOOTROMs, >take >a look in the release notes for details. If your bootroms are not >recent >enough then a 64Mb SIMM will only show up as 16 Mb! The bootroms are a >free of charge item. You will have to pay postage and may need to >order >them via a partner if you don't have SMARTNET on the routers. > >Peter > > > In article , [EMAIL PROTECTED] > writes >>Just to confirm. Can a MC-3810 do VoIP or only VoFR? >> >>Thanks, >> >>Hugo >>html >>Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] >> > -- Peter Whittle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27910&t=27874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP MC-3810 [7:27874]
Hugo, If you are after some e.g. configs take a look at my earlier post in the GroupStudy ccielab archives. Posting 200111/msg01481. Peter article , [EMAIL PROTECTED] writes >Peter, > >Thank you for replying. Great info that the IOS image should contain >"v5" feature set. ;-)) > >The box is an MC-3810 (not V or V3) with 32MB DRAM and 8MB flash with >mc3810-is-mz.120-5.XK image. > >ROM: System Bootstrap, Version 12.0(6r)T4, RELEASE SOFTWARE (fc1) >ROM: MC3810 Software (MC3810-WBOOT-M), Version 12.0(6r)T4, RELEASE >SOFTWARE (fc1) > >As fas I understood reading the notes at: > >this box will recognize a 64MB DRAM. > >Am I correct? > >TIA > > >-Original Message- >From: Peter Whittle [mailto:[EMAIL PROTECTED]] >Sent: sexta-feira, 30 de novembro de 2001 21:40 >To: [EMAIL PROTECTED] >Subject: Re: VoIP MC-3810 [7:27874] > > >The MC-3810 supports VoIP if you have a v5 variant of the IOS. > >eg enterprise + voatm + voip would be mc3810-a2jsv5_122-3.bin > >Of course you need a voice module, AVM (analogue), BVM (ISDN Bri), >DVM (ISDN Pri, CAS) and any load will do vofr. > > >However, VoIP loads require 64 Mbytes DRAM. > >If you upgrade an old mc-3810 or mc-3810v you need recent BOOTROMs, >take >a look in the release notes for details. If your bootroms are not >recent >enough then a 64Mb SIMM will only show up as 16 Mb! The bootroms are a >free of charge item. You will have to pay postage and may need to >order >them via a partner if you don't have SMARTNET on the routers. > >Peter > > > In article , [EMAIL PROTECTED] > writes >>Just to confirm. Can a MC-3810 do VoIP or only VoFR? >> >>Thanks, >> >>Hugo >>html >>Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] >> > -- Peter Whittle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27911&t=27874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routers as tftp servers [7:27912]
"TFTP does not provide any security for file transfers, so it should not be available to a public firewall interface. Unauthorized users can upload new config files to your router, as well as download your current stored configs for analysis." How can you configure the router to accept TFTP file uploads? Thanks John Tafasi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27912&t=27912 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers as tftp servers [7:27912]
> "TFTP does not provide any security for file transfers, so it should not be > available to a public firewall interface. Unauthorized users can upload new > config files to your router, as well as download your current stored configs > for analysis." > > How can you configure the router to accept TFTP file uploads? I use : tftp-server flash:c3640-is-mz.121-5.T9.bin in my "source" router to allow other routers to copy the ios image from this one. Check this out : http://www.cisco.com/warp/public/63/copyimage.html Nicolas. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27913&t=27912 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Crypto Map Question [7:27909]
OK it all depends on when you use dynamic crypto maps and the rule is that dynamic maps are used for remote users who need occasional access and for whom you do not have all the necessary information to create a staic crypto map, sich as IP address. So a. You always create dynamic crypto maps with higher numbers. b. Because a dynamic map does not contain all the information necessary for an SA to be formed, if an outbound request falls through to a dynaminc map then it will be dropped. An inbound request can fall throiugh to a dynamic map and the proicess can begin for to form an SA Does this make sense for you ? Hunt Lee wrote: > > I am very confused with the following Crypto Map question: > > In the MCNS book (by Cisco Press), it said that if a static > crypto map entry > sees outbound IP traffic that should be protected and the > crypto map > specifies the use of IKE, then a Security Assoication is > negotiated with the > remote peer according to the paramenters included in the crypto > map entry > ( => I understand this, as that's what IKE is for) > > However, the book also said that if a dynamic crypto map entry > sees outbound > traffic that should be protected and NO Security Association > exists, then > the packet will be dropped - why? I thought the pre-requsitite > for dynamic > crypto map is to use IKE. And if IKE is used, wouldn't it be > able to > negotiate a Security Association like the first scenario? > > Any help will be greatly appreciated. > > Best Regards, > Hunt Lee > IP Solution Analyst > Cable & Wireless > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27914&t=27909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re[4]: VPN is a Backdoor !!! [7:27725]
May be. But if you use L2TP or Layer 3 transport on VPN, all your mobile users could be Local. Thus you don't need to additional security on your Mobile user (I mean firewall or anti-virus app.) SentinuS Friday, November 30, 2001, 6:07:02 PM, you wrote: KH> Your right, but it is nearly impossible to secure the client. The problem KH> is that no matter how much education you give users, most will still do the KH> "wrong" thing given the right circumstances. For example, if they are in a KH> chat room and someone they are communicating with sends them a file, most KH> will open it, no matter how many times you tell them not to. --cut here--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27915&t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX conduit & access lists [7:26684]
As long as you initiate it. There are ActiveX filters and other filters you can enable on the PIX to block most malicious web server traffic. In any type of NAT it will allow inside users full access to the internet unless blocked or unsupported by NAT. Allen - Original Message - From: Steve Alston To: Sent: Thursday, November 29, 2001 3:59 PM Subject: Re: PIX conduit & access lists [7:26684] > Thanks again Allen, > Does that mean the responses to my outbound requests are allowed in by > default? For example, my request for a web page is allowed through the > firewall. Would the page in response of that request be allowed through the > firewall? > > Steve > > ""Allen May"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > NAT or internal servers with "real" IP addresses using NAT 0 can access > > anything until you block it. Outbound requests (such as http, ftp, etc) > are > > all enabled by default. Users outside the firewall cannot access internal > > IPs without access-list or conduit statements. > > > > In short, all outbound enabled and all inbound disabled by default. > > > > For your conduit permit icmp any any I would enable echo reply only rather > > than full icmp. Echo reply only allows replies back to the person pinging > > or tracerouting. Full icmp can be exploited in DOS attacks. > > example: > > access-list 10 permit icmp any any echo-reply > > access-group 10 interface outside > > (apply one to interface inside for outbound) > > > > Allen > > > > - Original Message - > > From: Steve Alston > > To: > > Sent: Wednesday, November 28, 2001 4:08 PM > > Subject: Re: PIX conduit & access lists [7:26684] > > > > > > > Patrick & Allen, > > > Thanks for the responses -- helps loads. I'm still slightly confused. > > > > > > I did a clear conduit expecting to block all incoming traffic. > Following > > > the clear conduit, I did a show conduit to verify there were not > any > > > conduits in operation. At that time, I was still able to receive web > > > traffic at my workstation. For that matter, the conduit statements only > > > applied to specific servers so why am I able to receive http at my > > > workstation? I did try to PING an IP address which failed when I > removed > > > the conduits and worked when I restored "conduit permit icmp any > any" -- > > > that behaved as expected. > > > > > > > > > Thanks, > > > Steve > > > > > > ""Allen May"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Very true and a good point, but the original question was about > conduits > > > > which only apply to lower->higher. Higher->lower requires NAT. I > > > > accidentally typed access-list below but meant conduit. ;) *slap self > & > > > get > > > > more coffee*. It still applies but wasn't what I meant to say. > > > > > > > > Thanks for pointing that out though. > > > > > > > > > > > > - Original Message - > > > > From: Patrick W. Bass > > > > To: > > > > Sent: Sunday, November 25, 2001 10:14 PM > > > > Subject: Re: PIX conduit & access lists [7:26684] > > > > > > > > > > > > > ""Allen May"" wrote in message > > > > > news:[EMAIL PROTECTED]... > > > > > > I'm not sure if this was answered or not, but a firewall always > > > assumes > > > > a > > > > > > deny all at the end of the access-list for inbound. Outbound is > > > > different > > > > > > since it allows all by default. > > > > > > > > > > > > > > > > Remeber this: Higher security level to lower security level, > > implicitly > > > > > allowed. Lower security level to higher security level, implicitly > > > > denied. > > > > > Otherwise it gets tricky once you start messing with multipile DMZs. > > > > > > > > > > > Also, access-lists are the way to go since conduits will be phased > > out > > > > in > > > > > > the near future. > > > > > > > > > > > > Allen > > > > > > > > > > > > - Original Message - > > > > > > From: Steve Alston > > > > > > To: > > > > > > Sent: Monday, November 19, 2001 9:25 AM > > > > > > Subject: Re: PIX conduit & access lists [7:26684] > > > > > > > > > > > > > > > > > > > Carroll, > > > > > > > Thanks for the reply. I'm using conduits now, but will switch > > to > > > > > access > > > > > > > lists in the future. (I'd like to fully understand the > > > configuration > > > > I > > > > > > > inherited before I start making changes) Are implicit denys > > > inserted > > > > > > behind > > > > > > > each conduit as well? > > > > > > > > > > > > > > > > > > > > > ""Carroll Kong"" wrote in message > > > > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > > > Implicit denys behind every access-list are inserted. Are you > > > > > > > > mixing conduits and access-lists? You really should not. Use > > ALL > > > > > > > conduits > > > > > > > > or ALL access-lists. If both are used, conduits take priority > > and > > > > > > > override > > > > > > > > your access-lists. Access-lists are first match, c
Re: VXR [7:27855]
VXR = voice exchange. VXR routers have a TDM bus in them. ""Patrick Bass"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anybody know what VXR stands for? As in Cisco 7200 VXR. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27917&t=27855 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers as tftp servers [7:27912]
Nicolas, It is a lot saver and easy to manage if you just use a PC, I do not see why you would want to use your router as tftp server. JP ""Nicolas FEVRIER"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > "TFTP does not provide any security for file transfers, so it should not be > > available to a public firewall interface. Unauthorized users can upload new > > config files to your router, as well as download your current stored > configs > > for analysis." > > > > How can you configure the router to accept TFTP file uploads? > > I use : > tftp-server flash:c3640-is-mz.121-5.T9.bin > in my "source" router to allow other routers to copy the ios image from > this > one. > > Check this out : > http://www.cisco.com/warp/public/63/copyimage.html > > Nicolas. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27918&t=27912 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Decreasing telnet packet number [7:27919]
Hi, Can anybody remember how to decrease the amount of packets generated when using Telnet. ie fewer packets with more than 1 byte of data inside them. I can remember only been told this as a 'by-the-way' in a course, I can't find this info again anywhere. Any suggestions greatfully received, Phil. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27919&t=27919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Class - Post class update [7:27920]
Team, if you all remember my questions regarding the Mobley BGP class being offered in my area. Well, my 1 week class ended yesterday and all I have to say is WOW!!! We went through 25 labs and a 350 page manual that Larry Mobley (teacher) provided. We were also given a free copy of Halabi's IRA book 2nd edition (bonus). There was 6 people in my class, each group of 2 people had a pod of 5 routers that we used to configure bgp using a IGP of ospf. We advertised multiple networks from each pod and were triple-homed to the ISP background that the teacher maintained. We did everything from as-path filters, filter lists and route-maps (enforcing policies), communities, confederations, route-reflectors, aggregation and covered each and every attribute used in the BGP decision process. As a couple of people had mentioned when I initially asked about this class, it's just great. I can now confirm this and recommend to all of you this class. BTW: Larry will be teaching a CCIE bootcamp type class and he already teaches a myriad of other class (BSCN, CIT, etc) I cannot recommend this guy enough. Shoot him an email to find out when he's offering this class. Take care all. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27920&t=27920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WS-C1200 Switch [7:27921]
I bought a cheap Cisco switch to run the network within the house and it does work, but I have nothing when Console-ing into the Admin port (not even modem string to tell me I have the wrong cable). Any ideas- it autosenses and negotiates fine, but I'd like to configure a few things too Thanks Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27921&t=27921 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WS-C1200 Switch Part II [7:27922]
Sorry- CDP neighbors when connected to my 3524 doesn't work either. Phil - Original Message - From: Circusnuts To: [EMAIL PROTECTED] Sent: Saturday, December 01, 2001 2:02 PM Subject: WS-C1200 Switch I bought a cheap Cisco switch to run the network within the house and it does work, but I have nothing when Console-ing into the Admin port (not even modem string to tell me I have the wrong cable). Any ideas- it autosenses and negotiates fine, but I'd like to configure a few things too Thanks Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27922&t=27922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Decreasing telnet packet number [7:27919]
Try "service nagle". -John Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Sat, 1 Dec 2001, phil perry ([EMAIL PROTECTED]) wrote: > Hi, > > Can anybody remember how to decrease the amount of packets generated > when > using Telnet. > > ie fewer packets with more than 1 byte of data inside them. > > I can remember only been told this as a 'by-the-way' in a course, I > can't > find this info again anywhere. > > Any suggestions greatfully received, > > Phil. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27923&t=27919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Decreasing telnet packet number [7:27919]
Thanks, but that's not really what I'm after. There is a specific way of telling the router to wait for 'x' amounts of characters, then transmit them in one packet. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27924&t=27919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Variance [7:27882]
Good work, Gaz. Still, I wouldn't necessarily go too much farther in, for example, playing with the K values. Load balancing, on a per-hop basis, is a very limited solution. Paradoxically, by considering actual load (the K value), you may make it worse. Let's first look at the problem of load balancing in the simple case: two routers with two parallel links between them. Per-packet load balancing clearly makes the optimal use of bandwidth, but it also creates the greatest potential for packet misordering, which may eventually raise processing load significantly on the destination _hosts_. As implemented by Cisco, it also makes the greatest demand on router processing. It does have the additional benefit of fastest convergence after failures. Per-destination load balancing can be quite effective if you have a large number of destinations and a large number of paths. Otherwise, it can cause "pinhole congestion," when most of your traffic goes to a single path. Source-destination hash is probably the best compromise, but is not always available. Now, consider what happens if you play with the K values. Traffic will prefer the less loaded path...until your traffic pattern changes. Then the less loaded path may become more loaded, until some traffic moves to the other path. In other words, you incur a lot of oscillation in route selection, with complex interactions with the load balancing method in use. In general, most routing protocol designers consider classical routing protocol load balancing to be an evolutionary dead end. There are several alternatives, such as experimental routing protocols that consider the load on every link in the end-to-end path. The consensus, however, tends to be to use the routing protocol to disseminate reachability information, and possibly to disseminate such things as reserved bandwidth per interface. For the timing-sensitive traffic, traffic-engineered MPLS paths will be set up with RSVP-TE. Internet- and multiprovider traffic engineering is beyond the scope of this introduction. >"Gaz" wrote, >The information turned up quicker than I thought it might. >The traffic is balanced based on the ratio of metrics. Seems a bit crude. If >the ratio is not an integer value then the value is rounded down to an >integer value. > >This suggests to me that if the metric of the lesser link is not at least >twice that of the better link, that the links will be load balanced as >though they are equal. > >All of the above is based on the fact that K values are left as default, so >load is not taken in to consideration with EIGRP. I've never messed with the >K values yet, but I think I may have to in the near future. >I think there will have to be a fair bit of testing involved once the load >is taken into configuration, but I think if done correctly, this should >offer better intelligent load balancing. > >URL to have a look at: > >http://www.cisco.com/warp/public/103/19.html > > >Gaz > > > >http://www.cisco.com/warp/public/103/19.html >""Gaz"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> Hi Gregg/All, >> >> Would the variance have any effect on the actual load balancing in that >way? >> I was under the impression that the variance would allow the lesser route >to >> be added to the routing table, but after that the variance would have no >> effect on the number of packets sent over each link. >> Not sure, but I have an interest in finding out, so I'm off to have a >look. >> >> My thoughts at the moment are that packets may be distributed across >unequal > > routes due to the metrics of those routes, but that the variance would not >> matter whether it were 2 or 22, only that it allows the routes to be used. >> >> I'll get back to you when/if I find out. >> >> >> Gaz >> >> >> >> ""Gregg Malcolm"" wrote in message >> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > I have a question about variance that's been bugging me. I know that >> metric >> > based routing proto's (IGRP, EIGRP and OSPF) will not load balance >across >> > unequal cost links by default. We must use that variance cmd. The >> variance >> > has a multiplier. 1 is equal cost. I assume that variance is done per >> > packet (as opposed to session). Is this true? If variance is set to 2 >> does >> > it mean 2 packets would be sent out high bandwidth link and 1 packet out >> the > > > low bandwidth link? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27925&t=27882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WS-C1200 Switch Part II [7:27922]
sh cdp entry * should give you the ip, and mac adress of the switch. you can then contact the cisco tac with the mac addres to get the factory password. - Original Message - From: "Circusnuts" To: Sent: Saturday, December 01, 2001 12:58 PM Subject: WS-C1200 Switch Part II [7:27922] > Sorry- CDP neighbors when connected to my 3524 doesn't work either. > > Phil > > - Original Message - > From: Circusnuts > To: [EMAIL PROTECTED] > Sent: Saturday, December 01, 2001 2:02 PM > Subject: WS-C1200 Switch > > > I bought a cheap Cisco switch to run the network within the house and it does > work, but I have nothing when Console-ing into the Admin port (not even modem > string to tell me I have the wrong cable). > > Any ideas- it autosenses and negotiates fine, but I'd like to configure a few > things too > > Thanks > Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27926&t=27922 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about affordable training classes [7:27840]
12/1/2001 2:45pm Saturday Where do you live ? Richard // ""Bruce Evry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > I am a Cisco Instructor and have been toying with the idea of > running very low-cost classes that would be affordable for those not > sponsored by a corporation or rich enough to pay $2000 or more per class. > I was considering about maybe $200 to cover costs and equipment. (If > someone could not afford even that we could work something out...) > > While I got my CCSI at Mentor (formerly Chesapeake) and recently > have been doing contract training at places like Sprint and Verizon, I can > still remember trying to get started, to get training, and to get that > proverbial "foot in the door". I'd like to use some of my "off" weeks when > I'm not doing corporate training to help other people get their Cisco > certifications and a good start in this career. > > Classes would be held at my house, which is located just south of > Washington, DC. in beautiful Fort Washington, Maryland. > > Please let me know if you think that such classes would be useful > and of interest. > > Yours Truly - Bruce Evry > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27927&t=27840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial Line is up and line protocol is up Question [7:27929]
If the show interface serial 0 command is executed and the message Serial Line is up and line protocol is up appears then the exact correct interpretation of this is A) The frame relay connection is active B) The connection is sending and receiving data - Answer is given in next message with subject line "Serial Line is up and line protocol is up ANSWER" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27929&t=27929 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Serial Line is up and line protocol is up ANSWER [7:27930]
The answer given by CISCO is "A" Is this really correct?! I hate to doubt the experts, but I just need re-assurance. Thanks --- If the show interface serial 0 command is executed and the message Serial Line is up and line protocol is up appears then the exact correct interpretation of this is A) The frame relay connection is active B) The connection is sending and receiving data - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27930&t=27930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Decreasing telnet packet number [7:27919]
Phil, I think you can try "service nagle" HTH Kent ""phil perry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > Can anybody remember how to decrease the amount of packets generated when > using Telnet. > > ie fewer packets with more than 1 byte of data inside them. > > I can remember only been told this as a 'by-the-way' in a course, I can't > find this info again anywhere. > > Any suggestions greatfully received, > > Phil. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27931&t=27919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Serial Line is up and line protocol is up ANSWER [7:27930]
Maybe this will explain it..Just because a serial int is UP/UP, it doesn't necessarily mean that data is able to be xfered. The serial int could be connected to a CSU/DSU which might give the int the correct control signal states to make the serial int appear to be up (example would be that the remote CSU/DSU is broken but carrier signal is up on local int). In this case, since it's frame relay, the 2nd up would not occur unless LMI keepalives were occuring. What cisco is saying is UP/UP is just the int status. Doesn't mean that data is being xfered. The most popular way to know that an interface is in use is to watch in/out stats (via sh int). Clear counters is another usefull cmd. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27932&t=27930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Per vlan Spanntree On Gigabit ether channel. [7:27933]
As always thank for you for your input and ideas Cisco people. Situation: I have 3 Cat 6500's (Cat A,Cat B, Cat C) Cat A and B are the main backbone and have a Gigabit Channel between then. Cat A and B's MSFC's are routing and each MSFC has a priority routing for a vlan and HSRP for fail over routing. Cat C is in the same VTP domain as Cat A and B and Cat C is the only one which will be using FlexWan card. Cat C has a 2 pairs of Gigabit Channels one to Cat A and the other to Cat B. I want to control specific Vlans on the Gigabit channels from Cat C. Example. Gigabit channel from Cat C to Cat A.. Can I use Per val Spanning tree and make that channel priority to a vlan which is routing though Cat A's MSFC. I also, want to do this for the Gigabit ether channel goto up to Cat B. Question: Is there a way to use per vlan spanning tree on Gigabit ethernet Channels? Thank for all you help... Rico _ かわ & 使えるブラウザで、インターネット生活もっと楽しくなる! http://explorer.msn.co.jp/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27933&t=27933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
I set the cat6k reg to 0x3922, howto recover [7:27934]
Hi,all Last Friday,I go out to solve a cat6k's boot problem,Its a Cat6K with 6006 chassis,supervisor 1a msfc2 and one ws-x6408 line card,the boot problem is:after it decompress the image and displays four lines of diag message ,the system is halted at "boot bootflash:cat6000-xxx.bin",at that time, the led is stats:green and left are all orange.I have check the bootvar and in rommon use "boot bootflash:cat6000xxx.bin",both useless.so i begin to doubt the problem is caused by the image file,is cat6000-6.1.2.bin,I got a 5.5.10 image that is the cisco recommended.I begin to download this image to supervisor using xmodem,after about 2hours,really a long time wait,the download complete and begin to decompress the image,only a few lines it report an error.I don't want to wait for a so long time again and deside the do the upgrade as router 3600:change the console speed using conreg ,but the cat6k's confreg command only has 1200,2400,4800 and 9600bps options,I deside to try the 115,200bps, in 3600 the register is 0x3922.so I configure it in Cat6K. Then I cannot enter the console,only meanness characters .The time is up,I back to Company and check the doc ,I found that 0x3922 in cat6k means baud rate 4800 and "the break is disabled".I also see in somewhere that it says the break is always enabled in the first 60 sec and whenever the break is set disabled",Can I still can enter the console?? next Monday I will go and check.Anybody who can give some advise ,Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27934&t=27934 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where is the position of Cat6k's config [7:27935]
Does Cat6K also using an NVRAM for keeping the configuring or simulating the flash link 2900xl. and if the config is in NVRAM what the nomally bootvar is? I can only enter the rommon mode, the system cannot boot correctly. I have try to use "boot bootflash:cat6000xxx.bin" and confreg 0x2142 ,neither can solve the problem,Is that mean the problem is caused by the image file itself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27935&t=27935 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Can I use the xmodem -s 38400 in Cat6K [7:27936]
I found a doc about howto use xmodem to recover the image of cat5000&4000,it says you can use the xmodem -s 38400 to download via console.And I also found a topic says recommand not to set the speed upper than 19200,the xmodem command has some option: -c to use crc16 -s set speed I am using the teraterm terminal emulator,It can support these, can I use "xmodem -s 38400 -c " command to recover the image. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27936&t=27936 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Variance [7:27882]
Gaz & Howard, Thanks for the input. I really appreciate it. I'm still a little curious. Based upon the link Gaz included, we know that variance is factor based. Consider the following. 3 paths; 56 Kbps, 128 Kbps and 256 Kbps. If we use variance of 2, the 128K and 256K paths will be used in a load balancing fashion. I'm still wondering (and need to research cisco.com) about how it done. More than likely, it's something like CEF based (by dest). Thanks again and I'll post something about this when I find out. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27937&t=27882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
