Re: call manager [7:28016]
Setup one as Publisher and the other one as Subscriber. You can get manuals from Cisco CCO. ""Paul Beckman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was wondering the best way to make a call manager redundant. We have two > servers but if one goes down then the phones have to reboot. I was > wondering if anyone had clustered a call manager. And if so anything I > should look out for. > > Thanks > Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28041&t=28016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT:Advise on Auction fraud [7:28004]
It pays to do research before you bid. If it's the first time you've bought on eBay, consider it a lesson. I look at the seller's feedback before I bid now, and also know of a few reputable folks that I *prefer* to do business with when they're selling an item. and a few that I *avoid* when buying. Names are withheld to protect the guilty. ;-) - Original Message - From: To: Sent: Monday, December 03, 2001 11:24 AM Subject: OT:Advise on Auction fraud [7:28004] > Sorry for off topic > I recentley bcame the victim of the Auction fraud the guy took my $1000 for > 2621 router and now not replying for my emails and also I came to know that > thi s guy is a fraud and done similiar thing to at least 4 other people ,Now > what are the options I have to get my money back from him > > Thanks for all your advise > Kaamvi _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28037&t=28004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CallManager (CM) Redundancy [7:28043]
Dear All, Need some advice on the redundancy features of CallManager. One of my customers is asking about the redundancy features of CM - he is thinking of putting 2 CM servers at a main site providing local server redundancy, however, there will be a third CM server at a remote site which provide site redundancy. In case the main site fails, he wants the remote CM to take over the CM function of the main site without downtime. Please note that there are about 400 phone users at the main site and about 50 phone users at the remote site. Please advise how it can be done. Also this customer intend to have a leased line between the main site and the remote site to support voice and data requirements. However, the customer want to make sure that stable voice communication between the two sites is always available, hence when the leased line is not stable (for instance there were a lot of hits on the link) or down, the voice should be rerouted to the PSTN. Please advice how to configure the CM/router such that the call can be routed to the PSTN when the leased line is not stable. Can I use policy routing to achieve this? Thanks in advance! Maurice Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28043&t=28043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finally CCNP!! [7:28026]
Congratulations Adil, I'm glad my sw helped you out. Ole Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.RouterChief.com NEED A JOB ??? http://www.oledrews.com/job -Original Message- From: adil On-Line [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 5:09 PM To: [EMAIL PROTECTED] Subject: Finally CCNP!! [7:28026] Hello Group!! I just finished CIT today & finally a CCNP, Used Cisco press books for it. Many thanks to this wonderful group. Special thanks to Ole Drews Jensen for his Switching Commands software, which helped me with commands. Thanks a lot, God bless!! ADIL Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28042&t=28026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Finally CCDP too!! [7:28040]
I wanted to thank everyone who helped me focus and pass the CID exam. Specifically, Jim Walker and Scott Nawalaniec! Thanks for your encouragement and direction in the areas to zero in on. This test is a bruiser! But with perseverance you can get by it too! Darren x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx$:0`0:$xx Lucent Technologies NetworkCare Professional Services http//www.lucent.com/netcare/ Darren S. Crawford - CCNP, CCDP, CCIE TBA Northwest Region - Sacramento Office Voicemail (916) 859-5200 x310 Pager (800) 467-1467 mailto:[EMAIL PROTECTED] x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx$:0`0:$xx "You always have time for things you put first" - Tucker Resources Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28040&t=28040 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
xyplex server.... [7:28039]
Group, I am having problems with my xyplex server. I have forgot the port parameter for carriage return. When I type reload, I can't type confirm. My xyplex simply goes to the next line. Is there source documentation on the web ? (xyplex is the poor man terminal server. Some of us can't afford a cisco router for this function.) GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/web/. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28039&t=28039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Is there a Study Group in Stamford CT? [7:28038]
I am looking for a CCNP/CCDP study group in Stamford CT or somewhere in lower Fairfield county. If there isn't one locally I would be interested in forming one. Please email me if you are interested. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28038&t=28038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ipsec funda [7:28036]
Folks, I was reading the article about IPSec and thought some of u might enlighten my doubts. As we know IETF had split the IPsec into 2 parts namely Ipsec and IKE. 1)Since IPsec(Ah or ESP)can provide all the Encryption,Authentication and intergrity,do we still need a IKE for creating Encrpytion tunnel? 2)Whats the use of IKE? Is it just used to create the key which Ipsec uses for Encryption or Authentication? Or does itself create the Encryption tunnel and authenticates?. 3)Who does the Encrption and Authentication? cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28036&t=28036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Routers as tftp servers [7:27912]
Ok, I guess I need to explain my question in other words. If you are at the console of route A, can you upload a config file from router A to Router B? Thanks John Tafasi ""Nicolas FEVRIER"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > "TFTP does not provide any security for file transfers, so it should not be > > available to a public firewall interface. Unauthorized users can upload new > > config files to your router, as well as download your current stored > configs > > for analysis." > > > > How can you configure the router to accept TFTP file uploads? > > I use : > tftp-server flash:c3640-is-mz.121-5.T9.bin > in my "source" router to allow other routers to copy the ios image from > this > one. > > Check this out : > http://www.cisco.com/warp/public/63/copyimage.html > > Nicolas. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28035&t=27912 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab available in Melbourne Australia [7:28034]
Hi All, Is anyone interested in buying into a shared CCIE Lab available over the Net in Melbourne? Lab is complete including Cat switches, ATM, VOIP, and lots of 3600 and 2500 routers. Anyone interested and want diagrams etc email me off list. Darren Ward (PGradCS, CCIE #8245, MCP) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28034&t=28034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Advise on Auction fraud [7:28004]
Also, I strongly reccomend against buying big-ticket items from sellers that are overseas. If you do, pay the extra to use an escrow service. I bid on a 26xx from a chap on Ebay. The listing said he was in Germany. When I won the auction, I got the actual contact info and he had registered the account under an address in North Carolina. When I asked him about it, he stopped returning my e-mails. I feel like I saved myself from getting burned. -Ejay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 2:24 PM To: [EMAIL PROTECTED] Subject: OT:Advise on Auction fraud [7:28004] Sorry for off topic I recentley bcame the victim of the Auction fraud the guy took my $1000 for 2621 router and now not replying for my emails and also I came to know that thi s guy is a fraud and done similiar thing to at least 4 other people ,Now what are the options I have to get my money back from him Thanks for all your advise Kaamvi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28020&t=28004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT:Advise on Auction fraud [7:28004]
If you bought from Ebay, you have their slow complaint process to help (sorta :o) If you used PayPal, both you and the seller are verified, and you used a credit card- you're covered. Rule of thumb though, escrow any purchase you cannot afford to lose. I have purchased my entire lab off of Ebay and have had very snags, but I know it can and does happen. I know Brad Ellis, www.Netfix.com, and host of others are willing to sell @ a somewhat reasonable price and will take that uncertainty of whether it work or will it arrive away. Do tell- who was the seller ??? I've got a couple of Ebay surnames that have goofed over some people I work with. All the best !!! Phil - Original Message - From: To: Sent: Monday, December 03, 2001 2:24 PM Subject: OT:Advise on Auction fraud [7:28004] > Sorry for off topic > I recentley bcame the victim of the Auction fraud the guy took my $1000 for > 2621 router and now not replying for my emails and also I came to know that > thi s guy is a fraud and done similiar thing to at least 4 other people ,Now > what are the options I have to get my money back from him > > Thanks for all your advise > Kaamvi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28029&t=28004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CPA 25xx Upgrade Tool [7:28018]
Phil... I had to search the archives for that darned link too, but I finally found it - it's the Router Software Loader (RSL), also known as the CiscoPro upgrade tool http://www.cisco.com/pcgi-bin/tablebuild.pl/rsl (requires CCO login account) - Original Message - From: "Circusnuts" To: Sent: Monday, December 03, 2001 1:49 PM Subject: CPA 25xx Upgrade Tool [7:28018] > Man-o-man !!! It took me a while to track this down this afternoon. If you > upgrading a CPA router, you'll need this piece of software. > > All the best !!! > Phil _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28033&t=28018 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SCCUG - Los Angeles Area Cisco Users Group Meeting This [7:28032]
Just want to let you all (or at all you in to Southern Califorina area) know that we will be having our monthly Southern California Cisco Users Group meeting this Thursday at Infonet in El Segundo. This month we will be featuring a discussion panel. While this may not be the usual techincal presentaion that we have, we are hoping to answer all those other questions that you ay have regarding career, certification, training, new technologies, business prospects for 2002... For time and directions: Thursday - December 6th 2001 6:00 - 7:00 Dinner (Free) 7:00 - 9:00 Discussion SCCUG @ Infonet 2160 E. Grand Ave El Segundo, CA 90245 Directions to Infonet: >From the 405 take the El Segundo off ramp and turn right on to El Segundo Blvd. From El Segundo turn right onto Continental and right again on Grand Ave. We are a three story glass structure with a very large Infonet sign. http://www.sccug.org Thanks, Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28032&t=28032 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT question [7:27964]
i think baseline - Original Message - From: Mark Odette II To: Sent: Monday, December 03, 2001 12:16 PM Subject: RE: CIT question [7:27964] > I'm not sure what exactly it is, but the first thing that comes to mind is > maybe an SNMP profile, or the level of Syslog to specify with logging to a > remote syslog server. > > -Mark Odette II > CCNA, 3/4 CCNP, MCSE 4.0/2000, A+ certified. > StellarConnection Services > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Vajira Wijesinghe > Sent: Sunday, December 02, 2001 9:26 PM > To: [EMAIL PROTECTED] > Subject: CIT question [7:27964] > > > In a recent sitting for the CIT paper I found a question asking to name > the "profile" which network engineers maintain, objective being to > monitor/record a certain type of network activity over a period of time > so that it could be useful in arriving into conclusions in a problematic > situation. > Does any one could give some clue as to what this "profile"is? > > Thanks > - (on postoffice) > > The information contained in this email is confidential and is meant to be > read only by the person to whom it is addressed.Please visit > http://www.millenniumit.com/legal/email.htm to read the entire > confidentiality clause. > > - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28031&t=27964 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN layer 2 issue [7:28013]
what i'm trying to say is that normally either multiple_frame_established or tei_assigned is displayed but in this case i have the 2 displayed at the same time like this =multiple_frame_established =tei_assigned =tei_assigned looks like a bug or something. John. >From: "Priscilla Oppenheimer" >Reply-To: "Priscilla Oppenheimer" >To: [EMAIL PROTECTED] >Subject: Re: ISDN layer 2 issue [7:28013] >Date: Mon, 3 Dec 2001 18:18:56 -0500 > >Multiple_frames_established is a good state. It's what you want to see. > >TEI_assigned is a good intermediate state. It means that the terminal >endpoint identifier has been assigned, which is a good thing. But the state >should progress to multiple_frames_established, from what I understand. > >On the other hand, in a DDR environment, if the link goes idle, you might >go back to TEI_assigned and that is not a problem. It just means no data is >going across. > >Check this out: > >http://www.cisco.com/warp/public/129/bri_sh_isdn_stat.html#second > >Priscilla > >At 04:05 PM 12/3/01, you wrote: > >Hello all, > > > >on using the 'show isdn status' > > > >i get 3 lines for the layer 2 section.. one says >multiple_frames_established > >while the others say tei_assigned > > > >whats does this mean? and how can i resolve this issue > > > >regards, > > > >John > > > >_ > >Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp > > >Priscilla Oppenheimer >http://www.priscilla.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28030&t=28013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: secondary ip address on e0? [7:28027]
Configuring Sub-interfaces on a c1603 What could possibly go wrong?? It looked so easy in the book. Does this mean I must use secondary IP addresses on the e0, and sub-interfaces only on s0? Eg., #int e0 ip address [i.p.address] [subnet.mask] secondary #int s0.1 ip address [i.p.address] [subnet.mask] In the book it said that "secondary" IP addresses were being phased out in the newer IOS. Help please... -Anil - Rustyb#conf t Enter configuration commands, one per line. End with CNTL/Z. rustyb(config)#int e0 rustyb(config-if)#ip address 193.9.56.1 255.255.255.0 rustyb(config-if)#int e0.1 rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10 or ISL vLAN. rustyb(config-subif)#exit rustyb(config)#int e0 rustyb(config-if)#no shut rustyb(config-if)# rustyb(config-if)# rustyb(config-if)#int e0.1 rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10 or ISL vLAN. rustyb(config-subif)# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28027&t=28027 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN layer 2 issue [7:28013]
Multiple_frames_established is a good state. It's what you want to see. TEI_assigned is a good intermediate state. It means that the terminal endpoint identifier has been assigned, which is a good thing. But the state should progress to multiple_frames_established, from what I understand. On the other hand, in a DDR environment, if the link goes idle, you might go back to TEI_assigned and that is not a problem. It just means no data is going across. Check this out: http://www.cisco.com/warp/public/129/bri_sh_isdn_stat.html#second Priscilla At 04:05 PM 12/3/01, you wrote: >Hello all, > >on using the 'show isdn status' > >i get 3 lines for the layer 2 section.. one says multiple_frames_established >while the others say tei_assigned > >whats does this mean? and how can i resolve this issue > >regards, > >John > >_ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28028&t=28013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Finally CCNP!! [7:28026]
Hello Group!! I just finished CIT today & finally a CCNP, Used Cisco press books for it. Many thanks to this wonderful group. Special thanks to Ole Drews Jensen for his Switching Commands software, which helped me with commands. Thanks a lot, God bless!! ADIL Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28026&t=28026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CPA 25XX Upgrade Tool [7:28025]
Man-o-man !!! It took me a while to track this down this afternoon. If you upgrading a CPA router, you'll need this piece of software. http://www.cisco.com/cgi-bin/Software/Tablebuild/tablebuild.pl/rsl All the best !!! Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28025&t=28025 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Radius on NT 2000 Server [7:27525]
I recently heard from a course instructor that Tacas+ was not available on the 3005 VPN concentrator. Is their any thruth to this? Is there any plan to support it if they are moving away from radius? Brian Wilkins wrote: > I spent the better part of a week trying this because, obviously, the price > is right. I couldn't get it to even come close to working. We ended up > purchasing CiscoSecure ACS for around $4k, which supports unlimited devices, > unlimited users and works great. We're running 2.6, but 3.0 was just > released which supports authentication via MS Active Dictory, LDAP, etc. > (but not Novell NDS), as well as (of course) an internal Cisco database. > > Also, and FYI: I spoke to TAC and Cisco is moving away from RADIUS toward > TACACS+. In fact on the new equipment such as the cat 3500's, RADIUS isn't > even an option. > > Best of luck, > > Brian > > Eric Hauptman wrote: > > > > Does anyone have any pointers on getting a Cisco router talking > > to IAS > > running > > on a Windows 2000 server. I think I have everything configured > > correctly and it is still not working. Thanks > > > > Eric Hauptman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28024&t=27525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Line is up and line protocol is up ANSW [7:27930]
Yup, up and up, you got LMI between you and the switch not an active PVC. Dave Donald wrote: > > Not necessarily you can have a frame connection in an up/up state and not > transfer data can't you. > > - Original Message - > From: "Gregg Malcolm" > To: > Sent: Sunday, December 02, 2001 12:01 PM > Subject: RE: Serial Line is up and line protocol is up ANSW [7:27930] > > > Anil, > > > > I'm sorry, my explaination wasn't very good. The answer can't be B since > > you have no information saying data is being sent and received. The > answer > > A does fit since a frame relay connection is active if int status is > UP/UP. > > > > As far as the 2nd part, AFAIK not every encap uses keepalives. Frame > Relay > > is somewhat special in that an UP/UP status really means that data COULD > be > > xfer'ed. The case of the broken remote CSU/DSU does not fit this > scenarios > > since keepalives would not be received. The question seems geared toward > > trying to trick the engineer into thinking that data is being xfered vs. > > could be. Many encap use keepalives. A few are F/R, ATM, PPP and HDLC > (PPP > > uses an echo). Not sure if all do (probably not). Hope that helps. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28023&t=27930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN layer 2 issue [7:28013]
That's a good question that I don't have an answer for but I can tell you I have seen status of TEI assigned and it worked fine though in general multiframe established gives me the warm fuzzy! Dave John Kale wrote: > > Hello all, > > on using the 'show isdn status' > > i get 3 lines for the layer 2 section.. one says multiple_frames_established > while the others say tei_assigned > > whats does this mean? and how can i resolve this issue > > regards, > > John > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28021&t=28013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Your IPsec tunnel has been terminated? [7:28022]
I have set up several of our staff with the Unity client (3.0.3) to connect over the local cable company's @home network to our Pix 506. The VPNs work fine, connect and traffic flows but in the middle of work the tunnel drops and the message that your IPsec tunnel has been terminated appears. You can immediatley reconnect and resume your work only to be booted out again at random. We have only set up a few "after-hours" staff to use VPN's so I am sure that while this is happening only two of the possbile five tunnels are in use. Any ideas as to timers to extend or configure? I have already set the peer response timeout in the client to 480 seconds without resolution. Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28022&t=28022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN layer 2 issue [7:28013]
The following URLs should give you lots of ISDN installation and troubleshooting advice. They are not necessarily in the order of preference. http://www.cisco.com/warp/cpropub/45/ISDN_TS.htm http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1917.htm#xtocid117 1410 http://www.ieng.com/networkers/nw00/pres/3304/3304.htm Go to the ISDN and Dial Features PDF www.cisco.com/go/packet/isdn > -Original Message- > From: John Kale [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 03, 2001 3:05 PM > To: [EMAIL PROTECTED] > Subject: ISDN layer 2 issue [7:28013] > > > Hello all, > > on using the 'show isdn status' > > i get 3 lines for the layer 2 section.. one says > multiple_frames_established > while the others say tei_assigned > > whats does this mean? and how can i resolve this issue > > regards, > > John > > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28019&t=28013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Serial Line is up and line protocol is up ANSW [7:27930]
Not necessarily you can have a frame connection in an up/up state and not transfer data can't you. - Original Message - From: "Gregg Malcolm" To: Sent: Sunday, December 02, 2001 12:01 PM Subject: RE: Serial Line is up and line protocol is up ANSW [7:27930] > Anil, > > I'm sorry, my explaination wasn't very good. The answer can't be B since > you have no information saying data is being sent and received. The answer > A does fit since a frame relay connection is active if int status is UP/UP. > > As far as the 2nd part, AFAIK not every encap uses keepalives. Frame Relay > is somewhat special in that an UP/UP status really means that data COULD be > xfer'ed. The case of the broken remote CSU/DSU does not fit this scenarios > since keepalives would not be received. The question seems geared toward > trying to trick the engineer into thinking that data is being xfered vs. > could be. Many encap use keepalives. A few are F/R, ATM, PPP and HDLC (PPP > uses an echo). Not sure if all do (probably not). Hope that helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28010&t=27930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CPA 25xx Upgrade Tool [7:28018]
Man-o-man !!! It took me a while to track this down this afternoon. If you upgrading a CPA router, you'll need this piece of software. All the best !!! Phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28018&t=28018 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Diffle-Hellman Exchange Question [7:27952]
Alex, your are 100% correct. Whitfield & Martin (using modular arithmetic) found a beautiful algorithm in which partners agree in a same key exchanging part of his/her initial secret key. Never the key will be exchanged in the public network. As the key is the same for both partners, it is good for symetric encryption (fast) like DES. -Original Message- From: Alex Lei [mailto:[EMAIL PROTECTED]] Sent: segunda-feira, 3 de dezembro de 2001 16:12 To: [EMAIL PROTECTED] Subject: RE: Diffle-Hellman Exchange Question [7:27952] Hello Hunt, In my understanding the shared key never go across the network. Each peer computes it out separately. Where did you see in CCO saying that the DES key is sent across the internet? Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28017&t=27952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
call manager [7:28016]
I was wondering the best way to make a call manager redundant. We have two servers but if one goes down then the phones have to reboot. I was wondering if anyone had clustered a call manager. And if so anything I should look out for. Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28016&t=28016 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VoIP MC-3810 [7:27874]
It has the part# 47-4567-02 Rev AO that is later than 17-4840 rev 03 Great! :-) -Original Message- From: Peter Whittle [mailto:[EMAIL PROTECTED]] Sent: sabado, 1 de dezembro de 2001 07:45 To: [EMAIL PROTECTED] Subject: Re: VoIP MC-3810 [7:27874] Hugo, Your sh ver looks promising. The definitive way is to look at the BOTTOM and see if they are p.n.: 17-4840 rev 03 or later. I believe that they contain System Bootstrap Version 12.0(6r)T4. By the way the 12.0(6r)T4 is the WBOOT code that you need to support 32 Mb Flash. You will need atleast 16 Mb Flash if you want to run current enterprise feature set. If you can get by with ip plus then you can get by with your existing 8 Mb. Remember, if money is tight and you have upgraded the DRAM to 64 Mb you could always boot the IOS from a TFTP server instead of from flash, just watch out when you do a 'wr erase' to clear out the configs as it will no longer know its ip address and you will end up running the flash IOS. Peter In article , [EMAIL PROTECTED] writes >Peter, > >Thank you for replying. Great info that the IOS image should contain >"v5" feature set. ;-)) > >The box is an MC-3810 (not V or V3) with 32MB DRAM and 8MB flash with >mc3810-is-mz.120-5.XK image. > >ROM: System Bootstrap, Version 12.0(6r)T4, RELEASE SOFTWARE (fc1) >ROM: MC3810 Software (MC3810-WBOOT-M), Version 12.0(6r)T4, RELEASE >SOFTWARE (fc1) > >As fas I understood reading the notes at: > >this box will recognize a 64MB DRAM. > >Am I correct? > >TIA > > >-Original Message- >From: Peter Whittle [mailto:[EMAIL PROTECTED]] >Sent: sexta-feira, 30 de novembro de 2001 21:40 >To: [EMAIL PROTECTED] >Subject: Re: VoIP MC-3810 [7:27874] > > >The MC-3810 supports VoIP if you have a v5 variant of the IOS. > >eg enterprise + voatm + voip would be mc3810-a2jsv5_122-3.bin > >Of course you need a voice module, AVM (analogue), BVM (ISDN Bri), >DVM (ISDN Pri, CAS) and any load will do vofr. > > >However, VoIP loads require 64 Mbytes DRAM. > >If you upgrade an old mc-3810 or mc-3810v you need recent BOOTROMs, >take >a look in the release notes for details. If your bootroms are not >recent >enough then a 64Mb SIMM will only show up as 16 Mb! The bootroms are a >free of charge item. You will have to pay postage and may need to >order >them via a partner if you don't have SMARTNET on the routers. > >Peter > > > In article , [EMAIL PROTECTED] > writes >>Just to confirm. Can a MC-3810 do VoIP or only VoFR? >> >>Thanks, >> >>Hugo >>html >>Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] >> > -- Peter Whittle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28015&t=27874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE R/S written [7:27968]
i believe that would be boson #3 -Original Message- From: juno vtv [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 2:59 PM To: [EMAIL PROTECTED] Subject: Re: CCIE R/S written [7:27968] The boson exam with over 400 question was written by Dennis Laganiere. Sorry if I mangled your last name Dennis. -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28014&t=27968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN layer 2 issue [7:28013]
Hello all, on using the 'show isdn status' i get 3 lines for the layer 2 section.. one says multiple_frames_established while the others say tei_assigned whats does this mean? and how can i resolve this issue regards, John _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28013&t=28013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
secondary ip address on e0? [7:28012]
Configuring Sub-interfaces on a c1603 What could possibly go wrong?? It looked so easy in the book. Does this mean I must use secondary IP addresses on the e0, and sub-interfaces only on s0? Eg., #int e0 ip address [i.p.address] [subnet.mask] secondary #int s0.1 ip address [i.p.address] [subnet.mask] In the book it said that "secondary" IP addresses were being phased out in the newer IOS. Help please... -Anil - Rustyb#conf t Enter configuration commands, one per line. End with CNTL/Z. rustyb(config)#int e0 rustyb(config-if)#ip address 193.9.56.1 255.255.255.0 rustyb(config-if)#int e0.1 rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10 or ISL vLAN. rustyb(config-subif)#exit rustyb(config)#int e0 rustyb(config-if)#no shut rustyb(config-if)# rustyb(config-if)# rustyb(config-if)#int e0.1 rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0 Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10 or ISL vLAN. rustyb(config-subif)# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28012&t=28012 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE R/S written [7:27968]
The boson exam with over 400 question was written by Dennis Laganiere. Sorry if I mangled your last name Dennis. -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28011&t=27968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Advise on Auction fraud [7:28004]
I had an experience with an eBay auction where the fellow didn't ship the router. I had paid by Money Order. He had cashed it. I contacted eBay. They gave me the person's phone number and address. I called. He hung up. I called the local Sheriff and filed a complaint. They visited his home. He shipped. If the person with whom you are dealing has committed a crime then get the local law enforcement on his case. If you know the names of others who have also been defrauded, ask them to also file a complaint. Give the auction company grief. Have the thief barred from selling. Post his name here so we don't get taken. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 03, 2001 1:24 PM > To: [EMAIL PROTECTED] > Subject: OT:Advise on Auction fraud [7:28004] > > > Sorry for off topic > I recentley bcame the victim of the Auction fraud the guy > took my $1000 for > 2621 router and now not replying for my emails and also I > came to know that > thi s guy is a fraud and done similiar thing to at least 4 > other people ,Now > what are the options I have to get my money back from him > > Thanks for all your advise > Kaamvi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28009&t=28004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: O/T Cisco article from SJ Mercury [7:28007]
Cool article. Thnaks! ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This is filler due to the GroupStudy bug that eliminates text with URLs at > the beginning of messages. This is filler due to the GroupStudy bug that > eliminates text with URLs at the beginning of messages. This is filler due > to the GroupStudy bug that eliminates text with URLs at the beginning of > messages. This is filler due to the GroupStudy bug that eliminates text > with URLs at the beginning of messages. > > FYI: Interesting article on the "true" history of Cisco, with more credit > given to Stanford and less to Bosack and Lerner. > > http://www.siliconvalley.com/docs/news/depth/cisco120201.htm > > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28008&t=28007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
O/T Cisco article from SJ Mercury [7:28007]
This is filler due to the GroupStudy bug that eliminates text with URLs at the beginning of messages. This is filler due to the GroupStudy bug that eliminates text with URLs at the beginning of messages. This is filler due to the GroupStudy bug that eliminates text with URLs at the beginning of messages. This is filler due to the GroupStudy bug that eliminates text with URLs at the beginning of messages. FYI: Interesting article on the "true" history of Cisco, with more credit given to Stanford and less to Bosack and Lerner. http://www.siliconvalley.com/docs/news/depth/cisco120201.htm Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28007&t=28007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: O/T Cisco article from SJ Mercury [7:28005]
Thanks for the article Priscilla. It was very enlightening. -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28006&t=28005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
O/T Cisco article from SJ Mercury [7:28005]
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:Advise on Auction fraud [7:28004]
Sorry for off topic I recentley bcame the victim of the Auction fraud the guy took my $1000 for 2621 router and now not replying for my emails and also I came to know that thi s guy is a fraud and done similiar thing to at least 4 other people ,Now what are the options I have to get my money back from him Thanks for all your advise Kaamvi Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28004&t=28004 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN and NAT [7:28003]
Hi, I try to connect a Cisco router to both the Internet and the office HQ. Both connections assign a dynamic IP address when the connection i established. The relevant part of the config (Running 11.3(9): ip subnet-zero ip nat inside source list 1 interface BRI0 overload isdn switch-type basic-net3 ! ! interface Ethernet0 ip address 192.168.165.100 255.255.255.0 ip nat inside ! interface BRI0 ip address negotiated ip nat outside encapsulation ppp dialer pool-member 1 ppp authentication chap pap callin ! interface Dialer1 description *** Connected to HQ *** ip address negotiated ip nat outside encapsulation ppp load-interval 30 dialer remote-name dialer string dialer-group 1 ppp authentication chap pap callin ppp pap sent-username password 7 ! interface Dialer2 description *** Connected to ISP *** ip address negotiated ip nat outside encapsulation ppp load-interval 30 dialer remote-name dialer string dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp pap sent-username password 7 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer2 ip route 132.229.0.0 255.255.0.0 Dialer1 ! access-list 1 permit any dialer-list 1 protocol ip permit If a packet for the HQ arrives, the ISDN-line will open, and the connection will work. The same counts for a packet to HQ, but with one link up, the other won't work. Does anyone have a clue how to solve this? I think the combination with NAT and negotiated IP address is the problem. With fixed addresses it'll work, but unfortunately I can get only 1 IP-address fixed (no, not the HQ-one, not within a reasonable timeframe :*( Does anyone knows a way to solve/workaround this? TIA! Marcel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28003&t=28003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: "sh IP route" and IP question [7:27997]
Can you send the configs of the 2 routers? -Original Message- From: Bob Perez [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 1:00 PM To: [EMAIL PROTECTED] Subject: "sh IP route" and IP question [7:27997] I have a ISDN failover connection and whenever the connection kicks in and I do a "show IP route" I get the following information and it is not correct. Atlanta RTR(I did "sh ip ro")- C 128.121.22.146/32 BRI0/0 When in actuality, the BRI int on the other router is 128.121.22.146/28 I disconnect the ISDN and the route disappears which is what should happen Does anyopne know what would cause the one router to detect the wrong net address from the other routers BRI? This is stopping me from being able to hit the other router when the S0/0 goes down. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28001&t=27997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: "sh IP route" and IP question [7:27997]
The good ole PPP host route generated by PPP. If you use HDLC encap it will not happpen but they you have to for go all the nice things PPP encap gies ya. You can also disable the host route genration on the BRI interface. Raul - Original Message - From: "Bob Perez" To: Sent: Monday, December 03, 2001 12:59 PM Subject: "sh IP route" and IP question [7:27997] > I have a ISDN failover connection and whenever the connection kicks in and I > do a "show IP route" I get the following information and it is not correct. > Atlanta RTR(I did "sh ip ro")- C 128.121.22.146/32 BRI0/0 When in > actuality, the BRI int on the other router is 128.121.22.146/28 > I disconnect the ISDN and the route disappears which is what should happen > > Does anyopne know what would cause the one router to detect the wrong net > address from the other routers BRI? This is stopping me from being able to > hit the other router when the S0/0 goes down. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28002&t=27997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[4]: VPN is a Backdoor !!! [7:27725]
Not sure what you mean by this. The VPN technology used is irrelevant. If I have a home user who uses their laptop to access the Internet, there are various ways that machine could become compromised. If that user then attaches to the VPN, I have a machine on my VPN that is compromised. It doesn't matter what the method of VPN is (L2TP with IPsec, PPTP, etc), it's not going to keep a compromised machine from continuing to be compromised. All the VPN can do is keep a non-compromised machine from becoming compromised through the VPN. If the machine is compromised before it connects to the VPN, no amount of VPN technology is going to help. This issue is not solvable through VPN technology because it isn't a VPN problem. It's an end-station access control problem. At the end of the day, if your users are allowed to completely control their own machines, the liklihood that someones machine will be compromised approaches 1.0. (in other words, certainty) This risk can be mitigated through various software and poliices, but it cannot be eliminated. -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SentinuS Sent: Saturday, December 01, 2001 5:35 AM To: [EMAIL PROTECTED] Subject: Re[4]: VPN is a Backdoor !!! [7:27725] May be. But if you use L2TP or Layer 3 transport on VPN, all your mobile users could be Local. Thus you don't need to additional security on your Mobile user (I mean firewall or anti-virus app.) SentinuS Friday, November 30, 2001, 6:07:02 PM, you wrote: KH> Your right, but it is nearly impossible to secure the client. The problem KH> is that no matter how much education you give users, most will still do the KH> "wrong" thing given the right circumstances. For example, if they are in a KH> chat room and someone they are communicating with sends them a file, most KH> will open it, no matter how many times you tell them not to. --cut here--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28000&t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Diffle-Hellman Exchange Question [7:27952]
I have a link here for your reference. Read the section on RSA. http://www.cisco.com/warp/public/105/IPSECpart3.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27999&t=27952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Diffle-Hellman Exchange Question [7:27952]
Hello Hunt, In my understanding the shared key never go across the network. Each peer computes it out separately. Where did you see in CCO saying that the DES key is sent across the internet? Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27998&t=27952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
"sh IP route" and IP question [7:27997]
I have a ISDN failover connection and whenever the connection kicks in and I do a "show IP route" I get the following information and it is not correct. Atlanta RTR(I did "sh ip ro")- C 128.121.22.146/32 BRI0/0 When in actuality, the BRI int on the other router is 128.121.22.146/28 I disconnect the ISDN and the route disappears which is what should happen Does anyopne know what would cause the one router to detect the wrong net address from the other routers BRI? This is stopping me from being able to hit the other router when the S0/0 goes down. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27997&t=27997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: over 1700 passing ccie written every month [7:23860]
Oh brother... here we go again... ""Tim Booth"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > It's fine to have a healthy opinion of Cisco vs Microsoft accreditations > but > > I do think you are severely underestimating the new Microsoft exams. > > The new Microsoft exams are a joke. They do NOT test your knowledge on > Microsoft products. They're absolutely terrible tests IMO. Certainly they > don't test your ability to do anything constructive, and certainly don't > compare to Cisco exams much less the IE lab for how much they actually test > useful knowledge. > > Kind Regards, > Tim Booth Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27996&t=23860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VoIP MC-3810 [7:27874]
Surely I will check. I will also check the part number and reply soon. Thank you a lot. -Original Message- From: Peter Whittle [mailto:[EMAIL PROTECTED]] Sent: sabado, 1 de dezembro de 2001 07:55 To: [EMAIL PROTECTED] Subject: Re: VoIP MC-3810 [7:27874] Hugo, If you are after some e.g. configs take a look at my earlier post in the GroupStudy ccielab archives. Posting 200111/msg01481. Peter article , [EMAIL PROTECTED] writes >Peter, > >Thank you for replying. Great info that the IOS image should contain >"v5" feature set. ;-)) > >The box is an MC-3810 (not V or V3) with 32MB DRAM and 8MB flash with >mc3810-is-mz.120-5.XK image. > >ROM: System Bootstrap, Version 12.0(6r)T4, RELEASE SOFTWARE (fc1) >ROM: MC3810 Software (MC3810-WBOOT-M), Version 12.0(6r)T4, RELEASE >SOFTWARE (fc1) > >As fas I understood reading the notes at: > >this box will recognize a 64MB DRAM. > >Am I correct? > >TIA > > >-Original Message- >From: Peter Whittle [mailto:[EMAIL PROTECTED]] >Sent: sexta-feira, 30 de novembro de 2001 21:40 >To: [EMAIL PROTECTED] >Subject: Re: VoIP MC-3810 [7:27874] > > >The MC-3810 supports VoIP if you have a v5 variant of the IOS. > >eg enterprise + voatm + voip would be mc3810-a2jsv5_122-3.bin > >Of course you need a voice module, AVM (analogue), BVM (ISDN Bri), >DVM (ISDN Pri, CAS) and any load will do vofr. > > >However, VoIP loads require 64 Mbytes DRAM. > >If you upgrade an old mc-3810 or mc-3810v you need recent BOOTROMs, >take >a look in the release notes for details. If your bootroms are not >recent >enough then a 64Mb SIMM will only show up as 16 Mb! The bootroms are a >free of charge item. You will have to pay postage and may need to >order >them via a partner if you don't have SMARTNET on the routers. > >Peter > > > In article , [EMAIL PROTECTED] > writes >>Just to confirm. Can a MC-3810 do VoIP or only VoFR? >> >>Thanks, >> >>Hugo >>html >>Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] >> > -- Peter Whittle Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27995&t=27874 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VACL to block AppleTalk [7:27994]
Anyone using any vacls to block AppleTalk on 6500's? Just looking for some veteran vacl guys/gals who are familiar with this. I think the following would work but I don't want to miss anything. set security acl mac NoAppleTalk deny any any ethertalk commit security acl NoAppleTalk set security acl map NoApple (vlan) Thanks, Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27994&t=27994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE R/S written [7:27968]
This brings up an excellent point. The current exam has been around for some time and we all know the types of things it covers. There are several books on the topic, a bunch of sites that offer training materials and, of course, the bosons. The new exam is an unknown beast, and it will take that much longer to prepare for. My advice for those who feel they might follow this track is to get it over with. As hard as it is, it will only be harder when the new one comes out because you won't have all the tools that are available today. I thought the ccbotcamp book was great, the Exam Cram was OK, and the prep guide was adequate. I used all three bosons, and they were great. I don't know remember which one, but one of them had over 400 questions. Just my $.02 >From: "Engelhard M. Labiro" >Reply-To: "Engelhard M. Labiro" >To: [EMAIL PROTECTED] >Subject: Re: CCIE R/S written [7:27968] >Date: Mon, 3 Dec 2001 08:41:41 -0500 > > > does any body knows the tentative date of the new version of CCIE R/S > > written qualificationt test would be applied > >The rumour is January 2002. > > >how much material > > difference it would be compared to the old one ? > >Have no idea. > > > I'm preparing for CCIE R/S written test, and it seems to be a bad time >for > > it because of the transtition period... > >Better hurry, since Bosons are quite good match for the real exam. > >HTH. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27993&t=27968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Private VLAN's & VTP [7:27940]
VLANs configured as PVLANs are done only when the VTP mode is transparent. So the VTP messages aren't carried or passed to the adjacent switch. You will have to configure in all the switches. By the way, which platform you are using and which version of software? Thanks Rajesh Urooj's Hi-speed Internet wrote: > Hi Folks, > Do VLAN's configured as PVLAN's get communicated throughout the VTP domain > via VTP messages or are they kept segregated ? Can someone please enlighten > me on this ? Thanks very much. > > Aziz [GroupStudy.com removed an attachment of type text/x-vcard which had a name of pikumar.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27992&t=27940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CIT question [7:27964]
They're probably talking about a baseline (monitor/record a certain type of network activity over a period of time). Shawn -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 02, 2001 11:16 PM To: [EMAIL PROTECTED] Subject: RE: CIT question [7:27964] I'm not sure what exactly it is, but the first thing that comes to mind is maybe an SNMP profile, or the level of Syslog to specify with logging to a remote syslog server. -Mark Odette II CCNA, 3/4 CCNP, MCSE 4.0/2000, A+ certified. StellarConnection Services -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vajira Wijesinghe Sent: Sunday, December 02, 2001 9:26 PM To: [EMAIL PROTECTED] Subject: CIT question [7:27964] In a recent sitting for the CIT paper I found a question asking to name the "profile" which network engineers maintain, objective being to monitor/record a certain type of network activity over a period of time so that it could be useful in arriving into conclusions in a problematic situation. Does any one could give some clue as to what this "profile"is? Thanks - (on postoffice) The information contained in this email is confidential and is meant to be read only by the person to whom it is addressed.Please visit http://www.millenniumit.com/legal/email.htm to read the entire confidentiality clause. - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27991&t=27964 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I use the xmodem -s 38400 in Cat6K [7:27936]
If I remember correctly, the last time I had to do this with a 6509 I used 115200 and it worked fine. -Patrick >>> "guest 2001" 12/01/01 09:29PM >>> I found a doc about howto use xmodem to recover the image of cat5000&4000,it says you can use the xmodem -s 38400 to download via console.And I also found a topic says recommand not to set the speed upper than 19200,the xmodem command has some option: -c to use crc16 -s set speed I am using the teraterm terminal emulator,It can support these, can I use "xmodem -s 38400 -c " command to recover the image. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27990&t=27936 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re[4]: VPN is a Backdoor !!! [7:27725]
I'm not sure I follow... At any time, regardless of protocol, a remote user coming in on a vpn has the potential to bring a hacker in with him. >>> "SentinuS" 12/01/01 08:35AM >>> May be. But if you use L2TP or Layer 3 transport on VPN, all your mobile users could be Local. Thus you don't need to additional security on your Mobile user (I mean firewall or anti-virus app.) SentinuS Friday, November 30, 2001, 6:07:02 PM, you wrote: KH> Your right, but it is nearly impossible to secure the client. The problem KH> is that no matter how much education you give users, most will still do the KH> "wrong" thing given the right circumstances. For example, if they are in a KH> chat room and someone they are communicating with sends them a file, most KH> will open it, no matter how many times you tell them not to. --cut here--- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27989&t=27725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP ONLY OVER ISDN [7:27972]
I'm wondering if this is a trick question. My first thought is that if you only configure an IP address on the link then only IP will pass over the link. Without additional configuration this alone would stop IPX, AT, bridged traffic, etc. from crossing the link. Another thought is that DLSw+ is IP, yet it carries bridged traffic. Do you want to stop that? Use an access list. The only other traffic then might be CDP, so use 'no cdp enable' on the BRI to turn that off. I suppose you wouldn't be able to stop someone from tunneling some other protocol in IP over the link but I don't think you're concerned about that. Am I making this harder than you intended? :-) Forgive me, I need more coffee and I have a cold. Regards, John >>> "Robert McCallum" 12/3/01 1:58:13 AM >>> Hi, Simple question here but how can you ensure that when an ISDN line is Up that no matter what is configured that ONLY IP can go across the line. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27988&t=27972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: isdn problem [7:27975]
Robert was right! ""sudhakar"" >Dear Sir > > i connected router1 and router2 by BRI0 isdn line, but it showing conection > fails., not pinging , So plese give me solution on this. > > waoting for u r replay > > router1 > > router1#sh run > Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname router1 > ! > > ! > username router2 password 0 router2 > ip subnet-zero > isdn switch-type basic-net3 > ! > ! > ! > ! > interface Ethernet0 > ip address 198.168.0.8 255.255.255.0 > no ip directed-broadcast > no ip route-cache > ! > interface Serial0 > description BLR-PUN LINK > bandwidth 64 > ip address 172.16.127.4 255.255.255.0 > no ip directed-broadcast > no ip route-cache > shutdown > no fair-queue > ! > interface BRI0 > ip address 172.16.130.2 255.255.255.0 > ip directed-broadcast > encapsulation ppp > dialer idle-timeout 500 > dialer-group 1 > isdn switch-type basic-net3 > no peer default ip address > no fair-queue > ppp authentication pap > > router rip > redistribute static > network 172.16.0.0 > > ip classless > ip route 0.0.0.0 0.0.0.0 172.16.130.1 > ! > ! > line con 0 > transport input none > line vty 0 4 > > ! > end > > Router2 > router2#sh run > Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug datetime msec > service timestamps log datetime msec > no service password-encryption > ! > hostname router2 > ! > enable password 12#$ > ! > username mcd password 0 12#$ > username router1 password 0 router1 > ip subnet-zero > isdn switch-type basic-net3 > ! > ! > ! > interface Ethernet0 > ip address 172.16.4.3 255.255.255.0 > ip directed-broadcast > no ip route-cache > ! > interface Serial0 > bandwidth 64 > ip address 172.16.129.1 255.255.255.0 > no ip directed-broadcast > ! > interface BRI0 > bandwidth 64 > ip address 172.16.130.1 255.255.255.0 > no ip directed-broadcast > encapsulation ppp > dialer idle-timeout 99 > dialer map ip 172.16.130.2 broadcast 2648970 > dialer hold-queue 25 > dialer load-threshold 1 either > dialer-group 1 > isdn switch-type basic-net3 > no peer default ip address > ppp authentication pap > ! > router rip > network 172.16.0.0 > ! > ip classless > ip route 0.0.0.0 0.0.0.0 172.16.4.1 > ip route 172.16.126.0 255.255.255.0 172.16.4.1 > ip route 172.16.130.0 255.255.255.0 172.16.130.2 > ! > dialer-list 1 protocol ip permit > ! > line con 0 > password 123 > transport input none > line vty 0 4 > password 123 > login > ! > end > > Debugg file > router2#debug is > router2#debug isdn eve > router2#debug isdn events > ISDN events debugging is on > router2#p > *Apr 19 04:52:15.118: ISDN BR0: TX -> RRp sapi = 0 tei = 94 nr = 10 > *Apr 19 04:52:15.158: ISDN BR0: RX INFOc sapi = 0 tei = 94 ns = 6 nr = > 10 > i = 0x080115050402889018018370088032363438393730 > *Apr 19 04:52:15.884: SETUP pd = 8 callref = 0x15 > *Apr 19 04:52:15.884: Bearer Capability i = 0x8890 > *Apr 19 04:52:15.888: Channel ID i = 0x83 > *Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970' > *Apr 19 04:52:15.944: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 11 > *Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193 > *Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned by > swi > tch 0 > ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 12 > *Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193 > *Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up > *Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to > 2648 > 970 > *Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout > *Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open > *Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10 > *Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3) > *Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64 Kb/s > *Apr 19 04:52:16.805: ISDN BR0: TX -> INFOc sapi = 0 tei = 94 ns = 7 nr = > 12 > i = 0x0801150F > *Apr 19 04:52:16.809: CONNECT_ACK pd = 8 callref = 0x15 > *Apr 19 04:52:16.813: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 13 > *Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id 0x8193 > Facility i = 0x91A1130202410B020122300AA1053003020101820100 > *Apr 19 04:52:16.844: - ETSI Supplementary Service, Invoke, AOC-D Charging > Uni > ts: 1 > *Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1 > *Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14 > *Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023) > *Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3) > *Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9 > *Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C22305) > *Apr 19 04:52:16.864:
RE: isdn problem [7:27975]
>From your config, I assume you ping from router 2 to 1 since you only have dialer map at BRI0 of router 2. I think you are missing this in the interface config of BRI0 at router 2 ppp pap sent-username ... password . Hope this helps... -Original Message- From: sudhakar [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 7:18 PM To: [EMAIL PROTECTED] Subject: isdn problem [7:27975] >Dear Sir i connected router1 and router2 by BRI0 isdn line, but it showing conection fails., not pinging , So plese give me solution on this. > waoting for u r replay router1 router1#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router1 ! ! username router2 password 0 router2 ip subnet-zero isdn switch-type basic-net3 ! ! ! ! interface Ethernet0 ip address 198.168.0.8 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface Serial0 description BLR-PUN LINK bandwidth 64 ip address 172.16.127.4 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown no fair-queue ! interface BRI0 ip address 172.16.130.2 255.255.255.0 ip directed-broadcast encapsulation ppp dialer idle-timeout 500 dialer-group 1 isdn switch-type basic-net3 no peer default ip address no fair-queue ppp authentication pap router rip redistribute static network 172.16.0.0 ip classless ip route 0.0.0.0 0.0.0.0 172.16.130.1 ! ! line con 0 transport input none line vty 0 4 ! end Router2 router2#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname router2 ! enable password 12#$ ! username mcd password 0 12#$ username router1 password 0 router1 ip subnet-zero isdn switch-type basic-net3 ! ! ! interface Ethernet0 ip address 172.16.4.3 255.255.255.0 ip directed-broadcast no ip route-cache ! interface Serial0 bandwidth 64 ip address 172.16.129.1 255.255.255.0 no ip directed-broadcast ! interface BRI0 bandwidth 64 ip address 172.16.130.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 99 dialer map ip 172.16.130.2 broadcast 2648970 dialer hold-queue 25 dialer load-threshold 1 either dialer-group 1 isdn switch-type basic-net3 no peer default ip address ppp authentication pap ! router rip network 172.16.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.4.1 ip route 172.16.126.0 255.255.255.0 172.16.4.1 ip route 172.16.130.0 255.255.255.0 172.16.130.2 ! dialer-list 1 protocol ip permit ! line con 0 password 123 transport input none line vty 0 4 password 123 login ! end Debugg file router2#debug is router2#debug isdn eve router2#debug isdn events ISDN events debugging is on router2#p *Apr 19 04:52:15.118: ISDN BR0: TX -> RRp sapi = 0 tei = 94 nr = 10 *Apr 19 04:52:15.158: ISDN BR0: RX INFOc sapi = 0 tei = 94 ns = 6 nr = 10 i = 0x080115050402889018018370088032363438393730 *Apr 19 04:52:15.884: SETUP pd = 8 callref = 0x15 *Apr 19 04:52:15.884: Bearer Capability i = 0x8890 *Apr 19 04:52:15.888: Channel ID i = 0x83 *Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970' *Apr 19 04:52:15.944: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 11 *Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193 *Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned by swi tch 0 ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 12 *Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193 *Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2648 970 *Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout *Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open *Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10 *Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3) *Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64 Kb/s *Apr 19 04:52:16.805: ISDN BR0: TX -> INFOc sapi = 0 tei = 94 ns = 7 nr = 12 i = 0x0801150F *Apr 19 04:52:16.809: CONNECT_ACK pd = 8 callref = 0x15 *Apr 19 04:52:16.813: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 13 *Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id 0x8193 Facility i = 0x91A1130202410B020122300AA1053003020101820100 *Apr 19 04:52:16.844: - ETSI Supplementary Service, Invoke, AOC-D Charging Uni ts: 1 *Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1 *Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14 *Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023) *Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3) *Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9 *Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C
Re: CBAC question [7:27751]
Remember this rule: For CBAC to work (let something back in), it has to have an access-list bocking it. Let me explain. CBAC is a tool the monitors communications over an interface and protects against session hijacking, and other hacking exploits. It's also a tool thet lets something pass through only if it started on the other side. So if you have a client inside that initiates a web page download, (port 80), CBAC will only let the page back in if it flow was initiated from iside the network first. It's a glorified access-list with the "established" keyword. You put CBAC on in interface in THE DIRECTON YOU WISH TO START THE COMMUNICATION. This starts the monitoring session of that flow. Then in order for the packet to come back in via CBAC, it needs an access list to first stop it. Here's a correct implementation of CBAC. Notice that access-list 100 blocks everything in the world but ping replies from comming back in. Without CBAC, nothing would come back in, but with CBAC on, if the communication started on the inside, the comminication will come back in. This is why you need an extended access-list for the external interface, because what if you just wanted to monitor POP3 mail sessions, you would need an extended list that can block 110. A standard list will not block 110. Current configuration : 1555 bytes ! version 12.2 no parser cache no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! logging rate-limit console 10 except errors no logging console enable secret 5 $1$VwiM$FoLwO/1A5zmRHzs5VzzNs/ ! memory-size iomem 15 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ! ! no ip domain-lookup ! ip inspect name stop tcp ip inspect name stop udp ip inspect name stop ftp ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 3 no ip dhcp-client network-discovery ! crypto mib ipsec flowmib history tunnel size 200 crypto mib ipsec flowmib history failure size 200 ! ! ! interface Ethernet0 ip address 192.168.42.254 255.255.255.0 ip access-group 100 in ip access-group 2 out ip nat outside ip inspect stop out half-duplex ! interface FastEthernet0 bandwidth 10 ip address 10.0.0.1 255.255.255.0 ip nat inside speed auto full-duplex ! ip default-gateway 192.168.42.1 ip nat pool test 192.168.42.254 192.168.42.254 netmask 255.255.255.0 ip nat inside source list 1 pool test overload ip classless ip route 0.0.0.0 0.0.0.0 192.168.42.1 no ip http server ! access-list 1 permit 10.0.0.0 0.0.0.255 access-list 2 permit 192.168.42.0 0.0.0.255 access-list 100 permit icmp any any echo-reply ! ! ! line con 0 password 16050 login line aux 0 password 16050 login line vty 0 4 password 16050 login line vty 5 15 password 16050 login ! no scheduler allocate end ""Matthew Crane"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Its all about what you want CBAC to do for you. CXBAC is there to prevent > access from outside to your network, so from inside to outside so keep as > loose a possible, hence standard access lists. > > For inbound access, then if you want CBAC to look at it, the inspection must > be more granular. > > For the purposes of CBAC you trust whats going out so access can be a vague > as you want, but inbound you do not trust at all, BUT it just might be > valid, but you wnat to inspect and know as much about the inbound tarffic as > possible before you make a decision on letting it in. > > > Hunt Lee wrote: > > > > I have read the MCNS (Cisco Press) book several times, > > expecially on Chapter > > 8, however, I'm still very confused about the following > > question: > > > > The book states that when configuring CBAC on an external > > interface, > > > > 1)The Outbound Access-List can be standard or extended > > 2)The Inbound Access-List MUST be extended > > > > And when configuring CBAC on an external interface, > > > > 1)The Inbound Access-List at the internal interface or > > Outbound > > Access-List can be either standard or extended > > 2)The Outbound Access-List at internal interface or Inbound > > Access-List > > at external interface MUST be extended. > > > > It also states that for CBAC to create a temporary opening in an > > access-list, the access-list Must be extended? > > > > > > Any help is greatly appreciated. > > > > Best Regards, > > Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27985&t=27751 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat5 OS on Catalyst 1200 [7:27969]
Yes, it is set base but many commands are different such as cat5 enable) set vlan 2 port 2-3 cat12 enable) set bridge vlan 2 port 2-3 Anyone know is it possible to load cat5 OS on cat1200? Regards, Fanglo On Mon, 3 Dec 2001, Circusnuts wrote: > I think what you're hearing, is that the OS looks the same. 1200 OS is set > based and reacts just like the 5000's CatOS, but not many features of > course. I think the last revision for the 1200 OS was either in 1996 or > 1997. > > Phil > > - Original Message - > From: "Fanglo MA" > To: > Sent: Monday, December 03, 2001 1:03 AM > Subject: Cat5 OS on Catalyst 1200 [7:27969] > > > > Dear ALL, > > > > I have told that someone has try upload Cat5 OS on Catalyst 1200. Is it > > possible? Anyone try before? > > > > > > Regards, > > Fanglo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27984&t=27969 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE R/S written [7:27968]
> does any body knows the tentative date of the new version of CCIE R/S > written qualificationt test would be applied The rumour is January 2002. >how much material > difference it would be compared to the old one ? Have no idea. > I'm preparing for CCIE R/S written test, and it seems to be a bad time for > it because of the transtition period... Better hurry, since Bosons are quite good match for the real exam. HTH. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27983&t=27968 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Policy routing BGP Neighbor relationships [7:27976]
> Is it me or does BGP not allow you to form a peering session unless you have > a route to the host in the routing table, no matter what. Yes, eBGP won`t form a session if the peer address is not in its route table. > It closes > connected sessions even if I have policy route data forwarding configured > and even if traffic is forwarding correctly. The default for "ip local policy route-map" command is packets that are generated by the router itself are not policy routed. So the BGP session to port 179 that generated by the router will not hit the route-map. > Is there some knob I'm > forgetting about (other than using a static classful route to null0)? None that I know other than static route to the loopback. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27982&t=27976 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CIT question [7:27964]
"baseline" ""Vajira Wijesinghe"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In a recent sitting for the CIT paper I found a question asking to name > the "profile" which network engineers maintain, objective being to > monitor/record a certain type of network activity over a period of time > so that it could be useful in arriving into conclusions in a problematic > situation. > Does any one could give some clue as to what this "profile"is? > > Thanks > - (on postoffice) > > The information contained in this email is confidential and is meant to be > read only by the person to whom it is addressed.Please visit > http://www.millenniumit.com/legal/email.htm to read the entire > confidentiality clause. > > - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27981&t=27964 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: isdn problem [7:27975]
Assume that router1 initiates call to router2, the password that router1 send to router2 must be the SAME with the password configured at router2. > router1#sh run > username router2 password 0 router2 > router2#sh run > Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug datetime msec > service timestamps log datetime msec > no service password-encryption > ! > hostname router2 > ! > enable password 12#$ > ! > username mcd password 0 12#$ > username router1 password 0 router1 > *Apr 19 04:52:16.987: BR0:1 LCP: I CONFREQ [REQsent] id 129 len 14 > *Apr 19 04:52:16.991: BR0:1 LCP:AuthProto PAP (0x0304C023) > *Apr 19 04:52:16.991: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3) > *Apr 19 04:52:16.995: BR0:1 LCP: O CONFREJ [REQsent] id 129 len 8 > *Apr 19 04:52:16.999: BR0:1 LCP:AuthProto PAP (0x0304C Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27980&t=27975 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM back-to-back [7:27970]
ATM interface to ATM interfaces- yes Check out these archive links: http://www.groupstudy.com/archives/cisco/200109/msg01872.html http://www.groupstudy.com/archives/cisco/200109/msg01874.html http://www.groupstudy.com/archives/cisco/200109/msg01883.html http://www.groupstudy.com/archives/cisco/200109/msg01985.html http://www.groupstudy.com/archives/cisco/200109/msg01986.html http://www.groupstudy.com/archives/cisco/200109/msg01988.html All the best !!! Phil - Original Message - From: "Fanglo MA" To: Sent: Monday, December 03, 2001 1:09 AM Subject: ATM back-to-back [7:27970] > Dear ALL, > > I can access one VWIC-2E1 with 3600, would this can be done to setup ATM > back-to-back? Anyone know the connection method? > > Regards, > Fanglo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27979&t=27970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat5 OS on Catalyst 1200 [7:27969]
I think what you're hearing, is that the OS looks the same. 1200 OS is set based and reacts just like the 5000's CatOS, but not many features of course. I think the last revision for the 1200 OS was either in 1996 or 1997. Phil - Original Message - From: "Fanglo MA" To: Sent: Monday, December 03, 2001 1:03 AM Subject: Cat5 OS on Catalyst 1200 [7:27969] > Dear ALL, > > I have told that someone has try upload Cat5 OS on Catalyst 1200. Is it > possible? Anyone try before? > > > Regards, > Fanglo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27978&t=27969 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: isdn problem [7:27975]
try adding a dialer string or dialer map statement to your bri interface -Original Message- From: sudhakar [mailto:[EMAIL PROTECTED]] Sent: 03 December 2001 11:18 To: [EMAIL PROTECTED] Subject: isdn problem [7:27975] >Dear Sir i connected router1 and router2 by BRI0 isdn line, but it showing conection fails., not pinging , So plese give me solution on this. > waoting for u r replay router1 router1#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router1 ! ! username router2 password 0 router2 ip subnet-zero isdn switch-type basic-net3 ! ! ! ! interface Ethernet0 ip address 198.168.0.8 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface Serial0 description BLR-PUN LINK bandwidth 64 ip address 172.16.127.4 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown no fair-queue ! interface BRI0 ip address 172.16.130.2 255.255.255.0 ip directed-broadcast encapsulation ppp dialer idle-timeout 500 dialer-group 1 isdn switch-type basic-net3 no peer default ip address no fair-queue ppp authentication pap router rip redistribute static network 172.16.0.0 ip classless ip route 0.0.0.0 0.0.0.0 172.16.130.1 ! ! line con 0 transport input none line vty 0 4 ! end Router2 router2#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname router2 ! enable password 12#$ ! username mcd password 0 12#$ username router1 password 0 router1 ip subnet-zero isdn switch-type basic-net3 ! ! ! interface Ethernet0 ip address 172.16.4.3 255.255.255.0 ip directed-broadcast no ip route-cache ! interface Serial0 bandwidth 64 ip address 172.16.129.1 255.255.255.0 no ip directed-broadcast ! interface BRI0 bandwidth 64 ip address 172.16.130.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 99 dialer map ip 172.16.130.2 broadcast 2648970 dialer hold-queue 25 dialer load-threshold 1 either dialer-group 1 isdn switch-type basic-net3 no peer default ip address ppp authentication pap ! router rip network 172.16.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.4.1 ip route 172.16.126.0 255.255.255.0 172.16.4.1 ip route 172.16.130.0 255.255.255.0 172.16.130.2 ! dialer-list 1 protocol ip permit ! line con 0 password 123 transport input none line vty 0 4 password 123 login ! end Debugg file router2#debug is router2#debug isdn eve router2#debug isdn events ISDN events debugging is on router2#p *Apr 19 04:52:15.118: ISDN BR0: TX -> RRp sapi = 0 tei = 94 nr = 10 *Apr 19 04:52:15.158: ISDN BR0: RX INFOc sapi = 0 tei = 94 ns = 6 nr = 10 i = 0x080115050402889018018370088032363438393730 *Apr 19 04:52:15.884: SETUP pd = 8 callref = 0x15 *Apr 19 04:52:15.884: Bearer Capability i = 0x8890 *Apr 19 04:52:15.888: Channel ID i = 0x83 *Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970' *Apr 19 04:52:15.944: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 11 *Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193 *Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned by swi tch 0 ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 12 *Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193 *Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2648 970 *Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout *Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open *Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10 *Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3) *Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64 Kb/s *Apr 19 04:52:16.805: ISDN BR0: TX -> INFOc sapi = 0 tei = 94 ns = 7 nr = 12 i = 0x0801150F *Apr 19 04:52:16.809: CONNECT_ACK pd = 8 callref = 0x15 *Apr 19 04:52:16.813: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 13 *Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id 0x8193 Facility i = 0x91A1130202410B020122300AA1053003020101820100 *Apr 19 04:52:16.844: - ETSI Supplementary Service, Invoke, AOC-D Charging Uni ts: 1 *Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1 *Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14 *Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023) *Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3) *Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9 *Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C22305) *Apr 19 04:52:16.864: BR0:1 LCP: I CONFACK [REQsent] id 139 len 10 *Apr 19 04:52:16.864: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3) *Apr 19 04:52:16.880: BR0:1 LCP:
Policy routing BGP Neighbor relationships [7:27976]
Is it me or does BGP not allow you to form a peering session unless you have a route to the host in the routing table, no matter what. It closes connected sessions even if I have policy route data forwarding configured and even if traffic is forwarding correctly. Is there some knob I'm forgetting about (other than using a static classful route to null0)? My little diagram... 178.24.1.1/32 204.22.10.1/32 Lo Lo || R6 R7 || S0 S0 192.1.1/24 (.3) (.1) a. No static routes entered on R6 or R7 b. BGP peers w/ loopback addresses Here's 11.3 (R7) forgetting that it can reach the 12.0 router via policy (debug output on R7) 3d05h: BGP: 178.24.1.1 remote close, state CLOSEWAIT 3d05h: BGP: 178.24.1.1 closing (This message repeated indefinitely) 3d05h: BGP: 178.24.1.1 multihop open delayed 10112ms (no route) 3d05h: BGP: 178.24.1.1 multihop open delayed 12784ms (no route) (traffic is forwarding!) r7#ping 178.24.1.1 Sending 5, 100-byte ICMP Echos to 178.24.1.1, timeout is 2 seconds: ! r7#config t r7(config)#ip route 178.24.1.1 255.255.255.255 192.1.1.3[Ctl-Z] [a few seconds later] (debug output on R7) 3d05h: BGP: 178.24.1.1 open active, local address 204.22.10.1 r7#config t r7(config)#no ip route 178.24.1.1 255.255.255.255 192.1.1.3[Ctl-Z] [a few seconds later] (debug output on R7) 3d07h: BGP: 178.24.1.1 multihop open delayed 17648ms (no route) grrr. (configs below) Thanks for looking this over. WAYNE BAETY, MCSE, A1C, USAF Network Systems Trainer ROUTER 6 CONFIG version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r6 ! logging buffered warnings logging console warnings enable password cisco ! username cisco password 0 cisco ! ! ! ! ip subnet-zero ! ! ! process-max-time 200 ! interface Loopback0 ip address 178.24.1.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0 ip address 10.0.0.6 255.255.255.0 secondary ip address 6.6.6.6 255.255.255.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast encapsulation frame-relay no ip mroute-cache no fair-queue clockrate 25 cdp enable frame-relay lmi-type cisco ! interface Serial0.1 point-to-point ip address 10.255.1.2 255.255.255.252 no ip directed-broadcast ip nat inside frame-relay interface-dlci 601 ! interface Serial0.2 point-to-point ip address 192.1.1.3 255.255.255.0 no ip directed-broadcast ip nat outside ip policy route-map ebgp-rehop frame-relay interface-dlci 607 ! interface Serial1 no ip address no ip directed-broadcast shutdown ! router bgp 300 network 178.24.0.0 neighbor 204.22.10.1 remote-as 100 neighbor 204.22.10.1 ebgp-multihop 2 neighbor 204.22.10.1 update-source Loopback0 ! ip local policy route-map ebgp-rehop ip nat pool dynamic-net-pool 178.24.16.1 178.24.191.254 prefix-length 16 ip nat inside source list 1 pool dynamic-net-pool ip nat inside source static 178.24.3.13 10.253.1.1 ip classless no ip http server ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 101 permit tcp any host 204.22.10.1 eq bgp access-list 101 permit icmp any host 204.22.10.1 echo access-list 101 permit icmp any host 204.22.10.1 echo-reply route-map ebgp-rehop permit 10 match ip address 101 set ip default next-hop 192.1.1.1 ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 exec-timeout 0 0 logging synchronous login local monitor END ROUTER 6 CONFIG ROUTER 7 CONFIG version 11.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r7 ! enable password cisco ! username cisco password 0 cisco ip subnet-zero ip nat pool dynamic-net-pool 204.22.10.16 204.22.10.191 prefix-length 24 ip nat inside source list 1 pool dynamic-net-pool ip nat inside source static 204.22.10.13 20.255.1.5 ! ! interface Loopback0 ip address 204.22.10.1 255.255.255.255 ! interface Ethernet0 ip address 10.0.0.7 255.255.255.0 secondary ip address 7.7.7.7 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay no ip mroute-cache no fair-queue clockrate 25 frame-relay lmi-type cisco ! interface Serial0.1 point-to-point ip address 20.255.1.2 255.255.255.252 ip nat inside no arp frame-relay frame-relay interface-dlci 705 ! interface Serial0.2 point-to-point ip address 192.1.1.1 255.255.255.0 ip nat outside frame-relay interface-dlci 706 ! interface Serial1 no ip address shutdow
isdn problem [7:27975]
>Dear Sir i connected router1 and router2 by BRI0 isdn line, but it showing conection fails., not pinging , So plese give me solution on this. > waoting for u r replay router1 router1#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router1 ! ! username router2 password 0 router2 ip subnet-zero isdn switch-type basic-net3 ! ! ! ! interface Ethernet0 ip address 198.168.0.8 255.255.255.0 no ip directed-broadcast no ip route-cache ! interface Serial0 description BLR-PUN LINK bandwidth 64 ip address 172.16.127.4 255.255.255.0 no ip directed-broadcast no ip route-cache shutdown no fair-queue ! interface BRI0 ip address 172.16.130.2 255.255.255.0 ip directed-broadcast encapsulation ppp dialer idle-timeout 500 dialer-group 1 isdn switch-type basic-net3 no peer default ip address no fair-queue ppp authentication pap router rip redistribute static network 172.16.0.0 ip classless ip route 0.0.0.0 0.0.0.0 172.16.130.1 ! ! line con 0 transport input none line vty 0 4 ! end Router2 router2#sh run Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname router2 ! enable password 12#$ ! username mcd password 0 12#$ username router1 password 0 router1 ip subnet-zero isdn switch-type basic-net3 ! ! ! interface Ethernet0 ip address 172.16.4.3 255.255.255.0 ip directed-broadcast no ip route-cache ! interface Serial0 bandwidth 64 ip address 172.16.129.1 255.255.255.0 no ip directed-broadcast ! interface BRI0 bandwidth 64 ip address 172.16.130.1 255.255.255.0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 99 dialer map ip 172.16.130.2 broadcast 2648970 dialer hold-queue 25 dialer load-threshold 1 either dialer-group 1 isdn switch-type basic-net3 no peer default ip address ppp authentication pap ! router rip network 172.16.0.0 ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.4.1 ip route 172.16.126.0 255.255.255.0 172.16.4.1 ip route 172.16.130.0 255.255.255.0 172.16.130.2 ! dialer-list 1 protocol ip permit ! line con 0 password 123 transport input none line vty 0 4 password 123 login ! end Debugg file router2#debug is router2#debug isdn eve router2#debug isdn events ISDN events debugging is on router2#p *Apr 19 04:52:15.118: ISDN BR0: TX -> RRp sapi = 0 tei = 94 nr = 10 *Apr 19 04:52:15.158: ISDN BR0: RX INFOc sapi = 0 tei = 94 ns = 6 nr = 10 i = 0x080115050402889018018370088032363438393730 *Apr 19 04:52:15.884: SETUP pd = 8 callref = 0x15 *Apr 19 04:52:15.884: Bearer Capability i = 0x8890 *Apr 19 04:52:15.888: Channel ID i = 0x83 *Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970' *Apr 19 04:52:15.944: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 11 *Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193 *Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned by swi tch 0 ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 12 *Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193 *Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 2648 970 *Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout *Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open *Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10 *Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3) *Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64 Kb/s *Apr 19 04:52:16.805: ISDN BR0: TX -> INFOc sapi = 0 tei = 94 ns = 7 nr = 12 i = 0x0801150F *Apr 19 04:52:16.809: CONNECT_ACK pd = 8 callref = 0x15 *Apr 19 04:52:16.813: ISDN BR0: RX RRr sapi = 0 tei = 94 nr = 13 *Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id 0x8193 Facility i = 0x91A1130202410B020122300AA1053003020101820100 *Apr 19 04:52:16.844: - ETSI Supplementary Service, Invoke, AOC-D Charging Uni ts: 1 *Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1 *Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14 *Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023) *Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3) *Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9 *Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C22305) *Apr 19 04:52:16.864: BR0:1 LCP: I CONFACK [REQsent] id 139 len 10 *Apr 19 04:52:16.864: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3) *Apr 19 04:52:16.880: BR0:1 LCP: I CONFREQ [ACKrcvd] id 124 len 14 *Apr 19 04:52:16.880: BR0:1 LCP:AuthProto PAP (0x0304C023) *Apr 19 04:52:16.884: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3) *Apr 19 04:52:16.884: BR0:1 LCP: O CONFNAK [ACKrcvd] id
ISDN LINE WITH JUST IP [7:27974]
Hi, How can you ensure that only IP traverses across your ISDN line when it is up. Scenario is that we have to run the ISDN line most efficient as possible so that no matter what is configured on the router only IP can go across it. I have tried a normal access list but of course for instance IPX would still run across the line. I have thought about a protocol filter and filter on 0x0800 but of course the ISDN line has pp encapsulation on it and this protocol filter would only work if ti was an 802.3 frame which unfortunately its not. Any help here would be very welcome _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27974&t=27974 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CBAC question [7:27751]
Its all about what you want CBAC to do for you. CXBAC is there to prevent access from outside to your network, so from inside to outside so keep as loose a possible, hence standard access lists. For inbound access, then if you want CBAC to look at it, the inspection must be more granular. For the purposes of CBAC you trust whats going out so access can be a vague as you want, but inbound you do not trust at all, BUT it just might be valid, but you wnat to inspect and know as much about the inbound tarffic as possible before you make a decision on letting it in. Hunt Lee wrote: > > I have read the MCNS (Cisco Press) book several times, > expecially on Chapter > 8, however, I'm still very confused about the following > question: > > The book states that when configuring CBAC on an external > interface, > > 1)The Outbound Access-List can be standard or extended > 2)The Inbound Access-List MUST be extended > > And when configuring CBAC on an external interface, > > 1)The Inbound Access-List at the internal interface or > Outbound > Access-List can be either standard or extended > 2)The Outbound Access-List at internal interface or Inbound > Access-List > at external interface MUST be extended. > > It also states that for CBAC to create a temporary opening in an > access-list, the access-list Must be extended? > > > Any help is greatly appreciated. > > Best Regards, > Hunt Lee > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27973&t=27751 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP ONLY OVER ISDN [7:27972]
Hi, Simple question here but how can you ensure that when an ISDN line is Up that no matter what is configured that ONLY IP can go across the line. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27972&t=27972 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]