Re: call manager [7:28016]

[JimYam]

Setup one as Publisher and the other one as Subscriber.
You can get manuals from Cisco CCO.

""Paul Beckman""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I was wondering the best way to make a call manager redundant.  We have
two
> servers but if one goes down then the phones have to reboot.  I was
> wondering if anyone had clustered a call manager.  And if so anything I
> should look out for.
>
> Thanks
> Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28041&t=28016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT:Advise on Auction fraud [7:28004]

[EA Louie]

It pays to do research before you bid.  If it's the first time you've bought
on eBay, consider it a lesson.  I look at the seller's feedback before I bid
now, and also know of a few reputable folks that I *prefer* to do business
with when they're selling an item. and a few that I *avoid* when buying.
Names are withheld to protect the guilty.  ;-)

- Original Message -
From: 
To: 
Sent: Monday, December 03, 2001 11:24 AM
Subject: OT:Advise on Auction fraud [7:28004]


> Sorry for off topic
> I recentley bcame the victim of the Auction fraud the guy took my $1000
for
> 2621 router and now not replying for my emails and also I came to know
that
> thi s guy is a fraud and  done similiar thing to at least 4 other people
,Now
> what are the options I have to get my money back from him
>
> Thanks for all your advise
> Kaamvi
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28037&t=28004
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco CallManager (CM) Redundancy [7:28043]

[[EMAIL PROTECTED]]

Dear All,

Need some advice on the redundancy features of CallManager. One of my
customers is asking about the redundancy features of CM - he is thinking of
putting 2 CM servers at a main site providing local server redundancy,
however, there will be a third CM server at a remote site which provide
site redundancy. In case the main site fails, he wants the remote CM to
take over the CM function of the main site without downtime. Please note
that there are about 400 phone users at the main site and about 50 phone
users at the remote site. Please advise how it can be done.

Also this customer intend to have a leased line between the main site and
the remote site to support  voice and data requirements. However, the
customer want to make sure that stable voice communication between the two
sites is always available, hence when the leased line is not stable (for
instance there were a lot of hits on the link) or down, the voice should be
rerouted to the PSTN. Please advice how to configure the CM/router such
that the call can be routed to the PSTN when the leased line is not stable.
Can I use policy routing to achieve this?

Thanks in advance!

Maurice




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28043&t=28043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Finally CCNP!! [7:28026]

[Ole Drews Jensen]

Congratulations Adil,

I'm glad my sw helped you out.

Ole


 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
 http://www.RouterChief.com

 NEED A JOB ???
 http://www.oledrews.com/job




-Original Message-
From: adil On-Line [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 03, 2001 5:09 PM
To: [EMAIL PROTECTED]
Subject: Finally CCNP!! [7:28026]


Hello Group!!

I just finished CIT today & finally a CCNP, Used Cisco press books for it.
Many thanks to this wonderful group.  Special thanks to Ole Drews Jensen for
his Switching Commands software, which helped me with commands.

Thanks a lot,

God bless!!

ADIL




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28042&t=28026
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Finally CCDP too!! [7:28040]

[Darren Crawford]

I wanted to thank everyone who helped me focus and pass the CID exam.
Specifically, Jim Walker and Scott Nawalaniec!  Thanks for your
encouragement and direction in the areas to zero in on.

This test is a bruiser!  But with perseverance you can get by it too!

Darren


x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx$:0`0:$xx 

Lucent Technologies
NetworkCare Professional Services
http//www.lucent.com/netcare/
Darren S. Crawford - CCNP, CCDP, CCIE TBA

Northwest Region - Sacramento Office
Voicemail (916) 859-5200 x310
Pager (800) 467-1467
mailto:[EMAIL PROTECTED]

x$:0`0:$xx$:0`0:$xx$:0`0:$xx$:0`0:$x$:0`0:$xx$:0`0:$xx 

"You always have time for things you put first" - Tucker Resources




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28040&t=28040
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

xyplex server.... [7:28039]

[Norman L Hawkins]

Group,

I am having problems with my xyplex server. I have forgot the port
parameter for carriage return. When I type reload, I can't type confirm.
My xyplex simply goes to the next line. Is there source documentation on
the web ?

(xyplex is the poor man terminal server. Some of us can't afford a cisco
router for this function.)

GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28039&t=28039
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Is there a Study Group in Stamford CT? [7:28038]

[Nathanael Kenyon]

I am looking for a CCNP/CCDP study group in Stamford CT or somewhere in
lower Fairfield county. If there isn't one locally I would be interested in
forming one. Please email me if you are interested.


[EMAIL PROTECTED]



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28038&t=28038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Ipsec funda [7:28036]

[Ramesh c]

Folks,

I was reading the article about IPSec and thought some of u might enlighten
my doubts. As we know IETF had split the IPsec into 2 parts namely Ipsec and
IKE.


1)Since IPsec(Ah or ESP)can provide all the Encryption,Authentication and
intergrity,do we still need a IKE for creating Encrpytion tunnel?

2)Whats the use of IKE? Is it just used to create the key which Ipsec uses
for Encryption or Authentication? Or does itself create
the Encryption tunnel and authenticates?.

3)Who does the Encrption and Authentication?

cheers
Ramesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28036&t=28036
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routers as tftp servers [7:27912]

[John Tafasi]

Ok, I guess I need to explain my question in other words. If you are at the
console of route A, can you upload a config file from router A to Router B?

Thanks
John Tafasi
""Nicolas FEVRIER""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > "TFTP does not provide any security for file transfers, so it should not
be
> > available to a public firewall interface. Unauthorized users can upload
new
> > config files to your router, as well as download your current stored
> configs
> > for analysis."
> >
> > How can you configure the router to accept TFTP file uploads?
>
> I use :
> tftp-server flash:c3640-is-mz.121-5.T9.bin
> in my "source" router to allow other routers to copy the ios image from
> this
> one.
>
> Check this out :
> http://www.cisco.com/warp/public/63/copyimage.html
>
> Nicolas.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28035&t=27912
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab available in Melbourne Australia [7:28034]

[Darren Ward]

Hi All,

Is anyone interested in buying into a shared CCIE Lab available over the
Net in Melbourne?

Lab is complete including Cat switches, ATM, VOIP, and lots of 3600 and
2500 routers.

Anyone interested and want diagrams etc email me off list.

Darren Ward
(PGradCS, CCIE #8245, MCP)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28034&t=28034
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Advise on Auction fraud [7:28004]

[Hire, Ejay]

Also, I strongly reccomend against buying big-ticket items from sellers that
are overseas.  If you do, pay the extra to use an escrow service.  I bid on
a 26xx from a chap on Ebay.  The listing said he was in Germany.  When I won
the auction, I got the actual contact info and he had registered the account
under an address in North Carolina.  When I asked him about it, he stopped
returning my e-mails.  I feel like I saved myself from getting burned.

-Ejay


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 03, 2001 2:24 PM
To: [EMAIL PROTECTED]
Subject: OT:Advise on Auction fraud [7:28004]


Sorry for off topic
I recentley bcame the victim of the Auction fraud the guy took my $1000 for
2621 router and now not replying for my emails and also I came to know that
thi s guy is a fraud and  done similiar thing to at least 4 other people
,Now
what are the options I have to get my money back from him

Thanks for all your advise
Kaamvi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28020&t=28004
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT:Advise on Auction fraud [7:28004]

[Circusnuts]

If you bought from Ebay, you have their slow complaint process to help
(sorta :o)  If you used PayPal, both you and the seller are verified, and
you used a credit card- you're covered.  Rule of thumb though, escrow any
purchase you cannot afford to lose.  I have purchased my entire lab off of
Ebay and have had very snags, but I know it can and does happen.  I know
Brad Ellis, www.Netfix.com, and host of others are willing to sell @ a
somewhat reasonable price and will take that uncertainty of whether it work
or will it arrive away.

Do tell- who was the seller ???  I've got a couple of Ebay surnames that
have goofed over some people I work with.

All the best !!!
Phil

- Original Message -
From: 
To: 
Sent: Monday, December 03, 2001 2:24 PM
Subject: OT:Advise on Auction fraud [7:28004]


> Sorry for off topic
> I recentley bcame the victim of the Auction fraud the guy took my $1000
for
> 2621 router and now not replying for my emails and also I came to know
that
> thi s guy is a fraud and  done similiar thing to at least 4 other people
,Now
> what are the options I have to get my money back from him
>
> Thanks for all your advise
> Kaamvi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28029&t=28004
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CPA 25xx Upgrade Tool [7:28018]

[EA Louie]

Phil... I had to search the archives for that darned link too, but I finally
found it - it's the Router Software Loader (RSL), also known as the CiscoPro
upgrade tool

 http://www.cisco.com/pcgi-bin/tablebuild.pl/rsl

(requires CCO login account)

- Original Message -
From: "Circusnuts" 
To: 
Sent: Monday, December 03, 2001 1:49 PM
Subject: CPA 25xx Upgrade Tool [7:28018]


> Man-o-man !!!  It took me a while to track this down this afternoon.  If
you
> upgrading a CPA router, you'll need this piece of software.
>
> All the best !!!
> Phil
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28033&t=28018
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SCCUG - Los Angeles Area Cisco Users Group Meeting This [7:28032]

[Robert]

Just want to let you all (or at all you in to Southern Califorina area) know
that we will be having our monthly Southern California Cisco Users Group
meeting this Thursday at Infonet in El Segundo.

This month we will be featuring a discussion panel. While this may not be
the usual techincal presentaion that we have, we are hoping to answer all
those other questions that you ay have regarding career, certification,
training, new technologies, business prospects for 2002...

For time and directions:

Thursday - December 6th 2001

6:00 - 7:00 Dinner (Free)

7:00 - 9:00 Discussion



SCCUG @ Infonet

2160 E. Grand Ave

El Segundo, CA 90245

Directions to Infonet:
>From the 405 take the El Segundo off ramp and turn right on to El Segundo
Blvd. From El Segundo turn right onto Continental and right again on Grand
Ave. We are a three story glass structure with a very large Infonet sign.


http://www.sccug.org

Thanks,

Robert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28032&t=28032
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CIT question [7:27964]

[mrs]

i think baseline

- Original Message - 
From: Mark Odette II 
To: 
Sent: Monday, December 03, 2001 12:16 PM
Subject: RE: CIT question [7:27964]


> I'm not sure what exactly it is, but the first thing that comes to mind is
> maybe an SNMP profile, or the level of Syslog to specify with logging to a
> remote syslog server.
> 
> -Mark Odette II
> CCNA, 3/4 CCNP, MCSE 4.0/2000, A+ certified.
> StellarConnection Services
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Vajira Wijesinghe
> Sent: Sunday, December 02, 2001 9:26 PM
> To: [EMAIL PROTECTED]
> Subject: CIT question [7:27964]
> 
> 
> In a recent sitting for the CIT paper I found a question asking to name
> the "profile" which network engineers maintain, objective being to
> monitor/record a certain type of network activity over a period of time
> so that it could be useful in arriving into conclusions in a problematic
> situation.
> Does any one could give some clue as to what this "profile"is?
> 
> Thanks
> - (on postoffice)
> 
> The information contained in this email is confidential and is meant to be
> read only by the person to whom it is addressed.Please visit
> http://www.millenniumit.com/legal/email.htm to read the entire
> confidentiality clause.
> 
> -




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28031&t=27964
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN layer 2 issue [7:28013]

[John Kale]

what i'm trying to say is that normally either multiple_frame_established or 
tei_assigned is displayed but in this case i have the 2 displayed at the 
same time like this

=multiple_frame_established
=tei_assigned
=tei_assigned

looks like a bug or something.


John.



>From: "Priscilla Oppenheimer" 
>Reply-To: "Priscilla Oppenheimer" 
>To: [EMAIL PROTECTED]
>Subject: Re: ISDN layer 2 issue [7:28013]
>Date: Mon, 3 Dec 2001 18:18:56 -0500
>
>Multiple_frames_established is a good state. It's what you want to see.
>
>TEI_assigned is a good intermediate state. It means that the terminal
>endpoint identifier has been assigned, which is a good thing. But the state
>should progress to multiple_frames_established, from what I understand.
>
>On the other hand, in a DDR environment, if the link goes idle, you might
>go back to TEI_assigned and that is not a problem. It just means no data is
>going across.
>
>Check this out:
>
>http://www.cisco.com/warp/public/129/bri_sh_isdn_stat.html#second
>
>Priscilla
>
>At 04:05 PM 12/3/01, you wrote:
> >Hello all,
> >
> >on using the 'show isdn status'
> >
> >i get 3 lines for the layer 2 section.. one says 
>multiple_frames_established
> >while the others say tei_assigned
> >
> >whats does this mean? and how can i resolve this issue
> >
> >regards,
> >
> >John
> >
> >_
> >Get your FREE download of MSN Explorer at 
>http://explorer.msn.com/intl.asp
>
>
>Priscilla Oppenheimer
>http://www.priscilla.com
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28030&t=28013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: secondary ip address on e0? [7:28027]

[anil]

Configuring Sub-interfaces on a c1603
What could possibly go wrong??
It looked so easy in the book.
Does this mean I must use secondary IP addresses on the e0,
and sub-interfaces only on s0?
Eg.,
#int e0
ip address [i.p.address] [subnet.mask] secondary
#int s0.1
ip address [i.p.address] [subnet.mask]

In the book it said that "secondary" IP addresses were being phased out in
the newer IOS.

Help please...
-Anil
-

Rustyb#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
rustyb(config)#int e0
rustyb(config-if)#ip address 193.9.56.1 255.255.255.0
rustyb(config-if)#int e0.1
rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0

Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10 or ISL vLAN.

rustyb(config-subif)#exit
rustyb(config)#int e0
rustyb(config-if)#no shut
rustyb(config-if)#
rustyb(config-if)#
rustyb(config-if)#int e0.1
rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0

Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10 or ISL vLAN.

rustyb(config-subif)#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28027&t=28027
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN layer 2 issue [7:28013]

[Priscilla Oppenheimer]

Multiple_frames_established is a good state. It's what you want to see.

TEI_assigned is a good intermediate state. It means that the terminal 
endpoint identifier has been assigned, which is a good thing. But the state 
should progress to multiple_frames_established, from what I understand.

On the other hand, in a DDR environment, if the link goes idle, you might 
go back to TEI_assigned and that is not a problem. It just means no data is 
going across.

Check this out:

http://www.cisco.com/warp/public/129/bri_sh_isdn_stat.html#second

Priscilla

At 04:05 PM 12/3/01, you wrote:
>Hello all,
>
>on using the 'show isdn status'
>
>i get 3 lines for the layer 2 section.. one says multiple_frames_established
>while the others say tei_assigned
>
>whats does this mean? and how can i resolve this issue
>
>regards,
>
>John
>
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28028&t=28013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Finally CCNP!! [7:28026]

[adil On-Line]

Hello Group!!

I just finished CIT today & finally a CCNP, Used Cisco press books for it.
Many thanks to this wonderful group.  Special thanks to Ole Drews Jensen for
his Switching Commands software, which helped me with commands.

Thanks a lot,

God bless!!

ADIL




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28026&t=28026
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CPA 25XX Upgrade Tool [7:28025]

[Circusnuts]

Man-o-man !!!  It took me a while to track this down this afternoon.  If you
upgrading a CPA router, you'll need this piece of software.

http://www.cisco.com/cgi-bin/Software/Tablebuild/tablebuild.pl/rsl

All the best !!!
Phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28025&t=28025
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Radius on NT 2000 Server [7:27525]

[Kevin McIntyre]

I recently heard from a course instructor that Tacas+ was not available on
the 3005 VPN
concentrator.  Is their any thruth to this?  Is there any plan to support it
if they are
moving away from radius?

Brian Wilkins wrote:

> I spent the better part of a week trying this because, obviously, the price
> is right.  I couldn't get it to even come close to working.  We ended up
> purchasing CiscoSecure ACS for around $4k, which supports unlimited
devices,
> unlimited users and works great.  We're running 2.6, but 3.0 was just
> released which supports authentication via MS Active Dictory, LDAP, etc.
> (but not Novell NDS), as well as (of course) an internal Cisco database.
>
> Also, and FYI: I spoke to TAC and Cisco is moving away from RADIUS toward
> TACACS+.  In fact on the new equipment such as the cat 3500's, RADIUS isn't
> even an option.
>
> Best of luck,
>
> Brian
>
> Eric Hauptman wrote:
> >
> > Does anyone have any pointers on getting a Cisco router talking
> > to IAS
> > running
> > on a Windows 2000 server.  I think I have everything configured
> > correctly and it is still not working.  Thanks
> >
> > Eric Hauptman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28024&t=27525
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Serial Line is up and line protocol is up ANSW [7:27930]

[MADMAN]

Yup, up and up, you got LMI between you and the switch not an active
PVC.

  Dave

Donald wrote:
> 
> Not necessarily you can have a frame connection in an up/up state and not
> transfer data can't you.
> 
> - Original Message -
> From: "Gregg Malcolm"
> To:
> Sent: Sunday, December 02, 2001 12:01 PM
> Subject: RE: Serial Line is up and line protocol is up ANSW [7:27930]
> 
> > Anil,
> >
> > I'm sorry, my explaination wasn't very good.  The answer can't be B since
> > you have no information saying data is being sent and received.  The
> answer
> > A does fit since a frame relay connection is active if int status is
> UP/UP.
> >
> > As far as the 2nd part, AFAIK not every encap uses keepalives.  Frame
> Relay
> > is somewhat special in that an UP/UP status really means that data COULD
> be
> > xfer'ed.  The case of the broken remote CSU/DSU does not fit this
> scenarios
> > since keepalives would not be received.  The question seems geared toward
> > trying to trick the engineer into thinking that data is being xfered vs.
> > could be.  Many encap use keepalives.  A few are F/R, ATM, PPP and HDLC
> (PPP
> > uses an echo).  Not sure if all do (probably not).  Hope that helps.
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28023&t=27930
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN layer 2 issue [7:28013]

[MADMAN]

That's a good question that I don't have an answer for but I can tell
you I have seen status of TEI assigned and it worked fine though in
general multiframe established gives me the warm fuzzy!

 Dave

John Kale wrote:
> 
> Hello all,
> 
> on using the 'show isdn status'
> 
> i get 3 lines for the layer 2 section.. one says
multiple_frames_established
> while the others say tei_assigned
> 
> whats does this mean? and how can i resolve this issue
> 
> regards,
> 
> John
> 
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28021&t=28013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Your IPsec tunnel has been terminated? [7:28022]

[Kevin McIntyre]

I have set up several of our staff with the Unity client (3.0.3) to
connect over the local cable company's @home network to our Pix 506.

The VPNs work fine, connect and traffic flows but in the middle of work
the tunnel drops and the message that your IPsec tunnel has been
terminated appears.  You can immediatley reconnect and resume your work
only to be booted out again at random.

We have only set up a few "after-hours" staff to use VPN's so I am sure
that while this is happening only two of the possbile five tunnels are
in use.

Any ideas as to timers to extend or configure?  I have already set the
peer response timeout in the client to 480 seconds without resolution.

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28022&t=28022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN layer 2 issue [7:28013]

[Daniel Cotts]

The following URLs should give you lots of ISDN installation and
troubleshooting advice. They are not necessarily in the order of preference.

http://www.cisco.com/warp/cpropub/45/ISDN_TS.htm

http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1917.htm#xtocid117
1410

http://www.ieng.com/networkers/nw00/pres/3304/3304.htm
Go to the ISDN and Dial Features PDF

www.cisco.com/go/packet/isdn

> -Original Message-
> From: John Kale [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 03, 2001 3:05 PM
> To: [EMAIL PROTECTED]
> Subject: ISDN layer 2 issue [7:28013]
> 
> 
> Hello all,
> 
> on using the 'show isdn status'
> 
> i get 3 lines for the layer 2 section.. one says 
> multiple_frames_established 
> while the others say tei_assigned
> 
> whats does this mean? and how can i resolve this issue
> 
> regards,
> 
> John
> 
> _
> Get your FREE download of MSN Explorer at 
> http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28019&t=28013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Serial Line is up and line protocol is up ANSW [7:27930]

[Donald]

Not necessarily you can have a frame connection in an up/up state and not
transfer data can't you.



- Original Message -
From: "Gregg Malcolm" 
To: 
Sent: Sunday, December 02, 2001 12:01 PM
Subject: RE: Serial Line is up and line protocol is up ANSW [7:27930]


> Anil,
>
> I'm sorry, my explaination wasn't very good.  The answer can't be B since
> you have no information saying data is being sent and received.  The
answer
> A does fit since a frame relay connection is active if int status is
UP/UP.
>
> As far as the 2nd part, AFAIK not every encap uses keepalives.  Frame
Relay
> is somewhat special in that an UP/UP status really means that data COULD
be
> xfer'ed.  The case of the broken remote CSU/DSU does not fit this
scenarios
> since keepalives would not be received.  The question seems geared toward
> trying to trick the engineer into thinking that data is being xfered vs.
> could be.  Many encap use keepalives.  A few are F/R, ATM, PPP and HDLC
(PPP
> uses an echo).  Not sure if all do (probably not).  Hope that helps.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28010&t=27930
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CPA 25xx Upgrade Tool [7:28018]

[Circusnuts]

Man-o-man !!!  It took me a while to track this down this afternoon.  If you
upgrading a CPA router, you'll need this piece of software.

All the best !!!
Phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28018&t=28018
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Diffle-Hellman Exchange Question [7:27952]

[[EMAIL PROTECTED]]

Alex, your are 100% correct.

Whitfield & Martin (using modular arithmetic) found a beautiful
algorithm in which partners agree in a same key exchanging part of
his/her initial secret key. Never the key will be exchanged in the
public network. As the key is the same for both partners, it is good
for symetric encryption (fast) like DES.


-Original Message-
From: Alex Lei [mailto:[EMAIL PROTECTED]]
Sent: segunda-feira, 3 de dezembro de 2001 16:12
To: [EMAIL PROTECTED]
Subject: RE: Diffle-Hellman Exchange Question [7:27952]


Hello Hunt,

In my understanding the shared key never go across the network. Each
peer
computes it out separately. Where did you see in CCO saying that the
DES key
is sent across the internet?

Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28017&t=27952
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

call manager [7:28016]

[Paul Beckman]

I was wondering the best way to make a call manager redundant.  We have two
servers but if one goes down then the phones have to reboot.  I was
wondering if anyone had clustered a call manager.  And if so anything I
should look out for.

Thanks
Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28016&t=28016
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VoIP MC-3810 [7:27874]

[[EMAIL PROTECTED]]

It has the part# 47-4567-02 Rev AO

that is later than 17-4840 rev 03

Great!  :-)

-Original Message-
From: Peter Whittle [mailto:[EMAIL PROTECTED]]
Sent: sabado, 1 de dezembro de 2001 07:45
To: [EMAIL PROTECTED]
Subject: Re: VoIP MC-3810 [7:27874]


Hugo,

Your sh ver looks promising. The definitive way is to look at the
BOTTOM
and see if they are p.n.: 17-4840 rev 03 or later.

I believe that they contain System Bootstrap Version 12.0(6r)T4.

By the way the 12.0(6r)T4 is the WBOOT code that you need to support
32
Mb Flash.

You will need atleast 16 Mb Flash if you want to run current
enterprise
feature set. If you can get by with ip plus then you can get by with
your existing 8 Mb. Remember, if money is tight and you have upgraded
the DRAM to 64 Mb you could always boot the IOS from a TFTP server
instead of from flash, just watch out when you do a 'wr erase' to
clear
out the configs as it will no longer know its ip address and you will
end up running the flash IOS. 


Peter



In article , [EMAIL PROTECTED]
 writes
>Peter,
>
>Thank you for replying. Great info that the IOS image should contain
>"v5" feature set.  ;-))
>
>The box is an MC-3810 (not V or V3) with 32MB DRAM and 8MB flash with
>mc3810-is-mz.120-5.XK image.
>
>ROM: System Bootstrap, Version 12.0(6r)T4, RELEASE SOFTWARE (fc1)
>ROM: MC3810 Software (MC3810-WBOOT-M), Version 12.0(6r)T4,  RELEASE
>SOFTWARE (fc1)
>
>As fas I understood reading the notes at:
>
>this box will recognize a 64MB DRAM.
>
>Am I correct?
>
>TIA
>
>
>-Original Message-
>From: Peter Whittle [mailto:[EMAIL PROTECTED]]
>Sent: sexta-feira, 30 de novembro de 2001 21:40
>To: [EMAIL PROTECTED]
>Subject: Re: VoIP MC-3810 [7:27874]
>
>
>The MC-3810 supports VoIP if you have a v5 variant of the IOS.
>
>eg enterprise + voatm + voip would be mc3810-a2jsv5_122-3.bin
>
>Of course you need a voice module, AVM (analogue), BVM (ISDN Bri),
>DVM (ISDN Pri, CAS) and any load will do vofr. 
>
>
>However, VoIP loads require 64 Mbytes DRAM.
>
>If you upgrade an old mc-3810 or mc-3810v you need recent BOOTROMs,
>take
>a look in the release notes for details. If your bootroms are not
>recent
>enough then a 64Mb SIMM will only show up as 16 Mb! The bootroms are
a
>free of charge item. You will have to pay postage and may need to
>order
>them via a partner if you don't have SMARTNET on the routers.
>
>Peter
>
>
> In article , [EMAIL PROTECTED]
> writes
>>Just to confirm. Can a MC-3810 do VoIP or only VoFR?
>>
>>Thanks,
>>
>>Hugo
>>html
>>Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>>
>

-- 
Peter Whittle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28015&t=27874
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE R/S written [7:27968]

[Wright, Jeremy]

i believe that would be boson #3

-Original Message-
From: juno vtv [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 03, 2001 2:59 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE R/S written [7:27968]


The boson exam with over 400 question was written by Dennis Laganiere. 
Sorry if I mangled your last name Dennis.

-junovtv




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28014&t=27968
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN layer 2 issue [7:28013]

[John Kale]

Hello all,

on using the 'show isdn status'

i get 3 lines for the layer 2 section.. one says multiple_frames_established 
while the others say tei_assigned

whats does this mean? and how can i resolve this issue

regards,

John

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28013&t=28013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

secondary ip address on e0? [7:28012]

[anil]

Configuring Sub-interfaces on a c1603
What could possibly go wrong??
It looked so easy in the book.
Does this mean I must use secondary IP addresses on the e0,
and sub-interfaces only on s0?
Eg.,
#int e0
ip address [i.p.address] [subnet.mask] secondary
#int s0.1
ip address [i.p.address] [subnet.mask]

In the book it said that "secondary" IP addresses were being phased out in
the newer IOS.

Help please...
-Anil
-

Rustyb#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
rustyb(config)#int e0
rustyb(config-if)#ip address 193.9.56.1 255.255.255.0
rustyb(config-if)#int e0.1
rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0

Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10 or ISL vLAN.

rustyb(config-subif)#exit
rustyb(config)#int e0
rustyb(config-if)#no shut
rustyb(config-if)#
rustyb(config-if)#
rustyb(config-if)#int e0.1
rustyb(config-subif)#ip address 192.9.200.1 255.255.255.0

Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10 or ISL vLAN.

rustyb(config-subif)#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28012&t=28012
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE R/S written [7:27968]

[juno vtv]

The boson exam with over 400 question was written by Dennis Laganiere. 
Sorry if I mangled your last name Dennis.

-junovtv


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28011&t=27968
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Advise on Auction fraud [7:28004]

[Daniel Cotts]

I had an experience with an eBay auction where the fellow didn't ship the
router. I had paid by Money Order. He had cashed it. I contacted eBay. They
gave me the person's phone number and address. I called. He hung up. I
called the local Sheriff and filed a complaint. They visited his home. He
shipped.

If the person with whom you are dealing has committed a crime then get the
local law enforcement on his case. If you know the names of others who have
also been defrauded, ask them to also file a complaint.

Give the auction company grief. Have the thief barred from selling. Post his
name here so we don't get taken.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 03, 2001 1:24 PM
> To: [EMAIL PROTECTED]
> Subject: OT:Advise on Auction fraud [7:28004]
> 
> 
> Sorry for off topic
> I recentley bcame the victim of the Auction fraud the guy 
> took my $1000 for
> 2621 router and now not replying for my emails and also I 
> came to know that
> thi s guy is a fraud and  done similiar thing to at least 4 
> other people ,Now
> what are the options I have to get my money back from him
> 
> Thanks for all your advise
> Kaamvi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28009&t=28004
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: O/T Cisco article from SJ Mercury [7:28007]

[VoIP Guy]

Cool article.  Thnaks!

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> This is filler due to the GroupStudy bug that eliminates text with URLs at
> the beginning of messages. This is filler due to the GroupStudy bug that
> eliminates text with URLs at the beginning of messages.  This is filler
due
> to the GroupStudy bug that eliminates text with URLs at the beginning of
> messages.  This is filler due to the GroupStudy bug that eliminates text
> with URLs at the beginning of messages.
>
> FYI: Interesting article on the "true" history of Cisco, with more credit
> given to Stanford and less to Bosack and Lerner.
>
> http://www.siliconvalley.com/docs/news/depth/cisco120201.htm
>
> 
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28008&t=28007
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

O/T Cisco article from SJ Mercury [7:28007]

[Priscilla Oppenheimer]

This is filler due to the GroupStudy bug that eliminates text with URLs at 
the beginning of messages. This is filler due to the GroupStudy bug that 
eliminates text with URLs at the beginning of messages.  This is filler due 
to the GroupStudy bug that eliminates text with URLs at the beginning of 
messages.  This is filler due to the GroupStudy bug that eliminates text 
with URLs at the beginning of messages.

FYI: Interesting article on the "true" history of Cisco, with more credit 
given to Stanford and less to Bosack and Lerner.

http://www.siliconvalley.com/docs/news/depth/cisco120201.htm



Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28007&t=28007
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: O/T Cisco article from SJ Mercury [7:28005]

[juno vtv]

Thanks for the article Priscilla.  
It was very enlightening.

-junovtv


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28006&t=28005
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

O/T Cisco article from SJ Mercury [7:28005]

[Priscilla Oppenheimer]

FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT:Advise on Auction fraud [7:28004]

[[EMAIL PROTECTED]]

Sorry for off topic
I recentley bcame the victim of the Auction fraud the guy took my $1000 for
2621 router and now not replying for my emails and also I came to know that
thi s guy is a fraud and  done similiar thing to at least 4 other people ,Now
what are the options I have to get my money back from him

Thanks for all your advise
Kaamvi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28004&t=28004
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ISDN and NAT [7:28003]

[Marcel van Dorp]

Hi,

I try to connect a Cisco router to both the Internet and the office HQ. Both
connections assign a dynamic IP address when the connection i established.
The relevant part of the config (Running 11.3(9):



ip
subnet-zero
ip nat inside source list 1 interface BRI0
overload
isdn switch-type
basic-net3
!  
 
!  
 
interface
Ethernet0
 ip address 192.168.165.100
255.255.255.0
 ip nat
inside
!  
 
interface
BRI0
 ip address
negotiated
 ip nat
outside
 encapsulation
ppp
 dialer pool-member
1
 ppp authentication chap pap
callin
!  
 
interface Dialer1 
 description *** Connected to HQ
***
 ip address
negotiated
 ip nat
outside
 encapsulation
ppp
 load-interval
30
 dialer
remote-name
 dialer
string
 dialer-group
1
 ppp authentication chap pap
callin
 ppp pap sent-username  password 7  
!  
 
interface
Dialer2
 description *** Connected to ISP ***
 ip address
negotiated
 ip nat
outside
 encapsulation
ppp
 load-interval
30
 dialer
remote-name
 dialer
string
 dialer pool
1
 dialer-group
1
 ppp authentication chap pap
callin
 ppp pap sent-username  password 7  
!
ip
classless
ip route 0.0.0.0 0.0.0.0
Dialer2
ip route 132.229.0.0 255.255.0.0
Dialer1
!  
 
access-list 1 permit
any
dialer-list 1 protocol ip
permit



If a packet for the HQ arrives, the ISDN-line will open, and the connection
will work. The same counts for a packet to HQ, but with one link up, the
other won't work. Does anyone have a clue how to solve  this?


I think the combination with NAT and negotiated IP address is the problem.
With fixed addresses it'll work, but unfortunately I can get only 1
IP-address fixed (no, not the HQ-one, not within a reasonable timeframe :*(

Does anyone knows a way to solve/workaround this?

TIA!

Marcel



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28003&t=28003
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: "sh IP route" and IP question [7:27997]

[Lupi, Guy]

Can you send the configs of the 2 routers?

-Original Message-
From: Bob Perez [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 03, 2001 1:00 PM
To: [EMAIL PROTECTED]
Subject: "sh IP route" and IP question [7:27997]


I have a ISDN failover connection and whenever the connection kicks in and I
do a "show IP route" I get the following information and it is not correct.
Atlanta RTR(I did "sh ip ro")-  C 128.121.22.146/32 BRI0/0  When in
actuality, the BRI int on the other router is 128.121.22.146/28
I disconnect the ISDN and the route disappears which is what should happen

Does anyopne know what would cause the one router to detect the wrong net
address from the other routers BRI?  This is stopping me from being able to
hit the other router when the S0/0 goes down.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28001&t=27997
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: "sh IP route" and IP question [7:27997]

[Raul F. Fernandez-IGLOU]

The good ole PPP host route generated by PPP. If you use HDLC encap it will
not happpen but they you have to for go all the nice things PPP encap gies
ya. You can also disable the host route genration on the BRI interface.

Raul
- Original Message -
From: "Bob Perez" 
To: 
Sent: Monday, December 03, 2001 12:59 PM
Subject: "sh IP route" and IP question [7:27997]


> I have a ISDN failover connection and whenever the connection kicks in and
I
> do a "show IP route" I get the following information and it is not
correct.
> Atlanta RTR(I did "sh ip ro")-  C 128.121.22.146/32 BRI0/0  When in
> actuality, the BRI int on the other router is 128.121.22.146/28
> I disconnect the ISDN and the route disappears which is what should happen
>
> Does anyopne know what would cause the one router to detect the wrong net
> address from the other routers BRI?  This is stopping me from being able
to
> hit the other router when the S0/0 goes down.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28002&t=27997
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Re[4]: VPN is a Backdoor !!! [7:27725]

[Kent Hundley]

Not sure what you mean by this.  The VPN technology used is irrelevant.  If
I have a home user who uses their laptop to access the Internet, there are
various ways that machine could become compromised.  If that user then
attaches to the VPN, I have a machine on my VPN that is compromised.  It
doesn't matter what the method of VPN is (L2TP with IPsec, PPTP, etc), it's
not going to keep a compromised machine from continuing to be compromised.

All the VPN can do is keep a non-compromised machine from becoming
compromised through the VPN.  If the machine is compromised before it
connects to the VPN, no amount of VPN technology is going to help.

This issue is not solvable through VPN technology because it isn't a VPN
problem.  It's an end-station access control problem.  At the end of the
day, if your users are allowed to completely control their own machines, the
liklihood that someones machine will be compromised approaches 1.0. (in
other words, certainty)  This risk can be mitigated through various software
and poliices, but it cannot be eliminated.

-Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
SentinuS
Sent: Saturday, December 01, 2001 5:35 AM
To: [EMAIL PROTECTED]
Subject: Re[4]: VPN is a Backdoor !!! [7:27725]


May be. But if you use L2TP or Layer 3 transport on VPN, all your
mobile users could be Local. Thus you don't need to additional
security on your Mobile user (I mean firewall or anti-virus app.)

SentinuS


Friday, November 30, 2001, 6:07:02 PM, you wrote:

KH> Your right, but it is nearly impossible to secure the client.  The
problem
KH> is that no matter how much education you give users, most will still do
the
KH> "wrong" thing given the right circumstances.  For example, if they are
in a
KH> chat room and someone they are communicating with sends them a file,
most
KH> will open it, no matter how many times you tell them not to.

--cut here---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=28000&t=27725
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Diffle-Hellman Exchange Question [7:27952]

[Alex Lei]

I have a link here for your reference. Read the section on RSA.

http://www.cisco.com/warp/public/105/IPSECpart3.html


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27999&t=27952
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Diffle-Hellman Exchange Question [7:27952]

[Alex Lei]

Hello Hunt,

In my understanding the shared key never go across the network. Each peer
computes it out separately. Where did you see in CCO saying that the DES key
is sent across the internet?

Alex


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27998&t=27952
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

"sh IP route" and IP question [7:27997]

[Bob Perez]

I have a ISDN failover connection and whenever the connection kicks in and I
do a "show IP route" I get the following information and it is not correct.
Atlanta RTR(I did "sh ip ro")-  C 128.121.22.146/32 BRI0/0  When in
actuality, the BRI int on the other router is 128.121.22.146/28
I disconnect the ISDN and the route disappears which is what should happen

Does anyopne know what would cause the one router to detect the wrong net
address from the other routers BRI?  This is stopping me from being able to
hit the other router when the S0/0 goes down.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27997&t=27997
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: over 1700 passing ccie written every month [7:23860]

[Jason]

Oh brother... here we go again...

""Tim Booth""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > It's fine to have a healthy opinion of Cisco vs Microsoft accreditations
> but
> > I do think you are severely underestimating the new Microsoft exams.
>
>   The new Microsoft exams are a joke. They do NOT test your knowledge on
> Microsoft products. They're absolutely terrible tests IMO. Certainly they
> don't test your ability to do anything constructive, and certainly don't
> compare to Cisco exams much less the IE lab for how much they actually
test
> useful knowledge.
>
> Kind Regards,
> Tim Booth




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27996&t=23860
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VoIP MC-3810 [7:27874]

[[EMAIL PROTECTED]]

Surely I will check. I will also check the part number and reply soon.

Thank you a lot.


-Original Message-
From: Peter Whittle [mailto:[EMAIL PROTECTED]]
Sent: sabado, 1 de dezembro de 2001 07:55
To: [EMAIL PROTECTED]
Subject: Re: VoIP MC-3810 [7:27874]


Hugo,

If you are after some e.g. configs take a look at my earlier post in
the
GroupStudy ccielab archives. Posting 200111/msg01481.

Peter

 article , [EMAIL PROTECTED]
 writes
>Peter,
>
>Thank you for replying. Great info that the IOS image should contain
>"v5" feature set.  ;-))
>
>The box is an MC-3810 (not V or V3) with 32MB DRAM and 8MB flash with
>mc3810-is-mz.120-5.XK image.
>
>ROM: System Bootstrap, Version 12.0(6r)T4, RELEASE SOFTWARE (fc1)
>ROM: MC3810 Software (MC3810-WBOOT-M), Version 12.0(6r)T4,  RELEASE
>SOFTWARE (fc1)
>
>As fas I understood reading the notes at:
>
>this box will recognize a 64MB DRAM.
>
>Am I correct?
>
>TIA
>
>
>-Original Message-
>From: Peter Whittle [mailto:[EMAIL PROTECTED]]
>Sent: sexta-feira, 30 de novembro de 2001 21:40
>To: [EMAIL PROTECTED]
>Subject: Re: VoIP MC-3810 [7:27874]
>
>
>The MC-3810 supports VoIP if you have a v5 variant of the IOS.
>
>eg enterprise + voatm + voip would be mc3810-a2jsv5_122-3.bin
>
>Of course you need a voice module, AVM (analogue), BVM (ISDN Bri),
>DVM (ISDN Pri, CAS) and any load will do vofr. 
>
>
>However, VoIP loads require 64 Mbytes DRAM.
>
>If you upgrade an old mc-3810 or mc-3810v you need recent BOOTROMs,
>take
>a look in the release notes for details. If your bootroms are not
>recent
>enough then a 64Mb SIMM will only show up as 16 Mb! The bootroms are
a
>free of charge item. You will have to pay postage and may need to
>order
>them via a partner if you don't have SMARTNET on the routers.
>
>Peter
>
>
> In article , [EMAIL PROTECTED]
> writes
>>Just to confirm. Can a MC-3810 do VoIP or only VoFR?
>>
>>Thanks,
>>
>>Hugo
>>html
>>Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>>
>

-- 
Peter Whittle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27995&t=27874
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VACL to block AppleTalk [7:27994]

[Jeff]

Anyone using any vacls to block AppleTalk on 6500's?

Just looking for some veteran vacl guys/gals who are familiar with this. I
think the following would work but I don't want to miss anything.

set security acl mac NoAppleTalk deny any any ethertalk
commit security acl NoAppleTalk
set security acl map NoApple (vlan)

Thanks,
Jeff




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27994&t=27994
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE R/S written [7:27968]

[Nick Lesewski]

This brings up an excellent point.  The current exam has been around for 
some time and we all know the types of things it covers.  There are several 
books on the topic, a bunch of sites that offer training materials and, of 
course, the bosons.  The new exam is an unknown beast, and it will take that 
much longer to prepare for.

My advice for those who feel they might follow this track is to get it over 
with.  As hard as it is, it will only be harder when the new one comes out 
because you won't have all the tools that are available today.

I thought the ccbotcamp book was great, the Exam Cram was OK, and the prep 
guide was adequate. I used all three bosons, and they were great.  I don't 
know remember which one, but one of them had over 400 questions.

Just my $.02



>From: "Engelhard M. Labiro" 
>Reply-To: "Engelhard M. Labiro" 
>To: [EMAIL PROTECTED]
>Subject: Re: CCIE R/S written [7:27968]
>Date: Mon, 3 Dec 2001 08:41:41 -0500
>
> > does any body knows the tentative date of the new version of CCIE R/S
> > written qualificationt test would be applied
>
>The rumour is January 2002.
>
> >how much material
> > difference it would be compared to the old one ?
>
>Have no idea.
>
> > I'm preparing for CCIE R/S written test, and it seems to be a bad time 
>for
> > it because of the transtition period...
>
>Better hurry, since Bosons are quite good match for the real exam.
>
>HTH.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27993&t=27968
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Private VLAN's & VTP [7:27940]

[Rajesh Kumar]

VLANs configured as PVLANs are done only when the VTP mode is transparent. 
So the VTP
messages aren't carried or passed to the adjacent switch.  You will have to
configure in
all the switches.  By the way, which platform you are using and which
version of
software?

Thanks
Rajesh


Urooj's Hi-speed Internet wrote:

> Hi Folks,
> Do VLAN's configured as PVLAN's get communicated throughout the VTP domain
> via VTP messages or are they kept segregated ? Can someone please enlighten
> me on this ? Thanks very much.
>
> Aziz

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of pikumar.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27992&t=27940
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT question [7:27964]

[Kaminski, Shawn G]

They're probably talking about a baseline (monitor/record a certain type of
network activity over a period of time).

Shawn

-Original Message-
From: Mark Odette II [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, December 02, 2001 11:16 PM
To: [EMAIL PROTECTED]
Subject: RE: CIT question [7:27964]


I'm not sure what exactly it is, but the first thing that comes to mind is
maybe an SNMP profile, or the level of Syslog to specify with logging to a
remote syslog server.

-Mark Odette II
CCNA, 3/4 CCNP, MCSE 4.0/2000, A+ certified.
StellarConnection Services

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Vajira Wijesinghe
Sent: Sunday, December 02, 2001 9:26 PM
To: [EMAIL PROTECTED]
Subject: CIT question [7:27964]


In a recent sitting for the CIT paper I found a question asking to name the
"profile" which network engineers maintain, objective being to
monitor/record a certain type of network activity over a period of time so
that it could be useful in arriving into conclusions in a problematic
situation. Does any one could give some clue as to what this "profile"is?

Thanks
- (on postoffice)

The information contained in this email is confidential and is meant to be
read only by the person to whom it is addressed.Please visit
http://www.millenniumit.com/legal/email.htm to read the entire
confidentiality clause.

-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27991&t=27964
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can I use the xmodem -s 38400 in Cat6K [7:27936]

[Patrick Ramsey]

If I remember correctly, the last time I had to do this with a 6509 I used
115200 and it worked fine.

-Patrick

>>> "guest 2001"  12/01/01 09:29PM >>>
I found a doc about howto use xmodem to recover the image of cat5000&4000,it
says you can use the xmodem -s 38400 to download via console.And I also
found a topic says recommand not to set the speed upper than 19200,the
xmodem command has some option:
-c to use crc16
-s set speed

I am using the teraterm terminal emulator,It can support these,
can I use "xmodem -s 38400 -c  " command to recover the image.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27990&t=27936
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re[4]: VPN is a Backdoor !!! [7:27725]

[Patrick Ramsey]

I'm not sure I follow...

At any time, regardless of protocol, a remote user coming in on a vpn has
the potential to bring a hacker in with him.

>>> "SentinuS"  12/01/01 08:35AM >>>
May be. But if you use L2TP or Layer 3 transport on VPN, all your
mobile users could be Local. Thus you don't need to additional
security on your Mobile user (I mean firewall or anti-virus app.)

SentinuS


Friday, November 30, 2001, 6:07:02 PM, you wrote:

KH> Your right, but it is nearly impossible to secure the client.  The
problem
KH> is that no matter how much education you give users, most will still do
the
KH> "wrong" thing given the right circumstances.  For example, if they are
in a
KH> chat room and someone they are communicating with sends them a file, most
KH> will open it, no matter how many times you tell them not to.

--cut here---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27989&t=27725
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IP ONLY OVER ISDN [7:27972]

[John Neiberger]

I'm wondering if this is a trick question.  My first thought is that if
you only configure an IP address on the link then only IP will pass over
the link.  Without additional configuration this alone would stop IPX,
AT, bridged traffic, etc. from crossing the link.

Another thought is that DLSw+ is IP, yet it carries bridged traffic. 
Do you want to stop that?  Use an access list.

The only other traffic then might be CDP, so use 'no cdp enable' on the
BRI to turn that off.

I suppose you wouldn't be able to stop someone from tunneling some
other protocol in IP over the link but I don't think you're concerned
about that.

Am I making this harder than you intended?  :-)  Forgive me, I need
more coffee and I have a cold.

Regards,
John

>>> "Robert McCallum"  12/3/01 1:58:13 AM >>>
Hi,

Simple question here but how can you ensure that when an ISDN line is
Up 
that no matter what is configured that ONLY IP can go across the line.

_
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27988&t=27972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: isdn problem [7:27975]

[junos]

Robert was right!


""sudhakar""   >Dear Sir
>
>  i connected router1 and router2 by BRI0 isdn line, but it showing
conection
> fails., not pinging , So plese give me solution on this.
> > waoting for u r replay
>
> router1
>
> router1#sh run
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname router1
> !
>
> !
> username router2 password 0 router2
> ip subnet-zero
> isdn switch-type basic-net3
> !
> !
> !
> !
>  interface Ethernet0
>  ip address 198.168.0.8 255.255.255.0
>  no ip directed-broadcast
>  no ip route-cache
> !
> interface Serial0
>  description BLR-PUN LINK
>  bandwidth 64
>  ip address 172.16.127.4 255.255.255.0
>  no ip directed-broadcast
>  no ip route-cache
>  shutdown
>  no fair-queue
> !
> interface BRI0
>  ip address 172.16.130.2 255.255.255.0
>  ip directed-broadcast
>  encapsulation ppp
>  dialer idle-timeout 500
>  dialer-group 1
>  isdn switch-type basic-net3
>  no peer default ip address
>  no fair-queue
>  ppp authentication pap
>
> router rip
>  redistribute static
>  network 172.16.0.0
>
> ip classless
> ip route 0.0.0.0 0.0.0.0 172.16.130.1
> !
> !
> line con 0
>   transport input none
> line vty 0 4
>
> !
> end
>
> Router2
> router2#sh run
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname router2
> !
> enable password 12#$
> !
> username mcd password 0 12#$
> username router1 password 0 router1
> ip subnet-zero
> isdn switch-type basic-net3
> !
> !
> !
> interface Ethernet0
>  ip address 172.16.4.3 255.255.255.0
>  ip directed-broadcast
>  no ip route-cache
> !
> interface Serial0
>  bandwidth 64
>  ip address 172.16.129.1 255.255.255.0
>  no ip directed-broadcast
> !
> interface BRI0
>  bandwidth 64
>  ip address 172.16.130.1 255.255.255.0
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer idle-timeout 99
>  dialer map ip 172.16.130.2 broadcast 2648970
>  dialer hold-queue 25
>  dialer load-threshold 1 either
>  dialer-group 1
>  isdn switch-type basic-net3
>  no peer default ip address
>  ppp authentication pap
> !
> router rip
>  network 172.16.0.0
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 172.16.4.1
> ip route 172.16.126.0 255.255.255.0 172.16.4.1
> ip route 172.16.130.0 255.255.255.0 172.16.130.2
> !
> dialer-list 1 protocol ip permit
> !
> line con 0
>  password 123
>  transport input none
> line vty 0 4
>  password 123
>  login
> !
> end
>
> Debugg file
> router2#debug is
> router2#debug isdn eve
> router2#debug isdn events
> ISDN events debugging is on
> router2#p
> *Apr 19 04:52:15.118: ISDN BR0: TX ->  RRp sapi = 0  tei = 94 nr = 10
> *Apr 19 04:52:15.158: ISDN BR0: RX   INFOc sapi = 0  tei = 94  ns = 6  nr
=
> 10
>   i = 0x080115050402889018018370088032363438393730
> *Apr 19 04:52:15.884: SETUP pd = 8  callref = 0x15
> *Apr 19 04:52:15.884: Bearer Capability i = 0x8890
> *Apr 19 04:52:15.888: Channel ID i = 0x83
> *Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970'
> *Apr 19 04:52:15.944: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 11
> *Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193
> *Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned
by
> swi
> tch 0
> ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 12
> *Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193
> *Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to
up
> *Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected
to
> 2648
> 970
> *Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout
> *Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open
> *Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10
> *Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3
(0x05060184C7B3)
> *Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64
Kb/s
> *Apr 19 04:52:16.805: ISDN BR0: TX ->  INFOc sapi = 0  tei = 94  ns = 7
nr =
> 12
>   i = 0x0801150F
> *Apr 19 04:52:16.809: CONNECT_ACK pd = 8  callref = 0x15
> *Apr 19 04:52:16.813: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 13
> *Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id
0x8193
> Facility i = 0x91A1130202410B020122300AA1053003020101820100
> *Apr 19 04:52:16.844:   - ETSI Supplementary Service, Invoke, AOC-D
Charging
> Uni
> ts: 1
> *Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1
> *Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14
> *Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023)
> *Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3
(0x05060393D0A3)
> *Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9
> *Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C22305)
> *Apr 19 04:52:16.864:

RE: isdn problem [7:27975]

[Ng, Kim Seng David (David)]

>From your config, I assume you ping from router 2 to 1 since you only
have dialer map at BRI0 of router 2. I think you are missing this in the
interface config of BRI0 at router 2

ppp pap sent-username ... password .

Hope this helps...

-Original Message-
From: sudhakar [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 03, 2001 7:18 PM
To: [EMAIL PROTECTED]
Subject: isdn problem [7:27975]


>Dear Sir

 i connected router1 and router2 by BRI0 isdn line, but it showing
conection
fails., not pinging , So plese give me solution on this.
> waoting for u r replay

router1

router1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!

!
username router2 password 0 router2
ip subnet-zero
isdn switch-type basic-net3
!
!
!
!
 interface Ethernet0
 ip address 198.168.0.8 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!
interface Serial0
 description BLR-PUN LINK
 bandwidth 64
 ip address 172.16.127.4 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 shutdown
 no fair-queue
!
interface BRI0
 ip address 172.16.130.2 255.255.255.0
 ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 500
 dialer-group 1
 isdn switch-type basic-net3
 no peer default ip address
 no fair-queue
 ppp authentication pap

router rip
 redistribute static
 network 172.16.0.0

ip classless
ip route 0.0.0.0 0.0.0.0 172.16.130.1
!
!
line con 0
  transport input none
line vty 0 4

!
end

Router2
router2#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router2
!
enable password 12#$
!
username mcd password 0 12#$
username router1 password 0 router1
ip subnet-zero
isdn switch-type basic-net3
!
!
!
interface Ethernet0
 ip address 172.16.4.3 255.255.255.0
 ip directed-broadcast
 no ip route-cache
!
interface Serial0
 bandwidth 64
 ip address 172.16.129.1 255.255.255.0
 no ip directed-broadcast
!
interface BRI0
 bandwidth 64
 ip address 172.16.130.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 99
 dialer map ip 172.16.130.2 broadcast 2648970
 dialer hold-queue 25
 dialer load-threshold 1 either
 dialer-group 1
 isdn switch-type basic-net3
 no peer default ip address
 ppp authentication pap
!
router rip
 network 172.16.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.4.1
ip route 172.16.126.0 255.255.255.0 172.16.4.1
ip route 172.16.130.0 255.255.255.0 172.16.130.2
!
dialer-list 1 protocol ip permit
!
line con 0
 password 123
 transport input none
line vty 0 4
 password 123
 login
!
end

Debugg file
router2#debug is
router2#debug isdn eve
router2#debug isdn events
ISDN events debugging is on
router2#p
*Apr 19 04:52:15.118: ISDN BR0: TX ->  RRp sapi = 0  tei = 94 nr = 10
*Apr 19 04:52:15.158: ISDN BR0: RX   INFOc sapi = 0  tei = 94  ns = 6
nr =
10
  i = 0x080115050402889018018370088032363438393730
*Apr 19 04:52:15.884: SETUP pd = 8  callref = 0x15
*Apr 19 04:52:15.884: Bearer Capability i = 0x8890
*Apr 19 04:52:15.888: Channel ID i = 0x83
*Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970'
*Apr 19 04:52:15.944: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 11
*Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193
*Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel
assigned by
swi
tch 0
ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 12
*Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193
*Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to
up
*Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected
to
2648
970
*Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout
*Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open
*Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10
*Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3
(0x05060184C7B3)
*Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64
Kb/s
*Apr 19 04:52:16.805: ISDN BR0: TX ->  INFOc sapi = 0  tei = 94  ns = 7
nr =
12
  i = 0x0801150F
*Apr 19 04:52:16.809: CONNECT_ACK pd = 8  callref = 0x15
*Apr 19 04:52:16.813: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 13
*Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id
0x8193
Facility i = 0x91A1130202410B020122300AA1053003020101820100
*Apr 19 04:52:16.844:   - ETSI Supplementary Service, Invoke, AOC-D
Charging
Uni
ts: 1
*Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1
*Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14
*Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023)
*Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3
(0x05060393D0A3)
*Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9
*Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C

Re: CBAC question [7:27751]

[VoIP Guy]

Remember this rule:

For CBAC to work (let something back in), it has to have an access-list
bocking it.

Let me explain.  CBAC is a tool the monitors communications over an
interface and protects against session hijacking, and other hacking
exploits.  It's also a tool thet lets something pass through only if it
started on the other side.  So if you have a client inside that initiates a
web page download, (port 80), CBAC will only let the page back in if it flow
was initiated from iside the network first.  It's a glorified access-list
with the "established" keyword.  You put CBAC on in interface in THE
DIRECTON YOU WISH TO START THE COMMUNICATION.  This starts the monitoring
session of that flow.  Then in order for the packet to come back in via
CBAC, it needs an access list to first stop it.

Here's a correct implementation of CBAC.  Notice that access-list 100 blocks
everything in the world but ping replies from comming back in.  Without
CBAC, nothing would come back in, but with CBAC on, if the communication
started on the inside, the comminication will come back in. This is why you
need an extended access-list for the external interface, because what if you
just wanted to monitor POP3 mail sessions, you would need an extended list
that can block 110.  A standard list will not block 110.


Current configuration : 1555 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$VwiM$FoLwO/1A5zmRHzs5VzzNs/
!
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect name stop tcp
ip inspect name stop udp
ip inspect name stop ftp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
interface Ethernet0
 ip address 192.168.42.254 255.255.255.0
 ip access-group 100 in
 ip access-group 2 out
 ip nat outside
 ip inspect stop out
 half-duplex
!
interface FastEthernet0
 bandwidth 10
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 speed auto
 full-duplex
!
ip default-gateway 192.168.42.1
ip nat pool test 192.168.42.254 192.168.42.254 netmask 255.255.255.0
ip nat inside source list 1 pool test overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.42.1
no ip http server
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit 192.168.42.0 0.0.0.255
access-list 100 permit icmp any any echo-reply
!
!
!
line con 0
 password 16050
 login
line aux 0
 password 16050
 login
line vty 0 4
 password 16050
 login
line vty 5 15
 password 16050
 login
!
no scheduler allocate
end
""Matthew Crane""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Its all about what you want CBAC to do for you. CXBAC is there to prevent
> access from outside to your network, so from inside to outside so keep as
> loose a possible, hence standard access lists.
>
> For inbound access, then if you want CBAC to look at it, the inspection
must
> be more granular.
>
> For the purposes of CBAC you trust whats going out so access can be a
vague
> as you want, but inbound you do not trust at all, BUT it just might be
> valid, but you wnat to inspect and know as much about the inbound tarffic
as
> possible before you make a decision on letting it in.
>
>
> Hunt Lee wrote:
> >
> > I have read the MCNS (Cisco Press) book several times,
> > expecially on Chapter
> > 8, however, I'm still very confused about the following
> > question:
> >
> > The book states that when configuring CBAC on an external
> > interface,
> >
> > 1)The Outbound Access-List can be standard or extended
> > 2)The Inbound Access-List MUST be extended
> >
> > And when configuring CBAC on an external interface,
> >
> > 1)The Inbound Access-List at the internal interface or
> > Outbound
> > Access-List can be either standard or extended
> > 2)The Outbound Access-List at internal interface or Inbound
> > Access-List
> > at external interface MUST be extended.
> >
> > It also states that for CBAC to create a temporary opening in an
> > access-list, the access-list Must be extended?
> >
> >
> > Any help is greatly appreciated.
> >
> > Best Regards,
> > Hunt Lee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27985&t=27751
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat5 OS on Catalyst 1200 [7:27969]

[Fanglo MA]

Yes, it is set base but many commands are different such as

cat5 enable) set vlan 2 port 2-3
cat12 enable) set bridge vlan 2 port 2-3

Anyone know is it possible to load cat5 OS on cat1200?

Regards,
Fanglo


On Mon, 3 Dec 2001, Circusnuts wrote:

> I think what you're hearing, is that the OS looks the same.  1200 OS is set
> based and reacts just like the 5000's CatOS, but not many features of
> course.  I think the last revision for the 1200 OS was either in 1996 or
> 1997.
>
> Phil
>
> - Original Message -
> From: "Fanglo MA" 
> To: 
> Sent: Monday, December 03, 2001 1:03 AM
> Subject: Cat5 OS on Catalyst 1200 [7:27969]
>
>
> > Dear ALL,
> >
> > I have told that someone has try upload Cat5 OS on Catalyst 1200. Is it
> > possible? Anyone try before?
> >
> >
> > Regards,
> > Fanglo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27984&t=27969
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE R/S written [7:27968]

[Engelhard M. Labiro]

> does any body knows the tentative date of the new version of CCIE R/S
> written qualificationt test would be applied

The rumour is January 2002.

>how much material
> difference it would be compared to the old one ?

Have no idea.

> I'm preparing for CCIE R/S written test, and it seems to be a bad time for
> it because of the transtition period...

Better hurry, since Bosons are quite good match for the real exam.

HTH.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27983&t=27968
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy routing BGP Neighbor relationships [7:27976]

[Engelhard M. Labiro]

> Is it me or does BGP not allow you to form a peering session unless you
have
> a route to the host in the routing table, no matter what.

Yes, eBGP won`t form a session if the peer address is not in
its route table.

> It closes
> connected sessions even if I have policy route data forwarding configured
> and even if traffic is forwarding correctly.

The default for  "ip local policy route-map" command is packets
that are generated by the router itself are not policy routed.
So the BGP session to port 179 that generated by the router
will not hit the route-map.

> Is there some knob I'm
> forgetting about (other than using a static classful route to null0)?

None that I know other than static route to the loopback.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27982&t=27976
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CIT question [7:27964]

[GAHellinger]

"baseline"

""Vajira Wijesinghe""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> In a recent sitting for the CIT paper I found a question asking to name
> the "profile" which network engineers maintain, objective being to
> monitor/record a certain type of network activity over a period of time
> so that it could be useful in arriving into conclusions in a problematic
> situation.
> Does any one could give some clue as to what this "profile"is?
>
> Thanks
> - (on postoffice)
>
> The information contained in this email is confidential and is meant to be
> read only by the person to whom it is addressed.Please visit
> http://www.millenniumit.com/legal/email.htm to read the entire
> confidentiality clause.
>
> -




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27981&t=27964
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: isdn problem [7:27975]

[Engelhard M. Labiro]

Assume that router1 initiates call to router2, the password
that router1 send to router2  must be the SAME with the
password configured at router2.


> router1#sh run

> username router2 password 0 router2

> router2#sh run
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname router2
> !
> enable password 12#$
> !
> username mcd password 0 12#$
> username router1 password 0 router1

> *Apr 19 04:52:16.987: BR0:1 LCP: I CONFREQ [REQsent] id 129 len 14
> *Apr 19 04:52:16.991: BR0:1 LCP:AuthProto PAP (0x0304C023)
> *Apr 19 04:52:16.991: BR0:1 LCP:MagicNumber 0x0393D0A3
(0x05060393D0A3)
> *Apr 19 04:52:16.995: BR0:1 LCP: O CONFREJ [REQsent] id 129 len 8
> *Apr 19 04:52:16.999: BR0:1 LCP:AuthProto PAP (0x0304C




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27980&t=27975
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM back-to-back [7:27970]

[Circusnuts]

ATM interface to ATM interfaces- yes

Check out these archive links:
http://www.groupstudy.com/archives/cisco/200109/msg01872.html
http://www.groupstudy.com/archives/cisco/200109/msg01874.html
http://www.groupstudy.com/archives/cisco/200109/msg01883.html
http://www.groupstudy.com/archives/cisco/200109/msg01985.html
http://www.groupstudy.com/archives/cisco/200109/msg01986.html
http://www.groupstudy.com/archives/cisco/200109/msg01988.html

All the best !!!
Phil

- Original Message -
From: "Fanglo MA" 
To: 
Sent: Monday, December 03, 2001 1:09 AM
Subject: ATM back-to-back [7:27970]


> Dear ALL,
>
> I can access one VWIC-2E1 with 3600, would this can be done to setup ATM
> back-to-back? Anyone know the connection method?
>
> Regards,
> Fanglo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27979&t=27970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat5 OS on Catalyst 1200 [7:27969]

[Circusnuts]

I think what you're hearing, is that the OS looks the same.  1200 OS is set
based and reacts just like the 5000's CatOS, but not many features of
course.  I think the last revision for the 1200 OS was either in 1996 or
1997.

Phil

- Original Message -
From: "Fanglo MA" 
To: 
Sent: Monday, December 03, 2001 1:03 AM
Subject: Cat5 OS on Catalyst 1200 [7:27969]


> Dear ALL,
>
> I have told that someone has try upload Cat5 OS on Catalyst 1200. Is it
> possible? Anyone try before?
>
>
> Regards,
> Fanglo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27978&t=27969
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: isdn problem [7:27975]

[McCallum, Robert]

try adding a dialer string or dialer map statement to your bri interface

-Original Message-
From: sudhakar [mailto:[EMAIL PROTECTED]]
Sent: 03 December 2001 11:18
To: [EMAIL PROTECTED]
Subject: isdn problem [7:27975]


>Dear Sir

 i connected router1 and router2 by BRI0 isdn line, but it showing conection
fails., not pinging , So plese give me solution on this.
> waoting for u r replay

router1

router1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!

!
username router2 password 0 router2
ip subnet-zero
isdn switch-type basic-net3
!
!
!
!
 interface Ethernet0
 ip address 198.168.0.8 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!
interface Serial0
 description BLR-PUN LINK
 bandwidth 64
 ip address 172.16.127.4 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 shutdown
 no fair-queue
!
interface BRI0
 ip address 172.16.130.2 255.255.255.0
 ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 500
 dialer-group 1
 isdn switch-type basic-net3
 no peer default ip address
 no fair-queue
 ppp authentication pap

router rip
 redistribute static
 network 172.16.0.0

ip classless
ip route 0.0.0.0 0.0.0.0 172.16.130.1
!
!
line con 0
  transport input none
line vty 0 4

!
end

Router2
router2#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router2
!
enable password 12#$
!
username mcd password 0 12#$
username router1 password 0 router1
ip subnet-zero
isdn switch-type basic-net3
!
!
!
interface Ethernet0
 ip address 172.16.4.3 255.255.255.0
 ip directed-broadcast
 no ip route-cache
!
interface Serial0
 bandwidth 64
 ip address 172.16.129.1 255.255.255.0
 no ip directed-broadcast
!
interface BRI0
 bandwidth 64
 ip address 172.16.130.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 99
 dialer map ip 172.16.130.2 broadcast 2648970
 dialer hold-queue 25
 dialer load-threshold 1 either
 dialer-group 1
 isdn switch-type basic-net3
 no peer default ip address
 ppp authentication pap
!
router rip
 network 172.16.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.4.1
ip route 172.16.126.0 255.255.255.0 172.16.4.1
ip route 172.16.130.0 255.255.255.0 172.16.130.2
!
dialer-list 1 protocol ip permit
!
line con 0
 password 123
 transport input none
line vty 0 4
 password 123
 login
!
end

Debugg file
router2#debug is
router2#debug isdn eve
router2#debug isdn events
ISDN events debugging is on
router2#p
*Apr 19 04:52:15.118: ISDN BR0: TX ->  RRp sapi = 0  tei = 94 nr = 10
*Apr 19 04:52:15.158: ISDN BR0: RX   INFOc sapi = 0  tei = 94  ns = 6  nr =
10
  i = 0x080115050402889018018370088032363438393730
*Apr 19 04:52:15.884: SETUP pd = 8  callref = 0x15
*Apr 19 04:52:15.884: Bearer Capability i = 0x8890
*Apr 19 04:52:15.888: Channel ID i = 0x83
*Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970'
*Apr 19 04:52:15.944: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 11
*Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193
*Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned by
swi
tch 0
ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 12
*Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193
*Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
*Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
2648
970
*Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout
*Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open
*Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10
*Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3)
*Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64 Kb/s
*Apr 19 04:52:16.805: ISDN BR0: TX ->  INFOc sapi = 0  tei = 94  ns = 7  nr =
12
  i = 0x0801150F
*Apr 19 04:52:16.809: CONNECT_ACK pd = 8  callref = 0x15
*Apr 19 04:52:16.813: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 13
*Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id 0x8193
Facility i = 0x91A1130202410B020122300AA1053003020101820100
*Apr 19 04:52:16.844:   - ETSI Supplementary Service, Invoke, AOC-D Charging
Uni
ts: 1
*Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1
*Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14
*Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023)
*Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3)
*Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9
*Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C22305)
*Apr 19 04:52:16.864: BR0:1 LCP: I CONFACK [REQsent] id 139 len 10
*Apr 19 04:52:16.864: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3)
*Apr 19 04:52:16.880: BR0:1 LCP: 

Policy routing BGP Neighbor relationships [7:27976]

[Baety Wayne A1C 18 CS/SCBX]

Is it me or does BGP not allow you to form a peering session unless you have
a route to the host in the routing table, no matter what.  It closes
connected sessions even if I have policy route data forwarding configured
and even if traffic is forwarding correctly.  Is there some knob I'm
forgetting about (other than using a static classful route to null0)?
 
My little diagram...
  
178.24.1.1/32 204.22.10.1/32
  Lo Lo
   ||
R6   R7
  
   ||
 S0  S0
  192.1.1/24   (.3)  (.1)
 
a.  No static routes entered on R6 or R7
b.  BGP peers w/ loopback addresses
 
 
Here's 11.3 (R7) forgetting that it can reach the 12.0 router via policy
(debug output on R7)
3d05h: BGP: 178.24.1.1 remote close, state CLOSEWAIT
3d05h: BGP: 178.24.1.1 closing
 
(This message repeated indefinitely)
3d05h: BGP: 178.24.1.1 multihop open delayed 10112ms (no route)
3d05h: BGP: 178.24.1.1 multihop open delayed 12784ms (no route)
 
(traffic is forwarding!)
r7#ping 178.24.1.1
Sending 5, 100-byte ICMP Echos to 178.24.1.1, timeout is 2 seconds:
!
 
r7#config t
r7(config)#ip route 178.24.1.1 255.255.255.255 192.1.1.3[Ctl-Z]
 
[a few seconds later]
(debug output on R7)
3d05h: BGP: 178.24.1.1 open active, local address 204.22.10.1
 
r7#config t
r7(config)#no ip route 178.24.1.1 255.255.255.255 192.1.1.3[Ctl-Z]
 
[a few seconds later]
(debug output on R7)
3d07h: BGP: 178.24.1.1 multihop open delayed 17648ms (no route)
 
grrr.
 
(configs below)
 
 
Thanks for looking this over.
 
WAYNE BAETY, MCSE, A1C, USAF
Network Systems Trainer
 
 
ROUTER 6 CONFIG
 
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r6
!
logging buffered warnings
logging console warnings
enable password cisco
!
username cisco password 0 cisco
!
!
!
!
ip subnet-zero
!
!
!
process-max-time 200
!
interface Loopback0
 ip address 178.24.1.1 255.255.255.255
 no ip directed-broadcast
!
interface Ethernet0
 ip address 10.0.0.6 255.255.255.0 secondary
 ip address 6.6.6.6 255.255.255.0
 no ip directed-broadcast
!
interface Serial0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay
 no ip mroute-cache
 no fair-queue
 clockrate 25
 cdp enable
 frame-relay lmi-type cisco
!
interface Serial0.1 point-to-point
 ip address 10.255.1.2 255.255.255.252
 no ip directed-broadcast
 ip nat inside
 frame-relay interface-dlci 601
!
interface Serial0.2 point-to-point
 ip address 192.1.1.3 255.255.255.0
 no ip directed-broadcast
 ip nat outside
 ip policy route-map ebgp-rehop
 frame-relay interface-dlci 607
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
router bgp 300
 network 178.24.0.0
 neighbor 204.22.10.1 remote-as 100
 neighbor 204.22.10.1 ebgp-multihop 2
 neighbor 204.22.10.1 update-source Loopback0
!
ip local policy route-map ebgp-rehop
ip nat pool dynamic-net-pool 178.24.16.1 178.24.191.254 prefix-length 16
ip nat inside source list 1 pool dynamic-net-pool
ip nat inside source static 178.24.3.13 10.253.1.1
ip classless
no ip http server
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 101 permit tcp any host 204.22.10.1 eq bgp
access-list 101 permit icmp any host 204.22.10.1 echo
access-list 101 permit icmp any host 204.22.10.1 echo-reply
route-map ebgp-rehop permit 10
 match ip address 101
 set ip default next-hop 192.1.1.1
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 transport input none
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local
 monitor
 
END ROUTER 6 CONFIG
 
ROUTER 7 CONFIG 
 
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r7
!
enable password cisco
!
username cisco password 0 cisco
ip subnet-zero
ip nat pool dynamic-net-pool 204.22.10.16 204.22.10.191 prefix-length 24
ip nat inside source list 1 pool dynamic-net-pool
ip nat inside source static 204.22.10.13 20.255.1.5
!
!
interface Loopback0
 ip address 204.22.10.1 255.255.255.255
!
interface Ethernet0
 ip address 10.0.0.7 255.255.255.0 secondary
 ip address 7.7.7.7 255.255.255.0
!
interface Serial0
 no ip address
 encapsulation frame-relay
 no ip mroute-cache
 no fair-queue
 clockrate 25
 frame-relay lmi-type cisco
!
interface Serial0.1 point-to-point
 ip address 20.255.1.2 255.255.255.252
 ip nat inside
 no arp frame-relay
 frame-relay interface-dlci 705
!
interface Serial0.2 point-to-point
 ip address 192.1.1.1 255.255.255.0
 ip nat outside
frame-relay interface-dlci 706
!
interface Serial1
 no ip address
 shutdow

isdn problem [7:27975]

[sudhakar]

>Dear Sir

 i connected router1 and router2 by BRI0 isdn line, but it showing conection
fails., not pinging , So plese give me solution on this.
> waoting for u r replay

router1

router1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!

!
username router2 password 0 router2
ip subnet-zero
isdn switch-type basic-net3
!
!
!
!
 interface Ethernet0
 ip address 198.168.0.8 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!
interface Serial0
 description BLR-PUN LINK
 bandwidth 64
 ip address 172.16.127.4 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 shutdown
 no fair-queue
!
interface BRI0
 ip address 172.16.130.2 255.255.255.0
 ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 500
 dialer-group 1
 isdn switch-type basic-net3
 no peer default ip address
 no fair-queue
 ppp authentication pap

router rip
 redistribute static
 network 172.16.0.0

ip classless
ip route 0.0.0.0 0.0.0.0 172.16.130.1
!
!
line con 0
  transport input none
line vty 0 4

!
end

Router2
router2#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router2
!
enable password 12#$
!
username mcd password 0 12#$
username router1 password 0 router1
ip subnet-zero
isdn switch-type basic-net3
!
!
!
interface Ethernet0
 ip address 172.16.4.3 255.255.255.0
 ip directed-broadcast
 no ip route-cache
!
interface Serial0
 bandwidth 64
 ip address 172.16.129.1 255.255.255.0
 no ip directed-broadcast
!
interface BRI0
 bandwidth 64
 ip address 172.16.130.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 99
 dialer map ip 172.16.130.2 broadcast 2648970
 dialer hold-queue 25
 dialer load-threshold 1 either
 dialer-group 1
 isdn switch-type basic-net3
 no peer default ip address
 ppp authentication pap
!
router rip
 network 172.16.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.4.1
ip route 172.16.126.0 255.255.255.0 172.16.4.1
ip route 172.16.130.0 255.255.255.0 172.16.130.2
!
dialer-list 1 protocol ip permit
!
line con 0
 password 123
 transport input none
line vty 0 4
 password 123
 login
!
end

Debugg file
router2#debug is
router2#debug isdn eve
router2#debug isdn events
ISDN events debugging is on
router2#p
*Apr 19 04:52:15.118: ISDN BR0: TX ->  RRp sapi = 0  tei = 94 nr = 10
*Apr 19 04:52:15.158: ISDN BR0: RX   INFOc sapi = 0  tei = 94  ns = 6  nr =
10
  i = 0x080115050402889018018370088032363438393730
*Apr 19 04:52:15.884: SETUP pd = 8  callref = 0x15
*Apr 19 04:52:15.884: Bearer Capability i = 0x8890
*Apr 19 04:52:15.888: Channel ID i = 0x83
*Apr 19 04:52:15.888: Called Party Number i = 0x80, '2648970'
*Apr 19 04:52:15.944: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 11
*Apr 19 04:52:16.130: ISDN BR0: received HOST_INFORMATION call_id 0x8193
*Apr 19 04:52:16.694: ISDN Event: dsl 0 call_id 0x8193 B channel assigned by
swi
tch 0
ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 12
*Apr 19 04:52:16.765: ISDN BR0: received HOST_CONNECT call_id 0x8193
*Apr 19 04:52:16.765: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
*Apr 19 04:52:16.789: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to
2648
970
*Apr 19 04:52:16.793: BR0:1 PPP: Treating connection as a callout
*Apr 19 04:52:16.797: BR0:1 PPP: Phase is ESTABLISHING, Active Open
*Apr 19 04:52:16.797: BR0:1 LCP: O CONFREQ [Closed] id 139 len 10
*Apr 19 04:52:16.801: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3)
*Apr 19 04:52:16.801: ISDN BR0: Event: Connected to 2648970 on B1 at 64 Kb/s
*Apr 19 04:52:16.805: ISDN BR0: TX ->  INFOc sapi = 0  tei = 94  ns = 7  nr =
12
  i = 0x0801150F
*Apr 19 04:52:16.809: CONNECT_ACK pd = 8  callref = 0x15
*Apr 19 04:52:16.813: ISDN BR0: RX   RRr sapi = 0  tei = 94  nr = 13
*Apr 19 04:52:16.840: ISDN BR0: received HOST_FACILITY_INVOKE call_id 0x8193
Facility i = 0x91A1130202410B020122300AA1053003020101820100
*Apr 19 04:52:16.844:   - ETSI Supplementary Service, Invoke, AOC-D Charging
Uni
ts: 1
*Apr 19 04:52:16.848: BRI0:1: AOC-D Recorded Units = 1
*Apr 19 04:52:16.852: BR0:1 LCP: I CONFREQ [REQsent] id 123 len 14
*Apr 19 04:52:16.852: BR0:1 LCP:AuthProto PAP (0x0304C023)
*Apr 19 04:52:16.856: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3)
*Apr 19 04:52:16.856: BR0:1 LCP: O CONFNAK [REQsent] id 123 len 9
*Apr 19 04:52:16.860: BR0:1 LCP:AuthProto CHAP (0x0305C22305)
*Apr 19 04:52:16.864: BR0:1 LCP: I CONFACK [REQsent] id 139 len 10
*Apr 19 04:52:16.864: BR0:1 LCP:MagicNumber 0x0184C7B3 (0x05060184C7B3)
*Apr 19 04:52:16.880: BR0:1 LCP: I CONFREQ [ACKrcvd] id 124 len 14
*Apr 19 04:52:16.880: BR0:1 LCP:AuthProto PAP (0x0304C023)
*Apr 19 04:52:16.884: BR0:1 LCP:MagicNumber 0x0393D0A3 (0x05060393D0A3)
*Apr 19 04:52:16.884: BR0:1 LCP: O CONFNAK [ACKrcvd] id

ISDN LINE WITH JUST IP [7:27974]

[Robert McCallum]

Hi,

How can you ensure that only IP traverses across your ISDN line when it is 
up.  Scenario is that we have to run the ISDN line most efficient as 
possible so that no matter what is configured on the router only IP can go 
across it.  I have tried a normal access list but of course for instance IPX 
would still run across the line.  I have thought about a protocol filter and 
filter on 0x0800 but of course the ISDN line has pp encapsulation on it and 
this protocol filter would only work if ti was an 802.3 frame which 
unfortunately its not.

Any help here would be very welcome

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27974&t=27974
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CBAC question [7:27751]

[Matthew Crane]

Its all about what you want CBAC to do for you. CXBAC is there to prevent
access from outside to your network, so from inside to outside so keep as
loose a possible, hence standard access lists.

For inbound access, then if you want CBAC to look at it, the inspection must
be more granular.

For the purposes of CBAC you trust whats going out so access can be a vague
as you want, but inbound you do not trust at all, BUT it just might be
valid, but you wnat to inspect and know as much about the inbound tarffic as
possible before you make a decision on letting it in.


Hunt Lee wrote:
> 
> I have read the MCNS (Cisco Press) book several times,
> expecially on Chapter
> 8, however, I'm still very confused about the following
> question:
> 
> The book states that when configuring CBAC on an external
> interface,
> 
> 1)The Outbound Access-List can be standard or extended
> 2)The Inbound Access-List MUST be extended
> 
> And when configuring CBAC on an external interface,
> 
> 1)The Inbound Access-List at the internal interface or
> Outbound
> Access-List can be either standard or extended
> 2)The Outbound Access-List at internal interface or Inbound
> Access-List
> at external interface MUST be extended.
> 
> It also states that for CBAC to create a temporary opening in an
> access-list, the access-list Must be extended?
> 
> 
> Any help is greatly appreciated.
> 
> Best Regards,
> Hunt Lee
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27973&t=27751
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP ONLY OVER ISDN [7:27972]

[Robert McCallum]

Hi,

Simple question here but how can you ensure that when an ISDN line is Up 
that no matter what is configured that ONLY IP can go across the line.

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27972&t=27972
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]